The current media climate around blockchain is rife with stories of fraud and misrepresentation. While these stories are not all cryptocurrency-enabled, such as FTX’s misappropriation of customers’ funds, they erode trust in the broader crypto market, specifically with lawmakers and regulators.
To rebuild trust in the industry and engender well-considered regulation, blockchain must embrace digital identity. In some cases, this will require full know-your-customer (KYC) and anti-money laundering (AML) checks. In others, it will be proof-of-humanity, Sybil-resistant decentralized identifiers, credit score, or accredited investor status. There are also many cases where digital identity is not needed, but we need to be able to distinguish between the types of transactions that are occurring on-chain.
Blockchain uses are growing
Blockchain and its use cases have grown significantly since the release of Bitcoin in 2009. The technology has advanced in multiple directions, with the advent of smart contracts, new consensus mechanisms, and new forms of governance. Assets have also grown and are now held by millions of people around the world as well as by larger players, with institutions such as BlackRock and JPMorgan Chase, and governments such as El Salvador and the Central African Republic.
Parallel to the growth of blockchain, and with a bit of a head start, there has been a rise in digital payment applications. Products like Venmo have disintermediated cash as a medium to settle between retail parties. It has been hard to regulate cash, though attempts have been increasing, but these centralized payment systems give more visibility and more reporting options. With regulations and reporting trickling down to consumer apps, individual people are seeing more of what used to be back-office processes that affected very few: frozen funds, account closures and restricted withdrawals. And while taxes had to be reported on cash income before, we are seeing more direct accounting with transactions adding to over US$600 being reported to the IRS on these apps.
Though blockchain has not been simply peer-to-peer payments for a long time, there is increasing interest in regulating transactions similar to digital payments between people as well as digital assets as a whole. Institutional players in blockchain have even more concern than IRS reporting. They are bound to perform know-your-customer (KYC) and anti-money laundering (AML) checks for any funds they are receiving. They also must know that funds they may be intermingling with have gone through these types of checks. In a recent case where processes were not followed in standard banking, Danske Bank plead guilty to fraud and has agreed to forfeit over US$2 billion.
Outside of fraud, institutions must also consider other asset risks. As we still do not have clarity over regulations for digital assets, some token projects are requiring accredited investor status or avoiding the U.S. altogether. Without easy access to that status on-chain, entrepreneurs are avoiding launching any project that is clearly a security that could leverage blockchain’s interoperability. These reporting requirements and regulations were written for centralized systems. It is difficult to apply them wholly to decentralized systems and trying to do so without modification will lose some of the benefits of blockchain.
The trouble with regulating decentralized systems
Long gone is the belief that Bitcoin is anonymous. It’s much easier to track and perform analysis on blockchain than any cash or bank-to-bank transaction ever was, and those transactions are there for all time. Some blockchains are more privacy-focused and anonymous, and while that can be beneficial for the end users, it doesn’t mean that they can avoid all regulations. What is missing from being able to apply regulations sensibly to decentralized systems is decentralized identity.
Data mining the public transactions to identify bad actors doesn’t prevent them from having already performed transactions. It also doesn’t allow for anyone to easily block bad actors from interacting with their protocol.
There is often the argument between permissioned and permissionless blockchains, but that is not a true dichotomy. One set of permissions doesn’t always overlap with another set of permissions, and not all transactions should require permissions. It’s not incumbent upon the corner store to perform AML checks when someone buys beer, though they are often required to check ID, but there’s nothing to check if the customer is buying a pack of gum. Even if we get to a draconian law standard that buying a pack of gum requires AML checks, the customer shouldn’t be locked into going to just one store because going across the street would require onerous re-onboarding for KYC/AML.
The difficulty of blockchain interactions, lack of clarity from regulators, and the burden of re-identification lead to centralization and a lack of transparency. If we had a reusable identity and sensible regulations, we could have institutional players out in the decentralized finance (DeFi) space and not a part of the contagion that was FTX.
Decentralized identity is the first step toward sensible regulation for DeFi, but that is only talking about the compliance and risk aspects of identity. There is so much more that decentralized identity can enable, but it will take great effort to build it in a privacy-preserving manner, allowing users to control who sees their identity. Done right, decentralized identity will help bring clarity and transparency, making people, developers, institutions and governments more comfortable with the power and interoperability that blockchain brings.