Cryptocurrency has brought us peer-to-peer payments that further increase participation in the global economy for millions of people without access to traditional banking services. The rise of decentralized finance (DeFi) promises to further expand access to financial services, including savings, credit, derivatives, wealth management and insurance products.
This financial inclusion innovation should be allowed to thrive in a regulated environment where individuals and institutions are protected and suspicious activity is identified and reported. But how do you regulate these decentralized products without completely removing the core attributes of financial inclusion and decentralization?
Know Your Customer (KYC) procedures are a critical function to assess risks and comply with a legal obligation to comply with anti-money laundering (AML) laws, which vary by legal system. Most of these AML laws are put in place for good reasons: to deter criminals by making it harder for them to launder money obtained through illegal activities (e.g. human or drug trafficking, terrorism, etc.). AML regulations require financial institutions to know the true identity of their customers, monitor transactions, and report suspicious financial activity.
Why regulators see DeFi as a big problem
Since decentralized applications (DApps) do not have a central, controlling authority, there is little clarity about who is responsible for ensuring that DApps, including DeFi applications, comply with existing laws and regulatory requirements. Let’s say a ransomware attacker uses a decentralized exchange (DEX) to launder their stolen funds. Who is responsible for reporting your transactions? Who goes to jail or pays the fine for failing to report? The members of the decentralized autonomous organization (DAO) who run the DApp? The developers who made the code?
Although these questions remain largely unanswered, the Financial Action Task Force (FATF) has recently proposed guidelines clarifying that “the owner / operators of the DApp are likely to fall under the definition of a VASP”. [virtual asset service provider] […] even if other parties play a role in the service or parts of the process are automated. […] The decentralization of each operational element does not remove the VASP coverage if the elements of part of the VASP definition remain. “
This suggests that DApps (DEXs and other DeFi applications) are responsible for complying with country-specific laws enforcing FATF, AML, and Terrorist Financing (CTF) standards.
Related: The FATF draft guide aims to achieve DeFi compliance
Take the Bitcoin Mercantile Exchange (BitMEX) as an example: Although BitMEX is a centralized exchange, the commodity futures trading commission (CFTC) and the U.S. Department of Justice (DOJ) took enforcement action against the platform’s founders impacting DeFi. The CFTC accused the operators of violating AML laws, while the DOJ accused the founders of violating the Banking Secrecy Act (BSA). As a result, DeFi platforms that offer financial products to residents of the United States would have to register for appropriate operating licenses, which would lead to possible enforcement actions against identifiable founders / creators or operators.
Regulation vs. Privacy: Are They Really Divided?
Keep in mind that the regulations are currently aimed more at businesses than individuals. So your peer-to-peer transactions are not a big problem for regulators unless you’ve laundered millions of dollars in cryptocurrencies and routed them through a crypto platform’s payment network. At that point, the exchange would need to identify the transaction as suspicious and alert the regulator in their jurisdiction.
If law enforcement agencies request certain personally identifiable information (PII) correlated with the transaction during this elevated phase of the investigation, the exchange must provide it. This is why centralized exchanges require users to complete KYC – so that they have that PII when requested. However, the vast majority of DEXs do not have fully compliant processes. Do DEXs need to dismantle the freedoms of our decentralized revolution in order to meet evolving compliance standards?
Related: Will regulation on crypto or crypto adapt to regulation? Experts answer
Put the users in control
By leveraging the same values of user control and privacy that led millions of people to crypto in the first place, we can empower users to selectively share PII when needed and offer DApps an integrated layer of identity to help them achieve compliance goals. While compliance is certainly more complicated in a decentralized environment, by effectively leveraging digital identity to enable authorized access to DApps, we are ensuring the long-term viability of the larger crypto economy and financial inclusion for millions.
The views, thoughts, and opinions expressed herein are those of the author alone and do not necessarily reflect the views and opinions of Cointelegraph.
Christopher Harding is the Chief Compliance Officer of Civic. After spending a decade at the leading auditing firm KPMG in various risk management functions worldwide, he moved to the digital banking company Lending Club, where he developed, formalized and implemented new risk governance structures and risk management processes.