“New FATF regulations will bite next year” NexChange Interview Series with Adam Vaziri, CEO of Blockpass, Part 1


Sign up for Block O2O event “STO: Blockchain Powered Next-level Fintech” on Nov 5th 2019 and get to listen to Adam and Blockpass team’s vision of STO operational hurdles and solution – in person!

Olga Yaroshevsky: Blockpass has quite a fruitful year – in terms of partnerships. I’m talking about partnerships with Waves, Polymath, with OAX foundation to provide compliance solutions. 

Adam Vaziri: Blockpass is a platform for identity verification. We provide a toolkit for any startup or established business to verify users in a very fast and highly professional manner. It doesn’t require intervening with Blockpass itself, they can just sign up from a website, create an account, add credentials that they want to collect from their users. On the one hand, it’s very scalable software-as-a-service model, but on the other hand, we do have strategic partnerships. And those partnerships are, when you have for example a blockchain such as Waves that wants to introduce on their own blockchain an identity verification component. Because blockchains themselves don’t have an identity. Yes, you have a cryptocurrency address, but it’s not necessarily linked to a real-world identity. 

Richard Brown said: no one knows on bitcoin if you’re dealing with a fridge. It could be an IoT behind that address, it could be a human, or a company, or anything. So what Blockpass does, it links an identity of a person to a cryptocurrency address. 

It’s provided as a service strategic partnership with other blockchains. You mentioned Waves, that’s one of them. Polymath is more about individuals who want to invest in security tokens. They have to go through KYC with the issuer of the security token, and in order to do that, imagine you want to buy an IBM stock, and then to buy a stock from another company.

 With a security token, because you have a direct connection to the issuer, you have to do KYC with each one of the issuers. Whereas with Blockpass a user has to do it once, and then connect to the different issuers of security tokens with their identity. 

It removes essentially the duplicative process.

OY: Why do you think it’s important to stick to KYC rules when operating with STOs in the year 2019? With blockchain, or digital assets management? Why is important to make sure that there’s an actual person behind that person, or that account?

AV: A security token is a cryptocurrency asset that is regulated. It could come in many different forms. If a form is a share of a company, then shares of the company are registered. If I transfer a share from me to you, then a company needs to register your name, you need to be identified with an issuer of that share. Just because it’s in a digital form doesn’t change that requirement. And that is the case in many countries in the world. Only a few countries that accept a notion of what is known as a bearer share, where if I pass you a piece of paper you become de facto owner of that share. But for the most part, over 95% of all cases, a person who receives a share needs to be identified with an issuer. 
So, what level of identification is required? Issuers of shares are not regulated per se, if they are not a regulated financial service provider then they would not be subject to the same AML rules. For example as a platform that provides services such as a brokerage, but nonetheless they have to identify who is on their share register. That’s a corporate law requirement. 

Identification, when you have a token that crosses borders, obviously can not be done in person. It has to be a digital process of identification. Blockcpass basically alleviates that burden by giving a user, a recipient of a security token a very easy way of getting verified with the issuer, in order to receive that token and transfer to other people. 

There are of course other variations of security tokens, but for the most part these are registered assets. 

OY: Are there any crucial differences between various crypto and fintech related industries when it comes to compliance? Or is it just basic Proof of ID, of address, of funds etc?

AV: Anti-money laundering legislation is homogenous, but how it is applied in different industries varies. And that’s because AML is based on a principle of taking a risk-based approach. 

If in one industry you have a particular risk, then that is where you need to target your effort as a regulated company. 

For example, if in a pre-paid card industry pre-paid cards are used to fund terrorism for whatever reason, because the typology of that business attract terrorists to use that form of storing value, then that is a particular risk for that particular industry. And so they have to mitigate that risk, in measures co counteract with people using it and who are terrorists. 

In another industry, for example in cryptocurrency, it is alleged that cryptocurrency, because it has a better quality, in other words you can transfer it freely across borders, that it may attract the laundering of funds. Therefore regulated businesses that are interacting with those cryptocurrencies, need to spend a little bit more time identifying where those cryptocurrencies have come from. WIth the banking industry, because you have transactions that are happening between registered accounts, when a bank wants to check the source of funds of one of its customers it can establish that quite easily. Because the account is in the name of that person, and funds that are entering into that account, they are somewhat traceable, so you can see if this is a salary payment, or these are dividends that I received from my share accounts. In some respect, it is a lot easier to determine the source of funds of a particular customer. 

