The future of KYC in crypto
Crypto and Know Your Customer (KYC) guidelines seem to be an unhappy marriage — pseudonymity in the digital currencies’ DNA doesn’t match the old-school centralized protocols of traditional finance, but cohabitation is inevitable for the maturing industry.
The tension never really goes away, but even before recent months’ market failures for crypto, the regulators have been clearly hogging the blanket, nudging the established platforms toward more strict authentication procedures and cutting the privacy-hardline players off the market.
Cardano co-founder Charles Hoskinson expressed a popular opinion from the industry side in the United States Congress when he told legislators that no regulators are doing a good job with KYC and Anti-Money Laundering (AML) safeguards at the moment. But, will the crypto community reach the point both technically and reputationally when it would get an opportunity for a more decentralized and more private KYC system?
From passport snaps to third-party databases
It is hard to imagine today, but KYC — while a standard for the traditional financial system for a few decades — has only recently become a default feature for the largest players in crypto.
For example, Binance announced a more strict identification procedure for users only in 2021 after a series of legal controversies across the globe. Needless to say, there is still a myriad of smaller exchanges that are managing to evade the regulators’ attention and disregard the global call for tighter KYC.
But, things will hardly go as smoothly for those who prefer to exploit the grey zone, and it is not the overreaching officials and enforcers alone who threaten the existence of this segment.
The pressure is rising from individual and institutional newcomers alike. The former, while not necessarily being familiar with the ideological heritage of crypto, is ready to trade sovereignty for convenience on an established platform. The latter are hesitant to risk their funds by putting them in an underregulated market. Justin Newton, founder and CEO of Netki — a crypto-focused KYC company — explained to Cointelegraph:
“As crypto becomes mass market, it is likely that the vast majority of users will choose to use services that have at least some points of centralization. In the real world, most people value privacy and civil liberties, without being ultra libertarians. When given the choice between a reasonably regulated platform and potentially shady and opaque alternatives, most people will opt for the former.”
Speaking to Cointelegraph, Lisa Fridman, co-founder and president of Quadrata — a spin-off of Spring Labs focused on developing Web3 passports — characterized KYC’s underdevelopment in crypto as a growth problem:
“There are a number of financial institutions with trillions of assets in aggregate which cannot engage in decentralized finance today because it lacks compliance-aware frameworks or ways to mitigate the possibility of commingling with ‘bad actors.’”
With all its acronymic mysteriousness, KYC in crypto works pretty simply. Generally, it includes an ID confirmation with the snap of a passport and basic data being compared against public and private records, as well as cross-checked with other data provided such as phone number or email address. A selfie with a handwritten note is also a common demand.
A more advanced approach includes, peculiar to lending or loan platforms, includes tracking a customer’s decentralized assets or credit status. Financial institutions will also typically check the potential customer’s name against appropriate sanctions and politically exposed persons (PEP) lists. Certain types of financial transactions could also require further steps, such as verification of accredited investor status.
As little KYC as possible is not a solution
The combination of high pressure from regulators and enforcers and the absence of uniform international standards contribute to the general stress around KYC in a swiftly maturing industry.
Metal Pay CEO Marshall Hayner told Cointelegraph that the crypto industry globally doesn’t come near the comprehensible standard for electronic data interchange between traditional financial institutions, such as ISO20022. Newton agrees with that, adding that the lack of clear standards and the freedom of interpretation often leads to malign cost-cutting by market players:
“Regulators provide guidance and guidelines, and companies interpret those guidelines for their own businesses. This leads to inconsistency across the industry and a somewhat natural effect of companies wanting to do as little KYC as possible to reduce costs as well as onboarding friction.”
This state of affairs couldn’t last long, given the industry’s ambition to merge with or even disrupt the traditional financial system and rise to scale by attracting institutional investors.
At first glance, the ball is on the side of the regulators, who are gradually moving to some kind of a holistic framework or at least several large ones — like the Markets in Crypto-Assets regulation in the European Union or a Lummis-Gillibrand “crypto bill” in the United States.
Though the move from the permissionless era of early crypto surely causes major anxiety among crypto evangelists, there is clear win-win potential. The irony of the situation, Fridman explained, is that not disclosing any data actually limits the range of potential use cases and the opportunity to be rewarded for establishing a strong reputation. Apart from an essential connection between a good and transparent credit story and the ability to use more capital-efficient solutions, some underestimate the all too real risks, she believes:
“As the recent developments in the crypto markets indicated, a number of participants may be underestimating the risks involved. A constructive regulatory framework could help manage such risks.”
Verifiable credentials, ZKP and on-chain KYC
The good news is that there’s no lack of innovative solutions the industry could offer to bridge the gap between regulatory demands and users’ desire for privacy. One of them is verifiable credentials — an open standard for digital credentials that use an easily verifiable digital signature. That signature matches the individual (holder), issuer and verifier in a kind of triangle, where the former doesn’t have to directly provide the sensitive data to each entity they interact with. This technology has already captured the attention of the medical sector that faced new challenges during the COVID-19 pandemic.
Another promising concept is zero-knowledge proofs, a protocol through which a digital authentication processes can be facilitated without the use of any passwords or other sensitive data. There are examples of self-sovereign identity platforms that allow third-party personnel (for instance, law enforcement agencies) to determine whether an individual has a valid driver’s license without the person having to hand over anything other than their ID number. A use case more familiar to the crypto community is ZCash (ZEC), which employs a special iteration of zero-knowledge proofs that allow native transactions to remain fully encrypted while still being verified under the network’s consensus rules.
And, of course, there are a number of on-chain solutions for KYC. Quadrata aims to protect sensitive customer data and preserve the pseudonymity on-chain while also allowing a more compliance-aware crypto ecosystem to evolve. One can still have a pseudonymous identity that won’t be exposed to anyone without the proper credentials while tying the underlying real identity to the places that matter, believes Hayner, who’s working on decentralized identity (DeID) with Proton blockchain:
“If I can’t see into your bank account why should I be able to see into your crypto account? We are working on compliant privacy this is coming to Proton blockchain, we see this as the future for crypto. Secure, private, compliant.”
At the end of the day, it is not only the KYC that should change the crypto industry but vice versa as well. Becoming more privacy and data ownership oriented, consumers drive the demand for options that allow end-users to be able to transact confidently, knowing their identifying data is not at risk. As Newton noted with a hint of optimism:
“The limitation here is not going to be the technology, but instead the willingness of regulators to study and accept these new technologies.”