WHITEPAPER - traceto.io · 13 Products & Services ... are finding it difficult to catch up with the...

01

v

W H I T E P A P E R

C O P Y R I G H T © 2 0 1 8 t r a c e t o . i o A L L R I G H T S R E S E R V E D

C H I O N H C H Y E K I T D I A S L O N A P P A N O O I G E N E Y A N * D A N P O H R O B I N L E E

* C O N T A C T A U T H O R ( G E N E @ T R A C E T O . I O )

V E R S I O N 1 . 2 6 ( 0 9 0 2 2 0 1 8 )

t r a c e t o . i o

T H E C H A L L E N G E

T h e t r a c e t o . i o N e t w o r k

How the traceto.io Network works

t r a c e t o . i o T O K E N H O L D E R B E N E F I T S

A B O U T C Y N O P S I S S O L U T I O N S

Join

BExchange /

Wallet / ICOs

A

KYC

KYC Result

KYC Result

Sends Documents

Payment + User Pub KeyFD E

traceto.ioNetwork

C

Encrypted Vault Storage with MultiSig Contract verified on the Blockchain

A userA who is interested to join an Initial Coin Offering (ICO) or ExchangeB is redirected to the traceto.io Decentralised AppC. The user proceeds to upload their documents, which are then encrypted and stored within the application. Consent from the User or Community CourtsD is required to view these documents.

This profile is then shared with our KYC providerF and our artificial intelligence algorithmsE. These algorithms are also used for transaction monitoring.

Know Your Customer (KYC) processes, which protect against Anti Money Laundering (AML) and Counter Terrorism Financing (CTF) violations, have seen inconsistent levels of adoption amongst crypto-related companies due to:

1. A false assumption that anonymity overrides the need to comply with AML and CTF regulations;

2. A low priority allocated to compliance due to its perception as a being a cost center;

3. A lack of budget and experienced compliance personnel to build watertight KYC processes.

Who are you?

What did you do?

Who are you not?

Are you still who you say you are?

Determining and verifying an identity e.g. passport, driving licence.

Monitoring transactions for suspicious activities, identifying source of funds.

Uncovering politically exposed persons (PEPs), sanctions or terrorists and profiles relating to averse media.

Performing ongoing due diligence as identity and client activities may change over time.

T H E t r a c e t o . i o K Y C F R A M E W O R K

N O T T O B E C O N S T R U E D A S A S O L I C I T A T I O N F O R S A L E S

G i v i n g o w n e r s h i p , m a n a g e m e n t a n d c o n t r o l o f t h e K Y C p r o c e s s e s b a c k t o t h e p e o p l e

Based on our experience in the Financial, RegTech and Blockchain industries, we have developed the traceto.io KYC Framework whereby the KYC problem has been distilled into 4 fundamental questions defining how an entity should know their customer:

C Y N O P S I SC R Y P T OC L I E N T S

1. Projected high demand, driven by consumption from an increasing number of ICOs and Exchanges, and tighter AML and CTF regulations.

2. Ease of onboarding as various Exchanges and ICOs participate in the T2 network. Cynopsis Solutions has an existing pipeline of 50+ crypto clients.

traceto.io is powered by Cynopsis Solutions Pte Ltd., a RegTech company founded and based in Singapore. We help clients with regulatory requirements including anti-money laundering (AML), counter terrorism financing (CTF) and other KYC related procedures.

By addressing these challenges, implementing our framework, and fusing smart contract and artificial intelligence technologies, the traceto.io Network provides the first inclusive “real-world” standard KYC solution for the virtual world

S U M M A R Y

T O K E N O M I C S

R O A D M A P

Indicative and Strictly For Discussion Only. Subject to change without prior notice.

t r a c e t o . i o E D G E

T H E F O U N D I N G T E A M O U R A D V I S O R S

Referenced and sourced from respective whitepapers and websites

N O T T O B E C O N S T R U E D A S A S O L I C I T A T I O N F O R S A L E S

Civic uPort Selfkey traceto.io

Know Your Customer

Identity Attestations of PII Attestations of PII Attestations of PII Attestations of PII + social info via community

AML, CTF, Credit Worthiness, Product Suitability

AML and CTF Unknown AMLAML and CTF initially, Credit Worthiness and Suitability eventually

Compliance Experience amongst Co-Founders and Advisors

Unknown Unknown Unknown 50 years across Compliance and RegTech

No. of Existing Crypto Clients Unknown Unknown Unknown > 50 global Cryptos / ICOs via Cynopsis Solutions

Design as a Reputation System

Data Consent Only User Only User Only User User / Community Court

Value Scored By Utility Service Utility Service Utility ServiceService Providers + Community of Verifiers (social profile) / Court System

Jurisdiction US US Mauritius Singapore

Technology & Security

Artificial Intelligence / Deep Learning

Unknown Unknown UnknownAnomaly detection, facial recognition and similarity, community as a feedback mechanism

StoragePII’s Stored at User Side. Data Sent to Provider

PII’s Stored at User Side. Data Sent to Provider

PII’s Stored at User Side. Data Sent to Provider

PII’s Stored at User Side and Off Chain with hash on chain. MultiSig Storage which upon quorum from court can open. Data Sent to Provider removed after usage

Chain RootStock Ethereum Ethereum Ethereum initially. Cross Chain Scores later.

