Diana Tlupova, Head of Compliance at Nexera ID, has argued players in the decentralized finance (defi) space can stay ahead of regulators who might want to impose stringent Know-Your-Customer (KYC) rules by using zero-knowledge (zk) proofs to authenticate user credentials. Tlupova contends that, in addition to allowing users to maintain control over their KYC data, the application of zk proofs enables defi platforms to meet regulatory requirements without compromising user data.
Privacy Versus Compliance
Although many regulators have yet to standardize their stance on regulating the defi space, Tlupova predicts it will not be long before they begin demanding user verification. To support this assertion, Tlupova, a former regulator with the Financial Conduct Authority (FCA), points to the recent policy recommendations for defi by the International Organization of Securities Commissions (IOSCO).
When asked to predict scenarios that could pose challenges to the crypto industry, the former regulator told Bitcoin.com News that she anticipates the Markets in Crypto Assets Regulation (MICA), which took effect in June 2023, to be one such scenario. She said for many entities operating within the European Union, the primary challenge will be their preparation for MICA licensing as well as knowing where they fit within this licensing regime.
Meanwhile, in her written answers sent to Bitcoin.com News via Telegram, Tlupova also touched on the concept of privacy-preserving KYC and why many see this as a better verification process. Below are the answers of the Nexera ID compliance head to all the questions sent.
Bitcoin.com News (BCN): What do you think are some of the biggest regulatory challenges for the crypto market participants – including traditional finance (tradfi) players that interact with crypto – in 2024?
Diana Tlupova (DT): Five years ago, when I joined the crypto world, it was a wild wild West with no clear regulations or guidelines in terms of how a crypto company should build their compliance program. So the crypto players who had a long-term strategy of building a serious business would mimic their compliance program to what any other traditional financial institutions would do – standard building blocks such as MLRO, KYC, KYT, SARs, etc.
Others, who were less serious and only interested in short-term gains would have no compliance programs in place. Some of the latter players have exited the market in the last two years as regulators started catching up and bringing crypto assets inside their regulatory perimeter.
As the industry evolved, various countries introduced their own legislations/rules, sometimes very contradictory, creating a very fragmented regulatory environment, which most crypto companies found hard to navigate.
2024 is going to be a pivotal year hopefully bringing more clarity and harmonization to the crypto regulatory landscape. MICA will establish a comprehensive regulatory framework across the whole European Union and the biggest challenge for a lot of companies operating in this space will be preparation for MICA licensing and understanding where do they fit in the licensing regime and how they can improve their risk management processes now to be ready to apply in a few months.
BCN: Do you believe that the crypto customer compliance is broken and if yes, how can companies streamline their compliance management processes and reduce the regulatory risks?
DT: I do not think that crypto compliance is broken. Most of the crypto companies are already investing a lot of resources to streamline their processes. However, the issue is that many web3 companies are early start-ups and they often find it difficult to start their compliance journey since they do not know how, where or when. My advice to those companies who have not figured it out yet is to look into various Regtech tools available on the market that help to automate many manual processes as well as involving an experienced compliance consultant at least at the beginning of their journey. See answers to Q4,5 and 6 below.
BCN: Do you envision a future where decentralized finance (defi) protocols will have to perform customer verification checks like wallet screening, anti-money laundering (AML) screening, or know-your-customer (KYC)? Also, do you see regulators demand accountability from decentralized autonomous organizations (DAOs)?
DT: Regulators and policy-makers across the world are definitely starting to get a grasp on defi, as shown by the recent IOSCO publication with policy recommendations for defi, as well as the CFTC TAC Report on defi. Some of the major concerns around defi are risks for potential money laundering and fraud. Therefore, stringent KYC checks and AML monitoring will be one of the ways to address those risks.
Back in the past when centralized crypto exchanges (CEXs) were just coming into existence, most of them did not require any KYC checks at onboarding. The customer could have just provided their phone number and email address – and that was sufficient to get onboarded. However, as regulations evolved and CEXs came under regulatory scrutiny, most of them enforced strong KYC/AML policies to comply with regulations. I would expect similar developments in the defi space as well.
