Institutional Guide to Compliance in Cryptocurrencies and DeFi
May 23, 2023
The opportunities inherent in cryptocurrency and decentralized finance are proving too intriguing for institutions to ignore. For example, in April, asset management behemoth Franklin Templeton announced it was putting its U.S. Government Money Market Fund on the Polygon blockchain. The Monetary Authority of Singapore has also experimented with trading tokenized versions of central bank assets using the Aave protocol. In a survey of US-based institutional investors published in February, eight out of ten said they were more likely to use DeFi protocols than they had been a year previously, even despite the tumultuous events of 2022.
However, despite the growing interest and ongoing developments in the sector, most institutional investors will cite compliance as the biggest barrier to entering crypto and decentralized finance. This article will consider the compliance requirements for institutions participating in DeFi and examine the types of tools and services that have emerged to support institutions in remaining compliant while venturing into this emerging segment.
Regulatory requirements governing compliance in DeFi
The regulatory landscape around digital assets is always evolving, which is one of the main compliance challenges facing institutions. This is a brief snapshot of the regulatory landscape and requirements as of May 2023.
The Financial Action Task Force imposes minimum general requirements on what it calls “Virtual Asset Service Providers (VASPs),” a broad term encompassing any entity handling cryptocurrencies on behalf of customers. That definition would include crypto funds, as well as exchanges and custodians. The requirements take the form of the “Travel Rule,” so-called because it requires VASPs to collect KYC data of customers transacting in cryptocurrencies and to share it with the VASP of the counterparty to the transaction: the data travels with the transaction.
However, since many decentralized protocols are fully automated, there is no entity handling transactions; merely smart contracts on a blockchain interacting with a self-custodial wallet. Thus, many DeFi applications in their raw format represent a gray area for the enforcement of the Travel Rule, and without a compliance-based intervention, pose a potentially unquantifiable risk to institutions.
The E.U.’s landmark Markets in Crypto Assets regulation, known as MiCA, was ratified by the European Parliament earlier this year, paving the way for it to come into force during 2024 and 2025. Hailed as the first regulatory framework of its kind in the world, MiCA will impose capital requirements and safeguards (including practices such as best execution), and will require registration on the part of crypto-asset service providers. MiCA also brings in MiFID-type rules regarding investor risk assessments and the transparency of information provided to potential clients.
It is worth noting that MiCA introduces some ambiguity for DeFi protocols by referencing services provided in a “fully decentralized” manner. Given that all DeFi protocols have some centralized elements, such as software development or front-end interface hosting, it is difficult to foresee how the E.U. regulators will test the concept of “fully decentralized”.
Elsewhere in Europe
In the United Kingdom, the government is in the process of drawing up new cryptocurrency regulations. There is no date set for when the legislation will be put to a parliamentary vote; however, one M.P. previously indicated that it could be within the next 12 months. Currently, the Financial Conduct Authority has oversight of cryptocurrency service providers, although the only requirement is to ensure that adequate anti-money laundering measures are in place.
Cryptocurrency operators could do worse than set up a base in crypto-friendly Switzerland. The comprehensive Blockchain Act makes provision for a range of on-chain innovations, including tokenization of assets and DeFi innovations such as DLT-based trading facilities. Operators must undergo licensing via the country’s financial regulator, FINMA.
The rapidly evolving regulatory situation in the United States is too uncertain to call – so much so that even long-standing U.S. firms are abandoning their domestic operations at pace. Market makers Jane Street and Jump Crypto recently became the latest to announce they were scaling back trading, amid wider recognition that the compliance risks are simply too substantial.
Institutional solutions for compliance in DeFi
With a patchwork of regulations in place, there is no “one size fits all” solution for institutional DeFi compliance. Furthermore, as a nascent area, the landscape of available solutions is still relatively bare.
However, there are several types of tools and services where a handful of operators are focused on delivering institutional-grade solutions that bring sufficient transparency to transactions to enable a satisfactory assessment of risk. These fall into three categories – compliant wallets, compliant applications, and portfolio management tools.
Compliant wallets are a new generation of self-custodial hot wallets with built-in features to enable compliance. Compliant wallets allow institutional users to set risk profiles or create customized rules based on their organization or jurisdiction. Users can perform automated Know Your Customer and Know Your Transaction checks by scanning on-chain activity of potential counterparties. They can also provide risk assessments in line with the institution’s risk profile, maintaining records for audit purposes and flagging for periodic renewals as required.
These checks are designed to detect unusual activity, such as the use of coin mixers or previous interactions with known suspicious wallets or services. They can also enable post-transaction monitoring to check if counterparties engage in risk-based activities after the event.
Compliant wallet providers include MetaMask Institutional and NexeraID. MetaMask is a market leader for Ethereum with a simple U.I. and an established reputation, whereas NexeraID (a sister company of Nuant) offers greater flexibility and programmability for professional portfolio managers, as well as support for multiple blockchains.
Compliant applications are DeFi applications that focus on enabling automated, disintermediated transactions between counterparties while removing the opacity of pseudonymous participation. As such, they offer compliant access to the DeFi sphere with its generous yields. Participation is permissioned, so entities must be whitelisted before they can provide liquidity or take out lines of credit.
A key advantage to compliant DeFi is that by removing transaction anonymity, it becomes possible to better assess risk. This enables borrowing with lower or no collateral – a new phenomenon in the unregulated DeFi markets, where participants are generally required to overcollateralize their loans as the price for pseudonymity.
Examples of compliant applications include Aave’s Arc and Archblock (formerly TrueFi/TrustToken, issuers of the TrueUSD stablecoin), both of which offer access to whitelisted lending pools.
Portfolio monitoring tools
A central component of compliance is risk monitoring and reporting, which is historically an area where asset managers have faced challenges in the digital asset arena due to a lack of adequate portfolio management tools. These tools support compliance by integrating with a wide array of exchanges, wallets, and custodians, allowing asset managers to view their entire holdings in a single view. Real-time and historical reporting and analytics can support transparent conversations with clients regarding risk and help maintain the necessary audit trails, while in-built research tools enable full due diligence on tokens and projects. These tools can also support manual investigation of suspicious tokens or transactions by providing data in context.
Nuant’s cutting-edge portfolio monitoring application integrates with 51 blockchains and 28 exchanges, as well as custodians, market aggregators, and DeFi protocols. Institutional clients seeking to level up their digital asset capabilities can access integrated risk metrics, analytics, and insights via a combination of on-chain and market data. Robust portfolio monitoring is the cornerstone of a comprehensive risk and compliance strategy, so book your demo today.