FinanceFeeds Podcast Ep. #17: Sumsub’s Tony Petrov talks compliance in FX and Crypto
Nikolai Isayev, Editor-in-Chief of FinanceFeeds, welcomed Sumsub’s Tony Petrov on this week’s podcast episode.
Tony Petrov is the Chief Legal Officer of Sumsub, a renowned RegTech company that provides KYC, KYB, transaction monitoring and AML solutions for an international client base, namely in the fintech, crypto, and gambling industries.
“We basically offer products for compliance teams and lawyers,” Tony said as he introduced himself to the FinanceFeeds audience. As for his role at the company, Tony highlighted his R&D work on the legal side of Sumsub’s products, ensuring that the firm is always up to date with regulatory requirements across the globe. Tony also represents the company in forums, conferences and as the host of a popular YouTube channel.
Holding a Transnational Business Law LLM from the University of the Pacific, McGeorge School of Law, Tony obtained a CySEC Anti-Money Laundering Certificate issued in July 2021.
He’s been with Sumsub since February 2018, about three years after it was co-founded by Andrew Sever, Vyacheslav Zholudev, Jacob Sever and Peter Sever. The company currently has offices in Berlin, London, Cyprus, Tel Aviv, and Miami.
Tony lives in Brazil, which actually drives quite a lot of interest from industry peers and clients as the country has recently passed the Foreign Exchange Act, liberalizing regulations on currency movements and foreign currency accounts. The new legal framework came into effect in January 2023 and turned Brazil into an attractive jurisdiction for FX and Crypto firms looking to expand their business.
Dubai, the land of opportunity on the FATF “Grey List”
Tony most recently shared insights at the iFX EXPO Dubai 2023, where he spoke at the “Regulatory Framework Across Borders” campfire session, covering regulatory trends in the MENA region and what brokers should keep in mind to meet both local and global regulatory requirements while staying efficient, legit and cost-effective.
The MENA region “basically stands for Dubai”, he joked, adding that this particular jurisdiction is a “special place”. Although it’s on the Grey List of FATF—meaning that compliance procedures are not meeting the highest standards —the designation doesn’t affect commercial opportunities at all.
Admittedly, geopolitics has a role in Dubai’s emergence as a financial center, but its innovative approach toward regulation makes it an outlier. The jurisdiction hires the best professionals around the globe, especially from the UK, who are encouraged to take initiative to design an innovative, attractive and functional regulatory framework.
KYC solutions must address specific regional requirements
Tony and Nikolai also spoke about technological enhancements in ID verification. Their key takeaway there is that KYC solutions “are very much opportunistic”, meaning that their focus is to serve the specific needs, characteristics, and requirements of each jurisdiction.
India, for example, has a biometric system for KYC, an advancement that was born out of the need to address the country’s high rate of illiteracy. “People couldn’t sign documents. That’s why they came up with this system,” Tony said.
Other regional examples include Scandinavian countries, where uploading a bank ID is enough for verification purposes. In Germany, meanwhile, the law requires video verification.
Brazil has the CPF (Natural Persons Register) system, a sort of a tax number. “If you have access to that number, you get all the information from the database, including the face image”. However, globally, users are still required to upload a passport, ID card, or driving license.
Again, Cyprus is not impressive in terms of advanced verification technologies. Quite the contrary. The law requires firms to onboard foreign customers only with passports, which is strange given that a large portion of people worldwide do not apply for travel documents such as passports.
Future trends: Self-sovereign IDs and the EU’s ID Wallet
Looking at future trends, Tony Petrov points to the emergence of self-sovereign identities (SSI), a blockchain-powered approach to digital identity that gives individuals control over the information they use to prove who they are to websites, services and applications across the web.
While SSI is still not allowed for AML purposes, it shows promise.It can enable users to protect their personal data and still be verified through a third-party credential on the blockchain.
But why is SSI still not allowed? In accordance with current KYC regulations, firms have to know everything about the client, while the self-sovereign principle is to provide minimum information. Until these approaches are harmonized, we won’t see much in the way of a self-sovereign solution, with one exception: decentralized applications. These have no choice other than using self-sovereign systems. According to Sumsub’s Chief Legal Officer, the RegTech firm is currently developing its proprietary self-sovereign wallet.
The European Union is also going forward with a solution similar to SSI, but governed by its own authorities. The upcoming ID Wallet, which aims to protect user data, will be available to EU citizens, residents, and businesses who want to identify themselves or provide confirmation of certain personal information. It can be used for both online, offline, public and private services across the EU.
KYC solution providers like Sumsub, however, will still have to deal with the reality of drastic inequalities in people’s ability to prove their identity with documents. According to the World Bank, one billion people have no legal identity at all, while three billion hold next generation ID cards. This means that ID verification will still somewhat rely on the traditional approach of uploading standard documents, passports, ID cards, and maybe cross-checking with databases when possible.
You can be Sam Bankman-Fried or be compliant
The conversation then moved onto crypto, where the unfolding FTX collapse has exposed a lot of loopholes.
FTX has become a case study for compliance professionals. The exchange operator was regulated in the Bahamas and relied on the jurisdiction’s inability to supervise the company.
A key takeaway is that there are many compliance procedures and they all must be followed—no cherry picking allowed. FTX, for example, had a compliance officer but no actual board of directors. What’s more, sometimes owners of regulated entities are psychologically unable to realize that they cannot experiment with “creative implementations” of compliance requirements. “You can either be Sam or work at a regulated business,” he concluded.
Crypto firms should reveal the skeletons in their closet
Although many still claim there is no proper regulatory framework for digital assets, Tony is of the opinion that recent cases involving Bittrex, Payoneer, Kraken, and Coinbase show that regulation is already in place in the US.
The problem with digital asset companies is that they didn’t bother to be compliant back in the day and now US regulators are even retroactively applying their regulations. Now it is clear that crypto exchanges are expected to have everything in place: controls, policies, procedures, special officers, board meetings, etc. “That’s why the FTX crash was so shocking. Nothing was there”, Petrov said. FTX.US was seemingly a shell company while those who really controlled the business were a small group of friends living in a penthouse in the Bahamas, he concluded.
Tony Petrov also pointed to US regulators’ far reach on crypto exchanges, even for companies operating outside the United States. It only takes serving a few US citizens and they’re in danger already. “The bottom line is there will be no distinction between Coinbase and a company outside the US.”
In conclusion, crypto exchanges will be put on a leash. “All games are over”, he continued, adding that regulators will not let digital asset firms use the grey zone, although it is true that some regulations may not be absolutely clear and could be made better.
His advice to crypto firms: “show all the skeletons in your closet, pay for them, and start all over as a clean business. That’s the future. And it doesn’t even matter if you’re a US company or not.”