Getting Ready for DeFi Regulation: The Role of Portable KYC

Author: Thomas Gentle Source: coindesk Translation: Shan Ouba, Golden Finance

The global cryptocurrency regulatory landscape has evolved rapidly over the past few years, and the rapid pace of regulatory rulemaking is unlikely to slow down in the short term. Legislators are increasingly shifting their focus from centralized cryptocurrency exchanges to decentralized finance (DeFi) protocols and applications (dApps).

The passage of MICA legislation by the EU has put pressure on DeFI companies to begin conducting KYC audits on users, because only "truly decentralized" projects are not subject to MICA regulation, and in fact most DeFi applications have organizations or individuals that ultimately control them. In addition, the European Commission aims to publish a full report on DeFI risks and recommendations by the end of 2024. In the United States, the SEC has begun to take enforcement action against Uniswap, the world's largest DEX.

As the number of DeFi participants increases (as shown in the figure below), regulators are paying more and more attention to the DeFi space. Although the specific nature of future legislation remains uncertain, it is certain that the basic principles of anti-money laundering (AML) and know your customer (KYC) will apply to DeFi.

Regulated institutions generally follow a standardized KYC framework to meet their regulatory requirements:

• Confirm customer identity through documentary or non-documentary means (Customer Identification Procedure/CIP).

• Evaluate customer risk by scanning for sanctions, politically exposed persons (PEPs), negative media lists, customer occupations, expected activities, etc.

• Continuously monitor for subsequent inclusion in anti-money laundering watch lists, negative media lists, activity peaks, etc.

Currently, all three steps of the KYC process are repeated for each institution where an individual opens an account. This requires individuals to submit the same documents and information multiple times. Since opening a new bank account is not a frequent event, customers generally do not feel the inconvenience of repeating KYC strongly. However, in DeFi, a person may interact with 10 or 15 protocols per day. Requiring individuals to complete KYC multiple times will lead to frustration and turn DeFi into a digital version of the traditional financial system.

There is another option: portable KYC.

DApps now have a unique opportunity to do this, both in the current largely unregulated environment and when DeFi-specific AML/KYC regulations are enacted in the future. In an unregulated environment, public blockchain technology allows users to submit identity documents, screen their names against AML watchlists, scan their on-chain activity for AML risks, and store proof of each check in their wallet. Users can then interact with permissioned dApps, whose smart contracts can filter out users who fail KYC checks.

This approach is beneficial to individuals because they do not need to endure the hassle of repeatedly submitting documents. It also brings significant benefits to dApps, ensuring they do not risk violating sanctions and money laundering rules, while saving money on compliance staff and systems, and defending against Sybil attacks.

DApps subject to AML/KYC regulations can use portable KYC to meet all aspects of their regulatory obligations, similar to unregulated dApps. However, regulated dApps need full access to their customers’ underlying documentation to make onboarding decisions. While customer documentation cannot be stored on a public blockchain, regulated entities can engage service providers to assist in fulfilling their AML/KYC obligations. Therefore, a portable KYC service provider can store customer documentation and transmit it to the entity, enabling it to decide whether to onboard a user.

The impending move to regulated DeFi protocols highlights the need for innovative compliance solutions. Portable KYC offers a practical approach to balancing user convenience and regulatory requirements, enabling dApps to reduce compliance costs and mitigate risk. By preparing now, DeFi organizations can ensure a smooth transition to a more regulated future, fostering trust and resilience in the ecosystem.