Recently, an article made the rounds that questioned the value of Anti-Money Laundering/Know Your Customer laws: There's a Bigger Scam Than Anything in Crypto, it's Called KYC/AML. While many of the issues brought up by the article are indeed problematic, the questioning of the fundamental need for AML/KYC goes too far. Referring to AML/KYC as a scam is unfortunate and unproductive.
Consider the imperative driving AML/KYC: To prevent the flow of illicit funds into the legal money system. Proceeds from crimes such corruption, market manipulation and the trafficking of humans, drugs and weapons can leave a trail for law enforcement to connect back to the perpetrators. As terrorist groups and criminals employ increasingly complex schemes to accumulate and protect their funding sources, early detection of terrorist financing risk is essential.
The United Nations Office on Drugs and Crime estimates that between 2-5 percent of the global GDP, or USD $800 billion - $2 trillion, is subject to money laundering each year. These laundered funds culminate in the hands of terrorist organizations to finance crime that endanger the safety and security of citizens and economies. So instead of using these laundered funds to build hospitals, schools and roads or back into hard-working taxpayers’ hands, the money is used to secretly finance terrorist activities.
In theory, no reasonable person would object to helping to prevent terrorist activity or hindering criminal activity. Of course, for any law there are trade-offs and side-effects to consider, so the effectiveness of a law is on a practical, not theoretical, level. Even decentralization purists would agree that cryptocurrencies’ purpose was not to fund terrorist activity. Yet, without the proper AML/KYC measures in place, Bitcoin has been used to improve the living conditions of Jihad soldiers.
The cost and complexity of compliance is expected to increase significantly. According to the MEDICI RegTech Report 2018, banks are spending $270 billion per year on compliance and regulatory obligations. Even more troubling, fines levied on banks by US and UK regulators will top $400 billion by 2020.
Financial exclusion, preventing millions of unbanked individuals from getting on the first rung of financial success, is also a major issue. AML/KYC compliant identity verification does raise the bar for customers to open a financial account but it shouldn’t prevent it either. This is why Trulioo is pursuing alternative data sources, outside of traditional finance, to help this underserved market.
It’s also possible that costs and legal compliance issues stop or hinder some ideas from growing to fruition. And yes, it is hard to measure the true cost of something that hasn’t happened.
However, does that mean we should eliminate AML/KYC requirements? That is the same as saying our government shouldn’t spend money on national security if that event has never occurred. A better alternative is to create processes that are able to meet the regulations while not overly burdening businesses or consumers.
An op-ed written in response to the article, There's a Huge Opportunity for Everyone in Crypto, It's Called KYC/AML, suggested the use of decentralized identity on the blockchain. In this model the user is verified once and given a credential, which goes on the blockchain. Then, the user can share that credential with parties that they want to prove their ID to. The underlying ID information does not need to be disclosed, only the credential.
While this model promotes certain advantages, such as limiting distribution of personally identifiable information (PII) and providing control to the user over the use of their PII, its use in real-world applications is unproven. If PII were to be stored on the blockchain, it would have to be a private instance where permissions are given for limited or one-time use of the personal data. What happens if that initial credential is inaccurate, fraudulent or somehow stolen? Data stored on a blockchain is supposed to be unalterable and permanent, so any identity problem is difficult to fix. This model will always rely on one accurate, provable verifier confirming the underlying data.
Another major issue is the fact that users will have to actively manage their identity information. In a perfect world, this is ideal. However, as Ari Juels, a Cornell University professor and former chief scientist at RSA states, “people are notoriously bad at key management.” Putting this responsibility on consumers can have worse affects than keeping their data with trusted custodians. Beyond that, do people really want to take on this role?
Another model is to look to burgeoning regulation technology (RegTech) industry whose mission is to improve regulatory processes. Automating manual workflows, introducing intelligence into systems using AI and machine learning, and creating adaptable, dynamic systems enables better control over compliance costs while mitigating operational risks.
Using smart due diligence process, as opposed to undifferentiated de-risking, enables financial institutions to continue to operate in markets profitably while maintaining acceptable risk levels.
Regulatory sandboxes, where regulators provide new ideas and technology a safe zone to experiment, allow new concepts to grow without risking the larger economy.
Collecting customer data, to understand the nature of their business and better determine risk, is a smart strategy for any financial institution. While there’s an inherent risk in managing this information, proper security techniques and RegTech solutions introduce powerful safeguards to protect personal and business data.
While overregulation is not a good thing, deregulation for the sake of deregulation is not good either. The reality is that AML/KYC laws are not going away, nor should they; the fight against money laundering and terrorist financing is too important to throw away. Decentralized companies have a chance to be leaders in this regard by doing it correctly from the start. Where traditional financial institutions are weighed down by their legacy systems and, as a result, have to spend billions to meet regulatory obligations, challenger companies get to start from scratch. Employing RegTech solutions to improve AML/KYC is a smarter strategy, limiting the problems while protecting our societal interests.