Polish banks to put millions of confidential records on blockchain


Peter Lee
Published on:

Distributed ledger technology could be answer to GDPR for banks worried their legacy systems will struggle to cope with customer rights over their records.

Billon’s chief executive Andrzej Horoszczak

Trading futuristic-sounding crypto-assets or conventional securities across new blockchain networks promising instantaneous transfer of value all sounds very exciting. Storing and updating millions of banking records, loan documents and terms and conditions, associated with insurance and other financial products, does not.

But the decision in May by the Polish credit office, Biuro Informacji Kredytowej (BIK), the largest credit bureau in central and eastern Europe (CEE), to implement blockchain for storage and secure access to sensitive customer information may eventually prove a far more significant shift in the technological underpinnings of global banking than the emergence of bitcoin futures or billion-dollar equivalent initial coin offerings.

BIK, which is owned by the largest banks in Poland, including Pekao, ING, mBank, Santander and Citi, tracks nearly 140 million credit histories of over 24 million people and one million businesses. As the Polish banking system grows, large volumes of new records are created and existing ones updated each month, placing an increasing strain on these banks’ creaking legacy back-office systems at a time of new data regulation and shifting customer expectations over speedy access to records.

Eight Polish banks have been in trials since last November with Billon, a Warsaw-headquartered blockchain technology company founded in 2012, which is also an FCA-registered e-money institution. Billon’s chief executive, Andrzej Horoszczak, founded the company with a vision for a revolutionary and disruptive instant payments system using distributed ledger.

But he now sees a big opportunity in data management to turn the blockchain from potential disruptor of the banks to a solution for a key back-office problem and new regulations governing data.

'Civilizing blockchain'

“We are an engineering company that aims to civilize the blockchain and remove the barriers to adoption of a technology that has often been associated with an anti-establishment community and with criminality,” Horoszczak tells Euromoney. “We have a very different message. We understand the banks and the challenges they face and so have been able to open a dialogue with them.”

Billon has on its board of directors Wojciech Kostrzewa, a former chief executive for CEE at Commerzbank and Andrzej Klesyk, former chief executive of PZU, the country’s largest insurance company.

Shifting its business model to a regtech play, Billon has built for BIK a document management solution that is fully compliant with the EU’s General Data Protection Regulation (GDPR). It guarantees trackable history, visibility and full data integrity for any client-facing document.

Instead of managing money across the blockchain, it is managing pdfs. That’s not exactly glitzy, but the core of banking never was.

“We believe that blockchain technology will transform client communications in the financial sector,” says Mariusz Cholewa, president of BIK. “Our solution will soon be expanded to include electronic delivery with active confirmation and remote signing of online agreements. It is also important that the solution meets legal requirements of a durable medium of information, as well as the EU GDPR requirements.”

Behind what’s been happening in Europe on data protection is really a pushback on consumer rights 
 - Andrzej Horoszczak, Billon

The benefit to banks is both reduced total cost of owning and managing all this data ­– by perhaps 30% – but also sharing the expense of complying with these new laws.

“Behind what’s been happening in Europe on data protection is really a pushback on consumer rights,” says Horoszczak. “Whenever customers had to deal with a corporation in the past, they had to submit their data as if they were supplicants and the company then took control of that data. It was what we computer nerds call server-side encryption.”

With the coming of GDPR, Horoszczak suggests: “We are now moving towards a much more level playing field with the EU legal definition of a durable medium for data storage requiring it be outside the control of a corporation, and that clients have perpetual access to time-stamped and immutable documents even after they cease to be customers of a company.

“The blockchain is like a common from which the client and the corporation each have equal rights to take and review documents, which are stored in immutable form so one side cannot change them and both sides have to agree to any new update,” he says.

Moving to blockchain technology stirred up a hot behind-the-scenes debate among Polish banks that worried that moving banking records off their own proprietary databases might inhibit their ability to go about their business of making money.

The banks asked Billion to work with both banking and data regulators on the new technology. Now it is proven. The eight trialist banks have established that it is scalable. Billon’s blockchain architecture could publish over 150 million documents every month. This would be more than sufficient for even the largest institutions to move to paperless customer service.

Full deployment will come in the third quarter of 2018. At least two of those trialist banks will be moving their entire historical store of documents onto the blockchain.

Tip of iceberg

And Horoszczak suggests this is just the tip of the iceberg. If a highly-regulated industry like banking adopts blockchain for trusted document management, then the next stop is telecoms companies, other utilities and insurance. Health will come next year.

“Say a patient goes for an X-ray. Then they want a second opinion. We are devising temporary encrypted keys that may allow a second doctor permission for say 24 or 48 hours to view that X-ray before the keys expire,” says Horoszczak.

This is a switch to client-side encryption. “Right now if a person needs to check a bank statement from five years ago, see a credit report, get a phone bill or review the terms on an insurance policy, they have to go to each of these companies in turn, log in and verify their identity data each time and retrieve it all piece by piece,” explains Horoszczak.

“Within a year it should be possible to log into one browser with your encryption keys and get your information. You can open documents on your mobile device and store them to read offline. We even have an application that will review the updated terms and conditions on a new loan, for example, and highlight for the customer exactly what has changed since the last time they took one out.”

On the permissioned blockchain Billon has devised for BIK there are nodes for certain privileged actors, such as regulators, to see who is accessing and reading which documents. There is also a technological solution for the right to be forgotten. This does not erase or change documents but, rather like ransomware, can overwrite the encryption so that, instead of being destroyed, certain documents may become impossible to access.

A trial in Poland now moving to full-scale adoption raises the question of what other sizeable markets may follow. Billon and Mitsui Knowledge Industry have already signed an agreement to collaborate in introducing Billon’s distributed ledger technology to Asian markets, including Japan.