Blockchain technology is transforming KYC processes with improved security and faster identity checks. However, balancing innovation and regulation while simultaneously managing the compliance landscape remains a challenge for both regulators and businesses.
To shed light on this evolving scenario, we had the pleasure of sitting down with two experts who have long been involved in the worlds of blockchain and regulatory compliance:
- Povilas Steikunas, Head of Partnerships at Ondato, a leading KYC and AML solutions provider.
- Josh Mudway, the host and a seasoned blockchain consultant at PixelPlex, a company at the forefront of developing blockchain and KYT solutions for businesses.
The speakers shared their insights on the intersection of KYC blockchain and AML compliance, the current landscape of regulatory challenges, and the future of digital identity verification.
Let’s get started!
Josh Mudway: Hello everyone, welcome to our Twitter space. The topic for today’s talk is “The Intersection of Blockchain and KYC: Navigating Security and Compliance Challenges.” My guest today is Povilas, Head of Partnerships at Ondato. Thank you for joining us.
Povilas Steikunas: Thank you so much Josh, pleasure to be here.
Josh Mudway: Pleasure to have you as well. Okay, so, kicking off, in recent years, in the digital landscape, we’ve witnessed a significant surge in cybersecurity incidents, including sophisticated fraud and identity scams. Stats reveal an alarming rate of those activities, underscoring the urgent need for robust KYC measures. For instance, in 2022, identity fraud resulted in nearly $52 billion worth of losses, impacting 42 million adults across the U.S.
So, as we explore the role of KYC in blockchain systems and beyond, it would be good if you could share some real-life use cases of non-compliance consequences that you’ve encountered and how you highlight the importance of strong KYC practices.
Povilas Steikunas: Yeah, a very good question, to be honest. I think you already mentioned the losses, right? So, what we’ve witnessed, I perhaps would categorize separately for regulated and non-regulated entities. For regulated entities, the consequences could be huge. It could be financial fines, or it could be a loss of licenses.
We constantly hear from regulators about multiple fines being issued for non-compliance; some entities even lose their licenses. Let’s say, in Lithuania, if we look into the Bank of Lithuania’s notices, we can always see about fines being issued, or even removals of licenses, or downgrades of licenses, in a better scenario, right?
That could be a huge loss from whatever aspect you look at it. For non-regulated companies, of course, non-compliance can turn into big financial losses.
Just take, as an example, car or tool rental companies. For them, it’s important to know who their customers are so that they can manage risk. Just imagine a scenario where you do not know who is using your car, for instance, and an accident happens. This could be a huge loss for everyone due to this non-compliance, for not knowing who the customers are, and there is really no way to get the return on that, not to mention the processes involved.
And the last thing I think that I would like to emphasize is the reputational risk. If you appear anywhere in the media and the news about a fine being issued or about some damages being made, that can affect your brand. Non-existing or poor compliance processes can prevent other clients from coming to you, right? Because your reputation is low or bad.
So, that also has to do with the competition in later stages. And all these compliance-related matters, when it comes to KYC practices, highlight the importance of having a strong and systematic prevention of compliance process aligned with anti-money laundering and terrorist financing for every company.
Josh Mudway: Yeah, I completely agree with that. And I think, from a brand perspective and a reputation standpoint, as you mentioned there, especially within the Web3 space, there’s the stigma around that industry as a whole. So, the more we can implement these kinds of regulations that are going to stop any negative brand reputation throughout the industry, I think, the better it is.
So, we’ve been in the market for, I think, around 17 years, and we’ve seen an increase in cyberattacks, especially within Web3 products. That trend demonstrates the importance of both preventative and protective measures throughout.
For example, we’ve developed a Know Your Transaction solution for our clients. The tool aids in compliance and risk management by detecting dangerous transfers and identifying suspicious entities throughout the process.
We designed it for two reasons. First was to enable users and businesses to quickly identify suspicious transactions and combat theft by crimes. Secondly, it automates AML and CTF compliance checks and case management. So, to do that, the KYT collects and analyzes data and metadata across crypto assets, wallets, transactions, and contracts. It then further transforms and puts that into custom datasets, ML models, and scores to enhance the organization’s market intelligence and compliance efforts.
At the moment, we’ve captured more than 325 million crypto events and more than 2 million dangerous transfer attacks. It’s been very successful, and those figures clearly highlight the importance of vigilance around KYC compliance, especially within Web3.
So I guess as we’re talking about Web3 and the intersection of that with KYC, how do you see the role of KYC evolving within blockchain ecosystems?
