China's Web3 entrepreneurship needs to pay attention to KYT, KYC, and anti-money laundering

Author: Shao Shiwei, Mankun Blockchain

Money laundering can be referred to as the pocket crime of the Web3 industry. Due to the anonymous nature of transactions, it is difficult to trace the legitimacy of each transaction's source in exchanges and cryptocurrency wallets. Additionally, since transactions are not limited by geography, the customer base may be spread across the globe. Like the traditional financial industry, this is also an industry closest to money. Therefore, in future anti-money laundering regulations, Web3 industry entrepreneurs will be held to higher responsibilities and obligations compared to other industries. Once business activities are deemed criminal by a certain country, possible consequences include but are not limited to paying hefty fines, criminal penalties for the actual controllers, and being ordered to exit the market of that country. Thus, establishing an effective anti-money laundering internal control system and fulfilling legal obligations is an important issue that Web3 entrepreneurs need to prioritize. Specific work can be developed from the following aspects:

Customer Identity Verification (KYC)

To many, this seems contradictory: blockchain is decentralized, yet it requires real-name registration. Therefore, it is necessary to have a correct understanding of decentralization. The concept of decentralization in blockchain does not mean the complete elimination of all centers, but rather emphasizes fairness and freedom among various centers. This form of decentralization aims to promote equity and prevent a minority from controlling the entire system. Blockchain technology does not reject regulation; rather, it can facilitate regulation. Absolute anonymity only fosters the darker sides of human nature. If absolute anonymity exists in the web domain, it will exacerbate money laundering crimes.

With the continuous push from governments and financial regulatory bodies around the world, KYC (Know Your Customer) and anti-money laundering (AML) have gradually become rules that must be enforced in the Web3 industry, especially in virtual currency exchanges. Through KYC, exchanges can grasp the true identities of users, allowing them to directly locate users in case of transaction risks or other issues, which is beneficial for combating crime and protecting user asset security.

For domestic Web3 startups, according to the "Cybersecurity Law," "Regulations on the Management of Blockchain Information Services," and other laws, real-name verification of users is required. For example, NFT digital collectibles platforms and Web3 gaming platforms that involve financial transactions and withdrawals are advised to use mobile phone numbers + verification codes + ID cards + bank cards + facial recognition monitoring for real-name verification.

Mainstream virtual currency trading platforms, such as OKEx and Binance, also require users to undergo real-name verification. In July 2022, Celsius Network, one of the largest crypto lending platforms globally, announced that it had filed for bankruptcy under Chapter 11 in the U.S. Bankruptcy Court for the Southern District of New York (see image below).

The bankruptcy filing submitted to the court detailed Celsius's financial status, main business, creditor list, and reasons for filing for bankruptcy. When this data is made public, it can link users' identities to their corresponding on-chain transactions. Sacrificing anonymity can better protect the basic rights and interests of the vast user base.

Customer Due Diligence

An important aspect of the "Anti-Money Laundering Law of the People's Republic of China (Revised Draft)" is to require anti-money laundering obligated entities to shift from a "rules-based" approach to a "risk-based" approach. The "risk-based" approach is a regulatory system established by the Financial Action Task Force (FATF) in its 2012 "FATF's New 40 Recommendations." Therefore, the anti-money laundering efforts of Web3 projects must also achieve "substantive compliance."

KYC only fulfills the formal review obligation. To achieve substantive compliance review, many additional review tasks are necessary. For example, according to Notification 924, "Overseas virtual currency exchanges providing services to residents in our country via the internet also constitute illegal financial activities." If a foreign virtual currency trading platform provides USDT to USD exchange services for a client company without understanding the ownership structure, actual controllers, funding sources, transaction backgrounds, and purposes of the client company, it could easily become a "tool" for the client company to engage in disguised foreign exchange trading, tax evasion, or other illegal transactions. The corresponding consequences may include facing accusations from relevant national regulatory authorities.

Only through comprehensive and multi-dimensional due diligence can platforms truly understand customers' real identities, the legality of funding sources, and the legitimacy of transaction purposes, thereby effectively mitigating their legal risks.

Customer Transaction Monitoring (KYT)

KYC focuses on the static identity of platform customers, while KYT (Know Your Transaction) emphasizes monitoring the dynamic transaction processes of customers.

As a deepening and supplement to KYC, KYT can conduct real-time monitoring of transactions within the platform (e.g., frequent or short-term changes of IP addresses used for transactions; issuing transaction instructions from potentially high-risk IP addresses; buying and selling virtual assets without clear purposes, or transactions that appear unusual in nature, scale, or frequency, etc.). By conducting comprehensive risk quantification and statistical analysis of transactions and addresses, platforms can fully grasp the transaction risk situations of addresses. This risk assessment helps platforms quickly identify suspicious or abnormal behavior patterns, effectively preventing and responding to potential money laundering, fraud, gambling, and other illegal activities. Once these potential risks are identified, exchanges can swiftly take corresponding measures, such as issuing warnings, temporarily freezing funds, or reporting to relevant authorities, to ensure transaction compliance and security.

For example, when DeFi projects engage in investment and lending activities, they can use KYT to assess the authenticity, value, and liquidity of assets. This prevents assets from being tampered with, forged, or improperly manipulated, thereby safeguarding investors' legitimate rights and maintaining trust in the market.

