Login
Contact Sales
Login
CONTACT SALES
New University Research: The Compliance Trilemma

New University Research: The Compliance Trilemma

by | Nov 19, 2018 | Blog, Crypto, iComply Insights, Prefacto, Press Releases, Web3

A research team from the University of British Columbia (UBC) conducted more than 45 interviews and dozens of observations from industry experts to explore the past, present, and expectations for the future of token issuers from diverse perspectives.

iComply Investor Services commissioned a study to better understand the challenges that token issuers face to meet the regulatory standards for issuing and tracking digital assets. Currently, these projects face significant barriers that result in trade-offs that hinder the true potential of blockchain managed assets. The research collaboration was supported by Mitacs’s Accelerate Program.

The Findings:

The use of blockchain technology allows token issuers to efficiently gain access to global customers, partners, and capital.

Key Challenge: The burden of the cost of regulation

Challenges broadly stem from the cost of complying with regulation. In 2017 there was significant ambiguity surrounding whether and how digital assets were regulated, and many issuers neglected this dimension altogether. While a large number of issuers were well-intentioned, others could not resist exploiting the prospect of unlimited access to global investors. Early offerings could often raise more with savvy marketing than a well-reasoned project plan, and a large number of early token offerings were little more than Ponzi schemes. Today, regulatory clarity and enforcement are essential if tokenized securities are to become a safe and legitimate fundraising mechanism.

The study found that issuers currently face a compliance trilemma, whereby they can realize only two of the following three goals in their token offerings:

  • Cost-effectiveness
  • Widely distributed investors
  • Regulatory compliance

While we focus here on ICOs, the compliance trilemma also holds more generally for other decentralized finance practices involving cryptoassets including ICOs, STOs, TGEs, and IEOs.

To date, issuers have adopted various approaches to address the trilemma:

  • Sacrificing compliance by directly defying regulators and hoping to fly under the radar
  • sacrificing the scope of investment by restricting token sales to a limited group of investors
  • Compromising on all three dimensions in a hybrid approach
  • Forgoing a token offering entirely until this becomes more cost-effective

However, each of these current approaches is sub-optimal, and a solution is needed to the compliance trilemma.

The study also explored how industry experts expected the compliance trilemma to be resolved and found that the majority tended to advocate new regulatory rules and definitions that could relax what they see as the “burden” of compliance on issuers. Such an approach places the onus squarely on regulators, who would need to coordinate within and across jurisdictions to reach a coherent regulatory framework that appeases the challenges and costs of compliance for issuers. However, we argue that holding regulators solely accountable for the compliance trilemma is incomplete and misguided, and that other approaches are needed to reduce the costs and uncertainties of regulatory compliance.

 

Read the research by downloading the report here

 

About iComply Investor Services Inc.
iComply Investor Services Inc. (iComply) is an award-winning software company focused on reducing regulatory friction in the capital markets. With powerful data, verification, tokenization solutions, iComply helps companies overcome the cost and complexity of multi-jurisdictional compliance to effectively access new markets. Learn more: iComplyIS.com

The Future of Fungibility

The Future of Fungibility

by | Oct 30, 2018 | iComply Insights

“Due to the precision of software and mathematics, cryptocurrencies are some of the most fungible assets in the world.” – World Crypto Index

A dollar is a dollar is a dollar
In today’s world of digital currencies, attention has been heavily placed on security tokens because they are subject to regulation and typically tied to assets with real-life value (real estate, companies etc.). These tokens appeal to investors because real-life assets provide a means to measure the actual value of the tokens, making their value more tangible and potentially more akin to fiat currencies. Ironically, fiat money was once itself backed by gold  – the gold standard meant that banks accepted these notes for gold; however, in 1971 this was terminated and money was no longer backed by anything of real value. When you consider this reality – there may actually be some merit in applying value to tokens over fiat currencies.  

Security Token Offerings
Interest in security tokens has grown significantly, and governments such as the Gibraltar government, are seeking an extension to its license so that it may provide a security token exchange on its servers – which would be centralized. While this initially sounds like progress – this walled garden approach is founded on flawed thinking. The appeal of the crypto market for many is that it is decentralized and is based on peer-to-peer (P2P) networks without intermediaries. Reliance on the Gibralter government or any other government undermines this philosophy.

P2P networks maintain the fungibility of cryptocurrencies because and there is no threat to the value of these assets being reduced arbitrarily in an open, decentralized market. Conversely, centralized exchanges have been known to selectively reduce the value of particular tokens at their discretion,  for example – when a token is of unknown origin the exchange may elect to reduce its value. In the world of fiat currencies, a dollar is a dollar is a dollar…and, currency values should not be reduced – but rather, compliance procedures should be actively implemented.

Centralization Doesn’t Equal Security
Centralization typically means points of weakness regarding security, stability, and a fair market. Most banks operate using a centralized database. It only takes one qualified hacker to code their way through the system and access the information needed to rob people of their life-savings. We also don’t know how “fit” the individual verifying values and transactions really is. The combination of cryptography and “sharing the burden” with a P2P network allows decentralized mediums like blockchain to enforce a secure value transfer.

