Cracking Down on Evolving Crypto Regulations

Cameron [00:00:00] We know that it’s in the sharing of discovery and insights, that groundwork is laid. Problems are solved and entire sectors advance at the speed of light. Since 2016, we have offered objective high impact strategic advice and analytical services, helping to support clients in crucial business decisions at all stages of the product and business lifecycle. The digital identity industry is evolving, and so are we. One world identity is now liminal. Welcome to state of identity, I’m your host, Cameron Ambrosi. Joining me this week is the CEO and co-founder of Nota Bene Alice novel Alice. Welcome to the podcast.

Alice [00:00:41] Thank you so much for having me today.

Cameron [00:00:44] You and I have known each other for a number of years in the digital identity space. We previously, I think, last met at the New York City Blockchain Center for, I think, a talk that was being held on consensus in Newport. So, you know, you are, I would say, one of the more well-versed guests that I’ve had in terms of the growth and kind of breadth of digital identity, especially around, you know, the notion of decentralized systems and their intersectionality with identity. Obviously, you have founded Nota Bene, which we’re going to get into more in depth with the rest of this episode. But before we do that, we’d love to hear a little bit about your background, kind of how you came to know the digital identity space and your career journey to, you know, founding notes to.

Alice [00:01:35] Yeah, thank you so much. It is true. I think we first probably met around 20, 18 or so and then obviously met a couple of instances, including that New York blockchain event. So my background is in, I would say, generally like going way back is a math and economics, and I think that intrinsically made me super excited about the crypto blockchain space from probably, I would say, kind of like an intellectual perspective of combining cryptography and game theory and all that. But but by background, I’ve been mostly in the business space, working initially in management consulting and then in public sector consulting before I basically transitioned into working with startups specifically in identity and blockchain space. I would say if I take a step back, this happened during a time I was doing a bit of a career pivot and really looking at essentially what are the the most kind of like, I would say, intrinsic new technologies that are going to influence the way we interact digitally over the next 10 years, but also be able to enable financial inclusion more broadly. And through that, I got into the identity rabbit hole back around 2016, where intrinsically found that it was obviously a huge enabler, a huge, huge enabler for financial inclusion. So essentially started off that trip of digital identity, decentralized identity and ended up at Newport, where you and I both met around. Then I’m sure that path is not is not new on the shelves or you’ve heard it many times before. But what I would say I was surprised at when I got into that space was not only how fundamental that. The changes we’re doing to identity are going to be for obviously, I can think about generally how we basically do this identity to date, but also how fundamental this is for the success of the crypto industry going forwards. And so during my time at Newport, where I was basically head of strategy and operations, as well as running the you’re pretty much more broadly over and over the course of around the year, we were working with governments, banks, schools and a lot of a lot of companies around the world in implementing decentralized identity for a lot of great use cases. One of the things that we basically started seeing was that if we don’t do this correctly for for the crypto space, for DeFi, for others, basically the space won’t be able to grow the way it should and overcome a lot of the hurdles that it has today. And so that’s essentially how we ended up how ended up calling this event. So back in 2019, when the FATF or the Financial Action Task Force, who is the global watchdog for Anti-Money Laundering and Counter-Terrorism Financing Regulations, first came out and said, Hey, to the crypto world, you guys are obviously big enough now serious enough and we we would love to have you integrate the the broader traditional financial system. But you will have to implement certain measures to make sure that you’re putting controls for to catch money laundering efforts and stuff like that. So when they came out and basically said this is the crypto space, we thought this was a very big defining moment. From a long term perspective. This is really great for the space because it provides the clarity they need to be able to open the doors to more traditional, I would say, kind of institutional investors to interact with the crypto space and for more traditional players to actually start offering crypto products. And so offering that sort of a regulatory framework for crypto was super important coming out of the FATF in 2019. However, of course, what it raised were questions, which is for a very young industry that has not had to basically deal with a lot of these compliance issues is how would they be able to basically comply with a set of new regulations that where that essentially are not foreign to the to the fiat space, but that have been developed as part of the fiat space and not imposed on the crypto space where it looks quite different. And so we basically looked at that defining moment and said this can be a huge make or break for the industry, and we would love to be able to understand you basically from our site, since we understand how the infrastructure works for all of you, for all of our space. How can we help them comply in a way that makes sense, that is future proof, that is present privacy preserving. And that would be scalable in a world where intermediaries are not how it looks in the fiat world, where essentially in many cases there aren’t intermediaries and all the rest. And so that’s, I would say, a bit of the fun around a venue, but essentially restarted that advantage to really help companies in our space comply with the new anti-money laundering restrictions or regulations that are being imposed by the FATF.

