How Self-Regulation Can Help Web3 Achieve Compliance Without Compromising on Decentralization
There is a balancing act between implementing decentralized solutions that respect user privacy and allowing compliance and regulation to develop on the blockchain. With innovative solutions like Know Your Transaction, Zero-Knowledge Proofs, and MetaNFTs, the industry can show policymakers that we are making positive steps toward self-regulation and better position DeFi to continue innovating.
2022 will be remembered as a challenging year for crypto. The exposure of mismanaged blockchain and crypto startups and the economic downturn led to a huge amount of lost trust and confidence in key centralized exchanges and services. In a recent Boston Consulting Group report, the Terra-Luna crash was identified as one of the key triggers for the decline of total value locked — liquidity locked — in DeFi protocols at the end of May and June.
In addition, the general macroeconomic downturn has also led users to be more risk-averse with their capital. Even though interest in blockchain is still high, and with more innovative startups and solutions still being developed, potential users are warier about participating. This exposed some key challenges the industry still has to address, including compliance and regulation, while significantly overshadowing its inherent benefits — decentralization, transparency, security and privacy.
The Innovation of Blockchain and the Early Challenges of DeFi
The decentralized nature of the blockchain and the early participation of users who came to appreciate the ease (compared to traditional methods) with which they can perform transactions on blockchain-based dApps made it attractive and competitive for startups and developers to build decentralized finance solutions. The rapid development of protocols that make it easier to develop on top of this technology has also contributed greatly to the adoption of decentralized finance solutions. Smart contracts introduced by the Ethereum Virtual Machine made it possible to execute code with pre-defined guidelines and automatically execute depending on when parameters are met.
Despite this tremendous growth, builders and users have met regulations and compliance with caution. And while early on, there was already multiple discussions on how compliance could work in DeFi, the relative ease of development without rigorous standards and safety checks has made it easier to start, making it more attractive for builders and users.
But as with any innovation, challenging drawbacks start to present themselves early on — usually due to bad actors and not the technology itself. In light of the recent events this year, regulation and compliance have become more relevant than ever.
It is a subject that has gained much attention at the retail, institutional and policymaker levels. While the blockchain industry may have been cautious towards it, favoring permissionless solutions and being more protective of users’ privacy, it has become apparent that necessary safeguards need to be put in place to protect users, providing a safer foundation for the next wave of DeFi adoption.
For example, regulation has benefited institutions and users in the traditional financial industry. The Global Financial Crisis of 2008 has led to the creation of regulations that govern how companies handle users’ finances. Leading up to 2008, US lending institutions started repackaging high-risk mortgages into complex financial products. These products (subprime mortgages) were used to apportion these risks and sold to investors.
To stem the harsh damage placed on the global economy, the US government stepped in and passed legislative measures (namely the Dodd-Frank Act) that regulated the financial sector’s activities and protected consumers. Much like this intervention, necessary steps are needed in blockchain to provide increased safety to its users and to provide guidelines on how the industry should act.
Another example is the Dotcom Bubble in 2000, which saw a rapid rise in the US stock equity valuations fuelled by investments in internet-based companies in the late 90s.
The commercialization of the internet, and the false start by capital markets and venture capitalists, fuelled this speculative growth which meant the bubble burst to the tune of a 75% decrease in the NASDAQ Index by 2002. Out of this fall, many companies without any proprietary technology and with a deep lack of fiscal responsibility failed and left authentic companies like Amazon, Google and eBay the space to grow into their current forms. This is a common example used in crypto when explaining the potential of bear markets.
The recent slew of black swan events with Luna, Celsius, 3AC and now FTX has revealed to us time and time again that regulation is needed in blockchain so that users are better protected. Suppose these protections were in place, similar to the regulatory frameworks and licensing requirements in the traditional space but adapted by blockchain experts to suit blockchain technology and decentralization, then maybe the damaging events of the past year might have been mitigated.
Introducing regulation may differ from the original vision of blockchain, but it’s clear that protecting users is essential for the industry’s longevity and maturation. If we focus on self-regulation, and limiting unnecessary government intervention, the industry can move forward and regain people’s trust. Matthijs De Vries highlights some of the advantages of self-regulation in the below snippet from our recent Twitter space.
