The last few years have witnessed a profound evolution in the way blockchain technology is used by people – and treated by authorities.
Since global regulatory authority the Financial Action Task Force (FATF) updated its guidance in June 2019 to treat Virtual Asset Service Providers (VASPs) in the same way as traditional Financial Institutions (FIs), national regulators around the world have been adapting their law codes to reflect the changes.
This means that in many jurisdictions, crypto companies – such as exchanges and wallet custodians – are now subject to the same rules as conventional FIs when it comes to Anti-Money Laundering (AML), Counter Terrorist Financing (CTF) and Know Your Customer (KYC) protocols and requirements.
But what does this mean for platforms and entities that work with crypto, but don’t necessarily fall into the category of an exchange, custodian or transmitter – such as is the case with many decentralized finance (DeFi) platforms?
Well, following the FATF’s release of its updated draft guidance last month, we’re starting to gain a clearer picture – and it looks very likely that greater regulation of the space is imminent.
Because of these changes, KYC verification technology is set to play a major role in allowing DeFi platforms to adapt to the evolving regulatory environment.
Below, we outline some of the key reasons for implementing KYC technology on a DeFi platform, before outlining the broader discussion surrounding the issues of DeFi regulation, KYC and compliance.
DeFi and KYC
Given that DeFi apps and software are facing imminent regulation as VASPs, choosing to implement KYC on a DeFi app depends on how seriously a DeFi provider takes compliance.
For any company that wants to remain on the good side of the law, and to attract institutional or corporate customers, compliance with emerging regulations will be critical.
Luckily, there are several reasons why this is not necessarily a problem, or something that needs to detract from DeFi’s inherent value as a decentralized approach to conducting and receiving financial services.
These are:
- Instead of discouraging potential customers, having a robust and seamless KYC process in place as part of an AML/CTF protocol has been shown to actually attract both private and institutional customers. Demonstrating that KYC and AML/CTF is taken seriously can be used to expand customer bases.
- KYC does not necessarily have to translate to centralization. A DeFi platform or app can facilitate decentralized financial transactions, while safeguarding access to the platform to users whose identity has been verified.
- With innovative KYC technology such as KYC-Chain, personal identifier data does not need to be transferred to and/or stored by a DeFi platform, app or VASP. KYC-Chain can conduct end-to-end KYC checks on potential customers without that customer data ever having to actually enter a DeFi provider’s own database.
The question is, can implementing KYC on a DeFi platform happen while preserving the autonomy that makes DeFi so attractive in the first place?
DeFi: Threats, Opportunities and Sustainability
As DeFi platforms and applications continue to gain in popularity and expand their potential use cases, the FATF has demonstrated a clear determination to not allow the space to fall beyond the regulatory control of authorities.
In the FATF’s view – which is both a reflection and influence of national governments’ own approaches to regulation – DeFi presents another potent tool for money laundering and other illicit financial activity.
The recent sanctioning of crypto exchange BitMEX by the US Commodities and Futures Trading Commission (CFTC) clearly indicates that regulators are not going to sit back and allow exchanges and other DeFi platforms to operate without KYC.
The threat of DeFi being used for criminal activity is real. And as DeFi rises in popularity, it is becoming clear that the space will not be able to reach commercial and legal sustainability without the use of robust KYC and AML/CTF protocols.
As such, the FATF view is that DeFi needs to be regulated and subject to the same AML/CTF regimes as other sectors of the financial industry. KYC is one of the major tools that the global authority wants to use to realize this goal.
However, the ‘De’ in DeFi – that is, its decentralized nature, has created some complex challenges to how that is going to work in practice.
Indeed, the decentralized characteristics of DeFi are a big part of what’s made it such a powerful technological tool for individuals and companies to manage and use their finances in the first place.
Put simply: if no-one is ‘in charge’, who do you regulate?
DeFi: Decentralized Compliance?
One of the cornerstones of DeFi is the concept of democratization.
Pioneers in the DeFi space have been driven by a desire to provide financial services and capabilities to individuals in an ecosystem that is independent of the traditional financial industry and other centralized authorities.
Another component of this approach has been a focus on anonymity, and the ability for DeFi users to stake, trade and perform many other crypto-based functions independently of a centralized entity that knows who they are.
The problem is that the FATF – and the regulatory regimes it informs – consider anonymous financial transactions and activities to be particularly dangerous and open to exploitation by criminals.
As such, the FATF has made it clear in its updated draft guidance released in March 2021 that it is almost certainly going to begin treating DeFi apps and platforms as VASPs.
The question is: how is it going to actually try and achieve that?
The global regulator has taken a characteristically nuanced approach to the challenge: it does not consider underlying technology or software as VASPs per se, but will instead seek to treat owners and/or users of a DeFi app, exchange or service as VASPs.
This means that if the FATF’s draft guidance is formally updated to include this expanded definition of a VASP (which is the most likely outcome), owners of DeFi platforms and apps will need to institute KYC processes for users that operate on their networks – or face the threat of regulatory sanctions.
This in itself may create a whole host of technical and potentially ideological challenges for DeFi innovators and project owners.
One prominent crypto analyst has predicted that it may very well result in a split of the DeFi space into two ecosystems: one that’s regulated and transparent, and another that’s unregulated and more anonymous.
The question for creators, owners and users of DeFi platforms and apps is therefore not whether KYC is needed for DeFi, but how important being compliant to regulations is.
The Road to Compliance
For DeFi projects whose owners and users want to continue operating in jurisdictions that have a track record of diligently enforcing FATF guidance, opting to implement KYC processes that can safeguard the data privacy of users will probably be the most reasonable – if not the only – option.
Ultimately, many DeFi platforms, apps and projects seeking to remain active and engaged with the broader global financial ecosystem will need to ensure they are instituting KYC in order to be compliant with evolving regulations.
And while the FATF has not yet formally adopted this new draft guidance, DeFi owners might be well-advised to proactively take steps towards instituting KYC, in order to be best positioned for when it does happen.
By using KYC technology such as KYC-Chain, they can do so while preserving the fundamental characteristics of decentralization that make DeFi so attractive, and focus on continuing to innovate the space.
Are you looking for a KYC provider for your DeFi project? Get in touch and we’ll be happy to discuss how we can make it happen.