Cameron [00:06:04] And I suppose that’s a great intro to diving a little bit more deeply into, you know, some of these regulatory winds that are kind of blowing across the space. I would presume that, you know, some of our audience might be already familiar with what we’re talking about, but I guess just to to double click on that for folks who might want a little bit of a primer. There’s this thing called the travel rule that kind of governs how money moves through the traditional correspondent banking system. It’s called the travel rule because the requirement is essentially that the account information of who is sending the money needs to kind of travel with the wire transfer across all the different correspondent banking hops that it makes. So if it leaves, I don’t know. A regional bank in Kansas City, then hits JPMorgan Chase, then hits a bank, I don’t know in London and then hits a bank in Bulgaria as the final destination. It’s expected and required by both U.S. and European regulatory agencies that you know that it was Camara de Ambrosi at this address and from this originating bank who sent the money that needs to kind of it gets stapled, if you will, to the wire information moves along all of those hops. Regulators now are set to introduce travel rule requirements to cryptocurrency, which at first blush, it sounds pretty straightforward. OK? You need to, you know, kind of disclose who is sending the money. But when you think about the notion of applying a framework that was built around centralized systems with known institutional counterparties every step of the way and you apply it to cryptocurrency where I don’t need any institution at all to have a cryptocurrency address to receive, you know, coins sent my way. It gets a little bit more challenging. I know that was a bit of an ad hoc explanation, but would you say I did a pretty good job of of level setting?

Alice [00:08:04] Yeah, I think you did a great job here and I think. You’re exactly right. And maybe I can give here a bit more background into this, essentially why this travel is important and why it is important for the crypto space. And then maybe I could touch upon some of these challenges that you started raising here. So as way of background, as Cameron mentioned, the travel rule is essentially part of the wire. It is called the wire transfer rule more broadly, and it’s been part of fiat systems for many years now. But as Cameron mentioned, it’s basically instituted by Fiat when there are cross-border transactions. So when regulators looked at the crypto space, they actually said, Well, let’s assume actually that every transaction here was cross-border. So the travel applies here even more broadly that it doesn’t fiat. So that’s kind of the first requirement coming in for the crypto space. The second piece is that essentially unlike in the unlike in fiat, where the transaction or the settlement layer happens after the settlement happens after the wire transfer has been set there, after this data has been sent in crypto, it looks different by most cases, right? The transactions haven’t instantaneously or today they do. And essentially, one of the questions here is going to be how can we institute this requirement for our space in a way where the travel data transfer is happening at the same time as a transaction or even better before? And this, of course, raises a lot of questions because we’re talking about the blockchain as an instantaneous settlement. Their third think that Cameron mentioned is when he talked about the banking system is that there is an existing trusted network of banks, right, which is governed by the Swift network and all that. But of course, the equivalent in crypto doesn’t exist. And especially right now, at a time where crypto companies are in the process of applying for licenses or getting registered globally, there isn’t as much information about the status of each company. And so just kind of taking that step back and say, OK, so there is this travel requirement. So what is it going to mean for the crypto space? So generally, before we go into more kind of and that’s how how the crypto industry is going to deal with the challenges for the travel rule. Let’s, first of all, start off with talking about why this is a requirement from the regulators. So in general, from a regulatory perspective, they want to make sure that not only does an exchange, let’s say, KYC their own customers and know that their own customers are not sanctioned individuals, they want to make sure that exchanges are able to manage counterparty risk. So for every transaction going out of their platform, they want to make sure that the counterparty is not a sanctioned individual. So it is not that necessarily that the regulator cares that the part that the counterparty of a transaction is camera or is. But essentially, they just want to know that this person on the other side of a transaction or this business is not a sanctioned individual or is not a bad person. And that’s where the impetus of the rule is coming from.

