• Wed. Dec 25th, 2024

What are the Best Compliance Practices for the Crypto Space? (Round Table Interview)

With the recent twists and turns that have rocked the cryptocurrency and blockchain industries, so many gaps have been exposed compliance-wise.
Institutions have failed. Governance processes have issues and the world wonders if there is any substance to these technologies that have taken the world by storm.
Is the crypto space a one hit wonder?
What are the best compliance practices that can be implemented to ensure the longevity of the industry?
How can future crises be overcome?
Our panel of experts have more to say…
Here’s the lowdown!

Dhruv Patel, CEO, and Himanshu Sahay, CTO, co-founders of Arch Lending

 There should be regulation against lending out customer assets (banking license akin) – There should be requirements to clearly separate customer assets and hold those assets in a US-based SEC-regulated trust (or whichever country the borrower is in and the loan is in jurisdiction). Most lenders today self-custody assets, but like Arch’s approach, using a qualified custodian such as BitGo, which holds assets in a US based SEC-regulated trust is the way to move forward in a secure, regulated manner – Crypto should be regulated as a commodity or security (word is out on which one it will be) Are we going to see a rise in crypto lending following the collapse of these major players, or will it take the industry time to reset? – Lending companies should function like a TradFi company with security, regulation and risk management safeguards in place, and applies these to the crypto asset class in an over collateralized lending function.

Tony Petrov, Chief Legal Officer at Sumsub 

“The regulators’ idea to effectively extend the already-existing financial regulations onto crypto makes sense; however, we must bear in mind that there are features unique to cryptocurrency regulation, and they require more than just applying the financial laws originally designed for other sectors of finance. Cryptocurrency regulation needs to involve the new tools unique to cryptocurrency technology, the ones designed to mitigate the risks flowing from the inherent anonymity of crypto with the qualities of the inherent transparency of blockchain. Know-Your-Customer (also known as KYC) checks, the set of standards designed to protect financial institutions against fraud, corruption, money laundering and terrorist financing, is an essential step for demonstrating compliance, trust, and transparency for these firms.
 
Bad business, either unwise business practices or outright fraud, becomes harder to conceal in difficult economic times. As balance sheets fall, bad actors face greater chances of becoming exposed. Signature Bank, a bank shut down two weeks ago to prevent a bank run, dealt with money-laundering exposure via crypto before. In response, it shut down the questionable accounts, but did not otherwise make compliance and risk management a major focus. We are now seeing new regulatory initiatives on compliance, like the travel rule, for instance, that applies to crypto vendors and their banking partners. The travel rule requires accurate identification of those engaged in crypto transactions, is a new regulatory measure being implemented around the world to address money-laundering and other risk management concerns. Institutions, like the digital assets divisions of tech-friendly banks, will be required to demonstrate compliance.
 
The last few years have seen widespread participation and adoption of cryptocurrencies which led to major growth for the industry, yet recent events have also thrown their reputation into a negative light. From Celsius to FTX, Bitzlato, Bittrex, and Bithumb, the public has been flooded with case after case of fraud in cryptocurrency. Pushing back against this trend, the adoption and implementation of effective 3rd-party KYC controls is a way that a crypto exchange or partner bank can demonstrate it is governed properly. To get the industry back on track, the demonstrated and verifiable adherence to the best compliance measures will most likely become the number one due diligence item for crypto traders and venture funds investing in crypto fintechs alike. No one wants to be associated with disasters like Enron, Wirecard and FTX. It will be broadly understood going forward that companies putting business ahead of compliance should raise suspicion about their practices in general. Any M&A deals with regulated entities will start with compliance due diligence checks. It is quite clear that effective compliance procedures and infrastructure are not just a cost any more; quite to the opposite, they are an asset.”

Amy Wan, securities/FinTech Attorney and Co-Founder/CEO of Bling Financial

 I would say the single most important thing founders should do to maintain compliance is to ensure that they have an open attitude to laws and regulations. In my experience, many founders in the space approach regulatory compliance with hostility and an eye to subvert or somehow invent a way around regulations, instead of deferring to them.
 Secondly, they should engage applicable counsel and refrain from making any statements/insinuations that any token or NFT they are releasing will go up in value, to the extent they are not treating the token/NFT as a security. Many people in the space seem to believe that NFTs carte blanche are not securities, which is not the case.

                                                                                                                      Igor Bannikov, Chief Risk and Compliance Officer of YouHodler

  Compliance should be the cornerstone of any company. It does not only help to avoid any negative legal consequences, for example, investigation and potential fines from legal regulators, but also strengthens companies’ reputation and helps to grow business and, ultimately, its revenue.
 The first step for any successful compliance program is to fully understand the business field and set up and grow strong compliance culture. It is important to realize that a compliance program should not only include the step-by-step daily processes, for example identifying customers and their transactions, but also focus on ongoing education of all relevant stakeholders, including customer support that is in daily contact with clients, and monitoring effectivity of the compliance program and therefore identifying potential shortcoming and improving this program.
 
The crypto market is an emerging environment that requires constant monitoring of current and upcoming regulations in multiple jurisdictions and fully utilizing state-of-art software solutions that help identify potential red flags related to customers’ identification and verification and their behavior.
 