Povilas Steikunas: First of all, of course, there are regulatory changes. We all perhaps have heard about the MiCA regulatory changes here in Lithuania, where I’m from. The government, along with the regulator, is taking extra measures and actually enabling them faster.
We have a lot of virtual asset service providers here, whom the regulator wants to start supervising. The first part, for sure, sooner or later, will be regulatory changes that every blockchain ecosystem player will have to adopt and evolve their KYC processes accordingly.
The second thing we see is the increasing trend for decentralized wallets and DeFi systems, which means what is really evolving is a decentralized identity as such, where all the players in the decentralized ecosystems are verified and safe for everyone, but at the same time, private for everyone who the players are.
So, this trend we witness not only within the EU but also overseas. There are good ideas and lots of potential for KYC involvement.
And of course, the decentralized way and the traditional way still rely on what is still there, and they will not disappear anywhere. We see a lot of blockchain ecosystem players adopting the KYC practices, compliance procedures, especially when the regulatory changes are enforced. They have to adapt; otherwise, they would not be able to operate.
Thus, I would highlight these three things. Maybe, Josh, you have something to add from your side as well?
Josh Mudway: No, I think I echo your thoughts on that, really. I believe decentralized identities, decentralized KYC, and all these kinds of improvements are going to be very interesting developments. Hopefully, they evolve in the right way to allow for a competitive but equally effective method within that because I think the more solutions that we have within the space that can help to onboard people, and then also maintain that level of safety, regulation, and just make sure that everything is above board, the better, really.
So, I guess from your side as well, touching on both the decentralized and the traditional KYC methods, what do you see as the biggest challenge that companies will face in complying with the KYC regulations as we evolve?
Povilas Steikunas: Perhaps I would divide that into two parts. The first one being multi-jurisdictional compliance, because what we see is that companies still select providers that are not able to offer compliance solutions because multiple jurisdictions might have different requirements than those assumed. As an example, I give Germany, where, for regulated institutions, a live video call is required, which is another way of providing compliant KYC.
Other jurisdictions, such as India, have pretty much the same requirements. We know from history that in the United Kingdom, for instance, the old version, where a client collects documents and passes them to the system, was most popular, but it became non-compliant anymore. Multiple jurisdictions might have really important requirements that could predetermine whom you have to select from the provider side, but at the same time would require you to adapt that.
That’s where my second thought comes in: what we still witness a lot is not understanding or not having enough expertise on how to build effective internal processes, or sometimes even processes as such. What we see is the overestimation or underestimation of the compliance needs in customer acquisition processes.
What we witness is a lack of efficiency because we still find many processes being performed manually, which frequently brings a lot of risks because you often might undersee those risky customers or suspicious transactions, and these play very important roles within organizations.
Being able to adapt the right solution for the jurisdiction you operate in and having a clear, efficient process online can really help to at least minimize those challenges for companies.
Josh Mudway: I agree with that. I think, as well, the nature of regulations constantly evolving makes it challenging for businesses to keep up, especially within the blockchain space — such a fast-moving, innovative area.
This means that the regulatory standards are constantly trying to catch up with the innovations and changes, making it very difficult to match that fast-paced infrastructure with the kind of regulations that are trying to follow it. For businesses to also follow this constantly evolving cycle, I think, is also a little bit difficult.
You mentioned MiCA there as well. I think a part of their framework is that crypto asset service providers need to carry out a risk-based approach towards their customers to ensure the continuous monitoring of transactional behavior. So that’s another element requiring real-time tracking.
And then, I think, there’s the Travel Rule by the FATF that requires financial institutions to share relevant beneficiary information with the counterparty or other financial institutions during or before the transaction. So, again, lots of quite fast-acting rules that are being put in place for them to stay on top of.
I guess, as well, in light of the constantly evolving regulatory requirements and the introduction of these new regulations, how do you view these changes impacting the complexity and effectiveness of KYC and AML from your perspective?
Povilas Steikunas: Actually, it impacts a lot. You just mentioned the importance of keeping up with regulatory changes. What we have to understand from the very beginning is that every part is evolving, every industry is evolving, so regulation is as well. What we need to do is to adapt to this.
What we witness is that the elements of fraud are changing themselves, and fraudsters adapt to new ways. Currently, we can hear a lot in the public about artificial intelligence-related risks or deep fakes. I heard recently about one case where a banker was having a real conversation with a person who pretended to be the right person, but because of AI and deep fake, this banker made a very big mistake, and a huge transaction was simply processed.
So, what I want to say is that it’s natural that for regulation, it is time to change, and it changes from time to time, constantly, but also businesses themselves need to adapt to those new models.
