Ad
Opinion

Preparing for DeFi Regulation: The Role of Portable KYC

As regulators scrutinize DeFi more closely, participants need to improve compliance around AML and KYC and make the process easier for customers, says Thomas Gentle, Compliance Officer, Quadrata.

Updated Aug 7, 2024, 4:05 p.m. Published Aug 7, 2024, 4:05 p.m.
Know your customer
Know your customer

The global cryptocurrency regulatory landscape has evolved rapidly over the past few years, and this swift pace of regulatory rulemaking is unlikely to slow down anytime soon. Lawmakers are increasingly shifting their focus from centralized cryptocurrency exchanges to decentralized finance (DeFi) protocols and applications (dApps).

The passage of MICA legislation in the EU is already putting pressure on DeFI firms to start KYCing their users due to the fact that only "truly decentralized" projects are exempt from MICA when in reality most DeFi applications do have an organization or individual ultimately controlling them. Additionally, the EU commission has a target date of EOY 2024 to produce their full report on the risks and recommendations for DeFI. In the U.S., the SEC has started an enforcement action against the largest DEX in the world, Uniswap.

You're reading Crypto Long & Short, our weekly newsletter featuring insights, news and analysis for the professional investor. Sign up here to get it in your inbox every Wednesday.

As the number of DeFi participants increases (as illustrated in the chart below), regulators are becoming more focused on DeFi space. While the exact nature of future legislation remains uncertain, it is safe to assume that the basic principles of Anti-Money Laundering (AML) and Know Your Customer (KYC) will become applicable to DeFi.

unique addresses that bought/sold defi assets
unique addresses that bought/sold defi assets


Regulated institutions typically follow a standardized KYC framework to meet their regulatory requirements:

  • Establish the customer’s identity through documentary or non-documentary means (Customer Identification Program/CIP).
  • Assess customer risk by scanning against sanctions, Politically Exposed Persons (PEP), adverse media lists, customer occupation, expected activity, etc.
  • Ongoing monitoring for subsequent inclusion on AML watchlists, adverse media lists, spikes in activity, etc.

Currently, all three steps of the KYC process are repeated at every institution where an individual holds an account. This requires individuals to submit the same documentation and information multiple times. Since opening a new bank account is not a frequent activity, the inconvenience of repeated KYC is generally not acutely felt by customers. In DeFi, however, someone might interact with ten or 15 protocols a day. Requiring individuals to complete KYC multiple times causes frustration and turns DeFi into a digital version of the traditional financial system.

There’s an alternative: portable KYC.

DApps now have a unique opportunity to implement this, both in the current largely unregulated environment and, in the future, when DeFi-specific AML/KYC regulations are enacted. In a regulation-free setting, public blockchain technology allows users to submit their identification documents, have their names screened against AML watchlists, have their on-chain activity scanned for AML risk, and store proof of each check in their wallet. Users can then interact with permissioned dApps, whose smart contracts can filter out those who have not passed the KYC checks.

This method is advantageous for individuals, who do not need to endure the friction of repeatedly submitting documentation. It also offers significant benefits for dApps, ensuring they don’t run the risk of violating sanctions and money laundering rules, while saving money on compliance personnel and systems, and providing resistance to sybil attacks..

DApps subject to AML/KYC regulations can use portable KYC to satisfy aspects of their regulatory obligations similarly to unregulated dApps. However, regulated dApps will need full access to their customers’ underlying documentation to make onboarding decisions. While customer documentation cannot be stored on a public blockchain, regulated entities are permitted to engage service providers to assist in fulfilling their AML/KYC obligations. Therefore, portable KYC service providers can store and transmit the customer documentation to the entity, enabling it to decide whether to onboard the user.

The coming shift towards regulated DeFi protocols underscores the need for innovative compliance solutions. Portable KYC offers a practical approach to balance user convenience and regulatory demands, enabling dApps to reduce compliance costs and mitigate risks. By preparing now, DeFi organizations can ensure a smooth transition into a more regulated future, fostering trust and resilience within the ecosystem.

Note: The views expressed in this column are those of the author and do not necessarily reflect those of CoinDesk, Inc. or its owners and affiliates.

Thomas Gentle

Thomas Gentle is a Compliance professional with robust expertise in BSA/AML policy implementation, operations, and supervision. Currently, as the compliance officer at Quadrata, he oversees comprehensive compliance operations, ensuring regulatory adherence and integrating compliance insights into product development. Previously, Thomas worked as a team lead on the BSA/AML Compliance Quality Assurance team at Coinbase, where he helped develop and execute risk-based QA programs. He also managed financial crimes compliance at Boston Private Bank & Trust Company, enhancing their compliance protocols and mitigating high-risk client activities. Thomas specializes in optimizing compliance processes to achieve organizational integrity and regulatory compliance.

picture of Thomas Gentle