Note: Smith + Crown has not interviewed the Traceto team as part of this summary. Some of our outstanding questions can be found at the bottom of the document. If we connect for a conversation, this summary will be updated.
Traceto is aiming to provide an ongoing KYC service, which combines feedback from a community of network participants to build individual profiles. Traceto is a distributed network of third-party identification verification providers, community input, and machine learning algorithms that collectively assign individuals KYC scores to attest to their identities. This allows other entities to verify identity without viewing personal identity documents, which remain encrypted. The Traceto.io token (T2T) will be used to compensate a network of Verifiers, who act as gatekeepers to users’ identity information (on behalf of corporate requesters or regulators) without having access to it themselves and to pay for KYC services. Of the 1 billion traceto.io tokens to be minted, 30% will be available throughout the token sale, with a total hard cap of 30 million USD. The oversubscribed private sale (9th February to 7th March) had a minimum contribution of $250,000 and secured $24 million in contributions. The public sale and initially set for April 4th 2018 but was delayed, and at time of writing, no new date had been issued. Traceto will be the first token sale listed on The Gibraltar Blockchain Exchange (GBX).
Traceto is aiming to provide an ongoing Know Your Customer (KYC) service, which combines feedback from a community of network participants to build individual profiles which are updated and reverified to ensure ongoing compliance. Those seeking to participate in token sales, or use exchanges, can benefit from the Traceto.io network via their DApp that facilitates KYC processes. One of Traceto’s founder’s existing businesses, Cynopsis, a Singaporean RegTech organisation with approximately 50 crypto clients, will act as an identity ‘Service Provider’. A network of verifier nodes on the Ethereum blockchain will contribute to the KYC processes by performing facilitating tasks, such as video One Time Password (OTP) verification. Verifier nodes will also deal with requests for user’s unencrypted identity information, should the user not grant permission themselves upon a request from a regulator, and perform other governance roles, such as voting to add or remove Service Providers. Typically, KYC regulatory compliance includes Counter Terrorism Funding (CTF) requirements, often enforced by screening state-issued IDs to ensure individuals are not flagged on international watch-lists. Anti-Money Laundering (AML) regulations demand information about how funds are appropriated and require ongoing reporting of any suspicious transactions.
The team hopes Traceto can improve what is often perceived as inconsistent, repetitive, and sometimes inadequate KYC processes employed by token sales. Many token sales perform KYC procedures in-house, manually inspecting identification information, usually in the absence of specialist knowledge or staff. The process can be viewed as an unwanted cost. This can inhibit ongoing compliance, due to a team’s unawareness of the need to continually revalidate compliance. Keeping KYC in-house can also present a security risk, depending on how projects store their collected data. Streamlining these processes will help crypto businesses perform them more efficiently and, if done properly, reduce their risks of running afoul of regulators in the future.
Traceto aims to ensure users’ privacy whilst confirming regulatory compliance. Upon accessing a crypto-exchange or token sale for the first time, the user will be redirected to the Traceto DApp and asked for the relevant identity information. The information provided by the user will be encrypted and stored ‘user-side’ in a vault, utilising a proposed distributed storage network where access will be controlled by the user or community of verifiers. The identity and CTF compliance Service Provider will be granted access to the decrypted documentation, such the risks that a user is a Politically Exposed Person (PEP) or similarly is involved in illegal activity, can be determined by screening documents against watch-lists and sanctioned persons lists.
Verifiers are incentivised to perform facilitating functions such as video OTP validation. Machine learning (ML) algorithms will be used to run Facial Recognition analysis on individuals IDs. AML procedures will include transaction monitoring. Algorithms can also analyse ongoing transaction data to take a potentially weighty burden off human administrators’ shoulders. Random sampling of transactions and community input will provide ongoing training data to for the ML algorithms; a refined system should help reduce false-positives when attempting to detect fraudulent or nefarious activities.
The network provides each user with a KYC score, which is a combination of the following weighted inputs:
- Score from an identity and CTF Service Provider (Cynopsis)
- ‘Social profile’ score from a community of verifiers
- ‘Trust rating’ from an Invited User, upon subject’s request to have a friend testify to their identity
- Score awarded from ML algorithms performing fraud and anomaly detection across users declared accounts
Verifiers will be able to vote to change the weights.
