Open in app

Sign in

Write

Sign in

Real World Asset Tokenization and the KYC-Challenge

Thomas Mueller
7 min readNov 29, 2024

--

This article was originally published at Substack

Why KYC mastery is key for digital banking.

Digital assets are increasingly intertwining with real-world assets, gaining widespread acceptance among major financial institutions. This is primarily due to the streamlining of processes, especially in international payment transactions. Tokenization stands out as a key development, allowing real-world asset claims to be dematerialized and digitized, facilitating real-time exchanges through programmable platforms, known as smart contracts. This innovation has the potential to eliminate the current separation between messaging, reconciliation, and settlement.

While crypto and decentralized finance (DeFi) demonstrate the possibilities of tokenization, transferring DeFi practices and tools to traditional finance presents challenges, particularly in meeting regulatory requirements like anti-money laundering (AML) and countering the finance of terrorism (CFT). These regulatory obligations come with comprehensive identity verification requirements known as “Know Your Customer” (KYC).

KYC in traditional finance

KYC in traditional finance is based on strict regulations that are required of financial institutions as part of their mandatory customer due diligence. This essentially involves verifying the identity of their customers. If a client wants to enter a new relation with a bank, customer data is validated by the financial institution during client-onboarding. Customer due diligence is a risk based approach, that’s why the bank has to do the KYC checks regularely throughout the client relationship. Especially for FX-transactions, it gets even worse. KYC verification must not only be done by the clients bank but also by all the parties across the entire chain of correspondent banks that are part of the specific FX-transaction. A lot of information has to be exchanged in that cases. The exchange of identity data with every financial transaction creates a barrier to full automation, contributing to long settlement times as they are for instance in the FX and securities sector. Additionally, regional variations in implementing general KYC requirements add complexity to identity data transfer in cross-border financial transactions.

Customer due diligence requires that correspondent banks identify and understand their respondents’ banking customers. This process often leads to a massive exchange of documents. As a result, the KYC due diligence process is complex, costly, time-consuming and labour-intensive.

In essence, meeting the increasing KYC requirements, demands significant effort and expense for banks. The necessity for identity data verification by all institutions involved in a cross-border transaction, coupled with slightly different local regulatory requirements, poses challenges even in traditional payment transactions. This all leads to increased costs and time in cross-bank transactions.

KYC and DeFi

In the realm of DeFi, KYC-requirements is practically nonexistent except for FIAT on- and off-ramps. Since this requires a leg in the FIAT world, such on- and off-ramps could only be done by providers who are subject to compliance regulation. In the EU this is regulated by the new Markets in Cryptoassets Regulation (Micar) and the Transfer of Funds Regulation (TFR). In the case of DeFi, no regulation applies here and therefore also no further KYC regulations. DeFi has created a kind of parallel world. As long as you operate purely in this world, you don#t have to worry. However, this permissionless environment excludes DeFi from the traditional financial world. The challenge arises when attempting to apply DeFi advantages to real-world assets, requiring compliance with regulatory requirements for tokenized representations of traditional assets. If these are to be offered and traded on the secondary market, regulatory requirements must be met.

KYC in Digital Asset-based Banking

This brings us to the symbiosis of DeFi and traditional banking within the digital asset sector. The entry of new players, including exchanges, brokers, and custody providers, poses new challenges in terms of identity data and verification. As mentioned earlier, the transfer of values and information are separate in traditional financial transactions. In the banking world, this communication is solved reasonably efficiently using payment protocols. Today, payment transactions without SWIFT are unthinkable. However, new players in the digital asset sector are generally not connected to SWIFT, as this is reserved for banks. If identity data has to be exchanged, it is up to the parties involved to negotiate the procedure used for this. The potential efficiency benefits promised by digital assets are jeopardized by KYC requirements alone, hindering automation toward instant settlement. Solving the identity problem is therefore fundamental for true automation and the success of digital assets in the regulated, traditional financial sector.

The goal is to combine the transfer of value and the exchange of information within a single transaction and make KYC verifications from a regulated institution usable for other institutions to avoid redundant identity verifications.

In summary, achieving automation with tokenized real-world assets necessitates KYC automation, encompassing the automation of initial identity verification and the transferability of trustworthy identity data between participating financial service providers.

