Rayissa Armata, Head of Regulatory Affairs, IDnow
Disclaimer: This article is a perspective on digital finance and AML. We do not claim any authoritative position, but we merely address this subject in relation to AML / KYC and reflecting the time in which this is written.
This article is an additional perspective in line with IDnow’s series of discussions about regulated versus unregulated features in the crypto / blockchain / digital currency world. We are well into a time where regulation, taxation, and best practices have yet to catch up to the lightning speed of development and technology, but as always, they will. Decentralized Finance (DeFi) applications make up a bit more than 1% of total crypto activity, but its proportion of crypto fraud far outstrips its small activity level.[1] Herein, is a discussion of this innovative and quickly developing industry and what it means for AML / KYC professionals.
Over this last year, much mainstream attention has been given to the incredible growth of DeFi applications, or what used to be called “Open Banking.” Based upon the principles of blockchain, the decentralized technology strategy, where data storage, processing, and transactions are carried out in a number of locations without a central hub, DeFi applications on these networks grew rapidly in 2020. So far in 2021, the process has only accelerated. This technology strategy is the same as the one that is behind the digital currencies such as Bitcoin and Ethereum, to name just two.
One governing principle of these blockchain strategies is to remove intermediaries and conduct financial relations directly without a centralized point (or reasonably so). Digital currencies reside outside of the day-to-day control of national treasuries and central banks, so we are experiencing an interesting democratization of our collective finances via this technology. Tesla’s recent investment in Bitcoin and its decision to accept the digital currency as payment for its vehicles, for example, is only the tip of the iceberg for what is ahead. The move puts a sharper focus on the behavior and conduct of these digital currency platforms on the part of both adopters and regulators.
To put the DeFi market size into perspective, on 15 March 2020, the DeFi market stood at USD $530 million. Today, in February 2021, it is now USD $41 billion – of which, USD $25 billion has been added since January 1.[2] Since DeFi apps are digital, the human element is virtually non-existent, confounding traditional AML standards. The DeFi sector and regulators have not yet come up with solutions that address AML requirements or compliance updates. Many DeFi proponents are in favor of security and compliance to be handled by “design” and this has led to greater inconsistency between regulation and responsibility. The status quo leaves room for risk.
Financial crime respects no borders, and a weakness in one area of the single market opens up the entire market to abuse. This can also be said is a risk for the DeFi platform. We have witnessed relentless growth in fraudulent activity and increasing sophistication around regulated financial markets. It is estimated that in 2020 globally, banks spent nearly EUR €1.2 billion (USD $1.48 billion) on AML and compliance activities. This number will only continue to grow as digitization continues to scale across new and traditional markets. Finding the medium between a sounder framework ensuring a secure and reliable entry point for novice and expert users of the DeFi platform and at the same time preserving its reputation and promise of the blockchain phenomenon is manageable. Likely, it is inevitable.
DeFi applications are different than cryptocurrencies, in so far, as they are the financial services conducted on digital currency networks. Where digital currencies are assets traded and stored, these DeFi financial services are the familiar trading and lending practices, but they are incredibly configurable, fully digital, and currently free from permission requirements inside the networks.[3] As such, yields from DeFi products can be readily formulated and attach to an innumerable set of circumstances. Such variables include probability / predictive markets, bets, items with external value (commodities, currencies, etc.). They can be quickly and deeply researched for information that can give quick thinkers great advantage.
The lack of permission into a crypto system, however, is incredibly important to AML matters as it weakens the ability of a market to track the actual user as there is essentially no door monitor. This is the area where money launderers enter platforms and circulate in an under-monitored environment.
AML Responsibility for DeFi Developers: To Whom Much is Given – Much is Expected
How governments ultimately react and regulate this sector will be heavily dependent on the level of responsibility and accessibility blockchain players exhibit on their platforms. In the case of DeFi applications, responsibility is a key word, and news about fraud in the market segment has been less than ideal. To adapt the old adage, to whom much is given, much is expected. The adage applies here as DeFi applications are given much money and responsibility, and they are expected to behave like mature financial platforms where integrity is emphasized.
However one describes or discusses these applications, increased velocity of money raises a major cautionary flag for AML experts. In a market segment that has grown nearly USD $40.5 billion in less than a year with a permissionless environment, this is a recipe for trouble. Fraudsters and money launderers are active in this area, as is evidenced with Singapore’s USD $200 million KuCoin hack among others. [4] It would appear AML vigilance ought to be increased. In a traditional financial setting, this would be handled with clear parameters via a regulator and compliance departments. However, this wild time of assembling apps and ideas as fast as they can be deployed, AML regulations often do not find their way to the forefront of development, or in the case of “free internet” advocates, at all.
This is a cultural element in the DeFi developer space that many say ought to be addressed. If current fraud schemes continue to grow, then “addressed” will be a soft word when regulators begin corrective action.
Overview for AML / KYC Professionals
It is clear there are regulatory blind spots. The DeFi space has grown faster than regulation can apply, but the digital element makes application of other regulations more tenuous. First, crypto tokens upon which DeFi apps operate are not necessarily considered assets or platforms.[5] Secondly, the FATF’s Travel Rule does not apply so easily because they are not central exchanges, custodians, or enable transfer of virtual assets due to decentralization.[6] As such, from a regulation view, there is not much that can be done after users are inside the digital currency networks. This will continue to be a self-policing effort by responsible players inside this blockchain environment for the time being. The sophistication of this effort will grow as do nearly all things in this environment.
That said, with greater attention to the shortcomings of the DeFi market, it is clear that this gap will not last forever. The role of the AML / KYC professional will ultimately expand into this interesting area as it grows and matures. As the Travel Rule was expanded to address crypto exchanges in 2019, it seems reasonable that this or similar regulations will be adapted or further expanded to ensure AML compliance in the DeFi markets in the near term.
