When you open an account with a bank or a brokerage firm, you’re required to provide that company with some documentation to verify that you are who you say you are: your name and contact details, your SSN or TIN, your driver’s license, a utility bill. That process is part of the Know Your Customer (KYC) framework, and it helps the bank not only pinpoint who you are, but also monitor your activity and continuously assess the risks associated with your account.
All US-based financial institutions have been required to report suspicious activity for decades, and the Patriot Act expanded those requirements in 2001 to help fight money laundering (AML) and the funding of terrorist organizations (CFT). Of course, cryptos weren’t a factor in the AML/CFT equation back then, but they’re certainly on the radar now: according to Chainanalysis, $9 billion worth of crypto was laundered in 2021.
So, how is KYC adoption going for crypto companies?
A mixed state of affairs
In late 2019, FinCEN, the SEC and the CFTC issued a joint statement to corral companies involved with digital assets into existing financial services categories (like money business services, broker-dealers and future commission merchants), and therefore subject them to the same AML/CFT obligations as their non-crypto counterparts, under the same Bank Secrecy Act. KYC is an integral part of those obligations.
The crypto ethos isn’t exactly aligned with government regulation. Many early players and investors got into the business to build—actually, buidl—a parallel system outside of the confines of traditional finance and bureaucratic oversight. Many perceive regulations as protective of the status quo, and compliance an unnecessary burden in an industry where competition is fierce and companies need to be nimble to succeed. After all, the whole point of the blockchain is to decentralize authority.
But contrary to popular belief, transactions recorded on the blockchain aren’t anonymous. All transactions can be traced. Mixers and tumblers have been used to frustrate AML enforcement, but that hasn’t stopped the DOJ and its partners from tracking down criminal activity (the $300 million Helix crackdown is a good example).
Regardless, imposing KYC to the crypto community has been an uphill battle. When crypto exchange ShapeShift launched a loyalty program in 2018 and announced that it would make that program mandatory to comply with upcoming KYC obligations, 95% of its users ran off. The company later switched to a DeFi model to evade KYC. But how long are decentralized exchanges going to remain sheltered from regulatory oversight?
Can DeFi be regulated?
The aptly named DeFi sector has so far defied the gravitational pull of standard federal regulations in the US. There’s indeed a ‘Wild West’ spirit fueling DeFi developments at the moment, to echo Massachusetts Senator Elizabeth Warren, and more recently SEC Chair Gary Gensler. While there are 5 million DeFi wallets in existence, and nearly $200 billion in total value locked, many Web3 companies continue to project a ‘stick it to the man’ attitude in their public relations and marketing communications.
But there’s growing momentum for DeFi to move beyond its current unregulated ‘buyer beware’ approach. As the SEC pointed out in a recent statement: “While DeFi has produced impressive alternative methods of composing, recording and processing transactions, it has not rewritten all of economics or human nature. When the potential financial rewards are great enough, some individuals will victimize others and the likelihood of this occurring tends to increase as the likelihood of getting caught and the severity of potential sanctions decrease.”
In March this year, the White House issued an Executive Order asking federal agencies to coordinate their regulatory efforts across all types of digital assets, and DeFi is most certainly going to be swept up in the review process alongside other virtual asset service providers (VASP)—especially considering the recent Luna and TerraUSD debacle. We’re headed for fuzzy times in crypto regulations , as these government agencies work out how best to implement new controls without stifling market innovation.
Where does KYC go from here?
VASPs are already bound to comply with KYC requirements, so it’s not a big stretch to imagine that DeFi companies (those that can clearly be classified as VASPs) will be compelled to follow suit.
That means not just collecting KYC data, but screening it against sanctions lists and blacklisted IP (and VPN) addresses, monitoring who is at the other end of every transaction, intercepting Travel Rule violations and having the right protocols in place to report suspicious activity to the proper authorities.
Those are stringent requirements, and they’re not cheap. In the fiat financial system, the cost of KYC and AML compliance programs exceeds the amount of seized criminal assets 100-to-1. The cynical view is that AML departments spend more energy complying with AML requirements than actually stopping money laundering, and crypto companies should resist getting weighed down by such obligations. But the hopeful view is that KYC can improve consumer trust, and that crypto-based innovations can actually be unleashed to streamline AML operations not just for crypto businesses, but for traditional financial services too.
As the love-hate relationship between crypto and traditional finance continues to evolve, it’s vital for every player to stay informed on all the latest proposals and deliberations, at the federal, state and local level. We can help you stay ahead of the game with the Fyllo Regulatory Database for cryptocurrency.