Playing by the Rules: The Crypto Compliance Landscape Today
Main Takeaways
In recent years, the digital asset industry has made massive strides in the area of compliance. As an industry leader, Binance prioritizes maintaining a strong and comprehensive compliance program.
We are launching a new blog series, Playing by the Rules, to raise awareness of the role of compliance in crypto and highlight the impressive work that our Compliance team does every day.
In the first article of the series, we look at the components of compliance, the differences between traditional and crypto financial organizations in terms of this function, and what today’s crypto compliance landscape looks like.
Some people not yet familiar with the digital asset industry tend to think of it as a place where rules and laws that govern other sectors of financial activity don’t apply. Exposed to a mixture of anecdotes from the very early days of cryptocurrency – back when many early adopters considered dealing in digital tokens more akin to swapping baseball cards than trading financial assets – and facts from a few high-profile cases of crypto-related fraud such as FTX, these people can form an opinion that crypto firms are inherently incapable of being regulated and compliant.
The reality of crypto compliance is very different from this misinformed picture. In just a few years that have passed since the emergence of the first centralized crypto exchanges, the digital asset industry has improved its compliance capabilities in leaps and bounds. Over the recent years, Binance has invested tremendous resources in building out a state-of-the-art compliance program whose complexity and technological robustness can match those of the giants of traditional finance.
To shed light on the fascinating work that our compliance professionals do, we launch Playing by the Rules – a blog series exploring the state of compliance in the crypto industry and zooming in on various domains that Binance’s Compliance team is keeping tabs on. In this introductory piece, we take a bird’s eye view of what we mean by compliance generally and how compliance in crypto is different from traditional finance.
Compliance in Financial Organizations
When people think of compliance in the context of finance, the terms KYC (Know Your Customer) or AML (Anti-Money Laundering) are usually the first to come to mind. Granted, these two are important components of any compliance program, but areas of the compliance function’s impact in a mature financial services company, traditional or crypto, are not limited to KYC and AML.
Simplifying for the sake of clarity, we could describe compliance as comprising three main areas: AML, consumer protection, and regulatory compliance (i.e., licensing). Under these overly broad, and oftentimes complementary, categories fall a bevy of disciplines underlying financial organizations’ compliance work that we will address in this blog series.
Take the AML category, which can be further divided into areas such as CIP (customer identification programs), KYC, CDD (customer due diligence), EDD (enhanced due diligence), customer screening (inclusive of being under sanctions or being designated as politically exposed persons, or PEPs), transaction monitoring, suspicious activity/transactions/matter reporting (SAR/STR/SMR), risk assessments, audits, ABC (anti-bribery and corruption), Travel Rule, and many more.
The consumer protection side of compliance, in addition to many of the aspects mentioned above, incorporates data privacy measures, terms of use, customer disclosures, segregation of assets, UDAAP (unfair, deceptive, or abusive acts or practices – a US-specific term that has counterparts in most countries), anti-scam and anti-fraud controls.
On the regulatory front, compliance officers work to ensure that their company has implemented the necessary processes and controls to comply with the regulations of the jurisdictions that they operate in. This also includes licensing applications, maintaining relationships with regulatory bodies, managing external auditors as required, managing regulatory examinations, and fulfilling any remediation requirements subsequent to the exam or audit.
In many jurisdictions, it is the compliance officer who is primarily responsible for a company’s operations being in line with the applicable regulations, and who holds personal liability for any failures that occur during their tenure. While other executives may share some level of liability, it is expected that the compliance officer has the autonomy and authority to act independently to ensure that the company meets its regulatory obligations.
A compliance program may manage these areas of responsibility directly, or it may provide oversight, governance support, and quality assurance testing.
Compliance in Crypto: Unique Challenges
Running a compliance program for a digital asset services company entails covering all the same bases as in traditional finance – and also dealing with a slew of novel challenges.
The biggest difference between TradFi and crypto has to do with the maturity of the regulatory environment, the rules governing the industry, and the lack of consistency across jurisdictions. For one, different countries have materially different definitions of various crypto assets, which has enormous implications for compliance work.
Another major difference is the very nature of digital assets. Most cryptocurrencies were designed to run on decentralized, distributed, permissionless networks that operate without any central governing body. It is the embodiment of the “code is law” principle. In a permissionless network such as Bitcoin, there is no central body that can prevent a transaction from occurring. There are no “chargebacks.” No wire recalls. Transactions are permanent with no recourse for the originator. This can create challenges for centralized service providers like crypto exchanges that are fundamentally different from the TradFi space.
Traditional finance is dominated by highly centralized payment networks where transactions are slow (with typical processing times measured in days instead of minutes or seconds), can be reversed, blocked by outside parties, or even seized. Consumer protection laws in many countries allow retail users to dispute charges on their accounts, sometimes up to 6 months after the fact, and the underlying service provider is obligated to make the user whole.
What this means is that many of the traditional controls that are in place in TradFi won’t work well, if at all, in the crypto context. This warrants thinking about consumer protection differently. For example, if a user shares their password or private keys with someone and that third party liquidates a wallet, there is no way to recuperate the assets that have been moved and no centralized authority to “refund” the client's funds.
For this reason, centralized exchanges often provide advanced account security tools to their clients, perform more device fingerprinting and analysis, provide notices for withdrawals that appear to be destined for risky wallet addresses, and run client suitability tests to assess users’ level of understanding of the risks associated with certain products or services.
