Following the launch of Verafide, the UK’s first open source blockchain-based platform for verifiable credentials, TMI talks to the firm’s technical adviser about know your customer policies and other corporate uses cases.
The processes attached to client onboarding in the financial services industry are often denounced by both bank and corporate client as a major pain point. While key onboarding procedures, especially know your customer (KYC), are necessary in themselves, at a practical level they can be unreasonably repetitive and time consuming. Indeed, whether it’s because the same personal data is requested and provided multiple times, often to the same bank, or different documents are required for the same process for each bank, the efficiency of the system is justifiably called into question.
If an individual or company can securely and digitally hold and share the documents required to onboard and subsequently manage their relationships with financial institutions, the problem is largely solved. Verafide is a new open source platform based on software-as-a-service (SaaS) that claims to meet this need.
The platform enables organisations, networks and individual users to issue, hold, verify and share digital ID and credentials. By using a secure digital wallet containing trusted credentials, the company says any community, network or organisation can set up and maintain a credentials ecosystem for a multitude of quick and easy verification purposes.
An ecosystem may consist of a range of company stakeholders, including its employees, suppliers, banks and other financial institutions. It will also hold a wide range of related and verified digital artefacts that might be needed, in any combination, for a specific act of verification, such as a treasurer might need for bank onboarding. With all parties in an ecosystem able to securely share the credentials, under the strict control of the owner, the frustration created by multiple requests for the same or indeed different documents becomes a thing of the past.
In practice
There are typically three parties involved in the Verafide process, explains Anthony Culligan, Chief Engineer, SETL, and technical adviser to Verafide. In using the solution in the KYC context, the ‘issuer’ (a company) may create a signed credential stating that the ‘holder’, its Group Treasurer, is a bona fide employee authorised to act on behalf of the company. The onboarding bank, the ‘verifier’, will use this (and a range of other stored credentials provided by other issuers) as evidence of identity for its KYC procedure.
The whole process is intended to form part of an ecosystem. This is based around the W3C verifiable credentials standard for storing and presenting digital certificates. Verafide provides the mechanism for the issuing, holding, presenting and verifying of the credentials. It has made available open source and enterprise versions (with a payments tool) of its software. Because W3C is coded to enable interoperability, Culligan says other providers using a similar wallet system will be able to read the credentials produced by Verafide, and vice versa.
By offering issuers (such as banks) a suite of APIs (application programming interfaces) alongside the Verafide web developer kit, the company expects to facilitate the growth of many ecosystems, contributing to the overall reduction of ID-related pain points.
“The ecosystem is still growing; we’re at the beginning of the journey,” notes Culligan. The platform has live users, such as Pyser Testing, which has adopted the system for its proof-of-vaccination programme, but he believes that multiple use cases, where verifiable credentials are required, are likely.
To use the system for KYC, the solution first has to be accepted by banks. Culligan says UK regulations on KYC have been amended in the past year, partly in response to the pandemic, to allow digitally signed credentials to be legally acceptable as proof. In the UK at least, corporate treasurers can begin creating ID wallets for their companies, collecting credentials from issuers which can then be updated, amended and deployed as required.
Greater reach will be required for most treasurers though, and this, says Culligan, is coming. “The EU has already stated that it wants a standardised credentials system to be in place to enable the use of wallets across the region. With W3C moving ahead quickly as the de facto global standard in this space, we’re now part of a group in the US. I think it’s going to move quickly into many other areas.”
Treasurers also demand robust security where sensitive data is being stored and exchanged. SETL’s blockchain is being used to preserve wallet protection, says Culligan. SETL has good form in the financial services environment, being used, for example, for the first successful completion of a central bank digital currency (CBDC) transaction in 2020.
Access options
Verafide is accessible via a biometrically secured phone app. The app supports an online portal, which is used to monitor and manage all blockchain-secured credentials. An online issuer portal is also offered. This is used by entities within an ecosystem to set up and manage the credentials it has issued. If a bank wishes to verify a credential being offered for onboarding purposes, it can use this portal to cross-check its validity.
For onboarding clients, or for setting up a new treasury service or managing signatories, a bank that has deployed a Verafide API, can choose to present an active button on its own web banking portal. Clicking the button opens up direct communication with the applicant’s Verafide web portal and connected phone app. The bank can then list the credentials it requires from the applicant, and seek authority, via the app, for their use from the relevant individuals.
A company can issue its own credentials to the treasurer, verifying, for instance, that he or she has the appropriate level of authority to enter into certain financial contracts. Because the range of credentials likely to be used for onboarding and KYC are already stored in a company’s ecosystem, or can be easily added, the treasurer simply has to access each required document and agree to each being sent. “Nothing is forwarded without positive affirmation by the holder of those credentials,” states Culligan.
Personal proof
By providing an infrastructure that allows for commercialisation of credentials, as a credential is issued to a wallet, a payment can be attached, explains Culligan. Where the issuer is a trusted party, such as a trade association, the holder can use the credential in new ways, perhaps for proof of membership or professional qualifications. “As long as the holding of the credential is better than the existing mechanism for the holder and the issuer, there is a good way of commercialising the proposition, which will help it become ubiquitous across the industry,” he comments.
Verafide’s proposition can take away a lot of pain. It needs to build the ecosystems for the journey to begin in earnest, and treasurers will have many questions before joining the revolution. But as Culligan notes, “if money can go digital, then surely personal documentation can follow a similar path”.
