Revolutionizing the KYC process

December 2018

CES 2019 | enterprisegreece

2Confidential copy

Vitalii Demianets - Lead Arch. & co-founder Lead developer KnC Group since inception of the

company (funded by Accel Partners) 15+ yrs experience enterprise development MSc in Applied Physics (Moscow Institute of

Physics and Technology)

Astyanax Kanakakis – CEO & co-founder 13+ yrs in McKinsey, most recently as Associate

Partner, BCG, Lehman Brothers 1 BSc and 2 MSc in Computing (UCL, Imperial

College, LSE) and MBA (Wharton)

Jan Belfrage Ex-Head of Nordics for Citibank and Credit

Agricole Previously Board Member at SEK AB Treasurer at SKF and founder of the Treasurer’s

Association in Sweden

Aris Xenofontos Co-founder of Thomson Reuters OrgID Ex-Principal in Santander Innoventures Principal in Seaya Ventures

Founding team

Advisory Board

3 PhDs in Computer Science More than 40 years of experience

developing banking IT systems

George Papamarkos – Sr. Software Engineer Led software teams specializing in large distributed

systems for Piraeus Bank (Greece) PhD in Computer Science

Nikos Patsiogiannis – COO 8 years in PwC in KYC advisory (4 in Dubai) Compliance officer in ING MA and BSc in Economics

Neil Smith-Willis – CPO More than 10 years in Systems Development in RBS,

Thomson Reuters, etc. LLB and MBA

Senior Management

Engineering & Business team Implementation team with experience in KPMG and SAP HQ in Stockholm, Dev Hub in Athens and MENA HQ in

Dubai

Ian Norville – Head of MENA 4 years as Enterprise Account Manager in Microsoft

New York; 4 years BD experience in Dubai BA and MBA (Wharton)

Leonidas Stavropoulos – Head of Delivery 10 years of international IT management consulting and

project management experience BSc, MSC and MBA

The norbloc team

3Confidential copy

At norbloc, we are focusing on what is probably the most inefficient aspect of financial services; KYC compliance

The KYC expenditure across jurisdictions is largely on time spend by personnel, especially on the frontline

Aside from the monetary burden on banks, there is considerable frustration and time expenditure on the customer side

A large component on KYC costs are on actions already performed by other financial institutions

Preliminary outside-in analyses

Note: Our research incorprorated feedback from more than 40 interviews with Bank, Regulator, Obliged Entity and Corporate Treasury personnel. Full list of assumptions per market available on request

262335

812

80140

452

0

100

200

300

400

500

600

700

800

900

Sweden Belgium UAE

KYC cost, excl. physical document handling, EUR mn

KYC cost Duplication element

31% 42% 56%

% Duplication cost as share of total

SOURCE: b-hive, Belfius AR 2016, KBC AR 2016, BNP Paribas Fortis AR 2016, Febelfin, Swedbank Corporate Compliance department; : UAE statistics; UAE Bank ARs 2016; Swedbank, Nordea, Handelsbanken, SEB 2016 AR; Bank Officer interviews; Thomson Reuters 2016 KYC survey; SCB data;

4Confidential copy

Revolutionizing KYC at its core, one has to fundamentally change ease of compliance but also tangible value for the process

Value creation

• Currently, KYC compliance is seen as a pure cost center and a hindrance to revenue generating discussions at the frontline

• Once obliged entities can work in concert on KYC validation, the review process can be offered as a service between them, turning a cost center into a revenue center

Ease of compliance

• The process has to be fully digitized to fully allow:• API connectivity to public sources of data, e.g. Corporate

registries• Use of electronic ID platforms for authentication and

signature of all involved parties• Seamless employment of screening tools for documentation,

e.g. Passports, and PEP/Sanction lists• Additionally, customers must be able to create one KYC file

towards all obliged entities...• ... And obliged entities to work in concert in reviewing and

updating those files

5Confidential copy

The norbloc platform

Customers can onboard any other institution using their validated KYC file; if any updates are required, then these are propagated to all parties with access to that data

Institutions receiving an already validated file can see which bank did the validation and minimize their workload; the validating bank can elect to receive a fee for its effort

Customer uses electronic ID login and APIs to public sources to create his KYC file and share it with financial institutions

Bank officers review the KYC file using automated public data checks; once validated by the bank, the KYC file of the customer is placed on a shared blockchain-based ecosystem

6Confidential copy

Fides platform employs extensive revolutionary proprietary IP

DRILL (data redundancy in legal limitations)

nams(norbloc access mgmt system)

• We have developed an abstraction layer to allow synchronization of segments of very large datasets (>50TBs) in a highly efficient manner

• Additionally, we facilitate that synchronization across all major types of databases that different institutions may be using

• Encryption is at the core of Fides; yet it should be employed without limiting usability of the system

• We have developed a highly elaborate key management mechanism employing 3 layers of encryption as well as a split-seed design to prevent data access even in cases where all parties, excluding the customer, in the platform are rogue

Blockchain architecture

• Employing blockchain technology in storing and exchanging highly sensitive and GDPR relevant data presented several challenges

• The norbloc team designed an architecture where the blockchain does not store data but it controls all access to it and retains an audit log

• Additionally, we have implemented a novel messaging system for customer data updates

• It is blockchain agnostic and could be compatible with all major blockchain protocols (Fabric, R3 Corda, Ethereum, etc.)

