Cardano and regulation

The traditional financial world is highly regulated and controlled by many authorities. KYC/AML is the standard without which no financial intermediary can offer its services. Everything is governed by decades-old laws. Occasionally, a new one comes along. No one is too concerned about whether the current state of affairs suits us and whether the laws should be fundamentally changed. Cardano will be a global financial and social operating system. Blockchain technology was created on principles that do not comply with current laws. Cardano has no built-in support for KYC/AML. Anyone is free to run any financial service. Users can use these services without providing private information or asking for permission. As the adoption of cryptocurrencies grows, it will strengthen the position of the alternative world against the traditional highly regulated financial world. Moreover, this alternative is based on completely different principles and rules. How should the Cardano community approach efforts to regulate cryptocurrencies? We should insist that the authorities do not restrict the functioning of the first layer and DeFi.

TLDR:

• Cardano is a global network. There is no mailing address to send a request for transaction censorship.
• Technologically, it is not possible to freeze a blockchain account.
• If it were criminal to send an on-chain transaction, people simply won't do it. Cardano would not be an alternative financial world, but an enemy of the state.
• We believe that the same rules that apply to the Internet today can also apply to blockchain technology.
• If we were to very vaguely define a boundary that would be untouchable by regulators, it would be source code development and the use of decentralized applications.
• If regulators try to restrict technology just to prevent something bad from happening, what will unfortunately happen is that they will also prevent the good from happening.
• It is possible to regulate CeFi because people make decisions in this industry. Users have to trust a third party, similar to TradFi.
• Decentralisation is about change at the level of trust. Instead of trusting intermediaries and the entire legal system, the source code and principles of decentralisation can be trusted.
• Due to the nature of decentralization, it is not possible to require all developers to comply with regulations globally. Regulation is not enforceable and can be easily circumvented.
• Inappropriate regulation can destroy all the benefits of decentralisation and prevent us from building a potentially better financial world.

Regulations are there to protect us

The authorities monitor all financial transactions and have full control over financial services. Governments seek to protect consumers and want to prevent fraudulent practices by middlemen. This is advantageous for us because intermediaries cannot take full advantage of their position. The downside is that regulation has created an environment that is very difficult to enter. It is often necessary to obtain a licence to do business in the financial world, which can be a costly and bureaucratic process.

Controlling the financial system is beneficial to governments. They can prevent the financing of terrorism or the commission of the crime. In this case, control over the system is justified because it is in the interest of the majority to fight crime.

From the perspective of the principles of decentralised technologies, it can be difficult to define the boundary of control correctly. Cardano has no internal mechanism to prevent someone from sending a transaction or using the DeFi service. Anyone in the world can install a Cardano wallet and send a transaction to the other side of the world. A simple transaction has no context in it that pool operators can examine.

Regulation is broadly defined as the imposition of rules by the government, backed by the use of penalties that are intended specifically to modify the economic behaviour of individuals and firms in the private sector. Regulators would like blockchain networks to function similarly to the traditional financial system. Specifically, to be able to add context to transactions, to be able to block specific transactions, or even freeze users' accounts if the authority requires it.

Regulations are a controversial topic as they are directive by governments and are binding. Some people agree with them, and others disagree. Even those who disagree must comply with the demands of regulation if they do not want to break the law and risk punishment.

Technologically, it is not possible to freeze a blockchain account, or more precisely, the addresses of users. Coins and tokens are owned directly by users through cryptographic secrets. Only those who own the private key can sign the transaction. Users do not have to provide KYC/AML information to anyone when setting up a wallet. Centralized exchanges are forced to link private user information to blockchain addresses, but this is an external third-party tool to facilitate on-chain data analysis.

Authorities may know the blockchain addresses of users that are on sanction lists and may want to require censorship of transactions. The problem is that this request cannot be directed to any specific mailing address. Authorities would have to contact all pool operators or impose penalties for not complying with their requests. The problem is that once a single pool operator puts a transaction with an address from the sanction list into the block, the funds are sent. And because Cardano is a global network, U.S. authorities will be hard-pressed to require a pool operator from another jurisdiction to censor transactions.

