compliance/aml news roundup – Return to the CBDC Zone

Returning to our central bank digital currency coverage, the last month has seen further global development on the issue of CBDCs not only in form, but in function too. Rather than fitting into established traditional banking regulatory frameworks, the examples of Peru and Tanzania highlight two aspects of CBDC adoption: in the former, the effect of regional implementation in making regulators feel comfortable with the prospect; in the latter, of the potential for CBDCs to maximise efficiency in existing payment systems, such as remittances and mobile banking.

Plans for the launch of a Tanzanian CBDC have been put in place, according to the Governor of the Bank of Tanzania, Florens Luoga. Luoga noted that Tanzania has “already begun preparations to have its own CBDC,” after the nation’s President called on the central bank to “start working on that development”. The Bank’s Governor did, however, issue a cautionary notice with regard to cryptocurrencies, indicating hesitancy in encouraging the public to engage with global cryptocurrency markets until centralised action has been taken. However, Tanzania’s CBDC plans appear a natural next step: the announcement follows Nigeria’s launch of the eNaira – a digital currency issued by the Central Bank of Nigeria. Although Africa currently captures only 2 percent of global value of all cryptocurrencies received and sent, the market for cryptocurrencies in Africa has expanded by $105.6 billion in the last year, with the most common crypto channels connecting Africa to East Asia. Initiatives such as CBDCs could provide a “good alternative to traditional banking”, as reported by the World Economic Forum, given the comparatively low infrastructure requirements, and could assist in addressing the 57 percent of the continent’s population which remains unbanked (World Economic Forum, September 2021). Source: CoinDesk

The latest domino appears to have fallen in institutions’ adoption of crypto-assets in South America. Recent comments made by the President of the Central Reserve Bank of Peru (BCRP) indicates that neighbouring countries’ actions on CBDCs have created an environment of progressive action on digital currencies. The move follows the creation of a Peruvian Sol-pegged stablecoin launched on Stellar in September, which is exchangeable for the Argentine peso, the Brazilian real, the U.S. dollar and other currencies. Crucially, BCRP President Julio Velarde noted that while Peru was “not going to be the first” as it does not “have the resources” to “face the risks”, the nation didn’t want to be “left behind”. Velarde also name-checked the central banks of both India, Singapore and Hong Kong as ‘partners’ in the project, asserting “We are involved in a lot of projects with several central banks.” This attitude indicates that initial hesitancy shown by other states could similarly be overcome by a desire to move with the times. Furthermore, it suggests that hesitancy may be environmental, as opposed to essential: rather than being opposed to CBDCs and the implications of crypto-assets, it may be fear of the unforeseen regulatory and practical financial consequences of CBDC implementation holding smaller states back. Source: Reuters

Shortly after the publication of our last newsletter, India decided to announce a less-than-moderate cryptocurrency bill which proposed an outright ban on “private” cryptocurrencies. This news resulted, unsurprisingly, in a massive local sell off on WazirX (India’s most popular crypto exchange) with BTC dropping almost 15% in 2 hours, with other popular altcoins also experiencing double digit drop offs. Cooler heads did eventually prevail with Nischal Schetty, CEO and Founder of WazirX, commenting on Wednesday that trading levels and the number of new users signing up to the platform had returned to normal levels. It appears now that the winds have shifted again with government sources telling local news outlet NDTV that the new bill would seek to regulate, not ban, so-called “private” cryptocurrencies. However, Indian crypto-holders will be required to move any cryptoassets they hold onto exchanges regulated by the Securities and Exchange Board of India (SEBI). Such a requirement seeks to restrict one of the key selling points of cryptoassets, the ability to hold the private keys to your own assets, and is sure to repulse many crypto-traditionalists. With this proposed restriction on self-ownership, and the impending imposition by the Indian government of crypto-related taxes, it appears that India is taking a hard-line stance towards cryptoasset regulation. However, as has been noted before, the stance of the Indian government on cryptoasset regulation is rather temperamental and it would not be surprising to see it shift again in the near future. Hopefully, this shift will be towards a more harmonious relationship with innovation.