Q1 2018 Q2 2018 Q3 2018 Q4 2018 Q1 2019 Q2 2019 Q3 2019 Q4 2019

Launch of ICO site

ICO Complete

Public System

Testnet with APSCommunity system,

UI/ UX in progress

Testnet with CAPSWeb and mobile apps

complete

traceto.io Network Launch

Full ZCAPS MainNetZero knowledge AML screening complete

Video OTPPublic governance test

Chionh Chye Kit Dias Lonappan Ooi Gene Yan Robin LeeDan PohCEO & FounderCynopsis (Co-founder & MD)Kyber Network (Advisor)RegPac Revolution (Advisor)ICTA / SFA (Lecturer)Compliance, Regulatory & Audit – 20 Yrs

CTO & Co-founderFintech/Blockchain CTO – 5 YrsKYC & Credit – 3 Yrs

Chief Data Science Officer & Co-founderShentilium (Co-founder & Product Architect)Machine Learning SpecialistRegTech – 2 Yrs

Chief Marketing Officer & Co-founderCynopsis (Sales Director)FintruX (Advisor)FidentiaX (Advisor)Compliance, Regulatory & FICC

Prof. Ooi Beng ChinTechnical AdvisorChair Professor, NUS SOC

Dr. Loi LuuTechnical AdvisorCEO of Kyber

Nizam IsmailRegulatory AdvisorPartner at RHT Law

Wong Lee HongBusiness AdvisorExecutive Advisor to Kyber

Co-founderInzsure (CXO)GRC Tech (Board)Silicon Valley – 6 YrsWall St – 4 YrsCompliance/ RegTech - 8 Yrs

© 2 0 1 8 B Y T R A C E T O . I O P T E L T D t o k e n s a l e @ t r a c e t o . i o

Team250,000,000*

25%

Company300,000,000

30%Marketing, Ops and Admin

150,000,00015%

Token Sales300,000,000

30%

traceto.io Token (T2T)

No. of Tokens: 1 billion

Hard Cap: 30 million USD

*lock-up period over 2 years

Simon KimBusiness AdvisorCEO of Hashed

04

18 Competit ive Landscape

19 The traceto. io Token

20 T imel ine and Pathway

21 Founding Team and Advisors

22 Legal

C O N T E N T S

05 Present & Future

06 Introduction

07 What is K YC ?07 traceto. io's Focus08 Pro blems with KYC

09 The World of Cr yptocurrencies

11 The K YC Problem

13 Products & Ser vices13 Over vie w1 4 DApp Ecosystem1 5 Blo ckchain Speci f icat ions1 7 A . I . Speci f icat ions

04

05

P R E S E N T

F U T U R E

Evolution of digital assets will continue to have a large impact on the financial industry. The pseudo-anonymous nature of digital assets and lack of coherent regulation creates compliance challenges. A privacy preserving yet compliant solution is needed.

Know Your Customer (KYC) processes are relatively immature compared to other banking and financial markets protocols. To date, not all banks are fully compliant and smaller players struggle with rising regulatory costs.


06

I N T R O D U C T I O N

Over the last decade, anti-money laundering (AML) and countering terrorism financing (CTF) measures have cost the banking and finance industry at least USD 321 billion annually since the Global Financial Crisis1. While larger firms have been able to weather the rising cost of compliance, many smaller banks and financial institutions are unable to become fully compliant with the AML and CTF regulations. Even amongst larger firms, there have been a series of high profile investigations, some of which have resulted in hefty fines for the parties involved. Globally, this poses a challenge as the number of AML and CTF cases continue to rise.

Preface


Convoluting the issue is the evolution of the digital world. In particular the boom of cryptocurrencies, which are designed around preserving the anonymity of transacting parties, further add to the regulatory burden faced by financial institutions of all types and sizes. It is not only financial institutions that struggle; regulators themselves are finding it difficult to catch up with the advancement of technology and how these are being used to facilitate illicit activities. Though cryptocurrency technology is still in its infancy stage, many regulatory bodies have been slow to fully comprehend its potential implications on AML and CTF. As a result, many regulators present a conservative stance against the adoption of such technology.

We offer an inclusive KYC solution to cryptocurrency market participants, enabled by fusing smart contract and artificial intelligence technologies. Leveraging on over 5 decades of experience in compliance amongst the founding team and advisors, traceto.io seeks to revolutionise the e-KYC process, bridging the gap between physical and virtual world KYC processes.

Know Your Client (KYC) processes, which protect against AML and CTF violations, has seen various levels of adoption amongst cryptocurrency related companies. The inconsistent levels of compliance in the cryptocurrency industry can be attributed to 3 factors; (1) there is a gap between real world and virtual world compliance regulations, and companies knowingly or unknowingly exploit this, (2) compliance is seen as a cost center and is given a low priority in fast growing, profit oriented cryptocurrency corporates, and (3) the lack of experienced compliance personnel to build watertight KYC processes in these companies.

Source1. Staying The Course in Banking, The Boston

Consulting Group, 2017

07

W H A T I S K Y C ?

Know Your Customer (KYC) involves the set of processes where an organization demonstrates to regulators that they have assessed various risks, including money laundering, terrorism financing, credit worthiness and product suitability prior to and throughout any business relationship with the customer.

Anti Money Laundering regulations are designed to emplace controls that guard against the flow of illicitly obtained funds through the financial system.

Counter Terrorism Financing refers to the set of controls aimed at eliminating the flow of financial resources to terrorists and terrorist organizations.

Product Suitability controls are intended to prevent the sale of financial products to clients’ on the basis that their risk, investment or credit profiles are not suited to the financial products being sold.

Credit Worthiness checks prevent lines of credit and margin from being extended to clients’ that are unlikely to be able to meet repayments.

