Can DeFi be AML-compliant? Fresh methods for the new technology

Anti-money laundering compliance is one of the most critical topics in crypto, and the recent report published by the US Treasury only added to its significance... without, however, bringing any solution. The main problem is that traditional AML methods, based on detailed KYC (know your customer), can only be applied to the centralized part of crypto finance.

As to the decentralized finance, or DeFi, applying traditional KYC is incompatible with its nature: users interact with blockchain-based smart contracts directly through their wallets, and DeFi protocols can control neither the users nor their funds. What’s more, sharing users’ real identities can be very dangerous in the transparent and open blockchain environment (as opposed to the opaque and siloed banking system).

This doesn’t mean that the space is a mecca for criminals though. In fact, it’s quite the contrary, because the blockchain’s transparency allows using a new type of AML tool – on-chain analytics.

Regulators scrutinizing the DeFi

The US treasury report on DeFi can be summarized in the following quote:

“Our assessment finds that illicit actors, including criminals, scammers, and North Korean cyber actors are using DeFi services in the process of laundering illicit funds. Capturing the potential benefits associated with DeFi services requires addressing these risks. The private sector should use the findings of this assessment to inform their own risk mitigation strategies and to take clear steps, in line with AML/CFT regulations and sanctions obligations, to prevent illicit actors from abusing DeFi services.”

DeFi is indeed being used by some illicit actors. As reported by on-chain analytics firm Chainalysis, approximately 23% of funds leaving illicit wallets in 2022 were sent to DeFi protocols. However, the majority of these funds (57%) belonged to one special subset of criminals – hackers stealing crypto.

Crypto hackers’ favorite victims are DeFi protocols, and their loot often contains tokens that aren’t listed on other exchanges or stablecoins that can be frozen by their issuer. That’s why hackers use decentralized exchanges to quickly swap them for more liquid crypto assets.

Why don’t more criminals use DeFi?

Decentralized exchanges don’t enable crypto-to-fiat conversion, and aside from hackers, most crypto criminals send the majority of their funds directly to centralized exchanges or other fiat off-ramps. Some also try to use DeFi to obfuscate the flow of funds through mixers or other protocols, but they rarely succeed, as on-chain analytics tools evolve.

On-chain analytics 

On-chain analytics is becoming a major tool in fighting illicit actors in web3.

It leverages blockchain’s transparency and, together with advanced data science, allows to investigate crypto addresses and their links to known criminal entities, such as darknet market clusters, hacker collectives, scammers, entities on the OFAC sanctions list, etc.

What’s more, on-chain analytics firms can investigate whether a wallet has to do with a certain behavior type, such as peeling chain (a technique used to launder big amounts of crypto via a long series of small transactions), mixing (using services that blend the cryptocurrencies of many users together to obfuscate the origins of the funds), and many others.

These methods have proven themselves useful on numerous occasions, some of the recent ones including:

London Metropolitan Police’s recent investigation into the international drugs supply. Using on-chain analytics, the policemen tracked and traced crypto funds of a darknet vendor, identifying their assets, which led to a suspect, whose devices revealed other transactions… In the end, the on-chain trace led to a whole criminal network being uncovered, together with its suppliers (source: Chainalysis).

War in Ukraine. On-chain analytics tools helped identify millions of crypto addresses related to the pro-Russian entities, which, with the help of international sanctions and Ukrainian law enforcement, were prevented from cashing out and financing the war. Overall, crypto donations to pro-Ukrainian fundraisers outweighed those sent to pro-Russian ones 44:1 (source: Elliptic).

Towards new AML standards? 

So far, most regulators are trying to apply traditional KYC-based compliance rules to the decentralized space. Some, like Banque de France, have even proposed to force the hand of frontend providers (entities that run websites or apps through which users interact with the protocol) and try to impose KYC on DeFi interfaces.

The US Treasury approach was more nuanced, as it called for industry consultations. It pointed out, however, that “DeFi services engaged in covered activity under the Bank Secrecy Act have AML/CFT obligations”.

Whether the sector is able to comply with these obligations will depend on the effectiveness of crypto-native AML tools and its ability to prove to the regulators the need for DeFi-specific rules.

Written by D.Center