Programmatic Compliance
There are many ways to enable compliant secondary trading without centralization. A viable alternative to the walled garden approach is embedding compliance into a token during token issuance. By using an accredited issuance platform, regulatory requirements are applied at the token level and this approach does not limit trading to one or few centralized exchanges but instead propagates trading across many decentralized exchanges.

Decentralization Protects More Than Just the Value of Your Tokens
In the early days of the world-wide-web desktop computers communicated directly to servers and other desktop computers. However, with the proliferation of digital giants like Facebook, personal information has become increasingly stored in centralized data banks by third-parties which have resulted in major data breaches such as the Cambridge Analytica scandal, in which Facebook profiles were harvested for the purpose of steering the 2016 political election. Decentralization means that these breaches can be more easily avoided.

Increased security and the ability to trade in larger and more liquid environments all make decentralization increasingly appealing. By removing third-parties the blockchain becomes a trusted ledger where all assets are equal – and wasn’t this the point?

Challenges of Decentralization
From a legal and financial perspective, aspects of decentralization do not come without challenges. For instance, global peer to peer indexing allows anyone to post a buy or sell order, against market rates, using a smart contract to fulfill the order, rather than an exchange. Compliance practices such as KYC and AML, as well as due diligence checks, are necessary to ensure the integrity of the blockchain ledger as a trusted record of trades – especially when the token is determined to be a security.

If compliance is embedded at the token level and value is assigned correctly to each token then trade in-between tokens and value systems offer fungibility in its optimal form. Security tokens and decentralization bring improvements to traditional financial products by removing the middleman from investment transactions. This removal has a ripple effect leading to lower fees, faster deal execution, free market exposure, a larger potential investor base, automated service functions and so on.

A New Source of Truth
The world is changing, decentralization and tokenization are no longer foreign concepts. The traditional and decentralized economies are becoming more integrated, and the preservation of asset-fungibility on peer-to-peer networks is successfully occurring without intermediaries.

Once an asset is tokenized using blockchain it can trade much more efficiently, but this does not eliminate the need for compliance. This means a shift in the status quo and regulations for both traditional and decentralized finance.

About Prefacto
Prefacto is a token compliance tool offering free audited smart contracts, global best-in-class KYC/AML for over 160 countries, source of funds reports to help issuers open bank accounts after completing a crowdsale, and programmatic secondary trade management. Register now: https://platform.prefacto.net/Account/Register

About iComply Investor Services Inc.
iComply Investor Services Inc. (iComply) is an award-winning software company focused on reducing regulatory friction in the capital markets. With powerful data, verification, tokenization solutions, iComply helps companies overcome the cost and complexity of multi-jurisdictional compliance to effectively access new markets. Learn more: iComplyIS.com

Compliance Beyond the Initial Offering

Compliance Beyond the Initial Offering

by | Oct 26, 2018 | iComply Insights

So you’ve issued a token, and things seem to have gone off without a hitch; however, that doesn’t mean that your compliance days are over – you’re still responsible for that token and the source of wealth for the person who holds it.

Unchecked secondary trading of tokenized asset opens the door to sanctions violations, facilitation of money-laundering and the ability for bad actors to use your token to fund the next terrorist attack.  

The use of blockchain in finance continues to grow exponentially – from central bank adoption to micropayments – with more successful use cases moving from pilots to production implementations. Perhaps no area has grown as much as the use of smart contracts to create “tokens”, fractional ownership units for private equity, debt, real estate, and funds. 

Awareness and usage of cryptocurrency have proliferated in recent years, with 2017 bringing an estimated $680 million of investment into blockchain assets. However, this dramatic growth was met with an equally dramatic number of scams and security breaches, with $23 million being lost daily due to malicious actors, gaps in compliance or sheer negligence.

This rapid growth comes as no surprise for those that have endured the inefficiencies, redundancies, and even human error or manipulation in the finance industry. These are some of the issues that have pre-empted the dramatic growth of the crypto and digital finance space at large.

Decentralization of financial services meant freedom from bureaucracy, gouging fees and piles of paperwork. Clearly, this was attractive. Financial services haven’t truly been disrupted at this level since the introduction of the banks themselves, which provided a trusted intermediary for transactions.

With Great Freedom Comes Great Responsibility
Despite its benefits, decentralization has also meant little protection for those choosing to engage in the early, wild west days of cryptocurrency. But this all changed forever in June of 2017 when the SEC announced that ICOs could be subject to securities laws.

As an issuer – from the moment you issue a token, you are responsible for that token for the rest of its existence. If an ineligible purchaser or a bad actor takes ownership of the token, perhaps via from one of the many crypto exchanges operating in grey markets or with meager KYC/AML requirements – the issuer is put at risk.

Multi-Jurisdictional Compliance
Running to Malta or the Bahamas also doesn’t change this requirement. One of the biggest knowledge gaps in this market is awareness of the fact that compliance isn’t actually about where the issuer is – but where the investor is. And each new locale – be it national or at the local level (various states in the U.S. have different rules around securities). Even if KYC/AML screening is adequate in one state, the requirements will likely vary and may even take on a different meaning in a different jurisdiction. Politically Exposed Persons Screening (PEP) varies significantly across different nations.  

