A security and privacy focused KYC data sharing platform

Abstract

Banks in Europe must comply with new EU regulation and legislation. Recent legislation has focused on personal data, Know Your Customer (KYC), and anti-money laundering. As a result, the cost of KYC compliance is higher than ever, requiring time consuming work by both the banks and their customers in the form of document collection and verification. In this paper we detail a system designed to ease the burden of compliance for banks within the EU and save their customers time through the secure and permissioned sharing of digital KYC data. In order to share data, banks need a secure system capable of protecting the privacy of both them and their clients. We detail a system which uses blockchain technology and various privacy and security enhancing techniques to provide banks with a fast and secure way to share documents required for know your customer compliance. The system was built to be aligned with the GDPR, meaning each participating bank must have explicit permission for a customer to access one or more of their documents. These permissions are stored on a private blockchain shared by the banks. Moreover, we detail methods to anonymise on-chain data where necessary. The use of a private blockchain to achieve consensus on the veracity of customer-granted permissions to data enables participating banks to trust one another as each permission and request is observed, agreed upon, and stored on-chain. To the best of our knowledge we propose the first data sharing system under which there is no outsourcing of data storage. This allows the banks to retain full control of storage security and encryption.