Cameron [00:11:01] You know, Alice, it seems it seems like one of these things where on paper or when you talk about it like, Oh, we just need to append, you know, identity information to a blockchain transaction, it seems pretty straightforward. Obviously, the most straightforward use cases like I have an account at Coinbase and my counterparty has an account at Coinbase, really straightforward and simple, but I think it can spiral out into, you know, orders of magnitude, greater complexity when you start thinking about, you know, all of the different permutations of of possible transactions. What are some of the main challenges that you see in terms of bringing, you know, compliance with these new regulations to the broader crypto space?

Alice [00:11:47] Yeah, great. Great question. So I’ll start with basically detailing with that simple transaction that you mentioned the different challenges and that would take a step back and see how our company is going to handle this and how are regulators looking at it? So let’s say you come cover and have an account like Coinbase. You’re sending me a transaction and my account is at Kraken. So it’s actually the first thing when you basically want to initiate a withdrawal with Coinbase, the first thing that they need to know is be able to identify whether this is a travel transaction. So in the US, the threshold today is $3000, and assuming right now that I’m signing the transaction that you’re sending is about thousand dollars. And it’s not as simple as saying, OK, this counts, but what they have to do is say is is the account that Cameron is initiating a transfer to is that account a hosted wallet or custodial wallet? So that is the first question. The second question is who? Who does this belong to if it is a host of wallet? So in the case that it is a hosted wallet and it is above $3000, then the travel rule applies. But to be able to prove that it’s a hosted wallet, it’s not. It’s not that simple because given the tools that are out there, it’s only usually a relativistic answer. And so it’s not very fool proof just to start with from. That perspective, and then let’s say in this case, Coinbase has been able to identify that the wallet is essentially is hosted, the next thing they need to do is basically under be able to verify the institution behind it and be able to perform due diligence on them before they initiate any travel transfer with them. And so in this case, if they identify it’s Kraken, the next thing they need to do is check whether Kraken has the right basically registration or licensing and the appropriate jurisdiction, what their KYC processes are in-house, what their data storage policies are essentially doing, the equivalent of due diligence for a correspondent banking as it exists today in the fiat world. And that in itself, as you can imagine, is quite a cumbersome process for such a young space and for generally smaller compliance teams, as we have today across the across the crypto industry. And the next thing that happens is that for Coinbase to actually be able to send a trackable transfer over to to Kraken in this case, they actually need to ask you, Cameron, for additional information. So today, whatever you withdraw crypto, I was in the transaction. You only have to put in an address, but now you’re going to be required to add the beneficiary name, which in this case is mine. And so what Coinbase is going to have to do is, first of all, trust that you put the right name. Then they’re supposed to perform sanctioned screening on mining. And of course, here the natural next question is, are there going to be a lot of false positives? Because if they only have my name and let’s say my name as something more common than all of the snowfall, but something like Jane Smith, then they’re going to get a lot of a lot of false positives. And that’s of course, going to raise questions. How would they deal with this? But let’s assume it is Alex. Now fall. There are no hits. Now they have all the information they need to initiate a travel transfer to Kraken. The next question is how will they send that message over to Kraken? In this case, there are multiple different messaging protocols out there. Somewhere are open, open source industry that others are close source requiring a fee, and most of them have really good basically security measures in place. Some obviously probably are more but faster than others or have more privacy preserving elements or more decentralized. But of course, the challenge here is Coinbase needs to identify which of the protocols is Kraken life on and basically wrote the message accordingly. And then basically, the requirement is not only that Coinbase sense this travel data over to crack it, but Kraken is supposed to confirm that the blockchain address indeed belongs to them, that this novel is indeed a customer of theirs before the transaction is allowed to go through. And so if you think about it now, we’ve added almost like 10 additional steps before any of the transaction can go through. And that obviously sounds like a big nightmare to all the product and people exchanges from their perspective. Given all the challenges I mentioned here, how can they make this process happen in milliseconds so it doesn’t impact transaction flow as it as it goes today?

