Did you miss a session from MetaBeat 2022? Head over to the on-demand library for all of our featured sessions here.
The decentralized nature of Web3 projects has made it a challenge for traditional regulatory organizations to govern them. For a long time, the community saw this as a positive because it meant that these projects were outside of government control.
However, as these projects have grown in popularity, there has been an increased push by regulators to find ways to govern them. One area where this is most apparent is Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance.
KYC has had very negative connotations in the Web3 community. People see it as an infringement on their privacy and a way for the government to control them. They also see it as the antithesis of blockchain technology, which is supposed to be decentralized and anonymous.
In this article, we will attempt to answer the question: Does KYC really encroach on decentralization? We will look at the arguments for and against KYC compliance and try to come to a conclusion about whether Web3 projects should consider it.
Join today’s leading executives at the Low-Code/No-Code Summit virtually on November 9. Register for your free pass today.
The Wild West of Web3
For the longest time, the decentralized nature of Web3 projects meant that there were no rules or regulations governing them. This was seen as a good thing by many because it meant that these projects were outside government control.
This dates back to the early days of Bitcoin, when the anonymous creator Satoshi Nakamoto said that the cryptocurrency was designed to be “a peer-to-peer electronic cash system” that didn’t need “any trusted third party.” This meant that there was no central authority controlling Bitcoin, and it was up to the users to decide how to use it.
Naturally, this lack of regulation also meant that there were no rules against things like money laundering or terrorist financing. This led to Bitcoin being used for a variety of illegal activities on the dark web, which furthered negative associations that it was used for criminal activity.
The way onboarding used to work for crypto projects: Users would go to their website, download the software, then send them some money. There was no KYC or AML compliance because there was no way to know to whom money was being sent.
This all changed when crypto ecosystems started to grow and attract more mainstream users. As more people started buying crypto, the exchanges that they were using began to implement KYC and AML compliance measures.
Early pushback against big players
This was a necessary evil in order to continue growing ecosystems and attract more users. But it also led to a lot of friction within the community because many people thought it as a way for governments to control them.
The tension came to a head in 2017 when the Chinese government cracked down on Initial Coin Offerings (ICOs). This led to a mass exodus of crypto projects from China to more friendly jurisdictions like Hong Kong and Singapore.
However, even in these more crypto-friendly jurisdictions, KYC and AML compliance was still necessary to comply with the law. This led to a lot of projects doing KYC-AML compliance in a way that the community considered too intrusive.
For example, Binance, one of the largest crypto exchanges in the world, was accused of doing too much KYC on its users — but then the U.S. Securities and Exchange Commission (SEC) pushed Binance to actually increase its KYC standards. This suggested that having users upload their IDs and selfies was simply not enough. Most users are understandably not comfortable with that.
This led to a lot of criticism from the community because it was seen as an invasion of privacy; but Binance has not relented and still maintains a thorough KYC policy.
Dissatisfaction with strict policies indicates that there is a delicate balance that needs to be struck when it comes to KYC and AML compliance. On the one hand, you need to do enough to comply with the law and prevent your platform from being used for illicit activities. On the other hand, you don’t want to do too much and risk alienating your user base.
The current state of KYC in the crypto world
In the current crypto world, most exchanges and wallets have some form of KYC, but there is still a lot of variation in how much information is required from users.
Some exchanges, like Coinbase, only require users to submit their name and email address. Other exchanges, like Binance, allow multiple verification tiers with varying degrees of required information.
There are also a few exchanges that have implemented KYC-less protocols. This means that users don’t need to submit any personal information to use the platform.
The main downside of this approach is that it makes it more difficult to comply with anti-money laundering regulations. This is why most exchanges still require some form of KYC from their users.
Lessons in sovereign policy
The push and pull between regulation and decentralization is not unique to the crypto world. All sovereign nations have to deal with it when it comes to their own policymaking.
Historically, United States laws have sought to regulate the internet — and have been met with a lot of resistance. The most famous example is the Communications Decency Act, which the Supreme Court struck down in 1997.
The act was passed in an attempt to regulate online pornography, but it was quickly met with criticism from the tech industry. The main problem with the act was that it was too broad and would have ended up censoring a lot of non-pornographic content.
The court ultimately struck down the act, but the case highlights the tension between regulation and decentralization. The U.S. has since taken a more hands-off approach to regulating the internet, which has allowed the tech industry to flourish — but has also enabled the prevalence of harmful content.
Lack of regulation is why big banks still have a leg up over DeFi
When interviewed about the potential success of the crypto industry in replacing legacy banking players, hedge fund manager Kenneth C. Griffin mentioned that the perpetual flaw of crypto is that, unlike with banks, very little can be done when users need their financial provider to do right by them.
Charlie Munger, legendary investor from Berkshire Hathaway, also mentioned that crypto was “rat poison” and cited the prevalence of illicit activity for why he would personally never consider it a viable asset class.
These statements, while inflammatory, get to the heart of one of crypto’s big problems: The lack of regulation. Unlike with banks and other financial institutions, there is no government body that oversees the crypto industry.
This means that there are no guaranteed protections for users if something goes wrong. If a user gets hacked and loses all of their crypto, there is no government insurance that will cover the loss.
The same lack of regulation also makes it difficult for exchanges and other crypto businesses to get traditional banking services. This is one of the reasons why the DeFi industry has been such a big deal in the crypto world, since it can fulfill many of the services of traditional banks such as lending and borrowing with interest accrual, and asset investments, without the same regulatory requirements.
By using decentralized protocols, users can bypass the need for traditional financial institutions. However, the lack of regulation also makes DeFi protocols more vulnerable to hacks and other security problems.
KYC, decentralization and digital identity
So with all that said — does KYC violate Web3’s tenets of decentralization and privacy? It does not. To better understand why you have to look at it from a two-sided approach.
First, let’s look at it from the perspective of exchanges and other businesses that require KYC. For these businesses, KYC is a way to comply with anti-money laundering regulations. By requiring users to submit personal information, businesses can help prevent criminals from using their platforms to launder money.
This is a good thing for both businesses and users. It is also worth noting that KYC does not have to be a violation of privacy. When done properly, businesses can collect the necessary information without sacrificing the privacy of their users.
Second, it is worth noting that decentralization works hand in hand with another important element of Web3 — digital identity. For decentralization to work, users need to be able to prove their identity. Otherwise, there would be no way to prevent bad actors from taking advantage of the system.
Decentralization without digital identity is not the kind of decentralization that we are striving for. Furthermore, a self-sovereign identity system would give users complete control over their personal information, further easing the worry about centralization.
This means that users could choose to share their information with only the businesses and organizations that they trust. They would no longer have to worry about their information being mishandled or stolen by central authorities.
KYC is one way to establish a digital identity. By requiring users to submit personal information, businesses can help ensure that everyone using their platform is who they say they are.
Why KYC is a necessary first step for crypto exchanges
With all of the above points in mind, it is clear that KYC is the necessary first step for Web3 projects. Without some form of KYC, it would be very difficult for exchanges to operate in a compliance-friendly manner.
Users should not think of it as their data being centralized — but rather their legitimacy being verified. Once a user’s KYC information has been verified, they can go about their business on the platform without having to worry about being flagged for suspicious activity.
In conclusion, it is evident that KYC is a necessary first step for exchanges and other Web3 projects. Without some form of compliance, it would be very difficult for these projects to operate in a legal and safe manner.
In our next segment, we will talk about the role DeFi plays in the inclusive economics behind Web3: How it allows participation by those who have been left out of the traditional financial system, and what advantages it has compared to the current system.
Daniel Saito is CEO and cofounder of StrongNode.