SEC enforcement threat driving KYC/AML implementation at decentralized exchanges

In a lengthy blog post, IDEX co-founder Alex Wearn revealed that all countries subject to US sanctions — like North Korea and Iran — are blocked from using the service, along with all jurisdictions — like New York and Washington State — that require a "BitLicense". Furthermore, all individuals using the service will now be subject to Know Your Customer (KYC) requirements.

Why KYC?

Launched just over a year ago, IDEX has won favour with traders by letting them keep control of their funds at all stages of the process; as all transactions are conducted through a user interface directly on the Ethereum blockchain.

This makes all activity on the exchange completely transparent — with open source code, fully auditable and censorship resistant. In addition, no single person or organisation (theoretically) can shutdown the exchange or prevent others from using it.

At least, that’s the promise of decentralization, but privacy and censorship resistance are ideals that can prove incompatible with KYC — which requires exchange customers to prove their identity before taking a trade. Many crypto purists, therefore, view the KYC/AML processes as not just tedious red tape, but also as an intrusive threat to the very principles of decentralization.

Even so, IDEX considers implementing KYC as critical, and according to Wearn’s blog post, the decision was made in light of a speech given last month by commissioner Brian Quintenz, of the Commodities Futures Trading Commission (CFTC). Quintenz suggested that even if smart contracts can’t themselves be probed by authorities, the developers of those smart contracts can still be held accountable.

In the speech, delivered at the 38th Annual GITEX Technology Week Conference, he suggests that "smart contract-based projects may still be subject to pressure from regulators" and that "smart contract developers can be held accountable for illegal activity if they could reasonably foresee, at the time they created the code, that it would likely be used by U.S. persons in a manner violative of regulations."

SEC "Cyber Unit" ramping up enforcement

Now just over a year old, the SEC’s specialist Cyber Unit appears to be driving much of the recent enforcement activity. Established in October 2017 the unit was set up to counter "misconduct perpetrated using the dark web" and "violations involving distributed ledger technology and initial coin offerings" amongst other things.

Decentralized exchanges fall within its mandate, and as recently as November 8th the agency announced it had charged EtherDelta founder Zachary Coburn, with operating "an unregistered national securities exchange." From the perspective of the agency, its 2017 DAO Report has given exchange operators plenty of notice as to how it was going to view exchanges trading digital assets – stating with regards to EtherDelta:

"Over an 18-month period, EtherDelta’s users executed more than 3.6 million orders for ERC20 tokens, including tokens that are securities under the federal securities laws. Almost all of the orders placed through EtherDelta’s platform were traded after the Commission issued its 2017 DAO Report, which concluded that certain digital assets, such as DAO tokens, were securities and that platforms that offered trading of these digital asset securities would be subject to the SEC’s requirement that exchanges register or operate pursuant to an exemption."

The parties quickly reached an agreement, however, with Coburn agreeing to pay $300,000 in disgorgement plus $13,000 in prejudgment interest and a $75,000 penalty.

The EtherDelta action followed the SEC shutting down the 1Broker exchange in late September and charging its founder Patrick Brunner with numerous securities violations – including not undertaking any KYC inquiries in relation to its users.

Pragmatic decentralization

To justify the KYC move for users of the platform, IDEX returns to one of the exchange’s founding principles —"pragmatic decentralization" — which as the blog post explains is a hybrid approach that recognises the various different ways decentralization can be defined, and combines blockchain with traditional centralized technologies: "[in reality] decentralization exists on a complicated, multi-faceted spectrum. […] and unless your system or application lacks any centralized parts it can be subject to regulation"

While IDEX might be more decentralised than Coinbase or Bitstamp, with a known team, a website, and an off-chain orderbook, the exchange is by no means "fully decentralized."

IDEX, therefore, is not a true DEX in its current state. "At this point the best way to describe IDEX is as a "non-custodial" or "hybrid-decentralized" exchange," says Wearn.

Using a combination of centralized and decentralized elements has proven successful for IDEX; helping the exchange overtake competitors like Etherdelta and Bancor, which both occupy slightly different positions on the decentralization spectrum.

If, as the blog post explores, the exchange was to become fully decentralized at this stage in its evolution, then it would likely be almost unusable: placing and canceling orders would be slow; there would be no customer support; and users would have to download a client from a P2P system instead of visiting a website.

Until the decentralized infrastructure is fully developed, however, the centralized components necessary for efficient operation also make the exchange vulnerable to enforcement. So while IDEX’s decision to appease the authorities might be seen as surrender, it is justified by Wearn as "necessary for the long-term success of IDEX and all those who support it."

At ERC dEX CEO David Aktary says exchange operators should get the message that the "SEC is taking all crypto-securities (registered and unregistered) trade seriously and everyone should get in line." For his part, he says ERC dEX have actively been in the process of implementing KYC and AML for some time.

"We have partnered with a FINRA-registered Broker-Dealer/ATS to be able to list securities compliantly," he says. "Many of our competitors believe that because they’re non-custodial, they are immune to enforcement. I think the action against EtherDelta proves that position wrong."

KYC and AML — good for business?

On a positive note, Wearn suggests that providing KYC compliance will allow IDEX to accommodate large crypto funds wishing to trade on the platform; creating more liquid markets that benefit all users of the exchange. Aktary agrees that compliance policies will open up the market to a larger pool of players.

"Many, if not most, institutional funds will simply not use a platform that is not compliant because those funds have their own compliance policies to adhere to," he says. "They also have limited partners that they need to be able to assure they’re not trading with bad actors. That can’t happen without the assurance that their counterparties have all been through KYC/AML. What’s exciting about this is that implementing KYC/AML means a whole new swath of large liquidity pools can form in the DEX space that we haven’t seen yet."