KYC-Chain: Private & Transparent System to Transact
In this missive, I will outline some disruptive technology that I’ve been working on. Since this technology encompasses several areas and is in the prototype phase, I’ll refer to it as KYC-Chain. I propose that KYC-Chain can help entrepreneurs, SME’s, larger institutions, investors, bondholders, stockholders, and financial institutions while satisfying regulators with a private but transparent system to transact important private data with greater efficiency.
Why a distributed private ledger?
A permissioned blockchain is a ledger or distributed database to which certain actors have read and write access, and control of the network is limited to certain actors. It may or may not have an inherent currency; in fact, the system as detailed below is proposed without any ‘mining.’ It deals only with the underlying technology of blockchain consensus and distributed storage, and not censorship proofing or Byzantine fault tolerance.
While blockchain technology has tremendous advantages across many industries and applications, it is not a one-size-fits-all solution. I believe any organization working with, or building on or towards a blockchain solution should be able to articulate specifically why a distributed database solution is needed. When it comes to KYC checks, such a solution is useful because:
- It is more secure: If we are going to entrust the banking system with our KYC information (which we already do), we should transfer that information as securely and privately as possible. Arguably, blockchains can (but not without effort) have better security protocols than a traditional database
- The transfer of this information should be auditable and in accordance with law. We should be able to hold actors on the network accountable (for defrauding shareholders or bondholders in a debt or equity financing situation, for example).
- It is immutable: All records cannot be changed
- It is redundant: A failure at one point does not mean a system-wide failure
- It helps to reach consensus and avoid “double identity” or “double spend:” When dealing with identity, there can be only one instance. Sharing a distributed ledger helps prevent one legal entity or individual having multiple identities.
- It allows for better integration across applications: Open-source blockchain solutions are a better platform to build on than a traditional SQL database controlled by a single company
- It is outside the complete control of any one entity: Distributed ledgers can be designed to stave off the hostile or negligent actions of a single dictator
A ledger has advantages over a traditional database, as there is redundancy, there is not “one file keeper,” and it is immutable. Finally, it is imperative that such a solution be kept open source and also outside the control of any one entity (enterprise, government or otherwise).
Now, I will begin to explain why such a system of identity should be built on/across permissioned blockchains, which are also referred to as distributed private ledger. Permissioned ledger technology systems can have dramatic effects on (1) Individual KYC of natural persons and companies; (2) implications for 2 different capital markets situation and (3) touch on shareholding in private companies on a blockchain when tied to smart contracts.
From incorporation, all the way to IPO, permissioned blockchains and specifically theKYC-Chain implementation can help businesses increase efficiency and decrease costs. Access is granted by oracles after ensuring the identity of the user. Users are both companies and natural persons who need to go through a KYC process to join.
After the user joins the private ledger of identity – we can be certain that the person or company has gone through KYC. This means that would allow for private actions unless there is a specific issue that needs auditing. KYC-Chain is equally concerned with privacy as well as transparency. Although seemingly opposite, these ends are not at odds. We can both ensure that shareholding is private, or actions of a negligent director in breach of his fiduciary duty are transparent and exposed. Shareholders, honest entrepreneurs, investors, and banks all benefit under such a system.
The system that I lay out below is not only compliant with existing laws and regulations, but also improves current systems, dramatically decreases costs, saves time and eases financing in capital markets. Comments and critique are welcome at my email. 1
KYC-Chain can be described as useful for record-keeping purposes, allowing for ownership of shares and identity, as there are two levels – individual natural person KYC, and legal entity KYC. As proven in U.S. case law, companies are people, but they are also owned by natural persons, and as ultimate beneficial ownership (UBO) information is critical to banking systems, this the primary objective of KYC-Chain: Verifying the identity of people and companies, and ensuring proper KYC onboarding and maintenance.
KYC-Chain allows for efficiency in performing and maintaining KYC checks on people and companies, as well as bringing about advantages in many different areas. In particular, advantages given to capital market trading and clearance are detailed at the end of this article.
KYC 1.0: Paper, Pens, Pain,
Currently, KYC is kept in different silos – each company maintains its own due diligence on customers. KYC, or Know Your Customer, has become a bane to regulated businesses in many industries, due to increased costs incurred from the collection and maintenance of customers’ due diligence materials. 2 Essentially, these institutions must collect (and later, if audited, prove to regulators that they have sufficiently collected) documents that show that their customers satisfy the following three criteria: Proof of identity, proof of address, and proof of wealth. 3
The exact standards for these documents are less important, and they vary slightly according to different jurisdictions. They are:
- Proof of identity: Usually, a passport or government-issued ID, which should be certified or displayed in person. (First Flag of Flag Theory: Citizenship)
- Proof of residency: Usually, a utility bill or address that clearly lists the customer’s name and is current within 60 days (Second Flag of Flag Theory: Residency)
- Proof of wealth: Letter of recommendation from a banker, accountant or lawyer who knows your financial affairs and can certify that your wealth was acquired by legitimate means. (Third Flag of Flag Theory: Banking)
For a company, the following are usually requested for KYC purposes:
- Certificate of Incorporation
- Memorandum and Articles of Association
- Directors list
- Registered Agent
- Registered Address
- Utility bill for operating address
- KYC for signatories and UBO over 10 percent and above of the registered shares
- KYC for any company that is a shareholder
Although these documents are more involved, we can perform the initial due diligence and then add the company to the blockchain in the same way. Furthermore, we can fast-track the KYC process of the natural persons who are shareholders of the entity.