Cameron [00:16:07] It sounds like if I’m reading between the lines here and correct me if I’m wrong, that you envision no to Bennie as almost being an orchestration layer that can help platforms kind of make heads from tails when it comes to which protocol to use for performing kind of this travel rule diligence. So regardless of whether a platform is, you know, using U.S. travel, U.S. travel rule, working group protocol or another kind of challenging protocol, you almost see Nota Bene as being a layer on top of that that serves as kind of a smart or intelligent switching layer that can make sure that you’re using the right platform and you guys are kind of hoping to be protocol agnostic. Is that safe to say?

Alice [00:16:55] Yeah. Yeah, it’s actually a great summary. So the way we look at this is saying, OK, so we are a safe platform for helping companies manage counterparty risk and crypto transactions and essentially look at transactions between two hosted wallets. That’s where the trouble applies. And that’s where we would form that sort of orchestration layer. First of all, in terms of determining which protocols to support and being that sort of protocol agnostic. But we also provide that trust layer. So in addition to the messaging layer. And this is sort of like if it’s very swift, like we would basically enable companies to be able to collaborate with each other to trust each other and then be able to identify each other’s customers. So we do kind of do that orchestration layer there. And then in addition to that, we provide companies with tools to be able to help help them manage risk more broadly, so not only with hosting wallets, but also with unhosted wallets. So a lot of regulators are pushing some stipulations around how to deal with that. And so we help them be able to to do this via a variety of tools

Cameron [00:17:56] on that regulatory piece. And sorry, if this is a bit of a sidebar, you know how our regulators thinking about approaching the challenge of unhosted wallet? In the sense that if it’s a wallet address that I just spin up myself like I have, I don’t know, a trees or a hardware wallet that I basically control as a user. How are they thinking about applying travel rule to those wallets that have no ties to any VASPs or virtual asset service providers?

Alice [00:18:24] Yeah, it’s a great it’s a great question. And just I guess here for the audience, it’s probably kind of important to see that the travel as it sits, of course, within fiat. It’s very simple. It’s always happening between intermediary institutions. But here, suddenly for regulators, it poses this big question because the travel only covers, let’s say, today around 40 50 percent of transactions. But what about transactions between hosted on unhosted wallets? And what happens there? And the short answer is that the travel rule should should not happen there as it is because there shouldn’t be this sort of like PII or private and inside information of a customer being shared with within an hosted wallet. It does not make any sense, but there should be some some risk management measures being taken by the hosted exchange to prove that the unhosted wallet is not that of a sanctioned individual. And so essentially, what we see coming out of FATF is not yet a single, basically a single requirement around unhosted wallets, but just basically from their perspective, they said that peer to peer transactions are not do not necessarily pose higher risk, but a host to host the transaction on a on a local regulatory level. Local regulators could impose some requirements for exchanges to de-risk the transactions going to private wallets or unhosted wallets in this case. What we have seen is a variety of a variety of different kind of requirements. So for example, in the U.S., there was the famous NPRM coming out of FinCEN. I believe it was in December which was going to require the identification of an owner of a private wallet. The question this raises is like, what is it actually helping like exchanges do, but just gathering a lot of information, including address and so forth. But other other jurisdictions such as Singapore, Switzerland and the Netherlands are are basically imposing verification of wallet ownership in this case. So what would be required here is that let’s say, Cameron, you’re right now sending some ether from your Coinbase wallet to your own MetaMask, Coinbase, let’s say Coinbase Europe would have to basically verify that this indeed is your own wallet. And in that case, be able to show that you’re not a sanctioned individual because they’ve already performed such a screening on us part of your KYC process.