Anti Money Laundering (AML) and Counter Terrorism Financing (CTF)

a Product Suitabilityb

Credit Worthinessc

Initially, traceto.io will focus on addressing AML and CTF problems, the current pain points for many crypto-related businesses. Over time, the scope of the traceto.io Network will evolve to address questions related to Product Suitability and Credit Worthiness.

traceto.io’s Focus

K Y C F U T U R E D E V E L O P M E N T

A M L & C T F

• Know Your Employee • Know Your Supplier

• Product Complexity

• Customer Knowledge

• Product Disclosure

• Customer Separation

• Facial Recognition

• Optical Character Recognition

• Video Recognition

• Check against Databases

• Transaction Monitoring

• Source of Funds

• Ongoing due diligence

• Revalidation

• Credit Profile

• Bankruptcy Search

• Credit Rating

• Litigation Search

P R O D U C T S U I T A B I L I T Y

C R E D I T W O R T H I N E S S

Profile Blacklist Screening

Associated Actions Updating of Profile


08

Since the Global Financial Crisis, both regulators and businesses have stepped up KYC standards. With the rise of ISIS and other faces of terrorism to prominence, relevant bodies are also paying more attention to AML and CTF

Many financial institutions and market participants have been reluctant to move towards E-KYC. Non face-to-face onboarding requires additional due diligence to be conducted on the client as regulators view this as increasing AML and terrorism financing risks. However, the supplementar y procedures to be performed are not standardized and vary across jurisdictions.

Much of today’s KYC processes are manual. Customers fill up a variety of forms and declarations before being granted access to the services they require. There is a potential loss of revenue from clients who find the KYC process too tedious. Since there are many different personnel and functions involved in the KYC process, manual KYC is often inefficient and error-prone.

Analog KYC processes are those which are conducted and stored on physical documents. These incur extra costs related to the creation, preser vation and destruction of paper-based records. Analog KYC processes also present compatibility issues as the parent organization seeks to digitalise and move to electronic KYC.

E-KYC

Manual

Analog

processes, a large subset of the KYC umbrella. The current KYC process, while sufficient, are grossly inefficient. There are 3 problems identified with the current processes:

P R O B L E M S W I T H K Y C

The current KYC processes are grossly inefficient and many of its shortcomings can be overcome by using blockchain and blockchain related technologies. The rise of cryptocurrencies and digital asset classes will demand more efficient KYC, AML and CTF procedures.

08


09

T H E W O R L D O F C R Y P T O C U R R E N C I E S

2017 was a phenomenal year for cryptocurrencies. A meteoric rise in price coupled with an increased focus from mainstream media has resulted in varying responses from regulatory bodies across the world. The most common approach adopted by governments is to err on the side of caution.

Non-fiat currencies present increased risk of illicit activity funding. In May 2013, Liberty Reserve, a centralized digital currency service, was closed by the US government for money laundering1. A few months later, the FBI shut down Silk Road, one of the first modern darknet markets2.

While the FATF has issued several guidelines over the years, governments vary on their stance with regard to cryptocurrencies. Recent developments related to regulations on cryptocurrency and ICOs span from outright bans to supportive licensing.

Many crypto companies do not meet KYC standards traditionally required by financial institutions. Furthermore, these companies are founded by persons with technology or business backgrounds, who may not be equipped with the right tools and expertises to keep up with the evolving compliance regulations.

We recognize two issues; first, from a compliance standpoint, there is a need to bring balance between regulators, businesses and consumers. Second, the gap in the current AML, CTF and KYC processes governing cryptocurrencies and ICOs needs to be filled. Addressing these two issues will aid the adoption of cryptocurrencies, and effectively bridge traditional and crypto businesses.

Sources:1. Founder of Liberty Reserve Pleads Guilty to Laundering More Than $250 Million, The United States Department of Justice2. Arrest in U.S. Shuts Down a Black Market for Nacrotics, The New York Times


10

T H E W O R L D O F C R Y P T O C U R R E N C I E S

10

Gibraltar

USA

UK

Singapore

Korea

Hong Kong

Japan

China

• Issued guidances

• Setting up crypto-exchange

• Treasury is considering a digital USD with an emphasis on CTF & AML

• Planning new legislation to aid AML and CTF measures

• Warned about scams, money laundering and securities legislation

• Issued restrictions on cryptocurrency trading

• Warned about scams, money laundering and securities legislation

• Issued licenses to 11 exchanges

• Blanket ban on ICO and cryptocurrency exchanges

Acceptance Neutral Resistance


11

T H E K Y C P R O B L E M

At traceto.io, based on over 5 decades of Compliance experience in banks and RegTech startups, our team has distilled the KYC problem into 4 fundamental questions defining how an entity should know their customer:

An identity card, passport and driver’s license issued by governments are all physical proofs of an identity. The effectiveness of such proofs as a demonstration of identity is limited by the lack of standardisation across countries and jurisdictions, save for the International Standards Organization (ISO) passport formats. Often, identity owners will find themselves needing to repeat the same identity verification processes, even when consuming similar services from different providers. Common uses of identity include registering with healthcare providers, purchasing residential properties, opening of new bank accounts, buying insurance

While physical identities have served their purpose over the last few centuries, we believe a more effective and digitalized form of identity will soon take its place.

The screening process also serves as protection against potentially high risk customers during onboarding. Thus, the KYC process also contains the question “Who Are You Not”. The 3 broad categories of profiles that requires attention are: Politically exposed persons (PEPs), sanctioned persons or terrorists, and profiles with adverse media.

Who Are You?