Essentially, in KYC-Chain, one would need to provide this information to a trusted Oracle who permits access to the network. For such individuals, since they have joined the network, future KYC checks would not be as painful anymore. There are a number of reasons for this – the first and foremost being that we have a unified ledger to reach consensus, and the second being that such individuals will no longer have to go through the entire KYC process from step one again.
The KYC process currently involves in-person interviews, as well as collecting and analyzing paper documents. Most – though crucially, not all -of the time, certifications and notarizations must be done in person. However, new laws and technology are allowing breakthroughs in this area, such as bills SB 827 and HB 2318 passed by the U.S state of Virginia. 4
Listed below are some ways in which individual institutions can gain an advantage over their competitors when facilitating KYC onboarding within a single silo. The examples listed seek to make KYC collection easier. Try to see the difference we could gain with a network effect as we move from independent silos to a shared permissioned ledger.
KYC through API’s and Video
The following are ways in which we can use existing technology to alleviate pain and smoothen the process involved in collecting and analyzing the due diligence documents needed in most jurisdictions.
Proof of Identity: We can use different systems to satisfy this criterion. I suggest using video, as proof of identity is harder to fake when doing so than with a picture that is uploaded or scanned. We can also potentially use other systems if a higher level of authentication is needed. In the U.S., Europe, and other regions that require this, knowledge-based authentication (KBA) can be utilized to provide an additional layer of verification. However, the quickest and easiest way to get authenticated is to use a public notary.
Proof of Address: This criterion can be satisfied by the individual typing in his address, which is then cross-referenced with his utility bill. We could then cross-refer his IP address or browser heading with the stated address or utility bill. Eventually, we may be able to use a webhook or API provided by the utility company to gather the data directly. This would be particularly useful when it comes to utility bills that are issued in a foreign language, as such documents currently require a certified translation.
Most importantly, we can be assured of not only the existence of these due diligence documents but also their ongoing veracity. Currently, individuals or companies are required to submit these documents each time they open a new account, and banks and other financial institutions have no knowledge of account closures or adverse actions taken against the individual or company. However, with a blockchain, we can have a shared ledger to write and read, and financial institutions can then easily verify a client’s bankability.
KYC with Privacy and No Paper on the Horizon
What I suggest is a permissioned blockchain for KYC’ed individuals, with Oracles (or gatekeepers), who are trusted to control access to this chain. These Oracles could also be bonded for additional protection – most of these entities, such as banks and notaries, are already bonded in the jurisdiction in which they are licensed to operate.
Ultimately, what we need is a system that allows users to get KYC-verified just once, with their information being allowed to be used from incorporation all the way to IPO. As there can be efficiencies in sharing the information and reducing the number of independent KYC events – all parties save time. A key aspect of KYC-Chain is that users can easily prove they are who they say they are, but in a way that is private.
Once a natural person or company has undergone a KYC check and his identity is verified and certain, he is then added to the network. This allows us to be certain that everyone on the network has undergone the due diligence process.
One might ask: What pains are solved by this solution?
Currently, each bank has its own independent silo of customer information, and while they can refer to other databases, there is not a unified, shared ledger of identities. A shared ledger would achieve a network effect of shared information. This would not only help prevent fraud but also save a lot of time and money that is currently spent in performing KYC checks, which is a “need-to-have” rather than a benefit to the customer. We can perform automatic checks and satisfy SMART (Specific, Measurable, Achievable, Relevant, and Timebound) requirements.
I suggest using the existing process, (even 1.0 would be sufficient) and taking the record of this identity, hashing it (using a SHA256 or another well-proven encryption algorithm), and then storing this hash on a blockchain. This is a well-proven and tested method for storing documents; several companies are already doing this. However, what has not been implemented is a distributed ledger that many entities can reference. This distributed ledger would be used specifically for tracking identity and only known and publicly accountable Oracles can control access to the network. Many other chains, companies, smart contracts, etc. can reference this chain for the KYC needed for a specific situation.