A high percentage of Ethereum blocks created recently have been OFAC compliant. How is that possible when we just said censorship is not possible? Many of the validators are from the US and have voluntarily chosen to comply with the censorship requirements. It is important to say that at the moment all transactions get into the blockchain, but those that are on the OFAC list are delayed. A transaction from an OFAC list can be added to the block by a validator from, for example, Asia, Africa or South America. It can even be done by an anonymous validator from the USA who believes he will not be caught.

If the regulators insisted on not being able to move funds through Cardano, they would have to try to stop the network. This is probably impossible as there are thousands of pools around the world that produce blocks and thousands of people around the world who would be happy to run their pool if it was economically worthwhile.

So how to deal with regulation? It is clear that legislators and regulators are not satisfied with "can't do it". It is not in anyone's interest for regulators to ban ordinary people from using blockchain technology simply because they cannot enforce regulations. The majority of the population will not fight government regulations. If it were criminal to send an on-chain transaction, people simply won't do it. Cardano would not be an alternative financial world, but an enemy of the state. I believe that for many of us, this is not the state we want to get to.

Dialogue between legislators and representatives of the decentralised world is the best way to reach a consensus that both sides are happy with. The Cardano Foundation and the IOG team are working with legislators to explain how Cardano works, and what is possible and what is not.

Finding the boundary between decentralisation and the requirements of regulators

From our perspective, Cardano and all decentralised networks, in general, must retain the basic principles on which they are built. No one is stopping you from installing any app you want on your own phone. No one is restricting you from using any social network. You can use any protocol on the internet, including those that encrypt communications, and no one is stopping you. We believe that the same rules that apply to the Internet today can also apply to blockchain technology. Cardano is nothing more than a network protocol. What is innovative is the ability to create, own and send value. ADA coins have a market value similar to that of, for example, NFTs or other tokens. Imagine if authorities wanted to regulate the sending of images over the internet.

If we were to very vaguely define a boundary that would be untouchable by regulators, it would be source code development and the use of decentralized applications. Developers should have full freedom over what software they create and deploy. Users are free to decide whether they want to use the software. This applies to pool operators (and validators) and DeFi applications. Regulators must not prohibit anyone from producing blocks or interfering with transaction selection. Regulators should not prohibit people from using DeFi services, as these are essentially just a kind of application logic over sending transactions.

Blockchain is seen by regulators as a tool through which wealth can be quickly and cheaply transferred around the world. This can potentially be used by terrorists. Should we ban the entire technology because of this? If we ban it, we will only make it more difficult for the terrorist to transfer, but we will not prevent him from trying to obtain money by other means (cash) and commit evil.

If we ban or restrict specific projects, new ones will emerge. In time, technology will probably emerge that is more anonymous and cannot be stopped and perhaps not even traced. Perhaps such networks already exist and are beyond the attention of the mainstream attention. Remember how regulators tried to stop music and movies from being distributed over the Internet? They failed. Today we can pay for media content or download it for free.

Is anyone trying to do something about this? The internet has managed to disrupt the music and film industry. New platforms have replaced the traditional music and TV giants and new business models have emerged. Competition and the quality of content have increased. People can consume what they want, not what is presented to them. Wouldn't it be great if something similar could be done in the financial industry?

If regulators try to restrict technology just to prevent something bad from happening, what will unfortunately happen is that they will also prevent the good from happening. Any technology is useful in the right hands and can become a weapon if it is wielded properly. It is not very smart to prevent the natural development of technology just because it can be misused. With such an approach, we could not use atomic energy, money or the Internet.

We understand that if OFAC (Office of Foreign Assets Control) puts a particular person on a sanctions list, there is a good reason for that. But what if the whole nation is on it? Is it really possible for all the people of one nation to be guilty of something and not be able to use financial services? Should the whole nation suffer because a small group of politicians don't understand each other? This type of restriction makes no sense. If OFAC wants to insist on it, it must realize that a global network run by thousands of people from other jurisdictions cannot be centrally controlled.

Probably the best approach for regulators is one where they leave the decentralised world as it is. It is possible to regulate CeFi because people make decisions in this industry. Users have to trust a third party, similar to TradFi. Cryptocurrency custodial services should be subject to regulation as it is a similar principle to when people keep money in the bank. Regulating centralized exchanges is probably fine. We do not like it, though. Requiring KYC/AML information of all users is debatable, but we understand that it should not be possible to launder dirty money through centralized exchanges.

