ACH and Fiat OnRamps in the US- Optimizing for Speed & Minimizing Fraud
Compliance Experts Panel :
Adam Shapiro, Core Innovation Capital (moderator)
Angela Angelovksa-Wilson, Co-Founder & Chief Legal Officer, Sila
Daniel Gorfine, Former Chief Innovation Officer at LabCTFC
Eric Turner VP of Market Intelligence. Messari
Cryptocurrency Exchange Panel:
Shamir Karkal, CEO, Sila (moderator)
Nitin Shrivastava, Global Product Management , OKCoin
Sung Choi, VP Operations & Corporate Development, Coinme
Michael Dunworth, CEO, Wyre
Justin Seidl, CEO, Sequoir
Adam Shapiro: Other than me that has ever been foolish enough to sort of do this as a regulator directly, rather than sort of, sort of trying to help people navigate the system, is, let’s just have a level set on who the U S regulators are. And perhaps also, even before we get into that, Why do the U S regulators care about crypto?
Is this just because they like sticking their noses into things where they can, or they’re sort of really genuine public policy reasons why they do so, why don’t you take us on a tour of the regulators and whether in your highly opinionated excellent views, they have good reasons to care about this.
Daniel Gorfine: Sure. Sure. So let me start with like why they would care. so, you know, as a, as a basic explanation, the way that the, yeah, us financial regulatory system works, we focus on products and instruments and intermediaries. Those are the two lenses that a regulator will look through. Is this an instrument or an asset or something that my statute tells me I have to regulate.
And are you an intermediary that fits within my rule set as well? That I would have to regulate. So. In the context of crypto, you know, obviously there have been determinations made that crypto is a financial instrument. There’s different, there’s different iterations. And maybe it’s a different financial instrument in certain contexts, which I’ll talk about in a moment.
but, but given that kind of linchpin, then there’s the question of, well, who are the intermediaries and what rule sets are they subject to? But to, to quickly kind of level set out, I’ll walk through a true alphabet soup of regulators and to make it even more complicated, we’re going to talk about state and federal many of you know this.
So I’ll try to inject a little bit of what’s new here, but allow me to just set a baseline. one of my observations actually that I think is quite interesting is that people typically like to focus on federal regulators. And they’re really interested in what Washington is doing. The reality is as you can make a strong case that when it comes to crypto, Really a lot of the activity is state-based and people kind of gloss over that.
why do I say that? It’s because for the most part exchanges and other types of intermediaries are most commonly subject to state money, transmission laws, and requirements. So they have to register. I’m with a state regulator as a money transmitter. There are some States that have created bespoke regimes.
You know, you can think about the New York with the bit license framework where they’ve kind of tailored what would be a money transmission framework, but specifically in the crypto context. So most intermediaries and again, gross generalizations, but many exchanges and other actors. Well at the very least be subject to state money, transmission regulation.
Now, interestingly, there were also States that have either trust, you know, trust frameworks, or as we’ve just seen out of Wyoming, a special purpose, you know, banking vehicles. And these can also be state-based and these can, these can help entities or intermediary service custodians, or pursue other types of exchange like activity.
So that’s the state level. Now let’s talk quickly about the federal level. Of course, I’m going to start with the CFTC because I’m wildly biased. so, so the CFTC, there’s a lot, a lot of confusion on what the CFTC does and doesn’t regulate the CFTC as far as being an overseer or a supervisor of a space.
Regulates futures and derivatives markets. That means they can actually license exchanges and oversee that activity. so to the extent there are crypto based futures or derivative products that will bring it into the CFTC realm or jurisdiction. Now that is not the same thing though, as spot or cash markets, which as I just indicated, are largely regulated at the state level.
The only way that the CFTC gets involved in the, the spot or cash exchange of, of a commodity is with its backward looking, enforcement authority. So if there’s potential fraud or manipulation, the CFTC can bring an enforcement action in a spot market. I’m standing at Daniel. J just a pause on that because I think it’s important.
Can you give us an example of a way in which you can use a spot market to manipulate something that the CFTC does directly regulated in the futures or options market? Yeah. I mean, look, anything that’s going to work pact the pricing of a crypto. That is, that is, that is the basis for a futures or a derivatives product.
Could, you know, open up a potential enforcement action against players in the spot market. So if you’re doing things to manipulate the price of say Bitcoin, and that is going to have an impact on Bitcoin futures products, either directly or to an index, something that’s. If you have a price index, that’s tied to some of the underlying activity that certainly would be fraud and manipulation that could impact the derivatives market.
So, so that’s the way it would happen. You know, the reality is the CFTC is not a huge agency. So the idea that the CFTC single-handedly would serve as a policeman for the entire crypto market is, is, is misplaced. I mean, that, that wouldn’t be, you know, typically the way the CFTC would approach things and, you know, open question, how many.
Crypto commodities, the CFTC would seek to regulate to the extent or seek to bring an enforcement action. most likely they would focus on the commodities that directly link up to futures and derivatives products and not kind of expand that authority further. so. You know, quickly on the sec that know sec gets a lot of attention in this space and, and for good reason, but the sec only gets in there evolved.
If you either are offering something that the sec determines is a security or you’re properly trying to issue some kind of a security token. Now, obviously we had the ICO mania. A few years ago. So the sec brought a number of enforcement actions and said, Nope, those were unregistered public offerings. but that’s quieted down a fair amount since the telegram case and other kind of recent cases.
So interestingly enough, unless you’re trying to do something like an ETF or an STO and actual security token, you know, the sec is not going to be involved in a commodity market or in a cash market. So we’re, we’re most of the activities. If you look at like the market caps of a lot of crypto commodities, a lot of that action is taking place outside the purview of the sec.
I’ll be very quick with my last ones, you know, FinCEN which deals with, the bank secrecy act and anti money laundering regulations. so fin sends actively involved in the space. And then finally we have the banking regulators focus on the OCC for just a minute, because there’s been recent activity there.
Two ways that I’ll point out that the bank banking regulators can get involved. One, the OCC proposed payments charter, or at least discussed payments charter. You know, there’s a, there’s a world where the OCC could actually charter, exchanges and other types of intermediaries in a way that could preempt the States.
That’s received a lot of attention. And that politically is a very challenging issue cause it, it kind of it’s States versus federal. And then recently the OCC also put out guidance saying, well, wait a minute, our national banks can also be proper custodians of, of crypto assets. And so it’s interesting there is that you’ve got.
You know, state-based trusts, you now have this like Wyoming special purpose trust, a special purpose bank as well. And now you also have the potential for national banks to be serving a custodial function. So I’m sure that it was clear as day for everybody. but at least we’ve introduced some of the relevant regulatory actors.
Adam Shapiro: Yeah, let me just add one more that I’m going to ask Angela to talk about a little bit in a minute, which is, possibly sort of the biggest impact for a lot of the early stage people that the banking regulators have as an indirect one. If you’re going to connect to ACH or other payment systems, you go through a bank, that sort of makes you sort of subject to the third party, risk management guidance.
Bang. So anyone that’s ever had a whole series of annoying questions from a bank or sort of being told, I’m sorry, we can’t do business with you. That is effectively indirectly coming from the banking regulators. And so it’s kind of, I thought that was a great summary of the direct ones, but we’ll be talking a bit more about those and then, a bit more about the indirect ones.
I think, I mean, it’s kind of one of, I think almost the first part CSU that sort of came to the fore, in relation to cryptocurrencies was around anti money laundering. And so, it’s going to, this is, I’m sort of looking at this from a sort of policy. What do people care about and sort of, building on Daniel’s comments about that?
Angela Angelovska-Wilson: Eric, sort of what, this is something you’ve spent some time thinking about. what do you think are the key things to understand about the anti money laundering regime from the point a point of view of a crypto business, and perhaps in sort of going through that, you could distinguish a little bit between if you like the ABCs that anyone that works in financial services has to deal with and the, some of the sort of specific risks that can arise in parts of the cryptocurrency sector.
Eric Turner: Yeah, and I think this is becoming even more prevalent as we start to see the introduction of stable coins and you know, other Fiat backed tokens that are now trading on a really public blockchain networks. So something like the theory of it. where they’re mixing around with other tokens. And I think it’s interesting in crypto, specifically because, you know, Daniel kind of went through all of the regulators involved and I always tear people say that it’s confusing and there are gray areas and they don’t really know what’s going on, but I think it’s, it’s actually pretty clear.
Right. You know, I think you have some good guidance from FinCEN. I think the CFTC has always been pretty clear. The sec is dealing with the potential that almost anything to be a security. So I know it’s been a little more opaque. but when you think about crypto, I mean, you really realize that all of the regulation happens at the fridge.
It’s the Fiat on and off ramps where the regulation happens and where you need to worry about all of these things like KYC and AML. So. You know, coming from, you know, where I was previously at S and P and research and just general FinTech, I used to think it was hard to deal with those kinds of requirements for your, you know, simple FinTech payment companies.
But when you get into cryptocurrencies, it’s an entirely different world. And I think if you look at some of the best practices, you know, you can only do the KYC, AML. On the OnRamps, that’s really where it works, because if you think of the way that crypto networks are structured, you know, they’re structured by account addresses and it’s a lot more difficult to do true KYC, AML, where you’re actually getting, you know, an individual’s information that you can put into your system.
So I think when you look at best practice says, if you are running a crypto on on-ramp, you are running a crypto exchange. yeah, you need to really partner with. Strong partners that can do blockchain analytics. so there are plenty of providers out there that can ensure that you are abiding by, you know, the, the letter and the spirit of the law, by tracking cryptocurrency kind of transactions over the blockchain and what I’m talking about.