Who Are You Not?

products and travelling between country borders. An identity document, regardless of form, typically includes the following information about a person:

P O T E N T I A L L Y H A R M F U L

Alleged scandals or criminal charges against the accused may turn out to be true. Dealing with seemingly malicious profiles can give companies a bad reputation

Adverse Media

F I N A N C I N G O F T E R R O R I S M

CTF processes should help prevent terrorism by blocking its source of financing. There are currently international watch dogs which help coordinate anti-terrorism financing efforts

Sanction & Terrorist

M O N E Y L A U N D E R I N G

Politicians are more likely to be linked to money laundering, corruption and evasion of taxes

N O N - S T A N D A R D I S E D T R E A T M E N T

Scrutiny of PEPs vary across countries and companies

PEPs

2. Photograph

3. Date

of Birth

1. Name4.

Nationality

5. Issue Data

“An Identity”(1)


12

In accordance with international KYC standards prescribed by Financial Action Task Force (FATF), ongoing due diligence is paramount in effective AML, CTF and KYC processes. It ensures that companies are not dealing with customers that have become non-compliant with regulatory standards.

Although there is no prescribed frequency for which a company should refresh its customers’ profiles, companies should adopt a risk-based approach with constant vigilance to address terrorism financing and money laundering risks.

The final aspect of KYC relates to transactions. Banks and financial institutions are obliged to perform an additional customer due diligence process known as transaction monitoring. Transaction monitoring helps identify large, unusual or suspicious patterns of dealings carried out by the customer.

For example, a large deposit of fiat currency would likely be flagged in a bank or financial institution. For a cryptocurrency exchange, monitoring transactions and verifying the source of funds is more complex.

Are You Still Who You Say You Are?

What Did You Do?

T H E K Y C P R O B L E M

The question regarding the reusability of KYC records presents both a challenge and an opportunity for the industry. While it is possible for a customer to be subject to the initial set of KYC checks by a company, it does not fulfill current international standards if such KYC checks are re-used by subsequent companies without re-validating these records. The passage of time may render the previously checked profiles out-of-date, resulting in an increased AML or CTF risk.

Proving the source of funds and identifying wallets that are dubious, fraudulent, or publicly flagged as scams may be challenging for new crypto market entrants such as ICOs.

As AML and CTF requirements are enhanced in the cryptocurrency industry, one of the issues to be tackled will be wallets and exchange operators needing to put in place a robust ongoing transaction monitoring of their clients’ activities.


13

P R O D U C T S & S E R V I C E S :O V E R V I E W

Combining over 5 decades of experience across compliance, technology and finance, traceto.io’s mission is to create a virtual KYC platform that will allow the decentralised ecosystem to comply with KYC related regulations. KYC standards in the cryptoworld are still being developed and traceto.io will leverage off its founders’ experience in compliance and regulatory technology to preempt and satisfy upcoming regulations.

traceto.io is a decentralised digital KYC network that gives ownership, control and management of KYC processes back to the community. It intends to provide incentives to users to organize themselves in a symbiotic relationship with each other that guarantees privacy yet complies with regulatory requirements.

An ERC 20 token, the traceto token (T2T), will be issued. This utility token is the primary token used for traceto.io’s smart contract.

Know Your Customer systems of yesterday present a myriad of problems. Issues include data security, lack of efficiency and privacy, data siloing, unstable outcomes of KYC, vulnerability to social engineering and a lack of reusable KYC.

The world is moving towards decentralization. In this new world, an application cannot be owned by an individual or an organization, especially when that application deals with the privileged personal information. Such aggrandization of power has great potential to result in systemic abuse from both internal and external factors.

Thus, a system that is decentralised, privacy preserving, and self-sustaining is called for.

JoinB

Encrypted Vault Storage with MultiSig Contract verified on the

Blockchain

A

KYC

KYC Result

KYC Result

Sends Documents

Payment + User Pub Key

ED F

traceto.io Network

C

Exchange / Wallet / ICOs

A Corporate Requester is an ICO, Exchange, or other crypto business that requires KYC services of the traceto.io Network. A membership smart contract entitles the Corporate Requester access to the scores of users who have undergone the KYC process, for a fixed period of time. Access is granted only to the User's Public Key and Score. The Corporate Requester can also onboard new Users not yet known to the traceto.io Network.

A User is an individual who is onboarded with the traceto.io Network. This onboarding is completed by uploading Personally Identifiable Information (PII) and passing screening and liveliness tests. Ongoing due diligence and transaction monitoring is continuously carried out.

A Verifier is a trusted User who stakes some T2T to gain the opportunity to earn T2T by performing KYC related tasks. Verifiers undergo stricter background checks, screening and ongoing due diligence. These Verifiers also serve as gatekeepers

to the Users’ data. The data, stored in the secure encrypted vault, can only be decrypted either by the Users themselves or upon quorum from the Verifiers and Requester.

A userA who is interested to join an Initial Coin Offering (ICO) or ExchangeB is redirected to the traceto.io Decentralised ApplicationC. The user proceeds to upload their documents, which are then encrypted and stored within the application. Consent from the User or Community CourtsD is required to view these documents.

This profile is then shared with our Artificial Intelligence algorithmsE and our KYC providerF. These algorithms are also used for transaction monitoring, which is part of the “What Did You Do?” question.

The Community and KYC providers help us answer the questions “Who Are You?”, “Who Are You Not?”, and “Are You Still Who You Say You Are?”.


