Without Compliance DeFi’s Napster Moment Is Doomed To Fail

When most people in the crypto universe imagine what a crypto trader looks like, they imagine a high-flying, government-fearing, algorithm-loving fanatic trading on a cutting edge DeFi platform. The trader wants to swap three ETH for some BAT to maximize investment yield based on an algorithm he believes is impervious to market trends. Unbeknownst to the trader, the major source of liquidity to the pool comes from the proceeds of the Mt. Gox hack, the sale of blood diamonds or heroin. Otherwise stated, the trader has accidentally stepped into a money laundering cesspool by accident.

Flash forward one year. The same trader, conducting the same transaction, has maximized his yield and now seeks to deposit his gains into a traditional bank that has started accepting crypto, or even, G-d forbid, a centralized exchange. Ultimately, the goal was always and continues to be to cash out into fiat. 

Sadly, the trader finds out that all of his accounts are frozen.

In this hypothetical scenario, law enforcement and regulatory authorities have collaborated and filed a lawsuit alleging money laundering. Exchanging crypto on the DeFi platform that the trader used for the transaction has been blacklisted, and all wallets that have interacted with it have been red-flagged.

A question for another day is whether a fully DeFi exchange (DEX) actually exists or whether – despite the name – all exchanges have some form of centralization. For this hypothetical, we’ll concede that a centralized exchange has a Board of Directors and/or responsible shareholders, while a DEX has users who purchase governance tokens, run nodes, and vote on protocol changes.

The example above is a potential road that might become a simple realty in the future. Or is it? The nature of both centralized and decentralized exchanges, or virtual asset service providers, are the target of regulators across the globe. The future approach is unknown but likely will include some form of government oversight and scrutiny.

What is DeFi? 

Whilst Bitcoin is ‘new money,’ DeFi is being seen as the next evolution in blockchain: ‘new financial services.’

In DeFi, there is no reliance on a central intermediary to hold funds. Instead, transactions occur directly between participants through automated, decentralized and democratized processes. This next wave of innovation in blockchain promises a faster, more inclusive, and transparent financial system that encompasses decentralized exchanges, lending, and trading platforms. 

And the space is increasing in popularity and acceptance. Hailed as a ‘Napster moment’, DeFi clearly fits that definition of a “radical, game-changing innovation that can throw businesses and entire industries into oblivion.”

The movement had gathered steam in 2019 and exploded in 2020. For the first time, monthly traded volume at the largest decentralized exchange, Uniswap, has surpassed that of the largest centralized exchange, Coinbase. According to The Block, last month ‘Uni’ saw approximately $15.4 billion in volume, whilst Coinbase registered $13.6 billion.

Why is it risky?

As usual, government regulators run behind technology; and DeFi is no different. At the moment, if the ICOs in 2017 were the Wild West, the DeFi explosion of 2020 is the Gold Rush on the new frontier. DeFi is attracting the next phase of crypto investors and institutional money. Expectations have increased, transparency has increased, and the demand for better products has increased.

As always, the first question is: Who is ultimately legal responsible for transactions? This has long been a moving target in crypto. Regulators will always focus on financial crime prevention, and that focus will remain on team members and founders who provide a platform that enables — whether knowingly or unknowingly — the transfer of illicit funds. Lack of AML and financial crime prevention leads to potential criminal exposure for the team members and founders by unwittingly facilitating the transfer of illicit funds.

The United States, working in conjunction with friendly nations around the world (especially those with extradition treaties), are holding crypto platforms accountable for violations of the Bank Secrecy Act. Cinneamhain Ventures partner and consultant Adam Cochran said: “Many people presume there to be some sort of magical ‘peer-to-peer’ exemption that exists in these laws. I’m not sure where that myth comes from.” Referring to the U.S. Securities and Exchange Commission (SEC), he added: “It might be an oversimplification of understanding the SEC/CFTC limitations. But it doesn’t exist. The only thing that matters is: Do you make it easier for criminals in the U.S. to exchange monetary instruments without applying the U.S. standards of KYC/AML?”

