Why has the traditional regulatory system become a joke on the blockchain?

I recently read a briefing paper recently released by the Bank for International Settlements (BIS) - "Anti-Money Laundering Compliance for Crypto Assets" [1]. As the central bank of the world's central banks, every report of the BIS will become a weather vane for financial supervision in various countries. So when I saw the title, my first reaction was: Finally, someone came up with a clever way to control cryptocurrencies?

However, after reading the full text, I realized that this paper is not a usable solution. In my opinion, it may be more like a decent surrender.

In academic language, the BIS euphemistically acknowledged a cruel fact: the KYC/AML system of traditional finance has completely failed in the face of the decentralized crypto world. What is their "innovative" solution? They offer wallet ratings, encourage users to self-check compliance, and perform final checks at the point of deposit and withdrawal. It's like a martial arts master who has practiced the Eighteen Dragon Subduing Palms for a lifetime, only to discover his adversary is approaching with tanks. He suggests putting up a sign at the city gate: "No Tanks Allowed." Not to mention the high implementation and coordination costs of the rating system, even if it were implemented, what would happen if someone poisoned a high-scoring wallet account? Encouraging users to conduct their own checks is like asking you to check whether a dollar bill has been used to buy drugs before receiving it. It's theoretically feasible, but absurd in practice. Implementing KYC/AML during deposit and withdrawal procedures may be the last remaining respectability left to these traditional institutions; at least you can verify your identity and source of funds. Why is it said that the traditional regulatory system has become almost completely ineffective on-chain? Let's take a look at a ridiculous regulatory rule that regulators around the world continue to promote: the Travel Rule. The Travel Rule: A Farce from Traditional Finance to the Crypto World To understand the absurdity of the Travel Rule, we must first understand its history. In 1996, during the dial-up era, the US Financial Crimes Enforcement Network (FinCEN) first introduced the Travel Rule as part of the Bank Secrecy Act. The requirement at the time was simple: banks processing wire transfers over $3,000 were required to pass the sender's information to the next financial institution. This worked well within the traditional banking system. Why? Because banks are centralized, they have complete customer information and standardized information transmission systems like SWIFT. ICBC knows everything about Zhang San, and China Construction Bank knows everything about Li Si, so exchanging information during transfers is a natural process. But in 2019, the Financial Action Task Force (FATF) made a game-changing decision: extending the Travel Rule to cryptocurrencies. What is FATF? It's an intergovernmental organization established in 1989, originally to combat drug money laundering. Its "40 Recommendations" are considered the global gold standard for anti-money laundering. When FATF speaks, regulators around the world listen.

On June 21, 2019, the FATF adopted the Interpretative Note to Recommendation 15 (INR.15) in Orlando, extending the application of Recommendation 16 (Travel Rule), which originally applied to wire transfers by traditional financial institutions, to the field of virtual assets. Requires Virtual Asset Service Providers (VASPs) to collect and transmit identity information of the sender and receiver when processing transactions exceeding USD/EUR 1,000, including:

• Name

• Account number (wallet address)

• Geographic location or ID number

• More detailed information if required

75% of jurisdictions are still only partially compliant or non-compliant[2]

, which is exactly the same as in April 2023 – 75% of 73 countries, zero progress.

Why is this so? Because each country is doing its own thing.

The United States maintained the old rule from 1996: a $3,000 threshold. But the FATF recommended $1,000, and so the first split occurred.

Singapore was one of the first countries to respond, and it began to implement it on January 28, 2020, with a threshold of 1,500 Singapore dollars. South Korea implemented the rule on March 25, 2022, with a threshold of 1 million won (about $821). Japan said all transactions, regardless of the amount, would be subject to it. The EU went even further, delaying enforcement of its Transfer of Funds Regulation (TFR) until December 30, 2024, then saying: "We don't have a threshold; even a single euro cent will be subject to the Travel Rule." What was the result? A $1,500 transfer from the US to the EU was exempt from the US Travel Rule, while the EU insisted it was. Both parties were "compliant," yet the transaction was stuck. And that's not even the worst of the chaos. Israel implemented the Travel Rule in 2021, with no threshold, but almost no other country has followed suit. Canada also has zero thresholds, but its rules are incompatible with those of other countries.

What is the result of this kind of independence?

According to Notabene's 2024 industry survey[3], although there has been some improvement compared to the previous year (down from 52% to 29%), 29% of VASPs continue to send Travel Rule information to all counterparties indiscriminately without conducting any due diligence assessment.

This "wide-net" approach actually reflects an embarrassing reality: most VASPs are just going through the motions, because there is no way to verify whether the counterparties actually use this information and whether they are compliant.

DeFi: A Blind Spot in the Travel Rule

While regulators are still struggling with the Travel Rule for centralized exchanges, DeFi has completely circumvented this problem.

The Travel Rule is premised on the implementation of VASPs (intermediaries).

I use MetaMask to exchange tokens directly on Uniswap. May I ask:

• Is MetaMask a VASP? It's just a browser plugin

• Is Uniswap a VASP? It's just a piece of code

• Are Ethereum miners VASPs? They just validate transactions

When two parties transact directly peer-to-peer, there is no intermediary to enforce the Travel Rule.

This is as ridiculous as asking the air to enforce the law.

Who does the Travel Rule require to enforce it? Does it require the code to provide KYC information? FATF's response was that developers of DeFi protocols should be considered VASPs. This logic is as absurd as saying the inventors of the TCP/IP protocol should be held responsible for all internet crime. Vitalik Buterin created Ethereum, so he's responsible for all illegal transactions on Ethereum? If Satoshi Nakamoto were still alive, would he be sentenced to life imprisonment? Criminals' Response: The Art of Smurfing What do real criminals think of the Travel Rule? They probably view it as a comedy. Criminals use traditional Smurfing tactics to circumvent the Travel Rule[4], breaking up large transactions into smaller ones. Want to transfer $18,000? Split it into 20 $900 transactions, sent from different wallets at different times. Each transaction is below the threshold and not covered by the Travel Rule. North Korean hackers stole $1.46 billion from the ByBit exchange this year—the largest cryptocurrency heist in history. Did they use the Travel Rule? Of course not. By 2024, the amount of cryptocurrency used for illegal activities will reach tens of billions of dollars. None of these criminals were caught by the Travel Rule.

Another consequence of the Travel Rule is that it exacerbates regulatory arbitrage. Every time regulations are tightened, it's like squeezing toothpaste - you squeeze it here, and it pops out there.

Compliance costs: a costly show

The Travel Rule brings not a solution, but an astronomical compliance bill.

According to estimates, the cost of implementing the Travel Rule for a medium-sized exchange includes:

• Technology solution procurement: annual fee of US$100,000-500,000

• System integration and transformation: one-time cost of US$500,000-2 million (the entire trading system needs to be transformed)

• Expansion of the compliance team: annual salary cost of US$200,000-1 million (a dedicated Travel Travel Rule Compliance Officer)

• Legal consulting fees: Annual fee of US$100,000-500,000 (rules vary from country to country, local legal support is required)

• Audit and reporting: Annual fee of US$50,000-200,000

These are just the visible costs, what about the invisible ones?