Is compliance a double-edged sword for crypto companies?


1. Compliance seems to be a double-edged sword in crypto industry. From one side, compliance will broaden the target group of crypto. From another side, it may have limitations on the industry as crypto is always thought to be free entered and permissionless. How do you think about the paradox?

I think it is true to some companies that compliance might be a paradox, but we don’t see it that way. For a company of our size, we see compliance as an advantage. We absolutely see that being compliant in our space is the way of the future, and we already obtained various licenses/registrations and are in the process of obtaining more licenses around the world. We also have robust AML capabilities and controls. We see ourselves as a compliant company and we believe compliant companies have a longer viability.

2. How do you think about compliance for Defi companies given DeFi companies are premised on a decentralized and permissionless concept?

Bitcoin was born on a public permissionless blockchain; that hasn’t changed. What has changed is if it touches fiat, it can be subject to regulations because fiat currencies are subject to the multitude of financial regulations that have been around for decades. In terms of Defi, if it does not touch fiat, then it could stay unregulated in that world; however, at some point crypto has to link up with fiat, so DeFi is likely to be regulated. This is the current status, however, with travel rule implementation, all service providers will likely have to verify blockchain transactions too.

(A Bank Secrecy Act (BSA) rule [31 CFR 103.33(g)] — often called the “Travel” rule — requires all financial institutions to pass on certain information to the next financial institution, in certain funds transmittals involving more than one financial institution.)

For DeFi, there could be regulation implementation if more infrastructure built around Decentralized Identifier (”DID”) is in place. We will continue to watch this space. This is the reason why we believe this space is eventually going to regulated. At the fundamental level, public blockchain is still going to be permissionless. Once you build use cases upon a permissionless blockchain, and if you touch fiat currencies, that’s where regulation will likely kick in.

Another way regulations come into play is if you do a token issuance, that may implicate securities law. Securities laws around the world are relatively consistent. If it is a security, then you must register and disclose. And that’s a century old rule. So security laws would apply to ICOs. But there are cryptos which are clearly not securities, for example, Bitcoin and Ethereum. They may be regulated as commodities rather than securities. I think the whole world is probably going to gravitate towards that kind of regulatory landscape.

3. So what’s the difference between commodity and security regulations when applying to different tokens. Which regulation will be stricter, security or commodity?

When talking about commodity, you can just think about oil or gold. Bitcoin is more like digital gold, and therefore it is like a commodity. The definition of a security varies around the world, but a common theme would be whether a single entity controls a lot of it, and if so, it is a security. The legal test is whether it is sufficiently decentralized. In a layman’s term, if a single entity controls the bulk of the token, then it’s most likely going to be a security. For example, Ethereum when it was issued years ago and one entity controlled the bulk of it, it was a security then. But now, no single entity controls Ethereum, then it’s more like a commodity.

The regulations for securities are stricter. In the sense, when you issue a security, you must register and disclose. The disclosure obligation is pretty cumbersome and it varies from one country to another. In comparison, commodities trading itself is less regulated. But if you trade derivatives of commodities like oil futures, then you shall be subject to regulations on derivatives. For example, the CFTC regulates commodity derivatives in the US, whereas the SEC regulates securities.

Let’s talk about Asian countries. For commodities itself, sometimes it is not regulated at all. But the derivatives of such commodities, if they qualify as certain kind of derivatives, they would attract regulatory reporting requirements and other regulatory obligations.

4. With regards to KYC, does Defi or DAO require KYC?

For onchain KYC/AML, there are some tech solutions like Chainanalysis and Fireblocks that Amber currently uses to track and block suspicious transactions. In the meantime, we are developing our in-house capabilities in these areas. We believe more and more infrastructures, for example the use of DID, are being built and utilized to tackle compliance /KYC issues. Once the infrastructure is built and utilized, we could see more smart contracts being adopted by financial applications.

5. What’s the impact of compliance on NFT and GameFi?

I think NFT space is quite interesting. Some of the regulators have come up to say NFTs are speculative. But they also said that they will not regulate this space. Because if you think about it, NFTs are not the only speculative things out there. I think the regulators are recognizing that they can choose not to regulate certain things and leave it. But they would just make sure the investors or retail guys are aware of the speculative nature of these. And we can have disclaimers or we can have certain marketing guidelines to ensure that is not so readily available. And that seems to be kind of the way they are dealing with it.