If stock tokenization occurs, we are somewhere between CeFi and DeFi. It's needed for a CeFi company that makes a tokenized stock to be regulated. Stablecoins backed by fiat currencies are a similar case. If someone is going to hold USD in the bank and claim that stablecoins are backed 1:1, someone needs to oversee that. Once stocks or stablecoins are held by users in their own blockchain wallet, they should be out of regulatory reach with all the risks that entail.

In code we trust

Once in DeFi world, the user should be aware of all risks, just as on the Internet, and behave accordingly. In DeFi, people don't trust people, they trust the source code. That's a big difference. The cryptocurrency industry should define its own quality standards and fraud protection.

The most interesting thing about cryptocurrencies is the possibility of self-custody of digital assets, the belief in decentralized software, and global availability. People are greedy, can misjudge some market events based on subjective opinions, and are prone to cheat or misuse their position. Decentralized software addresses exactly these shortcomings.

The code is the rules. Code cannot cheat or behave differently than intended. Decentralization makes it impossible to change the rules or stop the code from being executed. There is no need for users to be protected by regulation. It is more important that quality standards emerge and people can trust the code.

Decentralisation is about change at the level of trust. Instead of trusting intermediaries and the entire legal system, the source code and principles of decentralisation can be trusted.

Some people are calling for front-end (user interface) regulation. Smart contracts would remain untouchable, but anyone who wanted to offer a decentralized service through the front end would have to get a license. This is unacceptable since most users use the blockchain through the front end. If current users were forced to start using their own full nodes, adoption would slow down noticeably and possibly stop forever. Moreover, technological innovations could circumvent this regulation in a few years. The front end would not necessarily be a server running on Amazon, but part of a decentralized infrastructure. Regulating the front end would restrict ordinary users but would not prevent terrorists from using the blockchain, as they would be motivated to circumvent the barriers. Getting a license could eventually be similar to trying to open your own bank. That is, almost impossible for most entrepreneurs with little capital.

The source code cannot be regulated, only checked to make sure there are no backdoors and no critical bugs. In the case of Peer-to-Peer communication, there is no third party to regulate or supervise. The owners of the assets are always users or the source code. It is not in the power of regulators to require every developer in the world to ask permission before deploying their DeFi service. So it makes no sense to put KYC/AML requirements on them. A smart contract can be deployed completely anonymously and people can start using it immediately.

If a team wants to deploy a DeFi service that complies with regulations they can voluntarily do so. Due to the nature of decentralization, it is not possible to require all developers to comply with regulations globally. Regulation is not enforceable and can be easily circumvented.

Not everyone is able to judge whether a smart contract is written correctly and will behave exactly as users expect. Community, competition and market principles are sufficient to create services that are reliable and trustworthy. Users need to educate themselves, become active members of communities and learn to manage risks themselves. Regulation will not help much with this. If some users choose to trust CeFi more, that is their choice and regulation is desirable for these services. People should have the right to decide whether they want to use CeFi and sacrifice their privacy or use DeFi and remain anonymous.

Conclusion

The laws clearly describe all offences. If it is criminal to send value to a terrorist, authorities should focus on specific acts instead of hindering the development of a new industry. Blockchain is more transparent than traditional financial services and authorities have on-chain data. There is nothing stopping them from cracking down on crime.

The financial system cannot remain transparent. Nobody wants the whole world looking into their wallet. People have a right to privacy. The Cardano ecosystem will sooner or later have the tools to make transactions anonymized. Does that mean they will break the law? Not necessarily. Privacy doesn't have to be a binary property. Decentralized identity and other technologies will make it possible to build services that allow the identity of the sender and receiver to be verified without publicly revealing their identity and the amount sent. If two Americans send each other an amount of, say, up to $50K, the transaction could go through completely anonymously and the authorities would have no problem with it. Building similar systems will require the cooperation of the authorities and their ability to trust the code. Let's build external tools, but never limit the functioning of the first layers.

Inappropriate regulation can destroy all the benefits of decentralisation and prevent us from building a potentially better financial world. Cardano's mission is to become a global financial operating system, especially for those who don't have one. Banning technology essentially means preventing developing countries and the many refugees living in foreign countries (including the US) from creating and using financial systems they still don't have.

Regulators may want to ban technology just because it makes their job easier and they don't have to deal with tools that are alternatives to regulated financial services. However, they should not overlook the potential of blockchain and the big picture.