Can ZK-Proofs Untange the DeFi Compliance Labyrinthine? Experts Weigh In

Earlier this week, the United States Treasury Department came out with some strong words while elaborating on the risk assessment of decentralized finance (DeFi) in the first report of its kind in the world.

While the agency managed to start an important conversation on the much-needed industry guidance, crypto advocates have been firm on regulation by way of enforcement is not a way around.

But most importantly, the regulators need to speed up before the Web3 landscape becomes too confusing and overbearing for projects to thrive, according to Banxa’s Richard Mico.

DeFi KYC Not Ideal?

Over the past few years, DeFi has suffered a myriad of illicit finance challenges, such as scams, ransomware, hacks, and money laundering. These platforms operate across borders without a central authority, posing significant challenges for regulatory agencies.

Study shows that DeFi protocols alone lost $3.1 billion, which accounted for over 82% of all cryptocurrency stolen by hackers. This was up from 73.3% in 2021.

Certain entities using DeFi for nefarious purposes have forced regulators to endorse “Know Your Customer” (KYC) measures to track the source of the stolen funds. But the complexity of the unique vulnerabilities and gaps present in DeFi makes KYC redundant, according to many industry experts.

Moreover, traditional finance has rigorous KYC checks. Despite this, the sector continues to observe money laundering cases almost every day. Hence, Markus Levin, Co-Founder of XYO Network for one, believes that KYC mechanisms are not a silver bullet for preventing criminal actions.

While speaking to CryptoPotato, the exec stated,

“While procedures like KYC are quite effective in removing illicit activity from platforms themselves, they are not a silver bullet for preventing criminal actions. Unfortunately, challenges motivate malicious actors to shift to alternative platforms with different processes to carry out their deeds. Additionally, KYC hacks highlight the importance of avoiding centralized databases which store user data.”

The industry has been strongly endorsing “fit-for-purpose” compliance controls and other safeguards against threat actors across all aspects of blockchain. However, Banxa’s Chief Legal Officer Richard Mico said that the regulators must be careful “not to throw out the baby with the bath water.”

Striking an appropriate balance between cultivating and harnessing the indisputable benefits of decentralized and automated peer-to-peer finance transactions should be the focus whilst mitigating bona fide illicit finance threats.

“Relevantly, regulators must be very thoughtful regarding what activities they classify as falling within their purview (i.e. as money services businesses and/or money transmitters) and the associated ramifications for the industry, consumers, and the US’ position as the world’s innovation hub.”

AML/CFT Controls DeFi

The Treasury report aims to provide guidance and clarity to the industry. But it also proposes certain “enhancements” to the existing AML/CFT regime over and above FinCEN Guidance.

While Mico believes that the report remains very high level as it relates to the recommended ‘enhancements,’ the devil, however, will be in the detail. He explained that a “one size fits all” approach will be detrimental to the ecosystem. Instead, adopting a risk-based approach with a pro-innovation-based ideology should be the focus.

The Banxa exec further stated that many DeFi services do not implement AML/CFT controls or other processes to identify users. In many instances, this may be entirely reasonable, Mico argues. However, he believes that Web3 businesses must make diligent efforts to comply with local laws and regulations. He also added that AML/CFT controls are essential components for preventing illicit finance uses for crypto.

Weighing the Role of ZK-Proofs

One of the biggest takeaways from the 40-page report was the inclusion of a crypto-based solution – ZK Proofs –  as a new compliance tech for DeFi, and its mere acknowledgment as a solution has been welcomed by many.

Zero-knowledge proofs enable a user to prove a statement is true without demonstrating why it’s true. As such, a person could prove they are not on a Treasury Department sanctions list without revealing the underlying confidential information, be it a name or government ID number.

Various industry participants, including Mico, believe that ZK-proofs is one of many possible tools that may assist in mitigating illicit finance risks associated with DeFi and support compliance with BSA and sanctions obligations. Such solutions can even be integrated into the underlying smart contract, he added.

But for the tech to be useful, it needs to reach mass adoption. Zero-knowledge technology is still in its infancy, and Rico is of the opinion that education and awareness will go a long way in making regulators feel more comfortable with compliance innovation.

“To ensure the proper and effective use of ZK proofs as a compliance tool, regulators may engage in monitoring activities, such as audits, inspections, and investigations, to verify compliance. If any violations or misuse of ZK proofs are identified, regulators may take enforcement actions accordingly.”