Blockchain
could be the answer to increasingly tough anti-money laundering (AML) statutes
and enterprise fraud management (EFM) requirements looming for the financial
services industry.
In
a report released this week by Forrester Research, blockchain's distributed
ledger technology – because it is both secure and immutable – is ideal for
meeting new government requirements and serving as a trusted repository for
identification purposes.
"This
makes it a trusted repository for providing device ID, known fraudster,
transaction and other blacklists used in AML and EFM," Forrester said in
the report. "Updating these repositories will no longer be the privilege
of AML and EFM vendors only. In addition to these existing vendors, new
identity coin and social identity verification vendors and [financial
institutions] themselves will be able to update crucial blacklists."
Governments
are also considering using blockchain networks to secure sensitive data, but
none as of yet have, according to Martha Bennett, a principal analyst at
Forrester Research and co-author of the report.
This
year, several new regulations will toughen requirements on financial services
to ensure customer privacy and secure online and mobile payments. The new laws
include the Revised Payment Service Directive (PSD2) and the General Data
Protection Regulation (GDPR). Additionally, the Fifth European Union Anti-Money
Laundering Directive (5AMLD), which is currently being negotiated, will likely
increase oversight of virtual currencies, prepaid cards, information sharing
and enhanced customer due diligence.
Starting
in May, GDPR will force European banks to rethink how they store, manage, use
and disseminate personally identifiable information, according to the report.
"If
they wish to partake in blockchain-based AML and EFM device, whitelist, and
transactional data sharing, [financial institutions] must adapt their privacy
policies and tools to be able to cope with this requirement," Forrester
said.
The
research firm expects that privacy regulations and disclosures will have to
cover blockchain-stored data assets as well.
"GDPR
is one key requirement for handling [personally identifiable information] data
securely," Andras Cser, a Forrester principal analyst and co-author of the
report, said in via email. "Encryption algorithm standardization and
strength testing (FIPS, etc.) are also key steps here."
Last
year, the cost of retail fraud — everything from fraudulent transactions to
fraudulent returns — amounted to 1.9% of revenue, up from 1.47% in 2016. With
Forrester's estimate of $3.56 trillion in U.S. retail sales in 2017, fraud will
cost U.S. merchants almost $68 billion. On top of that, the cost of detecting
and preventing money laundering is steep, as are the fines for businesses that
fail to do so.
In
2018, for example, Dutch Rabobank was fined $369 million by authorities for
handling illicit funds. And last fall, a data breach at consumer credit
reporting agency Equifax, resulted in 143 million records being stolen.
Widespread
availability of sensitive consumer information on the darknet and synthetic
identity fraud – where criminals use stolen data combined with fake information
to create credit and bank accounts – has proven traditional know-your-customer
verification and knowledge-based authentication is unreliable.
AML
and EFM are harder than ever to enforce and need to rely on the most diverse
data possible, Forrester said, adding that "verifying identities before
allowing them to transact helps avoid fraud losses in a complex payment
ecosystem."
That's
where blockchain can be useful.
Because
it is an immutable, auditable electronic record, blockchain ensures that
transaction records contain artifacts and identifiers of previous transactions.
"This allows authorized investigators to backtrack transactions on the
blockchain more easily than with current AML and EFM systems," Forrester
said.
Blockchain
implementations will challenge the monopoly of legacy identity verifiers –
credit bureaus such as Equifax, Experian, RELX, and TransUnion, as well as
watch list providers such as Dow Jones and World-Check – by providing auditable
data for anti-money laundering.
Blockchain
implementations for AML and EFM aren't expected to begin surfacing for another
year to two in North America and for two to three years in other geographies,
according to Cser.
Initially,
enterprise blockchain networks will likely co-exist alongside more traditional
AML and EFM tools, "at least Initially," Cser said.
"The
biggest issue is creating the regulatory, privacy and legal framework for
[blockchain's] adoption in EFM and AML," Cser said.
Forrester
expects that existing and new data provider vendors, as well as banks and
financial institutions, will be able to contribute to distributed and
controlled blacklists/whitelists and privacy-controlled transaction repository
blockchains.
And,
because blockchain is built on open-source software such as Ethereum,
MultiChain, OpenChain and other iternations, it is less expensive to acquire a
platform, while anyone can also view, audit and fix security flaws in
blockchain implementations.
Requirements
for enterprise fraud management and anti-money laundering are similar in that
it's "all about looking for patterns, identifying known bad players, and
performing investigations.
"The
main difference is that, while AML has traditionally been batch-based and
reactive, EFM in the past five years has largely turned proactive," the
Forrester report said. "Using real-time data in EFM is now a standard and
critical requirement. EFM will use blockchain in risk-based authentication and
account takeover detection as well as in back-end transaction (payment)
monitoring."