In a world where financial products can be offered peer-to-peer, regulators have been taking a centralized-focused approach, where centralized entities bear the burden of compliance, while decentralized financial (DeFi) projects still seem to exist mostly in a gray area.
In other words, much of the regulatory focus is around the risk posed to centralized and traditional financial institutions that engage with Decentralized Finance (DeFi), but not with the DeFi project itself.
The Financial Action Task Force (FATF) has offered some guidance, stating that some DeFi projects might be Virtual Asset Service Providers (VASPs) and therefore responsible for compliance, based on how centralized they are in practice, or whether or not the project's organization may be considered an “owner/operator”.
While a focus on centralized entities is practical in the immediate future, some longer term questions still remain:
- Will a fully decentralized financial product with no owner/operator (running on smart contracts) be required to build AML compliance programs?
- Will the crypto industry make AML compliance functions like KYC to identify individuals behind wallets a frictionless feature, or will the community reject it as "too centralized" or at odds with privacy considerations?
- Given the volume of trading that takes place on decentralized exchanges, will tokenized versions of traditional financial products be inevitably traded peer-to-peer, creating a much larger pool of potential risky customers?
The following are recommended best practices for MSBs or VASPs engaging with DeFi: Prescreen for risk exposure prior to engaging with a DeFi platform. Continuously monitor the DeFi platform once engaged. Investigate and report suspicious activity to the company’s regulator based on the risk-based approach.