At AMLBot, we are proud of our continuous commitment to shaping a secure and compliant digital asset industry. As an active participant in industry developments through our official membership in INATBA, we recently contributed to a significant collaborative effort in response to a discussion paper initiated by the French regulator, Autorité de Contrôle Prudential et de Résolution (ACPR).
The paper, titled 'Decentralised’ or ‘Disintermediated’ finance: What regulatory response?' aimed to engage industry stakeholders on the subject of risks and potential regulations for the burgeoning decentralized finance (DeFi) sector.
Our contribution was part of a collaborative response orchestrated by the European Blockchain Association (EBA), the IOTA Foundation, and the European Crypto Initiative (EUCI). This effort involved a variety of industry leaders and academic institutions, such as the University of Glasgow, the University of Pavia, and Cornell University. Other participants included La Caisse Des Dépôts, Folks Finance, EthicHub, Tokeny, FeverTokens, Callisto Enterprise, and the Global Blockchain Business Council (GBBC).
We took a clear stand in this discussion, commenting on the description of potential Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) risks related to DeFi, as outlined in Section 2-4-4 of the ACPR's paper. Our joint response included the following:
AMLR offers a comprehensive regulatory framework that applies to a wide range of financial services and institutions. While DeFi is a growing area of the crypto industry, it still represents a small portion of the overall financial landscape.
Therefore, it is premature to add DeFi into the AMLR at this time, given that there is still much to learn about this emerging ecosystem. Moreover, Section 2-4-4 presents DeFi as a huge risk for ML and FT: however, it is important to note that cash remains the most common medium of exchange used in money laundering.
According to the United Nations, roughly $800 billion to $2 trillion of fiat is used for laundering yearly while crypto in 2022 was close to $23.8 Billion, which means that the estimate of cryptocurrency used for money laundering is less than 2% of the lower end of the estimated range of fiat currency used for money laundering.
Blockchain analytics can help identify patterns and anomalies in transaction data that may be indicative of ML or TF activities, they can also help identify and trace the flow of funds through the DeFi ecosystem, including between different dApps and protocols.
The implementation of AML requirements within existing legal systems focuses on preventing the use of tools that enhance anonymization, such as mixers, in order to maintain the ability to track and trace users.
The primary objective of AML regulations today is to minimize pseudonymity and limit anonymity. Simultaneously, personal data regulations push personal data administrators and processors to prioritize maximum protection of personal data, which entails maximizing pseudonymity to safeguard user information from being tracked by third parties.
This scenario exemplifies how applying traditional approaches and regulations to the DeFi space may not be suitable for DeFi participants. Furthermore, complying with most regulations would necessitate centralized governance, contradicting the direction DeFi is aiming for.
Consequently, the existing legal framework discourages public and permissionless network communities and actors from undergoing various legal certification and supervision processes, given the complex and conflicting regulatory landscape.
DID solutions can help verify the identities of users when connecting with a dApp. Furthermore, regulatory compliance can be built into DeFi protocols through smart contracts, which can enforce specific rules and requirements related to KYC/AML (Know Your Customer/Anti-Money Laundering) and other regulatory obligations. Smart contracts can also enable the automatic reporting of suspicious activities to regulators or law enforcement agencies.
Regardless of a specific regulation that requires DeFi space to become compliant with KYC, there are already platforms innovating in this area, one example is Aave, which is a decentralized lending platform that allows users to borrow and lend cryptocurrencies without intermediaries.
In order to comply with KYC requirements, Aave has implemented a "know your customer" (KYC) process for users who wish to borrow or lend above a threshold amount. Users are required to provide personal information such as their name, address, and government-issued ID, which is verified through a third-party KYC provider
This robust response reflects our commitment at AMLBot and PureFi to fostering a balanced and informed approach to the regulation of DeFi. We believe in the potential of this industry and are dedicated to ensuring it develops in a safe and compliant manner.
We believe that Decentralized Identifiers (DIDs) and smart contracts can help enforce AML/KYC requirements and other regulatory obligations in the DeFi ecosystem, while preserving the decentralization and privacy of its users.
For those interested in delving deeper into these discussions, we encourage you to read the full joint response to the ACPR's discussion paper, titled 'A Collaborative Industry Response to the ACPR Consultation Report on Decentralized Finance'. This document provides a comprehensive overview of the collective viewpoints of industry experts and institutions on the potential regulatory responses to the DeFi sector. You can access the full response here.
Additionally, to understand the broader context and the various regulatory scenarios proposed, we recommend reviewing the original discussion paper published by the ACPR, titled 'Decentralised’ or ‘Disintermediated’ finance: What regulatory response?'. You can find the complete report on the ACPR's official website here.
Our contributions, alongside those of our esteemed colleagues in the field, aim to guide regulatory responses that understand and respect the unique aspects of DeFi, while still maintaining the necessary safeguards against illicit activities.
In conclusion, AMLBot, alongside other industry stakeholders, offered valuable insights to the ACPR on how to approach the emerging AML/KYC risks in the DeFi industry. These insights could inform the development of a comprehensive and effective regulatory framework that embraces the innovative potential of DeFi while addressing its inherent risks.