you're reading...
Information Security, IT & TECHNOLOGY

The Case for a KYC/AML Blockchain

Jose Angel AriasEarly in my career, I had the opportunity to work with big retailers and non-profit organizations around the promised land of EDI protocol (Electronic Data Interchange, for those too young to have seen this acronym). The expectation in the industry was that, thanks to a common set of industry layouts adopted by both manufacturers and retailers, all transactions like purchase orders, confirmation of shipments, acknowledgment of receipt of merchandise, and payment of invoices, would be streamlined and automated.

When we see the outcome in retrospect, we understand that the aim for a perfect set of common layouts for flat files that would be sent from one computer to other, over dedicated communication channels, to be fed into a translator that would, eventually, create the purchase order or shipment notice in the recipient’s mainframe, required long negotiations between powerful stakeholders. As a result, new technologies totally bypassed this effort that had been running for more than 30 years, without becoming a mainstream protocol in the e-commerce era.

I mention this example of a too-late definition of standards because of recent efforts triggered by the Central Bank of Mexico to create a common database of all fund transfers in foreign currency performed by banks in the country. The aim seems to be a central repository built by all participant banks, feeding their own funds transfer transactions, to eventually allow those banks to query this database in order to understand the risk profile of any particular client that has performed funds transfers in any other bank.

This goal is ambitious and logistically complex. Being a regulator of the banking system in the country, the Central Bank of Mexico can define the rules as needed and then require all banks to comply with these definitions. But the analogy I provided in relation to EDI protocol comes immediately to mind, and I foresee the following issues:

  1. The central bank has defined a standard layout based on the data elements that would be relevant to create the initial repository for its own regulatory purposes.
  2. The banks will have to build interfaces from their existing funds transfer systems with this new platform.
  3. The central bank may require additional fields in the future; if so, all banks will have to rush to adjust their existing interface, and then run additional processes to fill the missing data in the central repository.
  4. There is no incentive for the banks to implement the required applications and infrastructure.
  5. When rules are established around types of relevant queries needed to determine a risk profile, some large banks may then identify additional information that would make sense to add to the repository, impacting all other participant banks.
  6. The storage and computing power needed to track all funds transfer transactions across the entire banking system will overwhelm the central bank’s computing capacity, leading to delays in the queries. This would eventually require more taxpayer money to buy or rent additional infrastructure.

This seems to be a perfect use case for a Know-Your-Customer (KYC)/Anti-Money Laundering (AML) blockchain project. Of course, most of you understand that blockchain technology is the foundation of bitcoin and other cryptocurrencies. Instead of focusing on the idea of actual payments made with cryptocurrencies, I’d like to highlight the fact that blockchain technology can provide the perfect tool to develop a distributed ledger of funds transfers, spread across the computing power of participant banks in the system.

Here are the incentives for all:

  1. Banks’ computing power is larger. Spreading the calculation of crypto-tokens representing the funds transfers across the system can be spread over the computing power of all banks that want to participate in the system.
  2. Crypto-tokens would be simple. We are not talking here about creating money but “crypto-tokens” that represent real funds transfer transactions occurring in the system, linked to a different type of crypto-token that represents the client performing the transactions.
  3. Banks have incentive for participation. Every time that a bank converts a funds transfer transaction into a crypto-transaction linked to a crypto-client, using its own computing power, it will receive a “crypto-token” as payment. These crypto-tokens will be the key for the banks to perform queries to the database (see below).
  4. Queries to the common database will be paid with crypto-tokens. Every time a bank wants to perform a query to determine what kind of transactions a particular client has performed in the system, it will pay using the crypto-tokens received as payment for linking crypto-transactions to crypto-clients.
  5. Bank privacy is preserved. Do I need to say more?

As regulators start creating laws to put some ground rules on the table for digital transformation, they could be participants in initiatives like the one I’m putting on the table today.

Author’s note: Jose Angel Arias has started and led several technology and business consulting companies over his 30-year career. In addition of having been an angel investor himself, as head of Grupo Consult he participated in TechBA’s business acceleration programs in Austin and Madrid. He transitioned his career to lead the Global Innovation Group in Softtek for four years. He is currently Technology Audit Director with a global financial services company. He has been a member of ISACA and a Certified Information Systems Auditor (CISA) since 2003.

Jose Angel Arias, CISA, Technology Audit Director

[ISACA Now Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 17 years' experience in ICT/Cybersecurity industry in various sectors & positions.


No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 129,870 hits


@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 17 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,720 other followers

Twitter Updates


March 2018
« Feb    
%d bloggers like this: