Edmund Lowell, Founder, KYC Chain Ltd, argues that the solution to Hong Kongs current know your customer (KYC) compliance woes is distributed ledger technology and customer-owned digital identity.
No one living in Hong Kong could be in any doubt that the methods currently used to gather and store identity information for the purposes of know your customer (KYC) compliance are not fit for purpose. Large financial institutions are subject to stringent KYC compliance burdens and, partly as a consequence of this, opening a bank account in Hong Kong has become very difficult for certain types of companies particularly those without a provable operating history (such as small and medium-sized enterprises (SMEs), startups, or companies set up by foreigners).
Not only has KYC in Hong Kong become difficult and bureaucratically burdensome, it also poses systemic risks for Hong Kong in particular tarnishing the HKSARs reputation as an international financial centre. Establishing a company and a bank account are the two most basic requirements for doing business, if the process takes too long, or becomes too arduous, entrepreneurs will seek easier jurisdictions. The KYC process must adapt or change, or killing your customers will become a more accurate rendition of the KYC acronym.
This problem has not gone unnoticed of course. The systemic risk to Hong Kongs status as an international hub has been recognised by regulators. The Securities and Futures Commission endeavours to be technology neutral, permitting technological solutions to KYC compliance as long as the basic rules are adhered to. Moreover, local and international corporate secretaries have also been eager for a solution since they are often on the frontline when it comes to KYC compliance. Offering incorporation and bank account introduction is a primary service offered by corporate secretaries working for corporate service providers (CSPs). Customers expect and demand a bank account set-up alongside their company set-up, but for corporate secretaries in Hong Kong opening a bank account for a client has become a much more hands-on task which can use up hundreds of sheets of paper, and sometimes results in a disappointed client who walks away without a bank account.
Why is KYC so difficult in Hong Kong?
Laws and ways of doing business are outdated
Hong Kong often still relies on wet signatures or use of the company chop as a proof of identity, despite the fact that signatures can easily be forged and company chops can be obtained easily and inexpensively at numerous shops in Hong Kong. These outdated methods are hardly at the cutting edge of KYC. As an international financial centre, Hong Kong should be moving to digital solutions. There have been some moves in that direction. The Electronic Transactions Ordinance (Cap 553) (ETO), for example, puts electronic signatures on equal footing with wet ink signatures under Hong Kong law. The ETO has not kept up with the speed of technological change, however, and e-signatures are still rarely used.
In other jurisdictions, innovative solutions have been adopted, such as the ability to do a remote notarisation, remote certification or remote signature, and have this be legally binding and acceptable as a means of doing business. In certain contexts within many developed countries and regions including Europe and the US, opening accounts via video call has become an acceptable and normal way of doing business.
Databases are siloed and data is not shared
Government databases often result in information being siloed and the restriction of the ability to share data. Bank information is seen as proprietary (even if it is information belonging to a customer such as a passport number). This trend is not unique to Hong Kong, all over the world data is often kept in a silo restricting the KYC process. If a bank doing an onboarding is able to instantly access government databases, credit bureau information, or an attestation from another bank that a customer is who they say they are then KYC would be a much more straightforward process.
Recognising the problems set out above, the financial industry and regulators globally have come up with various initiatives to improve KYC. Currently, there are many different initiatives underway in Hong Kong (some public, some not) to try to solve our KYC woes. The most obvious need is to build a technology and process to make KYC less expensive and less burdensome. Unfortunately, however, organisations have generally tried to solve this issue independently, without addressing other market participants such as corporate secretaries, who have an important role to play.
Globally, two types of solutions have emerged to solve the KYC problem. The first is to adopt a centralised solution where a third party (or government) provides all of the data from a single source and the second solution is one where a distributed architecture is adopted.
1. The traditional approach pulling data inwards
The traditional approach is to set up a centralised identity database and pull data in from various other sources, such as governments, telecommunication companies and banks.
There are several KYC utilities which follow this centralised approach, the most prominent and successful being the Aadhaar system used in India. In this system, over one billion individuals have been registered using a retinal scan as proof of identity. These identities are stored in a central database. This system is voluntary but has come under recent attack from critics because what started as voluntary has become a prerequisite for setting up a bank account or even obtaining a sim card.
There are some very obvious vulnerabilities to this solution. If all of the identity data, and the banking and finance data, gathered in a given jurisdiction is centralised within a single database held by a single private company (or even in a public/private partnership, or government organisation), a single security breach could mean that the entire dataset could be compromised.
Moreover, once data has been centralised, doubts can arise as to its source and authenticity. Furthermore this type of centralised approach represents a system which is run top-down, and this works against the global trend towards enabling self-sovereign identity the ability of individuals to own their own digital identity. You end up with a big brother identity manager which everyone must trust and which is too big to fail.
2. Distributed ledgers
There is an alternative to the centralisation of data namely, establishing distributed ledgers which are not under the control of a single entity. In order to examine whether a distributed ledger solution is right for Hong Kong, we should look at what is working (and what is not working) in other jurisdictions (see Overseas examples of centralised and decentralised databases information box on page 30).
There are several advantages to the distributed rather than the centralised approach. As set out above, this prevents a single point of failure risk, but it also preserves privacy. No personally identifiable information is ever stored on the blockchain and information can flow from the database about an individual only with consent. Adopting a distributed ledger solution in Hong Kong would enable self-sovereign digital identity on an industry-wide scale, whereas building on top of a single providers platform locks you in t
o their technology.
How would it work?
I would suggest that, as a first point of contact, a corporate secretary would upload customer information to a shared distributed database. With the consent of the customer, this information would flow from one place to another. Several banks could instantly look at a customer account and decide if it was right to do business with them, allowing for the SME to gain access to banking through a single common application. This
was implemented in the US for high school students applying to university and streamlined the application
This datastore could be assigned to a single, globally unique and persistent identifier which would be controlled through the private keys of the blockchain. Given this starting point, a person (or company) can build a rich set of identity attributes and prove them
to any company, any government, any time satisfying KYC requirements
in a digitally secure, safe, and more efficient manner.
Does Hong Kong have the ability to keep up with the pace of technology and remain globally competitive? Will Hong Kong implement a centralised or distributed KYC utility? Only time will tell.
Edmund Lowell, Founder
KYC Chain Ltd