New platform automates KYC checks for crypto transactions

About three years ago, Global Risk and Data Authority Limited launched a platform aimed at automating the know-your-client and anti-money laundering compliance processes for banks in Cayman, as well as onshore correspondent banks.

The platform essentially serves as a checklist for banks that want to assess the risk of a potential client.

If, for example, the client wants to open a checking account with a Cayman bank, he or she would upload their passport and other necessary documents into the platform. The platform, in turn, would make sure the documents are authentic, and then assess the risk level of the potential client.

“We can test 5,000 different types of documents with the countries that issued them,” said Bob Taylor, GRADA’s head of corporate development.

Armed with that information, the bank can then decide whether to open an account for the individual, deny the account, or conduct further research.

Now, GRADA is expanding its platform into the hedge fund industry – specifically, funds that want to accept investments in the form of cryptocurrencies.

The basics of the platform are the same, according to Taylor. If a person wants to invest in a fund, he or she would upload their documents and information about their source of funds into the platform, which assesses the information for authenticity and risk.

When it comes to crypto investors, the platform goes a step further than traditional KYC and AML analysis, Taylor said. In this case, the platform analyzes the history of the investor’s “digital wallet” – the mechanism by which crypto transactions are made.

The platform is able to do this because crypto transactions are conducted on the blockchain, a distributed online ledger that records each transaction made. Therefore, the platform can go back and look at each transaction made by a given crypto wallet to see if the holder of the wallet did business with any potentially nefarious characters, or places like Silk Road and other blacklisted “dark web” sites – websites where illegal transactions often take place.

The platform also analyzes whether the amount of funds in someone’s wallet matches that person’s profile.

If, say, a journalist has a 10-day-old wallet with millions of dollars in it, that would raise red flags on the system, Taylor said.

After the initial investment in the fund, the platform will also analyze any follow-up transactions, Taylor said.

“You’ve made investment in a fund, it’s gone up, now you want to sell it. Well now that transaction needs to be KYC’d,” he said. “Is this a legal trade? Are you selling it to someone from North Korea? Our platform does this [analysis] automatically.”

Taylor said it took two years and roughly $2 million to develop this platform. With the landscape of international relations changing every day, the platform must constantly be updated. If one country places sanctions on another, for example, the platform must be immediately updated.

“How do you handle an Indian selling something to a Pakistani?” Taylor said, giving an example of the complex issues that go into making the platform function.

Another concern GRADA had when building its platform was data security. With passport, driver’s license, and other confidential information being entrusted to it, a data breach would be catastrophic.

To mitigate this risk, Taylor said the platform uses cutting-edge technology called “distributed obfuscation” – where information is separated and stored in multiple locations.

“We don’t store any one document in any one location. We rip it up and disperse it over our server farms,” he said. “So if you stole one of our servers, you’d be getting what looks like gobbledygook.”

All this work can be a major boon for investors who want their trades to be validated instantaneously. With the values of cryptocurrencies fluctuating daily, investors do not want to wait days before a trade is vetted.

Automating the KYC processes also lessens the possibility that errors or corruption come into play, Taylor said.

“The problem with compliance is that when people get involved, mistakes or errors can be made, or there’s outright corruption,” he said. “Put it into a platform like this, and there’s no corruption.”

The human-error/corruption risk is very real. A textbook example of this is the ongoing Danske Bank scandal, where the Estonian branch of that bank has admitted that a large part of some US$235 billion that flowed through that unit between 2007 and 2015 may have been laundered. Danske chief executive Thomas Borgen has resigned due to the scandal, the bank faces hefty fines, and investigations are ongoing to look into how so many shady transactions went unchecked.

With little explicit regulations on crypto transactions, Taylor said his platform treats the digital currencies the same. KYC/AML rules apply to Bitcoin transactions that would apply to fiat money such as dollars, euros, or yen.

Some Cayman-registered entities are not adhering to that same rule of thumb, and are playing it faster and looser when it comes to crypto.

However, Taylor said that he has been told the Cayman Islands Monetary Authority is keeping track of the entities that are not adhering to strict KYC guidelines when using digital currencies. Once Cayman implements its regulations for cryptocurrencies, those entities will likely be receiving a phone call from their regulator, Taylor said.

“The thing with compliance is: If you don’t do it, you save yourself a lot of money,” Taylor added. “But if you do do it, you save yourself from potentially going to jail.”