We all know that breaking the rules is expensive, but the cost of not breaking the rules - that is of staying compliant - is expensive too, and makes the cost of doing business very high. There are a lot of inefficiencies in our current systems, from the long wait times to settle transactions in traditional finance to the inability of users to custody their own assets, there’s a lot of room for improvement and innovation that will benefit both businesses and users.
Today, we will look at the cost of staying compliant with three general principles - Know-Your-Customer (KYC), Anti-Money Laundering (AML), and Counter Terrorism Funding (CTF). We will dive into the effect these costs have on businesses, users, and innovation, and finally how Dusk Network and our bespoke KYC/AML tool Citadel can offer an easier and cheaper solution.
KYC and AML are both important requirements to prevent financial crime, including everything from identity theft and using someone else’s credentials to access services to large-scale money laundering or funding terrorism. While they are necessary requirements, the system for managing these processes are inefficient, expensive, and cumbersome.
The cost of compliance
Being compliant isn’t cheap. More and more requirements are being placed on both businesses and users to verify identities and sources of income. While for users there are concerns when it comes to uploading so much personal data - having to verify, manage, secure, and protect this data is difficult for businesses too.
This doesn’t even begin to take into account the fines, reputational hit, and potential legal action for failing to satisfy the requirements.
It is estimated that the cost for verifying a single KYC profile ranges from $13 to $130, with the cost of AML expected to rise to £30 billion ($37 billion) in the UK alone across financial institutions in 2023.
It’s not only just gathering and checking the data - organizations then spend a fortune managing and protecting that data once they’ve verified it - which is estimated to be around $88 million dollars a year just for large banks, not to mention smaller banks, streaming services, e-commerce, etc.
Another downside to this, as PwC points out in this article and Dusk Network founder Emanuele Francioni spoke about here while sharing his vision for the future of finance, is that organizations are duplicating this work. If you KYC with Bank A and Bank B, both of those banks are running exactly the same checks, verifications, man-hours, etc on you resulting in the work essentially being done twice.
This is costly and inefficient, costing big institutions a lot of money and making it near impossible for smaller ones to compete. This results in an expensive and clunky system where only the big boys with deep pockets can play, and smaller, potentially more innovative companies can’t compete.
The cost of non-compliance
While institutions are spending billions to stay on the right side of the law, fines for non-compliance also amount to billions of dollars, totaling around $5 billion dollars in 2022. While for some institutions this may be written off as “the cost of doing business”, smaller institutions are again less likely to be able to pay these fines should they end up breaking the law, causing providers of everything from banking to streaming services to become very centralized. Not to mention the reputational hit that institutions suffer and the impact this has on their bottom line.
In addition, this causes smaller organizations to become hyper-risk-averse, refusing to take on anything other than pure ‘white bread’ customers. While no one is denying that avoiding risks is a good thing, these institutions are turning away perfectly good customers whom they simply foresee having minor difficulties, or who have red flags which can include having multiple bank accounts in different countries (some of us like to travel and/or have international backgrounds!). When it comes to KYC/AML institutions understandably err on the side of caution, but this can mean rejecting perfectly good applications.
We can see how expensive it is to stay compliant with these laws and regulations, and that not staying compliant is hardly cheap either.
The cost of opportunity
There are several costs that are hard to quantify, but definitely significant. Firstly, is the lost opportunities encountered by organizations if a potential customer or client decides they don’t want to spend their time doing the KYC/AML process. Secondly, is the cost of the lost resources that could be spent on other things if they were not being spent on requesting, verifying, and storing this data. Thirdly, the cost to the economy of all those companies and financial opportunities that never even got off the ground because they looked at the compliance costs and decided not to bother.
We are all losing out here. Users run the risk of getting their data stolen and have to go through lengthy procedures to be granted access to services. Institutions could spend their resources on more interesting things, and small, innovative companies can’t even get a look in.
All in all, the current system is clunky, expensive, and inefficient, and leads to hacks, exploits, a high barrier of entry, and constricts innovation.
What if we could do better..?
The Citadel solution
Citadel is Dusk Network’s one-and-done KYC/AML solution that relieves companies of the burden of having to verify, protect, and manage so much data, and reduces the risks of hacks and data leaks by using zero-knowledge proofs (ZKPs) to radically rethink the way we store and verify data and identity.
Zero-knowledge proofs prove that a statement is true without revealing the content of the statement. For example, in this context, say you’re applying for a bank account and have over $10,000 in savings to qualify.
Using traditional methods you would need to provide statements showing you have over $10,000, and the bank would know that you have, for example, $12,500 in savings. Using ZKPs, rather than having to share all your data and give away potentially personal details, a cryptographic proof is generated to confirm that you meet the requirements. That’s all they know - that you satisfy the requirement of having a minimum of $10,000 in savings. They don’t know what you have, just that you qualify.
The solution of proving that instead of what totally changes the way we approach data and do business.
Dusk Network is developing Citadel to essentially be an identity layer that companies can tap into. Users just KYC once, and institutions are able to access this layer to verify if someone meets their criteria but never have to actually manage that data themselves.
Casting your mind back to the big, hefty numbers we were looking at earlier, imagine how different it would be if Citadel was widely adopted. All those billions of dollars going to research and development, to improving employees’ conditions, or lowering costs for customers, not to mention how many more companies could have a seat at the table.
There is practically nothing to hack as the data is encrypted with ZKPs, there’s no need to replicate the work that’s going on, and users are able to practice selective disclosure as to what information they share.
If you'd like to find out more about Citadel you can check out this post for a look under the hood and this one for an overview of how Citadel fits into Dusk Network’s focus on blockchain and regulation.