News: Going from KYC to KYT

-A +A
This article first appeared in Personal Wealth The Edge Malaysia Weekly, on February 20 - 26, 2017.


THE problem with many financial technology (fintech) companies is that they focus on developing cool technologies rather than addressing the real pain points in the market.

Nick Armstrong, co-founder and CEO of identitii, a Sydney-based company that focuses on regulatory technology (regtech), says he was initially just like the rest. He had started a company based on the perceived slowness of SWIFT (Society for Worldwide Interbank Financial Telecommunication), only to find that the network that financial institutions use to securely transmit information and value was not the problem.

The start-up he had created was participating in Accenture’s fintech accelerator in Hong Kong. This gave him access to banks and allowed him to understand their real problems. That was when he learnt that things were not always as they appear.

From the outside looking in, it seemed that the problem was the

settlement system. “But when we got inside, we realised that the SWIFT system actually works really well. One of the banks told us that the problem was they could not send enough information through the system,” says Armstrong.

Apparently, the network does not allow the banks’ branches to transmit additional data with their payment messages. So, Armstrong and his team got down to work on the real problem.

“We were already sending information through our tokens. So we said, ‘What if we rely on SWIFT to do just the settlement and use our tokens to send the rest of the information?”

identitii had created a token comprising a string of letters and numbers with a little question mark at the front so that it is readable by a person or machine. “The great thing about the token is that it fits into any legacy payment message,” says Armstrong.

“So, if you are sending money to someone via your bank, this token can be inserted into that instruction and travel with the payment. When the recipient gets the token, he can use it to access all the information.”

What kind of information? “It can be anything from a date of birth or a link to a purchase order to an invoice or a contract. There is no limit to the amount of information that can be linked to that token,” he says.

So, this was a step up from the banks’ traditional Know Your Customer (KYC) process to what really matters — Know Your Transaction, or KYT. identitii uses blockchain technology to do this.

“We use a private distributed ledger that is very good at allowing the exchange of this information between parties that do not really trust each other, such as different banks,” says Armstrong.

He adds that it is the tokens that link up the legacy payment systems and the technology allows information exchange and sharing. “This really is the future,” he says.

Things have worked out really well for the start-up. “Everyone is a member of the SWIFT network and it is actively looking to partner fintech firms such as ours. So, that decision actually saved our company,” says Armstrong.

What problem is the company addressing exactly? It is that feeling of mistrust that has developed in the banking sector since the global financial crisis. The company is also helping banks deal with the increasingly stringent regulations to curtail money laundering, terrorism financing and transactions with sanctioned countries or individuals.

Armstrong says, “I think a number banks were fined recently for breaching anti-money laundering (AML) laws. So, this is an issue facing all banks. We believe that the issue is due to the missing critical information about payments.

“Banks end up trying to figure out what the payments are for. So, they either call up their customers, make guesses or conduct investigations … they are difficult and very time-consuming.”

Sometimes, they get it wrong and the authorities come down hard on them. A recent example is when the UK’s Financial Conduct Authority imposed a US$630 million fine on Deutsche Bank for failing to prevent US$10 billion worth of Russian money from being laundered and exposing the UK’s financial system to the risk of financial crime. The regulator said Germany’s biggest bank had missed several opportunities to clamp down on the activities of the Russian operations as a result of weak systems to detect financial crime between 2012 and 2015.

Armstrong says unless financial institutions start taking the new regulations more seriously, they are likely to be slapped with more fines by the regulators. “Because anytime there are more sanctions, there is more risk that payments will get through to the sanctioned individual or entity.

“We think that there is a shortage of qualified compliance personnel at the banks, so there should be a technology solution for this problem. We are not trying to replace people. People will always be involved in the process. What we are trying to do is reduce the risk.”

Antonio Usama DeLorenzo, identitii’s vice-president of partnerships, says another problem is the attitude at some banks. For instance, at Deutsche Bank, a senior compliance officer was quoted as saying that he had to “beg, borrow or steal” to get the adequate systems in place to meet the anti-money laundering requirements.

“So, that kind of reinforces the company’s position in the market. It is the right time and we are catering for the right audience,” he says.

DeLorenzo gives a personal example of why this technology is needed. “My middle name is Usama. When I was employed in Singapore for four months, payments due to me would either be rejected or stopped.”

Banks, he explains, send money through the channels that have the best rates, which may differ from month to month. “So, I would get my paycheque from JP Morgan in New York or Barclays in London as a correspondent, sent to my Singapore account.”

When payment is stopped, it creates what is known as an “exception queue” and the bank has to manually verify who the recipient is and what the money is for.

“It is not that I fall on any list. It is just that a part of my name has something that computers pick up on,” says DeLorenzo.