The essential problem is that typically the new regulation doesn’t answer the question of how to do that. Usually, it just provides guidance on how to do so, and for businesses, it’s becoming quite hard to adapt to those questions on how.
Very frequently, we at Ondato receive those questions: “What do you guys think? How could we do that?” etc. So, it is important to have a strong partner, a strong vendor, as well as for businesses to form their compliance policies and practices within the organizations.
In addition to that, I would add that, looking from the crypto perspective, we can see that the market is naturally becoming more mature. If you look back 7 years ago, electronic money institutions were not as regulated, but over time, this evolved. The same is happening with the blockchain market and with crypto as well.
So, as we say, you know, if we see an animal that looks like a bird, sounds like a bird, perhaps it’s a bird, isn’t it? These processes are very natural, and we can expect more and more maturity in the blockchain market.
Josh Mudway: And I think, as the regulatory requirements are constantly changing and developing, it’s undoubtedly going to increase the complexity of the compliance processes that go with it. But, at the same time, as you say, naturally, in an almost evolutionary kind of way, it will also drive the efficiency of the countermeasures that are put in place for it, with more sophisticated and reliable security measures for AML and fraud protection. It’s a forced innovation within the space that, ultimately, hopefully, will lead to more secure processes for the users within the system, basically.
I think since the regulatory landscape is constantly evolving, presenting new challenges for businesses striving to remain compliant, it’s critical for companies to stay informed about the latest changes within the space.
So, with the latest changes, in your opinion, what kind of future developments or trends that you’re seeing within the KYC compliance space should businesses be aware of on the horizon?
Povilas Steikunas: Yeah, in fact, you just mentioned, Josh, about streamlining the compliance procedures, about adding stronger solutions, etc. So naturally, we tend to do more checks, more registry checks, etc., adding those security components into the process. Everyone can be scared of AI coming in, deep fakes, so what do I have to do, etc.
But what needs to be understood is that providers also do not sit in one place. If we have a fire, we fight with fire, right? We do enable more spoofing detections, more registry checks. New ecosystems, I could even say, are forming, where we’re not only able to understand who the person is but also monitor the behavior of this person, the transactional side of it, form multiple risk scores, and get some conclusions out of it, and then supervise this on an ongoing basis.
So, what I also see a lot is those forming ecosystems where not only digital identity verifications come into place but those elements that you guys have, such as money movement, crypto movement as such. Plus, again, I will repeat myself, decentralized identity wallets, like that’s another way on how to prevent; you are actually creating a decentralized ecosystem with safe identities.
In future developments, we can see that this will be evolving even more and more, but they are already, you know, in place, and even you have quite a variety to choose from.
Josh Mudway: Yeah, I agree, especially with what you mentioned there about AI and deep fakes on the rise. We saw in 2023 a 155% spike in account takeovers with those systems. So, as well as the decentralized aspects of what you’re mentioning, I think we’ll also see a push towards more robust biometric verification, things that will be able to verify you as a person to help combat the rise in AI aspects. I think we’re likely to see businesses adopting innovative fraud preventative measures, like I mentioned, biometric, but also AI-powered solutions to combat AI effectively, and then blockchain-based identity verification, which has a stronger, kind of immutable element to it.
So, I think that the overlap of those systems, hopefully, will create quite a robust countermeasure to the kind of things that we’re seeing on the horizon. I guess another point to discuss, with the current landscape as well, would be technology adoption across the various sectors.
I guess finance is arguably at the forefront of adopting blockchain and KYC at the moment because of the necessity for it. But, in your opinion, what other sectors are looking for that will significantly adopt this kind of integration, and why?
Povilas Steikunas: In my personal opinion, what we hear a lot from the U.S. is that healthcare is the sector that is poised to significantly adopt blockchain and KYC integration. The reason for this is because healthcare organizations handle vast amounts of sensitive patient data, including medical records, personal information, and payment details. So, implementing blockchain technology with an integrated KYC process can help to enhance data security and privacy across various healthcare systems.
Another sector in the European landscape would be marketplaces. The new regulation called DAC7 is being implemented, and what it requires is an obligation on the reporting of multiple elements related to identity verification and money movement. So, companies such as Amazon and eBay, with this new regulation, are forced to implement that. I would say this is a good opportunity to evolve on the blockchain due to privacy reasons.
So, I would classify perhaps these two as the most recent that would be adopting, but this is something that will definitely be interesting to witness in the near future.
