- Enforcing KYC rules on unhosted or self-hosted crypto wallets has met with criticism from Europe's crypto industry
- Experts believe a delicate balance is needed between data privacy and disclosure requirements
With cryptocurrency thefts and money laundering in crypto increasing day by day, watchdogs globally are charged up to introduce more transparent regulations.
Last month, regulatory authorities in Europe voted in favor of regulations that require crypto exchanges to know the identity of investors behind unhosted wallets – wallets that are not hosted by a third party.
Besides Europe, regulators around the world are also in favor of enforcing the know your customer (KYC) rules on unhosted or self-hosted crypto wallets.
If crypto regulations are set in place in the coming months, it could place severe disclosure requirements on transactions between non-custodial wallets and crypto exchanges in the European Union. This has met with severe criticism from the crypto industry in Europe.
Implementation of the first set of regulations too fast: Experts
Experts believe that the implementation of the first set of regulations could be “too fast” for exchanges as over 70% of the transactions come from unhosted wallets like phones and computers and not from registered exchanges. At the same time, they believe that there is a need to have a “delicate balance” of data privacy and disclosure requirements.
Speaking at a panel discussion on “Know your crypto customer: is total anonymity sustainable amid hacking and AML concerns?” organized by the Financial Times on April 26, Maja Vujinovic, Managing Director at OGroup said, “It is a delicate balance between individual privacy and institutional credibility because you don’t want to allow crypto to be the means for laundering and all kinds of other criminal activities. But at the same time, you know, what we are seeing in Europe (backlash from the crypto industry on data privacy requirements) is that we see a lot of further pushback on the larger organizations for sure.”
Vujinovic added that some large companies also do not want to hold data due to liabilities and therefore, there is an opportunity to create a new world where individuals can own their own data.
Ian Taylor, Executive Director, CryptoUKAs ways to avoid government, we don’t want crime. It’s a sizeable disadvantage that this brings. So we need to be smart and we need to work with policymakers to make sure there are no weak points because there will be exchanges, and certain jurisdictions won’t have the same will have a lighter touch rather than the major jurisdictions. And that’s what we’ve already seen when it comes to ransomware. The exchanges are targeted for the washing of money that has been stolen in criminal activity. So, it’s a balance always
Taylor pointed out that cryptocurrencies work at a global level and hence it is not easy operationally for exchanges to be able to implement KYC immediately.
The recent Financial Action Task Force (FATF) guidance is aimed at extending the scope of the Travel Rule to VASPs if a virtual asset transfer involves a self-custody wallet. This means, that when an exchange sends crypto to another exchange, the name and account information of both sender and receiver are sent are available to both parties.
The panelists believed that “deadlines” here would again be a problem and that it cannot just start “next week.”
David Carlisle, Vice President of Policy and Regulatory Affairs at Elliptic, a provider of cryptocurrency compliance and risk management solutions, said regulators usually have two aims – protecting and preserving privacy and data and mitigating risks associated with financial crimes, money laundering, and sanctions evasion.
“But, I think the focus at the moment tends to be overwhelmingly towards how do we because that prevent against the threats,” he said and added that regulators are willing to try to find some middle ground between enabling privacy-enhancing features, while also trying to mitigate some of the risks.
While Taylor demanded more “consistency” in regulations at a global level, other panelists noted that a “one size fits all” approach is not possible due to the differing opinions governments across the world hold about cryptocurrencies.
David Jevans, CEO at CipherTrace said, “I have no hope that we will have homogenized regulations ever therefore, I think it is an opportunity for companies, consultants, products, services, to bridge that gap to expand what we understand as AML and know your customer technologies to perhaps encompass a broader compliance of computing capability around crypto that could be delivered in a simple way to all these virtual assets service providers.”
Balance between data privacy and institutional credibility needed
While the technology to create this balance between data privacy and institutional credibility is slowly coming up, panelists believed that a probable solution is for regulators and the industry to come together to a middle ground.
Vujinovic said, “You have zero-knowledge proofs that will still have to do a lot of work. There needs to be improved performance. There needs to be scaling a blockchain for this technology actually, to achieve a real-world adoption. You have to be able to integrate with these technologies. These are not easy things to do at all at scale.”