Yeah. Cause you know, when you, when you deal with a traditional. Banking or payments, kind of stack and the structure, you know, everything’s passing through regulated institutions for the most part. you know, you have all of these institutions, even no matter where you are in the world, that generally have some sort of KYC AML policy.
Whereas when you’re dealing with eating , you know, with the shark Fiat backs, tokens, you know, people anywhere in the world can access those. They just need to have an application on their phone. And they’re not necessarily going through that KYC, AML process. So, you know, if you have a payment coming from somewhere overseas to the U S you generally have a pretty good idea trail.
if you’re going through a traditional networks, whereas, you know, you could have something come in too. Or head out of your exchange in the U S and you really don’t know, you know, where that payment cup came from. so you’re going to rely on these third parties that actually do clustering analysis, and actually look on the blockchain to understand, you know, where are these, kind of hot spots.
This is coming from another crypto exchange. Is this coming from maybe a blacklisted wallet? it’s really, really important in this space that you. You know, you, you actually go above and beyond what I think a lot of the requirements are, because it’s, it’s just, it’s a global world. you know, everything’s interconnected.
And if you don’t do that, you do run the risk of kind of running a foul of some of these regulations.
Adam Shapiro: Yeah. I wonder whether one helpful frame here, Eric, to think about this is that it’s less a know your customer problem. If you’re a, some kind of financial institution working in crypto, you can know your own customers, but it’s really a know your counterparty problem and sort of, and it’s kind of, that’s where I think you’re exactly right.
That you really need to show your going over and beyond. the other thing. I don’t know whether you agree, people should think about is sort of being able to explain sort of the benefits, the, to the crypto world brings and shows that the challenges on AML we’re actually directly related to the benefits.
Yeah. That you can have a software wallet that this there’s sort of this ability to, take out intermediaries and let people control things themselves is what sort of brings the efficiency that will reduce cost and increase. Access as the technology develops and sort of being able to sort of frame things in those ways and then take the steps you’re talking about around the sort of the on chain analysis, to, do that seems, is really, is really, sort of, a really helpful thing.
I’m wondering if you could. Talk a little bit about the different levels of risk here. It’s kind of the crypto world often gets tarred with a brush that is sort of high risk. I’ve got a client that’s sort of launching a sort of square light crypto service, which is really a sort of. Buy sell, hold investment product.
nothing more complicated than that. And they’ve received some pushback from regulators, which is that of just said your crypto, your really high risk by definition. How dare you say that this is only moderate risk? it’s kind of, how should the people that are listening here think about working out sort of what level of, AML risk, their particular business model, runs.
What are the dimensions of that?
Eric Turner: Yeah, I think it really comes down to the types of assets you’re dealing with. So if I were trying to think of a framework of how you’re going to analyze risk, I’d say. At the lowest level, you have things that are actually backed by assets off chain. so if you look at some the, the stable coins, again, going back to those that are being issued, or some of the tokenized asset projects, you know, people that are tokenizing gold, there are other commodities, you know, those tend to be lower on the risk spectrum.
Just given that there is the ability to blacklist addresses. There is more oversight from the centralized entities. you know, even when they’re on a public chain, you know, you, you have actually seen this recently where, stable coordinators have blacklisted addresses based on, you know, some sort of, legal or government requests.
So, you know, those generally, tend to be lower risk, I would say. And then kind of in the middle you’ve have the more established cryptocurrencies. So you have the Bitcoins and the Ethereums of the world. you know, specifically, I think if you look at account based systems like Ethereum, it’s, it’s, it’s almost pretty easy for somebody.
Like I mentioned earlier, these analytics firms to understand what’s going on, on these ledgers and on these assets, those tend to be in the middle. And then I think the, the, the one that really, you know, Kind of is a big question for me is when you start to look at the privacy coins. So personally I think that, having privacy and financial transactions is huge.
It’s kind of like a core thing that anybody needs to have. If you look at cash or systems like that, you should understand that there is some privacy in your financial transactions. Now when you have something like a Z cash or a Minero, where there is no, you know, quote unquote audit trail through the accounts on the blockchain.
those tend to be higher risk, because there is, you know, they’re more opaque. So, you know, on one side you get the ability of having financial privacy. and then on the other side, it really, it, it is again, one of those above and beyond sayings. for service providers to ensure that they’re, you know, able to understand their customers and their counterparties.
I think it’s, you know, I actually think if you look at kind of the progress that’s being made around the world, and you know, some of the, You know, assets that are being listed even here in New York with the bit license and everything like that. I think regulators are getting more comfortable with the concept, but again, if you look at the progress that we’ve had for everyone getting comfortable with just Bitcoin and Ethereum, I think we’re a little bit further off from those higher risk privacy type assets.
Adam Shapiro: That’s great. Angela. so bank relationship, chip surf, being a vexing thing in this area from the start, they continue to remain a vexing thing. How can people actually sort of, what are the things that banks really care about to when they’re sort of providing payment systems access to crypto companies and how can people best, sort of, position themselves to be able to run that gauntlet and get good stable banking.
Angela Angelovska-Wilson: Yeah, thank you, Adam. So, as we, yeah, you know, my co panelists have, noted one of the most important things is, kind of in appeasing the regulators and the regulators ability to regulate is the wreckly related to the intermediaries, the people that they have jurisdiction over. And, you know, that really means the on and off.
Rams in grip towel. So one of the key elements, and it has been since the very beginning of the crypto is the ability to, you know, get on the highway and, you know, exchange your Fiat’s currency into your choice of a cryptocurrency and then being able to come out right. The exit. and it is at these two.
Points that the regulators really get involved because they are controlling and regulating the intermediaries. When I speak to, regulators, to financial institutions that are interested in, working with crypto, as well as crypto companies, one of the things that I always come down, it comes down to is the principles of why these regulations are in effect.
And we’ve gotten to know that, that one of the key elements that makes the regulators very nervous and a key, you know, interest is protecting the financial system. Those from money laundering, as well as from a security point of view. And so, you know, when banks are talking to crypto companies, I think the best in the easiest way to do so is to actually talk to them in their own language, meaning, be able to show them that you understand the regulatory burden sending positions that are placed on that and be prepared to know how you will address them.
When we talk about KYC programs, this is usually kind of the first entry point in a bank is, you know, they, the, your banking partner that is going to be giving you access to the, to the payments rails really wants to understand that they are not going to be, partaking in any. God forbid, terrorism, funding, corruption, illegal activities of any kind.
And so being able to come to them where they are well thought out plan that has, you know, kind of the elements that they’re looking for. In your KYC, your, you know, customer identification plan, right? Make sure that you have them understand what are the things that you will be collecting from your customers?
How will you be using verifying, you know, monitoring the transactions that are happening, and helping them really understand why the risks with respect to crypto. Are no different in my view than working with any other FinTech company or any other more traditional business. So be able to really know your stuff inside and out and be able to relate to them.
In a way that is meaningful for the things that they need to do. They have small compliance and legal departments they’re always seen as the cost centers. So anything you can do to really move the conversation forward, is going to go a long way. So, in practice that’s often going to involve, right.
Adam Shapiro: Having an AML policy and an AML risk assessment. And, it’s kind of your sort of, Open this up to the whole panel, perhaps. anyone that wants to jump in, but I’m sort of one thing there is that yes, you do. To show you understand what the requirements are, but you’ve also got to give them in that the roadmap for how you’re going to meet those requires because that for sure as eggs or eggs of the next time there.
Regular parent regulators come in that are going to be looking at the file on you and they’ll go, the bank is going to need to demonstrate that they’ve understood that, what you’re doing and that they’re overseeing it and that, the, the, it’s kind of the more you can give them on that up front, the easier it is.
it’s and any other tips anyone would like to throw in for sort of how you navigate that in practice?
Daniel Gorfine: You know, the only general comment I would provide there is that I always say, especially to earlier stage fintechs that you know, investing early in your compliance programs and policies and building that into the DNA of your business from the early stages. Pays just huge dividends down the road, because anybody who, you know, many, many start off by saying, we’re going completely disrupt and disintermediate.
And then you start discovering over time that, yeah, you’re kind of going to need to plug into some of the traditional infrastructure and you may need to work with a bank and you’re going to have to present something in front of a, of a regulator. So the more you, you actually invest, I think in that compliance function, the more of a competitive advantage that proves to be in the long run.
it’s very hard to go backwards and trying to fix things that have been kind of built maybe incorrectly from the, from the, from the start. so it’s a very general comment that I think applies to any FinTech vertical that I’ve ever seen. And I’ve certainly been in scenarios before. I worked at a FinTech company where we ended up partnering with a very large national bank and having the industry structure in place ahead of time, I think was one of the key differentiators.
so I just encouraged that as, as folks think about building their businesses and don’t view that aspect of the business as a sum cost or something that is just only a, something that generates red, red ink. Yeah. I think that’s a really, really good point. you know, when I think about legal compliance and regulatory, You know, in positions, I always think about how to build that into the actual product.
And there are often times, you know, especially those of us that advise others, you know, where we wish they came to us before they built something, because there are steps that can be taken. To minimize some of the regulatory burdens, as well as, you know, the potential classifications of a product. If you are able to talk through those with somebody who actually understands the regulatory space.
And so I think, you know, think of compliance. It’s not as after the fact, but think of it as actually part of your product team. So, go ahead, Eric.