14

B . R e q u e s t e r

1. Make Payments in T2T

2. Create & Sign Decrypt Docs, Request

3. Read Users Status & Score

P R O D U C T S & S E R V I C E S :D A P P E C O S Y S T E M

1. The user attempts to join an Exchange or ICO

2. Redirects to the traceto.io App

4. Send info to KYC Provider(s) to verify PII

3. Store hashes and assign Verifiers to verify social information

5. Send KYC scores

6. Send social scores

7. Requester then fetches the score

8. (Optional) In case of regulator request to see due diligence on a particular customer

9. The Community may agree to give access to decrypted documents. The Community cannot see the decrypted documents, they can only approve the request to view.

O F F C H A I N I N T E R A C T I O N O N C H A I N I N T E R A C T I O N

A . U s e r

1. Liveliness test and upload PII

2. Wallet creation

3. Encrypt documents using a DataPubKey from BIP44 wallet

4. Auto deduct from Requester’s credits and send to Provider

5. User invites a friend to verify

6. User is assigned a set of Verifiers

7. Apply Shamir’s Shared Secret Scheme on DataPrivateKey and share with Verifiers

8. Store hash of document location encrypted with RequesterPubKey

and document hash on chain

1. Incoming T2T from Requesters

2. Outgoing T2T to Users

3. Outgoing T2T to Verifiers

4. Outgoing T2T to Service Providers

Ethereum Virtual Machine

1. Join

2. <UserexchPubKey, RequesterPubKey>

Users

5. Send KYC score

4. KYC module

3. Store hash & assign Verifiers

7. Fetch scores8. Request decryption

6. Send social score9. Grant access to decrypt

documents

D . S e r v i c e P r o v i d e r

KYC / Real World Data

1. DApp directly sends the decrypted info to a configured third party provider. Cynopsis will be the initial provider.

2. Calls contract with updated Score

MultiSig Encrypted Storage (Document storage)

C . V e r i f i e r s

1. Handle external requests for User’s data, judge, decrypt

2. Score a User based on social profiles

3. Vote to add or remove Provider

4. Vote to change score weights

Community

ICOs / Exchanges / Others

15

P R O D U C T S & S E R V I C E S :B L O C K C H A I N S P E C I F I C A T I O N S

This Decentralised Application (DApp) is the User’s main interface to the traceto.io Network. The onboarding process begins by asking the User to upload his Personally Identifiable Information (PII) and pass a liveliness test. The PII is then encrypted and stored in a secure encrypted vault as described on Page 16.

The KYC score for a User is composed of at least the following components:

Score ‘α’ is provided by an identity or CTF screening Service Provider such as Cynopsis. Screening through various sanctioned persons and terrorism watch lists is performed here to address the “Who Are You Not” question.

Next, the DApp assigns Verifiers from the community to the User. These Verifiers look at the social profile of the User and assign him a score ‘β’.

The User is also able to request a friend (termed an Invited User) to verify his liveliness by asking the Invited User to assign him a trust rating ‘ɣ’.

The score ‘δ’ is awarded by machine learning algorithms after performing anomaly and fraud detection on transactions performed by the User’s declared accounts.

The User can appeal against these scores by creating a contract request. This will then go to a subset of Community Verifiers for a final decision.

A weighted combination of α, β, ɣ, δ produces the final KYC score.

User DApp Corporate Requestor DApp

The DApp gives Corporate Requesters an interface to pay for Users’ KYC requests and renew them upon expiry. It gives access to the User’s public key and KYC score.

Furthermore, there is a contract function by which a business can initiate a request to decrypt a client-user’s document. This feature is designed to handle situations where an exogenous (out-of-network) request for a User’s data occurs. For example, a regulator investigating criminal behavior may ask the business for a particular client’s documents and proof that the business had indeed conducted KYC procedures on this client. The use of this feature requires approval from either the client himself or a quorum to be achieved from the Community to allow access to the specified data.

Community

Service Provider DApp

This DApp allows Verifiers to conduct social verification of new users, apply to become a Verifier, handle requests from Requester parties to view User’s documents, and perform other governance roles.

We subdivide our Community into two circles. The Tracer Circle is a small subset of Verifiers assigned to each user. These Verifiers handle day to day KYC scoring requests. The Tracerien circle is a set of Verifiers who have a high Proof of Importance defined on page 16. They handle appeals such as regulator access and appeals raised by Users.

Verifiers are trained by the traceto.io Network via a gamification of the KYC process. New Verifiers start at a novice stage and work through progressively trickier scenarios. Completing the game ensures Verifiers have received enough compliance training to competently perform KYC related tasks.

This interface allows a Service Provider to check received information and to call the contract with updated scores. The scores will be encrypted with the RequesterPubKey and pushed to the chain.


16

Counterparty Risk and Homomorphic Encryption

MultiSig Encrypted Storage

In order to further reduce the counterparty risk of having data compromised at any single point of contact, the development of search over encrypted data is proposed.

Proposed Solution: Using a scheme such as Searchable Encryption1, 2, Homomorphic Encryption3, or an Oblivious Method will allow the data to never leave the encrypted space. This would initially be applied against publicly available databases only.

traceto.io requires the community to have the right to grant access to a User’s documents to a Requester. For this purpose, the community needs to be able to give access to the vault which belongs to that particular User. If the User is still an active participant in the community, this problem is trivial, since the User may choose to grant access himself. However, situations may arise whereby the absence of the User occurs. An example is regulators requesting the KYC information of suspected terrorists or money launderers.

Proposed Solution: The User uploads PII to the DApp which encrypts this information using a newly generated public key DataKeyPub of the User. The data is then stored on a decentralised file system or a similar framework that has decentralisation, proof of fault tolerance and proof of replication.