The Service Provider pushes its own encrypted scores to the blockchain via the Traceto DApp. Verifiers will have the responsibility for handling requests for user’s data external to the network, such as from regulators, and the ability to vote to add or remove Service Providers.
The Traceto verifier community is split into 2 groups. The Tracer Circle are those working in small sets to provide users with KYC scores. The Tracerian Circle have a high Proof Of Importance (POI) and handle appeals. Should a user be unhappy with the assigned KYC score, then recourse is to the latter group. Regulators requesting access to unencrypted documentation also appeal to the latter group, those verifiers with more at stake. The system is designed to demonstrate to regulators that due KYC has indeed been performed for a client without sharing the actual identity documentation. POI requires a T2T stake above the minimum amount. POI depends on the time for which the T2T has been held and the number of verifications provided.
Application of Blockchain Technology
Traceto is a distributed network for establishing user identity and performing the necessary monitoring and ongoing due diligence to achieve regulatory compliance. The network is composed of Verifier Nodes that facilitate KYC transactions, score users social profiles, vote on key network parameters, handle requests for access to unencrypted identity documentation and decide which Service Providers should serve the network. The Traceto.io network will be accessible via a DApp.
The ERC20 compliant T2T tokens will be the means of payment for KYC Service Providers (initially Cynopsis) from Corporate Requesters and the reward token for the Verifier Community for their support of the network.
Unencrypted identity information will be stored off-chain (Traceto proposes using a decentralised storage system with proof of replication and fault-tolerance), ‘user side’ within the application. Hashes of identity documentation will be stored on-chain, allowing continuous monitoring of individuals behaviour with zero-knowledge of the identifying particulars. By allowing regulators to observe the financial activity of specific users via a pseudonym, the regulators are required to make specific requests for unencrypted data. These requests will then be validated either by the user in question or the community of verifiers. Verifiers can securely vote to add or remove Service Providers, introducing a collective oversight.
MultiSig transactions will be leveraged to facilitate the community authorising access requests to unencrypted documents from KYC Service Providers or regulators. In the event that the user is unwilling or able to make identity information fully available to the requesting authorities, a combination of Assigned Verifiers will have the option to recombine the private key associated to the identity information using Shamir’s Shared Secret Scheme, should a designated threshold of combined secrets be achieved. The requestor will then be provided a hash pointing to the user’s KYC documentation.
Token Economy Overview
The Tracetotoken (T2T) will be used by corporations running KYC processes on users to compensate those processing the identity information and to maintain a community network of verifiers. Corporate Requestors (exchanges or token sales) pay for user’s KYC requests (and renewals) via the DApp in T2T in exchange for the user’s KYC score, associated to their public-key. These Corporate Requestors, who wish to utilise the Traceto DApp to streamline their KYC processes, will drive demand for T2T.
Verifiers will be required to stake T2T in order to earn T2T by providing verifications. The reward depends on the amount of T2T staked, as well as time held and verifications performed. There is a limit to the amount of T2T a verifier can earn for any specific transaction. This limit can be modified upon a vote from the Verifiers, should they sufficiently agree. This should drive scarcity, therefore increasing value along with demand. Once a verifier starts verifying, they will be compensated in T2T, which will be locked for a ‘predefined’ time (the setting of which will be crucial since it presents an opportunity/capital cost to prospective verifiers).
The Traceto team will own 250 million of the 1 billion Traceto.io Tokens (T2T) generated and they shall be subject to a 2 year lockup. Following, a further 45% of tokens will be allocated to the company reserve, marketing, operations and administration; the remaining 30% will be distributed in the token sale. The soft/hard cap limits are 15/30 million USD.
Timeline and Project Status
The public token sale was set for April 4th, 2018 but was delayed, with no new date announced. The whitepaper allocates $5 million for operations, development and marketing up to December 2018. The project is targeting a Q3 2018 testnet equipped with A.I.-enabled transaction monitoring, public governance and MultiSig storage. There will be $10 million held for 2019, targeting zero knowledge AML screening in Q2 2019 and a public system in Q4 2019. A remaining $15 million will be held for future development at the discretion of the management team. The estimated allocations for the use of contributions are: 50% for development and maintenance, 15% for operations, 15% for marketing, legal and admin, and 15% in the company reserve.