Eric Turner: I just quickly want to add, because I think it’s important when we think about regulation and partnerships, Because when you talk about FinTech, it tends to be, you know, do you have the infrastructure to work with other banking partners?
The big thing in crypto that, you know, when you sit down and you think about your regulatory compliance process, one of the big considerations is how you actually run the infrastructure that interacts with a blockchain. So are you partnering with somebody who’s proven the ability to do this? Are you running things in house?
And if you are running your own tech stack, what are the backups that you have because you know, this stuff breaks, this stuff goes down. So if you are running things in house, you need to have redundancies, because you’re dealing with, you know, client money all across the blockchain. And it’s a little bit different than when you have bankers hours because it’s 24 seven, three 65.
Adam Shapiro: Yeah. And it, it, I think that’s really helpful with noting that sort of generally, if you’re sort of looking for a bank partner to get access to the traditional rails for those on ramps, the conversation will always start with AML, the moment that you say crypto, but, you should be prepared that.
Precisely that sort of information, business security, constantly, information security of business continuity set of questions is going to predictably come up at some point, how you handle customer complaints is going to come up, sort of how you’re handling, sort of any, sort of.
Raggy writes on, erroneous or, the rise transactions is going to come up. There’s a range of things and it’s kind of it’s AML is definitely the first one to plan for, but it’s a good idea not to sort of. Fall into the trap of thinking that AML is the only new thing here. It’s kind of that there are many other reasons such as the fact that a lot of these business models that are effectively sort of taking funds and storing them safely for customers that are really important public policy reasons that actually caused a lot of these regimes to be put in place even before AML became a big thing.
and sort of wondering whether, and I don’t know who would. Red light to take this, but I’m sort of, we’re about to segue fairly soon over into the, sort of the, the operator active and talking a little bit about fraud. when your sort of, when your bank partner is thinking about sort of payments risk management and what they’re going to need you to do, and, how are they going to operationalize it?
maybe we could just set that up a little bit. By talking about sort of, well, what are banks expectations around this? What all banks expecting you to monitor? How will they be sort of managing their own risks through you to protect them from sort of financial losses for fraud? Angela, maybe you might want to kick off a little bit on sort of what, what do you think banks would expect to see?
And then Eric and Daniel can jump in as they see fit to add.
Angela Angelovska-Wilson: Yeah. So, thank you, Adam. Of course. fraud is not just something that, fraud is not something that you do just because of your bank partner. It is something that you do in order to protect your business and obviously crypto, As, as every new thing, you know, we learned about the limits, the benefits of assistance by how it can be exploited, for, various purposes.
Some yeah, no good. Some bad. one of the things that is super important again, is to really understand the product that you’re putting in, into the space. And what are some of the, you know, Difficult points where you think people will try to exploited and I can guarantee you that whatever you are thinking of and you build those, you know, kinda Gates around that, those are not going to be the ones that they’re exploited.
It will be all the ones that you didn’t think about. So I always start kind of what I would call the funding, the mental principles on fraud, which are, you know, Monitoring, you know, look at, your product, look at the type of activities that it can enable and then look for what are, I would call them the normal flags in the, transact financial transaction systems, right.
spikes in activities. So, you know, if somebody has only been doing. You know, small transactions and there’s a huge, understand what are they due to? It doesn’t always mean that it’s something that is fraudulent. It just, you need to understand what’s going on in the overall market. Look for, you know, you know, monitor things that are happening in the space.
Like I was saying, media mentions, you know, different ways of, you know, Reddit, crypto, Twitter, whatever it is, you know, monitor some of those, activities to see where people are talking about or are, you know, new thing. Certain, Exploitation points maybe in your things. I mean, I can keep going, but I want, I’ll leave it to Danielle to tell us a little bit more too.
Daniel Gorfine: That’s the Ellis. And I, I think that everything you’ve said makes perfect sense. you know, maybe I’ll add a perspective from a, from a capital markets regulator. One thing that I think is so interesting about crypto. Is that we’re talking about this largely in terms of payments and money transmission, but as we all know the way that these markets have evolved, they look a lot like kind of traditional asset trading markets, capital markets.
And in that context, you know, we talked about at the outset, how it’s largely state regulated. You know, what, what, what could be missing down the road from some partner perspectives is do you have actual trade surveillance in place? You know, so when we start talking about spoofing and wash trading and certain types of fraudulent or deceptive trading practices that may not get captured in a lot of the, either regulation that currently governs the space or.
In a, in a specific exchange or firms, internal compliance systems. So thinking about adding a layer of trade surveillance, I think is critically important to the space. I mean, at the end of the day, those types of concerns have continued to drive in my opinion, why certain products don’t get approved. And in the sec, when it’s reviewed, ETF applications, as pointed to that lack of market and cross-market surveillance has a key deficit.
For the, for the entire sector and it’s a weird space. So because again, like, what are we talking about? Is this payment? Is it, is it a, is it an asset that’s trading as a security would? and we’re kind of in this, in between ground. So I think it’s really important as well, for those that do want it build kind of compliance as a competitive advantage to think about trade surveillance is another tool.
Adam Shapiro: Yeah, and Daniel, it’s kind of a couple of frames. So I think about that. I don’t know if you think are helpful here. One of which is the more wholesale and bigger, sort of trades you’re enabling, the more important that become. And the other of which is the more volatile the asset. So, the more important that becomes, it’s a lot harder to manipulate or well established stable coin, for example.
and so just th th th the particular crypto assets you’re dealing with matter here, right?
Daniel Gorfine: Yeah. Yup. Yeah, no, I think that, I think that is absolutely right. And actually. You know, to, to build on that you want stability and certainty around the asset in order for it to evolve as a payment mechanism. I mean, to be in an effective store value, medium of exchange and unit of account, you kind of have to solve for also a lot of things.
The, the, the volatility that you may otherwise see. So I do think that these actually go hand in hand a lot more than people realize.
Adam Shapiro: Yeah. So I just want to add a couple of things, specifics about things banks will look at and before she’s sort of handing over to Shamira, to go into some of the, sort of more practical, operational risk space things you need to do here.
one thing that you need to be aware of is sort of. For the networks you’re connecting through to the bank, what the network rules say. So banks are going to be very concerned for example, that if you’re connecting to way CA that you stay within, sort of the, return rate thresholds. And so it’s going to, they’re going to see that you want to, Matt can manage the returns effectively.
You’ve got a good process for that. you’re going to need to keep your unauthorized returns, under zero point. 5% or they have to start taking action against you. So just at a very basic level, you need to know what an unauthorized return is. And the reason code five is an unauthorized return and reason code six isn’t and that sort of thing.
on the card side, there are very specific rules about charge backs and, the banks care about that, but as Shamira and co I’m sure we’ll get into, That’s a really fast way. You can lose money if you don’t understand it because a lot of the dispute resolution processes are pretty, pretty, card holder centric in terms of their biases.
So there’s a whole series of, of operational things here that you are going to have to help your bank interpreters, the people that are on the hook to the network. And, it it’s worth understanding those at a high level. I do want to hand over to Shamir, but I do also want to give Eric one more chance to sort of have a quick, last word on a subject that we haven’t covered here, where I’m directly so far, which is the question of which if you’re a multi, crypto asset platform, how should you think about crypto listing and the risk factors in a new crypto, product.
Wha, what are some of the things that, sort of from either direct or indirect through bank regulation purposes, you should think about having in place?
Eric Turner: Yeah, I think when you think about listings, the, the regulator that really comes to mind is the STC for most of these, I think, you know, if you have a process in place and you’re looking at adding new listings, generally the best way to approach it is to have some sort of framework based on sec guidance.
Because I think one of the biggest risks is, you know, accidentally listing something that could be considered a security down the road. I think outside of that, you know, the best practices tend to be look at peers. so exchanges that have already listed things, things that have been publicly mentioned by regulators like Bitcoin and Ethereum, those tend to, you know, not run a foul of regulation as much.
and you know, really it’s interesting in this space and I just want to get back to something that Angela said, it’s a. You know, it’s not just looking at things that are happening on the blockchain or specific things on the network. You need to get a holistic understanding of these assets. And it’s such a new space that you need to have somebody that can really dig into.
It’s funny to say this Reddit and Twitter and telegram and get hub and forums, because of the people that are actually controlling these networks and building the things on them, you know, they could be just anonymous developers, it’s decentralized and they’re pushing this code. So, you know, that’s.
How we look at it in house. And I think that anybody that’s looking to list cryptocurrencies needs at least one person on their team that has enough of a deep understanding to do that. You know, again, it seems funny, but really important research to understand these risks. Yeah. And it goes beyond the sec issues and indeed the DFS have a coin listing and policy requirement in the bit license.
Adam Shapiro: there’s also just a fundamental. Keeping your customers happy. Let’s tear up an asset that turns out to have issues that you didn’t know about. And you’ve implicitly put it behind that. that’s a recipe for a whole Reddit new Reddit thread just directed at you. And that’s not the sort of thing you want to do.
I’m going to hand over to Shamir, here, Just as a last word, it’s kind of, one of the most vexed things here is what’s the regulated status you need to have yourself. we sort of didn’t try and dive into that because it’s so facts and circumstances, specific, my best advice for the people that are starting out is to try and get all the free advice from smart people with, sort of gray hair or no hair, or, That you can find in the area.
And I know the sort of, sort of them, all of, I, I know I do, and I know Angela and I know Daniel does too. We’re always happy to take half an hour with anyone. That’s trying to do something new to understand it, regardless of whether there’s any work there, there’s a lot of people that do want to give back like that in this space and just, yeah, it’s kind of.
