Emerging technologies are reshaping the financial services industry. On one end of the spectrum, initiatives such as Real-Time Payments and ISO20022 are modernizing existing payment infrastructure, making it faster and more efficient. On the other end, blockchain and distributed ledger technologies (DLT) are laying the foundation for an alternative ecosystem involving digital assets and cryptocurrencies.

Decentralized Finance (DeFi) is a subset of the cryptocurrency ecosystem that facilitates a fresh and democratic approach to financial services. In this article, I will try to uncover the buzz around decentralized finance, why and how criminals are using this ecosystem, and how the industry is evolving to realize its full potential.

Decentralized Finance Defined

Decentralized Finance, better known as DeFi, is a new approach to financial services. Unlike the traditional model, where banks and other financial institutions act as intermediaries and provide financial services, decentralized finance utilizes modern distributed technologies, including peer-to-peer networks and blockchain, to empower individuals to get financial services without any middleman.

In DeFi, transactions are managed through smart contracts and are recorded and validated on a distributed public blockchain. Smart contracts are software programs deployed on a blockchain that execute actions after meeting predefined conditions. These programs can be directly invoked by the users and can be used to automate contract execution without going through a centralized intermediary.  

DeFi Potential and Illicit Finance Challenges

The potential impact of DeFi is profound. Transparency, security, operational efficiencies, lower transaction cost, geographical independence, and broader financial inclusion are some of the stated benefits of decentralized finance. All you need is an internet connection to access these services and platforms.

Decentralized finance is an emerging financial technology. Participation in it is complex and requires specialized knowledge. Currently, it is popular among a select few – groups with a high-risk appetite, primarily tech and crypto-savvy investors, innovators, and the younger generation, including millennials and Gen Z. The primary drivers for these early adopters are innovation, speculation, and fear of missing out (FOMO).

Another group of people attracted to DeFi are cyber and other criminals. They use these platforms to transfer and launder their ill-gotten money or steal funds by exploiting weaknesses within the DeFi ecosystem. The criminals find DeFi attractive due to the following reasons:

• The industry is largely unregulated. While regulators are catching up with the innovation in crypto space, the industry needs clarity on what regulations apply to DeFi services. Some seek to take advantage of this ambiguity and move their services from a traditional to a decentralized structure to avoid compliance. Many platforms even allow users to use their services without proper customer identification information. With a lack of oversight, there is a fear that bad actors will continue to abuse these platforms.
• Use of anonymity-enhancing features. User anonymity (pseudonymity) and easy accessibility are two distinctive features of DeFi applications. A criminal can access these services from anywhere in the world with an internet connection without revealing his identity. Some cryptocurrencies and DeFi applications, such as decentralized mixers, push user privacy even further by implementing additional anonymity-enhancing features to hide the movement and origin of the funds.
• Vulnerabilities within the DeFi ecosystem. DeFi is inherently complicated and has a steep learning curve. Given the growth potential, there is a sense of urgency among entrepreneurs and investors to launch new services in this space without proper testing and diligence. Cybercriminals are taking advantage of the situation and exploiting cyber security and other technological implementation gaps/weaknesses to steal virtual assets from these platforms.

Financial Crime Using DeFi Ecosystem 

Criminals use the following services to move and launder crime proceeds within the DeFi ecosystem.

• Exchanges providing on-ramp and off-ramp services. On-ramps and Off-ramps are the gatekeepers to the DeFi ecosystem, providing entry and exit points for conversion between digital and fiat currency. ‘On-ramping’ is when you exchange your fiat currency for digital assets, and ‘Off-ramping’ is when you cash out your digital assets into fiat currency. The most common place for this exchange is the centralized exchange (CEX). Criminals find and use exchanges that are non-compliant with AML/CFT standards and based in high-risk jurisdictions.
• Decentralized Exchanges (DEX) and Cross-Chain Bridges. Once inside the crypto world, criminals use DEX and cross-chain bridges to move from one digital asset to another. While DEXs facilitate exchange between virtual assets within one blockchain, Cross-Chain bridges allow users to convert virtual assets across blockchains. Criminals use these platforms to swap digital assets and invest their ill-gotten money in the liquidity pools to earn interest income as a layering and placement technique.
• Virtual Asset Mixers. Even though transactions stored on a blockchain are pseudonymous, there are ways to trace them back to the actual user. Mixing services were introduced to increase user privacy and anonymity. Mixers, also known as tumblers, are software services that mix all the virtual assets from different users to obfuscate the whole transaction trail, including origin, destination, counterparties, and amount. Mixers are an increasingly popular money laundering technique among illicit actors.

The Path Forward

The DeFi market is still very young and small compared to traditional finance. Regulatory and consumer concerns must be addressed to enable greater acceptance of this technological-driven change. Development in the following areas is needed to take it forward:

• Broaden the scope of AML/CFT regulation to include DeFi services. Efforts are underway to regulate crypto activities and DeFi services through various initiatives. In the latest guidance on virtual assets, FATF recommended regulating people with substantial influence and control over DeFi arrangements. Recently, the US Treasury published its first Illicit Finance risk assessment of DeFi, identifying critical vulnerabilities and further stressing the need for greater regulatory oversight.
•  Increase implementation, supervision, and enforcement of existing AML/CFT regulations: There is an uptick in regulatory enforcement actions in the digital asset industry. The trend is likely to continue as the industry matures. However, there are challenges. Decentralized services claim to be governed automatically by participating users in a democratic fashion. Identifying and monitoring persons with substantial control would be difficult in a decentralized structure. Standards and best practices must be developed to provide clear guidelines for adequate supervision and enforcement.
• Spread awareness and provide clarity to industry participants of DeFi-related regulations. There needs to be more clarity within the industry about what DeFi platforms and services have regulatory obligations. There is a need for continuous and proactive engagement between regulators and industry participants.
• Technological innovation to protect user privacy:  Increased regulation has raised concerns among investors and the user community about user privacy, one of the central tenets of blockchain-based technologies. Solutions based on emerging cryptographic techniques, such as zero-knowledge Proof (ZKP) and decentralized identity (DID), are gaining traction to address user privacy and security concerns.
  
•  Implementation of cybersecurity and other security measures by DeFi service providers. Security is one of the main concerns for most people entering DeFi. Cybercriminals and hackers are exploiting weaknesses presented in the DeFi ecosystem. DeFi service providers should perform relevant security checks and implement tools and controls to identify and mitigate vulnerabilities quickly. 

It is an exciting time with a lot of development in crypto and DeFi space. At present, DeFi is a relatively small market but growing significantly. A cautious approach with the right controls to mitigate risks will pave the way for the future of financial services.
Authored by “Amit Gupta, Director Financial Crime & Fraud @ Matrix-IFS”