The cryptocurrency industry has undergone a significant transformation regarding regulatory compliance, reflecting a broader recognition of the importance of governance in this rapidly evolving space. According to James Smith, co-founder of Elliptic, a leading crypto compliance firm, this shift has become especially palpable in recent years. Speaking at the Token2049 event, Smith remarked on how, in the early days of cryptocurrency, only a handful of companies took compliance seriously. “Coinbase was our first customer; they knew from the start that they wanted to build their business that way. But for most others, it just wasn’t a major priority,” he said.
However, the scenario began to change as regulatory bodies, particularly in New York State, started to take a more active interest in the cryptocurrency realm. This regulatory attention was further compounded by the involvement of traditional financial institutions like Fidelity and DBS Bank, which entered the crypto sector with established compliance frameworks in tow. For example, Fidelity launched its first crypto service for customers in 2019, while DBS established a digital exchange for accredited and institutional investors in 2020.
Reflecting on these developments, Smith pointed out, “We’ve seen a big change in the last couple of years. Exchanges on the global map all care about compliance now because they want to be part of a global ecosystem.” This evolution aligns with the growing pressure for crypto firms to adhere to Anti-Money Laundering (AML) standards and broader financial surveillance controls, particularly in light of recent high-profile hacks.
Compliance Challenges Highlighted by Recent Security Breaches
Crypto exchanges and peer-to-peer protocols remain central to compliance discussions, primarily because they often serve as critical touchpoints for AML regulations. Unfortunately, these platforms have also been frequent targets for sophisticated hacks. A recent example is the Bybit hack, where the infamous Lazarus Group executed a complex money laundering operation to conceal stolen funds.
During the Bybit incident, the hackers rapidly converted low-liquidity tokens into Ether (ETH) and then swapped them for Bitcoin (BTC) through no-KYC decentralized exchanges. Smith voiced concerns over the accessibility of such platforms, stating, “They went through some no KYC exchanges, which probably shouldn’t exist… we’re making it too easy for them as an industry.” Notably, even after firms flagged the compromised funds, users continued to trade them on decentralized platforms, raising questions about the safeguards in place.
Smith suggested that the cryptocurrency industry should re-evaluate its approach to liquidity provision on decentralized exchanges, positing, “Why was there so much liquidity available to help launder this money?” He emphasized that those providing liquidity should undergo basic checks on the source and destination of funds, thereby adding a layer of scrutiny that could deter illicit activities. “Go and look at who’s making money. That’s the first place to start putting some controls,” he advised.
The evolving landscape of cryptocurrency compliance highlights the industry’s dual challenges: securing robust regulatory frameworks while simultaneously enhancing the security of its platforms. As both the market and regulatory scrutiny continue to mature, the emphasis on compliance is likely to increase, shaping the future of the cryptocurrency environment.