The corresponding DataKeyPrivate is split using Shamir’s Shared Secret Scheme4 and entrusted to different combinations of Assigned Verifiers. Only with the combined secrets reaching above a certain threshold can the decryption key be recovered. These keys are passed via the DApp to the Requester. Only the Requester will be provided a hash that points to the User’s KYC documents. Upon vault opening, the traceto.io Network is updated and the affected User is notified.

P R O D U C T S & S E R V I C E S :B L O C K C H A I N S P E C I F I C A T I O N S

Modified Proof of Importance

Part of the process to become a Verifier involves staking T2T. There will be a minimum T2T amount that is required in order to continue functioning as a Verifier. Once the Verifier starts performing KYC tasks, he will be rewarded with T2T. These tokens will be locked for a predefined amount of time before becoming transferable.

The amount of tokens that are given to a Verifier for performing KYC related tasks depends on the amount of T2T that the Verifier staked, the amount of time it has been held for, and the number of interactions (verifications) that the Verifier has completed. A Verifier’s reputation can go down if a decision the Verifier made was successfully appealed against. There will be a maximum limit a particular Verifier can earn per interaction. These limits are set to promote more decentralization and can be modified upon reaching a quorum from the community.

References1. Boneh D, Crescenzo G, Ostrovsky R, Persiano G. Public key encryption with keyword search. In: Cachin C, Camenisch J, eds. LNCS 3027. Heidelberg: Springer-

Verlag, 2004. 506−522.2. Song D X, Wagner D, Perrig A. Practical techniques for searches on encrypted data. Security and Privacy, 2000. S&P 2000. Proceedings. 2000 IEEE

Symposium on. IEEE, 2000: 44-55.3. Gentry, C. Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st ACM Symposium on Theory of Computing – STOC 2009, pp. 169–178.4. Adi Shamir. How to share a secret. Communications of the ACM 1979, v.22 n.11, p.612-613.


17

P R O D U C T S & S E R V I C E S :A . I . S P E C I F I C A T I O N S

Artificial Intelligence and KYC

Open Sourced Algorithms

Artificial Intelligence and the Community

Recent advancements in artificial intelligence have permanently changed a plethora of applications and industries. Machine intelligence also presents us with an interesting opportunity to use both deep learning and traditional machine learning to democratise the Know Your Client process. Convolutional Neural Networks and Siamese Networks are algorithms which are useful in facial recongnition and determining facial similarity. Many filtering and clustering methods are applicable in the areas of transaction monitoring and fraud detection.

Various competitors require authorisation by a central authority or government, which runs contrary to our belief that KYC procedures should be owned by the community. Even in competitors that utilize A.I., many only use A.I. to automate certain processes. traceto.io performs the aforementioned, and also seeks to use A.I. as a complement to the community.

We seek to adopt, develop and improve on various algorithms for a number of purposes, such as facial recognition and similarity, suspicious and fraudulent transaction monitoring, and reputation scoring. Importantly, we attempt to open source as many of these algorithms as possible, allowing the community to audit and improve on the A.I. tools involved in solving the KYC Problem.

Our vision for Artificial Intelligence in our application is to have it work hand in hand with the community, who will always have overarching control over the entire platform. While we rely on several A.I. techniques to aid in answering the 4 KYC questions, we also build in a feedback mechanism whereby randomly sampled transactions are compared with input gathered from the community to assess the correctness of the algorithm. This provides the community with two main benefits: (1) an added layer of protection against false positives and negatives, and (2) a constant stream of feedback for the various algorithms to improve on.


18

C O M P E T I T I V E L A N D S C A P E

Civic uPort Selfkey traceto.io

Know Your Customer

IdentityAttestations of PII

Attestations of PII

Attestations of PII

Attestations of PII + social info via community

AML, CTF, Credit Worthiness, Product Suitability

AML and CTF Unknown AMLAML and CTF initially, Credit Worthiness and Product Suitability eventually

Compliance Experience amongst Co-Founders and Advisors

Unknown Unknown Unknown50 years across Compliance and RegTech

No. of Existing Crypto Clients

Unknown Unknown Unknown > global 50 Cryptos / ICOs via Cynopsis Solutions

Design as a Reputation System

Data Consent Only User Only User Only User User or community court

Value Scored ByUtility Service Providers

Utility Service Providers

Utility Service Providers

Service Providers and community of Verifiers

Jurisdiction US US Mauritius Singapore

Technology & Security

Artificial Intelligence / Deep Learning

Unknown Unknown Unknown

Transaction monitoring, fraud detection, facial similarity and recognition with community feedback

StoragePII stored at User side

PII stored at User side

PII stored at User side

PII stored at User side and off-chain with hash on-chain. MultiSig Storage which upon quorum from community court can be opened

Chain RootStock Ethereum EthereumEthereum initially, cross-chain scores eventually

ReferencesChampion de Crespigny A et al., Design Considerations for Decentralised Reputation Systems, A White Paper from the Rebooting the Web of Trust IV Design Workshop, 2017


19

T H E t r a c e t o . i o T O K E N

The design of the traceto.io Network requires a token whose value is implicitly linked to the growth and adoption of the Network. Mechanisms used to reward good behaviour and promote expansion need to be tied solely to the success of the Network. A utility token owned by the traceto.io Network is required.

An ERC 20 token, the traceto token (T2T), will be issued. This utility token is the primary token used for traceto.io’s smart contract.