And I think in the realm of gaming, at, least I don’t see directly a lot of direct regulations affecting gaming. What they can do is to say, if you have certain tokens which are being used in games. They will identify these tokens: are these tokens payment tokens, utility tokens or securities tokens? And if these tokens somehow are security tokens, they might try to regulate them.

6. How does Amber Group deal with compliance? Could you share your experience?

First of all, compliance is taken very seriously by Amber. The tone from the top is set by our cofounders to the senior management and all the way down. And then obviously you will have the framework which is created by people that you hire. All hired employees have the appropriate expertise, many of whom have experience working for regulated institutions and help to create the right control culture and environment in Amber Group. Another key area in which we have done heavy investment is in the realm of our compliance systems and processes. We use best in class vendors and systems that meet our business needs and ensure that if we meet our control and risk management requirements. For example, apart from sanctions monitoring, we also use established vendors to perform media screening, transaction monitoring and other types of surveillance; all of these things are just part and parcel of a good and solid compliance program.

One additional point to bring up is that we have a core set of policies that set a firm foundation for the compliance and conduct culture in the firm. Apart from typical policies, we have a code of conduct to make sure that all employees understand the values and objectives of the firm; we have policies to guide employees on the appropriate behavior and how to act in the marketplace while avoiding any kind of conflicts of interests, we have communication standards and other market conduct guidance as well. These are the things that we have worked on and continue to enhance — not every company might have a similar type of philosophy.

7. How do start-up companies deal with compliance? Do you have any suggestions?

A lot of it depends on the company itself. When you first set up, you might need quite a simple setup. If a start-up company does not serve customers all over the world, and your business model is a simple one, your compliance program and processes can be simpler. As the company develops in sophistication and complexity, then you should also grow your compliance and AML framework to cope with the increased risk of such activities.

Compliance is necessary because there are rules you have to follow when you conduct certain types of financial business. Following these rules will necessarily give you access to the right customers, investors and shareholders you want to attract. And as the company grows, you then build up and scale up the compliance/AML program. Even for Amber Group, since inception till now, the compliance and risk management program has evolved and become more sophisticated and granular.

8. Could you list milestone events for compliance since the industry initiated? For example, Coinbase is the first exchange to be compliant.

I think the milestone thing for me is countries accepting Bitcoin as legal tender. I think some African country, Central African Republic has also done that. Regulators around the world have also been issuing licenses to some of these crypto players. If we talk about Hong Kong, we have OSL and Hashkey got a Crypto Virtual Asset Trading Platform License. In Singapore, since last year, the first crypto licenses were issued by the MAS. A lot of action is happening in the Middle East. They have issued provisional licenses to a number of players. These are crypto milestones for me.

At Amber Group, we have obtained 12 regulatory licenses so far, including the licenses in HK, registrations with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), the U.S. Department of Treasury Financial Crimes Enforcement Network (FINCEN), the Australian Transaction Reports and Analysis Centre (AUSTRAC), U.K. Financial Conduct Authority (FCA), and Japan Financial Services Agency (JFSA), and a member of the Swiss Financial Services Standards Association (VQF). This reflects the company’s lasting commitment to compliance, security, and most importantly, investor protection as it strives to continue building trust and confidence in digital assets.

Obviously, there are certain Bitcoin futures, Bitcoin ETF, or funds that have started all around the world. All of these are, I guess, milestones that show increased mainstream adoption of crypto. Also, I think Visa is accepting or tying up with merchants to accept crypto payments, for example for luxurious goods such as Gucci and Lamborghinis. This will eventually be rolled out to more goods — paying for them using your crypto is a big milestone because it actually affects the daily life of people.

9. Could you make some conclusions about today’s conversation?

Actually, regulators are trying to maintain a balance between promoting innovation and development and ensuring financial stability in the ecosystem. As a responsible player in the ecosystem, I think compliance will make allow the whole industry to thrive and become accepted and not be considered “a wild industry”. Strike the balance and don’t be afraid of it, because it is a competitive advantage. Every time we talk to any interested stakeholder, they generally have two main concerns: first, are you compliant with rules? And the second one is obviously about information security. I think in this regard, Amber has prioritized these quite well for both compliance and info security of digital assets.