The interest of institutions and enterprises in capturing the value that DeFi offers can’t be denied. However, these institutions have realized that to be included, they will need to navigate the regulatory pitfalls that affect the industry. Self-regulation and the solutions that encourage this is a favorable route the industry could take, showing policymakers that DeFi isn’t lawless and has the means to self-regulate without overt government intervention.
Compliance and Decentralization: A Dilemma or is Self-Regulation a solution?
It's important to know that more regulations do not hinder malicious CEOs from harming their clients' funds. They only make it easier to prosecute those CEOs. If someone wants to harm, they can (until they get caught). With decentralization, what is written in a smart contract is verifiable (with enough knowledge) and is set in stone. Once funds are in a smart contract, they can generally not be used for anything other than what was coded in the smart contract.
There is no one-size-fits-all solution, just as it is in the traditional sphere. DeFi is still in its formative years, so compliant blockchain transactions are new. Moreover, defining what compliance means in the decentralized space is an ongoing exercise that numerous companies are trying to define.
The solutions that have been offered so far have come from centralized entities. Centralized systems have full compliance and high security. Still, they offer very low privacy, with users having to provide their identity to every service provider they interact with and not having a say in how their information is processed and stored.
This restricts participation to those willing to share their information for ease and convenience. Furthermore, we’ve recently seen that these entities are subject to the same regulatory pitfalls and financial mismanagement mistakes, especially if they are compliant with users’ participation but not with their internal business processes.
On the other hand, the permissionless nature of current DeFi solutions allows for anonymous or pseudonymous participation. Users have a higher level of privacy because they have fuller control of how, when, and to whom to reveal their identities. More often than not, users don’t need to disclose who they are, only that they have the liquidity to provide or exchange.
Moreover, it’s more straightforward to do similar transactions using DeFi solutions than with centralized solutions, a common use for peer-to-peer transactions. Market-making, lending, and even capital-raising benefit from decentralization as it allows more users to participate, more often directly utilizing smart contracts to govern the execution of these transactions.
But because there is no compliance or regulatory protection, users are also more exposed to profiteering schemes and loss of capital due to financial mismanagement. For example, in most cases where users lost capital due to the hacking of a protocol’s smart contracts, lack of operational security due to the complexity of operating a wallet and even in extreme cases, the bankruptcy and closure of the blockchain company managing the dApp, they have no recourse for refunds or are often the last priority for settlement in case of default.
These issues present us with a dilemma, how do we champion the benefits of a decentralized space and its solutions but still weave in the form of compliance in blockchain? And if we mimic regulation in the traditional space, will it diminish the inherent benefits of DeFi?
We know innate differences from traditional financial markets need to be considered when discussing regulations. Traditional finance has a deep history; as such, governments have a better handle on the intricacies of the financial system compared with blockchain/cryptocurrency. The knowledge level of governmental bodies is relatively low. So the question persists do you want governments to step in and regulate in a market where they have minimal knowledge?
Regulation is necessary in some way, shape or form; however, how we regulate is critical, and that’s the opportunity — self-regulate and reduce government intervention. DeFi was born out of innovation. This innovative nature can be tapped into to formulate self-governing regulations and standards that protect users' safety but don’t encroach on decentralization. Let’s explore some solutions that can help the industry to Self Regulate.
DeFi-Led Innovative Solutions for Self Regulation
“Know Your Transaction,” or KYT performs complex on-chain analytics on a target wallet address to ensure that the transaction history is clean of any activity that could be interpreted as fraudulent or has attempted to engage in activities linked to financial crimes, money laundering, or terrorism financing. This solution shifts the focus from verifying the identity of the address owner, as is the case with KYC, to analyzing the transaction’s risk.
Before making a deposit, the user can scan the addresses of users participating in the pool, revealing whether they have a ‘clean’ KYT score. Once the user has deposited their funds, they can continue to apply the checks to the pool for the duration their deposit is locked, all incoming depositor addresses will also be assigned a risk score. If there is a deposit that’s associated with a high-risk address, the user will be able to notice this and can withdraw their funds immediately. Implementing KYT decreases the chance of malicious behavior, putting the user's safety at the forefront and enticing traditional companies to participate.
Another solution to self-regulate is introducing compliance at the Liquidity Pool level by adding permissions to these pools, also known as “Compliant Pools.” Permissions mean that entities must undergo a full KYC and identity check to become whitelisted before they can participate. This means compliance-conscious institutions are assured that all their trading counter-parties have been vetted, so they aren’t left holding blacklisted assets. Although this is a promising solution, it also inevitably introduces a greater degree of centralization, as it requires each party to be verified by the pool operator.
