Banking on blockchain: Poland moves 140m credit records onto Billon

Banking on blockchain: Poland moves 140m credit records onto Billon

Poland has become the first country to move banking records en masse onto blockchain.

Biuro Informacji Kredytowej (BIK), the largest credit bureau in Central and Eastern Europe, has partnered with distributed ledger specialist Billon to deploy a blockchain system for storing and securing access to over 140 million credit records, relating to 1.2 million businesses and 24 million citizens in Poland.

BIK is owned by the largest banks in the country, including PKO Bank Polski, mBank, ING, BGZ BNP Paribas, Santander, and Citi. Billon’s technology is designed to exchange money and data simultaneously, and relies on national currencies rather than the issue of cryptocurrency tokens.

The partners claim that the system effectively creates a commons that passes control over data back to citizens.

Regulatory approval

BIK and Billon partnered in late 2017 to develop a proof of concept for a solution that would provide a durable information medium that conformed to all relevant regulations, such as GDPR and the latest financial services rules, such as the Markets in Financial Instruments Directive II (MIFID II) and the Insurance Distribution Directive (IDD).

Eight Polish banks participated in trials which established that Billon’s blockchain architecture could scale to over 150 million documents every month, allowing even Poland’s largest banks to move to paperless customer service.

The solution “guarantees total visibility, trackable history, and full data integrity for any client-facing document, including bank and loan agreements, insurance claims, telephone bills, and terms and conditions”, said a joint announcement this morning.

Junking the legacy

Billon claims that its technology offers a 30 percent total cost of ownership saving on legacy drive-based solutions, and involves minimal upfront costs.

“We believe that blockchain technology will transform how the financial sector communicates sensitive data with clients,” said BIK president Mariusz Cholewa. “Our solution will soon be expanded to include electronic delivery with active confirmation and remote signing of online agreements.”

The technology has been approved for deployment following extensive consultation with the Polish Office of Competition (UOKiK) and Data Protection Regulator (GIODO), making it one of the world’s first regtech-compliant blockchain solutions.

Blockchain vs the right to be forgotten

One of the criticisms of blockchain is that its immutable nature – with every block of data containing a cryptographic hash of the preceding one – appears to clash with GDPR’s right to be forgotten (the right of citizens to have personal data permanently erased from an organisation’s systems). However, according to the announcement, the on-chain data storage system includes “a mechanism enabling the right to erase personal data”.

How data is either deleted, obfuscated, or rendered inaccessible was not made clear in Billon’s announcement, which also said, “once published, every document is retained regardless of what happens to the original publisher, so that the guarantee of long-term duration of storage time and unblockable access to information are independent from the status of the contractual relationship between the service provider and the user”.

Internet of Business asked Billon for clarification of how the blockchain can be made GDPR compliant with regard to the right to be forgotten. The company responded:

“The right to be forgotten is exercised by a patented technology solution that permanently destroys the ability for any party to access the private data in question. The data (and hash) remain on the blockchain without alteration or deletion, however no party can ever read the original content again. The blockchain retains a publicly verifiable record of all steps made by each party involved in the ‘right to be forgotten’ process, so you can check a document was uploaded and later made unreadable, but have no way of viewing the content of that document.

“The right is executed by a multi-stage approval process that requires agreement from a sufficient number of authorised parties (typically two, a citizen and a publisher, e.g. a bank). Our solution is digital, so in principle the entire right to be forgotten process can occur online. It’s up to the bank to define that process according to their own risk and compliance requirements. Some banks may require the client to call or physically come into a physical bank in order to prove their identity.”

However, Internet of Business believes that the right to be forgotten stipulates that data should be permanently erased or deleted, not rendered inaccessible. This remains a problem with blockchains, because a hash of all the original data would be identifiably different to a hash in which a citizen’s data had been erased under the right to be forgotten. As a result, it is possible to infer that the original data still exists by comparing the hashes.

In this sense, while Billon’s solution conforms to the spirit of GDPR, on the face of it is not compliant. We have put this point to the company and await its response.

Legal requirements

Of course, the right to be forgotten may be overridden by some organisations’ legal and fiscal requirements to retain certain types of data.

“The solution we have created with BIK provides the world’s first GDPR-compliant blockchain platform which can streamline customer service processes and manage the implementation of customer rights, such as the ‘right to be forgotten’,” said Andrzej Horoszczak, founder and CEO of Billon.

“Our partnership is the start of a true revolution in information management. Together we have shown that it is possible to move away from the constraints of closed central databases to a democratic blockchain-based internet where every user will be able to control his or her identity.

“This solution returns control of user data back to consumers, creating a level playing field between individuals and big corporations. The benefits of this solution can have an impact beyond the financial sector, and we anticipate that it will soon be adopted by institutions across industries such as telecommunications, insurance, and utilities.”

Plus: HSBC and ING deploy blockchain

In related news today, one of the partners in the Polish deal, ING, has been involved in another blockchain implementation. It centred on a trade finance transaction with HSBC on behalf of agrifood trading giant, Cargill.

The letter of credit (LC) was was executed on blockchain, using the R3 Corda platform, which enabled the transaction time to be reduced to 24 hours from the standard five to 10 days.

The LC was issued by HSBC, with ING acting as the advising bank on an export deal between Cargill Argentina and Cargill Singapore via other subsidiaries.

Internet of Business says

The notion of a credit bureau passing control of data back to citizens is both an exciting and intriguing one, and could point to a future in which the over-reaching power of credit reference and ratings agencies over people’s lives is finally brought into check. But whether the reality matches the claims is a different matter.

Either way, when Bank of England governor Mark Carney railed against cryptocurrencies and blockchain technologies in his February speech, which suggested the former were failing as money and the latter as trusted systems, it was obvious that events would move much faster than he anticipated.

And the ironies of the traditional banking system claiming to be trusted in the 21st Century weren’t lost on Internet of Business in our report, in the wake of trillion-dollar systemic bailouts and, since the financial crisis of 2008-09, multiple examples of fraud and market rigging by major banks.

The ultimate irony is that it is conceivable that blockchain systems may help banks to restore public trust. A number of new initiatives are certainly in development. For example, Batavia, the blockchain platform developed by IBM and a consortium of five banks, completed its first live test transactions last month.

Meanwhile, we.trade, a new platform for managing and tracking secure transactions between SMEs, is backed by nine banks and is aiming to launch in the autumn.

However, the recent rush to blockchain by insurance companies, supply chain managers, and the automotive and transport sectors, should still be treated with caution.

At present, blockchain remains a problematic technology, which replaces trust with slowness and complexity. The move to faster, leaner, less ‘block and chain’ spins on the distributed data concept, such as the Tangle / Directed Acyclic Graph (DAG) model, are promising and lie at the heart of some new alliances.

Here are some of our recent reports on blockchain: