The Future of Compliance in Crypto: Embracing Compliance by Design

Compliance has never been more of a burden on companies and organizations than it is today. This can be explained by several factors, including the rise in volume and complexity of financial crime, more opportunities and incentives to commit fraud or engage in money laundering, and the sheer number of laws and regulations that exist today compared to even 20 years ago, as regulators around the world try to remain one step ahead of bad actors. 

But when you look closer, one of the main reasons why governments have intensified the regulatory burden on companies is that we live in a very globalized and interconnected world. 

As a technologist, entrepreneur, and crypto enthusiast, I had no choice but to spend a great deal of my time thinking about compliance. While I might not have the academic regulatory knowledge of someone who went to law school or worked for a government agency, I have reached the conclusion that the most effective way to deal with compliance is not to adopt a “reactive” approach that depends on the constantly changing regulatory environment and political mood, but instead to have a more proactive mindset and directly embed compliance into the product you are selling. This is accomplished by understanding the driving forces and motivations behind regulatory requirements for a specific industry. I call this “compliance by design”.

A brief overview of the history of compliance.

Compliance as a broad concept has existed since humans began to organize in the form of early governments, but it was not until a few centuries ago that compliance became so complex that it required a specialized industry of lawyers and professionals to help companies deal with regulatory requirements. During the 19th century, bills like the UK Factory Acts started emerging to limit the actions of companies that grew bigger thanks to the Industrial Revolution.

However, it was only during the 20th and 21st centuries that we started truly seeing new regulatory requirements emerge as a consequence of increased globalization, rising international trade, significant growth of the financial sector, and the emergence of disruptive technologies such as the Internet and smartphones. 

Because the world keeps moving so fast, today’s companies need to constantly adapt to regulatory requirements, with financial compliance and data protection constantly appearing at the top of the list for most organizations in the Western world, who dedicate a significant amount of resources to such activities.

The Sarbanes-Oxley Act of 2002 imposed strict reforms to improve financial disclosures and prevent accounting fraud following the Enron collapse. And while Anti-Money Laundering (AML) measures already existed since the 70s, the Know Your Customer (KYC) procedures were also introduced at the beginning of this century following the 9/11 terrorist attacks on U.S. soil. This forever changed the banking sector in the United States and across the world.

Although customers' average banking experience significantly worsened, the system was working relatively well—especially since banks already had the capacity to absorb burdensome requirements given their size and operational infrastructure. But right after the 2008 financial crises, something completely new emerged—something that would also change the financial sector as we knew it. 

Why is crypto such a big deal in compliance?

Some may argue that Satoshi Nakamoto's release of the Bitcoin whitepaper radically changed the world's view on compliance and regulation within the financial sector. When we look at Bitcoin’s architecture, we notice that it’s designed to be a permissionless system, where anybody with an internet connection can participate in the network without getting approval from any central authority. 

Because the very nature of Bitcoin and its offshoots implied some degree of disintermediation, many naturally believe it creates tension with traditional compliance frameworks, which expect regulated intermediaries, such as banks and financial institutions, to enforce legal and regulatory standards. Crypto could inaugurate an age of a global finance that is not tethered to national borders or regulations, which somehow feels like an arrival point for the globalization process I mentioned above.

While it’s true that anyone can decide to use a cryptocurrency without a bank or a government ID, the truth is that businesses need to comply with regulations if they want to operate in countries considered  world economic powers. Companies such as cryptocurrency exchanges, custodians, and ETF providers need to be compliant, just like any other company in the financial services industry. And the vast majority of people end up using these companies for their crypto-related activities.

Regulatory frameworks for crypto are beginning to emerge worldwide, with MiCa in the EU fully taking effect at the end of the year and U.S. policymakers discussing several bills that follow the EU’s approach. This will hopefully come as a relief for the hundreds of companies that have been struggling with regulatory uncertainty and lack of clarity. However, just like the traditional financial sector, these businesses would rather not have to constantly redesign their compliance department every time new policies are introduced.

Compliance by design.

Compliance by design, as its very name suggests, is a system inherently designed to meet an organization's regulatory obligations to the jurisdiction in which it operates. It entails proactively building compliance requirements in the design and development of systems, processes, and products before it’s final, so that they comply with relevant laws, regulations, and standards from the moment they are operational.

This has a number of benefits for an organization, since it can significantly reduce the costs associated with compliance, improve the overall experience for the user, decrease the risk of non-compliance and associated penalties, and better prepare them to adapt to a dynamic regulatory environment that is subject to frequent changes.

This is particularly important in the crypto industry, which has historically suffered from a lack of good user experience and novel onboarding methods, such as securing private keys as a list of 12 or 24 words. When you add compliance mechanisms on top of a complicated user experience, it becomes clear that it will be hard to onboard users beyond the most dedicated and technically savvy ones.

To fully understand the importance of compliance by design, and how this can be tightly connected to improved user experience and reduced costs, let’s talk about one of the most pressing issues in both traditional finance and crypto: fragmentation.

Interoperability as the key to compliance.

Do you remember the last time you opened a bank account? You probably had to physically go to a local branch with specific documentation so that a bank employee could submit all of your information to a sprawling compliance department. The best-case scenario is everything went smoothly, and you got through the process in a relatively short amount of time. But if you were missing certain documents, if you had a particular immigrant status, or if a simple mistake was made, it could have easily resulted in several days of waiting.

This is something that millions of people have to regularly experience with banks, financial institutions, financial technology applications, and, of course, crypto businesses. If you want to move from one bank to another or if you want to invest your savings with a specific broker, you will need to go through the same process over and over again. 

Even though significant progress has been made with open banking, the financial and banking industries are still highly fragmented and do not communicate with each other. It would be enough for you to authorize one of these companies to give a thumbs up to another and spare them (and us) the trouble of dealing with the burdensome side of compliance.

Improving compliance and the user experience in crypto.

More than banks and financial institutions, crypto is a hyper-fragmented industry that suffers from similar pain points. By adopting a compliance-by-design approach, crypto businesses (especially when they are not competitors) could begin talking to each other, thus cutting compliance-related costs while offering the user a much better and quicker experience. Thiscan be done immediately and greatly benefit small companies and startups with cost-cutting, while more established actors can streamline their processes.

Given the transparency of blockchain, compliance by design has additional strategic advantages in the crypto space. Companies that develop compliance as a feature in their products can establish trust with regulators, investors, and customers and implement processes such as real-time monitoring. 

Because the blockchain is an immutable ledger, producing records of all verifiable and tamper-proof transactions makes it easier to audit transactions through real-time shared data​. Taking this proactive stance helps mitigate the risk of non-compliance and creates a compliance-ready, straightforward approach that can greatly accommodate regulatory requirements such as the recently issued EBA Travel Rule Guidelines, which require crypto companies to register and track the movement of funds and communicate with authorities.

A lot has been said in the past about compliance in both the crypto and traditional finance sectors, but it’s time to shift our focus from chasing new regulations to being more proactive. Compliance by design should be a key framework guiding product development, as it anticipates regulatory actions. As technologists, builders, and entrepreneurs, we typically have the opportunity to act before policymakers, so we should use that advantage to ensure we get compliance right from the start. This proactive approach can help us build more robust and market-ready products, which ultimately benefit the entire industry.