It’s never too early to start asking you those questions. It’s a bit like the product design Angela made. It’s kind of, even if you know, you’re going to have to run some risk and not be able to go and get everything you get, know the risks that you’re running and know what your game plan is. it’s and there are no, so many people that have been through this that just use your networks and find, find the people that want to help you on this.
And with that Shamir, I’m going to mute and hand over to you to take us out of the realm of the, sort of, theory and policy and into the realm of the grim reality.
Shamir Karkal: Thank you so much, Adam. Wow. That was a, that was a fascinating panel. I have about five questions that I’d like to ask the previous panel. but before we do that, I think, I’d like to welcome, My panelists, sung. And then, I think you guys can unmute and share your video as well now. I think we’ve just started off like the previous panel dead, and of course, Justin as well, I take it, mr.
Stood there for a second. I’d like to start off like the previous panel today with a quick round of intros and then, dive into some of the questions that we had prepared, but I. Morning, you guys. I have a lot of questions for you guys coming out of the previous panel as well. So I’ll start off quickly with my, myself.
I’m the co founder and CEO of sealer, work with, Angela and Nick and Julianne and other good folks here. And we are an API and SDK platform for FinTech and crypto companies who are looking to program the money and, and build the future. I won’t rant on about all the other things we do that. You guys know where to find us for that.
and maybe we’ll start off by, with sung. Sam, tell us a little bit about yourself. Yeah.
Sung Woo Choi: I’m sung Choi. I had the operations and business development teams here at me. Columbia was founded in 2014 as the first licensed Bitcoin kiosk company in the us. we’ve since stopped operating our own kiosks and moved to a partnership model.
we work with Crip. We work the crypto enable existing physical financial infrastructure. We currently have the largest cash on ramp to digital currencies with nearly 5,000 locations in the U S and this is with the partnership with Coinstar. by next year, we’ll have about a half million locations around the world, cash on ramps and off ramps.
And this will be through some exciting partnerships that we will hope to announce in the next few months. That’s awesome. Justin.
Justin Seidl: my name is Justin Sidel, the founder and CEO of this acquire. We were formerly vert base and have since gone through a recent rebrand, at our core, our mission is to provide I’d users with a very easy on, right.
I am two cryptocurrencies and primarily in the U S and, and offering, as many parents as we can. to U S customers in a, a proper and safe manner, through which we use Stila to facilitate a lot of those transactions.
Nitin Shrivastava: Yeah. Hi guys. I’m , I’m actually a product lead of okay. Coin. I’m responsible for building the feet on an off ramp. for all the one 80 markets we serve globally, and, you know, trying to basically build AC for us market, figuring about how do you deal with fraud? how do you launch card payments, in all major markets?
Including us, which is very, a very difficult market in my mind when you think about it cards. So yeah, trying to work with all of them, challenging opportunities and trying to create a secure and safe environment for everyone, traders for traders who can, you know, can come and kind of a trade on.
Shamir Karkal: That’s awesome. And, and I think it gets, it’s an interesting mix of folks we have on the panel. Right. leaving aside Sila, which is an infrastructure company, but, you know, Son, you’re very much in the cash to, crypto conversion space, Justin, your US-based, and you know, you do a lot of crypto exchange trading and, and then, then my understanding is that you’re primarily, outside of the U S but now coming into the U S right.
so, but one common problem, I think like, that all of us have to struggle with and solve is just dealing with this issue of. Converting a traditional asset that’s that could be cash and it could be, you know, a dollars in a bank account, or it could be using cards and converting that into a crypto asset Bitcoin, a TDM, whatever it is, and offering that up to customers who want that crypto asset.
Right. So I’d love to understand kind of the real world challenges that you guys have faced in bending out the infrastructure for that. obviously the previous panel talked a lot about the regulatory space about issues that aren’t KYC. Hmm. No fraud compliance. but I’d love to hear like your more stories about like, and, and I loved the kind of the wall stories, but how do you actually do this?
How do you sung? How do you do it? Just how do you do it? And then how do you do it? And then I’d have more questions. but maybe we’ll start off with like, sung and, and, and, and kind of the, you know, super fascinating, business you have.
Sung Woo Choi: So we, our challenges used to be greater when we ran our own kiosk network.
Banking was brought up earlier, working with banks. it’s, it’s a hell of a lot easier now, but back in 2010, 17, at one point we actually call 200 banks to try to find a banking partner because the credit union that we worked with in the state of Washington could no longer accommodate our business model because we’re expanding outside of the state of Washington.
so you know, things are, life is a lot better now. So all the challenges that you’re hearing about now, it’s really, really nothing compared to what things used to be like in the space. but, but you know, it still is, quite a challenge. we’ve invested heavily in compliance from day one, as I mentioned earlier, we’re the very first licensed Bitcoin ATM company.
and I, you know, I’ve done some research around this and it seems like we’re likely to second company in the crypto space to get a money transmitter license, behind Coinbase it’s yeah, back in 2014, I think Coinbase was in the Missouri. If I remember correctly or Mississippi, one of the M States and, And we were with the state of Washington.
obviously our company grew much slower, but, but yeah, in any case, you know, getting licensing, staying in compliance, you know, all the MSB laws that FinCEN imposes it, it’s, it’s a massive investment and it’s something that we’re really glad that we made, you know, between all the different requirements that States put on, crypto companies it’s, and just money transmitters in general.
it’s a heavy burden. So we’ve gone out and found chief compliance officers that come from MoneyGram, Western union, banking, larger banking, institutions, but really helps help help us set up, to be able to fundraise and, you know, grow to where we are today. and all the systems that we’ve put we’ve put in place have really helped, mitigate some of the risks that the previous panel discussed earlier.
Justin Seidl: Ooh. Yeah, I think to kind of build up for what sung has said early on, where we experienced some of the biggest, issues and roadblocks and what took the longest amount of time was getting that compliance in place, because getting that compliance in place ultimately. Then opened up the door to just being able to talk to a bank, making sure that I, I knew what I was talking about and could handle, what I was bringing to the bank and having that confidence with them to continue operation.
it was a very challenging, Eight eight months for us to find a banking partner. When we first started in 2017, I think in the first two months we had our platform built and ready to go for version one, but couldn’t ultimately launch until we had, the compliance, the banking and the payment processing set up, that all kind of came together.
It came together in a, in a good, solid way that we built our foundation up for, kind of continuing our growth. But then we quickly realized are the follow that one of the, the more recent cool things that we were tasked with trying to overcome, with some of the restrictions that were put on us by our payment processing partners at the time, our banks at the time, having seven to 10 business days before an ACH would settle.
Just things like that, that they were doing acquired for us to operate. But then on the flip side, our users saw as a. As a, as a roadblock for themselves or a headache that they couldn’t quite get past, and then having to wait to, to settle those transactions for the users. I was very difficult. Totally.
Nitin Shrivastava: Niclin tell us your story. Yeah. So, I mean, okay, quiet, like you said, is, is, you know, is trying to basically penetrate and us. and it’s, it’s a fully compliant entity. we are like, everybody’s shared the story, very similar, trying to basically create a compliance infrastructure, going state by state procuring our licenses, not just in us, but also very, you know, aggressively entering Europe market, Singapore market and also international market Hong Kong being our.
A place where we operate internationally. having said that, you know, when we, when I think about the fear on-ramp and challenges, like we are basically, you know, ex you know, exchange right. User comes to us and they can pray bed, quantity them, and all the different cryptocurrencies. one of the things that, you know, we, we basically, early saw was how do you enable.
Products like wire transfers, which are pretty, you know, which has a less risk because once the transaction is being originated by the customer himself, the money hits that account and that’s easy to go. so then it has less, the risk for them from an election perspective. of course we are, we are always very bullish about enabling ACH for normal users, retailers.
And we launched that. I touch those. eventually the other, you know, low, I would say the low hanging fruit, in, in, in artist, on our side was looking at the in network products, products, which are, which works by seven, industry 65 days. Settlement is, you know, pretty much automated, and, you know, using those, those in network products, for example, Primex se and products.
That kind of created a very good ecosystem for, for getting, you know, the pro traders and, and traders who are market makers win their trust pretty early, and kind of create that, the kind of inflow of funds, of course with company KYC, everything that previous bank you mentioned, we do follow very sickly, and, and, and kind of, you know, build those, products, very early and kind of that enabled.
And easy access to bringing in USD and trying to buying a stable coin and then start creating if you want to be, if you’re a newbie or if you’re a pro trader, you’ll go for a, you know, different types of cryptocurrencies assets. And, and, and actually in the, in the whole journey, we started touching, you know, the most exciting payment products that everybody used for the purpose of doing a direct deposit, or you’re trying to pay a bill, which is basically the ACH, and, and you know, We saw the pain points about, you know, what the bank things, when, when they are trying to support an ACH payment and equally for a merchant on an exchange like us, you know, when we enable such payment products, it’s very critical.
Like, you know, how do you bring the compliance, the KYC. And also the active, you know, ability to manage fraud behaviors in order to get rid of the bad actors. So thinking, you know, taking a few steps back, thinking about, you know, how do you offer better experience to the consumers by giving them money instantly and letting them trade while you’re bringing the money from your bank partner, whether it takes three days or, you know, more than that, this kind of balancing act.
and we love, we had, we had seen our journey and, and we know. how important it is to feed on data or every consumer who interacts with your, with your platform, with your, you know, with your products and kind of. you know, managing these bad actors it’s as good actors, right? You really want no balance.
