Could ICO identity compliance backfill IDaaS?
Identity as a Service (IDaaS) is not new. Jumio has offered services of identity confirmation for more than five years. It can take an image of a driving licence or passport or national identity card, where appropriate, and match the biometric details with a selfie enhanced by eye following (to ensure the image is not a static picture).
For electronic ID purposes this is broadly equivalent to going into a bank branch or a physical store. Jumio has, over the years, built up a customer base for IDaaS – from large enterprises seeking identity verification. These include banks, retailers amd more – as these seek to satisfy PCI, AML, KYC, GDPR and PSD2 with a solution that can span borders and ID types.
Now enter the ICO arena. A conversation with Jumio highlighted how the increasing interest in Initial Coin Offerings (ICOs), along with Bitcoin is, apparently, driving new business to Jumio.
Segmenting the ICO marketplace for IDaaS
Broadly speaking there are three ‘arenas’ pertaining to ICOs. These are places which:
- ban or heaviliy constrain ICOs and/or cryptocurrencies (for example, China and Turkey)
- implement light supervision of ICOs (for example, Singapore, Isle of Man, Gibraltar, Hong Kong and some other Asian countries)
- demand Know Your Customer (KYC) and potentially AntiMoney Laundering (AML) and non-terrorist compliance confirmation (typically the US, Canada, the UK and others).
This creates a challenge for fund raising and those who wish to offer ICOs have a decision to make. To choose the looser variety means less supervision and compliance. However, preferring tighter regulation observance can often mean increased confidence in the ICO issuer. Jumio say there is also a direct cost associated with IDaaS, from c US$3-US$30 per individual (person of business entity). (Jumio has a neat summary of AML/KYC considerations here.)
The ICO IDaaS compliance conundrum
To make matters more complex, the number of participants is an unknown quantity in advance for an ICO issuer. To open an ICO for public participation might draw in ten or thouands or even hundreds of thousands of interested entities. This means that the processing before granting an ICO issuance might cost (say) US$1M for 100,000 identity complance checks – or US$1000 for 100 compliance checks. It is the issuer, not the ICO subscriber, who pays for this.
In straightforward economic terms this should be a no-brainer. It is easier and cheaper to go for a ‘less compliant’ ICO route.
But two considerations counter this:
- there is the issue mentioned above, that increased confidence can produce a broader base of interest along with improved confidence that an ICO is dubious
- ICO issuers can protect themselves, by observing KYC and AML and other demands, from any assertion by regulatory authorities that an ICO is in fact a security and requires observance of strict compliance and regulation. (The case of Munchee is instructive in this context.)
What does this mean
Put another way, exploiting IDaaS can minimise the chances, or sizes, of fines or even jail time. These are powerful incentives. Combine this with the possibility of attracting greater interest, and therefore more money, in an ICO and the economic justification begins to alter.
Furthermore, crypto exchanges – like Coinbase and others – are showing ever greater interest. It s in their interests to take advantage of IDaaS services such as those offered by Jumio. They, the exchanges, can then document their observance of the necessary regulatory obligations. And, once completed for an individual, it does not require repetition by that exchange.
Which leads to the rather unexpected conclusion: ICO identity compliance may indeed backfill demand for IDaaS – and we may all be the safer for this.