Regulators are Getting it Wrong on Self-Custody, Control, and Identity

The EU proposal demanding centralized crypto exchanges and other custodial wallet providers to collect and verify personal details of self-custodial wallet users indicates the peril of recycling rules of traditional finance and trying to impose them on cryptos without acknowledging the differences. 

Self-Custody, Identity, and Control: Identifying the Missing Link

The primary objective of the EU policy is to promote traceability, just like the way traditional types of money transfers happen. The assumption is that each self-custodial wallet can be linked to an individual’s verifiable identity and that this individual is the one that controls the wallet. This assumption is fundamentally wrong. 

In traditional finance (TradeFi), each bank account links to the identity of the account holder, implying that this person is the account controller. So, if you share your online bank details with another person (maybe a business partner), you will be able to regain control even if the partner changes the login details: simply because you are the account holder. In this situation, identity provides absolute control. 

In the case of self-custodial wallets in the crypto niche, control is held by the person with the private keys to the wallet. Therefore, control cannot be linked to any person’s identity, and there is no one in a decentralized blockchain to prove the identity: it is only the private keys that can. Once you download the software and store the keys, you have ownership. 

Read more: How to Choose a Crypto Wallet? 

Implementation of the Proposed Rules Impossible 

Assume that Jane wants to send 2ETH from her custodial wallet to Bob’s self-custodial wallet to pay for a service rendered. According to the new proposal, the requirement is that Jane would have to collect Bob’s details, such as date & place of birth, residential address, name, wallet address, and personal identification number, and then verify the details are correct. So, Jane would ask Bob for all the details and then forward them to the custodial wallet provider. 

This rule would also apply to the smallest threshold because it does not specify the minimum. If the information is not verified, the custodial wallet holder would be required to return the funds to the sender.

The issue with the proposal is that identity does not equal control, especially when working in the financial world. This makes implementing compliance near impossible. Again, the long list of information that people are required to provide to senders would expose legitimate crypto holders to massive security risks. 

According to Stepan Uherik, the chief financial officer of SatoshiLabs, the proposal would only cover a very small portion of non-custodial wallets, motivating users to look beyond the popular stores. Desktop and hardware wallets would not be affected. 

Next, legislators will face the huge task of crafting compliance processes, which are likely to fail. For example, they are likely to result in making EU-based custodial wallet providers opt to limit the movement of crypto to and from non-custodial wallets and discourage talents and capital. Ultimately, these moves would see mass exodus from the EU. 

Now is the best time for the EU crypto niche to engage policymakers and promote outcome-based policies that factor in how cryptos operate.

Comments are closed.