But the laundry list for compliance with international regulation is long and treacherous: from tracking transactions to third-party wallets and ensuring both sender and recipient are KYC-ed (Know Your Customer) to checking watchlists for money launderers (AML) and terrorists (CFT).
In June 2019, the Financial Action Task Force (FATF), the global inter-governmental money laundering and terrorist financing watchdog organization, delivered a guidance paper that specifies business process requirements for VASPs.
Financial regulators across the globe are expected to follow FATF guidelines, or ignore them at risk of losing credit rating, IMF loans, and access to currency conversion facilities. So, rather than face penalization or exclusion, they naturally choose to follow these guidelines.
The institution's policy mandates that VASPs have “obligations to obtain, hold, and transmit required originator and beneficiary information in order to identify and report suspicious transactions, monitor the availability of information, take freezing actions, and prohibit transactions with designated persons and entities.”
Recently some companies have proposed solutions for businesses to comply with these new regulations. One approach recommends greater monitoring capabilities and pouring money into identifying illicit use of cryptocurrencies by studying the underlying blockchain data.
But that's not a foolproof solution, and that fact is obvious upon further analysis. The blockchain data analysis solution shows the behavioral characteristics of a crime, but does nothing to identify the criminal.
For example, if one user is sending to another user numerous and repeated one-way transactions, each of similar size and more than a million dollars, the parties transacting are probably involved in organized crime. But in this scenario, while the blockchain data indicates there was a crime involving two or more parties, there is no mechanism to identify who perpetrated it. Identifying the crime is a good start, but it doesn't adequately follow all of the FATF requirements.
Another proposed approach is to create an open-source community to create a new foundational software suite that includes the tools to be able to operate a business like an exchange in a compliant manner. This is time-consuming, however, since operating businesses can’t wait around for the open-source community to deliver.
Businesses need a solution to enable them to continue to operate, and they need it fast. Even worse, no company's compliance officer or CEO can rely on an open-source service, hoping and praying the community does the right thing.
Still, another approach is for each of these businesses to build their own Snowflake solution for individual, specified service environments. Even if this is an effective option, it's a costly one, and probably a waste of time and resources.
Additionally, it doesn’t solve the individual businesses' needs quickly enough for them to continue to operate profitably. Each company has to assemble a team, assess and plan how to attack and solve the issue, consult with compliance and legal, and get a sign off from finance and development operations.
So what's the solution? The answer is a tactical "hit-squad," so to speak, specialized in this issue and armed with the tools to be able to quickly, and with as little modification as possible, implement the required solution.
Any and every VASP, custodial wallet, and exchange can provide two of the five tools required to solve the issue: the wallet infrastructure used to hold each individual’s digital assets and the organization's KYC-ed customer list. The last three tools the "hit-squad" needs to bring are: a Swiss-army knife-like API integration service, a KYC-ed status directory, and an eKYC platform to do on-the-fly KYC inspection of individuals.
The aforementioned team would implement logic using the company’s wallet infrastructure and API integration service, so that when a custodial wallet customer sends their token to a recipient, the system does the following:
1. Check if the system’s KYCed customer list includes this address, if not;
2. Check if the KYCed status directory includes this address, if not;
3. Send the recipient instructions on how to become KYCed
4. When the recipient is KYCed, the transaction will complete
This screening of outbound transactions and gating the release of tokens to the recipient can be accomplished without modifying the standard sign-up and KYC process, and without changing the web, mobile, or tablet user interfaces that are already built and in use.
Nearly all processes remain the same and no piece of the user experience needs to change other than that of the recipient of digital assets. The most desirable type of solution is one that touches the minimum number of processes and systems as possible-one that only modifies that which has to be modified, and this is the solution.
One of the components of this simple, cost-effective solution, the KYC-ed status directory, is on its way thanks to a grant from the Ethereum Foundation. Set to launch in Q2, 2020, the new service creates a bridge that allows individuals to post to Ethereum Mainnet their KYC status.
This allows a user to share their KYC-ed status (and only that data) in a public but secure way, making the results of a financial institution's KYC verification process portable. Moving forward, the compliance officer of a VASP, custodial wallet, or exchange can accept the attested KYC claim—or request additional information, depending on whether they are sending to a third party wallet or on-boarding a new customer.
The KYC-ed status directory helps deliver one of the tools required by exchanges, custodial wallets and VASPs that are sending to 3rd party wallets to become compliant, as these organizations will be able to check that the recipient wallets are KYC-ed via Ethereum Mainnet claims prior to sending to them.
This service will allow exchanges, custodial wallets, and VASPs to receive KYC status from their customers during sign-up or during a transaction–saving the cost, time, and overhead of KYC-ing the individual again. This should lead to lower cost-of-acquisition, open access to additional users, and help achieve compliance with low cost. The simple and easily repeatable solution is almost here.