While DeFi has exploded in 2020, the SEC has already held at least one DeFi platform accountable.

According to David Silver – widely regarded as the original crypto investor plaintiffs’ lawyer – EtherDelta was alleged to have permitted more than 3.6 million buy-and-sell orders of ERC20 tokens that included securities as defined by Section 3(a)(10) of the Securities Exchange Act. Rather than prolong the inevitable, EtherDelta agreed in a Consent Order to certain penalties imposed upon it by the SEC. According to Silver, the importance of the EtherDelta Consent Order was that the SEC concluded that EtherDelta met the definition of a securities exchange. The Order specifically addressed the decentralized nature of EtherDelta and said that was of no importance. Silver went on to say that from the SEC’s perspective, there was no distinction between a centralized exchange and a decentralized one, as that difference is irrelevant to SEC’s regulatory analysis.

What was the ultimate conclusion? Coburn, the operator of EtherDelta, admitted to violating U.S. regulatory standards by writing, deploying, and controlling the operations of smart contracts to the Ethereum Blockchain.

In a very recent example, there was an alleged hack at the KuCoin exchange wherein $200 million was reported to have been missing. A sizeable amount of the $200 million was traced and determined to have been liquidated by the hacker(s) at Uniswap and KyberSwap – two exchanges that currently have no known KYC/AML requirements or policies.

How to mitigate risks?

Just because crypto users believe they are somehow exempt from the application of AML requirements does not actually make them exempt. Simply looking the other way is a foolhardy approach that will almost certainly fail in the long run. The SEC’s Valerie Szczepanik, a/k/a the “Crypto Czar,” spoke on the subject of DeFi recently, saying: “These are all financial activities, and they are likely subject to various laws already, including securities law, potentially banking and lending laws—definitely AML/CTF laws.”

However, as we saw in the centralized exchanges, there is always a solution. The AML solution for DeFi is of a decentralized nature itself. Enter the AML Oracle, Coinfirm’s latest innovation.

Built out of the Ethereum protocol, the AML Oracle enables DEX platforms to continue lending, staking, and engaging in general DeFi activities without fear of running afoul of nefarious actors and watchful government regulators.

Considering that most of the DeFi protocols and platforms are effectively self-operating smart contacts or a series of smart contracts ‘talking’ to one another, what was needed was a solution that was able to interact with this interface. I say it was because the remedy is here. These DeFi-first smart contracts communicate with ‘the outside’ world via so-called ‘Oracles’ that are themselves smart contracts – querying external data sources or APIs. 

The AML Oracle fits this framework for a DeFi AML solution by being built out of the ERC-20 technical standard, enabling it to ‘talk’ to other smart contracts.

How it works is relatively simple. Any DeFi platform has the ability to query this ‘Oracle’ and receive an AML risk score for a transaction or wallet. If the risk of such a transaction is too high, the DeFi protocol can reject the transaction at its set discretion. This system is able to deal with the vast majority of queries.

The final frontier in DeFi is that of KYC-focused (Know Your Customer) compliance. This is accomplished via a centralized repository of checked addresses with connected KYC information. 

In addition, the protocol should have ongoing analysis of its network and be able to freeze risky funds, reject transactions, prepare SARs (Suspicious Activity Reports), and present the risk analysis of the entire network to the regulators or FIUs (Financial Intelligence Units) in a comprehensive manner.

These are actually simple asks and can easily be achieved with the correct system. One that now exists.

DeFi has coined the phrase “BUIDL” – where users are encouraged to be proactive in the crypto space rather than simply passively HODLing assets. But without meeting regulatory compliance, there will be no mainstream adoption in the long run. No Napster moment. DeFi + compliance = growth. 

With Coinfirm’s AML Oracle release, we aim to allow users and development teams to continue BUIDLing in DeFi without the worry of sanctions.