By design, most cryptocurrency protocols allow anyone to create their own wallet at any time and without limitations. This significantly complicates the compliance process, as it may prove very challenging - if at all possible - to understand the owner of a certain crypto wallet address.
On top of this , the latest surge in Smart Contract usage (DeFi ecosystem) allows users to perform trading and sending of cryptocurrency peer to peer without using any centralized third party. This drastically complicates the process of identifying counterparties in each transaction.
This problem is a big blocker for any form of DAO as well as a principal blocker for the future of dApps.
To summarize:
There is a need for DAO, dApp or other entities to make an informed decision about compliance properties of a cryptocurrency address (with assurance that KYC provider follows certain policies & methodology)
This information should be accessible without the need of processing user personal data by the DAO, dApp or other entity itself - when they are not able to do it by design/policy or technologically.
There are a minimum of two components required to solve these problems:
An entity which will perform KYC of each user, with the ability to link user and his crypto address.
A “registry” system which will allow anyone to check compliance of the crypto address to enable risk assessment.
We have built a system which allows us to perform a user check by using several KYC providers. The system also lets us store data in a unique manner (Pic 1).
First off, all user personal data and approval process logs are stored within the traditional database. We also ensure that none of the approval process logs can be altered, thanks to Hyperledger Besu private blockchain.
To make sure that data in the blockchain cannot be altered, we have built a masternode system to validate all important actions within the network. This is performed by independent nodes. Each important operation, such as validating a KYC process, is recorded there with all the associated timestamps and hashes.
All this allows auditors/regulators to trace each KYC request lifecycle, as we show the whole sequence of events, including data queries from KYC providers for various checks we make. We also do regular snapshots of the system state to the public blockchain, thus adding an extra layer of immutability to the system.
Pic 1: KYC data processing & storing
All past transactions are stored in the blockchain and synced with masternodes. This makes it impossible to revert old data, as we operate on a PoS private network, with nodes ensuring that no previous data can be altered. And even if we would want to change something on the blockchain - for whatever reason - all traces would stay in the system, thus ultimately restricting us from altering anything.
Also, for users who successfully passed KYC, we have built a “Proof of KYC” system to openly broadcast their KYC result - without any personal data - to the public blockchain (Pic2).
This broadcast happens via publicly accessible smart contract. And it includes the following data:
Object ID (crypto address or other reference)
KYC ID (unique reference from our Hyperledger system) - this will allow us and regulators to identify the end user using our system
Object Type ID (nature of the object - is it a crypto address, social handle, etc)
KYC level
Pic 2: Proof of KYC publishing
If requested by the user, we can publish this data to the public blockchain (neither limited to ETH nor to others).As we publish on our side, there is no risk of anonymous users posting fake KYC IDs into our Proof-of-KYC smart contract.
Object ID and Object Type fields allow us to link any object to the KYC reference. Meaning, users can post their BTC address within ETH public network. Still, we do require some extra measures to ensure that this object is actually in control of a given user. This ensures that the users can't post random object ID and claim it's related to them.
Proof-of-KYC allows anyone to lookup certain objects such as ETH, BTC and other addresses in our Smart Contract registry (Pic 3).
Timestamp of KYC submission
Object ID (like cryptocurrency address)
Object type
KYC ID
KYC status
Using KYC ID, qualified third parties can request that we confirm the identity of a user. However, this is not mandatory. The fact that a user object appears in our registry indicates that this particular user passed KYC with us with certain KYC status.
Certain third parties such as qualified dApps or other fintech entities can get extended info on a user. This will include logs of approval, without revealing personal data. This provides an open infrastructure for third-party organizations that may not have the infrastructure - or inclination to do KYC for the users and keep KYC data - but still have regulatory requirements to verify user’s identity based on object ID.
Each KYC status can be customized, which means that at a certain point KYC record would need to be reconfirmed with another status (after expiration).
Pic3: Validating KYC record on chain for external observer
Regulators and GDPR policy controllers need a more detailed overview of the personal KYC records (Pic4).
We can provide extended versions of all KYC logs via Hyperledger masternode. If more information is needed, we have a module to show detailed user data from the backend system.
Pic4: Validating KYC record on chain for Regulators/GDPR purposes
One of the biggest obstacles facing financial institutions when it comes to adopting DeFi into their business model is that it is an unregulated and non-compliant space.
The proposed solution allows DAO, dApps or other entities to make an informed decision about compliance properties of a cryptocurrency address (with assurance that KYC provider follows certain policies & methodology), without the need for processing user personal data.
Ultimately, the said entities will be able to verify that the KYC procedure has happened. They will also be able to create safe DeFi spaces, which will bring bigger institutional interest for blockchain technology.
Technology provided by DLTify / (Cryptaldash LTD Gibraltar) and available to the public starting from October 2021.
This document will cover the new Know-Your-Customer (KYC) functionality that is presently being introduced to the CRD Network ecosystem. It will allow the onboarding of user profiles, which then get cross-referenced through a series of protocols, including sanction rosters, politically exposed person lists, as well as identity, documentation and phone number verification and authentication.
After which, we will mark compliant wallet addresses with a KYC hash to signal they’ve been vetted. This will allow users to only have to pass through verification once and participate unhindered in the CRD Network ecosystem, as well as with any further strategic partners.
Among the major threats coming into the cryptocurrency space is regulatory overreach.
