Regulatory Compliance in a Decentralized World


05 Aug
05Aug

It’s not something many people are aware of, but regulatory compliance can be expensive in terms of both time and money. Banks and other financial institutions, with their vast resources, expend a great deal of effort to maintain compliance with regulatory frameworks.

Once you realize that, it becomes clearer why ensuring compliance for a global distributed solution, such as a distributed ledger, is almost impossibly difficult. Not only do the current crop of anonymous cryptocurrencies face the normal regulatory difficulties that any new technology has, they have to then try to comply with the financial regulations of every country where a user exists.

So how can a virtual currency that fundamentally enables decentralized commerce hope to meet all of its requirements?

The complexities of regulatory compliance

We tend to think of regulatory compliance falling into two broad areas. These are AML/CTF compliance (Anti-Money Laundering/Counter Terrorism Financing) and general compliance.

The former is one where all but a few countries abide by a global effort to standardize on a regulatory framework to stop Money Laundering and the Funding of Terrorism. The latter is specific to each jurisdiction and is most often intended as a consumer protection measure.

AML/CTF legislation is invariably derived from the Financial Action Task Force (FATF), which is a Paris based intergovernmental organization founded in 1989 to develop policies to combat money laundering. In 2001 its mandate expanded to include terrorism financing.

FATF doesn’t recommend a one-size-fits-all approach, but expects each country to determine its own risks and legislate accordingly. While it is easy for countries to legislate for some specific rules — for example, to report all transactions over US $10,000 — an additional focus on risk is passed down to the providers of financial services, where individual financial service providers are expected to analyze the specific risk for their services. The AML/CTF risks in the provision of gold bullion will be very different to those for cross border remittances, for instance.

General regulatory compliance

Unlike AML/CTF and its goals of global consensus, general regulatory compliance is very specific to individual countries and serves as a fundamental part of a country’s regulatory framework for their financial system. The primary intent of these specific compliance frameworks are to give consumers protection, both by offering specific protection measures and more generally by ensuring the viability of the country’s financial system.

So you can see that the goal of full compliance is very difficult. This is why it’s not surprising that the current regulatory approach to anonymous coins and tokens has been so flawed.

Crime hidden by a single transaction

The first initiative was to try and regulate the exchanges, and therefore monitor the “on and off-ramps” for people using anonymous cryptocurrencies. This gives a false impression that cryptocurrencies can be regulated in this way. In truth they can’t be and never will, for several reasons.

The most obvious is that a person who is identified at an exchange can easily transfer funds to an anonymous wallet and is then free to trade or send funds unhindered. In other words, they’re a single transaction away from being invisible to regulators. Other variants of this include the use of the tokens (e.g. ERC-20 ICO Tokens) that sit atop anonymous chains and may be identified, but still allow free trading both in and out of the underlying anonymous currency. In this way, ICOs have provided a veneer of regulatory acceptance but owners of ICO tokens have been able to take a substantial profit and quickly send their funds back into the anonymous world, thus escaping regulatory oversight.

The first target of FATF, namely money laundering, can still be accomplished in this scenario. A launderer just has to send illicitly gained funds to an unregulated exchange (usually in a non-regulated jurisdiction). They can then move those funds to a regulated exchange and, after having their identity verified, they can claim those earnings. This process is unhindered by a regulator who is unable to find the provenance of the funds, and can only perform superficial checking. If asked for an explanation, those laundering illicit proceeds can claim that the proceeds came from ICO investments, when in fact the ICO itself might have been created solely to wash funds.

Because of the open nature of anonymous chains, anyone can run a node and quickly offer various applications and services (the most common being the provision of wallets). While this opens the door to outright fraud or theft (a good subject for a later article), the resulting ability of any user to instantly create a wallet and start transacting, while remaining anonymous, prevents efforts to identify participants for regulatory compliance purposes. So it’s quite easy for hackers to pop-up across the network and facilitate the transfer of illicitly gained funds or the movement of stolen funds.

The paradox of anonymity

The second problem revolves around the difficulty in securely and confidentially providing compliance data in an environment in which confidentiality is considered a core requirement. It’s such a problem it’s actually a paradox.

In order to successfully regulate this environment, you’d be required to prevent transfers between identified tokens and anonymous coins. Wallet holders would need to be identified. The infrastructure behind transaction confidentiality would need to be decentralised and not corruptible by the regulator. And yet the infrastructure should provide regulators relevant information in a way that doesn’t give them direct access to the chain. The problem there is that the capture of KYC data about users has the potential to centralize administration and highlight a point of legal liability.

Where you would want to start here is by providing identified use coupled with confidential compliance (full compliance while keeping identity hidden from all other than the regulator). But that presents its own paradox — there are so many points of centralization, so many areas requiring significant trust, and so many exposures to legal liability that the provision of such a network seems impossible. Yet without it, all existing cryptocurrencies will ultimately never achieve their full potential.

That’s why we need a newly designed ledger that supports confidential identified use and in particular confidential-compliance for both the user and the regulator. But if it’s going to overcome all the hurdles, it’s going to have to be something we’ve never seen before.


Comments
* The email will not be published on the website.