So we are pretty much in the journey and, you know, happy to share yeah. More data points. and I also want to mention something about card payments, because that’s something we are in a process of launching. And of course we don’t want to be, we are focusing more from a international market. Simply because we are trying to, take advantage of the ecosystem, that card payments offer, which is basically strong customer authentication to begin with us.
I think many of us know people, you know, usually can use your card and buy a product only, you know, you are going through strong customer authentication, but most of the market, especially Euro mandates customers, strongest smart indication. And we are pretty much starting from that journey and trying to see how we can, you know, enter those markets.
Managing our fraud thresholds managing our chargeback threshold because that’s, you know, you really want to be very, very mindful when you are actually entering those, those space. So start small and then see how the data and other products, how can you kind of, scale it. Scaling is going to be the biggest challenge, that we, you know, we, we know from the beginning and you know, how do you get the right product services?
How do you design data points around them? What kind of, you know, acknowledges do you need to be successful?
Shamir Karkal: So can you kind of pretty much focusing on all those challenges as we speak awesome that then, and you, you kind of hit on like five different things that I want to dive into in more detail.
so, I’m not sure we actually have the time in the, in, in this panel. but, let’s actually, pick up on one specific thing that I think is, is, you know, it’s kind of in the guideline of this panel and that’s a, KYC itself. Right. it’s, it’s, it’s not kind of built into the framework of crypto, right?
Like, in crypto itself, the fundamental nature of the networks is that the transactions that are happening between. Accounts, which are really our addresses, which are public private key pairs. but, the sort of the traditional financial system has always relied on intermediaries who get access to payment systems and that are requirements everything from like the bank secrecy act in the U S to like the Patriot act, which require KYC.
how are you guys actually dealing with KYC? and how have you seen that at Wald? over the last, you know, Four or five years. Right. Because I feel like it has changed massively. and I’m happy to share my experience itself from, you know, 10 years ago from simple to now. But I think maybe we’ll talk with Justin on that.
Justin Seidl: yeah. I, you know, we’re, we’ve been using a variety of different KYC partners and kind of just evolving with, who we use, how we use it. but the underlying, Kind of concept of what we’re doing is making sure that we’re collecting as much information as we need to make sure that if anybody does come to us requiring.
set information on a user or transaction. We are able to provide that, in the proper manner. we are using Cylo right now for the, the basic identity verification for our users. but then building on top of that, we also require users to provide document verification as well. we’ve kind of taken the stance that, with us requirements.
Just making sure that we cover the bases there. We also do business in Europe, making sure we kind of follow those same requirements, which are, which hold a pretty high standard, allows us to kind of operate in other countries that may not have those standards, but make sure that we’re covered in the event that something were to happen.
From a compliance or fraud perspective. So just really being conservative with our approach, making sure that, you know, while the user may not appreciate it, especially a lot of early crypto users that are concerned with privacy, just protecting ourselves so that we can continue to offer the services in the best manner has been our stance from the, from the very beginning.
Shamir Karkal: That’s a, and that’s a fascinating point as well, which is that, if you look. It’s almost like in the autonomous man. Okay. Sort of FinTech companies. and, and, you know, especially kind of the older ones, the chimes, the symbols, the concepts, you know, there’s a hundred of them. Right. they typically do the.
You know, the, the, the, maybe the, but that’s the minimum required on the regulator beside, from the KYC perspective. And most of them end up relying on a non documentary KYC. No. on the flip side, and once you’re in the crypto space, you frequently see that, there’s a lot of crypto companies do, do documentary KYC and require, you know, whatever it is, driver’s license, a passport, ID card of some sort, And from what you said, it sounds like that’s really being driven by, by the global reality that while in the U S you can do a non documentary KYC, in Europe.
And in other parts of the world, documentary KYC is the, is, is the standard. and, and just typing in your German ID number into a form field. Isn’t enough to, to kind of, you know, Just satisfy the gentleman drinking day, is that what’s driving, documentary KYC usage in the U S or is it, or does it have actual like fraud benefits or other benefits as well?
Justin Seidl: I think it, it definitely bolsters the benefit coming from fraud prevention and adding another layer to the security of the user and yourself and making sure that there isn’t ACH fraud with was account numbers. And then. Pretending to be who they say they are, but I think it also comes back to, you know, in 2017 when, we were, we’re trying to get established and trying to set up with the banks.
we were given that label of high risk and giving that label of high risk. We had to go out and do above and beyond just the minimal that was required of us to make sure that we could appeal, to the banks and, and their compliance departments.
Shamir Karkal: That’s a great point. I’d love to hear your perspective on it.
Sung Woo Choi: Yeah, yeah. we had, I go everything Justin saying, one additional factor we considered was the image of a Bitcoin kiosk. you know, in the press, there’s a lot of really negative news about scam activities, anonymous transactions and things of that nature. and we implemented a documentary KYC process, mostly to try to reverse that view.
So, whether you’re buying a dollar or $2,500, which is the limit for our kiosk on a daily basis, we, we, we required someone to present their photo idea, selfie, all those different things. and the second reason, you know, as we made these considerations, that we have to think about was, our, our users tend to be a bit older.
The average age is over 40, about two thirds of our users are actually over the age of 40 or less users, actually a hundred, three years old, which we’re really proud of. and, and these users tend to be less technical about two thirds, by our surveys having completed an undergraduate degree. So simplicity was a huge driving factor.
and we needed to make sure that KYC was simple. So, you know, on one hand we really wanted to drive, non documentary KYC to make it as straightforward as possible. but at the end of the day, you know, having that trust with the regulators, with the banking partners and, you know, be able to present that trusted image, I was really important to go with documentary KYC.
We just had to take a lot of time to find something that was simple enough for most users to be able to get through.
Shamir Karkal: Understood. and that’s a fascinating point that, you know, it’s the, the, the push is coming from the banking partners, and it might not be coming. Dedicated from the regulators, but rather from the banking partners who view the, the entire space as, as high risk.
Right. Which is, you know, I, I, I’d love to sort of like, ask the previous panel, on this topic because I’m like, when you look at the actual activities that are being done in crypto, they are in fact different from the FinTech space at all. Right? Like a lot of the experiences are very similar funds flows.
and, and, and so. Th the broad Bosque, broad brush classification of crypto as hiatus and FinTech, as, I don’t know, notice, I feel like it’s, it’s, you know, it’s, but that is how I think a lot of banks, behave, the, some just, on that kind of pulling on that thread of like non-AHC versus documentary KYC a little bit further, D especially for your customer base of older people, have you found that, you know, the.
The the, of the, that it seemed wisdom is that non-doctors always converts faster than documentary because you know, who has their passport. And a lot of people don’t actually have the driving license on them all the time. It’s a very different use case and a kiosk rather than sitting in front of your computer at home or wherever.
Right. w D D how do you think that non doc would convert a battery if you did a pure lock versus a documentary, and then also. Do you think your customer base, how comfortable are they with just putting an SSN into, an online form field, which is another big deal, right? Like there’s a lot of SSN, fraud, SSN hacks, and, again, in the FinTech space, it’s almost automatic.
Like you sign up for chime or whomever and then all ask for your SSN and, and they have millions of customers, I guess it works. But I’m not sure the, the, how well that plays out in crypto, where it could be a different customer, could be a different customer viewpoint as well. I don’t think a QME has a non average customer base for crypto, you know, like the, the less, the lower education levels, the higher, the higher age.
Sung Woo Choi: so, you know, we’re, we’re more, we’re unique case. Although I think we do capture kind of the, the masses a bit more, the less sophisticated crypto user. to answer your first question. I do think that if we’re able to do a non documentary solution, that it would make it a lot easier. a large bulk of our customer, customer call center.
They deal with older users that have a hard time getting through the KYC process. So, it’s, it’s a signal African amount of investment that we have to make in resources. And it’s probably, you know, a bit frustrating for our users as well. but, but I think the benefits here really outweigh. Yeah. Even, even from the earlier, use case that Justin mentioned of, you know, going international, that’s something that we’re actively working on today.
And as we think about, you know, Latin America and Southeast Asia, which are the two, jurisdictions that we’re going to expand to first, you know, in, in those areas, there’s just no way that we’re going to be able to do documentary. And from a development resource perspective, we just don’t have, you know, as a startup, as much, resources to be able to integrate into a different.
A solution for the U S versus, you know, Latin America. So, you know, I think there’s just a lot of considerations for picking one that works well. even if it does impose a bit more, you know, it’s a bit more taxing for our users to get through, but I think eventually, in the jurisdictions where we can do non documentary, you know, after we’re able to gain the trust of the regulators and the banks, where everyone is comfortable with our systems, that’s something that we could consider moving over to.
Shamir Karkal: Gotcha. So maybe Coventry is the starting point, just because of the high risk and, and sort of the it’s a one size fits all. At least as many things. That’s many, maybe not all right. globally. but the, the product evolution might be towards non-AHC that it’s possible. You have to understand that, I’d love your perspective on that as well.
KYC specifically in the U S non doc versus document. And then I want to just. Want you to slide from that into the next question, payment systems in the outside the U S what’s does the U S and, and specifically like, you know, access to, ACH, you might get on this briefly, like, expand on that in the U S but, and, and outside the U S and how, from a customer perspective, as at least, I feel like these things get tied together, but I’d like the customer.