Given that crypto projects often evolved as proof of concept ideas that developed past their original intentions, it’s not uncommon that they are neither scalable nor designed with the intention of being regulatorily compliant. Furthermore, as it’s an innovative new sector, much of the existing financial regulation is not entirely applicable to blockchain technology.
Now that crypto is a multi-trillion dollar industry though, regulators have begun to turn their attention to the sector. Many countries have already banned the technology, or at least heavily restricted its use - some notable examples include China, India and Turkey.
While the list remains small where there have been outright bans, or regulation is in the works that would effectively do so, one thing remains clear: regulation is coming all around the world and it may be done heavy-handedly by regulators without much understanding or concern for this space.
As such, unlike most crypto-projects out there, there is a growing cohort of DeFi projects that are being proactive in meeting regulatory requirements that are typically asked of financial institutions.
Among the most basic requirement is that of KYC, which serves as a means of identifying customers and their associated economic activity to relevant authorities. Hence, the CRD Network has opted to develop these protocols before crypto regulatory bodies make it a legal requirement and begin punishing entities for non-compliance.
KYC’s primary objective is to promote Anti-Money-Laundering (AML) and Combating the Financing of Terrorism (CFT) protocols. If you’re a law-abiding member of society, it’s a minor inconvenience that has to be overcome when creating a new account, but it usually doesn’t alter the core experience.
However, the problem is that anonymity was one of the core tenets of blockchain technology. This permissionless, anonymous system is partially what earned cryptocurrency its initial reputation as the currency of black market sites like the Silk Road, a former decentralized marketplace wherein users could purchase and sell illegal goods and services.
Nevertheless, the sector has evolved much since then. Despite some efforts by privacy coins like XMR, zCash, etc there are blockchain analytic services that track transactions and assume end beneficiaries. The era of absolute anonymity is rapidly becoming obsolete, and often if you haven’t been tracked it’s simply that you’re not worth tracking.
In either case, present DeFi structures remain a bit of an outdated relic. In part because of its permissionless business model, and pooling of assets, it can mean that you indirectly do business with a terrorist, or worse (from the government’s perspective) A TAX DODGER!
Here’s where it gets complicated though, given the joint business nature, transacting with these criminal elements might indirectly make uninvolved participants criminals as well, from a purely legal perspective. After all, by joining unvetted liquidity pools, yield farms, lending them money, or exchanging with them directly (even if done unknowingly) you could implicitly be aiding and abetting criminal activity.
This is the primary reason why institutional cryptocurrency adoption has been so slow to happen - financial institutions don’t want to run the potential legal risks and associated costs. And what little adoption there has been have been making use of the aforementioned “chain analysis” services where they can identify cryptocurrency that has not been tainted by being associated with criminal activity.
Hence, contrary to what some people believe, not all crypto is the same. Sometimes these financial institutions are even willing to pay a premium to get “legally compliant” coins.
It stands to reason that if we create an ecosystem where users are verified and legally compliant, institutions will be incentivized to participate in that space. Once this happens, adoption could increase considerably and use case developer interest along with it.
Not only that, but by creating an ecosystem wherein people have their legal identities tied to their wallets, we are also implicitly creating an environment wherein scams are considerably lessened, as any fraud would be prosecutable by relevant authorities.
So we all stand to gain by creating these regulatory guardrails, and we also future-proof our project in the process.
We are building a Hyperledger Besu Ethereum Private network and masternode system to validate all important actions within the system by independent nodes. Each important action, such as validating a KYC process, would be recorded there with all associated timestamps and hashes.
In other words, it would allow auditors/regulators to trace each KYC request lifecycle, as we would be able to show all chain of events, including responses from KYC providers for various checks we made.
You can find the basic structure diagram of our KYC validation system below.
The core idea is that we operate in two networks simultaneously - in the Ethereum public net and in the Ethereum Private network (Hyperledger). Then, within these systems, there will be various sets of masternodes with different access settings. Some types of masternodes will be able to validate records only, other types will be able to read some extra data.
It’s worth stressing that we will be operating a supernode that will be populating a database with new records, and in this sense, the system certainly is not ‘trustless’ or ‘decentralized’. However, we must be a centralized system by design, as we represent a legal entity that is responsible for the data; but the Hyperledger setup will allow us to keep the whole process immutable and transparent.
All past transactions are stored in the blockchain and synced with masternodes. It would not be possible to revert old data this way; as we operate on a PoS private network, and nodes will ensure that no previous data will be altered. This way, even if we would want to change anything in the blockchain, all traces will stay in the system which ultimately restricts us from changing anything.
This is an overview of the current set of masternode levels we are implementing right now.
In addition, this solution would also allow us to promote this method of Proof-of-KYC for independent DeFi projects, as they would be able to confirm that their users are compliant.
Given the increasing formalization of the cryptocurrency industry, it’s unlikely that this remains a trillion-dollar unregulated sector. If we are to develop in a desirable direction, we must be proactive about complying with regulations expected of financial institutions.
The first move in that direction is creating robust KYC procedures to be able to protect users and remain legally compliant. Once this is done, we can begin establishing connections with regulators and financial institutions alike while embedding ourselves in the fabric of the traditional economic system.
In time, the CRD Network will be able to help other blockchain projects with onboarding and promote regulatory compliant ecosystems.
This is the future, and it begins by integrating the KYC procedures into our DeFi ecosystem.