Hashed (formerly Blockchain Partners Korea), an esteemed blockchain community builder and impact investor, are an early backer of Traceto. The supporting regulatory tech expertise comes from Cynopsis, who already have approximately 50 crypto industry clients, with almost 10 times as many clients in total. The Traceto token sale on GBX is sponsored by Broctagon, a turnkey brokerage solutions company based in Hong Kong.The private sale goal of $24million was achieved and oversubscribed, leaving $6million, 60 million T2T, available for the private sale, presumably to be in high demand.
Cynopsis MD and Traceto Founder Chionh Chye speaks to GBX’s Nick Cowan in an interview about the upcoming sale and the opportunities to establish best practices GBX Nick Cowan, Chionh Chye Kit.
Peers and Competitors
Traceto’s acknowledge competitors, uPort, Civic, SelfKey, all provide variations on decentralised identity and KYC functions:
- uPort, backed by ConsenSys, provide messaging and identity protocols in addition to a self-sovereign identity app coming soon. uPort has performed a digital citizen registry[Zug].
- Civic similarly marketizes user data attestation, hopefully on rootstock, also incorporating biometrics.
- The SelfKey self-sovereign digital identity ecosystem includes identity assurance for corporations, for example; a start-up could manage their documentation from the SelfKey wallet.
A potential competitor not explicitly treated by Traceto in their whitepaper is Sovrin, a member of identity insurance consortium. Sovrin thinks Distributed Ledger Technology presents the opportunity for an internet ‘identity layer’, with ID data stewards supervised by a non-profit foundation. Distributed Identifiers (DIDs) allow global identities that do not need registering with a central authority. Since verifying a DID involves looking up a public key on a blockchain, essentially anyone can act as a verifier. This could reshape the KYC-as-a-service landscape significantly.
One of Traceto’s strengths is a unique focus on KYC compliance, but this will present a challenge as other protocols mature. More general decentralized identity initiative could come to replicate this functionality easily, or develop their own plug-ins for KYC compliance. Traceto is also unique in attempting to launch its own decentralized network of nodes. This makes the Traceto network more decentralized but also more resource-intensive to manage and govern. If it is successful, it could become the foundation for its own generalized identity protocol.
Traceto also promises that identity documentation will not be stored by Service Providers that receive it. Since, at least initially, it seems that all identifying information will pass through the same service provider, transparency will be instrumental to users trusting Traceto.
Traceto’s team boasts in excess of 50 years experience in regulatory technology and finance. Chionh Chye Kit, the founder and CEO of Traceto, is a cofounder and MD of Cynopsis Solutions, a RegTech100 company supporting the underlying KYC process. Chye Kit also founded and manages a regulatory compliance consultancy, CCK solutions. In addition to regular conference presentations and work on a crowd-sourced RegTech publication, Chye Kit advises Kyber.Network. In the past Chye Kit held senior posts in major financial firms, such as head of compliance in Asia for Macquarie Group. Dias Lonappan (CTO and co-founder) has experience developing application on the Bitcoin blockchain. The CEO of Kyber.Network and Ethereum evangelist Dr.Loi Luu is a technical advisor to the project. The Kyber.Network will integrate Traceto’s KYC processes [Kyber Blog].
- Sale terms (https://gbx.gi/docs/GBX-Token-Sale-Rules-v1.1.pdf)
- Participation instructions (instructions on traceto website, https://platform.gbx.gi/register)
- Github – N/A
Some Open Questions Smith and Crown would like to discuss should an interview be possible:
- What is the voting procedure for Verifiers wanting to add/remove Service Providers? Are there similar voting procedures for changing the maximum limit of T2T to be rewarded for a completed verification?
- Which ML algorithms do traceto intend to maintain Open Source?
- To the end of using ‘A.I. as a complement to the community’, where will these algorithms run and will they do so without a centralised pool of data?
- How will traceto ensure that Cynopsis, and other service providers, do not store the decrypted PII they receive?
- What raw data contributes to a user’s Social Ranking?