The Singapore BIS Innovation Hub has completed the Project Mandala proof of concept (PoC), which aims to bring efficiencies to anti money laundering (AML), sanctions and capital flow management (CFM) compliance. It provides a technical solution, allowing banks to rely on checks performed by other banks in a privacy preserving manner using cryptography. Mandala can help with payments via the current correspondent banking network, where large value payments are regularly delayed because of compliance queries. It also supports upfront compliance checks, which are important for tokenized money and digital asset transactions.
The central banks of Singapore, Malaysia, Australia and Korea took part in Project Mandala.
Why compliance is such a burden
The Project Mandala report outlines some of the key drivers behind the need to make compliance checks more efficient. During the past ten years compliance regulations have grown at a rate of 15% per annum. That sounds like a large figure, but compounding that is even more shocking: it translates to four times the number of regulations compared to ten years ago. These increasing compliance costs have made banks more picky about the jurisdictions they deal with, resulting in some payment corridors having few or no correspondent banks, and making cross border payments expensive. Hence, the G20 cross border payment goals include improving compliance.
There’s another factor that we have not seen central banks sufficiently appreciate. Compliance checks and delays undermine trust in the banking system. The vast majority of compliance hold ups are false positives. In other words, average people and small businesses making legitimate cross border transactions have funds temporarily blocked or delayed, despite doing nothing wrong and despite the fact that it is their money. There’s a perception that some banks along the payment chain use compliance as an excuse to manage payment timing to manage their own liquidity.
This reduces trust in the banking system, because it gives the perception that money legitimately earned by the payer can potentially be held or taken away at the blink of an eye. It’s certainly not good for relationships between banks and their clients. This has contributed to the philosophical underpinnings of the cryptocurrency sector and particularly the desire to have self hosted wallets. It’s misguided to assume anyone who is self hosting is doing something dodgy.
For these reasons, steps to streamline the compliance process are important.
Project Mandala goals
“Mandala is pioneering the compliance-by-design approach to improve cross-border payments without compromising privacy or the integrity of regulatory checks,” said Maha El Dimachki, Head of the BIS Innovation Hub Singapore Centre. “We are optimistic about the potential of these early results to enhance cross-border payments.”
The PoC implemented two use cases. One involved cross border lending that included capital control restrictions. Another involved a company financing a capital project in a different jurisdiction.
A key goal of the project is to reduce regulatory uncertainties by doing compliance as part of the pre-validation phase. In order to achieve this, it standardized the formats of the regulations and policies. Mandala also aimed to be modular and usable across a range of scenarios, such as for Swift payments or tokenized payment using a wholesale CBDC (wCBDC).
From a functional perspective, the system has three aspects. Firstly, there’s a peer-to-peer encrypted messaging system for communications. The standardization aspect involved a Rules Engine, which required converting regulations into machine readable rules, with templates available to ease the process. Thirdly, there’s a proof engine, as in proof of compliance.
Proofs of compliance
There are two types of proofs, non-interactive and interactive. A non-interactive one might involve a public sanctions check. The first bank performs the check, and creates the proof that the check was performed, enabling the second bank to depend on that check. This involves Zero Knowledge Proofs (ZKP), where the first bank creates a cryptographic proof, which can only be queried by the other bank in a very limited fashion. In this case, the second bank would get a yes or no for the transaction passing public sanction checks.
Other types of checks might require both parties sharing information. Today a large amount of private or commercially sensitive data gets passed around by banks for compliance purposes. Using homomorphic encryption, perhaps that could be reduced. This type of cryptography allows each bank to encrypt data, and a computer runs a process on the data without the other bank getting to see the raw data. In the Mandala PoC, it involved the private client data being checked against the private sanction list of the beneficiary bank, also using multi party computation.
The BIS paper delves into how the cryptography works and we have a short primer here.
Working with digital currency
As part of the PoC, the compliance proofs were combined with Singapore’s concept of Purpose Bound Money. This involved wrapping wCBDC tokens with a policy wrapper smart contract restricting its use. The compliance proofs are created off chain to ensure privacy. The originating bank sends the wrapped wCBDC to the beneficiary bank. In order for the wCBDC transfer to proceed, each of the proofs must be verified by a verifier contract. Once verified and received, the beneficiary bank can optionally check the compliance proofs. The wCBDC is then unwrapped and is free to be used by the recipient bank.
We’d note that Project Agorá, the BIS cross border payment system involving seven central banks, also plans to do upfront compliance. It remains to be seen whether that will leverage Mandela as Singapore is not one of the jurisdictions involved in Agorá.
Powered by WPeMatico