Switching back to FIAT money

02/07/2019

Integration of Blockchain, tokens and crypto-assets within existing financial worlds: what about regulation's requirements and compliance?

To be a real success, the Blockchain innovation that brought tokens and crypto-assets into being will need to be integrated within existing financial worlds. Pure players or crypto start-ups need to fulfil the regulation’s requirements to integrate their digital assets in the economy, and financial institutions will be able to interact with these new assets only when the regulation becomes clear. The latest bills adopted in France and Luxembourg are, for instance, the first pillars of this evolution1.

Today, more and more banks are interested in acquiring customers who come from this new ecosystem. Companies that have carried out a successful ICO – Initial Coin Offering – need to open an account in order to pay wages and suppliers, crypto millionaires who want to cash out to buy a home have to follow an onboarding process and follow banks’ compliance policy.

The same rules as in the FIAT world apply to the crypto world: after the traditional KYC – Know Your Customer – process, the bank has to verify the origin of funds and undertake AML (Anti Money Laundering) and CTF (Counter Terrorist Financing) checks. These rules have been specified directly for crypto-currencies. The 5th Anti-Money Laundering Directive directly addresses the crypto-currency regulation with new AML and CTF obligations, also called KYT – Know Your Transaction.

Today, the first banks are implementing these new processes. They have to understand all the new transaction flows to define new procedures.

Transactions done in a Blockchain – for instance for Bitcoin – are public but pseudonymous, as no names are stored inthe Blockchain and only addresses are seen. Some tools from companies like Scorechain and other competitors provide powerful analytics to track transactions and group addresses – called clusters –, giving very useful data to analyse on­chain activity and verify the origin of funds as stated by the customer. However, things are not quite that “easy”, as there could be a lot of interactions with off-chain transactions.

Let’s take the example of a person who wants to transfer €1 million, stating this money comes from the sale of 250 Bitcoins with an average value of €4,000 each.

What would be the onboarding process that the compliance officer would need to run in order to accept this fund?

Bitcoins can come from several sources including legit activities such as trading, mining or earnings (payment for a legal service) and of course illegal or undeclared activities (such as from sales of forbidden goods on the dark net or from ransomware).

If the customer has traded coins on an exchange, for instance he invested €1,000 three years ago and sold the coins later with a gain of 10x, he has to show the bank transfer corresponding to the €1,000 investment from his bank account to the exchange and the transaction log of the trades he carried out via the exchange, this could be very complex if he has traded in different crypto-currencies or tokens in the meantime.

Depending on the tax rules that apply to the customer, he might also be required to prove that all the tax declarations have been made and paid.

If the coins have been moved from wallets to wallets, we should also verify that these wallets were owned by the customer and ask him to sign the private key of the wallets and prove ownership. Again, advanced Blockchain explorers can follow the entire transaction flow, detect wallets and display interactions with other exchanges or services such as mixing.

In the case of Bitcoins coming from mining, it’s quite easy to trace the origin of coins, as they appear as a reward in the block of transactions as pure newly-issued coins. This is valid for individual mining, but can be more difficult to verify if it comes from mining pools or mining services in which the user does not really get the new coins but a part of the mining reward that can come from a wallet owned by the service. In this case, additional checks need to be run to analyse the mining activities.

Another possible source of coins is the payment for goods or services, in which case we have to check the payment against the corresponding invoices or order forms, verify if any applicable VAT was computed and paid and if the value of the goods or the services is correct – based on historical exchange rates with FIAT currency. It could also be necessary to check that the service or the good has been effectively delivered.

But the mission of the compliance department actually consists in verifying the story told by a customer rather than trying to find the origin of funds without any information from its customers. The department has to verify off-chain documents and on-chain data and see how they match, then – depending on the risk level – decide if the customer’s funds can be accepted.

Finally, compliance should not stop after the onboarding is done; ongoing monitoring of the wallets could be necessary, the customer could have shown some transactions during the onboarding process to validate some coins and switch funds during the cash-out operations if they are undertaken during a lengthy period. For instance, Scorechain proposes the creation of automated alerts that can be triggered if new transactions are detected or if there is a modification of the risk scoring of the wallets.

Today, the first banks are implementing these new processes.

They have to understand all the new transaction flows to define new procedures that combine on-chain and off-chain activities and to integrate them within the existing infrastructure. The arrival of stable coins is also a new step that will facilitate the interaction of crypto-assets in traditional finance.

(1) European Blockchain Partnership (EBP) and European Blockchain Services Infrastructure (EBSI), April 2018.