Even without the urgency of cryptocurrency-enabled Russian sanctions violations, bringing know your customer (KYC) identity verification to decentralized finance (DeFi) was always a matter of “when,” not “if.”
And now the conversation is turning to “how.”
Privacy-focused DeFi cryptocurrency exchanges and other projects have long touted their immunity to regulatory control, arguing that the lack of centralized human management makes them immune to enforcement.
The fallacy of this argument was demonstrated quite clearly in a December report by the Bank for International Settlements (BIS), which called DeFi’s decentralization an illusion. Targets ranged from project developers and primary coders to the holders of large blocks of tokens.
Between the focus on sanctions and growing size and impact of DeFi technology — which is beginning to be embraced by mainstream, compliant banks and financial institutions (FIs) — the “when” part of bringing KYC to DeFi is clearly coming sooner than expected.
Between the European Union’s Markets in Crypto Assets (MiCA) legislation and the intergovernmental Financial Action Task Force’s (FATF) Travel Rule requiring two-party identification for any transaction of $3,000 or more, regulatory tools are falling into place. That means centralized exchanges — a much larger fish for regulators to fry — are moving quickly to comply with the anti-money laundering (AML) and combating the financing of terrorism (CFT) requirements.
In the U.S., pressure is coming from the top as well as from regulators, as President Joe Biden’s March 10 executive order fast-tracked crypto regulation across the board.
The How — Tokenized ID
Once you’ve gotten past pressuring the developers, programmers and voters running the decentralized autonomous organizations (DAOs) that provide smart-contract-powered, voting-enabled control of the projects to want to comply, the next step is technology.
Read also: Unpacking DeFi and DAO
This is where a couple of other crypto segments come into the equation.
One is digital or “tokenized” identity, a sector of the industry that has been getting a lot of interest from mainstream companies, organizations and governments for years. It also plays a key role in one of the trendiest segments of crypto and DeFi. Web3, a blockchain-based, privacy-focused next generation web infrastructure being espoused and hyped by developers and investors alike, plans to use digital ID as a core feature.
Tokenized identity, in which a person’s personal information is encoded onto a cryptocurrency token or nun-fungible token (NFT), is generally powered by biometrics, notably thumbprints and retinal scans. Among others, nonprofits and the UN are using tokenized ID to provide identity papers and improve financial aid distribution.
The biometrics industry is taking notice, with news outlet BiometricUpdate.com reporting in August that the “burgeoning decentralized finance or ‘DeFi’ sector could prove a fertile ground for biometric verification providers should services require users to identify themselves.”
Banking and payments are low-hanging fruit, Mitek CEO Max Carnecchia told PYMNTS’ Karen Webster last year. But citizen-government, student-school and patient-healthcare interactions are all fertile ground.
Enforcing those KYC regulations is “that gray area between where crypto is today and where big banks are today,” he said. “Understanding [who] you’re doing business with and establishing that identity is critical for any kind of transaction.”
The How — Oracles
Another option for DeFi projects is outsourcing the KYC compliance work to crypto security firms that a prospective DeFi project user would have to go to for identity verification before being allowed to use the platform. However, that kind of permissioned system is anathema to many DeFi developers, who are focused on an open and free economy.
Another option, however, is using oracles, networks of verified sources which are used by DeFi — and centralized blockchain projects — as pre-agreed sources of trusted information which bring off-chain information to smart contracts that can use it to self-execute and make payments.
Just as DeFi’s smart contracts can pull weather data supplied by AccuWeather to crop insurance projects in Africa, any decentralized exchange (DEX) transaction above a set value would have to pull personal KYC data from an oracle — or from one of many oracles — as part of the transaction.
That is how a fair number of industries like banking and healthcare would have to operate on Web3 anyway.