*In the process of writing this post, 2 big AML/CTF publications dropped: the Senate AFTC inquiry’s third and final report, and FATF’s updated VASP guidance. I thought about incorporating them before posting, but decided to post this before reading either to see how well my antennae are attuned to the relevant issues: I’ll try and update if there’s anything I’ve missed on review.
Hello Tracer community!
I thought I’d try and kick off a discussion on how Tracer DAO can accommodate Anti-Money Laundering/Counter-Terrorism Financing (AML/CTF) considerations into its design. As a loose outline, I’ll:
- Set out the underlying objective of AML/CTF requirements;
- Go through any relevant exemptions;
- how it maps onto Tracer services and products specifically; and
- AML/CTF and privacy.
Before I do so, I want to preface this post by saying that the concern around DeFi being especially prone to being exploited for nefarious activities is more a problem of perception, rather than reality. According to the figures bandied around in this space, the actual incidence of cryptoassets in money laundering is low, and falling. The popular concern around cryptocurrency seems to motivated by its potential (rather than actual) use to obscure identifies to bypass AML/CTF regulation (although even that isn’t seem unassailable, if the rumours around Poly network are true…).
That being so, the main challenge will be to persuade regulators to give DeFi an opportunity to develop a technological solution to comply with AML/CTF requirements, without baking in the redundancies associated with regulating centralised finance. Whether or not it is possible to leverage technology to comply with AML/CTF obligation is vey much beyond my ken (the little I’ve seen seems to suggest so), so feel free to educate me on this point!
What’s the underlying purpose of AML/KYC?
The broad thrust of AML/CTF regulation (as with most key pieces in financial regulation) is set by an intentional consensus: while there are variations in the laws giving effect to AML/CTF regulation between countries, the objective those laws serve remains consistent. A working definition of AML/CTF’s common purpose (very oosely adapted from the international standard-setter FATF’s guidance) could therefore be to prevent the financial system from being used to finance criminal and terrorist activities.
The operative word here is ‘finance’: what governments are principally worried about are criminal/terrorist elements exploiting the financial system to finance their activities. The extent to which that worry is a live concern obviously depends the nature of the specific protocol in question. DeFi protocols that elevate any variation of the following attributes are at a heightened risk of being found in an AML/CTF regulator’s crosshairs:
- highly liquid;
- fungible; and/or
- and anonymity.
So far, it’s the ability for crypto-currencies to mask user identity that has garnered the most attention. However, the point I want to make is that the ability to pseudonymise/anonymise identities on the internet only materialises into an AML/CTF concern, when it is combined with the ability to financially transact with other people on the internet . So it’s no surprise that the DeFi protocols that have received the most attention from an AML/CTF perspective, have been DEXes and tokens of currency/stablecoins: Bitmex, Binance and Tether, to name a couple of examples.
Exemption from AML/CTF regulation
Now, not all parts of the financial sector fall within AML/CTF’s core focus on liquidity, fungibility and anonymity. This is recognised (at least locally in Australia, although I suspect analogues will exist in other jurisdictions) by the fact that some financial services are carved out from having to comply with AML/CTF.
For our purposes, there are 2 relevant exemptions:
- An exemption to cover buyers and sellers trading securities or derivatives traded on exchange (Ch21 AUSTRAC Rules). The explanation provided is that orders placed on exchange prevent the counterparties from knowing who is ultimately taking the other side of the trade;
- An exemption for electricity and gas producers/retailers trading in OTC derivatives (Ch22 AUSTRAC Rules). Carve-outs from financial services regulation for energy markets participants are fairly common (they’re not really part of the financial sector, after all), but you could also justify this exemption upon the logic articulated above I think still holds: namely, that the derivatives in question are not fungible in nature (i.e. OTC derivatives are crafted specifically to the needs of the counterparties to that transaction).
Mapping onto Tracer
So where does this leave Tracer? As I see it, Tracer can essentially be broken down into 2 components for the purposes of determining AML/CTF risk:
- A repository of contract templates (i.e. the Tracer factory) that can be used to develop a derivatives product;
- Tokens produced by Tracer, or in conjunction with derivatives based off its contract templates: this would include the TCR governance token and the Perp Pools tokens, currently.
In regards to the Tracer factory’s permissionless contract templates, there’s a threshold question as to who’s responsible for complying with AML/CTF regulation: Tracer DAO, or the person who’s deployed the template? I’ve discussed this a little more here, but I think there’s a solid rationale for attributing responsibility to the entity who’s deployed the contract template to issue a derivative contract, rather than Tracer DAO (to the extent the two are different entities – I entirely envision Tracer DAO to continue to issue its own derivatives products).
However, even if it was responsible for complying with AML/CTF requirements, Tracer could moderate the level of AML/CTF risk it took on by developing products that either fell within one of the stated exemptions, or kept the products underlying fungibility, liquidity and/or anonymity to minimum levels. Trading securities based on a Tracer template on an exchange? Likely covered by the Ch21 exemption (and in the case of a DEX, a further question as to what proportion of responsibility the DEX should bear). Alternatively, Tracer could restrict its product issuances to sophisticated institutions wishing to hedge bespoke risks in the context of transacting with each other on a bilateral/OTC basis.
What about Tracer tokens? Well, tokenisation itself brings with it an inherent level of liquidity and fungibility which will likely raise the meter of AML/CTF concern – for that reason, it’ll be interesting to see the extent to which NFTs get caught in AML/CTF crosshairs. However, even tokenised assets exhibit varying levels of liquidity and fungibility: one of the interesting things about the TCR token is it opens the discussion on the extent to which a governance-only token with no inherent financial benefit poses an AML/CTF risk.
Finally, given the topic of the last Tracer drop, it’d be remiss of me to not to point out the high incidence of AML/CTF risk that would attend the issuance of a Tracer stablecoin… hardly a reason not to go ahead with a project, but something worth considering.
AML/CTF versus privacy concerns
I’ve been careful about my usage of anonymisation throughout this post, because as just about everyone will tell you nowadays, there’s a limit to the anonymity you can expect on a platform based on Distributed Ledger Technology. As my earlier reference to Poly Network attests to, there’s a limit to which users will be able to rely on the pseudonymity inherent in blockchain technologies to mask their technologies, which is likely to dwindle as the number of participants increases.
This is already given rise a conversation around crypto-assets’ compatibility with people’s right to privacy, which is legally protected to varying degrees around the world. This deserves its own separate post, but it’s worth noting that the discussion around the tension between AML/CTF and privacy contained within crypto is quickly developing, with the conversation around this topic particularly developed in the EU.
As always, my 2 TCR!