Highlights

  • In recent years, the digital asset industry has made great strides in the area of ​​regulatory compliance. As an industry leader, Binance prioritizes maintaining a robust and comprehensive compliance program.

  • We're launching a new blog series, Follow the Rules, to raise awareness about the role of compliance in cryptocurrency and highlight the impressive work our Compliance team does every day.

  • In the first article in this series, we examine the components of regulatory compliance, the differences between traditional financial organizations and crypto financial organizations in terms of this function, and what the current regulatory compliance landscape looks like in the cryptocurrency space.

Some people who are not yet familiar with the digital asset industry tend to think that it is a place where the rules and laws that govern other sectors of financial activity do not apply. Exposed to a mix of anecdotes from the early days of cryptocurrency—when many early adopters considered trading digital tokens to be more akin to trading football figurines than trading financial assets—and the facts of some cases Crypto-related fraud scandals such as FTX may form the opinion that cryptocurrency companies are inherently incapable of being regulated and compliant.

The reality of compliance in the cryptocurrency sector is very different from this uninformed image. In just a few years since the first centralized cryptocurrency exchanges emerged, the digital asset industry has improved its compliance capabilities by leaps and bounds. In recent years, Binance has invested enormous resources in building a next-generation compliance program whose complexity and technological robustness can match those of traditional finance giants.

To shed light on the fascinating work our regulatory compliance professionals do, we launched Follow the Rules, a blog series that explores the state of compliance in the cryptocurrency industry and focuses on several domains that the Binance Compliance team is working on. watching In this introductory article, we take a look at what we mean by compliance in general and how cryptocurrency compliance differs from traditional finance.

Compliance in financial organizations

When people think about regulatory compliance in the context of finance, the terms KYC (Know Your Customer) or AML (Anti-Money Laundering) are often the first to come to mind. Of course, these two are important components of any compliance program, but the impact areas of the compliance function in a mature financial services company, traditional or cryptocurrency, are not limited to KYC and AML.

Simplifying for the sake of clarity, we could describe compliance as comprising three main areas: AML, consumer protection and regulatory compliance (i.e. licensing). Under these overly broad, and often complementary, categories fall a group of disciplines that underlie the compliance work of financial organizations and which we will address in this blog series.

For example, the AML category can be divided into areas such as CIP (customer identification programs), KYC, CDD (customer due diligence), EDD (enhanced due diligence), customer screening (including those subject to to sanctions or have been designated as politically exposed persons, or PEP), transaction monitoring, reporting of suspicious activities/transactions/matters (SAR/STR/SMR), risk assessments, audits, ABC (fight against bribery and corruption ), travel rules, and many more.

The consumer protection side, in addition to many of the aspects mentioned above, incorporates data protection measures, terms of use, customer information, segregation of assets, UDAAP (unfair, deceptive or abusive acts or practices, a specific term of the United States that has counterparts in most countries), anti-scam and anti-fraud controls.

On the regulatory front, compliance officers work to ensure that the company has implemented the necessary processes and controls to comply with the regulations of the jurisdictions in which it operates. This also includes license applications, maintaining relationships with regulatory bodies, managing external auditors as necessary, managing regulatory examinations, and meeting any post-examination or audit remediation requirements.

In many jurisdictions, the compliance officer is primarily responsible for ensuring that a company's operations comply with applicable regulations, and who assumes personal responsibility for any non-compliance that occurs during his or her tenure. While other executives may share some level of responsibility, the compliance officer is expected to have the autonomy and authority to act independently to ensure that the company meets its regulatory obligations.

A compliance program can directly manage these areas of responsibility, or it can provide oversight, governance support, and quality assurance testing.

Crypto Compliance: Unique Challenges

Running a compliance program for a digital asset services company involves covering all the same bases as in traditional finance, and also facing a host of new challenges.

The biggest difference between TradFi and cryptocurrencies has to do with the maturity of the regulatory environment, the rules governing the sector, and the lack of consistency between jurisdictions. For one thing, different countries have significantly different definitions for various cryptoassets, which has huge implications for compliance work.

Another big difference is the very nature of digital assets. Most cryptocurrencies were designed to run on decentralized, distributed, permissionless networks that operate without any central governing body. It is the embodiment of the principle “the code is law.” In a permissionless network like Bitcoin, there is no central body that can prevent a transaction from occurring. There are no “chargebacks”. There are no product recalls. Transactions are permanent with no recourse to the originator. This can create challenges for centralized service providers like cryptocurrency exchanges that are fundamentally different from the TradFi space.

Traditional finance is dominated by highly centralized payment networks where transactions are slow (with typical processing times measured in days rather than minutes or seconds), can be reversed, blocked by third parties, or even seized. Consumer protection laws in many countries allow retail users to dispute charges on their accounts, sometimes up to 6 months after the fact, and the underlying service provider is required to compensate the user.

What this means is that many of the traditional controls that exist in TradFi will not work well, if at all, in the context of cryptocurrencies. This justifies a different conception of consumer protection. For example, if a user shares their password or private keys with someone and that third party liquidates a wallet, there is no way to recover the assets that have been moved and no centralized authority to “refund” the customer's funds.

For this reason, centralized exchanges typically offer their customers advanced account security tools, perform more device and fingerprint analysis, flag withdrawals that appear to be destined for risky wallet addresses, and run customer eligibility tests to evaluate the level of users' understanding of the risks associated with certain products or services.

