3 Common Compliance and Regulatory Pitfalls to Watch for in 2020

Published at: May 30, 2020

Regulations are not going anywhere. On the contrary, financial service providers face more regulatory challenges and higher costs than ever before. During the early days of cryptocurrencies, a “Wild West” culture emerged when regulators, uncertain on how to tackle this thing called blockchain, paid little attention to the thefts, scams and hacks plaguing the virtual-asset market.

Today, this is no longer the case. No matter their roots, every virtual asset project from Telegram to Shapeshift to Libra is ramping up compliance while regulators continue to issue guidance, enforce regulations and pay closer attention to digital securities platforms, crypto exchanges and other virtual-asset service providers, or VASPs, catering to the residents of their respective jurisdictions. Despite this, many organizations in the blockchain space still face a painful combination of misinformation, opaque legislation and willful ignorance when it comes to fulfilling their obligations in each of the markets they serve.

As the demand for digital tech continues to increase, regulatory compliance has become a competitive advantage and key differentiator for successful fintech and digital-asset platforms. In contrast to the Wild West days in the sector, “compliance” is now the new buzzword when promoting fintech services, with headlines like “the compliant _______ platform” plastered across the websites of digital securities, security tokens, ICOs, FX, OTC, brokers and exchanges.

Unfortunately, calling something compliant does not make it so. The very definition of compliance is not only a moving target, it also includes gray areas such as a “risk-based approach,” which can change massively depending on the nature of one’s business activities and client base. Without defined industry standards for guidelines such as Know Your Customer or Anti-Money Laundering, it is easy to see why VASPs — even those with the size and budgets of Coinbase, Binance or Libra — struggle to maintain a compliant business.

To stay ahead, VASPs must have a clear understanding of their regulatory obligations and how this impacts their business viability in any given market. Avoiding the three most common pitfalls of compliance can shorten a company’s time to market, create barriers to entry for competition, and protect its reputation.

Pitfall 1: KYC means verifying users’ identity during onboarding

This is the biggest misconception that plagues most digital securities platforms, exchanges and other virtual asset service providers in the market today. Knowing your customer is not a one-time thing — you are obligated to keep up-to-date, auditable records for each client for the entire time you serve them.

In many jurisdictions, your record-keeping obligations can extend for years after the client ceases to do business with you. In order to build a robust and scalable business, it is important to account and design for KYC refreshes, ongoing AML screening, transaction monitoring and user re-authentication for the entire client lifecycle.

Pitfall 2: Changes to compliance requirements depend on where you are based

Most virtual-asset businesses are subject to a wide range of regulations — data privacy, personal information protection, KYC, AML, securities and derivatives, payments and digital identity. Some regulations, such as the GDPR, apply across European Union members and harmonized jurisdictions. Others, such as payments services, are quite nuanced with complicated, state-by-state regulations for money services and transmitters as well as reporting requirements. In Singapore, payment token businesses have had to close up shop or leave the country as they wait for the ability to legally do business. 

It is important to understand the regulatory obligations in every market where you serve even a single user. For example, holding a license in Estonia or Lithuania may not provide the ability to offer that same service in Germany, the United Kingdom or Canada. While a business can take advantage of “passporting,” using a single financial services license across multiple jurisdictions, it is important to understand where and whether other regulatory variations exist, including how data is collected, processed, maintained and reported.

Pitfall 3: Build it once and we are good to go

While this is theoretically possible in very small markets, in practice, a business’ activities are most likely subject to multiple regulators in each market it serves. New regulations are being rolled out every week, potentially impacting how you process or maintain your users’ personal information, verify their legal identities, screen for risk, perform customer due diligence, or document successful compliance operations.

In order to stay ahead of these challenges, management teams must look at their business through multiple lenses such as that of AML, a VASP or securities law — and that is only within the scope of financial regulation. New trends in one market can quickly become the standard in others. Use of a specific method in one market may become outlawed in others. Innovative firms can often find new opportunities to use regulation for their benefit by closely monitoring the shifting landscape.

Key regulatory shifts in 2020

While not a definitive list, here are some of the key regulatory shifts to watch closely in 2020:

Virtual asset service providers

Last year, the FATF published new guidance that included definitions of both virtual assets and virtual asset service providers. Around the world, financial intelligence units such as FinCEN in the United States post local updates of their interpretation of FATF definitions.

Firms will be required to implement and maintain an AML program, even if they are “crypto only” service providers that avoid fiat transactions. These changes will take effect in the majority of FATF member countries over the next twelve months. Most notably, today marks the June 2020 deadline in the United States.

The so-called travel rule, also from FATF, has created significant buzz and misinformation throughout the industry. Most importantly, peer-to-peer or wallet-to-wallet transactions are not included — only transactions where funds are transferred on behalf of the end user by a VASP, with various interpretations setting local thresholds such as $1,000 in the U.S.

