Today, there are a number of factors that directly and indirectly indicate that the modern compliance model does not fit well into the decentralized world. Virtually all crypto exchanges have similar target audiences. Users wishing to trade cryptocurrencies are usually registered with several of them. Therefore, information is duplicated in the same regulatory authorities. This model of interaction between users, exchanges, and government agencies is very cumbersome and complex. Can the crypto industry offer a working and effective alternative to the established compliance system? We will delve into the matter in this article.

Why Do Customers Dislike the Existing System?

transfer of data to the regulatory authorities
A diagram showing the transfer of data to the regulatory authorities. Source.

This scheme works as follows: Users visit the exchange service → The exchange service pays the service providers to complete the preliminary checks → Reports are generated for the regulators (if necessary). At the same time, all regulated service providers perform the exact same checks.

Centralization in any form has long been inapplicable in decentralized systems. The current identification system does not allow people to quickly gain access to financial services. Usually, the review period ranges from 24 hours to two weeks.

Also now, access to personal information is gained from several counterparties, which process automatically creates an additional vulnerability for criminals. Often, users cannot tell who can manage their data at all. The costs of paying fees for rechecking already confirmed information provided by a number of counterparties also need to be eliminated in view of their uselessness.

Who Needs Compliance?

In order to understand which way to move to solve the emerging issues, it is necessary to understand what the key function of compliance is. "Compliance, in whatever area it is applied, in the broadest sense, exists as an exceptional measure of the state in the face of controlling authorities of executive power aimed at compliance by citizens and organizations with the legislation of the country. For business, compliance is, on the one hand, a set of measures to protect against external influences (for example, external corruption), and on the other hand, from abuse (internal corruption) and ineffective management of the organization by its management," explained director and founder of trading crypto.ru Alexey Bytev to DeCenter.

Before talking about decentralization and the use of distributed ledger technology, you need to understand what exactly it is needed for in one area or another. "Undoubtedly, according to the majority of users of centralized crypto exchanges, the procedures associated with account verification and compliance related policies can be extremely long. Confirmation of the user's identity lasts, as a rule, from one to seven days (in some cases, verification may not be carried out even in a month). This is a necessary process, however, since without confirmation of the user's identity, the company, and the user himself, bear risks in cooperation with the tax or police in case of theft of funds or the commission of illegal transactions on the exchange on behalf of third parties. In order to reduce the risk, there is compliance, like a shield, thanks to which, if you hold it correctly (in our case, you respect it), no one will have any claims against you. In my opinion, it is better to go through several verifications on different centralized crypto exchanges and to establish all kinds of ways to protect your account, because attackers can get your data, and then no good will come of that. In a global sense, it is natural in theory that attackers can take possession of your personal data if you make purchases in an online store, and this happens much more often in statistics than the hacking of accounts on centralized crypto exchanges," said Bytev.

It is obvious that centralized crypto exchanges are not without shortcomings, as there is are the risks of losing users' funds due to, for example, equipment malfunction or hacker attacks, lack of transparency of the platform, and low liquidity (large orders may not be performed for a very long time). "At such times, active users are looking for an outlet and see it in decentralized exchanges. Decentralized exchanges, unlike centralized exchanges, offer simplicity of registration and further exchange of data. Observance of compliance on such applications for protecting the crypto assets of users from market manipulation is just as vague as the weather in London because the risk of advancement of certain orders out of the queue remains open. The miners can view transactions and "promote them" (in fact, this is nothing more than the manipulation of the market).

I believe that there are practically no decentralized exchanges, since some or other data, for example, the order table, should be stored on separate servers, and this is centralization, exceptions can be exchanges where trades are executed by tokens based on one system, like option EPC 20. Compliance is a long process where there really is a problem with duplicating user data, but its solution lies outside the crypto exchange. Duplication of data is carried out almost everywhere where compliance is required, but it must be understood that for the user, this is also a protection. Anonymity is good until you become a victim of cybercriminals, but this is already the reverse side of the coin," concluded Bytev.

What Can the Market Offer to Solve the Problems?

Now there are no models that effectively solve all the emerging problems of exchanges and their users, but there are several proto options that can at least partially facilitate their lives in matters of identification and security.

"To date, all the legal and compliance are determined by the conditions and requirements of each of the participants in the process, especially if this process is associated with the transfer of ownership of some assets, whether fiat or cryptocurrency. And the model of value transfer is a personal thing. For example, if we are talking about a legal entity in Switzerland with a bank account in New York, whose client is a German, and the recipient of the service is, for example, an African, then at each stage, there will be an element of compliance, the requirements for which are determined by the country in whose jurisdiction the operation is being conducted. This is an absolutely stupid story when all this is decided at the level of state requirements to the legal entity so that the legal entity does not violate its own legislation when conducting operations. Legal and compliance are still often limited by their impact on the citizens of the region where we work, for example, the European Union, and the requirements that arise in their jurisdictions. These requirements are international agreements imposed on the conduct of financial transactions. And we get a pretty funny situation," Dmitry Karpilovsky, the founder of the professional CryptoNet community of crypto entrepreneurs shared his opinion with DeCenter.