Transparency and speed

In the world of distributed ledgers, transparency makes a key difference. The current financial services sector is a secretive and opaque network of different payment and settlement networks where only a select few can have access to essential information.

Think about the SWIFT network. Only member banks and financial institutions have access to the SWIFT messaging system, and this access is limited to transactions being processed by the specific institution. This provides a level of financial privacy, but also allows institutions to operate surreptitiously.

Public blockchains, on the other hand, are highly transparent, sometimes almost to a fault. All transactions are published for everyone to see. While the names of the people and companies that are the originators and beneficiaries of these transactions are not easily accessible to an outside observer, most blockchains are pseudonymous. This means that there are key pieces of information that can be used by the public or blockchain analytics providers to identify originators, beneficiaries, transaction patterns, and wallet balances.

Using social engineering techniques, these wallet addresses can often be attributed to the real-world people or companies that own or control the wallets. Going back to the SWIFT example above, this is as if every person in the world has a front row seat to every SWIFT transaction and every associated bank account data that has ever been processed.

This level of transparency raises numerous concerns around data privacy and individual security that the cryptocurrency sector must address. On the other hand, it also offers enormous opportunities for exchanges and other players in the sector to build tools that allow them to understand much better what is happening in blockchain networks worldwide, piercing the veil of transactions that can be carried out in layers to avoid its detection. This provides global crime fighters with an effective way to investigate illicit activity, while minimizing the need to obtain court orders, subpoenas or resort to mutual legal assistance treaties (MLAT) to investigate the movement. cross-border funds.

Lastly, a key value driver for the cryptocurrency sector is speed. In the world of traditional finance, transactions often take days to settle. One of the promises of digital assets is the ability to be settled in near real time. Applying the same regulatory expectations and similar compliance controls and processes used by TradFi platforms to the cryptocurrency sector threatens to destroy the value and efficiency achieved by crypto transactions.

How do cryptocurrency companies approach compliance?

Given the complexity of the task at hand, the level of compliance practices and processes that today's digital asset industry has reached is impressive. Furthermore, given the speed at which major cryptocurrency companies continue to progress in this domain, we can expect industry compliance standards to become even stricter.

Anti-money laundering (AML) work has been the main focus of cryptocurrencies in recent years, and will continue to be so in the future. Strict AML laws have been enacted in most developed countries over the past two decades, and they are largely technology-agnostic. This means that AML rules for cryptocurrency companies (especially those that also support fiat) are well established and understood by the industry.

Basics such as obtaining customer identification information (KYC) or monitoring transactions for suspicious activity and complying with international sanctions are nothing new for crypto companies, as they represent the basic elements of any compliance program.

The pace of adoption of a compliance ethic in the cryptocurrency sector has accelerated in recent years with the emergence of greater regulatory clarity and a common acceptance that AML laws in most jurisdictions apply to the cryptocurrency sector. cryptocurrencies. Additionally, strategic partnerships with traditional banking and payment networks have helped accelerate the move to a more compliant approach, as having fiat rails is a clear differentiator in today's digital asset market. Traditional financial institutions require the exchanges they support to meet their compliance standards, AML, sanctions, and anti-fraud measures.

There is also a healthy dose of collaboration among compliance leaders within the cryptocurrency industry. We accept the truth that another major FTX-style scandal could cause irreparable harm to the entire industry, and it is in everyone's best interest to collaborate on emerging trends, risks, and solutions to the issues and challenges facing compliance. in the sector.

Binance: At the forefront of regulatory compliance for cryptocurrencies

For Binance, compliance is the top strategic priority, and a compliance mindset is embedded in everything we do. We have come a long way since our early days in how we approach this key aspect of our operations and have realized that advancing cryptocurrency adoption and money freedom is only possible in close cooperation with regulators and strict compliance with all applicable rules.

Binance has invested heavily in finding the best KYC providers and data sources in each of the jurisdictions where we operate. This allows us to offer the best possible user experience while still complying with local and international laws and regulations. The location of our controls is also a demonstration of our commitment to understanding our customers and adapting our solutions to their needs.

There remains a disparity in the industry in terms of the level of compliance that participants have. This is mainly due to the fact that compliance is difficult, expensive and creates customer friction. Larger cryptocurrency companies, such as industry leader Binance, have more resources and are therefore better equipped to implement the numerous vendor solutions and create internal tools that a robust compliance program requires.

Over time, regulatory compliance in cryptocurrencies is becoming more structurally similar to how this work is organized in a traditional financial services company. However, as they face numerous new challenges every day, cryptocurrency companies will develop—and in some cases already have—more sophisticated tools, better data, and a greater understanding of how individual transactions fit into the bigger picture.

To delve deeper into various aspects of Binance's compliance program, stay tuned for future posts in our Follow the Rules series.

Risk Warning: Digital assets are subject to high market risk and volatility. The value of your investment could increase or decrease, and you may not get back the amount invested. You alone are responsible for your investment decisions and Binance is not responsible for any losses you may incur. Past performance does not guarantee future performance. You should only invest in products that you are familiar with and whose risks you fully understand. You should carefully evaluate your investment experience, financial situation, investment objectives and risk tolerance, and consult an independent financial advisor before making any investment. This material should not be construed as financial advice. For more information, please see our Terms of Use and Risk Warning.