Here is What an Ideal Compliance Framework for Crypto Should Look Like
The crypto industry, under regulatory scrutiny, seeks a tailored compliance strategy to address unique cybersecurity risks, emphasizing the need for innovative, sector-specific regulatory frameworks.
Compliance scandals in crypto are nothing new. Last year, CZ, the former CEO of Binance, the largest crypto exchange, pleaded guilty to violating anti-money laundering (AML) laws with a $50 million fine to be paid. Today, from the U.S. Securities and Exchange Commission (SEC) pressing court over Binance.US to the Dutch regulator imposing a $3.1 million fine on Crypto.com, the industry endures scrutiny from regulators.
Discussing crypto compliance often leads to comparisons with traditional finance, where many envision a blend of both worlds. However, the straightforward import of traditional compliance models — shaped significantly only after the 2008 crisis — into crypto isn’t the best-case scenario. We’d argue that this approach overlooks the unique aspects and needs of the crypto and decentralized finance (DeFi) landscapes, suggesting that a more nuanced strategy is required to navigate these new territories effectively.
Comply or go out of business
Compliance has become crucial for fintech and crypto firms to survive. The clock is ticking, and crypto businesses in the EU have until the summer of 2024 to comply with the new Markets in Crypto-Assets legislation (MiCA) requirements. No wonder compliance specialists are catching up with blockchain developers as the recent drive for overseas expansion for crypto companies increases demand for these top-notch staff.
These experts face the challenging task of adapting compliance frameworks for the crypto industry, where the nature of controls diverges significantly from traditional finance. While some aspects, like checking the ultimate beneficial owners (UBOs) and the origins of funds, have similarities, the fundamental differences between cryptocurrencies and traditional currencies demand distinct approaches to verification.
Blockchain technology was originally designed to operate outside the traditional financial ecosystem, simultaneously offering a transparent and immutable record of transactions. Initially, virtual asset service providers (VASPs) neglected standard Know Your Customer (KYC) and Know Your Transaction (KYT) protocols, seeing them as antithetical to blockchain. However, this leniency opened doors to fraud, underscoring the need for regulatory frameworks within the crypto sector.
As a result, crypto regulation has tightened, with many traditional financial oversight mechanisms now adapted for crypto transaction verification. The evolution of these regulations, alongside ongoing legislative developments, underscores the importance of crypto companies staying abreast of changes. Compliance is crucial not only for maintaining operational licenses but also plays a key role in combating the advancing techniques of hackers and fraudsters.
What are the crypto-specific risks?
The primary risks facing crypto companies are mainly in the realm of cybersecurity. A significant concern is the breach of exchange security, which has placed cryptocurrency exchanges squarely in the crosshairs of hackers. Such breaches not only lead to substantial financial losses but also compromise customer data.
Another critical issue is the vulnerability of smart contracts. Despite their association with secure and autonomous transactions on the blockchain, cybercriminals can exploit flaws within smart contracts, such as re-entry attacks, syntax errors, and frontrunning, to siphon funds from DeFi platforms.
Moreover, the rise of cryptocurrency has seen a parallel increase in ransomware demands and the sophistication of malware targeting digital currencies. Additionally, phishing attacks and social engineering tactics exploit the human element, often the weakest link, tricking individuals into disclosing sensitive information that grants attackers unauthorized access to crypto wallets and exchanges.
This landscape prompts the question: What does an “ideal” compliance framework look like — one that addresses these complexities and supports crypto companies in managing them effectively?
Sharing is caring, more so in compliance
An “ideal” compliance and AML framework for crypto and crypto-fiat companies should merge traditional financial AML requirements with adaptations for the crypto sector’s unique challenges. It’s crucial to incorporate advanced KYC/AML methodologies that utilize artificial intelligence for verifying crypto transactions. Essentially, this framework would be a hybrid, drawing from both traditional and crypto-specific AML systems.
Moreover, a critical element for enhancing security across the board involves collaboration and information sharing. Just as banks and traditional trading firms engage to share threat intelligence and best security practices, cryptocurrency firms could greatly benefit from a unified approach. Emulating J.P. Morgan’s Ethereum-based Interbank Information Network used by hundreds of financial institutions could offer crypto companies a powerful tool to combat fraud and increase overall fintech security.
The demand for skilled compliance specialists is set to rise significantly in the coming years. And establishing a robust compliance framework in the crypto sector is crucial at this stage. These specialists must adeptly blend fundamental best practices from traditional finance with the unique dynamics of the crypto landscape. After all, competent compliance practices are essential in fostering greater trust and encouraging broader adoption within the industry.
The convergence between traditional and decentralized realms is inevitable, and achieving full compliance can unlock full access to traditional banking services for crypto businesses, addressing long-standing regulatory limitations and streamlining financial interactions between fiat and cryptocurrencies.
About Elizabeth Jagelski
Elizabeth is an experienced lawyer and compliance specialist with a focus on the European crypto market and both fiat and crypto payment systems. Since 2023, Ms. Jagelski has assumed the role of Chief Compliance Officer at Keytom, a neobank that positions itself as one bank for all digital assets.
About Dennis Kudrjašov
Dennis is a seasoned financial services professional boasting over a decade of experience within the crypto market. As of 2023, he holds the position of AML Compliance Officer at Keytom, a neobank that positions itself as one bank for all digital assets, where he oversees AML company responsibilities.