Even within the framework of one service of one provider with one client, we will have several different, often contradictory levels of legal and compliance. When the money crosses the border, we will have a second set of legal and compliance. That is, the situation is already very complicated. "Now imagine that the same service is provided by different companies around the world. Well, for example, we do not work with one exchange, but with several different ones. Two of them are in Europe, others in the U.S., and others in offshore zones. There will be a completely different set of compliance, a completely different legal framework, but they will be 90 percent identical. That is, the requirements are reduced to the verification of residency to comply with some points related to protection from money laundering. In fact, it will be a legal chaos, which, nevertheless, has a very simple goal. But due to the fact that these requirements are very fragmentary and to some extent, specific, we will get a system where there is no single compliance base, no single requirement for KYC, no single AML requirement. That is, for a decentralized world, an unacceptable and inadequate situation is obtained," the source said.

Interstate agreements can be an alternative, but we are still infinitely far from this. For today, the only working model is the creation of its data exchange protocols. "For example, I like what Paytomat is doing right now. They have one core operating within the same jurisdiction, in which final payments and exits do not occur outside the scope of the legal and compliance of one network, and in each region, a local provider is connected with a full understanding of the legal and compliance of their country. In Germany, there will be a provider working in accordance with German law, in the African republic, there will be a representative with its native legislation and so on. This can solve the problem not only of the level of the difference between the legal itself and the compliance but also the problem of regulating the difference in the level of everything related to the blockchain in the country. That is, for example, in a country where there is not, in fact, any cryptocurrency legislation, everything will be decided through the decisions of the National Bank, and in Switzerland, where everything is spelled out much more clearly, it will be decided according to their legislation. In the E.U., legislation will be reformed, in the Arab world, it’s a different story, and so on. It will be a decentralized protocol, to which local legal and compliance are connected, and thus, some kind of unification is carried out," Karpilovsky said.

Another approach is what Telegram is doing with the Telegram Passport. "What are they doing? They are completely departing from the question of compliance with the issue of attaching documents to the user ID. This is a document exchange protocol. The person fixes the proof of his residence permit, residency, and other important documents. These data sets are then fixed in the Telegram Passport. Under the unified service, any exchange can, with your permission, access this package of documents and then process this data. But they will receive the data themselves using a simple and understandable protocol. This does not solve the issue of conducting the legal and compliance, but it at least simplifies the process for the user, who previously needed to relate his documents to dozens of different places, and then monitor how to work with them. Thus, at the moment, I see only two such outputs. There are no other options for solving real-world problems. There is only a utopian idea that everything will be distributed on the principle of decentralized exchanges and in general, no compliance will be needed, but this does not yet seem to be a realizable project," as Karpilovsky shared his vision.

And Yet, There Is No Way around Compliance

According to some crypto enthusiasts, the compliance system itself is an integral part of the modern world because it is also a certain guarantor of the preservation of assets for users. "Most truly decentralized financial systems, in particular, exchanges, do not have any kind of distinct KYC or AML policy and they are characterized by low liquidity and a small number of participants. Accordingly, they have no system of compliance," said Dmitry Lazarichev, CEO and co-founder of the Wirex Crypto Bank.

Do not forget (or discount) the fact that we do not really have a truly popular decentralized financial system. "All the examples that we can bring will be centralized: the largest crypto exchange exchanges, crypto banks, peer-to-peer lending services, and so on. And here, it is already a choice for the individual: either choose a company that will first conduct the full procedure of KYC with the relevant rules adopted in a given country and subsequent guarantees and obligations or become a client of a company that does not comply with the requirements of the local or international legislation.

Almost any financial organization from the crypto industry can receive the e-money license of the regulator in Europe and become accountable. At the moment, three companies are currently working in the world with a British e-money license, the most desired and difficult to obtain—Coinbase, Circle, and Wirex. This license allows any client of these companies to apply to the FCA with a complaint or some justified requirement, and the company will be liable, without necessarily being a citizen of the U.K. or one of the E.U. countries.

In general, the world is moving towards a more dynamic and decentralized system of KYC, AML, and compliance, but this process will take years, and maybe even decades because it requires coordinated actions of the authorities at the international level. So far, nothing else remains but to turn to classical systems from the traditional financial environment," Lazarichev summed up.