Confidence in crypto is in tatters. How can we rebuild it?
The current media climate surrounding blockchain is full of stories of fraud and misrepresentation. While not all of these stories are cryptocurrency-enabled, such as FTX’s misappropriation of customer funds, they are eroding confidence in the broader crypto market, particularly among lawmakers and regulators.
To rebuild trust in the industry and create thoughtful regulation, blockchain must embrace digital identity. In some cases this will require full know-your-customer (KYC) and anti-money laundering (AML) checks. In others, it will be proof-of-humanity, Sybil-resistant decentralized identifiers, credit scores or accredited investor status. There are also many cases where digital identity is not necessary, but we must be able to distinguish between the types of transactions that take place in the chain.
Blockchain use is growing
Blockchain and its use cases have grown significantly since the release of Bitcoin in 2009. The technology has advanced in several directions, with the emergence of smart contracts, new consensus mechanisms and new forms of governance. Assets have also grown and are now held by millions of people around the world as well as by major players, with institutions such as BlackRock and JPMorgan Chase, and governments such as El Salvador and the Central African Republic.
Parallel to the growth of blockchain, and with a bit of a head start, there has been a rise in digital payment applications. Products like Venmo have disintermediated cash as a medium to settle between retail parties. Regulating cash has been difficult, although attempts have been increasing, but these centralized payment systems provide more visibility and more reporting options. With regulations and reporting trickling down to consumer apps, individuals are seeing more of what used to be back-office processes that affected very few: frozen funds, account closures and restricted withdrawals. And while taxes had to be reported on cash income before, we’re seeing more direct accounting with transactions increasing to over $600 being reported to the IRS on these apps.
Although blockchain has not been just peer-to-peer payments for a long time, there is growing interest in regulating transactions similar to digital payments between people as well as digital assets as a whole. Institutional players in blockchain have even more to worry about than IRS reporting. They are required to carry out Know-Your-Customer (KYC) and Anti-Money Laundering (AML) controls for all funds they receive. They also need to know that funds they can mix with have gone through this type of control. In a recent case where processes were not followed in standard banking services, Danske Bank pleaded guilty to fraud and has agreed to forfeit over $2 billion.
Apart from fraud, institutions must also assess other asset risks. Since we still don’t have clarity on digital asset regulations, some token projects require accredited investor status or avoid the US altogether. Without easy access to this on-chain status, entrepreneurs avoid launching any project that is clearly a security that can leverage blockchain interoperability. These reporting requirements and regulations were written for centralized systems. It is difficult to apply them entirely to decentralized systems, and trying to do so without changes will lose some of the benefits of blockchain.
The problem of regulating decentralized systems
The belief that Bitcoin is anonymous is long gone. It’s much easier to track and perform analytics on the blockchain than any cash or bank-to-bank transaction ever was, and those transactions are there forever. Some blockchains are more privacy-focused and anonymous, and while that may be beneficial to end users, it doesn’t mean they can avoid all regulations. What is missing in order to be able to apply regulations sensibly to decentralized systems is decentralized identity.
Data mining public transactions to identify bad actors does not prevent them from having already executed transactions. It also doesn’t allow anyone to easily block bad actors from interacting with their protocol.
There is often the argument between permissioned and permissionless blockchains, but it is not a true dichotomy. One set of permissions does not always overlap with another set of permissions, and not all transactions should require permissions. It is not the responsibility of the corner store to perform AML checks when someone buys beer, although they are often required to check ID, but there is nothing to check if the customer buys a pack of gum. Even if we come to a draconian legal standard that buying a pack of gum requires AML checks, the customer should not be locked into going to just one store, because going across the street will require heavy onboarding for KYC/AML.
The difficulty of blockchain interactions, lack of clarity from regulators and the burden of re-identification lead to centralization and lack of transparency. If we had a reusable identity and sensible regulations, we could have institutional players out in the decentralized finance area (DeFi) and not part of the contagion that was FTX.
Decentralized identity is the first step towards sensible regulation for DeFi, but it is only about compliance and risk aspects of identity. There is so much more that decentralized identity can enable, but it will take a lot of effort to build it in a privacy-preserving way that allows users to control who sees their identity. Done right, decentralized identity will help bring clarity and transparency, making people, developers, institutions and governments more comfortable with the power and interoperability that blockchain brings.