Signing up, just wants to sign up and do their transaction, whatever they want to buy, whatever they want to sell, whatever they want to transfer, they just want to do it right. and I, they want it all to happen in the blink of an eye. and every piece of additional information that you request every delay in like linking an account or card transaction, it all slows down.
So how do you, you know, how do you do that for them first, the KYC piece, and then the transaction piece. Sure.
Nitin Shrivastava: So, you know, just, you know, just because my co panel kind of beautifully articulated and I kind of, hands angry on the approach. There is no single provider who can, do the non doc version.
So we all are trying to basically one size fits all, and that’s exactly what we do true. but you know, definitely keeping a big eye on if there is a country. if you go in, in Europe, there are certain markets, certain markets, who actually have. ID verification as a service. but they are like one market and it goes to, you know, the point, like how many integrations, what do you do?
You’re always short of resources. So, so it is, it is documentary for now. And, But we always keep an eye on such solutions, which we can actually bring on early and very, very interested in talking to those folks where we can actually digitize the KYC process of verification rights. And, and for us, it is obviously, you know, it is, like for any other exchanges, how do you, you know, sort of.
I’m big on the KYC process and then assign benefits and kind of drive the adoption or acquisition of the customer when they come to your website and, and, you know, it’s come for the first time. They’re trying to create an account. What is the basic information that you can collect? for example, in us, we do SSN, with your address and we do verify as in real time.
and that way, you know, you get your QIC level one, you know, level one basically gives you a very. A little bit benefit to make certain deposits and withdrawals, and a very low limit for the fit and the positive course. because we want to know you more before you, we increase your limits. So limits and KYC do play a very key role.
and once you have, of course use, jump your limit for, for the level one, then you go through level two level three, which is of course, collecting the document, doing selfie, where to find information and hence you are upgraded with the full picture. No. you know, that’s, that’s exactly how, how we are doing too, but you know, really trying to.
You wouldn’t challenge that NC can, can we digitize that? Can we get the, if you can get all the information in the pretty early, then maybe you can get the customer fully verified with all the digital information, which may come from a relevant, reliable resource, but we don’t have one per day. So based on the levels.
this is an interesting point of like actually having tiered access, and Enrico and limiting, linking the transaction limits to the KYC tier that you have crossed as a customer. That is, it doesn’t need to be one size fits all. In fact, that’s how a lot of like traditional financial institutions where most of these scattered also do it on a tiered basis as well.
Shamir Karkal: A question for you, do you link your tears? Only to KYC levels or also to customer aging, because I’ve seen this at simple before, man, you know, if you’re going to see a fraudster, they’re going to do all that fraud in their first 30 days, actually, usually that first day. Right. So do you that the Tina’s talk to me about the fraud picture of that as well.
Nitin Shrivastava: Yeah. So, so I, you know, in, in our case, when, when a customer comes to the first time they go through the KYC process, the level one, and, and, and we have, you know, we have defined, sort of, you know, what kind of leveling should be for different markets because in Europe, the, the regulation is slightly different, very stringent compared to us.
And so the, maybe we, you know, if you’re trying to basically buy a particular crypto right away, Then we may want you to go through all the KYC right away, even from one to three. And just because we want to know you very well, before we take you through a particular automated payment process. In the U S our, you know, there’s a slight difference in terms of how the leveling is done.
So we have structured leveling here. We do have in, in, in, in Europe, too, but depends on what product you’re trying to access for the first time. and so is, is, is, is, is a part that level one is, is allows you to have a minimum threshold. Which, what it means is, you know, if you are a brand new user, let’s say, I don’t know you are a fraudster or not, but if you come to our website, you go through KYC level one, you do have a limit, which you can use to, purchase, a crypto buy, either doing a wire transfer or using UCH.
and, and so basically. That’s cumulative again, you know, you may use a $2,000 in a matter of one transaction. You could use it in a matter of four or five transaction, like $5 each. and after the fact that your transaction is, your amount has been, is used up, you may start with deposit and then go and buy crypto.
And we are, we are right. You know, when you think about the fraud, we often see fraud pretty much first seven days of a, of an account sign up. And the fact that the customer is trying to, do a deposit using ACH because ACH, is, you know, for all practical purposes. you know, in us, it has been built for the, for the convenience of the consumer.
unlike card payments with the process of fraud, special charge back is very different. in case of us natural rules, I think they’re are made for consumers and consumers do get 60 days to sort of, You know, go and make a case for refund for unauthorized ex transactions. But in case of, like you said, you know, it does, we can see within a matter of three days, four days, if the customer is trying to do a transaction three days, we get the money in our account within third or four day, we will see, whether it is our zero one or, and not sufficient fund, whether it is art and , and that’s where the challenge lies.
so, you know, There we are peer actually, we constantly look at our KYC honestly, and also the, the kind of, you know, limits we have. And we do often change those too, because we don’t want to hit the 50% 0.5%, a natural limit for an unauthorized returns. Of course the overall return is pretty high, but you’ve got to manage your, you know, your threshold at the same time.
You know, maybe you can, you know, you have to switch in between the KYC levels too, but again, right now, this is the structure we have. but, but the most from you will see is when, when you enable a card payment, Which we don’t have yet, but ACH, of course. So we still see some interesting data every week and, and we quickly, you know, it trade on that because you can imagine they are going to check for the last 60 days.
And, you know, you got to get your numbers right in the right bucket. Otherwise, you know, it is, it’s very hard to manage the business and unfortunately, you know, crypto. as a, as a space is why I think it is just touching upon why FinTech companies, other FinTech companies versus crypto are basically take, you know, considered as high risk is also because of, you know, we are dealing in digital assets, digital money, and, and most of these digital money is, is, is available online.
You know, if you hack an account, you go to dark web, you steal somebody’s credential, and you go and create an account and you’re able to pull the funds. you know, you can actually, you’re doing a fraud activity. So I think, you know, having, being, we really need more data points before in, in, in the, when we design the products, for example, collecting device fingerprint, you know, really knowing the bells when the customer enters email ID, like was it used in, in, in, in dark web somewhere?
Or was it. Got another fraud activity, some final, intelligence. I’m actually touching on some of the questions that you pretty much have in your panel. but you know, kind of building on those because we are seeing this, this behavior and last a few, few months now we launched ACH like three months ago.
And so you can imagine we, you know, we pretty much see how the KYC limits are and yeah. And I, and I will commend you on it then. It’s not that many people who no, the difference between the, they are, the different sort of, ACH regional codes, off the top of their head. but I, I, going back to like, a song maybe, before we go to Justin, we only have a few minutes, a little hit on a lot of different times makes, in the fraud space.
Shamir Karkal: Right. Obviously came, I see. It makes a difference. it does help with fraud, but it doesn’t eliminate fraud by any stretch of the imagination. and you have everything from limits, slowing down transactions, imposing transaction limits to sort of maybe state of the artists. A device fingerprinting using consortium data to identify, fraud patterns.
tell us like, again, Simon, I think you are the, for me, at least kind of the most different one having like in person, sort of older customers, very different demographic. Tell us what, what do you see, on the fraud side of the spectrum in a few quick molest before we, probably we’ll wrap up with Justin.
Sung Woo Choi: So something we see scams, quite, quite frequently, as you may have heard about, you know, romance, scam, things ended abuse.
Shamir Karkal: Oh my God. Oh my God. I hadn’t taught them that. I remember seeing that it was so sad to see that whenever we didn’t into it, that simple, but of course in your demographic, it’s.
Sung Woo Choi: Yeah, and we break a lot of, a lot of hearts. so sometimes these are one to two year operations convinced the target that they’re in love that they’re engaged. No, oftentimes it’s from a Western African Africa countries like Nigeria, where they, you know, they really spend a lot of time. And to be perfectly honest, I think on many levels of the targets, pretty much understand that, you know, this isn’t a normal relationship that this likely a scam, but.
A lot of these people are actually paying for the company if you will. So after they gained their trust, AF you know, maybe a year or two years later, sometimes months, but yeah, they start asking for money to generally get out of dangerous situations that are conjured up. it’s, it’s really sad because every time we detect something, yeah.
Like this, we have to sit down with the customer, our customer support agents have to let these individuals know what’s going on. the easy solution here for us was to shut down if there ever any multiple logins from different countries, for the same account, we check device ID to make sure the wrong people aren’t accessing these accounts.
So for example, someone in the U S would buy a voucher, let’s say in Iowa, and all of a sudden we have a login from Nigeria. So then those are easy ones for us to shut down, ask the user to, you know, verify that that’s, this is their actual login behavior. And, and oftentimes, you know, this is when we get to start finding out, we apply the same thing for other types of scams as well.
when we were working on an app right now, so we have the app we’ll have to, we’ll be able to get more sophisticated. you know, to get really that geo location, thing down almost to a, an exact science, also, you know, we’re hoping to use machine learning to kind of be able to track that just behavior.
but yeah, it’s, it’s, it’s really sad. Some crazy stories come out of, of, of our customer support department. if we could write a book on it, I think it would do quite well. just the scams are so creative that. That these individuals are running, and they’re, they’re just, you know, deal. Elder abuse angle is, is a huge one for, I think, for our space anyway.
Shamir Karkal: Totally. And I hadn’t thought about that, but yes, yes. It’s a, there’s this bring back. This brings back memories of like, simple times, Justin, how do you find, you know, how have you dealt with fraud at work-based slash acquire now? and then I think we’ll have to run out of time and we’ll invite the other panelists back and starting some audience questions.