As mentioned above, one of the foremost areas to focus on is ensuring that the company knows its customers (the so-called KYC rule). There are a number of software solutions that assists crypto companies with the verification of clients. They use advanced methods to ensure that clients are who they say they are. This is especially important in the online environment where crypto transactions occur. These software applications utilize multiple instruments that employ artificial intelligence and highly trained specialists. These help to spot potential red flags, for example, identity thefts or using mule strategy. To name some instruments, software solutions execute liveness and adverse media checks, evaluate submitted documents focusing on any alteration of these documents or missing security features and also monitor IP addresses. Furthermore, as they have a large database of users, they can spot fraudulent behavior of individuals in other projects without revealing any sensitive data. All these red flags are monitored and evaluated at the beginning of the business relationship and during the relationship.
 
In the crypto field, it is essential to understand individual crypto transactions and transactional behavior in general. To do so, the company must focus on evaluating these transactions and monitor and eventually investigate the nature of potentially risky transactions. As most crypto transactions, or, rather say, used crypto wallets are anonymous, companies need to utilize software solutions that can investigate blockchains themselves. These solutions have the ability to spot potentially risky wallets. These wallets can be associated not only with sanctioned entities or dark markets but could also be red flags that need to be considered while evaluating clients’ behavior. These wallets could be related, for example, to mixers or coin swaps.
 
Finally, companies should also focus on collecting and evaluating transactions as a complex activity and if needed, communicating the results of these analyses with regulators. The evaluation takes into consideration the individuals themselves and their profile, including jurisdiction and reasonable transactional behaviour and their overall transactional activities. As a result, it is not only analyzing crypto transactions as mentioned above, but also fiat transactions. This helps identify any suspicious activities or patterns that may indicate money laundering or other illegal activities.
 
Finally, speaking about crypto compliance, we should keep in mind a couple of major points: 1) In many aspects, crypto compliance is similar to traditional financial institutions. There is one major difference – transparency. Because of the nature of blockchain, every single transaction on the blockchain is visible. That makes crypto compliance even more advanced compared to traditional compliance. 2) Even if compliance requirements may seem complicated, unnecessary or even boring for the end users, at the end of the day, it works in their favor, protecting them from the risks of fraud, scams, etc

Thomas Carter, CEO and Chairman of Deal Box

“In crypto, compliance practices are essential to ensure adherence to regulatory requirements and avoid legal consequences. Here are three that are currently helping pass regulatory tests in the crypto space:
 Know Your Customer (KYC) and Anti-Money Laundering (AML) Procedures: KYC and AML procedures are critical compliance measures that involve verifying the identity of customers and ensuring that transactions are legitimate and not used for money laundering or terrorist financing. Crypto businesses must comply with these regulations by implementing robust identification and verification procedures, monitoring ongoing customer activity, and reporting suspicious transactions to regulatory authorities.
 
Data Security and Privacy: Protecting sensitive customer data is essential in crypto. Businesses must take measures to secure their infrastructure, implement data protection policies, and conduct regular vulnerability assessments to identify and mitigate potential risks. Compliance with privacy regulations such as the General Data Protection Regulation (GDPR) is crucial to avoid regulatory penalties.
 
Transparency and Disclosure: In crypto, transparency, and disclosure are crucial to building trust with customers and regulators. Crypto businesses should provide clear and accurate information about their products and services, including risks associated with crypto investments. They should also disclose information about their ownership structure, financial status, and compliance policies to regulatory authorities and the public. Regular reporting and auditing financial statements can also help demonstrate compliance and build credibility with regulators.
 
Crypto businesses must prioritize compliance with regulatory requirements to avoid legal consequences and maintain their reputation in the industry. Implementing robust compliance measures such as KYC/AML procedures, data security and privacy, and transparency and disclosure can help businesses pass regulatory tests and build a trustworthy reputation in the crypto space.”

Serra Wei, CEO of Aegis Custody/Aegis Trust

 As we all know, crypto regulations vary by country and there is no globally accepted standard for regulating cryptocurrencies. However, recent events such as the FTX meltdown have shown that companies seeking accelerated growth and taking an opportunistic approach by capitalizing on the lack of standards are now facing disastrous consequences. 
While some may see regulation as government interference, it is crucial for protecting consumers’ financial assets. Standards and compliance are necessary to make the crypto market a safer place and prevent it from crumbling altogether. In the US, cryptocurrency exchanges must register with FinCEN and comply with Anti-Money Laundering (AML) regulations. Most crypto exchanges also require their customers to pass a Know Your Customer (KYC) check before buying or withdrawing crypto funds since they are defined as money service businesses (MSBs) under federal regulations.
 
When it comes to protecting customer assets and “passing” regulatory tests, qualified custodians (QCs) will play a major role. This has been evidenced by the recent SEC ruling, which left only a select few QCs remaining in the US. It would be wise for players in the industry to look into how they can integrate or partner with a qualified custodian to ensure they are complying with institutional-grade security that adhere to stringent security requirements and adhere to all the current regulations
 
While other regulations in the crypto industry are still largely undefined, traditional financial laws and regulations (TradFi) provide a basis for understanding what compliance is necessary. Companies looking to avoid government crackdowns should look to TradFi for guidance and plan accordingly.
Kevin Moore - E-Crypto News Editor

Kevin Moore - E-Crypto News Editor

Kevin Moore is the main author and editor for E-Crypto News.