As needed, it can optionally reference the first chain for information like UBO details. 5
Currently, KYC information is not easily shared between parties, and oftentimes consumers and businesses revert to unencrypted email (which is one of the least secure way to transfer sensitive information). Even a single company adopting an end-to-end encryption, hashing and watermarking system on a permissioned ledger would enjoy privacy benefits in a world that is seriously lacking such benefits.
Currently, KYC checks must be performed on companies in a capital market, and whether a company will offer debt or equity is of little consequence. In this section, I will briefly discuss two very common options for financing within capital markets: Equity financing (through the sale of shares), and debt financing (through corporate bonds). I will also lay out the advantages to be gained from blockchain technology integrated with KYC-Chain.
Equity financing in any jurisdiction requires that the offerer conduct some due diligence and perform KYC checks on the individual or company buying shares. While there are several companies that work on clearing and settlement of bonds and equity, KYC-Chain would seek to integrate as the KYC provider, first by allowing participants to easily have their KYC added to a chain, and then by allowing that chain to be referenced in the settlement. By utilizing smart contracts or even traditional legal documents, we can refer to the entity on the KYC-Chain network and have confidence that KYC checks have already been performed. We can also have further advantages and minority shareholder rights programmed into a specific company.
Debt instruments are currently very difficult to transfer. Though KYC-Chain is not specifically a solution to work on the settlement, it does facilitate identity and ownership of assets. What I propose is that a settlement system can use KYC-Chain to perform KYC checks. It can work with paper documents, as well as smart contracts as these instruments move to be on a distributed ledger, and we can be 100 percent assured that the KYC process has been performed correctly. We can also do board meetings and other resolutions on the fly, as shown below in the smart-contract-enabling aspect of the application. We can reference a KYC watermark or transfer the files in an encrypted manner without the requesting entity or the granting entity needing any knowledge of encryption keys.
Example: Exchanging KYC in bond issuance
Let’s imagine that a Citibank branch in New York City needs the KYC information on a client of HSBC Hong Kong. The two banks could come to an agreement that HSBC would be the custodian of this information, which would be shared between them instantly.
The loan origination documents could reference the file, where it was stored, when it was verified, and even who at Citibank had performed the KYC check. As the company has one set of information shared between banks, we would update the specific KYC block to reference a loan.
In some instances, Citibank may be required by regulators to maintain their own KYC information on a client. We would, therefore, need to transfer the actual KYC documents (such as articles of association, certificate of incumbency), rather than a reference to a watermark (the indisputable reference to a hashed file in a private database off-chain). Citibank would make a request to the HSBC system for the files. They would also send their public key with the request, so the files can be signed and posted to Citibank in an encrypted fashion, which makes the process safer. (This is also done with PGP mail.) This is the current proof-of-concept-stage solution, where when moving into commercialization, we can utilize distributed file storage and smart(er) contracts to gain additional time and cost advantages.
Our KYC system can be repurposed in later versions to also act as a credit system to access risk, and assign to it not just on the company level, but also to bad actors (specifically, the directors and management, and not the shareholders in the company – I certainly do not advocate a situation in which shareholders assume any type of liability beyond their contributed capital).
A skeptic may ask: “Okay, so you are storing ID’s on the blockchain. So what? There are startups already working on this!
The differentiating value here is that we are doing it: (1) specifically for companies, (2) In accordance with existing KYC laws and regulations, and (3) In a way that enables debt and equity financing in capital markets at any point from incorporation to IPO with more confidence.
We could take it a step further and examine other documents, but those will provide quite enough meat to chew on. Certain aspects of the shareholder’s agreement would be highly relevant. If there is a pre-emption right or a drag-along right, then the system would ideally identify these and pre-empt other shareholders with a notice of sale/financing, therefore enabling faster and more compliant fundraising rounds.
There are many different legal implications that can be simplified when you can have board meetings, perform corporate governance functions and facilitate the sale of stock or bond without the need for paper documents.
Although the greatest benefit would be bought about by a consortium of banks simultaneously adopting this technology, it is possible for a single company or country operating independently to also benefit from this technology. Several already do. Singapore is a leading innovator in the online identity space and has provided Singpass with this capability for several years. When I was in Singapore building Ring.MD – I was on a Singpass and received an entrepass to be able to manage my company online. Singapore makes it so easy to pay taxes, and maintain a company, and ensure shareholder rights – it has become the default jurisdiction of choice to form a company in SE Asia.
Smart Contracts & Corporate Governance
We will soon have companies that will have the entirety of their legal documents stored on a blockchain, available to be used from incorporation all the way to IPO.
In the example below, we can see that a company, NewCo, has stored information about the founding of the company, and the owner has the ability to upload his KYC documents. We can implement this system on top of legacy KYC systems, as long as an Oracle is keeping the file in a database off the chain.
Once a user has access to the KYC chain, he can associate his public key with ownership representation (in contracts) and actions (such as signing off a board meeting) with a private key.
