Cryptocurrency has brought us peer-to-peer payments that further increase participation in the global economy for millions of people without access to traditional banking services. The rise of decentralized finance (DeFi) promises to further expand access to financial services, including savings, credit, derivatives, wealth management and insurance products.
This financial inclusion innovation should be allowed to thrive in a regulated environment where individuals and institutions are protected and suspicious activity is identified and reported. But how do you regulate these decentralized products without completely removing the core attributes of financial inclusion and decentralization?
Know Your Customer (KYC) procedures are a critical risk assessment function and a legal obligation to comply with anti-money laundering (AML) laws, which vary by jurisdiction. Most of these AML laws are put in place for good reasons: to deter criminals by making it harder for them to launder money obtained through illegal activities (e.g. human or drug trafficking, terrorism, etc.). AML regulations require financial institutions to know the true identity of their customers, monitor transactions, and report suspicious financial activity.
Why regulators see DeFi as a big problem
Since decentralized applications (DApps) do not have a central, controlling unit, there is little clarity about who is responsible for ensuring that DApps, including DeFi applications, comply with existing laws and regulatory requirements. Let’s say a ransomware attacker uses a decentralized exchange (DEX) to launder their stolen funds. Who is responsible for reporting your transactions? Who goes to jail or pays the fine for failing to report? The members of the decentralized autonomous organization (DAO) who run the DApp? The developers who made the code?
While these questions remain largely unanswered, the global money laundering regulator, the Financial Action Task Force (FATF), recently proposed guidelines clarifying that “the owners / operators of the DApp are likely to fall under the definition of a VASP”. [virtual asset service provider] […] even if other parties play a role in the service or parts of the process are automated. […] The decentralization of each operational element does not remove the VASP coverage if the elements of part of the VASP definition remain. “
This suggests that DApps (DEXs and other DeFi applications) are responsible for complying with country-specific laws enforcing FATF, AML, and Terrorist Financing (CTF) standards.
Related: The FATF draft guide aims to achieve DeFi compliance
Take the Bitcoin Mercantile Exchange (BitMEX) as an example: although BitMEX is a centralized exchange, the enforcement actions taken by the Commodity Futures Trading Commission (CFTC) and the US Department of Justice (DOJ) against the platform’s founders have an impact on DeFi. The CFTC accused the operators of violating AML laws, while the DOJ accused the founders of violating the Banking Secrecy Act (BSA). As a result, DeFi platforms that offer financial products to US citizens would have to register for appropriate operating licenses, which would lead to possible enforcement measures against identifiable founders / inventors or operators.
Regulation vs. Privacy: Are They Really Divided?
Remember, the regulations are currently aimed more at businesses than individuals. So your peer-to-peer transactions are not of much concern to regulators unless you’ve laundered millions of dollars in cryptocurrencies and routed them through the payment network of a crypto platform. At that point, the exchange would have to identify the transaction as suspicious and alert the regulator in their jurisdiction.
If law enforcement requires certain personally identifiable information (PII) related to the transaction during this elevated phase of the investigation, the exchange must provide it. This is why centralized exchanges require users to complete KYC – so that they have that PII when requested. However, the vast majority of DEXs do not have fully compliant processes. Do DEXs need to dismantle the freedoms of our decentralized revolution in order to meet evolving compliance standards?
Related: Will regulation on crypto or crypto adapt to regulation? Experts answer
Put the users in control
By leveraging the same values of user control and privacy that led millions of people to crypto in the first place, we can empower users to selectively share PII when needed and offer DApps an integrated layer of identity to help them achieve compliance goals. While compliance is certainly more complicated in a decentralized environment, by effectively leveraging digital identity to enable authorized access to DApps, we are ensuring the long-term viability of the larger crypto economy and financial inclusion for millions.
The views, thoughts, and opinions expressed herein are those of the author alone and do not necessarily reflect the views and opinions of Cointelegraph.
Christopher Harding is the Chief Compliance Officer of Civic. After spending a decade at the leading auditing firm KPMG in various risk management functions worldwide, he moved to the digital banking company Lending Club, where he developed, formalized and implemented new risk governance structures and risk management processes.