Cameron [00:20:41] Forgive me for for thinking like that sounds, I guess, possible on paper. But practically speaking, like what are the mechanisms that they expect? You know, VASPs to use to verify ownership of, you know, what is. You know, it’s not anonymous. I’ve talked about this a lot in the podcast like these are pseudo anonymous addresses because it remains persistent and you can go and audit using chain analytics. The transaction history of it so not totally anonymous, but a pseudo anonymous wallet like how do they expect for an individual to kind of assert control over that and tie that wallet to a legal identity?

Alice [00:21:19] Yeah, it’s a great question. And some of the some of the measures that have been shared by the regulators include doing the equivalent of a Satoshi test or essentially sending over a small transaction and being able to prove that you’ve received it. But it does require gas fees, and so essentially it’s not an ideal solution. Other things they’ve also shared includes, for instance, asking asking their end users to take a video or basically being like or doing a live video together with someone of their customer support team to show they own a wallet. Obviously, it’s also not very scalable, not very foolproof. What we have proposed to do that is several kind of new ideas related to decentralized identity, which we believe would be a much better way of doing this, as well as helping those end users be able to have some more privacy preserving elements involved as well. And they’ve been very receptive to it. So I think that that’s going to be kind of the path forward most likely. In the meantime, what we also offer our customers is essentially the option for certain supported wallets to do a digital signature, just using the private key to show that they control the keys of a wallet at a certain point in time. And essentially, for an exchange that would have, they would just have a record in their in their database that let’s say at this point in time, Cameron controls the keys of this wallet, and this should be enough right now for regulators. Yeah. So I guess from this perspective, it’s actually not foolproof and there’s a lot of questions around this. We expect this to change a lot over the next few years, especially once you start talking about multisig wallets and all the rest. So what I do think, though we should do as as an industry because we have some great technologies here is actually maybe take one or two steps ahead of the. Later, because we know that this is going to be coming in some shape or form and starts thinking ourselves about what are maybe some good solutions that would be privacy preserving, that would make sense from a U.S. perspective and actually engage the regulators on them so they don’t go ahead and propose basically solutions like videotaping or others.

Cameron [00:23:27] That makes a lot of sense. So what’s next? You know, I do like to ask my guests to kind of take out their magic crystal ball, gaze into it and make some predictions for the future. Obviously, you know, to some degree, you’re already kind of on this cutting edge. And to your point, really thinking about how can we get ahead of the regulators and proposed technology first solutions that are truly scalable, privacy preserving? Well, you know, trying to meet regulatory mandates that may be coming down the pike in the future. But to that end, we’d love to hear your thoughts on, you know, what we can expect to see in this space over the next couple of years.