Depending on the specific instance and what is needed by stakeholders, the exact determination of public and private data can be determined. The data structures should as much as possible mimic existing public and private information. We already know which jurisdictions require directors to be public, and which are private (see Incorporations.IO for specific requirements). Thus, we can model our blockchain after the laws in a given country or region.
KYC-Chain attributes share ownership via public and private keys to a specific person. Currently, there are myriad issues associated with the control and ownership of a company. Because of this, complex strategies need to be created to issue bonds in private markets, advanced lawyering such as dead hand proxy puts. A “dead hand” feature provides that any director elected as a result of an actual or threatened proxy contest will be considered a non-continuing director for purposes of the proxy put.
The concept of control of a legal entity is better driven programmatically, rather than from a legal contract. I also suggest that we can accomplish this using a smart contract editor, which immediately stores the real legal document, as we gradually move towards having smart contracts instead to facilitate the legal documents. Controlling a company through public and private keys makes sense. As the shares of the company are put on the blockchain, KYC-Chain can accelerate the process of issuing financing to borrowers, provide assurances to lenders, speed up KYC processes, and reduce the probability of a default.
Example: Exchange of KYC for Financing for Equity
NewCO Inc. wants to borrow in the form of sale of stock on the capital market. Citibank first needs the KYC information of the individual Tom Jones.
STEP 1: Personal KYC
Tom Jones goes through KYC with Citibank.
- Proof_of_Citizenship: U.S. Passport 48989543
- Proof_of_Residency: 123 Fake Street
- Proof_Wealth: Customer at Citibank New York for past three years
STEP 2: Company KYC
Tom also controls the private keys to the shares in NewCo, with private key 5624bea93524050300a4bf83, so he authorizes Citibank to view the KYC. 6
He shares the following information about NewCo:
- Jurisdiction: Delaware
- Company Name: NewCo Inc.
- Company Type: Delaware Corporation
- Company Registration Number: 901239123
- Registered Address: 123 Fake Street, Wilmington DE 09893
We can easily show this as a string: US_DE_Inc_901239123.
Citibank can also receive the physical files as needed from Tom.
STEP 3: Documents signed and financing approved
Using a smart contract editor, Tom, or his lawyer, is able to quickly append to the document the pertinent information for identifying the company and parties.
Tom performs a board resolution to quickly process the additional extra forms. The forms are signed by Tom’s private key, sent to Citibank, and a watermark is recorded to the blockchain.
The actual hashing of the documents and the implementation are things that are better discussed in private. Hopefully, however, it is clear that KYC needs to be done at both the individual and the company level. This is currently a painful process, and it is KYC-Chain’s goal to alleviate some of that pain.
Thanks to Tim Swanson, Chris Kirkland, Vincent Le and others, including my smart developers, whom I’d prefer not to name publicly, for reading this.
This requirement must be adhered to; failure to do so will result in significant legal and financial consequences for the regulated company. ↩
In some jurisdictions, regulated businesses must perform enhanced due diligence (EDD), which is a more detailed standard required for larger customers and transactions. As such, when building any KYC system, we must also consider EDD. The USA PATRIOT Act dictates that institutions “shall establish appropriate, specific, and, where necessary, enhanced, due diligence policies, procedures, and controls that are reasonably designed to detect and report instances of money laundering through those accounts.” It should be SMART (Specific, Measurable, Achievable, Relevant, and Timebound), as well as scalable and proportionate to the risk and resources. Any system must be built with these in mind. ↩
Bills SB 827 and HB 2318 came into effect July 1, 2012. The new law, VOC § 47.1-2, allows for notaries in Virginia to perform remote notarization, which is a major breakthrough. What is even more interesting about the implications of this law is that the signer may be located anywhere in the world. Currently, several companies around the world are taking advantage of this law to perform remote notarization. For example, see the constitutional protections of civil codes such as CA Civil Code 1189 2(b): “Any certificate of acknowledgment taken in another place shall be sufficient in this state if it is taken in accordance with the laws of the place where the acknowledgment is made.” ↩
UBO details can be stored by the Oracle. This is how the current system works, and is in accordance with the law. For instance, a company incorporated in the British Virgin Islands has UBO information on file with the registered agent who formed the company as well as with the banks individually. However, the BVI government does not know who in particular is the owner of a given company but can perform an audit at any time and the registered agent must provide the relevant documents which must be certified. ↩
In this example, NewCo Inc. uses registration number US_DE901239123, which has the country code as an append. This means that there will never be a conflict of public keys of a company if we use the country code and country incorporation number. Note: Because the country code allows for us to distinguish between companies, in the rare event of an overlap in numbers, the country code will solve the issue. I realize that cryptographic public keys are longer strings than the example listed above, but that’s not the point – the point is that we can have an identifying public key in the same manner as that currently used in the real (non-blockchain) world. ↩