April 29, 2022
By Murtuza Merchant
With cryptocurrency thefts and money laundering in cryptos increasing day by day, watchdogs globally are all charged up to introduce more transparent regulations.
Last month, regulatory authorities in Europe voted in favor of regulations that require crypto exchanges to know the identity of investors behind unhosted wallets – those wallets that are not hosted by a third party.
Not only in Europe but regulators around the world are also in favor of enforcing the know your customer (KYC) rules on unhosted or self-hosted crypto wallets.
If the regulations are set in place in the coming months, could place severe disclosure requirements on transactions between non-custodial wallets and crypto exchanges in the European Union. This has met with severe criticism from the crypto industry in Europe.
Experts believe that the implementation of the first set of regulations could be “too fast” for exchanges as over 70% of the transactions come from unhosted wallets like off phones and computers and not from registered exchanges. At the same time, they believe that there is a need to have a “delicate balance” of data privacy and disclosure requirements.
Speaking at a panel discussion on “Know your crypto customer: is total anonymity sustainable amid hacking and AML concerns?” organized by Financial Times on April 26, Maja Vujinovic, Managing Director at OGroup said, “It is a delicate balance between individual privacy and institutional credibility because you don’t want to allow crypto to be the means for laundering and all kinds of other criminal activities. But at the same time, you know, what we are seeing in Europe (backlash from the crypto industry on data privacy requirements) is that we see a lot of further pushback on the larger organizations for sure.”
Vujinovic added that some large companies also do not want to hold data due to liabilities and therefore, there is an opportunity to create a new world where individuals can own their own data.
Ian Taylor, Executive Director, CryptoUK, said, “As ways to avoid government, we don’t want crime. It’s a sizeable disadvantage that this brings. So we need to be smart and we need to work with policymakers to make sure there are no weak points because there will be exchanges, and certain jurisdictions won’t have the same will have a lighter touch rather than the major jurisdictions. And that’s what we’ve already seen when it comes to ransomware. The exchanges are targeted for the washing of money that has been stolen in criminal activity. So, it’s a balance always.”
Taylor pointed out that cryptocurrencies work at a global level and hence it is not easy operationally for exchanges to be able to implement KYC immediately.
The recent Financial Action Task Force (FATF) guidance is aimed at extending the scope of the Travel Rule to virtual asset service providers (VASPs) if a virtual asset transfer involves a self-custodied wallet. This, essentially means, that when an exchange sends crypto to another exchange, the name and account information of both sender and receiver are sent are available to both parties.
The panelists believed that “deadlines” here would again be a problem and that it cannot just start “next week.”
David Carlisle, Vice President of Policy and Regulatory Affairs at Elliptic, a provider of cryptocurrency compliance and risk management solutions, said regulators usually have two aims – protecting and preserving privacy and data and mitigating risks associated with financial crimes, money laundering, and sanctions evasion.
“But, I think the focus at the moment tends to be overwhelmingly towards how do we because that prevent against the threats,” he said and added that regulators are willing to try to find some middle ground between enabling privacy-enhancing features, while also trying to mitigate some of the risks.
While Taylor demanded more “consistency” in regulations at a global level, other panelists noted that a “one size fits all” approach is not possible due to the differing opinions governments across the world hold about cryptocurrencies.
David Jevans, CEO at CipherTrace said, “I have no hope that we will have homogenized regulations ever therefore, I think it is an opportunity for companies, consultants, products, services, to bridge that gap to expand what we understand as AML and know your customer technologies to perhaps encompass a broader compliance of computing capability around crypto that could be delivered in a simple way to all these virtual assets service providers.”
While the technology to create this balance between data privacy and institutional credibility is slowly coming up, panelists believed that a probable solution is for regulators and the industry to come together to a middle ground.
Vujinovic said, “You have zero-knowledge proofs that will still have to do a lot of work. There needs to be improved performance. There needs to be scaling a blockchain for this technology actually, to achieve a real-world adoption. You have to be able to integrate with these technologies. These are not easy things to do at all at scale.”
About the author
Murtuza Merchant is senior journalist and an avid follower of blockchain and cryptocurrencies.