The feds are coming for DeFi, and if you think there’s no one to arrest in a decentralized exchange, you’re wrong.
The idea of decentralized finance is that there is no central authority in charge to control the exchange’s operations doesn’t mean they can get away with lax or no know-your-customer (KYC) and anti-money-laundering (AML) compliance. Or that there is no one to be held accountable.
On Oct. 1 the FBI arrested one of the founders of (centralized) cryptocurrency exchange and derivatives trading platform BitMEX for violating the AML requirements of the Bank Secrecy Act. Warrants for the other two, including CEO Arthur Hayes, have been issued. The Commodity Futures Trading Commission (CFTC) simultaneously filed a civil suit on the same grounds.
While U.S. authorities may be starting with centralized exchanges, that won’t last, said Cinneamhain Ventures partner and consultant Adam Cochran in a 25-part Twitter thread that began:
“So a lot of Crypto Twitter doesn’t understand why today’s news isn’t just bad for CeFi but is also bad for DeFi. It has a something to do with legal nuance and a little something called the ‘Bank Secrecy Act’ (BSA).”
Unlike CFTC rules designed to protect consumers, the BSA is criminal law, Cochran explained. When it comes to money laundering, it is aimed solely at people who violate the law, regardless if they work for a centralized company like BitMEX or not. He pointed to past prosecutions of people on localbitcoins.com and Paxful for similar violations.
Peer-to-peer doesn’t matter
Noting that the U.S. Department of Justice oversees BSA prosecutions, Cochran said “many people presume there to be some sort of magical ‘peer-to-peer’ exemption that exists in these laws.
“I’m not sure where that myth comes from, it might be an oversimplification of understanding the SEC/CFTC limitations,” he added, referring to the Securities and Exchange Commission. “But it doesn’t exist. The only thing that matters is do you make it easier for criminals in the US to exchange monetary instruments without applying the US standards of KYC/AML.”
It probably doesn’t help that a large chunk of the $200 million KuCoin hack in late September was promptly cashed out through two decentralized exchanges, Uniswap and KyberSwap.
DeFi platforms are, in theory, run entirely by smart contracts.
“Now here,” said Cochran, “the crypto community will throw their arms up in a rallying cry ‘but you can’t shut down a contract.’” But, he added:
“DAO or no DAO you can find that developers with admin keys, users who create front-ends, companies hiring individuals to work on the protocol and others who enable or profit from the contract, to be in violation on the BSA.”
That means developers can be arrested, domain names seized and shuttered, and front-end access points shut down.
“The take away here is that a protocol isn’t outside the reach of the government, there is always pressure points that can be applied,” Cochran added. “They won’t turn a blind eye to Defi.”
Besides, the “‘De’ in ‘DeFi’ is theatre for most DeFi projects,” said Messari’s Connor Dempsey. “Bitcoin’s immaculate conception is difficult to replicate and many projects have core teams driving them. Following the Kucoin hack this week, a number of teams were able to freeze user’s coins, showing the centralized control most teams still retain.”
Those teams, he added, “could find themselves in a position similar to Arthur Hayes.”
Particularly given that there are compliance tools DeFi developers can turn to.
In June ConsenSys released Codefi Compliance, an Ethereum-based tool to automate regulatory compliance with KYC, AML and countering the financing of terrorism (CFT) laws.
“Providing robust AML/CFT compliance for Ethereum-based digital assets is a keystone step in bringing the institutional financial industry to decentralized finance,” said Lex Sokolin, global co-head of ConsenSys Codefi, in a statement. “Codefi Compliance is the next module in our product suite to eliminate complexity and risk in using DeFi.”
Ultimately, the BSA is a good thing, Cochran argued.
“There is a difference between wanting sovereignty and privacy over your own funds vs enabling criminal activity,” he said. “I for one, have no interested in creating something that helps terrorists or human traffickers.”
Either way, Cochran summed up the issue this way: “Most of crypto twitter is ignorant to how the law is applied and the multiple stress points that exist even in a decentralized system. The US government has over reaching law, whether fair or not, they will pursue.”