Evolution of Identity Check.

On the 10th of January European Union adopts 5AMLD - an update to the directive that should fight money laundering. Number 5 in the beginning of it's name stands for the fifth attempt on doing that. Yet according to United Nations, a sum of $800 billion - $2 trillion is laundered every year. It's 2 - 5% of the global GDP. And it's not accounting for all the companies like Google and Apple that pays little to no taxes due to loopholes in various jurisdictions. It's a mess.

One of the aspect of this directive is possible influence on cryptoexchanges like Binance which are registered in Malta. Binance, being the largest exchange that allows withdrawal of up to 2 BTC per day without you ID will have to implement KYC (Know Your Client) procedure in order to comply with this regulation. It already happened for US citizens, and now same happens for people living in Europe.

What is KYC in it's current form? Why is it needed?

Each country has it's own set of rules about how their citizens are allowed to gain, spend or transfer value. In order for a centralized entity to comply with the rules of each country, it has to check person's citizenship. Sometimes it also has to check where the funds came from. To do that, companies ask you to send them your valid ID, a selfie with your ID in hand, and a utility bill that proves your address (not older than 3 months). There are some other forms, but these are the most common.

This system if flawed on every level and is not working. What if a person doesn't pay bills? Or does not use a bank? McKinsey estimates that around 2.5 billion people do not use any form of bank and therefore are excluded from any service that requires KYC. A pack of stolen IDs can be bought on a black market for few dollars. Deepfake algorithms advanced enough not only to swap face on an ID photo, but even in a video if a service requires live conversation. A person who wants to go around KYC can easily do so.

And what about people who were "unlucky" to be born in countries under sanctions? Iranians, Russians, people from Sudan or Yemen - they are all excluded from using great number of services because of political decisions that has nothing to do with them personally. And even a regular person from a western nation can lose access to their funds just based on their political views or arbitrary decision of a KYC team member. Not to mention a human or software errors that plague finance industry.

Last but definitely not least, largest money laundry cases all have something in common: they are all executed by banks. Wachovia Bank helped to transfer $380 billion made on drug traffic. Standard Chartered Bank is responsible for $250 billion being laundered and got a fine of $1.1 billion for doing that. Not a bad deal. Recent accusations of Danske Bank estimate $229 billion been transferred and legitimized during last 11 years through their subsidiary in Estonia. List goes on. Yet it's regular people who are getting rejected, their money being frozen and who's privacy is compromised.

Speaking of privacy, I've mentioned that stolen IDs. The price is so low because it became one of the most common crime on the internet, and all because of flaws in KYC procedure. In order for a company to know their customer, they have to set up a database with images of their client's IDs. This database is a great attack point for the hacker - or the insider. For example, my personal information leaked into the internet because of the insider that stole a database from the company he worked in. Not to mention constant stream of news of data leaks from Facebook, Equifax and hundreds of other companies. If you put your ID on the internet, it has a high chance of being stolen.

At the same time many governments are doubling down on this. KYC is not going away any time soon. And it shouldn't, really. In many cases you need to be aware of who is using your services. But it has to be done with the holder of the identity in mind. Here are some properties that modern day KYC should possess.

- The system should be trustworthy. Both user and organisation has to be sure, that the information is correct. And there is no better way to do that than with blockchain.

- Data has to be encrypted in several ways. It can be done by asking questions about person's past life, with biometrics (fingerprint) and/or password. That's pretty regular stuff.

- Data should be modular. Identity holder should be able to see what data is requested of him/her and agree or disagree to give it. Preferably to give consent on each module separately.

- Data should be a subject to change. However, all the changes should be documented and accessible. The way Github records versions, for example.

- Identity holder should be informed who has access to his identity, and who and when requested the access.

- Identity should be tokenized. There is no need for a company to know exactly who this person is - sometimes it's enough to know the identification token. When a government institution request this information, a company can send the identification token down the road.

There probably can be a number of other requirements, but I'm here just to give an example.

It sounds like a distant future, but it's not. There are many projects such as Civic, KYC-Chain and SelfKey that do steps in right direction. Each of this services tries to ease the process of KYC for people and make it cost-effective for companies. However, all of them lack the ability to for a client to stay anonymous if one chooses so. And that's understandable - KYC procedure tries to do exactly the opposite. But there is hope. GDPR in Europe, AB 375 in California - these are steps to give users their privacy back. If people are willing to make themselves heard, we can insist on adopting blockchain identity with control over who, when and what can see about you. We have the technology to do it - it's the outdated rules that prevents us from implementing it.