Cryptocurrencies and its underlying blockchain technology is upending the traditional paradigm for financial institutions and regulators around risk management. This disruption includes unique challenges around identity association and verification in the cryptosphere, specifically around decentralized exchanges, applications (DApps), and identities. We discussed these topics with Judith Alison Lee, a partner at Gibson Dunn & Crutcher, who advises on issues relating to virtual and digital currencies, blockchain technologies, and distributed cryptoledgers.
Judith, what are the legal challenges in identity-linking and verification in the cryptosphere?
Judith Alison Lee: Given the pseudonymous nature of cryptocurrencies, there needs to be a framework — most likely at the exchange level — to identify the individuals that transact in cryptocurrencies. Most exchanges do collect and attempt to verify customer identifying information; however, depending on the exchange, the information collection and verification may not be robust, and customers may engage in various location- or identity-masking services that pose challenges.
Additionally, there may be jurisdictional challenges regarding privacy laws and the transfer of identifying information. Finally, as we are seeing more and more decentralized platforms supporting peer-to-peer transactions, linking customer identity to particular transactions will likely become more difficult.
How are regulators starting to deal with identity and blockchain?
Regulators are requiring licensing or registration for money transmitter licenses at both the federal and state levels, which requires such entities to comply with Know your Customer and anti-money laundering (KYC/AML) requirements and is one way regulators are addressing identity.
Judith Alison Lee of Gibson Dunn & Crutcher
Given the pseudonymous nature of cryptocurrencies, there needs to be a framework — most likely at the exchange level — to identify the individuals that transact in cryptocurrencies.
It gets a bit more complicated when we start to talk about linking participants to particular transactions, particularly since the transactions in spot-market cryptocurrencies are not regulated in the same way as transactions in securities or derivatives. As a result, regulators have focused on fraud and manipulation in those markets and have relied on asking the exchanges for transaction-level information, including any identifying information they have collected.
With regard to KYC/AML, terrorist financing, and anonymous transactions, what does the legal landscape look like and how are states or the federal government handling this currently or planning to in the future?
At the federal level in the US, entities that exchange cryptocurrency may be required to register as money services businesses, while at the state level, many (but not all) states require them to obtain a money transmitter or equivalent license. Both the states and federal government have been involved in enforcement actions to protect against fraudsters in the cryptocurrency space.
In the future, we will have to wait and see if the next Congress will issue legislation on cryptocurrencies.
Is there a way to utilize blockchain for customer due diligence?
It certainly seems that there is a role for blockchain in customer due diligence. The permanent and transparent nature of the blockchain makes it a logical tool to streamline the KYC process. The blockchain would likely be a good way for regulators to have a single source of data and access to the latest information. However, it seems unlikely that a blockchain solution could be utilized for all customer due diligence — though it could certain help to simplify it, particularly for financial institutions.
Clearly, these are the embryonic stages of regulation and oversight for identity management and verification in the crypto space. As adoption of these token rise, global banks and government agencies will further adapt under this decentralized technology-driven revolution.