Justin Seidl: Yeah, I think, the, the main thing is going back to kind of what we’ve all been saying at the very beginning is just collecting data upfront. And there’s a as much information on the user as possible to not only protect ourselves, but protect them as well. just the way as, as some kind of has, has.
You mentioned that these people are very creative. they’ve been through a lot of systems that are trying to prevent them from committing fraud. So, they try it various different ways and AB test different ways to, push a button transaction through and, and get, you know, these digital assets that we cannot get back from them once they’re sent, A lot of, kind of what we do besides bringing in that data is actually tiering, much to what you were saying, prior and the conversations that you and I have had Shamir.
Is really just kind of putting someone to sound you upfront, making sure that, you know, if they are fraudulent, if they do get through all of our processes, the damage will be quite minimal instead of catastrophic. if they are committing a fraudulent transaction, they’re going to do as much as they possibly can at the very first go and go as quickly as they possibly can.
so tiering them right away at a smaller level. Really kind of Mike curve, their attempts as it won’t be as efficient for them to, carry out that fraud. And if we do catch that fraud or that activity and get a back, that damage isn’t as severe as if maybe having a 10, $15,000 limit upfront. Yeah.
So really being a creative and how you onboard these users and structure the way that they can. begin transacting is a great way to mitigate a lot of that risk. We’ve seen a dramatic improvement in some of the fraudulent activity that we’ve seen just by implementing a lot of these processes that we’ve built up over time through, through working with you guys and, and some other experiences that we’ve handled.
and then from there, once the user ages, you can actually see kind of their patterns, what they’re trying to. do on a, on a weekly or monthly basis and geared their limits towards their patterns and the trust that we’ve instilled in them and what they’ve instilled in us. Totally. well, I mean, I think I wanted to keep talking to you guys for like probably another scholar.
and then during any dive into like the nuances of this, but I think the one about, as far as, as we can on today’s panel, sung. Justin, Nathan, thank you so much for joining and being so open with your, with your knowledge and, and, and answering questions. The other thing with that, I think this part of the book analyser officially over, but all of you stay here because we have audience questions coming up.
I’d hand it back to Julia and to kind of moderate that.
Julianne Brands: Great. Thanks everyone. And thanks for your great comments. I’m on the panel today. Let’s dive into some audience questions from the Q and a. I love the active chat throughout the conversation today. let’s start with the first one that I see here from Liam.
this is for you, Justin. talk a little bit about kind of your Mt. If you have any licenses like MTLS, and if Sila does the Fiat and OnRamp processing, how does this impact your risk assessment in AML program?
Justin Seidl: yes, we don’t have any, MTLS currently, so we don’t operate in all 50 States. we’re utilizing our, our partnership with Sila to kind of further bolster, the way that we operate in the sense that, Solas working with their banking partner, and us to help facilitate that money transfer, you know, kind of allowing us to mitigate.
Or not having to have a money transmitter license at this time.
Julianne Brands: fantastic. moving on, we have another question from an anonymous attendee and maybe this one I’ll direct it to Angela and then folks can, folks can add on as needed. What’s the minimum and recommended, paid up capital for us FinTech startup, providing ACH services without any crypto component. thank you.
Angela Angelovska-Wilson: Wow. I don’t know that I can pull it off the top of my head. Adam might have an answer. I would just, I was halfway through typing an answer here, which I think was just a consultant rephrasing of Angela’s. I don’t know which is that it depends. And I think there are two things that you need to think about here.
Adam Shapiro: One of which is. Does your business need to be directly regulated by a regulator because almost every regime comes with some kind of capital requirement of sort of positive, funds that you have to hold in the regulated entity. Now, there are plenty that either don’t require a regulator or you partner with a bank or through someone like sealer, who partners with a bank.
and so you don’t need the regulatory permission. And then what you’re probably talking about is, The underlying bank will have an ineffectual put some kind of reserve requirement on you, for ACH pool transactions. and also if you’re doing them card transactions and that’s normally calculated as a percentage of actual or projected payments volume.
Shamir Karkal: And, and in fact, it’s even now, I mean the design requirements at a, on a big tank and some banks don’t really calculate and it can be quite onerous. there’s also typically a liability insurance requirements. that can be like minimum capital. Like you need, you need to have so much money raised as a startup before many of the banks would even talk to you.
so it can be onerous, but others as well. Adam and Angela said it very much depends on what you’re doing and the path you take to do that. Right. and so it’s, it never hurts to get some good advice. before diving down a particular path, I will share one other piece of advice in that. Do not provide your revenue growth from your investors, that to your bank, day, you may not like the results.
Yeah. If they look at that and say, Hey, you’re going to put your reserve requirements based on your projected growth over the next 24 months. That’s that can be even more painful. Great. there’s some interesting conversation that happened in the chat that I’d love to bubble up here. what would it take to create kind of a crypto focused regulatory agency here in the U S what are the pros and cons of that?
Julianne Brands: What can we look to as a, best practice in other industries of how they’ve implemented this? Daniel. I’m going to pass this to you for your first take on this. As you touched briefly on this topic, I did, you know, I want to do, I could see you twitching. I just, yeah. Well, I’m going to start answering that question.
Daniel Gorfine: So I’m a recently there has been some debate about federal versus state, and I kinda mentioned that at the outset, and I’m going to argue here that first of all, it’s not a zero sum game. You can have both. And we do that with the banking system. We have a dual banking system where you can be a state charter bank and you have certain passporting rights into other States, or you can be a nationally chartered.
I think the same thing needs to evolve for FinTech more broadly. And certainly you could apply to the crypto space as well, which you’d ideally like to see is a more coherent. you know, rationalize state based system, there have been moves in that direction. CSBs just announced the other day, I should have mentioned at the outset as well that they’re going to be doing a, a singular exam, with multiple States participating in a singular exam of a company that may be helpful.
I mean eyes wide open. That also means you’re going to have, you know, more cooks in the kitchen and potentially that could be a more onerous, a singular exam. but thinking about how States can passport certain requirements, that’s kind of the next level is would there be reciprocity or passporting of certain licenses and, and quite frankly, I think that would be a good thing for the States to continue to pursue.
Now, part of the reason that may happen is because there’s a pressure on the federal side, and I think that’s kind of the beauty of it. A dual system. part of the reason you’re seeing CSPs in the States move is because there has been activity on the federal side. The OCC has pushed the issue with FinTech charters, with, payments, charter talk.
All of this means that you might create a more rationalized federal framework as well. Now, the reality is all of you who have gone through this process know that there are trade offs, there’s pros and cons to different regimes. There are certain costs you’re going to incur. By choosing a certain approach, but there’s gonna be certain things and privileges.
You’re going to avail yourself of, if you do go down that path. so. To answer the question. I think that we’re more likely to see, you know, increased harmonization at the state level. You’re going to see federal options, hopefully develop as well. They’ll all be subject to challenge. I don’t know that you can create a new singular regulator because of what I said at the outset too, which is.
Tokenization is a technology. You can tokenize any financial instrument or asset. So just by virtue of tokenizing, it, it could still be a security. In which case the sec is going to regulate it. It could be a derivative or a swap in which case the CFTC is going to regulate it. So I don’t see how you would solve for that.
I don’t think you can create a new entity and just squeeze everything in there. Cause that would completely upend our entire regulatory system. The last thing I will say is that. Yeah, I do believe there could be space for more of a market type oversight of certain crypto trading activity. And I said that at the outset as well, because a lot of this does look like traditional trading activity, right.
Not so sure that the current, you know, MTL only approach like really makes the most sense. I think. The proper trade surveillance and oversight can add credibility and integrity to the industry and probably drive even more mainstream adoption. Awesome. Adam would love to hear your perspective on this as well.
Adam Shapiro: Yeah, so, it’s I, I agree with Daniel. I mean, I think if we look. Back at the sort of development of internet finance. I don’t think anyone would look back and say, what we really needed in the 1990s was an internet financial services regulator. It’s M and M. So I’m not sure why we need a crypto regulator now.
I also think that we’d have to be realistic that the existing regulators would still have a say in it it’s kind of bank regulators would still subject banks to third party risk management requirements and banks would have to pass those on to, sort of their customers that are accessing payments rails through them.
So it wouldn’t solve for a lot of these problems, I think. Yeah. and. Then, I guess the final third thing is, has anyone noticed how hard it is to get anything done in Washington these days? So I think when he put all of that together, it’s sort of, really, yeah, the, the thing we should be doing is putting pressure on the existing regulators to act intelligently about it.
And it’s kind of, the CFTC is actually an excellent example of showing that that could be done. That was 99.9% Daniel, but there might’ve been a few other people involved as well around, The edge is enlightened. Leadership can do this within the existing structure. You’ve got Brian Brooks, at the OCC I’m actually working.
I’m super excited about this on a national bank application for a crypto currency company that we’re planning to submit, in the next year. six weeks, if you, I think told any of us that were around in this area in 2013, that that would be happening in 2020. we’d have sort of like gone and, sort of, checked your temperature and I’m saying, so you can change the listing system.
That’s the right way to go. And we shouldn’t let up pressure by sort of making sort of, proposals about sort of options that are probably not going to happen anyway.
Julianne Brands: Hmm. I would love to hear a few of the operator’s perspective on this topic. Does your life get easier or harder? If you have a regulatory agency you’re answering to Shamira since I interrupted you last time, I’ll let you go.
And then maybe Justin, our son.