However, I believe the nature of the KYC checks will be different in a way that defi protocols will entrust KYC verification and wallet screening to third parties. Based on the successful ID verification, the wallet is being whitelisted. In defi space, users will be able to own their KYC data and share it with other providers using Verified Credentials or Zero-Knowledge Proofs. The regulatory approach to defi/DAOs is still evolving and we all look forward to seeing how it will shape in the next few years.
BCN: Given the technological complexity involved in ensuring compliance, some say this may end up hurting user experience. In your view, how can crypto projects strike a balance between a smooth user experience and the need to adhere to the strictest regulatory requirements?
DT: I think the right balance can be achieved by using best-in-class Regtech solutions. If crypto companies want to survive and thrive in the market, they must embrace new technologies and focus on user experience, while keeping in mind laws and regulations in the jurisdictions where they operate.
Quite often I see companies focus on hiring and training more compliance and operational staff to do manual work rather than investing in automation which would have reduced the over-reliance on human resources. Regtech has a huge potential to reduce regulatory and operational compliance costs, and mitigate risks of money laundering and fraud, while improving operational efficiency and customer satisfaction/user experience.
However, according to a number of sources, including the Thomson Reuters Regulatory Intelligence Report the uptake of Regtech solutions remains slow in recent years due to a number of reasons, such as lack of investment, shortage of in-house skills, sometimes lack of understanding or even fear of using innovative tools.
BCN: Can you talk about Nexera ID and how it is helping crypto market participants comply with regulations, especially when the business goes beyond the borders?
DT: On a day-to-day basis compliance managers/officers have to navigate a myriad of tools and systems and have no comprehensive view on each customer in one single dashboard – Nexera ID solves this problem for them. Nexera ID offers an all-in-one intelligence platform for crypto compliance. At Nexera ID, we help companies manage financial crime risk by ensuring that everything needed in terms of customer risk management, from onboarding to ongoing monitoring, is comprehensively covered and automated.
The idea behind Nexera ID solution is to address all the current operational pain points of compliance managers and help to free up their time on more value-added projects, while at the same time improving customer experience for smooth onboarding and maintaining compliance with market rules and regulations.
BCN: Effective compliance could help crypto companies survive and thrive in volatile crypto markets. How does a solution like yours help crypto platforms efficiently manage their operational compliance needs?
DT: As already mentioned in my previous answer, Nexera ID aggregates various tools and systems that compliance officers use daily into one single dashboard, which provides a holistic view of the customer, including his KYC information, AML screening results, risk scoring, fraud-related statistics and transactions monitoring results. The customer risk management is substantially streamlined and improved enabling more effective compliance with KYC/AML regulations.
BCN: For the Web3 ecosystem to be safe and fair, safeguarding user privacy is as important as compliance. Can you briefly touch on privacy-preserving KYC and the need to protect sensitive user data while complying with regulatory requirements?
DT: Privacy-preserving KYC refers to methods and technologies that aim to verify the identity of individuals without compromising their privacy. Traditional KYC processes often involve sharing sensitive personal information, which can be a concern for individuals and raise data privacy issues. Privacy-preserving KYC seeks to address these concerns by using techniques that allow verification without exposing unnecessary details.
One approach involves using cryptographic techniques such as zero-knowledge proofs. In a zero-knowledge proof, one party can prove to another that they know a specific piece of information without revealing the information itself. This can be applied to identity verification, allowing entities to confirm a person’s identity without accessing all the underlying personal data.
At Nexera ID, we understand that some crypto businesses, especially in the defi space, want to implement customer verification processes while preserving customer’s data privacy. Therefore, we provide a user-friendly widget that can help verify the customer’s identity without compromising the safety and security of the customer’s sensitive information.
What are your thoughts about this interview? Let us know what you think in the comments section below.