Opinion from Dr. Andreas Freund. 21 August 2024
TL/DR
There are platform options for DeFi protocols to combine regulatory compliance with out compromising decentralization. Utilizing blockchain know-how and cryptographic protocols, DeFi protocols can guarantee safe and clear transactions that meet regulatory requirements whereas sustaining person privateness. Such protocols implement compliance guidelines on digital belongings and their holders. Subsequently, they will present a strong and versatile system to assist DeFi protocols navigate the complicated regulatory panorama, contributing to a safer and extra dependable decentralized monetary ecosystem.
Introduction
Decentralized Finance (DeFi) has taken the monetary world by storm (at the least within the OpEd pages of Bloomberg and Fortune), providing a permissionless and clear different to conventional monetary establishments with a complete locked worth (TVL), as of this writing, of practically $100Bn. Nonetheless, this very decentralization creates a serious hurdle: compliance. In contrast to standard establishments with central management, DeFi protocols are sometimes ruled by self-executing code and lack a single entity accountable for imposing rules. This raises a vital query: how can these progressive protocols combine compliance guidelines into their DNA with out compromising their core rules of decentralization and autonomy? This problem lies on the coronary heart of DeFi’s future, as regulators grapple with discovering the proper stability between fostering innovation and defending customers since practically all of the ~ $100Bn in TVL and billions of {dollars} day by day trades on Decentralized Exchanges (DEXs) in keeping with DeFi Lama haven’t undergone any correct compliance checks. Sadly, and really not too long ago, regulators have resorted to authorized motion in opposition to the likes of Uniswap, Twister Money, and different DeFi protocols.
After thumbing their noses at regulators for a few years, the organizations constructing DeFi protocols at the moment are realizing two issues:
- The phrases decentralization and No-Management don’t defend in opposition to costly authorized actions.
- DeFi mass adoption requires higher UX and compliance enforcement — each monetary and knowledge privateness, and on the identical time.
Even when DeFi protocols wished to implement compliance checks instantly, it might not solely upset their greatest shopper’s apple carts however would require protocol rewrites. In different phrases, utterly new variations of the protocol with older variations nonetheless working with none compliance checks. That isn’t a tenable scenario, since, very seemingly, the foundations or DAOs governing DeFi protocols would nonetheless be held to account for non-compliant variations of their protocol since “sensible contracts are ceaselessly” — sure, Marilyn Monroe pun quote meant.
Fortunately there’s a manner ahead for these protocols. Leveraging blockchain-native compliance mechanisms – a mixture of sensible contracts, and blockchain-verifiable zero-knowledge proofs, representing assertions {that a} person and submitted asset transaction are compliant with the relevant legislation in a jurisdiction, yields a complete framework to make sure regulatory compliance, danger administration, and transaction reporting for any digital asset. The advised framework extends the work initially achieved by Azgad-Tromer et. al (2023) that mixes sturdy regulatory compliance actions with privateness safety, enabling, for instance, the creation of compliant variations of digital belongings that implement jurisdictional insurance policies whereas being privacy-preserving. The unique framework by Azgad-Tromer et al. preserves digital belongings’ financial worth and technological capabilities whereas guaranteeing that delicate info is selectively seen solely to licensed legislation enforcement authorities – Fincen, SEC, OFAC, and many others. This enhances the safety and integrity of digital asset transactions whereas sustaining privateness for respectable customers. Furthermore, the framework’s compatibility with various kinds of digital belongings comparable to fungible and non-fungible digital belongings makes it a flexible resolution.
In brief, the framework augments blockchains with extra details about actors’ identities and asset provenance in a privacy-preserving method and was first applied by Sealance. This progressive method permits the framework to deal with the challenges posed by the decentralized nature of digital belongings. Attaching Compliance-Related Auxiliary Info (CRAI) to transactions involving digital belongings in encrypted kind ensures that vital compliance knowledge, comparable to person identities, credentials, transaction historical past, and fund provenance, stays safe and tamper-proof – see FinCen steering on Anit-Cash-Laundering for example. The framework incorporates cryptographic protocols that may routinely implement compliance insurance policies assigned to digital belongings — what holders can and can’t do with such a digital asset — and digital asset holders — what belongings people can and can’t maintain and/or commerce. It may well additionally replace CRAI through the recording of transactions on the blockchain. This integration permits real-time compliance monitoring and reporting, enhancing transparency and accountability within the digital asset ecosystem.