Recently our Co-Founder and CTO, Matthijs De Vries, moderated a Twitter Space discussing Self Regulation in DeFi with Matthew Schmenk, Business Development Associate at Ava Labs and Darnell Walker, Strategic Sales Director at GBG. Darnell Walker touches on the importance of KYC in the industry and explains how GBG is integrating its solutions to help mature the space.
“GBG commits to a global KYC onboarding of customers, we trust that the individuals coming in the front end are exactly who they say they are, and we’re identifying them. We also can monitor the wallet’s transactions but not necessarily tie the two together. We use this type of compliance to help the industry grow and mature so that new projects and new technologies continue to be spawned off the back of it.” — Darnell Walker, GBG
Trustless Identity Verification, or TIDV, is AllianceBlock’s solution for trustlessly sharing authenticated and encrypted information — including verified KYC reports—while ensuring users control their data. TIDV achieves the optimal balance between compliance requirements and data privacy.
TIDV allows users to undergo KYC and gives them the choice of when and where to grant access to their verified identity and control the permissions requested by applications. For developers, TIDV’s optional compliance enables features in their dApps that require KYC verification. All of these are done in a trustless manner and are verifiable on-chain while ensuring that personal data is encrypted at every step of the process and only stored securely in the user’s browser.
This solution will continue evolving with the integration of Zero Knowledge Proofs (ZKPs) — another novel solution that will further preserve users’ privacy by only sharing proof that something is true, generated from their authenticated information. As a theory, ZKPs have been around for decades. The advancement of privacy-based technologies, especially in cryptography, brings a concrete and practical application of the concept. A ZKP is a way of proving the validity of a statement without revealing the statement itself. At the protocol level, it acts as a method by which one party (the prover) can prove to another party (the verifier) that something is true without revealing any information apart from the fact that this specific statement is true.
Matthew Schmenk hinted at possible future solutions which utilize ZKPs and NFTs that can enable a compliant DeFi;
“I envision a world where you have an on-chain ID solution that is privacy protected with a ZK circuit, something that holds your personal information, like an NFT. It’s tied to your account and allows you to go from protocol to protocol. Like a private on-chain identity solution, in which protocols can vet certain parts of your personalized financial identity.” — Matthew Schmenk, Ava Labs
This possible solution becomes very valuable for important areas of blockchain where a higher level of privacy is necessary, particularly in anonymous payments, authentication, verifiable computation and identity protection.
As a real-world example and echoing Matthews’s statement, a composable MetaNFT with a ZKP could be used to verify digital identity. This would allow someone to prove they are over 18 without revealing their date of birth. In traditional methods, users often have to share their valid identification documents or connect a validated digital profile, which can reveal more details than just age and their full name, address, email, etc. Another application could be used to reveal whether a user is creditworthy without disclosing their credit score.
Recently we've briefly introduced Nexera ID. The Nexera ID utilizes a unique “NFT as a data container” structure that allows it to execute smart contract features such as pre-programmed actions if an account is hacked, NFT burning and re-minting to prevent sensitive data falling into the wrong hands, and account/ID recovery. With self-custody looming at the horizon as a haven for the industry combined with what a composable MetaNFT with ZKP could unlock with regards to self-regulation, Nexera ID is a ground-breaking solution that will arrive right on time.
The uses for this solution have a far reach throughout Web3 applications like social, gaming and e-commerce. DeFi is just one of a multitude of use cases for the future of a compliant, private and decentralized industry.
These innovative solutions are a way to show policymakers that DeFi, as an industry, is being proactive in its pursuit of self-regulation. The recent actions of Changpeng Zhao (CZ) from Binance pushing for centralized companies to provide full proof of reserves is one way (when combined with proof of liabilities) to show how we can govern ourselves and avoid a strong-armed reaction from government bodies.
However, what does self-regulation mean for smaller projects and users? For projects utilizing compliant solutions which don’t encroach on decentralization, it is critical to ensure users' safety but equally critical to protect the project from malicious activity. Projects feel safe because real, verified users are participating in the project. They also feel safe that the solution(s) they leverage protects users. Users feel safe knowing the project has their best interest at heart and cares about protecting them from malicious activity. And dependant on the solution used, feel secure knowing that minimal centralized entities were leveraged or, in some cases in the near future, no centralized entities; only the necessary amount of regulation or compliance was used to ensure safety for the user.
