DeFi regulation must not kill the values behind decentralization

Published at: Aug. 22, 2021

Cryptocurrency brought us peer-to-peer payments that continue to elevate participation in the global economy for millions of people without access to traditional banking services. The rise of decentralized finance (DeFi) promises to further expand access to financial services, including savings, lending, derivatives, asset management and insurance products.

This innovation, which empowers financial inclusion, should be allowed to flourish in a regulated environment where individuals and institutions are protected and suspicious activity is identified and reported. But how do you regulate these decentralized products without completely removing the core attributes of financial inclusion and decentralization?

Know Your Customer (KYC) procedures are a critical function to assess risk and a legal requirement to comply with Anti-Money Laundering (AML) laws that vary by jurisdiction. Most of these AML laws are instituted for good reasons: to deter criminals by making it harder for them to launder money obtained through illegal activities (e.g., human or drug trafficking, terrorism, etc.). AML regulations require financial institutions to know the true identity of their customers, monitor transactions and report on suspicious financial activity.

Why regulators see DeFi as a major problem

Given that decentralized applications (DApps) have no central, controlling entity, there is little clarity around who is responsible for ensuring DApps, including DeFi applications, adhere to existing laws and regulatory requirements. Let’s say a ransomware attacker uses a decentralized exchange (DEX) to launder their stolen funds. Who is responsible for reporting their transactions? Who goes to jail or pays the fine for a failure to report? The members of the decentralized autonomous organization (DAO) who govern the DApp? The developers who developed the code?

Though these questions remain mostly unanswered, global money-laundering watchdog the Financial Action Task Force (FATF) recently proposed guidelines making it clear that “The owner/operator(s) of the DApp likely fall under the definition of a VASP [virtual asset service provider] [...] even if other parties play a role in the service or portions of the process are automated. [...] The decentralization of any individual element of operations does not eliminate VASP coverage if the elements of any part of the VASP definition remain in place.”

This suggests that DApps (DEXs and other DeFi applications) will be responsible for complying with country-specific laws enforcing FATF, AML, and Counter-Terrorism Financing (CTF) standards.

Related: FATF draft guidance targets DeFi with compliance

The Bitcoin Mercantile Exchange (BitMEX) serves as an example: Though BitMEX is a centralized exchange, the enforcement actions taken against the platform’s founders by the Commodity Futures Trading Commission (CFTC) and the U.S. Department of Justice (DOJ) have implications for DeFi. The CFTC charged the operators with violating AML laws while the DOJ charged the founders with violating the Bank Secrecy Act (BSA). As a result, DeFi platforms offering financial products to United States residents would be required to register for appropriate operating licenses, with a failure to do so leading to potential enforcement action against identifiable founders/creators or operators.

Regulation vs. privacy: Are they really at odds?

Remember that regulations are currently aimed at businesses rather than individuals. So, your peer-to-peer transactions are not of great concern to regulators, unless you’ve laundered millions of dollars in cryptocurrencies and are funneling them through a crypto platform’s payment network. At that point, the exchange would be required to identify the transaction as suspicious and alert the regulatory body in their jurisdiction.

At this elevated phase of the investigation, if law enforcement requests certain personally identifiable information (PII) correlated with the transaction, the exchange is required to provide it. This is why centralized exchanges need users to complete KYC — so that they have this PII if it is requested. But, the vast majority of DEXs do not have fully compliant processes. Do DEXs need to dismantle the freedoms of our decentralized revolution to meet evolving compliance standards?

Related: Will regulation adapt to crypto or crypto to regulation? Experts answer

Putting users in control

By leveraging those selfsame values of user control and privacy that drew millions of people to crypto in the first place, we can empower users with the ability to selectively share PII when required and offer DApps a built-in identity layer that will help them achieve compliance goals. Though compliance is certainly more complicated in a decentralized environment, the effective use of digital identity to enable permissioned access to DApps is how we ensure the long-term viability of the greater crypto economy and financial inclusion for millions.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Christopher Harding is the chief compliance officer of Civic. After spending a decade with leading accounting firm KPMG in various risk management roles worldwide, he joined digital banking firm Lending Club where he developed, formalized and implemented new risk governance structures and risk management processes.
Tags
Aml
Kyc
Related Posts
The new episode of crypto regulation: The Empire Strikes Back
The latest news has left the decentralized finance community in a collective fetal position. Responding to the threat of increased regulatory oversight, leading decentralized exchange Uniswap recently restricted the trading of certain tokens. Earlier in July, Dan M. Berkovitz, chairman of the Commodity Futures Trading Commission (CFTC), said that DeFi derivatives platforms might contravene the Commodity Exchange Act (CEA): “Not only do I think that unlicensed DeFi markets for derivative instruments are a bad idea, but I also do not see how they are legal under the CEA.” Most worrisome of all is the initial version of the United States …
Technology / Aug. 27, 2021
From NFTs to CBDCs, crypto must tackle compliance before regulators do
Each year that we get a little further away from Satoshi Nakomoto’s whitepaper, crypto becomes more popular than ever, breaking more barriers — not just in sheer enthusiasm, but in mainstream acceptance. From nonfungible tokens (NFTs) to the Metaverse, 2021 was the year of crypto, even following a decade where just about every other year could make the same claim. Despite that peak enthusiasm and excitement though, we shouldn’t be blind to the fact that there are still fundamental issues that must be solved before crypto truly becomes the dominant “coin of the realm” across the globe, along with the …
Technology / Dec. 11, 2021
Outwitting crypto criminals: Why exchanges have to go the extra mile
Crypto criminals are getting more adaptive and smarter than ever before. But how can industry service providers keep up with them? If I say that the crypto industry is highly targeted by cybercriminals and, in particular, organized criminals, I’m sure that no one who has spent a few months within the space would be surprised. And for a valid reason. Due to the new technology and the nascent nature of the sector, criminals and fraudsters have long identified the excellent opportunity that crypto offers to profit via illicit methods. Indeed, any “new” approach to the financial sector is welcomed by …
Technology / Aug. 15, 2021
South Korea’s crypto regulation is now expanding to foreign businesses
Due to their anonymity or pseudonymity, digital assets are perceived as entailing the risks of money laundering and financing terrorism. In October 2018, the Financial Action Task Force (FATF) adopted changes to its recommendations on financial activities involving digital assets, adding the definitions “virtual asset” (VA) and “virtual asset service provider” (VASP). Since then, the FATF has adopted a risk-based approach to VA activities or operations and VASPs. This new approach includes the supervision of VASPs to ensure compliance in the areas of licensing and registration and preventive measures such as customer due diligence, transaction reporting and record-keeping. It also …
Regulation / Aug. 13, 2021
Is there a right way to regulate crypto? Yes, and this is how
Cryptocurrency is becoming increasingly mainstream. Between the entrance en masse of traditional financial institutions — from investment funds, to banks, to insurance companies — to the multitrillion-dollar market capitalization, crypto is truly unignorable. As such, it is also increasingly on the radar of regulators around the world, particularly in the United States. How can this industry balance stability and investor protection on the one hand with the promotion and support of innovation on the other? There are three paths to regulating crypto. The first is to not regulate it as much, but given the incredible growth and increasing overlap with …
Technology / June 12, 2021