KYC in Stablecoins

Summary: Issuers of today’s fiat-backed stablecoins (such as PAX, USDC and TUSD) need to identify (or KYC) only those users who convert between bank account money and stablecoin, not all holders.

Some people might be surprised that intermediate users of stablecoin may transact without needing to being identified by the issuers. Yet few people know that there are kill-switches built in that can hinder bad actors. This arrangement can be described as permissioned pseudonymity. Stablecoin issuers have permission by their regulators to have pseudonymous users in their network.

Permissioned pseudonymity is positive for innovation while the industry explores the most productive uses for stablecoins.

💹 Which stablecoins?

In this post I am specifically discussing USD denominated stablecoins which are redeemable for USD in commercial bank accounts, and whose issuers seem to work with financial regulators to stay compliant with applicable laws and regulations. Popular stablecoins in this category are:

• PAX issued by Paxos
• USDC issued by Circle and Coinbase
• TUSD (TrueUSD) issued by TrustToken

(Note: USDT issued by Tether (the company) is the most popular USD stablecoin by far, but the working relationship between the issuer and financial authorities unclear to me.)

📇 Knowing Your Customer

Many people think that all financial institutions need to know all of their customers all the time. In many cases, it’s true – think of the documents you need to produce when you open your bank account.

But in other cases this isn’t so. Often issuers can take a risk-based approach. In some jurisdictions you can buy and load prepaid cards up to certain limits and use them widely. Hong Kong’s Octopus card is one example. In other cases you can hold small amounts in digital wallets before you hit transaction or balance limits.

The rule certainly isn’t “You must always know all your customers all the time”. Fortunately we live in a world of nuance and risk-based approaches. Stablecoins provide another example of something somewhere in the middle.

😨 Not Knowing Your Customer

When you want to buy a stablecoin from an issuer, you send them money through the existing banking system. The issuer then transfers stablecoin tokens to your blockchain wallet. Redemption is the opposite of this: You send your stablecoins back to the issuer and they send money to your bank account.

Purchasers and redeemers of blockchain-based stablecoins need to have a Know-Your-Customer or “KYC” relationship with the issuer. Yet once you hold a stablecoin, you can send it to anyone with a cryptocurrency wallet. The stablecoins can be passed from unidentified account to unidentified account, with transactions recorded on the underlying blockchain (currently Ethereum is the most popular blockchain for this). Only the redeemer, who brings the stablecoin back to the issuer, needs to be identified by the issuer.

This is similar to physical cash: customers who wish to convert bank deposits into physical cash or vice versa need to be identified by the bank and have a KYC relationship. But outside of the banking system, cash can be passed between people without them having a direct KYC relationship to the bank.

😱 Oh no, unidentified money!

Relax. While pseudonymous accounts may sit uncomfortably with people believe that all money should be identified (lest terrorists become enabled). blockchain-tracked digital money is no worse than other ways of transferring money in the existing financial system. In fact, in some ways it’s more traceable.

Today, people can use numbered bank accounts or bank accounts controlled companies with nominee directors. Criminals love British companies because you can set one up for under £20 in less than 20 minutes. And you don’t have to provide any identity information. Then you just set up a few more companies in different jurisdictions, and you can make large amounts of money disappear. Here’s How Britain can help you get away with stealing millions: a five-step guide by Oliver Bullough in The Guardian.

In fact, due to the nature of the blockchains that record these transactions, stablecoins are more traceable than money moving around the traditional financial systems, recorded as debits and credits in different independent banking systems. On the blockchains, law enforcement can see in realtime the movement of funds from account to account, without needing to subpoena anyone or trying to cooperate internationally or across jurisdictional lines.

Blockchain based money is also of course is much more transparent than physical cash, which does not leave any record of historical ownership; but it’s much also less financially inclusive than physical cash which everyone knows how to use.

🥶 Freezing and wiping accounts

If you look into the smart contract code that defines the stablecoins, you can see that accounts can be frozen using special transactions sent to the blockchain.

For example, Paxos (my previous employer who sets a high bar for regulatory compliance) states in its Terms and Conditions (retrieved 29 Oct 2019) that they can freeze all tokens regardless of where they are held:

A law enforcement user can freeze and wipe PAX balances associated with specific Ethereum accounts. Search for “freeze” in the PAX smart contract code. This is different to physical cash!

This means that although the issuer may not be able to map a real world identity to the pseudonymous account holding their stablecoin, they can effectively freeze and wipe the account – presumably on demand from a financial regulator or law enforcement. This ability gives comfort to those who want to see a “kill switch”. Here’s an article about it from TheNextWeb.

🎉 Enabling innovation

So with approved stablecoins, we have:

• Low-volatility assets (typically, fiat-backed stablecoins trade within 1% of their underlying fiat price, ie between 0.99 and 1.01 to 1)
• Money that can move with a lot less friction than money in bank accounts (banks have opening hours, they may not allow programmatic instructions, they may overburden their customers for unnecessary information requests as they over-comply with regulations)
• Money that can move as long as the blockchain is working (instead of catering to scheduled and unscheduled system downtime that exists with centralised financial service providers)
• Money that can be programmed, escrowed, released, automated in smart contracts defined by code
• Money that leaves an ownership trail on their respective blockchains, that can be analysed
• Money that can, if needed, be frozen and wiped

Permissioned pseudonymity seems to be a sensible balance between allowing innovation without enabling large scale abuses of the financial system.