Notice, that earlier work on this space was performed by Kaira et al. in 2021 for the case of a centrally managed Hedge Fund. Whereas complementary to this dialogue, it doesn’t contact on KYC/AML compliance, which is the central query we’re discussing on this paper.
Tips on how to make DeFi Protocols Regulatory Compliant
So how does such a framework function within the context of DeFi protocols, given that the majority belongings on these platforms are usually not natively regulatory compliant?
Fig. 1: Excessive-Stage DeFi (ZKP) Compliance Structure as an extension of Azgad-Tromer et al.
The important thing perception within the extension of the Azgad-Tromer et al. framework is {that a} sensible contract pockets used, for instance, in Account Abstraction (see EIP-4337) as a consultant of a number of Entity Owned Accounts (EOA) has considerably extra flexibility as a result of its programmability than an EOA. If a wise contract pockets is mixed with different sensible contracts that implement compliance guidelines and work together with a DeFi protocol we’ve all of the components we want. Consider a wise contract pockets as functionally equal to a conventional Dealer-Seller, a regulated and registered entity, that locations trades for his or her purchasers, and a DeFi protocol with a number of compliance imposing sensible contracts as a registered inventory or commodity alternate with its buying and selling and compliance features. Notice {that a} Dealer-Seller is a *registered entity* that could be a *authorized delegate* of a daily investor to position trades on the investor’s behalf and implement commerce compliance guidelines. The inventory alternate is one other *registered entity* – registered with regulatory authorities such because the SEC or Fincen – and its compliance and buying and selling features are separate by design — separation of issues is a big compliance rule.
With this analogy in thoughts, we will now assemble a regulatory-compliant DeFi protocol stack built-in with a compliance framework such because the one pioneered by Sealance by means of coverage supervisor contracts with related compliance insurance policies, and a compliance coverage and compliant account registry. Essentially the most easy implementation is thru “sensible contract hooks” in DeFi protocols as they permit customized compliance enforcement extensions to the protocol, for instance, Uniswap V4 or Seaport. Nonetheless, this doesn’t clear up the difficulty for DeFi protocols that should not have such capabilities; at present nonetheless the bulk.
There’s a common protected sample to work together with DeFi protocols that should not have contract hooks for compliance checks when a person receives a yield-bearing instrument such because the Compound yield token (YT) e.g. cDai. In our description under, we implicitly assume that DeFi protocol contracts such because the Uniswap Router or Place Supervisor are registered contracts such that the compliance coverage enforcement mechanism embedded in “compliant” belongings can determine them as compliant and never require a further zkp compliance assertion to be embedded with, for instance, a switch operate.
Fig. 2: Instance zkp-Compliance Stack utility with Unsiwap and compliant sensible contract pockets
A compliance-safe DeFi interplay sample is described under utilizing the instance of including liquidity to a Uniswap Liquidity Pool for specificity:
- A person (EOA) calls a DeFi Protocol compliance (wrapper, also called a logical abstraction) contract immediately or by means of the person’s Good Contract Pockets in an account abstraction situation.
Notice: the sensible contract pockets has already been given a Energy-Of-Lawyer certificates by means of an accepted KYC/AML supplier, comparable to a financial institution or an alternate. This certificates is utilized in the identical method as a real-world Energy-Of-Lawyer works; it marks the sensible contract pockets as in a position to make use of the zero-knowledge proof (zkp) assertions of compliance that the zk-based compliance platform creates for a person’s asset transactions. - The DeFi (wrapper) contract verifies the submitted zkp compliance assertions utilizing the zk-based compliance stack – a wise contract system see Fig 1 – routing compliance assertions within the type of zk-proofs to (compliance) coverage enforcement factors (PEP) – sensible contracts as a part of the zk compliance stack) the place proofs are verified and actions aka transactions are both allowed or denied. If the compliance checks are profitable, liquidity is added to a pool — both a pool of compliant or uncompliant belongings — on behalf of the person by the DeFi (wrapper) contract. Let’s assume for the next a compliant asset pool
- The DeFi compliance (wrapper) contract receives the YT and creates a compliant YT asset using one of many zkp assertions supplied by the person.
- The DeFi compliance (wrapper) contract then transfers the now compliant YT to the EOA or the sensible contract pockets — this additionally requires a zkp compliance assertion.
This prevents customers from buying and selling non-compliant YTs except the person manually unwraps the asset. Notice that every one the yield now accumulates to the compliant YT. A variant of this method is utilizing DeFi compliance library contracts with the identical performance as a compliance wrapper contract whereas not requiring…
