The global crypto regulatory landscape has evolved rapidly over the past few years, and the rapid pace of regulatory rulemaking is unlikely to slow down anytime soon. Lawmakers are increasingly shifting their focus from centralized cryptocurrency exchanges to decentralized finance (DeFi) protocols and applications (dApps).
The adoption of MICA legislation in the EU is putting pressure on DeFI companies to start KYCing their users, as only “truly decentralized” projects are exempt from MICA, whereas in reality most DeFi applications ultimately have an organization or individual controlling them. Additionally, the EU commission has a target date of EOY 2024 to produce its full report on risks and recommendations for DeFI. In the US, the SEC has initiated an enforcement action against Uniswap, the world’s largest DEX.
You’re reading Crypto Long & Short, our weekly newsletter with insights, news and analysis for professional traders. Sign up here to get it in your inbox every Wednesday.
As the number of DeFi participants increases (as shown in the chart below), regulators are focusing more on the DeFi space. While the exact nature of future legislation remains unclear, it is safe to assume that the core principles of Anti-Money Laundering (AML) and Know Your Customer (KYC) will apply to DeFi.
Regulated institutions typically follow a standardized KYC framework to meet their regulatory requirements:
Identification of the customer by documentary or non-documentary means (Customer Identification Program/CIP).
Assess client risk by scanning for factors such as sanctions, Politically Exposed Persons (PEP), negative media listings, client profession, expected activity, etc.
Ongoing monitoring for subsequent inclusion on AML watchlists, negative media lists, increases in activity, etc.
Currently, all three steps of the KYC process are repeated at every institution where an individual holds an account. This requires individuals to submit the same documents and information multiple times. Since opening a new bank account is not a frequent activity, the inconvenience of repeated KYC is usually not acutely felt by customers. However, in DeFi, one may interact with ten or 15 protocols per day. Requiring individuals to complete KYC multiple times leads to frustration and turns DeFi into a digital version of the traditional financial system.
There is an alternative: Portable KYC.
DApps now have a unique opportunity to implement this, both in the current largely unregulated environment and in the future when DeFi-specific AML/KYC regulations come into effect. In an unregulated environment, public blockchain technology allows users to submit ID documents, have their names scanned against AML watchlists, have their on-chain activity scanned for AML risk, and store proof of every check in their wallets. Users can then interact with permissioned dApps whose smart contracts can filter out those that fail KYC checks.
The story continues
This method is advantageous for individuals who do not have to endure the friction of repeatedly sending documents. It also offers significant benefits for dApps, eliminating the risk of violating sanctions and anti-money laundering rules, saving on compliance staff and systems, and providing resistance to sybil attacks.
DApps subject to AML/KYC regulations can use portable KYC to meet some aspects of their regulatory obligations, similar to unregulated dApps. However, regulated dApps will need full access to their customers’ underlying documents to make participation decisions. While customer documents cannot be stored on a public blockchain, regulated entities are allowed to engage service providers to help them meet their AML/KYC obligations. Therefore, portable KYC service providers can store and transmit customer documents to the organization, allowing the user to decide whether or not they want to participate.
The impending shift towards regulated DeFi protocols highlights the need for innovative compliance solutions. Portable KYC offers a practical approach to balancing user convenience and regulatory demands, enabling dApps to reduce compliance costs and mitigate risks. By preparing now, DeFi organizations can ensure a smooth transition to a more regulated future, fostering trust and resilience within the ecosystem.
Note: The opinions expressed in this column are those of the author and do not reflect the opinions of CoinDesk, Inc. or its owners and affiliates.