Part II — Digital Asset Technology: Compliance and Security Tools

By: Rikhil Bajaj and Darshan Patel

Introduction to Compliance and Security Technology

The potential for digital asset compliance & security technology is apparent even if — or perhaps because — it is a fraction of the size of its equivalent market in traditional finance (“TradFi”). Traditional compliance & security is a ~$180B industry. In comparison, we estimate <$0.5B is spent on compliance & security tools in Web 3.0 today. This relative underspend on compliance & security vs. TradFi is not without its consequences. In fact, in 2022, >$20B of illicit transactions occurred in cryptocurrencies. We believe we are approaching an inflection point in adoption of these tools for crypto-native businesses and more traditional institutional players alike. Our rationale is as follows:

• Founders are developing solutions tailored to the unique challenges of compliance & security for digital assets that often apply to TradFi customers as well
• The scale of fraud losses in digital assets necessitates these tools
• Increasing regulatory oversight paired with institutional adoption will drive the ecosystem to proactively implement solutions (e.g., KYC/AML requirements in the US are becoming stricter, driving adoption of client onboarding tools like Sardine)
• Regulators themselves require tools to conduct their oversight and investigations (e.g., US regulators have spent at least $10M on Chainalysis tools and services)

Major Compliance and Regulatory Issues Pending Resolution

Regulation of crypto assets is one of the SEC’s top priorities for 2023. We have identified five key issues pending resolution in the United States. We also offer possible outcomes based on comments from regulatory authorities.

Despite the current lack of legislation and a clear regulatory framework, the SEC has nonetheless brought numerous enforcement actions against digital-asset market participants. This January, the SEC charged Genesis Global Capital and Gemini Trust Company with offering and selling unregistered securities, months after the SEC was sued for “years-long, purposeful delay and obfuscation” over the classification of cryptocurrencies as securities. We would expect to see digital asset market participants implement third-party software tools for security and compliance with current and expected regulation preventatively. Digital asset market participants, which are often global in nature, can also look to foreign frameworks for a sense of how regulation may evolve in the US. For example, the EU approved the MiCA Regulation for comprehensive regulation of cryptocurrency markets. MiCA defines three categories of crypto-assets, each with unique regulatory requirements, which potentially offers fairer, more effective regulation versus a blanket approach. In our view, players who maintain registration and compliance, and proactively monitor the security of their code, transactions, etc. will achieve greater scale.

We segment compliance & security tools into three primary categories:

1. Client Onboarding / Security Ops: Client onboarding solutions (e.g., Solidus Labs and Sardine) provide APIs for streamlined KYC/AML often with integrations into internal application verification workflows. These firms aim to improve customer conversion while minimizing fraud and decline rates/false positives. In addition, AI is increasingly being applied by security teams to automate security operations (e.g., investigations) in platforms such as Anchain.ai and Grey Wolf.
2. Transaction Monitoring: Transaction monitoring tools are primarily used by crypto-native businesses, regulators, and financial institutions to comply with or enforce regulation (e.g., AML or CFT) and prevent or investigate nefarious activity. Companies in this category include Chainalysis, TRM Labs, Solidus Labs, Elliptic, Merkle Science and Coinfirm. Sardine monitors risk of both fiat and blockchain transactions. Anchain.ai specializes in smart contract transaction risk, especially valued in investigations. Notabene, Ciphertrace and Scorechain also offer travel rule solutions that enable smooth exchange of KYC information prior to cross-border transaction execution.
3. DevSecOps: These software tools enable developers to code more securely, much like DevSecOps in TradFi. Given the sudden explosion of smart contracts (e.g., in the DeFi and NFT ecosystems — 4.6M+ smart contracts deployed on ETH mainnet in 4Q22), several of these platforms (e.g., Quantstamp, Certik, Halborn) originally began as smart contract auditing platforms and now offer broader capabilities. Halborn, as an example, also offers automated pen testing and DevOps services. Anchain.ai is driving automation of audits because there is a need to conduct ongoing monitoring of code vulnerability post-deployment. Immunefi is a code bug bounty platform enabling blockchain protocols to post bounties for identifying security risks. OpenZeppelin has developed a library of modular, reusable, secure smart contracts, while also offering traditional audit services. We further segment this category into six subcategories — each corresponding to key steps in development from initial coding to pre-deployment auditing to post-deployment risk monitoring.

Why Work with Tarsadia Investments?

Tarsadia Investments is a $2B+ firm that makes high-conviction investments in category-defining companies globally. We’ve invested across stages from idea to public ownership, with often a decade-plus investment horizon. We use our domain expertise in financial services and technology to support founders on growth, talent and M&A/capital raising.

Please reach out to us if you are:

· Building a digital asset technology company. We often engage with founders outside the fundraising cycle, sharing insights and introductions within our network. We invest in series A and beyond, writing checks from $5M — $75M.

· An experienced leader looking to advise or invest in digital asset technology companies.

· A financial institution, web 2.0 or web 3.0 business looking to work with digital asset technology companies.

Cold outreach welcome on LinkedIn.

***

The views and opinions expressed in this article, and in any other article referenced herein, are those of the respective authors and do not necessarily reflect those of Tarsadia Investments, LLC or its affiliates (collectively, “Tarsadia”). Tarsadia has not verified the accuracy of any of the data or statements by the authors and disclaims any responsibility therefor. This article is provided solely for general informational purposes, should not be relied upon as legal, business, investment, or tax advice, and is not an offer to sell to any person, or a solicitation from any person of an offer to buy, any securities or other assets of any kind. References to any companies, securities or other assets are for illustrative purposes only, and do not constitute an investment recommendation or offer to provide investment advisory services of any kind. Any projections, estimates, forecasts, targets, prospects, and/or opinions expressed in this article are subject to change without notice and may differ materially from actual results. For additional important disclaimers regarding this article, please see “Informational Purposes Only” in the Terms of Use for Tarsadia’s website, available at https://tarsadia.com/terms-of-use/.