Could Blockchain be the new dawn for AML?
Expert Guest Post by Ian Gauci, Founder at GTG Advocates.
What is Blockchain?
The terminology around the whole phenomenon of blockchain technology is still heavily in flux. Indeed, it is sometimes also referred to as “shared ledger technology” (SLT) or a “distributed database”. Prior to the enactment of the Arizona Bill HB2417, “Blockchain” had no official definition. The term was defined in the Bill as follows:
“Blockchain Technology” means Distributed Ledger Technology (DLT) that uses a distributed, decentralized, shared and replicated ledger, which may be public or private, permissioned or permission-less, or driven by tokenized crypto economics or token-less. The data on the ledger is protected with cryptography, is immutable and auditable and provides an uncensored truth.”
A blockchain is operated by parties referred to as “miners” and other times “nodes” or “validators.” The nodes might be “partial” (as opposed to “full function”) and some of the miners might be in a “mining pool”.
The essential characteristics of the blockchain are the distribution of ledger copies and the independently verified consensus process that is used to validate any changes. It also streamlines transactions by removing third-party middlemen. Other important facets are immutability and transparency of the ledger, which is vital to the existence of trust among parties. As most ledger protocols currently function, no single party can unilaterally override a transaction added to the ledger. Advanced cryptography ensures that altering the ledger comes with high computational costs, thus ensuring immutability. Moreover, by requiring consensus among participants who can view what the ledger currently recognises as true, any attempts to falsify a ledger should fail.
Blockchain as a foundational technology and owing to its generative qualities will create new value propositions, value chains and also new services. It will not only impact Banking and Finance but the effects of disintermediation and decentralisation (which are concatenated but distinct), will cut across a plethora of sectors and affect the social fabric of our community.
Blockchain’s Impact on AML
Undoubtedly Blockchain will also affect Anti-Money Laundering policy (AML). When speaking of blockchain, it is important to consider the difference between “public blockchains” (also called permissionless or open blockchains) and “private blockchains” (also known as permissioned or closed blockchains). There are also “restricted” and “unrestricted” DLTs. All of these have different applications, permissions and effects which is particularly relevant for AML purposes.
Rising globalisation and the increase in financial transactions and digitalisation has already proven an arduous task for AML compliance. Now, if you add the decentralised element, disintermediation, as well as encryption and anonymity, existing and static AML would struggle to cope. The scepticism surrounding the mainstream use of cryptocurrencies and, by extension, the blockchain, can likely be blamed on the high percentage of illegal activity that takes place online.
One of the primary risks noted by the authorities and regulators around the globe is the pseudo-anonymous nature of cryptocurrency and the use of mixers/tumblers (even though the latter are pretty centralised since currently there are only a handful of providers). When using a cryptocurrency mixer, a user sends their cryptocurrency to a mixer’s address, where the coins are then mixed in with transactions of other people or distributed among hundreds of thousands of wallets that belong to a mixer, so as to obscure the trail back to the fund’s original source.
Cryptocurrency however accounts for the identity of its users both at the beginning and at the end of transactions through digital wallets where tokens are stored, instead of bank accounts. The owner can send and accept tokens from one wallet to another by providing the identification code of their wallet. The code itself acts as a key, eliminating the need for names or other types of identification.
So, while the transaction itself is seemingly anonymous, in most countries today you need to undergo the Know-Your-Client (KYC) process in order to open a new digital wallet. By way of an example, Coinbase’s legal disclaimer notes that it may check account information associated with your linked bank account among other possible background checks, and the 2017 Global Cryptocurrency Benchmarking Study asserts that all wallets converting national currency (fiat) to cryptocurrency perform such checks. So, by owning a digital wallet, even without necessarily using it, anonymity is compromised. To a certain extent, identifying the parties in a transaction and information, a record of the transaction, and even enforcement, can exist in the cryptocurrency system. It’s all a matter of adjusting perspective.
Nevertheless, in some places, you can still open a digital wallet without going through a proper identification process, which may allow “dirty money” into the system. “Dirty money” and other issues like “coin-join” and “smurfing”, make it difficult to attribute a financial transaction to a specific legal entity, presenting a problem still in need of a solution.
Regulators view the digital token transfer method as a “black box”, low in accountability and virtually impossible to subject to existing AML and anti-terror financing regulations. However, inflexibility may be clouding judgment: built-in features of Blockchain technology have the potential to improve, not harm AML efforts, even surpassing mechanisms already in place today.
Blockchain Incorporation within AML Procedures
The technology, by its very nature, lends itself to integrated decentralised monitoring efforts of financial transactions. An anti-money laundering system built on the blockchain (this needs to be permissioned) can leverage the cryptographically secure, decentralised and immutable nature of the technology to identify and stop suspicious transactions effectively. A distributed blockchain-based system using ‘smart-contracts’ with inbuilt algorithms, will allow financial institutions to securely parse data through an AML engine on the blockchain, with the automation providing high efficiency and ensuring minimum friction.
Each financial institution in this system would serve as a node within the private permissioned blockchain network and would use the network directory and smart contracts to record transactions on the blockchain. Since relevant information would be stored on the blockchain and be made available to each node, suspicious activity can be detected and highlighted to all related participants. Participating financial institutions would thus be able to instantly alert each other about any potentially fraudulent transactions and flag them for further investigation.
A blockchain-based AML platform would make it possible for the responsible authorities to monitor complex transactions in an automated and effective manner, as well as immutable record audit trails of suspicious transactions across the system. The design of the blockchain can ensure compliance with data sovereignty laws while complementing existing legacy AML solutions, enhancing their effectiveness by adding an additional layer of scrutiny and visibility.
Another advantage that blockchain technology could present is a dramatic change in the KYC process when onboarding new clients. The current onboarding process to set up a bank account is a lengthy process, involving a lot of paperwork. One of the primary reasons for this is security against fraud and money laundering. This, however, tends to result in frustration on the part of clients, as the process is somewhat inconveniencing. The bank on its end needs to go through the cumbersome process of ensuring all details are correct while being held responsible for identifying any potential security risks.
There are two different cases through which this KYC process can be adopted. The first would be a shared setup, whereby a central entity such as the Government or any authorised entity, would take care of storing all the details, and other entities such as banks can plug into this system in order to access those details. If this option is unavailable, another possibility would be for the bank to create an internal KYC tool.
The element of trust is key in this process and setup, and it manifests itself in two forms:
- Self-Sovereign Identity – Individuals have the power to take full ownership of information on their identity. Custodians are required to provide and verify identity attributes, but ultimately the individual retains control. The system should run on user-permissioned data models in which consent is essential.
- Distributed Trust Model – Since the identity is decentralised, it’s imperative to establish trust between all parties involved, as well as agree upon a set of attributes used to authenticate, verify and authorise individuals.
The DLT is still in its early days, and cases exploring the potential of blockchain are isolated and limited. However, to truly realise their potential, implementations of blockchain-based solutions for AML need to be integrated into the core IT landscape within each participating institution. Leveraging a blockchain platform for AML nationwide or across a geographical region will give regulators, auditors and other stakeholders an effective and powerful set of tools to monitor complex transactions and immutable record the audit trail of suspicious transactions across the system. However, this will need cross-industry participation and require buy-in from leaders across regulatory authorities as well as the participating banks and other financial institutions. Either way, it’s only a matter of time before financial institutions and regulators adopt distributed ledger technology to connect, gain visibility and collaboratively prevent money laundering.
This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright © 2018 GTG Advocates.