KYC, Identity Controls Might Reshape DeFi by Allowing Regulated Entitites to Participate: Report

The team at Alloy, which specializes in identity verification APIs that make KYC/AML “effective and simple,” has looked into how DeFi has evolved into a “major” sector of crypto without running KYC or AML checks on users.

The Alloy team members have looked at “Permissioned DeFi”—a collective effort “to bring DeFi in line with financial industry-standard identity verification practices.”

If the activities of DeFi (lending, borrowing, trading, etc.) mirror traditional financial services, then the market opportunities “might also mirror what we see in TradFi.”

The Alloy team further noted that if we wanted to map the opportunities presented by Permissioned DeFi onto a familiar model, it might look like the following.

  • B2B—Institutions using DeFi protocols
  • B2C—End-users using DeFi protocols
  • B2B2C—Institutions offering protocol-enabled services to end-users

According to Alloy, here is how “permissioned” DeFi could unlock growth along each of these axes:

B2B—Institutions using DeFi protocols

If regulators haven’t joined the DeFi party yet, “you won’t see compliance-minded institutional investors there either.”

At least “not without a designated driver,” the Alloy team writes in a blog post.

Enter Aave. The DeFi protocol “launched what they call “the first permissioned decentralized liquidity protocol”—called Aave Arc—in January 2022.”

As explained in the update, it is “a new pool, separate from Aave’s other products, that focuses on Bitcoin, Ethereum, the stablecoin USDC, and the Aave token.”

At present, the protocol partners with digital asset specialists Fireblocks (although other partners are under consideration) “to perform due diligence on institutions.”

Once an institution is whitelisted by Fireblocks, they’re “authorized to use the Aave Arc liquidity pools.”

By some measures, Aave “hosts the most value of any DeFi protocol, potentially making them a natural first partner for institutions.”

But a single protocol with a single whitelisting partner “isn’t necessarily in the spirit of DeFi.”

Alloy’s blog post also noted that Aave Arc is “a parallel, permissioned system for institutions, which is by design segregated from the rest of DeFi.”

The update also mentioned that “permissioning the broader existing DeFi landscape would require actually running checks on end users.”

So the real question might be: “who should run those checks? And how would they be compensated for the effort?”

B2C—Users using DeFi protocols

As it stands, DeFi “isn’t short on volume.”

Remember how hot NFTs were last year? The NFT market “saw total sales of $17.6 billion in 2021.”

By comparison, DEXs—the DeFi equivalent of exchanges—”saw over $1 trillion in trading volume in the same year.”

The update also mentioned:

“To 10x that $1T with haste (which would place global DeFi at roughly 25% of U.S. stock market volume), DeFi will need to maintain a positive footing with regulators. The SEC has taken action against crypto in the last year—fining crypto lending firm BlockFi for $100M, for example—and Uniswap, one of the biggest DeFi protocols, is allegedly facing an SEC probe. (SEC Commissioner Caroline Crenshaw wrote in 2021).”

DeFi participants’ current “buyer beware” approach “is not an adequate foundation on which to build reimagined financial markets.”

The blog post from Alloy also noted that “without a common set of conduct expectations, and a functional system to enforce those principles, markets tend toward corruption, marked by fraud, self-dealing, cartel-like activity, and information asymmetries.”

A viable defense could be “for DeFi protocols to add a KYC, AML, and identity layer to their existing products.”

But there are “other mechanics at play.”

The blog post further noted:

“If Uniswap, for instance, added an identity layer, it’s likely that a significant portion of their user base would migrate to a competitor. And competition is fierce. In fact, Uniswap sought a business source license to keep copycats from forking its new V3 product, which marked a departure from most of DeFi (which is largely open-source).”

The update also mentioned:

“Copyright controls are now on the table. So why not identity controls? It’s already happening in some places—Yuga Labs (of Bored Ape fame) required a KYC check for its latest NFT project. If regulatory scrutiny mounts, we could see the emergence of a KYC-compliant DeFi market for users in less crypto-friendly jurisdictions. Protocols want to keep growing, but don’t want to be caught offside in the event of a crackdown.”

B2B2C—Institutions offering protocol-enabled services to users

What if there was a way to take advantage of institutional competency in KYC, AML and compliance “while granting end users access to all of DeFi?”

If individual protocols don’t want to perform KYC checks on users, “an identity layer could be introduced at the point of wallet creation.”

“Wallet” in this case “refers to self-custody services like Metamask or Coinbase Wallet, which let users interact with the blockchain while keeping total control of their assets,” the Alloy team explained.

As noted in the update:

“Currently, wallet activity is transparent, but individual wallets are pseudonymous. In other words, anyone can see what a given wallet is doing, but no one can see who owns that wallet.”

The blog post also mentioned:

“Curiously, Coinbase requires KYC for its brokerage product but not for Coinbase wallet (which we tested by spinning up a fresh one). A feature exists allowing users to link their brokerage account to their wallet, which presumably attaches the user’s brokerage credentials to the wallet they’re using. So a user who’s gone through this process is in effect using Permissioned DeFi.”

The update further noted:

“Alternatively, institutions could follow the “CeFi” model pioneered by the likes of Celsius, BlockFi, and These firms offer an easy-to-use frontend where users can deposit and earn interest on cryptocurrency. On the backend, the firms use those deposits to issue complex DeFi loans, which generate yield. For instance, a 10% yield (which is commonplace in DeFi) allows a firm to offer 6% interest to depositors with a ~4% margin. This is called net interest margin or NIM, and it’s how commercial banks make money.”

In a nutshell: “CeFi = Banks of DeFi.”

And like banks, CeFi platforms “require users to pass KYC and AML checks.”

But If NIM is what commercial banks do best, “why aren’t they jumping into CeFi? Simply put, regulators have been hawkish.”

In response to the SEC’s action against BlockFi in February 2022, CeFi “providers were forced to halt onboarding new U.S.-based customers, and as of today, we have yet to see a regulated crypto yield product make it to market.”

According to the update from Alloy, it will “take time for the regulatory dust to settle around these products, and until then, institutions have no way to assess the risk of offering them to users.”

KYC and other identity controls “could reshape DeFi as we know it by allowing regulated entities to participate, both directly and as intermediaries.”

If that’s what the space needs, then “an identity layer may be the right solution.”

Sponsored Links by DQ Promote



Send this to a friend