“We are all now connected by the Internet, like neurons in a giant brain.”
– Stephen Hawking, in an interview with USA Today. –
What is modern-day privacy? With the extent of information sharing and connectivity prevalent today, the definition of what needs to be protected, at what level and from whom, seems elusive. For financial institutions, privacy compliance is the Gramm-Leach-Bliley Act and its implementing Regulation P, which require financial institutions to provide notice to customers about their privacy policies and practices; describe the conditions under which they may disclose nonpublic personal information about consumers to non-affiliated third parties; and, provide a method for consumers to prevent a financial institution from disclosing the information to most non-affiliated third parties by exercising the right to “opt out” of the disclosure.
So the concerns for compliance are two-fold: protecting customers’ personally identifiable information (PII) and knowing what can be shared with whom. There’s plenty of automation and many workflow tools that can help make the process efficient – but for the most part, it remains “clunky.” Customers provide blanket approval, and documents are shared in an all-or-nothing format.
We Can Do Better
Let’s challenge this status quo. What if information could be shared at an elemental level, and the authority to share the information remained with the individual? Imagine a world where you, the individual, had absolute control over exactly how much of your identity others were able to see. Consider a bank needing to verify that a borrower has an income of at least $X, or a rental car company or a grocery store needing to verify that you meet a minimum age requirement. In each of these cases, individuals could provide these institutions access to verify these minimum requirements without also revealing the exact income or the exact age/birth date.
This concept is known as zero knowledge proofs – a method by which someone from whom information is being requested can link back to a verifying person or institution, without conveying any additional information outside of what they’re being asked.
Blockchain promises to deliver on this granular, self-sovereign, verifiable digital identity. A study by Doug Galen of the Stanford Graduate School of Business says the promise of blockchain is based on four attributes: its ability to enable transparency of data, ensure that data is tamper-proof, mitigate counterparty risk in transactions, and create and manage digital identities. While most organizations have historically created centralized applications and systems, blockchain, by contrast, “is a protocol of trust.”
The Permissioned vs. Public Blockchain Debate
Security, however, is a polarizing attribute when it comes to the decision on the type of blockchain best suited for digital identities. On one hand, you have stalwarts like the Sovrin Foundation that are building a permissioned blockchain (all members verified by a central authority, in this case Sovrin) called the Sovrin Network to enable anyone to globally exchange pre-verified data with any entity also on the network. Businesses or government organizations that verify consumer identities and their private data would be known as “trust anchors” on the network. These trust anchors could also delete and reissue user authority.
On the other hand, you have proponents of public blockchains or distributed ledger technology. Instead of data proliferation, there is transfer and/or access granted to an encrypted and immutable record. The public-private architecture creates counterfeit-proof information that we (individuals) can grant temporary permission to others to access. This ledger also provides a secure chain-of-custody for the transfer of any digital asset to authenticated users, for complete traceability.
So instead of having to repeatedly enter identifying information across enterprises (or hoping that they are part of the same permissioned blockchain network), individuals can easily grant access to the needed element of information. Owning your data to this extent also creates the opportunity to monetize this data. Why not charge third parties for access to your lifestyle?
Permissioned blockchain believers are of the opinion that, being centrally managed, they can combat cybersecurity risks and protect consumers’ financial information – and the integrity of the global financial system – in a more holistic fashion than distributed ledger technology. Permissioned blockchains, however, can be restrictive because the central authority has control over who can join.
Regardless of the implementation methodology, blockchain could underpin a new trust economy, one constructed of person-to-person (P2P) transactions that are dependent on each transacting party’s reputation and digital identity, with minimal (if any) dependency on more traditional methods like a credit score.
The Impact on Financial Services
Now, how could this affect mortgages and lending? Broadly, the mortgage lifecycle could be made much more efficient and people-friendly with the use of smart contracts. Specific to privacy and compliance, blockchain would revolutionize how we look at these concepts. It would no longer be a generic, blanketed, paper-intensive, convoluted process. The onus of maintaining PII in a safe and secure fashion would no longer be on financial institutions. Specific elements of data could be retrieved in real-time as needed.
Imagine the originations lifecycle: You wouldn’t need to share copies of W2, income statements, etc. across loan processors, underwriters and auditors. Borrowers wouldn’t have to upload multiple copies of the same data at different points of the mortgage lifecycle. The myriad of identity authentication documents could be combined as a single blockchain identity, with elements exposed as needed. Borrowers could specify (and potentially monetize) the aspects of their data that they wouldn’t mind sharing with third parties.
Many components of this are already in place across the world. An example is the decentralized data storage and mesh network of devices laying the foundation for a borderless, digital society in Estonia. Dubai, which recently appointed a minister-in-charge of artificial intelligence, is planning yet another transformation: to become the world’s first blockchain-powered government. By 2020, the Emirates want all visa applications, bill payments and license renewals, which account for over 100 million documents each year, to be transacted digitally using blockchain.
Banks with the vision and courage to enter this new territory could rapidly build a strong brand position as game changers. The possibilities are endless: Consumers are demanding, compliance and privacy requirements increasingly stringent, institutions desperate for differentiators, and blockchain could be the panacea.