Crypto Compliance Can Be Easier Than Regulatory Clarity

When it comes to selling compliance services in the blockchain business, the two most difficult tasks are educating clients from financial institutions about what it is and then convincing them that for all the claims of crypto’s anonymity, it is easier than it sounds.

That’s a big part of Caitlin Barnett’s job at blockchain data firm Chainalysis, which works with the crypto industry and with banks and other financial firms looking to dip their toes into crypto, as well as assisting government agencies with training and investigations.

As director of regulation and compliance, Barnett’s job is to help clients — mainly those from the traditional finance sector where she started her career — “navigate this fun world of crypto compliance,” she told PYMNTS recently. “It is ever changing and it can be really overwhelming when you first try to get into crypto if you’ve never been exposed to it.”

Originally working in anti-money laundering (AML) investigations at Commerzbank AG and JPMorgan Chase, Barnett said the hardest thing to wrap her head around when she moved over to the Gemini cryptocurrency exchange’s compliance department was that doing that work could be easier in crypto than in traditional finance.

The thing is, all blockchain transactions are permanently and publicly recorded on blockchains like bitcoin and ethereum. And while cryptographic key codes shield the identity of the transactors, any one token can be traced easily. This means, you can see if a client’s source of funds is from an illicit service (like a darknet market or scam) or if they are trying to send funds to an address associated with a suspicious service. That’s why crypto is pseudonymous, not anonymous.

“We like to say that Chainalysis is essentially a phone book for the blockchain,” she said. “When you’re looking at blockchain transactions, it’s a bunch of alphanumeric, mumbo-jumbo that, while it’s completely transparent, you don’t know what that actually means.”

What Chainalysis does is match real-world services to the digital wallet addresses where the amounts of cryptocurrencies are shown, she said. That’s not easy — Chainalysis hires investigators from top law enforcement and intelligence agencies — but once illicit activity is connected to a wallet address, a web of connections to other wallets and services unfolds.

Easier Than It Looks

“I remember the first time I saw blockchain analytics,” Barnett said. “I saw that we were getting very clear information that funds were either coming from an OK source or a risky source. We were seeing very clearly if we were getting funds from a darknet market or if a customer was sending funds to a darknet market.”

That’s when a light bulb went off in her head, she said.

“This is completely different than what I was used to,” Barnett added. “I can very clearly say this is a transaction that is outside of my risk tolerance — I’m going to file a suspicious activity report, probably close the account.”

That’s compared to doing special investigations in a traditional financial institution’s correspondent banking department, where AML monitors are “limited to wire details and requests for more information and Googling — it’s a lot of guessing and looking for patterns, and you’re limited to what information you have,” she said. “With blockchain analytics, it’s very clear.”

That makes it easy to be comfortable that the transaction “came from a regulated institution, or say it came from a darknet market — we’re going to close the account, file an SAR, move on,” Barnett said.

That ability to easily conduct transaction monitoring has helped crypto shake off much of its early reputation as nothing but a currency for darknet markets and illicit actors, she said, noting that Chainalysis data shows that less than 1% of all crypto transactions are associated with illicit actors.

Show Us the Rule Book

On the regulation side of her work, Barnett’s job is a little muddier.

In a recent PYMNTS survey, 52% of traditional financial firms considering blockchain and crypto adoptions said unclear regulation was their top concern. That’s something Barnett can confirm.

“The lack of regulatory clarity is one of the reasons that institutions are hesitant to interact with cryptocurrency,” she said, noting that “The transition from an unregulated to a regulated market can be a difficult and sometimes painful one to navigate, for sure, but it’s obviously a necessary step that will bring greater safety to consumers and greater certainty to investors — in particular institutional investors — and helps to facilitate their entry into this space.”

That is happening, Barnett added, saying Chainalysis has “seen an increase in regulatory developments and believe that it is one of the drivers of growing adoption.”

One of the difficulties with this, she said, is that crypto and blockchain are developing so fast that it’s hard for regulators to keep up.

Don’t DeFi Us

The obvious example is decentralized finance, or DeFi, which has popped up fairly recently and is posing new and different questions for regulators, she said. For example, the EU’s new Markets in Crypto Assets (MiCA) law was intended to be a comprehensive legal framework, but the yearslong process forced regulators and legislators to leave DeFi and non-fungible tokens (NFTs) for another set of regulations.

“I feel like regulators make huge strides and then the technology just continues to advance and raises more questions for regulators to grapple with,” she said. “What I do believe to be really helpful is regulators around the world are really taking a deep dive to truly understand the nuances of this technology, in order to come up with thoughtful regulation that will not be outpaced by the next new development.”

What is needed, she said, is a combination of hard and fast rules and a softer regulatory sandbox where companies can experiment under closer supervision, to help “make sure that the regulation is truly applicable and appropriate for this new technology.”

The Two Biggest Questions

Right now in the U.S., the two biggest questions that need answering, Barnett said, are the “lack of clarity” about what makes a cryptocurrency a commodity or a security, and the regulation of DeFi. She noted that fitting the square peg of 14-year-old cryptocurrencies into the round hole of the Supreme Court’s 1946 Howey tests defining a security needs more work.

“We’re seeing so much activity there, and I’m having a lot of conversations with different DeFi customers who are trying to understand, do they have any obligations, and if so, what are they,” she said. Cooperation between the industry and regulators could be beneficial in establishing operable rules that wouldn’t curb innovation.

“So I think DeFi is one area that regulators are continuing to work on to try to thoughtfully regulate and understand the different nuances [in the technology — the difference between interfaces and protocols for example] and what [could or could] not be imposed upon these different [components and how that might work].”