Whereas with cryptocurrency, because there is no such thing as registered cryptocurrency account – well, of course you can register an account within an exchange where they will store cryptocurrency for you, but even there you can’t really determine whether the funds are whether these funds are actually from a person the customer is saying is from. They say it’s from a salary payment, but that may not be the case. The result is that the regulated person now needs to look on the blockchain to determine the level of risk associated with the transactions that they’re receiving. Every industry has a different risk profile. AML walls are homogenous, and the legislation, and penalties, but the application of that legislation is on a risk-based approach, and changes according to each industry. 

OY: But still, 70 to 90 percent of money being laundered are actually laundered in cash, not in crypto.

AV: Cash is the first and the most pervasive bearer instrument in the world. If I take up one dollar, hand out a physical note to you, then you are a de-facto owner of that dollar. All you need to do to move value from one side of the world to the other is get a truck and drive it, with US dollars in it. That is of course the most prevalent form of money laundering, due to how ubiquitous the US dollar is, how ubiquitous cash is and how easy it is to be received. Not everyone is willing to accept bitcoin, but most people in the world are willing to accept US dollars.

OY: Is there even a KYC standard for fintech and blockchain-related companies?

AV: As I’ve mentioned previously, Know Your Customer derives from AML legislation, which is talking about the identification of customers and the verification of the information provided by the customers. That legislation comes from a body called the Financial Action Task Force, they determine policy at a supernational level, and then each country puts in place the legislation. It’s a notion of identifying provision of information from the customer and then verifying it against independent reliable sources, that derives directly from policy and legislation. 

So, is there a KYC standard – yes, there is, it is written down black and white. But, as it is not prescriptive, it is not saying how you should verify the information provided by a customer, not saying how that should be done. Every country may have a somewhat different interpretation of how that should be done. The legislation is not trying to be prescriptive, because the technology can change. 

The way we identify and verify people may change over time and according to each country as well. You find that there are industry trends that are becoming more and more acceptable.

The most regulated industry is perhaps banking, it has the tightest regulation when it comes to onboarding customers. In most countries there is a requirement to actually meet with your customer in person. Which sounds in my mind completely crazy, because people can consume financial services across borders now. How do they meet a banker? They don’t probably have a banker. This notion isn’t really in synch with modern life. But that said, the way that banks are modernising the onboarding is to allow for the meeting to take place, but that that is done over video. In a way it’s opening up banking to people that are not able to go and meet with a banker in person. And also, they don’t have to rely upon branches. Bank branches is a very antiquated system. If you look at banks today, they don’t have branches at all.

On the side of banking it’s one thing, but on the other side there are non-banking businesses, such as gaming, of course crypto, any kind of forex, any kind of online based financial services. For those services any process of identification and verification is a lot more flexible.

They are already very much accepting remote onboarding. For me security tokens, cryptocurrencies it won’t be this notional, like meetings in person, everything will be done via technology. And that’s what Blockpass is built for – for that new industry that requires a lot more technology in order to access and communicate and authenticate their customers. 

Trend towards increased regulation is going to happen, but in order to mitigate that trend, is to provide low-cost high quality verification. That’s what Blockpass is.

OY: Speaking of flexibility. Why do you think 70% of crypto exchanges are still negligent to KYC? Does it affect the market? 

AV: When I started back in 2013 as a lawyer in crypto, there were no regulations, there was a FINCEN directive on how the virtual currencies exchanges would fall under the Banking Secrecy Act. But apart from that there was no real application of law to cryptocurrency businesses. And so in that absence of regulation a lot of businesses emerged. 

Cryptocurrency exchanges for quite a long period of time had a lot of flexibility about how to conduct their business. Now it’s no longer the case, because four years later FATF has put forward a directive, which will come into place by next year, which will mandate that every cryptocurrency exchange, anyone who is in the business of trading cryptocurrency, that they would need to be registered and to apply AML regulations. 

If there are 20, 30, 40 thousand cryptocurrency exchanges in the business currently in the world, I’m sure there’s more, all of those will fall under that set of regulation and that policy. Once the FATF has come out with the directive every of 150 countries underneath it has to put it in place. 

The fact that today some cryptocurrency exchanges consider that they can still be flexible around the application of AML regulations is just because those regulations have not bitten yet, and they will bite next year. At that point this notion of flexibility will kind of dissipate and everyone will accept that new status quo for all cryptocurrency businesses.