Transparency and Speed
In the world of distributed ledgers, transparency makes a key difference. Today’s financial services industry is an opaque and secretive web of different payment and settlement networks where only a select few may have access to critical pieces of information.
Think about the SWIFT network. Only member banks and financial institutions will have access to the SWIFT messaging system, and this access will be limited to the transactions that the specific institution is processing. This provides a level of financial privacy but also allows institutions to operate surreptitiously.
Public blockchains, on the other hand, are highly transparent, sometimes almost to a fault. Every single transaction is published for the entire world to see. While the names of the individuals and companies that are the originators and beneficiaries of these transactions are not readily available to an outside observer, most blockchains are pseudonymous. This means that there are key pieces of information that can be used by the public or blockchain analytics providers to identify originators, beneficiaries, transaction patterns, and wallet balances.
Using social engineering techniques, often these wallet addresses can be attributed to the real-world persons or companies who own or control the wallets. Going back to the example of SWIFT above, this is as if every person in the world had a front-row seat to every SWIFT transaction, and all of the associated bank account details ever processed.
This level of transparency brings up numerous concerns around data privacy and individual security that the crypto industry must address. On the other hand, it also offers enormous opportunities for exchanges and other industry players to build tools allowing for far greater insight into what is occurring within blockchain networks globally, piercing the veil of transactions that could be layered to avoid detection. This gives crime fighters all over the globe an efficient way to investigate illicit activity while minimizing the need to obtain court orders, subpoenas, or rely on mutual legal assistance treaties (MLATs) to investigate the cross-border movement of funds.
Finally, a key value driver for the crypto industry is speed. Transactions in the world of traditional finance typically take days to settle. One of the promises of digital assets is the ability to settle in near real-time. Applying the same regulatory expectations and similar compliance controls and processes that TradFi platforms use to the crypto industry threatens to destroy the value and efficiency achieved by crypto transactions.
How Do Crypto Companies Approach Compliance?
Given the complexity of the task at hand, the level of compliance practices and processes to which today’s digital asset industry has risen is impressive. Furthermore, given the speed at which leading crypto companies continue progressing in this domain, we can expect industry compliance standards to become even stronger.
Anti-Money Laundering (AML) work has been the marquee headliner for crypto over the last several years – and will continue to be going forward. Stringent AML laws have been enacted in most developed countries over the past couple of decades, and they are largely agnostic to technology. This means that the AML rules for crypto companies (especially those that support fiat as well) are well-established and understood by the industry.
Basic things such as obtaining identifying information on your customers (KYC) or monitoring transactions for suspicious activity and complying with international sanctions are nothing new for crypto firms as they represent the staples of any compliance program.
The pace of adoption of a compliance ethos in the crypto industry has accelerated in recent years with the emergence of more regulatory clarity and a common acceptance that AML laws in most jurisdictions apply to the crypto industry. Moreover, strategic partnerships with traditional banking and payment networks have helped to accelerate the move to a more compliant approach since having fiat rails is a clear differentiator in today’s digital asset market. Traditional financial institutions require that the exchanges that they support meet their standards for compliance, AML, sanctions, and anti-fraud measures.
There is also a healthy amount of collaboration between compliance leaders within the crypto industry. We accept the truth that having another major FTX-style scandal can do the entire industry irreparable damage, and it is in everyone’s best interest to be collaborative on emerging trends, risks, and solutions to the problems and challenges that crypto compliance faces.
Binance: At the Cutting Edge of Crypto Compliance
For Binance, compliance is the top strategic priority, and a compliance mindset is baked into everything we do. We have gone a long way since our early days in how we approach this key side of our operations and have come to realize that advancing crypto adoption and the freedom of money is only possible in close cooperation with regulators and strict adherence to all applicable rules.
Binance has invested heavily in finding the best KYC vendors and data sources in each of the jurisdictions that we support. This allows us to provide the best user experience possible while remaining fully compliant with local and international laws and regulations. The localization of our controls is also a demonstration of our commitment to understanding our clients and tailoring our solutions to their needs.
There remains a disparity in the industry when it comes to the level of compliance that participants have. This is primarily due to the fact that compliance is hard, expensive, and creates customer friction. The larger crypto businesses, such as industry leader Binance, have more resources and are therefore better equipped to implement the numerous vendor solutions and build internal tools that a robust compliance program requires.
Over time, crypto compliance is becoming more structurally similar to how this work is organized in a traditional financial services company. However, thanks to dealing with numerous novel challenges every day, crypto firms will develop – and in some cases already have – more sophisticated tools, better data, and greater insight into how individual transactions fit into the big picture.
To take a deeper dive into various aspects of Binance’s compliance program, stay tuned for the upcoming entries of our Playing by the Rules series.
Risk Warning: Digital assets are subject to high market risk and price volatility. The value of your investment can go down or up, and you may not get back the amount invested. You are solely responsible for your investment decisions, and Binance is not liable for any losses you may incur. Past performance is not a reliable predictor of future performance. You should only invest in products you are familiar with and where you understand the risks. You should carefully consider your investment experience, financial situation, investment objectives, and risk tolerance and consult an independent financial adviser prior to making any investment. This material should not be construed as financial advice. For more information, see our Terms of Use and Risk Warning.