Elliptic recently published a report that extensively covers the ways in which criminals can exploit DeFi, the current regulatory landscape (with particular reference to US federal regulators) and suggestions on how compliance can be coordinated as a result. Similarly to centralised finance, DeFi is prone to criminal exploitation. However, DeFi has specific features which present unique opportunities for criminals to achieve their ends. A new arena for financial crime is developing, and in 2021 alone the total loss of DeFi user and investor funds already amounts to $10.5 billion. The predominant vectors for this loss have been through exit scams, exploitation of code, admin keys, and loopholes in the way Decentralised Applications (DApps) operate. In a similar fashion, criminals can launder their proceeds of crime via DApps using traditional techniques in a fresh setting: Stolen tokens can be exchanged anonymously via decentralised exchanges (DEXs), decentralised mixers can conceal the origin of funds, and cross-chain bridges mean criminals can hurdle user identification as their funds jump from one blockchain to the next. DeFi plays a central role in the evolution of the financial system, development of Web 3, and the Metaverse. This means that regulators must approach DeFi carefully to ensure innovation in the space is not stifled, and that the nuances that make the space so unique are taken into account. How this will play out is a contentious topic. However, the report also highlights that DeFi presents unique opportunities for tackling financial crime, particularly with regards to enhancing the capabilities of blockchain analytics. DeFi assets remain fully traceable throughout their lifecycle, in contrast to when cryptoassets are moved to centralized exchanges and funds go ‘off-chain’. Elliptic has chosen to break the DeFi regulatory landscape down into 3 main products: stablecoins, debt products, and decentralised exchanges. A summary of Elliptic’s main findings is set out below:

A notable development regarding stablecoin regulation is that the SEC will lead regulatory oversight of the US stablecoin market. Instead of being overseen by a banking regulator, the SEC’s oversight is indicative that regulators are more concerned with the investment vehicle-like nature of stablecoins than their payment functionality. Whilst more comprehensive oversight from the SEC would likely boost confidence in the stability of these coins, there is a risk that too much scrutiny would drastically heighten barriers to entry for new business participants. Past stablecoin regulatory developments have been based on a consideration of the major associated risks of their supposed stability. One such risk is the failure for stablecoins to be backed 1:1 with the underlying asset – as witnessed in the heavily publicised SEC-Tether lawsuit which brought this possibility to the forefront of industry attention. Regulatory certainty in this respect is vital for mainstream engagement and adoption, and in September 2020 the Office of the Comptroller of Currency (OCC) reported that a National Bank might be permitted to hold stablecoin “reserves” for their customers, provided an audit of the 1:1 ratio of coins to reserve currency was carried out daily. The OCC’s guidance has since been expanded to include the leveraging of stablecoins in payment activities by federally regulated US banks. More recently, The President’s Working Group (the US Government’s stablecoin thinktank) provided guidance on how stablecoin “arrangements” (which the Working Group fails to provide a definition for) should be interpreted from a KYC perspective. A huge technical challenge lies ahead if this guidance is acted on since they deemed the capability to verify and identify all transacting parties in stablecoin arrangements to be essential. Elliptic notes that this would extend Travel Rule expectations to transactions with natural persons, setting the bar unfairly high in comparison to conventional fiat payments. The regulatory landscape for stablecoins has therefore received a promising degree of attention, but the specifics of future regulatory requirements are still far from certain.

Regarding DeFi debt products, Elliptic highlights some factors that are likely to be considered when the decision is made as to whether these products should ultimately be regulated as securities. Determining factors will include: whether there has been investment of money with the expectation of returns; the plans for distribution; whether there is “common trading” of the note; and the general public sentiment. At this time, limited guidance has been issued by intergovernmental bodies and the regulatory landscape remains largely open to interpretation.

How decentralised exchanges (DEXs) will be regulated is by no means concrete, but FATF guidance can be used as a lens through which potential steps taken by regulators can be anticipated. FATFs most recent guidance states that when an entity or individual has “control or sufficient influence over assets or over aspects of the service’s protocol”, they could be considered to be a VASP. Retaliation from DEX stakeholders to be classified as VASPs is likely, because ultimately the to-be VASPs would be required to implement comprehensive AML programs and subject to the Travel Rule. Additionally, who the responsibility to be compliant falls on is controversial given the supposedly ‘decentralised’ nature of such arrangements and the ethos of decentralisation underpinning the projects. Various stakeholders could be thrown into the mix – governance token holders, domain operators/owners, and software developers – but ultimately no one party is likely to voluntarily claim responsibility. To aid these discussions, Elliptic notes that if inspiration is taken from the centralised financial system, governance token holders are most akin to those who are considered to exercise control in the world of traditional finance. Establishing who ultimately controls DEXs could therefore mean significant governance token holders will be required to disclose their personal identity information to regulators.

DeFi’s regulatory landscape is still in its infancy. Despite regulatory compliance perhaps seeming like it is against the spirit of DeFi, instances of centralised regulatory intervention show that these actors can and will exercise control when deemed necessary. It is important that the space is aware of regulatory developments so that project owners can be ahead of the curve and progress is not stifled. Ultimately it is the hope that regulators work productively with the space in order to maximise DeFi’s potential and mainstream adoption.