Preparing for DeFi Regulation: The Role of Portable KYC

The global cryptocurrency regulatory landscape has evolved rapidly over the past few years, and this swift pace of regulatory rulemaking is unlikely to slow down anytime soon. Lawmakers are increasingly shifting their focus from centralized cryptocurrency exchanges to decentralized finance (DeFi) protocols and applications (dApps).

The passage of MICA legislation in the EU is already putting pressure on DeFI firms to start KYCing their users due to the fact that only “truly decentralized” projects are exempt from MICA when in reality most DeFi applications do have an organization or individual ultimately controlling them. Additionally, the EU commission has a target date of EOY 2024 to produce their full report on the risks and recommendations for DeFI. In the U.S., the SEC has started an enforcement action against the largest DEX in the world, Uniswap.

You’re reading Crypto Long & Short, our weekly newsletter featuring insights, news and analysis for the professional investor. Sign up here to get it in your inbox every Wednesday.

As the number of DeFi participants increases (as illustrated in the chart below), regulators are becoming more focused on DeFi space. While the exact nature of future legislation remains uncertain, it is safe to assume that the basic principles of Anti-Money Laundering (AML) and Know Your Customer (KYC) will become applicable to DeFi.

Regulated institutions typically follow a standardized KYC framework to meet their regulatory requirements:

• Establish the customer’s identity through documentary or non-documentary means (Customer Identification Program/CIP).

• Assess customer risk by scanning against sanctions, Politically Exposed Persons (PEP), adverse media lists, customer occupation, expected activity, etc.

• Ongoing monitoring for subsequent inclusion on AML watchlists, adverse media lists, spikes in activity, etc.

DApps now have a unique opportunity to implement this, both in the current largely unregulated environment and, in the future, when DeFi-specific AML/KYC regulations are enacted. In a regulation-free setting, public blockchain technology allows users to submit their identification documents, have their names screened against AML watchlists, have their on-chain activity scanned for AML risk, and store proof of each check in their wallet. Users can then interact with permissioned dApps, whose smart contracts can filter out those who have not passed the KYC checks.

This method is advantageous for individuals, who do not need to endure the friction of repeatedly submitting documentation. It also offers significant benefits for dApps, ensuring they don’t run the risk of violating sanctions and money laundering rules, while saving money on compliance personnel and systems, and providing resistance to sybil attacks..

DApps subject to AML/KYC regulations can use portable KYC to satisfy aspects of their regulatory obligations similarly to unregulated dApps. However, regulated dApps will need full access to their customers’ underlying documentation to make onboarding decisions. While customer documentation cannot be stored on a public blockchain, regulated entities are permitted to engage service providers to assist in fulfilling their AML/KYC obligations. Therefore, portable KYC service providers can store and transmit the customer documentation to the entity, enabling it to decide whether to onboard the user.

The coming shift towards regulated DeFi protocols underscores the need for innovative compliance solutions. Portable KYC offers a practical approach to balance user convenience and regulatory demands, enabling dApps to reduce compliance costs and mitigate risks. By preparing now, DeFi organizations can ensure a smooth transition into a more regulated future, fostering trust and resilience within the ecosystem.

Note: The views expressed in this column are those of the author and do not necessarily reflect those of CoinDesk, Inc. or its owners and affiliates.