Similar to the evolution of SWIFT for bank-to-bank transactions, or the FIX protocol for trades between exchanges, compliance with the travel rule is requiring the industry to collaborate on technology, standards and interoperability. A global standard for VASPs will enable new models of open-source, decentralized finance that is compliant by design.

Digital securities

Communications: How a VASP markets its products and services or how an issuer markets its token is subject to myriad regulatory requirements. Promising financial returns, spamming potential users or investors, as well as how and where KYC data is stored and processed are all subject to regulation for data protection, consent and disclosure.The U.S.: The example of the recent shutdown of Telegram’s TON clearly demonstrates that, in digital securities, compliance by design not only saves considerable time, money and prevents fines or being added to watchlists — it can also be the main factor keeping a project alive.

Secondary markets

In the U.S., Open Finance Network is closing operations largely due to lack of a market. Meanwhile, Nasdaq and Carta are seeking to leverage their massive user bases and established brands to create their own private markets. These trends are repeated in Canada, Europe and Asia — a global race to cracking the holy grail of finance: compliant and automated with multi-jurisdictional liquidity.Globally, new regulations for strong client authentication and transaction monitoring require financial service providers to manage a web of complex tools. Digital onboarding is not KYC, the most common reason we see early-stage fintech firms failing a compliance review is because they do not understand the full scope of what it means to know your customer on a consistent basis. By integrating or consolidating systems for cyber security, anti-fraud, onboarding, KYC, AML, etc., these businesses not only make compliance easier — they are architecting scalability into their business. For private capital markets, the platforms that move beyond the false dichotomy of privacy vs. security and strike a balance between risk management and respecting their user’s privacy, data and assets will own the market.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Matthew Unger is founder and CEO of iComply, a global regtech for turn-key digital onboarding, SCA, KYC, AML and data governance compliance. After founding a $42 million wealth management practice, Matthew exited by age 26 and co-founded a wealthtech platform that was later acquired by Planswell in 2015. Matthew has studied blockchain, AI and business strategy at MIT.

Tags
Aml
Kyc
Related Posts
Blockchain will thrive once innovators and regulators work together
There is often a perceived tension between regulation and innovation. A pervasive narrative has emerged that these two important parts of our society are at odds with each other. In reality, it’s when these two come together as partners that we can effect change and transform our world for the better. Nowhere is this more true than in the blockchain industry. Over the last few months, we’ve seen seemingly reactionary regulators in different parts of the world try to formulate new rules and guidance in silos, without sufficient input from the key stakeholders most knowledgeable about the technology — the …
Technology / May 15, 2021
The new episode of crypto regulation: The Empire Strikes Back
The latest news has left the decentralized finance community in a collective fetal position. Responding to the threat of increased regulatory oversight, leading decentralized exchange Uniswap recently restricted the trading of certain tokens. Earlier in July, Dan M. Berkovitz, chairman of the Commodity Futures Trading Commission (CFTC), said that DeFi derivatives platforms might contravene the Commodity Exchange Act (CEA): “Not only do I think that unlicensed DeFi markets for derivative instruments are a bad idea, but I also do not see how they are legal under the CEA.” Most worrisome of all is the initial version of the United States …
Technology / Aug. 27, 2021
Illicit crypto transactions are getting more attention from the government
The COVID-19 pandemic has forced governments worldwide to focus on bringing blockchain technology to their financial services, along with the needed regulatory upgrades to keep the burgeoning fintech industry clean. Related: Not like before: Digital currencies debut amid COVID-19 For example, on Sep. 10, Switzerland — a global center for the wealth management industry, housing around $2 trillion or 27% of global offshore wealth — passed a reformed Blockchain Act that includes a new set of laws and regulations to support the growth of blockchain and decentralized finance companies in the country. Related: Why Switzerland is becoming a “crypto nation” …
Technology / Sept. 19, 2020
The Great Estonian Exodus — Crypto Firms Are Leaving Estonia
Back in 2017, the Estonian government rocked the legislative side of the crypto world when they introduced a raft of new laws designed to support crypto projects. These licenses split into two different categories: those looking to operate a crypto exchange and those looking to undertake an initial coin offering. Both company types stood to benefit from the first “real” cryptocurrency licenses anywhere on the planet. As a result of these licenses, entrepreneurs digitally flocked to the small but great Baltic nation. The Estonian government was ahead in a number of ways. Not only was the country a trailblazer with …
Technology / June 27, 2020
How should DeFi be regulated? A European approach to decentralization
Decentralized finance, known as DeFi, is a new use of blockchain technology that is growing rapidly, with over $237 billion in value locked up in DeFi projects as of January 2022. Regulators are aware of this phenomenon and are beginning to act to regulate it. In this article, we briefly review the fundamentals and risks of DeFi before presenting the regulatory context. The fundamentals of DeFi DeFi is a set of alternative financial systems based on the blockchain that allows for more advanced financial operations than the simple transfer of value, such as currency exchange, lending or borrowing, in a …
Technology / Jan. 22, 2022