The Need to Self-Regulate
The implementation of regulatory bodies is already underway within the EU with the newly formed association MiCA (European Markets in Crypto Association), which is setting out specific requirements for CASPs (Crypto Asset Service Providers), which groups together parties that are involved with providing any digital asset service for its clients. The European Securities and Market Authority will monitor these providers (ESMA), maintain lists of approved CASPs, and monitor lists of third-country CASPs that are not compliant.
Although these developments will provide more certainty to participants regarding the legitimacy of blockchain addresses with which they interact, it is also the first step in what could be overly intrusive enforcement in the space. This level of compliance doesn’t reach into the realms of DeFi or other initiatives like DAOs (Decentralized Autonomous Organisations), but recent events do not help this distinction.
In our Twitter Space, AllianceBlock Co-Founder and CTO Matthijs De Vries highlighted the need for the industry to focus on self-regulation.
“We should have a proactive stance, we need to think about what we can do for self-regulation. If we can show regulators that we can govern ourselves and each other. We could avoid government interference and write our own story on how and what this industry should look like.”—Matthijs de Vries, AllianceBlock
Regulation is an ever-looming necessity and will play a key role in the future of onboarding risk-averse institutions and enterprises. AllianceBlock has always thought and built with regulation and compliance in mind and has been actively developing a suite of solutions that balance the values inherent in decentralization and cater to compliance requirements by traditional institutions and entities. It’s equally important to ensure choice, projects shouldn’t be forced to be compliant and use centralized entities; they should choose what solutions they want to use and when.
It’s evident that governments lack deep knowledge of blockchain and DLT technology, so if we sit back and let government regulation step in, or wait for another FTX, 3AC, Celcius, Luna black swan event, then it’s likely that the core values that we hold closely: decentralization, anonymity, privacy, ease of access, could be taken away and replaced with clunky regulations that aren’t catered to DeFi.
Moving Towards Compliance in DeFi
Solutions are needed that blend the two sides of the spectrum, compliance and regulation, with privacy and transparency. If this is achieved, then the industry can prove to regulators that we are capable of self-regulation, which will limit the potential intrusion of policymakers and leave one of the most innovative industries to continue what it’s been doing — innovating.
Blockchain technology has been built to improve traditional systems' existing flaws. Over the past year, we have seen several issues come up, but it hasn’t been blockchain technology that’s caused the issues; it’s been bad actors and mismanagement of users and their funds. These issues have sparked a relevant conversation about what a compliant industry could look like. It is easy to lean on the frameworks and requirements of the traditional financial system, but that wouldn’t suit DeFi.
The idea of a “compliant DeFi’’ no longer reads like an oxymoron. Using solutions like KYT, ZKPs, TIDV and MetaNFTs, alongside promising applications and protocols (e.g., Nexera ID) that build on top of these privacy-rich solutions, can lead us towards an industry that proves its ability to learn from early mistakes and is being proactive in its pursuit to continue solving conflicting challenges.
There is a long way to go to establish this trust however, self-regulation and showing the user that their privacy, safety and interests matter is a good start. AllianceBlock is creating solutions that help this mission, showing users and regulators that we can self-regulate our young industry. Moreover, we can set the platform for blockchain to better appeal to risk-averse institutions and bridge the gap between traditional finance and decentralized finance.
About AllianceBlock
AllianceBlock is building seamless gateways between TradFi and DeFi by remedying issues in both spheres and linking them more closely. AllianceBlock sees the future of finance as an integrated system in which the best of both worlds can work together to increase capital flows and technological innovation.
They are building this future by bridging traditional finance with compliant, data-driven access to new decentralized markets, DeFi projects and ecosystem-scaling tools such as funding and interoperability. As such, they are building a next-generation financial infrastructure that aims to provide regulated financial entities worldwide with the tools they need to access the DeFi space seamlessly.
Be sure to follow us on Twitter, follow us on Telegram and subscribe to our newsletter so you don’t miss out on any important AllianceBlock news or updates.
You can also find us on:
Telegram · Twitter · Instagram · Discord · Website · LinkedIn · YouTube · Reddit