“And when the exception is flagged, someone at the payments department has to alert someone at the compliance department. Then, the payments department calls the relationship manager, who then calls the company that is paying my salary to ask, ‘Who is this?’ ‘What is this for?’ When the employer says, ‘It is okay, he is an employee’, only then does the bank let the payment go through.”

This process is extremely cumbersome and heavily driven by manual intervention such as faxes, email and telephone calls.

DeLorenzo says identitii uses blockchain technology to create a ledger of exactly happens to a transaction, that is, who touched it and what they did with it, creating hashes each time a token or payment is accessed.

“So, in my case, if someone decides to upload an employment contract for me at the sender’s bank, the document will be hashed. It will also record who it was that logged in, what machine they used with a specific address and all that,” he says.

“So it is quite a good mechanism because it is immutable. You cannot really lie to a blockchain and you cannot use it to lie. Thus, it becomes the perfect tool to record what is going on.”

He adds that identitii does not store any documents on a blockchain so it stays light and scalable. “Rather, we work with the bank to see whether it wants to use its own document stores, whether it wants them in the cloud. And the flavours of that are so many. We can do a number of options.”

This technology is at the right time and in the right place. “The regulations are only getting tighter and we think blockchain technology can save banks or financial institutions US$4.6 billion per annum, and that is just for anti-money laundering,” says Armstrong.

“That is the cost for banks to implement and run their anti-money laundering programmes. It is not the amount of money that is flowing through to nefarious activities.”

The increasingly stringent regulations have led to something known as de-risking, where banks terminate their correspondent relationships with other banks in high-risk countries, creating less opportunities for trade.

“If you are trying to open up trade, this technology becomes very relevant because it enables you to do more business and have more correspondent banking relationships. So, in effect, re-risking rather than de-risking,” says Armstrong.

Quinlan and Associates, a Hong Kong-based independent strategy consulting firm that works with the financial services industry, says in a report — From KYC to KYT: Blockchain’s emerging role in the global payments system — that banks were forecast to spend US$12 billion on anti-money laundering programmes last year. It should be noted that some US$16 billion in fines have been imposed by US regulators since 2009.

“Many institutions have responded by offboarding more risky customers as part of a general de-risking strategy, which is posing a very real risk to the workings of the global financial system,” says the report.

Data from German central bank Deutsche Bundesbank and SWIFT confirm these findings — while global correspondent banking volumes increased from mid-2011 to December 2015, the number of active correspondent banks declined over the same period. This trend is more pronounced for remitter/beneficiary banks that lack sufficient volumes to recover compliance costs, are located in risky jurisdictions, lack adequate risk assessment capabilities or offer products or services or have customers that pose a higher risk of money laundering activities.

Armstrong says re-risking, if you are able to do it in a sensible way, is beneficial to the bank and economy at large. “Unfortunately, if the banks are not going to do business in these [high-risk] economies, the underworld or money transfer operators will take over. It is a tax on poor people and just increases the cost of doing business.”

DeLorenzo agrees. “Through this transparency that we are able to create, you know who you are dealing with. You know the nitty-gritty of every transaction. So, you can make a better judgement call, which means rather than de-risk, you can actually re-risk. I think it is time to re-risk again and develop better relationships on the ground where you know you can do business, and clean business at that,” he says.

“I think most importantly, it is about helping the banks create a single source of truth around each of its transactions and we use a globally unique identifier to do so, which then creates an immutable, irrefutable, audit trail.”

But what about countries where there are data protection laws in place? He says identitii has catered for that with something called a “request” button. This means if you are dealing with a country that has data protection laws, you will be able to see that there is a document attached to the payment even if you cannot read it. If the transaction is flagged as suspicious, you can click on the button to “request” to see it. Then, it will go through the relevant channels to be able to share the document.

“It is actually a huge innovation because banks do not have the ability to see things across walls — not just across banks, but even internal walls between branches. When you sit with bankers who do this day in and day out, they get really excited that they can remain in compliance with local data protection laws,” says DeLorenzo.

“And if they are on the other end, they can see that the document is there. For most banks, that is enough. They do not have to see it. And if they do, there is a simple request button.”

identitii is part of something called the regtech revolution. “It is a new breed of fintech companies that focus on regulatory technology. They either help financial institutions comply with regulations more easily or regulators to do their job more effectively,” says Armstrong.

“It is a really exciting space, but I call it the ‘unloved child’ because no one wanted to look at it before because it was considered boring. But, in fact, this is where the real opportunity lies.”

He thinks the real problem with most fintech start-ups is that they might not be solving a real problem. “You may have an amazing technology, but it is not being applied to the real pain point in the market.”

Will identitii be arriving on our shores? “Maybank participated in that fintech lab in Hong Kong, so we have some unfinished business there. Malaysia is number one on our target list this year,” says Armstrong.