Shamir Karkal: Oh, I’m actually, I want to ask more questions of Neil and etiquette Angeles has struck me and I’ve always, you know, my. That kind of the first level was much more banking and FinTech then, and then no, but, not that didn’t Lauren did it. and, and, and that’s still, we are in the process of applying for an unbroken dealer license and then they probably really be a broker dealer pretty soon here.
what struck me as I went out and I passed the city of salmon and six decree and other exams and inventor, the whole process was, It made so much more sense in a way, right? Like with the securities regulation, as opposed to banking, you have a self regulatory organization and fender far from perfect.
Let me state that first off, but still does a decent job. I’d say, compared to any other regulator you look at in the space, you have the sec and the CFTC Mitch, I think, They had that issues too, but, you know, they’re, they’re trying, and I think they’ve gotten a lot better. and then you have all the state regulators, but you plan make one application.
For what a broker dealer license it’s primarily managed through FINRA sec has a website of the process. You registered with the and you can in a six to 12 month process, get 50 States registration and the broker dealer license. when you look at it from the MPL perspective and you’re like, 48 States, maybe CSBs has, can cover 10 now through one application.
and that doesn’t even get you anything at the federal level. it doesn’t, you know, because that’s still, it means that you’re normally to the fed OCC on the mic. So is that a way for us to. And all of this whole space, I’d say FinTech and crypto and something more like the sec FINRA, NSAA broker dealer process, rather than the current, which some people are coming in from outside.
It does seem fairly messy.
Julianne Brands: sound you’re Justin or Eric May be some kind of more, operational perspective on whether or not a agency would be better or worse for you.
Justin Seidl: Yeah. I mean, I think from our standpoint, just having a little more clear direction on, on where we operate. it’s, there’s a lot of gray areas which can help us to get started, but we also don’t want to sit in a gray area and, and be caught off guard for the future of our business.
Especially if, we’re a startup trying to talk to investors or. Kind of progress our business models. Having that uncertainty is, is a lot of risk for the business itself, outside of just compliance and fraud. so having, having a little more concrete details on an, in a space that we can operate in and where to go next would be great.
I think also from a standpoint, specifically in the U S something that cryptography and blockchain technology can really Excel at is if, you know, like a department like the us postal service handling passports and documentation, if there’s some sort of digital documentation that can be, encrypted and, and layered in a sense that, that can be shared.
To these companies in a manner that is save for both parties and give us KYC from that standpoint, then, you know, providing a social security number that can easily be passed across the internet and the dark web and utilized. there’s a lot of things that can be handled there that across the board would help us with the KYC, the anti money laundering, and really provide a better service for everybody.
Sung Woo Choi: from my perspective, I’m a bit fearful of a federal regulator. strictly for the reason that they may impose rules and regulations that, might be, very onerous for a startup. I mean, and right now the, the current, you know, 48 States plus three or four, districts in jurisdictions, it’s, it’s a very high burden.
including the exams, the audits, financial technical audits, bonding requirements. I mean, it’s for a startup it’s, it’s almost impossible. we purely went out and raised money so that we could actually meet some of these requirements and so that we could get licensed across, across the country.
but then I could see a federal regulator coming in and looking at these things and saying, well, those are good. let’s, let’s beef up the requirements so that, everyone’s money is very, very safe. Well that also stifles innovation. So the current framework kind of works. you know, if they can take into account, startups and innovation, I think it’d be okay.
But again, I’m, I’m a bit afraid of what actually might come to pass.
Daniel Gorfine: Yeah. So, so that’s what I mean. Look, I think that that’s why the dual system can work quite well. As many people will often say, wouldn’t it be better if we had a single regulator? And it’s like, yes, that would be great if it’s a very benign single regulator, but when you put all your eggs in one basket, you’re absolutely right.
You may end up with incredibly onerous requirements and then you don’t have other options, which is why I’m a big proponent of. Both state-based and federal systems, Shamir to come back to your, your points as well. I mean, one of the things you’re pointing out is the difference between having to register with many verse one and that’s totally fair.
I mean, the idea of having either a single application, you know, multi-state examinations passport and reciprocity would be another. You know, regulatory approach that could get you there. We’re not there yet for sure. the fact that, you know, the European countries can recognize each other’s laws, but we can’t get us States to recognize each other’s laws.
It’s kind of nuts when you think about it that way. so maybe we, maybe we eventually get there. The only other observation too, is you did say, you know, broker dealer versus bank. I mean, so then we’re talking about capital markets, regulation, verse banking, regulation, and, you know, overall the privilege of being a bank comes with extremely heavy.
Requirements. and that’s just the virtue of how the banking systems developed in banking regulation. Capital markets tend to be, and this is a gross exaggeration, but the system’s predicated more on disclosure and allowing individuals to make informed decisions from an investment perspective. As compared to like basic banking services where we build in a lot greater protections, of course the safety and soundness of a broker dealer is still has to be incredibly high.
So I’m not trying to minimize the requirements, but it’s just a very different regime. I think what you’re flagging too, though, is how bizarre this crypto world space is, where you can kind of fit someone into these capital markets regimes, but also into banking regimes. And it’s foldering those lines makes it a little bit more confusing.
Julianne Brands: Totally. Great. I want to try to touch on one more question before we have to end here. so given the recent discussions around CBD CS, what are the downstream effects on fraud prevention for banks of different sizes as well as FinTech? There’s a number of everybody answer this question on the panel.
so maybe I’ll pass it to Angela though. She might be frozen.
Angela Angelovska-Wilson: Oh, yeah, I did. can you hear me? Okay. Okay, thank you. Sorry. I guess the joys of technology, right? so I mean, I, I’m actually a pretty big fan of CBDC, and do think that it will alleviate a lot of issues. and one of them will be, make a lot of, very powerful use cases and it will also allow us to, do a lot more on the fraud.
That being said, I still do have a lot of concerns about privacy and how the CBDC is structured. when it comes to. Some of the tenants that we with talking about earlier about, you know, ability to engage in financial transactions are private. and you know, we have different definitions of how people think about privacy, but I think guys CBDC is going to be extremely helpful when it comes to.
fraud. but that needs to be taken together in the context of the privacy, or loss of privacy that we might have. I know Danielle is going to have a lot more to say on this. I, I thought that was all very well said.
Daniel Gorfine: I mean, the only things I would, yeah, I would add that, you know, a separate question from CBDC is just digital identity.
I mean, so no matter what type of, of, of internet enabled system you’re using, if we can move forward with digital identity identity policies that can give us confidence in onboarding individuals, that would go a very long way. So I almost view like digital identity is. Basic infrastructure that we’re going to need going forward.
you know, when it comes to CBDC, the reality is on ramps are likely still going to require, you know, AML KYC. And I think that’s the right way to do it. I think that, you know, fintechs and banks should both be able to onboard individuals into a CBDC ecosystem and they would be performing, you know, some of that, KYC and AML checks at the front end.
Yeah, look reality is, is when it comes to anything blockchain related, or even if it’s DLT inspired there’s records of transactions. So while there’s still gonna be a lot of risk involved and fraud could be a problem. you know, I, I always, I always like to compare it to the status quo or the baseline, which is like, Cash.
Right. So if we’re comparing to cash, there seems to be greater transparency when you’re talking about a CBDC type system. And again, there are a lot of variants of that, but, I’ll, I’ll leave it there. Just make a point. As we develop our thinking, which is the CBD sees system that only banks can connect to directly looks very different than a CBDC system that is more open access either to all financial institutions or to people and companies directly.
And yeah. That policy choice is going to be incredibly important in sort of how the costs and benefits play out in the real world.
Shamir Karkal: And can I go ahead and could we get many of the benefits of CBDC by just opening up the, the traditional financial system in terms of like Fedwire access or ACA taxes? to do more participants, beyond just banks with fed master account. So I don’t go ahead. Sorry. Julian. Daniel.
Daniel Gorfine: Okay. okay. So, so as I say, I don’t think that these are mutually exclusive.
I mean, so, so, you know, when we talk about CBDC, you’re talking about tokenizing, the actual dollar in creating a bearer instrument, you know, that’s akin to physical cash. so you can run a tokenized asset through any type of rails system you’d like, that can be faster payment rails. That can be new sets of rails.
so, so I don’t think that those. Forms of innovation are mutually exclusive. I think in fact, they might be reinforcing, but the major distinction is that with tokenization can move away from like an account space system where there’s a central intermediary, that’s managing a ledger to something that allows a digital bearer instrument to flow and then many design choices around that.
But I think that’s the fundamental innovation.
Julianne Brands: Fantastic. And like, think with that, I just want to remind everyone on the panel and everyone in the audience that a huge thank you to Massari our co sponsor for this event. And you do get a discount code to these products. So use the code SSila money for 20% off of your first year of Massari pro. And before we wrap Eric, anything else that you’d like to say about Massari and, and what you all are working on?
I just think the follow up, you know, based on the conversation we had today, you know, feel. Free to contact me if you’re thinking about how you approach compliance and really, you know, want to understand the various networks that you have, are you using, so I’ll get back again for the third time. What Angela said, it is hard to be involved in all of these conversations in.
Reddit telegram get hub wherever they may be. We have a growing research team that covers all of these things for you. And we have a product where we give you the summaries and the action items. So, I am Eric E R I C it and sorry, dot IO, and feel free to contact me if you, want to do a demo or they gonna anything deeper.
Awesome. Any burning last thoughts from the panel before we wrap and let folks get back to their day. Very cool with that. Thank you to everyone who showed up today. Thank you to our panelists. And if you have any questions at all, feel free to ping our team teams at Sila or Massari and enjoy the rest of your day.
Thank you guys. Bye.