Recently in Japan, the Group of 7 nations met to discuss a number of global issues, including crypto industry regulation. G7 finance ministers held joint meetings with the International Monetary Fund, World Bank, OECD and the Financial Stability Board. While many topics were covered including stablecoin issuer requirements and cookbooks for central bank digital currencies for developing countries, the most important sentence in their joint statement must be:
In light of the growing threats from illicit activities, in particular by state actors, including the theft of crypto-assets for proliferation financing, ransomware attacks, terrorist financing, and sanctions evasion, we support initiatives by the Financial Action Task Force (FATF) on accelerating global implementation of the FATF Standards on virtual assets, including the “travel rule” and its work on emerging risks, including from DeFi arrangements and peer-to-peer transactions.
On behalf of all social layer node operators in cities worldwide, let me just exhale a collective symbolic sigh at the explicit mention of decentralized finance protocols during this G7 meeting.
As a short background, the travel rule — including its enforcement on DeFi / permissionless blockchain networks — has for years been looming over the crypto industry as a major existential threat. The travel rule basically requires any and all virtual asset service providers to obtain, verify, hold and transmit sender and receiver information, including “know your customer” and “anti-money laundering” screening. While KYC/AML is standard practice for financial institutions and for regulated service providers such as banks, broker-dealers, securities/commodities exchanges and foreign-exchange/cross-border payment providers, these compliance practices have never been willfully adopted by any DeFi ecosystem actor.
Why is the travel rule bad for DeFi? Let’s suppose hypothetically that the G7 — the United States, Canada, France, Germany, Italy, Japan and the U.K. — and other G20 members all agreed on enforcing this rule across every virtual asset service provider. What would happen to self-custody wallet providers and DeFi protocols? What would happen if a user wanted to withdraw coins from a centralized finance exchange (like Coinbase) to a self-custody wallet (like Metamask) to directly access a decentralized exchange (like Uniswap)?
Well. If you want to withdraw more than US$3,000 worth of crypto from CeFi to DeFi, unless the CeFi service providers definitively receive KYC on the recipient wallet address (which could be you or your friend or anyone else), the CeFi entity cannot compliantly withdraw coins to that unknown wallet. This would effectively create a firewall between CeFi and DeFi that restricts crypto liquidity and functionality across the entire ecosystem. Furthermore, imagine what happens to your self-custody wallet when you want to make a transfer out. The non-custodial wallet provider would have to prompt you to provide your name, date of birth, country of residence, citizenship and other personally identifiable information about you. It is still a self-custody wallet, but transactions may be traced and censored, and your privacy is no longer private because the wallet provider would be required to verify who you are and share your personal details with regulators upon request. The whole point of DeFi being censorship-resistant/permissionless would be in grave jeopardy.
This is not to say that crypto-native teams don’t have a technical solution to such regulatory enforcement. Decentralized identity is already being worked on by a number of teams such as FractalID’s on-chain KYC solution, or SpruceID’s collaboration with W3C to create identity standards that are compatible between Web2 and Web3. Wallet providers can adopt on-chain data storage layers for sharing KYC tokens/attestations for wallet-to-wallet communication and on-chain-off-chain proof verifications. Permissioned liquidity pools can also verify wallet attributes in a zero-knowledge manner before allowing a wallet user to access a liquidity pool. Other public permissioned networks such as Polygon Supernet or Avalanche Subnet can also enable application-specific chains to enforce KYC-gating/sharing. While these technical solutions are available and can be adopted by industry stakeholders, it would take a huge paradigm shift for Web3-native users to swallow this new reality if it were implemented at scale. I mean, can you imagine if Metamask asked who you are before allowing you to use Metamask?
On a per jurisdictional basis, I would commend the European Union’s creation of MiCA, where they left DeFi and NFTs out of scope and out of the equation, for now, in their comprehensive classification of token types. For the U.S., the Securities and Exchange Commission, though trigger-happy on enforcement, has also been pushing reasonable policies around the segregation of qualified custodianship from exchange/brokerage activity. G7 nations clearly understand how to regulate crypto in the traditional paradigm of third-party custodians holding your money while you trade on a regulated exchange venue. But do regulators know how to fit a square peg in a round hole with oversight over permissionless protocols? The worst case scenario is if ill-informed regulation creates a firewall on permissionless transactions being non-compliant. This would send a shockwave throughout the entire space and may very well render the crypto-native sector as the “Napster of Web3.”
In practice, G7’s crypto oversight may well backfire heavily on the West and trigger unintended regulatory arbitrage whereby builders fly to friendlier countries. For example, BRICS countries — Brazil, Russia, India, China and South Africa — while they have strict capital controls and are often heavy-handed in regulating crypto, ironically do not enforce such rules on self-custody wallets or DeFi actors. The asymmetric chess match leading up to a multi-polar world of ruble/RMB vs. euro/dollar vs. Bitcoin/crypto may render G7 countries unable to “sanction crypto” or achieve their professed goal of financial inclusion and consumer protection.
In the end, what we want to avoid is a dystopian West where traditional finance controls the crypto industry, with qualified custodians (like Fidelity) holding your crypto assets while you trade crypto on an incumbent exchange (like Nasdaq). Coincidentally both firms have digital asset arms to do just that. In the spirit of self-sovereignty, we should push for regulatory clarity and reasonable regulation that understands the layers of nuance within crypto protocols. I share many industry veteran’s concerns that the West as represented by G7 may be headed down the wrong path where innovation is pushed to the East and the South, in non-Western countries where teams on the ground at the social layer can innovate without the fear of prosecution.