Is Compliance the Next Wave for DeFi?

If 2020 was the year that crypto reached a turning point in mass adoption, 2021 will be the year of compliant decentralized financial products. Last year, we saw crypto develop financial products into what we call decentralized finance; yield farming, staking, and other financial mechanisms showed that cryptocurrencies can be used for more than holding or as means of payment. 2020 will be remembered for more than stronger mass adoption, it was also the year that international regulatory bodies and local regulators took a much more aggressive stance, especially in the field of anti-money laundering and terrorist financing.

Decentralized Finance (DeFi) is a stack of applications running on blockchain technology with the aim of creating multiple types of financial services and products. These applications have been promoted as a means of empowering users and developers to create unique peer-to-peer experiences which normally, would seldom happen in the traditional finance sector due to stringent regulations.

DeFi apps have brought an improvement on FinTech by introducing the concept of staking. Therefore, the DeFi ecosystem allows users to take out a loan on one platform, leverage a trade on another platform, and exchange it back to the base asset through a decentralized, blockchain-enabled exchange. Through this aspect of staking, DeFi has a wide range of use-cases, hence outperforming traditional financial services.

Although DeFi has enjoyed huge success since its inception, the industry is facing some risks and challenges which might affect users and its adoption by mainstream organizations. For instance, data collection methods in DeFi are still being developed and there have been many hacking instances. Also, there is a shortage of regulatory compliance experts offering support in order to solve regulatory scrutiny.

Regulatory scrutiny in this industry is crucial in order to inject trust and attract more mainstream organizations and investment from high net worth individuals. Regulatory oversight ensures the availability of information that links users and transactions on these applications, which can be retrieved when the need arises

For more on the FATF’s Travel Rule: What does the FATF Travel Rule mean for Crypto Users? | by Shyft Network | Medium

What is compliant DeFi

Compliance in the DeFi sector means that the participants adhere to the same rules as traditional financial services. The laws that are set out for capital markets and the entire financial sector differ across states and governments, but they are classified into Know Your Customer (KYC), Anti Money Laundering (AML), and Countering the Financing of Terrorism (CFT).

The selling point in DeFi is its association with blockchain technology which advocates for decentralization. Therefore, DeFi activities are also permissionless which is different from the traditional system that requires potential users to traverse a myriad of regulatory verification systems before being able to participate in the global economy.

DeFi projects have had issues with compliance, as they allow users to join and leave at their leisure. They are also censorship-resistant, further complicating the possibility of compliance.

The need for compliance in the DeFi space means that the applications should adhere to KYC, AML, and CFT guidelines, which can influence users and allow for collaboration with traditional financial organizations. Additionally, compliance to traditional financial regulatory guidelines can lead to mass adoption and serve a greater number of people.

The nature of DeFi applications obstruct any steps towards compliance, hence the need for bodies such as the Shyft Network that provide greater support.

Potential Solutions

DeFi’s challenge is not unprecedented, traditional finance met these not too long ago; since financial operations, including payments and settlements, retail investment, etc., regulators have been trying to curb illegal operations, i.e., money laundering. Some of these solutions require creative engineering so they can fit decentralized models without exposing users’ personal information.

Our Co-Founder, Juan Aja, explained potential solutions to the DeFi regulatory challenge in an op-ed piece on Cointelegraph, (read: It’s time to mature: We need compliant decentralized finance (cointelegraph.com)). Among those solutions, the following stand out because of their ease of implementation, and their feasibility in terms of adapting existing structures to a decentralized regulatory compliant framework, like the Shyft Network:

1. Whitelisted addresses. A list of items/IP addresses that once they receive an initial validation are granted access to a certain system or protocol. In the case of DeFi, we could have one or two trusted anchors that could validate an address and conduct Know Your Customer diligence on the user. Once the user has been validated, all other projects within the same trust channel — i.e., a group of virtual asset service providers, or VASPs, that have agreed to follow the same set of rules and to collaborate within a well-delineated platform — can give that user access to products and services without having to redo the entire KYC process.
   The advantage here is twofold: The user only shows private documents to one or two entities, thus reducing the surface area of attack for any potential data hacks, and the VASPs can have access to a larger user pool without having to increase compliance costs. A system like this could also enable individuals and entities who are excluded from traditional banking, savings and trading ecosystems due to geopolitical reasons to invest in yield-bearing products, alternatives to lending and high-interest accounts. DeFi is an alternative for these citizens and business owners to save, earn and transact.
2. AML- and GDPR-compliant systems. Institutional capital markets are strictly regulated and supervised by local and international regulatory bodies; the goal is to prevent money laundering and the financing of terrorist operations. With an attestation framework, projects can verify and comply with existing AML regulatory requirements and attract institutional capital while protecting users’ privacy by not requiring them to create copies of their personally identifiable information.
3. Audited codebases and third-party certifications. There are plenty of blockchain projects out there that are not built under minimum acceptable standards, and it’s difficult for every user to go through the codebase and verify that the code is doing what it is meant to do. By having third-party validators go through the code — attesting to its integrity, functionality and reliability — the bar would be raised, making these projects more competitive and safer for investors.

The Shyft Network Solution to Compliant DeFi: Shyft Network’s solution does not entail any fundamental changes to the DeFi sector but rather will augment the industry making it more secure and efficient with minimal risk.

1. Veriscope GDPR/AML Compliant Discovery Mechanism. A key focus for Shyft Network has been the creation of Veriscope, an identity and data exchange network that helps VASPs (Virtual Asset Service Providers) like crypto exchanges, adequately comply with the FATF Travel Rule for virtual assets and service providers. Veriscope is a decentralized solution that will enable VASPs and other projects sanctioned by regulatory authorities, the opportunity to comply with regulations while protecting user data and continuing to remain decentralized.
2. Whitelisted Addresses and Proof of Identity. Shyft Network enables both decentralised and centralised entities to continue operating seamlessly meaning they will be lending, staking, and providing liquidity without fear of falling victim to bad actors. DeFi participants will be required to provide proof of their identity that will be used to whitelist their addresses. Whitelisted addresses will be able to interact with both the decentralised finance providers and mainstream institutions freely as they bear a higher level of trust.
3. Risk Assessment Mechanism for all DeFi Projects. Shyft Network will also continually monitor all wallet addresses interacting with DeFi smart contracts and regularly query them for risk assessment purposes. The result of these queries will be used to generate reports and score addresses on a set risk evaluation scale to establish the trust levels of various participants. The Shyft Network will make this information readily available for DeFi platforms interested in making assessment of various participants. Most importantly, addresses found to be in violation of the set guidelines will be blacklisted to protect others from potential nefarious actors.