In Gartner’s recently released 2024 Market Guide for Decentralized Identity, they suggest that organizations looking to improve their compliance processes with decentralized identity technologies should adopt a skeptical stance. They say:
A significant number of vendors claim to have the functionality within their DCI solution to comply with KYC and AML regulations. DCI vendors see this as crucial for making KYC and AML compliance processes more efficient. However, Gartner’s view is that, at this time, banks cannot make a good business case for transitioning away from their traditional compliance process, regardless of its inherent challenges.
At Dock Labs, we regularly speak with organizations who are unhappy with the costs and pains associated with KYC and AML compliance. These forward-thinking organizations find that reusable identity credentials provide them with essential tools to lower the costs of verifying individuals, and improve the experience of the users onboarding to their systems. They get these benefits without increasing fraud or compliance risk while simultaneously improving their compliance with privacy requirements and reducing the cost of protecting user data.
The difference in perspective is that these innovative organizations don’t see DCI as a replacement for existing compliance processes, but as new tools that can augment what is working now. With verifiable credentials as part of their toolbox, IAM practitioners can assemble a better solution than can be obtained solely with traditional compliance processes.
For example, think about opening a savings account online. You will likely be required to follow a traditional approach to compliance which requires a number of steps to verify your identity:
- Take a picture of your national identity document and a selfie in order to validate your legal name.
- That legal name must then be checked against a watchlist of sanctioned people.
- You will then be asked to enter your mailing information, which will be validated with an address service.
- You then have to enter a phone number which will be verified by sending you a text message that you must enter into the web site.
- You will also be asked to enter an email address, which will be verified by sending you a link that you have to click on.
At this point you can finally set up your account. After recently completing this process with a family member, we were offered the opportunity to open a credit card with a partner bank. But we gave up when we found that we would need to go through the whole process again.
I wished that the savings bank would have issued us a credential that would be accepted by the partner bank showing that our legal name, tax number, mailing information, phone number, and email address had already been validated. Accepting the data through a credential would have saved us the hassle of data entry and re-validation, while also ensuring that the partner bank is only using data that has been verified by a trusted source according to the rules of their partnership agreement.
It is true that using credentials does not remove the partner bank’s duty to record their basis for trusting the information. Particularly sensitive checks, such as the watchlist check, may need to be repeated. The referring bank may also charge a fee for the use of the identity credentials that they issued. Regardless, the credential-enabled process is much less painful for everyone involved.
Even Gartner acknowledges that decentralized identity technologies can help streamline regulatory compliance. We wholeheartedly agree with the advice they give near the end of their report, when they say:
Although regulations were initially expected to erect barriers to the adoption of DCI in heavily regulated industries like financial services, new DCI use cases allow organizations to comply with them. SRM leaders should explore how DCI can enable them to comply with regulations more easily, privately, and securely than conventional means.
We at Dock Labs are happy to help organizations stay ahead of their competitors by improving their KYC and AML compliance today.