Additionally, Web3 wallet projects, while striving to provide customers with a smoother cross-chain transfer experience, also face risks of potential security issues during cross-chain transfers, such as asset loss or malicious hijacking. KYT technology can monitor every step of the cross-chain transfer process, and the historical records and statuses of each transfer transaction can be traced.

Establishing an Internal Control System

Platforms need to conduct regular compliance training for employees, helping them understand the harms of money laundering activities and how to identify them, thereby enhancing employees' awareness of anti-money laundering compliance and encouraging them to actively report suspicious activities and participate in anti-money laundering efforts.

Internally, platforms should establish a sound internal control system to ensure that anti-money laundering policies and measures are effectively implemented. Additionally, regular compliance audits can timely assess the effectiveness and compliance of the platform's anti-money laundering efforts.

Reporting System for Large and Suspicious Transactions

Based on KYC, KYT, and related due diligence, Web3 platforms or projects must strengthen technical measures to enhance their ability to monitor and analyze abnormal transactions. For transactions that exceed preset thresholds or exhibit unusual characteristics, in-depth suspicious transaction analyses should be conducted, and if necessary, reports should be made to anti-money laundering regulatory authorities while cooperating with relevant departments in investigating and addressing money laundering criminal activities.

Compliance with Local Policies and Regulations

Although virtual currencies have the characteristics of decentralization and the convenience of cross-border transactions, the users served by Web3 platforms belong to their respective countries. Therefore, if a Web3 platform provides services to users in a certain region, it is essential to be familiar with and comply with local laws, regulations, and regulatory policies.

For example, regarding users' gambling income, can the platform provide virtual currency exchange services? This requires understanding local laws related to gambling (e.g., there are licensed legal gambling platforms in the Philippines, but there are also many illegal gambling operators) and whether there are relevant policies and regulations regarding virtual currency transactions in the Philippines.

Maintaining Close Contact with Anti-Money Laundering Regulatory Authorities

Web3 platforms need to maintain good communication and cooperation with regulatory authorities in the regions they serve to understand the latest money laundering trends and regulatory requirements, the local government's attitude towards platform operations and virtual currency transactions, and to obtain necessary support and guidance.

For instance, on November 21, 2023, Binance CEO Changpeng Zhao signed a plea agreement with the U.S. Department of Justice. The plea agreement mentioned that as a money services business (MSB) operating in the U.S., Binance had not applied for an MSB license from the Financial Crimes Enforcement Network (FinCEN) of the U.S. Department of the Treasury. The U.S. Department of Justice believes that as the CEO and daily manager of Binance, Zhao willfully failed to conduct effective transaction monitoring for a considerable period, allowing Binance not to implement effective customer identification (KYC) and anti-money laundering (AML) measures. As a result, Binance failed to effectively restrict U.S. users from trading with users from regions sanctioned by the U.S., such as Iran and Cuba, earning substantial fees in the process.

Seeking Guidance and Assistance from Professional Institutions to Enhance the Platform's Anti-Money Laundering Capabilities

Web3 platforms can collaborate with professional blockchain security companies, on-chain analysis firms, and other third-party technology companies to audit trading platforms, wallets, smart contracts, and on-chain fund security, and to technically prevent and intercept hacker attacks, avoiding the platform becoming a tool for on-chain money laundering.

Web3 platforms can also work with law firms, consulting firms, and other third-party service companies to help the platform understand local regulatory policies, clarify the negative list for conducting business locally; streamline platform operations, maintain smooth communication with regulatory authorities, and establish an anti-money laundering compliance internal control system that meets local regulatory requirements, fostering a compliance culture; while also helping business personnel accurately assess business risks, effectively identify high-risk customers and high-risk transactions, and mitigate potential legal liabilities, economic or reputational losses, and other negative impacts arising from anti-money laundering risks during operations.

Conclusion

Web3, based on its blockchain technology, is sweeping the globe with its characteristics of decentralization and privacy protection, attracting a large number of entrepreneurs and users, and its application scenarios are rapidly expanding and enriching.

Statistics show that there are over 100,000 decentralized applications globally using Web3 technology. Industry predictions suggest that by 2025, Web3 may become the core of the global digital economy. However, as this market expands, it has also attracted the influx of criminals, leading to the infiltration of traditional crimes such as fraud and money laundering into the Web3 domain, posing significant security risks. Exchanges, digital wallets, cross-chain bridge technologies, DeFi, NFTs, and mixers can all serve as tools for criminals to launder money.

Moreover, given that the service targets of the Web3 industry are global, and the understanding and perception of Web3, blockchain, and virtual currency transactions vary across different countries and even within the same country, along with the somewhat "long-arm jurisdiction" characteristics of criminal justice in various countries, Web3 entrepreneurs face a crucial task: continuously tracking and updating the relevant latest regulatory policies in their service areas to ensure compliance and adaptability in their business operations.

In summary, the anti-money laundering compliance challenges faced by the Web3 sector remain severe. Both domestic and international Web3 entrepreneurs are confronted with stringent regulatory red lines, broad judicial jurisdiction provisions, unpredictable legal risks, and unforeseen black swan events. In addition to the practitioners, compliance in the Web3 industry requires collaborative efforts from legal, technical, and policy perspectives. Only through joint efforts can the Web3 industry promote healthy, compliant, and sustainable development.