This Hong Kong startup thinks fintech companies need to rethink their KYC strategy

Kay Banzon
This Hong Kong startup thinks fintech companies need to rethink their KYC strategy

With the millions of underbanked and unbanked, we need to establish a better way to identify, authenticate, and engage

Fintech in Asia is a growing industry, and what’s interesting in this region is that both startups and established financial service providers are getting into high gear in building products that are aimed at empowering users into doing more with the technologies and resources at hand.

Each market has its own nuance. Those backed by a strong financial sector like Singapore and Hong Kong would focus on innovating through efficiency. Meanwhile, in Asia’s emerging markets, there is a focus on the unbanked and underbanked sectors. Those with emerging financial sectors would focus on expansion and improving access.

In addition, there are a handful of banks in the region that are now working on blockchain technologies in improving the flexibility, security, and accessibility of their services. The advantages here are clear: a decentralised and immutable ledger, along with smart contracts for automatically executing condition-based actions.

Also read: This Singapore blockchain startup wants to replace banks; has raised over US$15M in ICO to do so

To date, however, there is still a need for fintechs in the region to rethink and re-tool their KYC standards, in order to better address the needs of this ever-evolving industry and clientele. This is the main push behind SelfKey, which is launching its marketplace platform for identity management, along with it an Ethereum-based identity token, KEY.

Founded in August this year, the Hong Kong-based startup is focusing on a marketplace for identity and KYC services. The company wants to involve three main stakeholders into the equation: the user, the relying parties (banks, financial institutions, companies), and certifying authorities.

The inspiration from SelfKey actually came from some frustrations about how KYC is currently done. “Having done KYC processes many, many times, and having setup companies for people as a corporate secretary, I realised that the KYC process was annoying, and so I tried to build some technology to fix it,” shares Edmund Lowell, co-founder and CEO of KYC-Chain, which manages the SelfKey Foundation.

As with any blockchain-based technology, SelfKey works on incentivising each activity with token use and payment. For instance, for a user to register his or her identity, he will have to pay KEY tokens to the certifying authority (usually a notary or other trusted entity). It’s the same case with banks and other businesses that need to verify the user’s identity – they will need to pay tokens to access.

In all of these, users have control over their credentials, and the extent of granularity shared with the banks and other businesses. This option offers a truly decentralised approach to identification, which offers certain advantages over bank- or government-led KYC initiatives.

Why KYC?

The objective of KYC – or “know your customer” – is, of course, to ensure compliance with international anti money-laundering reporting standards. This helps financial institutions avoid being used by customers to launder money, with particular highlight on potentially criminal activity.

Therefore, banks, and other such institutions, need to verify your identity, so that it can ensure accountability in the event that there is some dirty money or “black money” involved in transactions.

Even without potentially criminal activity, the KYC process is important in ensuring compliance with a government’s internal revenue generation requirements. One purpose of money laundering is, of course, to evade or avoid tax liabilities. An adequate KYC process can help minimise this.

An evolving environment

Right now, most fintech-oriented KYC initiatives by banks are fragmented, and these might have some implication in the integrity of transactions. This is one reason for regulatory agencies to start adopting new technologies in ensuring better KYC.

For instance, recently, a consortium among Singapore’s IMDA and a number of major banks – including HSBC, Japan’s UFJ Financial Group, and OCBC Bank – is developing their regional KYC blockchain proof of concept. The KYC blockchain enables information to be recorded, accessed and shared across a distributed network among participating banks. It also ensures that information can be validated by other government agencies, tax registries, and credit bureaus through a streamlined process.

The consortium says that all validation and registration will be done with the customer’s consent.

Also read: Hong Kong fintech startup TNG raises US$115M to invest in blockchain, AI, chatbots and more

An independent, state-free option

The main concern with centralised means of keeping identity records is the security and integrity. Given the various attack vectors that can be used to access and steal such records, the use of decentralised technologies would have merit. In fact, SelfKey would be considered a self-sovereign identity platform, given that users do not rely on any government-issued identification papers to establish one’s identity.

“Take for instance the recent Equifax hack, where millions of private user records were leaked because this one company, which is a credit bureau, kept all of these information on a centralised database,” shares Lowell. “Blockchain does a great job of storing data across distributed nodes, which allows you to have distributed architecture where there is no single point of failure.”

“Thus, if you moved to a self-sovereign identity system, you could store that information on your smartphone, and you would be able to send your personal data to a company, and no one else would know its content, not even us, because the data is encrypted,” he adds.

The evolution of KYC

Aside from bank- and government-led KYC initiatives, other options for authentication and identification come from the enterprise sector. For instance, foundations like OpenID attempted a wide release and adoption in the early 2000s, and we can perhaps credit our ability to single-sign-on (SSO) across apps and networks from this foundation. However, while SSO works well with enterprise apps and social networks, identification goes beyond sign-in.

Apart from SelfKey, other stateless options include blockchain-powered startup Civic, as well as cloud-based Okta. Among these companies, the premise is usually the same, although each approaches identification quite differently.

Civic mostly focuses on the identity aspect of KYC, which means a user can establish his or her profile – complete with biometrics – and share these with other parties that may require verification. The startup is targeting usage with applications such as e-commerce, e-health, e-signatures, and even social media.

The difference with SelfKey is that Civic only works with individual users. SelfKey, as a matter of KYC, also enables corporate entities to authenticate their own identities – a fact that may be helpful for entrepreneurs wishing to register their legal entity or representation as part of business registration.

Meanwhile, Okta, which recently went public, is a secure identity management platform that enables users to maintain their identity across applications. Much like the OpenID initiative I mentioned above, this particular solution is more well-suited to enterprise and internet usage, although it could have some application in KYC management.

Can we take banks out of the equation?

To date, perhaps the most straightforward and simple way for banks to authenticate users is by asking for government IDs (such as a passport or license), and proofs of address (such as a credit card statement). In more developed economies, it could be as simple as a social security number, which is assigned at birth. Unfortunately, as fintechs and users evolve, this might not always be the most viable means to secure and acknowledge identities.

Case in point: millions of users in emerging economies are considered underbanked, and many do not have most of the formal documentation requirements. For instance, worldwide, around one-fourth of the global population of children has never been registered. In Asia, the registration prevalence ranges from 71 per cent (South Asia) to 79 per cent (East Asia and the Pacific), which makes it difficult for these individuals in future to go through the usual KYC.

Is blockchain the answer? Time will tell. But as we continue to innovate usage, utilisation, and development of blockchain tech, we will see interesting ways to leverage distributed and cryptographic ledgers in applications that will be impactful to the world’s population.

Lowell concludes, “Imagine a world wherein we can prove that we are who we say we are because of the ‘keys’ we hold, and we don’t have to share any more information than that – it makes us more impenetrable to identity theft.”

—-

Editor’s note: e27 publishes relevant guest contributions from the community. Share your honest opinions and expert knowledge by submitting your content here.

Featured Image Copyright: ra2studio / 123RF Stock Photo

The post This Hong Kong startup thinks fintech companies need to rethink their KYC strategy appeared first on e27.