What Do You Actually Mean When You Say “Blockchain Compliance”

Solidus Labs
July 16, 2018

Blockchain compliance means different things in different contexts. Here’s a basic guide to some of the key issues comprising the compliance conversation. Did we miss something? Let us know

If you follow developments in the blockchain and crypto spaces, you must have noticed the words “blockchain” and “compliance” appearing side by side more often.

That’s a little surprising. After all, many see blockchain and compliance as contradictory terms. Blockchain’s most recognizable application to date, cryptocurrencies, still generate discomfort in institutional and traditional finance circles. Investors see them as a promising yet unregulated, speculative and manipulation-ridden class of assets — far from the safety of compliance. At the same time, legislators and regulators are still just getting to know the space. How can anything be compliant, when there’s no regulation to comply with?

Nonetheless, the industry is maturing by the day and its leaders are thinking and debating what would compliance mean when regulation does catch up. This important discussion can get a little confusing, with “blockchain compliance” meaning different things in different contexts.

In this post, we try to help organize the conversation by listing and explaining some of the main issues comprising the blockchain compliance conversation. Since the issue in question is new and dynamic (like more or less anything crypto or blockchain), the list is a work in progress. If you think of important additions — we’d love to hear from you.

  1. Blockchain as a Tool for Non-Blockchain Compliance

This first category is tricky, because it isn’t about making blockchain compliant, it’s about using blockchain to improve traditional compliance (and in the process disrupt a global industry projected to be worth $64.61 billion by 2025).

Many believe blockchain’s outstanding ability to record transactions immutably in a distributed database can streamline compliance systems. As Chami Akhamimana writes, “the use of blockchain would significantly improve an organization’s ability to resolve compliance issues, react to new regulatory and compliance obligations and address internal audit requirements.”

That’s a big deal. If blockchain solutions are able to ameliorate the high cost — according to McKinsey, sometimes as high as 10–15% of HR expenses for financial institutions — they can completely change the compliance game. And that’s just the beginning. There are many other ways blockchain can enhance compliance, as Cliff Moyce explains in this Corporate Compliance Insight piece.

2. Blockchain and Crypto Regulation

Moving on to actual compliance for blockchain-based applications. Or more specifically, the necessary backdrop for compliance — regulation. The ability to be compliant depends on a legal framework, translated to regulatory requirements. Regulation is therefore an innate part of the blockchain and crypto compliance discussion.

The SEC Headquarters in Washington, DC. Immense interest, but no conclusive regulation yet.

For the moment, with regulators demonstrating immense interest but in practice only making intermittent and inconclusive statements on key questions, like whether ICOs, Etherum and Bitcoin are securities, there’s still a long way to go. While the industry is asking more compliance clarity from regulators, and regulators are asking more due diligence from blockchain innovators, we’re in an interim state of chicken or the egg. If you’re interested, read more about our analysis and suggestions for both sides in this piece.

3. KYC, AML and CFT

Know Your Customer and Anti-Money Laundering are two important components of compliance that help companies, and regulators, ensure they are doing business with legitimate clients. While this can fit in the first category — since blockchain can theoretically be used to streamline KYC/AML processes in traditional industries — here we focus on the new challenge of KYC/AML in blockchain and crypto applications.

AML refers to a wide array of regulations and systems that allow companies and regulators to ensure products and services are not used to transfer funds and resources illegally or worse, to support terrorism (CFT — Counter-Financial Terrorism). According to a study by CipherTrace, $760 million worth of assets have been laundered using cryptocurrency just since the beginning of 2018 — three times more than the entire 2017.

Non-compliance can lead to massive fines, as well as heavy reputational and operational costs

KYC/AML is a massive cross industry challenge, extending far beyond blockchain. Even in the heavily scrutinized and regulated traditional finance industry, where users must provide bank accounts, credit histories and other identifiers, KYC/AML accounts for a heavy compliance-related burden.

What makes it a particular challenge in crypto and blockchain, is that they essentially call to remove many of these intermediary agents and enable users to directly hold their assets. Many blockchain innovators particularly emphasize anonymity, altogether raising very specific KYC/AML concerns.

