The booming world of decentralized finance, which has collected more than US$11 billion in cryptocurrencies in a matter of months, is a potential haven for money laundering, according to new research.
Globally, 56 per cent of digital currency services have weak or porous “know your customer” controls, blockchain security firm CipherTrace said Thursday in a report. KYC procedures are meant to confirm the identity of users to prevent laundering. Dave Jevans, chief executive officer of CipherTrace, said regulators will be looking more closely at decentralized finance because of its astounding growth.
“The last six to eight weeks have shown it to take off unbelievably,” Jevans said in an interview. “Regulators are taking note when US$1 billion flows into something a week after it started.”
Defi projects are blockchain applications that connect users in a peer-to-peer fashion with no centralized authority that can stop or monitor transactions. In early July there was a bit over US$2 billion of crypto locked into defi projects, according to data compiled by Defi Pulse. That’s since grown to US$11 billion.
Many new defi applications allow users to earn interest on crypto loans they make or to use one digital currency to get a loan in another coin. They should fall under the jurisdiction of the Securities and Exchange Commission because many coins are securities, Jevans said. And money-service business rules should apply, he said.
“They’re not going to be able to escape from regulation for long,” Jevans said. “The eyes are upon them.”
CipherTrace analyzed more than 800 virtual-asset service providers such as exchanges, over-the-counter trading desks, currency swap systems and defi applications. It found that 60 per cent of countries had lax controls in Europe, the worst region for KYC standards.
“I would suggest the reason there’s so many that have either no KYC or poor KYC is lack of regulation,” Jevans said, referring to Europe. “That’s changing really quickly.”
The report defined “weak” KYC as involving transactions that can be made by providing only an email address and a name. Examples of “porous” KYC policies require some identification and placed limits on daily deposits and withdrawals. “Strong” KYC was defined as requiring several steps to complete identifying customers before they could open an account.
The U.S., Singapore and the U.K. had the largest number of virtual asset service providers with weak or porous KYC, CipherTrace said. That demonstrates “the ease and volume of potential offramps for money launderers,” the firm said.