The traceto.io Network charges Requesters T2T to obtain KYC services for their customers. In order to become a Verifier, Users are also required to stake a certain amount of T2T. This stake will be a small initially, but increase as the number of Users and Verifiers increase. Rewards to Verifiers for performing KYC tasks are paid in T2T. Invitation bonuses are also awarded in T2T.

Projected high demand, driven by several key market trends. Firstly, the crypto industry is projected to continue to grow in the year 20181. Secondly, authorities are likely to begin introducing regulations that affect both cryptocurrency and Initial Coin Offering mechanisms2. It is extremely likely that the demand for a competent KYC solution will only increase.

Ease of onboarding as various Exchanges and ICOs participate in the traceto.io Network. Cynopsis Solution has an existing pipeline of 50+ crypto clients. End Users, who can use T2T to create KYC profiles, will be able to complete the KYC process of participating ICOs and Exchanges more efficiently.

Earn more T2T by becoming a Community Verifier. Staking T2T is required to become a Community Verifier, who can earn T2T by performing facilitating functions. Examples of such functions are conflict arbitration, Video OTP verification, and social profile checking amongst others.

Tokens can also be used to incentivize prospective clients and partners, and as a medium of exchange for existing participants of the traceto.io Network. T2T will also be used as a form of payment should components of the traceto.io Network be used by external networks.

Everytime T2T is spent to procure KYC services, a small percentage of the tokens are burned. The exact amount to be burned will be decided in Q3 2018. This potentially brings about an appreciation of value for the remaining tokens as the total number of T2T in circulation continually decreases. There will not be another token generation event.

Sources:1. 10 Predictions for the Next 5 Years of Crypto, Forbes, 20172. Crypto Market Regulation in 2018, DeCenter, 2017

ReferencesChampion de Crespigny A et al., Design Considerations for Decentralised Reputation Systems, A White Paper from the Rebooting the Web of Trust IV Design Workshop, 2017


20

T I M E L I N E A N D P A T H W A Y

Launch of ICO site

Testnet with APSCommunity system, UI/ UX in progress

traceto.io Network Launch

Video OTPPublic governance test

ICO Complete

Public System

Testnet with CAPSWeb and mobile apps complete

Full ZCAPS MainNetZero knowledge AML

screening complete

Q 1 2 0 1 8

Z

C

A

P

S

L E G E N D

– Zero Knowledge AML Screening

– Community System

– A.I. & Tx Monitoring

– Public Governance

– Storage System

Q 3 T E S T N E T - 1 2 0 1 8

Q 1 M A I N N E T - 1 2 0 1 9

Q 3 2 0 1 9

Q 2 2 0 1 8

Q 4 2 0 1 9

Q 4 T E S T N E T - 2 2 0 1 8

Q 2 2 0 1 9


21

F O U N D I N G T E A MA N D A D V I S O R S

T H E F O U N D I N G T E A M O U R A D V I S O R S

Chionh Chye Kit CEO & FounderCynopsis (Co-founder & MD)Kyber Network (Advisor)RegPac Revolution (Advisor)ICTA / SFA (Lecturer)Compliance, Regulatory & Audit – 20 Yrs

Prof. Ooi Beng Chin Technical AdvisorChair Professor, NUS SOC

Dias Lonappan CTO & Co-founderFintech/Blockchain CTO – 5 YrsKYC & Credit – 3 Yrs

Dr. Loi Luu Technical AdvisorCEO of Kyber

Ooi Gene Yan Chief Data Science Officer & Co-founderShentilium (Co-founder & Product Architect)Machine Learning SpecialistRegTech – 2 Yrs

Nizam Ismail Regulatory AdvisorPartner at RHT Law

Robin Lee Co-founderInzsure (CXO)GRC Tech (Board)Silicon Valley – 6 YrsWall St – 4 YrsCompliance / RegTech - 8 Yrs

Dan Poh Chief Marking Officer & Co-founderCynopsis (Sales Director)FintruX (Advisor)FidentiaX (Advisor)Compliance, Regulatory & FICC – 6 Yrs

Wong Lee Hong Business AdvisorExecutive Advisor to Kyber

21


Simon KimBusiness AdvisorCEO of Hashed

22

L E G A L

I M P O R T A N T N O T I C E S

R I S K F A C T O R S

T2T are not securities or units in a collective investment scheme or business trust, each as defined under Singapore’s Securities and Futures Act (Cap. 289) (“SFA”). Accordingly, the SFA does not apply to the offer and sale of T2T. For the avoidance of doubt, this initial offering of T2T need not be accompanied by any prospectus or profile statement and no prospectus or profile statement needs to be lodged with the Monetary Authority of Singapore (“MAS”).

This White Paper does not constitute an offer of, or an invitation to purchase, T2T in any jurisdiction in which such offer or sale would be unlawful. No regulatory authority in Singapore, including the MAS, has reviewed or approved or disapproved of T2T of this White Paper. This White Paper and any part hereof may not be distributed or otherwise disseminated in any jurisdiction where offering tokens in the manner set out this White Paper is regulated or prohibited.

The information in this White Paper is current only as of the date on the cover hereof. For any time after the cover date of this White Paper, the information, including information concerning TRACETO.IO PTE. LTD.’s (“Traceto”) business operations and financial condition may have changed. Neither the delivery of this White Paper nor any sale made in the related initial token offering shall, under any circumstances, constitute a representation that no such changes have occurred. Traceto does not make or purport to make, and hereby disclaims, any representation, warranty, undertaking, or other assurance in any form whatsoever to any person, including any representations, warranties, undertakings, or other assurances in relation to the truth, accuracy, or completeness of any part of the information in this White Paper.