Josh Mudway: Yeah, I think I agree with that, especially around healthcare. I believe that’s going to be the biggest adoption, having the ability to have your information securely stored wherever you are. I think there will be quite a large use case there, with things that are going on in the world at the moment with refugees, with people being able to access their medical records, decentralized, wherever they are, and then that being kind of safe, secure, immutable. I think that will be a big benefit for the blockchain solution within healthcare as well.
And then, as you mentioned, things like eCommerce, where those enhanced security measures with the online transactions will help with fraud prevention. So, I think there’s a lot of cross-pollination within the industries, but yeah, I agree, I think healthcare is probably the next quick adoption of it.
I guess with that, then, on the kind of final point for discussion, can you share some tips for businesses that are looking to enhance their security, especially in terms of identity verification and fraud prevention, anything that the readers would be able to benefit from?
Povilas Steikunas: Yeah, sure. I’m just happy, first of all, with the reaction to the previous note, that we sort of agree, so I was thinking it’s good to know we’re on the same page.
Sharing tips for businesses, I think we mentioned so quickly, so I would like to sort of wrap it up. It’s important to stay updated on the regulatory requirements first because you then know what is required, and what businesses have to be prepared for.
Secondly, adapt the internal processes accordingly. That involves having clear internal compliance policies and procedures that are followed, along with partnerships with trusted vendors who can provide regulatory compliant processes. These should be followed with secure, certified solutions that meet at least the minimum standards.
Then, I think, having that, it’s important to educate both employees and customers. Multiple trainings and best practice implementations would help because what I see in really successful organizations are those that are able to monitor and analyze user behavior when they are aware of the full client cycle. So, they are able to monitor and mitigate potential risks, plus then boost their existing processes and even tools. So, lastly, of course, when you know what is missing, you can add security elements such as multiple-factor authentications, biometric authentications, etc.
In order, you know, to adapt to these increasing fraud elements, this deep fake and AI that we mentioned. So, we see that it’s like a systematic approach towards evolving. You start from the regulatory requirements, right? Shape it internally, select the right user, educate the customers, supervise your client base, and then improve what is missing. So, that would be perhaps some tips from my end.
Josh Mudway: Yeah, definitely. I think what you mentioned there about education and training is important, right? People are the first line of defense. So, making sure that they’re aware of what they should be looking out for and how to operate within those procedures is always the first part of that strategy.
And then, from my perspective, it’s also important to prioritize integrating advanced technologies such as AI-driven monitoring systems and blockchain-powered risk management solutions — anything that can act as that second layer to help you with the advances on the other side of what’s coming. And then, as you mentioned as well, just keeping up to date with the latest trends and new information that’s coming out within the space to make sure that your team is fully abreast of what’s happening in order to maintain those defenses.
So, I agree with you. A combination of tech and people, and then vigilance, basically, is the key to bringing those elements together.
Okay, so I think that’s a wrap from my side. If there are any closing remarks that you wanted to go with, Povilas, that would be okay. If not, we can wrap that up.
Povilas Steikunas: Yeah, I guess for a closing remark, a couple of things. One is that compliance, as such, is frequently overlooked and sometimes understood merely as a duty, as a money expense, etc. But what we need to understand and keep in mind is that this can actually be a benefit for every business to have a good compliance process because that could save money, protect your reputation, and clearly identify any risks, right? So, compliance, from my perspective, is an investment, rather than an expense.
And of course, secondly, I would like to thank you, Josh, for hosting this short conversation. I really hope the public found it interesting. And in case of any questions, feel free to approach me through X or LinkedIn. So, thank you for today, and good luck everyone with your compliance strategies.
Josh Mudway: Perfect, great. And thank you as well for your insights into the topic and contributions toward the questions. It’s been very interesting. So yeah, we will finish it there.
On our side as well, feel free to reach out if you have any additional questions that you would like followed up. And then apart from that, we’ll catch you for the next one. So thank you for tuning in and speak to you soon.
Povilas Steikunas: Thanks, bye-bye.
About Ondato
Ondato is a top provider of KYC and AML solutions, offering comprehensive identity verification services to businesses worldwide.
With advanced technology and robust compliance measures, Ondato helps organizations mitigate risks and ensure regulatory compliance. Their user-friendly platform streamlines the onboarding process, enabling businesses to verify customer identities quickly and securely.
About PixelPlex
PixelPlex blockchain consulting company specializes in developing blockchain solutions for businesses.
With a track record of 80+ groundbreaking blockchain projects and numerous smart contract audits, PixelPlex stands at the forefront of blockchain technology advancement. From finance and healthcare to supply chain management and beyond, PixelPlex provides tailored blockchain development services and solutions, driving innovation and efficiency across various sectors.
Contact us to start your journey today.