While the vision for a decentralized Web3 and decentralized finance (DeFi) stirs up buzz and offers multiple growth opportunities, it needs attention in one critical area – security.
Web3 potentially can compete or even replace corporations with decentralized, internet-based organizations governed by software protocols and the votes of token holders. Apart from recording transfers of digital coins, blockchain networks such as Ethereum and others are proving useful in its ability to generate contracts and control how software and apps work.
Additionally, the volume of decentralized applications (dapps) is growing. A “DApp” is an app created on a decentralized network that uses a smart contract and a frontend user interface. Already, there are nearly 9,000 active dapps comprising of Crypto trading platforms and games – and the space has yet to reach its inflection point.
So how do we secure and regulate all this?
A New Stomping Ground for Financial Crime
Financial crime has found a new avenue with the increasing use of cryptocurrency. Cryptocurrency-based offenses hit an all-time high of $14 billion in 2021 – and fraud is already the dominant cryptocurrency crime, followed by theft.
Decentralized finance (DeFi) is the up-and-coming threat for fraud and money laundering based on blockchain technology. In fact, DeFi hacks and fraud are on the rise, as shown below, with DeFi-related hacks seeing a 2.7x increase in 2021 from 2020.
Regulators raise concerns about DeFi apps that exchange currencies with no due diligence, identity, or AML checks. And the SEC, Commodity Futures Trading Commission (CFTC), and IRS have all started asserting regulatory control in the space.
For example, the CFTC has the authority to regulate Crypto as a commodity, and the IRS has stated that cryptocurrency investments will be treated like any other assets for tax purposes. Moreover, FinCEN has enforced anti-money laundering (AML) rules more. A case in point for authorities cracking down is the infamous "Crocodile of Wall Street" and her partner, who has been charged in NYC for trying to launder 4.5BN in Crypto.
Why Should We Care?
Aside from the fraud losses and penalties associated with financial crime, what happens behind the scenes of money laundering is very harrowing. From human trafficking, terrorist financing, to illicit drug trades, money laundering can fund tragic realities which we often do not want to think about. If you do not like any of the aforementioned, you should care about AML and how it is currently a mess.
AML rules are frighteningly ineffective at preventing and detecting financial crime. At best, they are rudimentary, do not account for various scenarios and organizations, and are difficult to change. Compliance alert systems based on standard regulatory technology trigger thousands of false positives every day. With false-positive rates sometimes exceeding 95%, something is very broken with traditional processes and rules.
These false alarms must be reviewed by a compliance officer. In fixed, rules-based AML and fraud models, the simpleness leads to many false positives that disguise actual illegitimate activity. Therefore, It is no surprise that more than 90% of laundered money in the world goes undetected.
Such rules and assumptions are often tricky and time-consuming to change in incumbent systems and, as a result, provide a limited foundation for anomaly detection. Moreover, incumbent solutions have a narrow view of transaction trails, whereas several non-monetary data streams such as user behaviors and entities may provide helpful context.
A solution lies in looking at the overall activity around transactions and dynamically changing and adjusting rules in response to threats. Everyone trying to build a Web3 strategy should also be concerned about fraud and money laundering in decentralized channels. Interestingly, it is easier to monitor transactions in Web3 networks.
Misconceptions Around Crypto and Web3
Many observers argue that there will be more crime in Web3 networks because individuals and businesses are anonymous. This is not entirely correct.
Web3 brings pseudonymity and transparency. People can track activity in real-time to see what's happening in these networks. In Crypto, you might not know a bad actor's name, but you can see them and their activity via services such as Pocket Network, Etherscan and other data monitoring platforms that enable tracking.
Crypto can be valuable at detecting fraud and money laundering at a network level. That is because every network and every transaction is shared and is a public record. Each coin transaction or NFT trade is published and searchable. Crypto forensics services such as Chainalysis use this public data to follow activity and transactions across entire networks.
As mentioned, pseudonymity is not anonymity, and with the right solutions we can monitor and detect anomalous or bad behavior.
Follow the Activity, Not the Rails
With AML being broken, we can actually drive change.
New Fintech solutions are already simplifying identifying and addressing financial crime. For example, platforms such as Unit21 and others bring unprecedented control and visibility into existing structures and rule sets. In addition, data storage and analytics has developed and helped made organizations work with consistent and better data.
This data can point towards patterns and anomalous activities when it is up-to-date and brought together. And we can tap into this data in Web3 systems - especially if we deploy new and intelligent transaction monitoring rules.
By design, you can see all activity and exchanges in decentralized networks. In Web3, you can watch crime as it happens. Yes, you will not know who's doing it, but you can follow the money. By following the money, teams can see what entities bad actors interact with to identify them eventually.
In following the trail of transactions, law enforcement has found criminals at exchanges in which they ultimately have to cash out on their funds. This is how Crypto is regulated today – any centralized body must identify individuals transacting with them. Learn how to keep your crypto exchange safe from fraud.
Regulators and law enforcement can find criminals in Web3 networks by watching for interactions with the existing systems. Fintech insider podcast host Simon Taylor stated, "We need to regulate the activity, not the rail or the software."
Activity monitoring is a crucial exercise risk and compliance teams will have to undertake to protect their business and users. As Web3 scams and fraud become more common, organizations will need to help authorities with enforcement. Having tools that provide visibility and control over rules in monitoring activity will be essential, making Regtech an ideal solution for crypto.
Web3 technologies will see increasing adoption by businesses, governments, and different users to be watched and regulated. However, it provides a conducive environment for monitoring and catching illicit activity. Therefore, it is crucial to understand how we can use these networks for visibility and control to pre-empt financial crimes and any inhumane actions they are enabling.