Whether taken as a whole or read in part, this White Paper is not, and should not be regarded as, any form of legal, financial, tax, or other professional advice. You should seek independent professional advice before making your own decision as to whether or not to purchase any T2T. You are responsible for any and all evaluations, assessments, and decisions you make in relation to investing in T2T. You may request for additional information from Traceto in relation to this offer of T2T. Traceto may, but is not obliged to, disclose such information depending on whether (i) it is legal to do so and (ii) the requested information is reasonably necessary to verify the information contained in this White Paper.

T2T are intended for use on the traceto.io network (“traceto.io”) for purposes including redeeming ‘know-your-customer’ services, and Traceto warrants that T2T are fit for these purposes. However, Traceto is not responsible for compelling any person to accept T2T and disclaims, to the fullest extent permitted by law, all liability for any adverse consequences arising out of or in relation to such rejections of T2T.

Upon purchasing any T2T, you will be deemed to have reviewed this White Paper (and any information you may have requested

The regulation of tokens such as T2T is still in a very nascent stage of development in Singapore. A high degree of uncertainty as to how tokens and token-related activities are to be treated exists. The applicable legal and regulatory framework may change subsequent to the date of issuance of this White Paper. Such change may be very rapid and it is not possible to anticipate with any degree of certainty the nature of such regulatory evolution. Traceto does not in any way represent that the regulatory status of T2T will remain unaffected by any regulatory changes that arise at any point in time before, during, and after this offering.

None of Traceto or its affiliates is currently regulated or subject to the supervision of any regulatory body in Singapore. In particular, Traceto and its affiliates are not registered with MAS in Singapore as any type of regulated financial institution or financial advisor and are not subject to the standards imposed upon such persons under the Securities and Futures Act, Financial Advisors Act, and other related regulatory instruments. Such persons are required to comply with a variety of requirements and standards concerning disclosures, reporting, compliance, and conduct of their operations for purposes or maximising investor protections. Since Traceto is not subject to such

and obtained from Traceto) in full and to have agreed to the terms of this offering of T2T, including to the fact that this offering does not fall within the scope of any securities laws in Singapore and is not regulated by the MAS. You further acknowledge and agree that T2T are not securities and are not meant to generate any form of investment return. Persons considering investing in T2T are responsible for conducting their own due diligence on Traceto and T2T, and should ensure that they understand and are able to bear the risks of purchasing T2T.

traceto.io, T2T, and any related services provided by Traceto are provided on an “as is” and “as available” basis. Traceto does not grant any warranties or make any representation, express or implied or otherwise, as to the accessibility, quality, suitability, accuracy, adequacy, or completeness of traceto.io, T2T, or any related services provided by Traceto, and expressly disclaims any liability for errors, delays, or omissions in, or for any action taken in reliance on, traceto.io, T2T, and any related services Traceto may provide. No warranty, including the warranties of non-infringement of third party rights, title, merchantability, satisfactory quality, or fitness for a particular purpose, is given in conjunction with traceto.io, T2T, and any related services provided by Traceto.

Regulatory Risks

No Regulatory Supervision


23

L E G A L

No Fiduciary Duties Owed

Tax Risks

Risks from Third Parties

Risks in Purchasing T2Trequirements or standards, it will make decisions on those issues at its own discretion. While Traceto will have regard to best practices for these issues, holders of T2T will not necessarily enjoy the same extent and degree of investor protections as would be the case should they purchase products or services from regulated entities instead.

As Traceto is not a regulated financial institution, it does not owe holders of T2T any fiduciary duties. This means that Traceto has no legal obligation to always act in good faith in the best interests of holders of T2T. While Traceto will have regard to the interests of holders of T2T, it is also permitted to consider the interests of other key stakeholders and to prefer these interests over the interests of T2T holders. This may mean that Traceto is permitted to make decisions that conflict with, or are not necessarily in, the interests of T2T holders. Not owing any fiduciary duties to holders of T2T also means that holders of T2T may have limited rights of recourse against Traceto and its affiliates in the event of disputes.

The tax characterization of T2T is unclear. Accordingly, the tax treatment to which they will be subject is uncertain. All persons who wish to purchase T2T should seek independent tax advice prior to deciding whether to purchase any T2T. Traceto does not make any representation as to whether any tax consequences may arise from purchasing or holding T2T.

The tokenized nature of T2T means that they are a blockchain-based asset. The security, transferability, storage, and accessibility of blockchain assets depends on factors outside of Traceto’s control, such as the security, stability, and suitability of the underlying blockchain, mining disruptions, and who has access to the private key of any wallet where T2T are stored. Traceto does not represent or otherwise assure that it can prevent such external factors from having any direct or indirect adverse impact on any of T2T. Persons intending to purchase T2T should note that adverse events caused by such external factors may results in the loss of some or all T2T purchased. Such loss may be irreversible. Traceto is not responsible for taking steps to retrieve T2T lost in this manner.

Traceto cannot and does not guarantee or otherwise assure that there are no risks in relation to your purchase of T2T. The purchase of T2T may, depending on the manner in which the relevant purchase is effected, involve third parties or external platforms (e.g., wallets). The involvement of such parties or platforms may introduce risks that would not otherwise be present, such as misconduct or fraud by the third party, or your failure to receive T2T upon duly making payment because of a third-party wallet’s incompatibility with T2T. Traceto is not responsible for any risks arising due to the involvement of third parties, including the risk of not receiving (or subsequently losing) any or all T2T you attempt to (or successfully) purchase.


Date post:	01-Apr-2018
Category:	Documents
Upload:	phamminh
View:	213 times
Download:	1 times