What would KYC and AML look like in a blockchain-based digital economy, then? Would the regulatory solution be to simply illegalize complete anonymity? Or are there intermediary solutions? Those questions — and proposed answers — are debated as part of the blockchain compliance conversation.

3. Personal Identity Information and GDPR concerns

This one’s very specific. The European General Data Protection Regulationthat came into effect in May, introducing rigid restrictions on what companies are allowed to do with users’ personal information. One key tenet of GDPR requirements is users’ right to have their information deleted. At the same time, one of blockchain’s key value propositions is the immutability of data. These two opposing traits make many, including Anne Toth, Head of Data Policy at the World Economic Forum, raise the question: Will blockchain be considered illegal as a mean of recording personal data under GDPR?

General Data Protection Regulation — a compliance challenge for blockchain?

4. Tokenized Securities

One attempt to push the compliance conversation towards the solution phase, is the concept of security tokens.

Initial Coin Offerings (ICOs), a process where blockchain-based tokens are used to raise funds and fuel companies’ products, generated billions of dollars, but also dire concerns of non-compliance with securities and commodities laws. Leading innovators therefore conceived a class of digital assets that also uses blockchain-based tokens to raise money in a way that’s more closely aligned with existing regulations. As Anthony Pompliano defines them quite simply in his Official Guide for Tokenized Securities, “Security Tokens are digital assets subject to federal security regulations.”

Former SEC Commissioner Troy Paredes discussing compliance at the Security Token Summit in NY, early June

It is important to note that to date, regulators have not confirmed that security tokens in their current form will be considered a compliant form of securities. The Security and Exchange Commission (SEC)have clarified that ICOs are almost always a form of securities, and therefore must comply with securities laws. It is yet to be established whether security tokens are in fact compliant with securities laws or not. Pompliano — as well as many others — are convinced that regulators will ultimately approve.

Check out Security Token Academy for a great resource on security tokensand what they can do to the capital raising industry. You’re also welcome to read our impressions from the Security Token Summit in early June.

5. Market Surveillance

Last but not least, trade surveillance is an umbrella term for mechanisms put in place to detect attempts of manipulation, fraud and abuse, as well as provide general visibility into asset markets.

Markets are complex ecosystems, where numerous actors with different roles and interests operate in pursuit of value and profit. Naturally, some actors try to play the system in their favor, through various exercises like “spoofing,” “front-running,” “wash-sales” and other catchy names. Surveillance systems monitor trade and issue alerts when they detect malicious activity. They deter manipulators and allow timely responses to manipulation attempts.

Solidus CEO, Asaf Meir, and CTO, Praveen Kumar, in an interview about blockchain-native trade surveillance

Regulators, committed to leveling the playing field and protecting investors and the economy as a whole, have therefore put in place extensive surveillance requirements for traditional markets. The regulation was intensified significantly since 2008, due to the role of “rogue” traders and other malicious actors in the economic crash that year.

When it comes to blockchain-based asset markets, however, surveillance scarcely exists. The result is gargantuan levels of reported abuse, manipulation and fraud. In some cases, evidence demonstrates that as much as 93% percent of trade volume in established crypto exchanges was in fact the result of manipulation.

The crypto ecosystem is paying a severe price for the lack of surveillance. In monetary terms, a vast amount of value is lost to manipulation. There’s also a reputational cost in terms of credibility and integrity — institutional investors and the general public won’t stop seeing the crypto space as an unsafe environment until strong anti-manipulation standards are instituted.

Finally, from a compliance perspective, it is hard to imagine an evolved crypto ecosystem that does not have to comply with strict surveillance regulation. Regulators will need to know that investors are protected from manipulation and other fraud-related risk, before they can approve of any compliant forms of digital assets. Innovators that begin addressing this issue now, will not only reduce their risk of painful non-compliance fines, but also pave the way to friendly rather than agressive regulation, and an altogether more sustainable ecosystem.


Blockchain compliance is still a nascent concept, and the conversation is ever-evolving. We hope this list is helpful, though there are certainly other noteworthy topics or developments to come. Think of something? Please reach on twitter at @Solidus_Labs, comment here, or shoot us an e-mail to hello@soliduslabs.com.