7Confidential copy

Fides employs a design offering legal compliance and high levels of redundancy by utilizing cutting-edge technologies

4

1 52

3

1

2

3

4

5

Data Redundancy in Legal Limitations (DRILL) nodes: Database abstraction layer holding individually unreadable but collectively (across banks) complete pieces of encoded KYC files

Bank servers: Servers supporting all operations of Bank officers as well as interactions with customers

Blockchain nodes: Installations of the permissioned blockchainconnecting each bank to the ecosystem and holding audit trail of actions for regulatory purposes

Independent Customer Portal: Offers bank customers a holistic view of their shared data, its access rights and User Access Management (UAM)

nAMS: Enables creation of keys according to user access rights and encryption/decryption of data

8Confidential copy

DRILL deep-dive: a lof of the functionality in Fides is inspired by operational as well as legal requirements

A s t y a n a x

X x x x x x x x

x x x x x x x xx x x x x x x x

x x x x

x x x x

x x

x x x

x x x

x x

x x x

x x

1. Each field entered by the customer is encrypted by a separate private key

2. Platform ”breaks” data in separately unintelligible pieces

3. The encoded data pieces are spread across platform participants and allocated at an address derived by the customer private key they were encoded by

4. The Bank the customer onboarded is the only one with all the encoded data pieces as well as the key to decode them

Platform processing of customer input data

9Confidential copy

Customer experience, trust and data control are instrumental for banks to succeed in the digital age

Google, Amazon, Facebook and Apple have shifted significantly expectations around user experience

Increasing regulatory requirements around KYC/CDD mean onboarding is now taking longer using manual processes that not only makes customers unhappy, but it’s increasingly expensive for FIs

On-boarding is a key aspect challenger banks need to resolve, as they need to comply with all the AML/KYC regulations and show the step change in service they offer from the outset

Banks due to GDPR compliance will have to make sure their onboarding processes now function differently with regards to transparency, information, record keeping, as well as security of storage and access, etc.

Customers must be in charge of granting and revoking access to their own data, as well as editing and deleting it

Data must be portable, meaning that customers can easily transport information from one organization to another

Fides has gone through rigorous legal review and is compliant to all relevant EU regulations

Customer Experience & Compliance

Customers in control their

data

10Confidential copy

The impact of our platform is enormous, especially in areas with high duplication of efforts and low digitization

SOURCE: b-hive, Belfius AR 2016, KBC AR 2016, BNP Paribas Fortis AR 2016, Febelfin, Swedbank Corporate Compliance department; : UAE statistics; UAE Bank ARs 2016; Swedbank, Nordea, Handelsbanken, SEB 2016 AR; Bank Officer interviews; Thomson Reuters 2016 KYC survey; SCB data;

Preliminary outside-in analyses

Note: Our research incorprorated feedback from more than 40 interviews with Bank, Regulator, Obliged Entity and Corporate Treasury personnel. For full list of assumptions, please refer to appendix

262335

812

80140

452

0

100

200

300

400

500

600

700

800

900

Sweden Belgium UAE

KYC cost, excl. physical document handling, EUR mn

KYC cost Duplication element

% Duplication cost as share of total

%

130165

303

31 45

163

0

100

200

300

400

500

600

700

800

900

Sweden Belgium UAE

KYC cost, excl. physical document handling, EUR mn

KYC cost Duplication element

50%

62%

51%

68%

63%

64%

norbloc platform impact

Implementation of Fides employs three levers to reduce KYC costs by >50%:1. Workflow digitization2. Removal of duplication

of efforts between institutions

3. Monetization of KYC validation efforts between institutions and obliged entities

More importantly, client service will see an immediate positive impact and compliance departments and regulators will feel more empowered to combat financial crime

11Confidential copy

norbloc is working with top-tier international institutions in the most advanced implementations globally

• Pilot with Smart Dubai and 10 UAE banks with focus on Retail Customers

• Implementation with 2 global top-tier banks and one CEE leading bank on Corporates

Most advanced implementation globally with 4 European top-tier banks

Large Corporate Fides implementation in leading Nordic bank

Additionally, we are working with 3 other top-tier institutions in Europe and N. America in production implementations for Q1 2019 and have been involved in 3 nation-wide eKYC efforts

12Confidential copy

info@norbloc.comwww.norbloc.com