Digital Identity — Three Possible Approaches

Digital Identity is not a new concept. There are a lot of different approaches out there to digitize identity data. Challenge for Digital Asset banking is to have the identity data in a way, that

  • It could be transferred together with the asset transfer
  • It could be validated by all participating actors
  • It preserves the privacy of the identity owner

Approach 1 — Soulbound Token:

One approach is to represent identity as a non-fungible token bound to the owner’s wallet, termed “Soulbound Token” (SBT) by Vitalik Buterin. Because the Soulbound Token is tied to the users wallet, it could serve as the ultimative proof of ownership. Lets assume the governmemnt would issue an id card as SBT. The SBT sits in the users wallet and can be verified by anyone who knows the wallet address. If the wallet is also used to initate the Digital Asset transfer, ownership could easily verified by all transaction participants.

It is obvious, that this concept would lead to to privacy concerns. Especially if all the identity data is accessible via SBT that is necessary to do a KYC verification today. In that case we would have a fully transparent citizen identity. Fortunately, privacy regulation would likely allow this so that the concept could not treated as an alternative for automating the KYC layer.

Approach 2 — Blockchain-based Identity Attestation:

Using a smart contract to attest specific identity data and anchoring the attestation on a blockchain is another approach. The idea is to use a Smart Contract that allows to attest specific identity data and anchor the attestation on a blockchain. The attestation can be verified by a third party. Due to the immutable nature of the Blockchain, the data is tamper proof. If the attestation was done by a trusted party like a bank or a government, the attestation could be trusted too. The Ethereum Attestation Service (EAS) is an example for this approach used by Coinbase for its recently announced On-Chain KYC service.

Beside the pure onchain attestation, EAS provides some intersting features. A schema registration can be used to define a standard for the attested data so that it could be shared and used easily. EAS also provides the possibility to attest off-chain data. This is a prerequiste for data privacy because we already know, personal data should not be stored in a Blockchain.

A disadvantage of EAS is of course, that there is dependent on a specific technology stack, in that case Ethereum.

Approach 3 — Self-Sovereign Identity (SSI):

Self-Sovereign Identity (SSI) is a model that gives individuals full ownership and control of their digital identities without relying on a third party or a specific technology stack.

The key design elements are

  • A unique identifier, the DID (Decentralized Identifier), which clearly identifies the person. The DID alone does not contain any personal data.
  • Identity attributes in the form of verifiable credentials (VC). This can be different sets of attributes depending on the use case. For example, ID card data can be just as much a VC as a university certificate or the result of a KYC check done by a bank.

To ensure verifiability while at the same time protecting privacy, two key concepts are combined:

Verifiable credentials are issued by a trusted partner (issuer). This can be the government, the university or a regulated bank. If a third party (verifier) wishes to validate an identity, it requests “proof” from the holder. The holder does not answer this request with the VCs itself but creates a presentation of it. For example, it is possible to prove that the owner of the identity is older than 18 without transmitting the owner’s age or date of birth. If VCs are checked by the verifier, this always means that the issuer is also verified. If the issuer is trustworthy, the data can be trusted. In the banking example, a customer (holder) can prove that they have successfully completed a KYC check by a trusted party without disclosing the verified data itself. Only the presentation of the data would be transmitted and stored for a financial transaction. In the event of an investigation, e.g. by the regulator, it would be possible to trace the path back to the original data. How this works in detail is beyond the scope of this article. If you are interested, I will dedicate a separate article to this topic.

In my view, the concept of self-sovereign identity has the greatest potential to combine the interests of financial market regulation and the protection of personal data.

Conclusion

As we can see, there are many ways to automate the KYC checks required for financial transactions. Digital identities are a necessary prerequisite for this. However, digital identity is not always the same. In order to really assess whether a solution also protects privacy, it is necessary to have a very deep and comprehensive understanding of the specific implementation of the respective solution. It is to be expected that there will soon be standards for KYC based on digital identities in the EU that will make it easy for banks to use the technology. With such standards in place, customers can be confident that these digital technologies will protect their privacy.

Photo by Brett Jordan on Unsplash

Digital Identity
Tokenization
Real World Asset
Blockchain
Banking

--

--

Thomas Mueller
Thomas Mueller

Written by Thomas Mueller

203 Followers
76 Following

COO at Celsion Finance AG | Founder and CEO of evan.network | DLT & Identity Expert | Digital Finance & Tokenization | Author & Speaker (opinions are my own)

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams