DEFI and REGULATION. Can DeFi platforms comply with anti-money laundering regulations while preserving privacy?

As already commented in our introductory article on this topic, decentralized finance (DeFi) is among the most innovative instruments underlying blockchain technology, enabling greater financial inclusion. This disruptive technology is on the spotlight of traditional banks and state agencies that aim to ban certain activities. However, regulatory agencies are obliged to evaluate the rights of these new companies to operate legally within a safe legal framework designed for users’ protection preventing fraud and any type of illegal activities. Clicking here you can find further information on the situation in Argentina.
Many regulatory debates in the crypto sphere are connected with users’ privacy. State agencies, international entities and the police forces abide by the need to register as much personal data as possible on the individuals behind the transactions and the so-called “Travel Rule” (to be analyzed in future posts). This information is purported to prevent assets’ laundering, to stop the financing of illegal activities and to hinder terrorist activities (goals universally accepted by almost all inhabitants), holding all addresses and entities related to any asset used for such activities liable for such eventual misconduct.
This opposes the right to privacy conferred upon the civil population given regulators, for an easier application of the Travel Rule, intend every person's data to be available and visible. Basically, citizens are not obliged to give explanations to any government, policy force nor any other body that is unable to justify such request. It works similar as the presumption of innocence (“everyone is innocent until proven guilty”). Data collection by security agencies should be framed within a formal investigation with a defined object. These constitutional guarantees apply to almost all western constitutional democratic countries. Current “widespread surveillance” over worldwide population with special focus over some people has been legally objected several times and belongs to the current internet model and data management (mostly centralized and related to
the Web 2.0 concept).
The possibility to boost DeFi projects with Web3 technology (for further details on this technology, click here) implies a potential development for these projects and protocols. IT security and data privacy are mainly comprised within this concept. I recommend the interview to Alastair Johnson published by Cointelegraph; it is quite interesting and brings some clarity to this matter.
“Zero-Knowledge Proofs” (ZKP) and decentralized identifiers of Web3 projects could help DeFi protocols maintain regulatory compliance without exposing their users unnecessarily. The ZKP is a cryptographic protocol that allows information verification without disclosing it. I apologize for this over-simplification but the process could be as follows: encrypted information is entered into the protocol, the protocol then sends an encrypted request to another database that confirms or rejects such information resulting in positive or negative. It is similar to online payment transactions with credit cards in safe sites.
In this case, the mechanism would be as follows: the decentralized finance company (company 1) requires from the user to enter his/her personal data in an outsourced protocol (company 2). The protocol receives access to a database (public entity that manages personal data such as the RENAPER in Argentina) which will state “this individual exists and data are correct” (or not), eventually authorizing the requested loan.
This mechanism would enable –upon suspicion of fraudulent activity- to carry on investigations and take actions for crime prevention or make arrests. Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs),with public data but non-automatic disclosure due to personal data protection, are decentralized identity solutions aiming to a good balance between the right to users’ privacy and the required regulation to prevent and to combat terrorism financing and other illegal activities.
In line with the growing tendency in the legal field aiming to limit state control over data and civil rights, Wyoming (a crypto-friendly state in the United States) has recently passed a bill for the protection of data and digital keys (even in court), as reported by Crypto247. The bill states that nobody could be compelled to disclose his/her private keys in any civil, criminal, administrative, legislative or other proceeding as long as relevant information can be made available through
public keys data.
To conclude, blockchain technology is, most of all, an instrument vested with transparency and traceability. Data entered is made available publicly or privately and the information stored on a blockchain can always be verified through technical tools. This attribute – if properly used- can be a strategic ally for the security forces. This is a big challenge regulators have to face for an adequate balance between privacy and crime prevention (and a general consensus is still pending on the scope of “proper” for verifiable solutions).