Alice [00:24:04] Yeah, I have a few thoughts there. I think the first and easy one is going to be that the travel rule is going to be implemented relatively well by exchanges and is going to give regulators a vote of confidence in our space. I do think that we’re very close to really scalable solutions across the industry, and I think the next year, obviously, there’s going to be some slow implementation challenges as every company really kind of figures out how to switch it on and just get comfortable with new processes. But I think that probably around the years time, a lot of regulators are going to be pretty happy with the progress of our space. In many cases, what we’re doing provides even more transparency and is able to help us catch basically like money launderers and bad actors much better than Fiat World. So I think that’s going to be a big win for us, and that’s going to help us basically have a larger kind of footing with the regulators so we can be able to have more. I would say like close conversations regarding DeFi and others. I think an immediate kind of response to this is going to be from an industry perspective that is going to make it very comfortable for fintechs and traditional financial institutions to actually start interacting with crypto products and be able to start offering crypto products themselves. So if you think about a company even today, let’s say like PayPal or others who are have announced plans to allow withdrawals but haven’t yet ruled it out, the travel is going to be the thing that allows them to do so. And if we just look at many other, I would say, kind of traditional advice or fintechs who right now want enter the space, this is going to be kind of an enabler. So we’re pretty excited about that. The next thing which I touched on a bit before. Essentially, while the travel rule is going to be a win and that’s happening between think about within the sci fi world, how can you between hosted exchanges, there’s going to be a big question around how to deal with DeFi. We already see questions around this coming from the regulators, from FinCEN, from FATF, where one of their big things is that essentially, while they do believe that developers of all the rest should not be regulated in the same way that centralized exchanges are, they don’t believe that many DeFi projects that they are decentralized enough. And so there is going to be obviously a lot of education down there, but also changes proactive changes, then from outer space to basically really kind of signal what a decentralized exchange or protocol all the rest will look like and how we can actually educate the regulators on this. Because for some regulators just trying to understand all this is going to be too hard, and they may just be an easy path for them to to to essentially make it illegal or something of this sort. And so I do think this is going to be really important for us as an industry like the big battle over the next two years is going to have to be both on one side, like educating the regulators on DeFi and making substantial changes to the product and all that, but also as an industry taking that step back and saying, how do we make sure to implement effective anti-money laundering measures in the DeFi world? And that’s one or two step kind of ahead of the regulators before they come in and impose something like the travel, which would not work in DeFi. It is not the right solution for DeFi. And so I do think that’s going to be definitely something for us to figure out how to shape forward. Now, if we do this correctly again, I think it’s going to be a lot of opportunities here where we’re hearing from a lot of our customers and also from a lot of traditional financial institutions that they they have so much demands coming from their own customers for DeFi. And so we think this is really going to help make DeFi a very big industry, and it’s just going to open up basically to all this new new basically users and investors and all the rest. So yeah, I think this will be probably chatter. We might feel kind of like big situations going forward.

Cameron [00:27:53] Yeah. You know, I couldn’t agree with you more, and I am really heartened by the efforts that, you know, you and other folks in the space are leading because I think it drives at the heart of some of. A criticisms of the broader kind of decentralized space that, you know, it’s like, oh, this is a haven for terrorist financing and money laundering and all these, you know, in my estimation, specious accusations, you know, specifically because look, I used to be specifically an anti-money laundering professional and the notion of doing money laundering on a platform where there is a permanent record of every place. The currency that you’re moving has ever been and will ever go is like the single worst possible thing for money laundering. There is no such thing as layering cryptocurrency because you can see where it all came from. Like, you know, hot take alert. There is no better place to launder money than the traditional financial system, specifically the U.S. financial system. You know, we could go into any number of loopholes and crazy ways that it’s surprisingly easy to move illicit gains and do terrorist financing through traditional banks. But I think the progress that that, you know to Binay and other folks, you know, whether it’s U.S., TRW or or other initiatives are making towards, you know, proving that we can have all of the benefits of decentralization and really, you know, punch holes in some of these unfounded criticisms of the, you know, recklessness or lack of, you know, safety and controls around cryptocurrency, I think is is really great. So really excited to have connected with you today. Really excited to to watch the growth of note to Ben. And I guess as a last question for folks who are interested in learning more about the platform or getting in touch with you, what is the best place for them to go?

Alice [00:29:51] Yeah, great question. Well, obviously our website where you can learn a lot about what we do. We also have webinars and we often share content on Twitter and LinkedIn. We actually have just like a weekly small snippet of news coming out of the regulatory world. Also, have our newsletter, but please do feel free to get in touch with me as well. Just tweet with email and it’s just my first name, and that’s it. And thank you so much for having me here. It’s been really fun to chat about the world of crypto regulations.

Cameron [00:30:23] Yeah, it’s my pleasure. Please consider this an open invitation to join us. You know, I would imagine the next time we touch base, a lot of crazy things will have happened. You know, whether it’s growth on your end or continued kind of shifts in how regulators are approaching these, these, you know, quite frankly, really relevant and burning questions about kind of the future of global finance. So thank you again for joining us and we’ll talk to you again soon.

Alice [00:30:50] Yeah, thank you so much.