Hair of the Dog – Programmatic Compliance
Interestingly, it is the same decentralized and public blockchain ledgers that opened the minds of the world to the benefits of decentralization (and gave us the wild-west of cryptocurrency) that also have the ability to technologically surpass the highest standards of compliance, integrity, and transparency of any multinational bank or financial institution.

iComply makes it possible for token issuers and investors to rely on Prefacto™ compliance, which means that the tokens have been developed to commit only those transactions which adhere to the rules that have been programmed into them. These rules could be securities laws for security tokens or other rules required for a particular utility token (eg. Sale restrictions).

See how iComply addresses these issues with a personalized demo.

About iComply Investor Services Inc.
iComply Investor Services Inc. (iComply) is an award-winning software company focused on reducing regulatory friction in the capital markets. With powerful data, verification, tokenization solutions, iComply helps companies overcome the cost and complexity of multi-jurisdictional compliance to effectively access new markets. Learn more: iComplyIS.com

Eliminating Security Vulnerabilities in Virtual Markets and Decentralized Exchanges

Eliminating Security Vulnerabilities in Virtual Markets and Decentralized Exchanges

by | Oct 1, 2018 | Blog, Crypto, Events, iComply Insights, Web3

Following the release of the New York Attorney General’s report on Virtual Markets, iCompy and Hosho will co-present a blockchain security and auditing MasterClass for exchanges, protocols, and ICOs on October 4 as an online teaser leading up to HoshoCon

Las Vegas, Nevada – October 1, 2018 – iComply Investor Services (“iComply”), a leading global RegTech platform for digital finance and cryptocurrencies is announcing that it has partnered with Hosho Group LLC. (“Hosho”). Hosho provides smart contract auditing, penetration testing, and cybersecurity maintenance services focused on the blockchain industry.

This month, the New York State Office of the Attorney General launched the Virtual Markets Integrity Initiative, which issued a report that analyzed how virtual currencies (cryptocurrencies) are traded.

According to the report: “Few issues are of greater importance to customers of virtual asset trading platforms than the security of the funds … sophisticated criminals attempt to infiltrate these platforms constantly, and have reportedly stolen billions of dollars’ worth of virtual currency. Once an unauthorized third-party gains access to a customer account, those funds can be quickly transferred beyond the reach of law enforcement.”

An average of $23 Million USD of cryptocurrency hacked or stolen each day because of security vulnerabilities.

“Most virtual asset exchanges currently use an inefficient patchwork of products and services in an attempt to enable effective multi-jurisdictional compliance. These disjointed systems create hacker vulnerabilities that risk investor funds, data, and the platform’s reputation,” said Matthew Unger, CEO of iComply. “When we met with the product and engineering teams of these same exchanges we were shocked by the vulnerabilities we saw – specifically from their KYC, facial recognition, and AML providers. Investors’ personal data is being stored on local drives, in email inboxes, and often is neither transmitted nor stored with encryption.”

iComply offers end-to-end compliance solutions for digital finance. Through a single REST API companies – and specifically digital finance platforms – are able to achieve 100% coverage of every issue outlined in the Attorney General’s report in addition to the standards required by FINRA proof of ownership and source of funds reporting.

Hosho reported that on average, 82% of the smart contracts that the team has audited have some sort of vulnerability, 27% of which are critical and contract breaking, which means that funds could have been lost or stolen.

“It is Hosho’s goal to push the blockchain industry towards maturation by improving the overall security awareness and standards across the board. Partnering with iComply is a no-brainer given their ethos and philosophy align perfectly with our own. We are both putting in place the infrastructure, services, and technologies necessary to the long-term development of a strong and secure ecosystem,” said Hartej Sawhney, President of Hosho.

The companies have partnered on a MasterClass taking place virtually on October 4, 2018, that will aim to educate participants on cybersecurity for blockchain and smart contracts.

Both companies will also present at HoshoCon which takes place October 9 -11 in Las Vegas. The conference is dedicated to cybersecurity and technology standards for blockchain and the decentralized financial market.

##

About Hosho
Hosho is the global leader in blockchain security, specializing in enterprise-grade security services for Fortune 500 and early-stage companies alike. Entirely focused on the blockchain industry, Hosho is setting the standard for blockchain security, providing state-of-the-art smart contract auditing and penetration testing services. With blockchain, the repercussions of a security hack are much greater than in traditional technology, making cybersecurity-related services of the utmost importance. Hosho plays an important role in the nascent blockchain industry by resolving issues that often lead to funds being lost or stolen. For more information on Hosho and our comprehensive suite of services, please visit Hosho.io

iComply MasterClass: Smart Contract Auditing Expert Panel

iComply MasterClass: Smart Contract Auditing Expert Panel

by | Sep 26, 2018 | Blog, Events, iComply Insights, Prefacto, Web3

In this upcoming MasterClass, iComply hosts Hosho’s CTO Alex Blair as he joins iComply’s CTO Matt Masiar, to speak on the importance of smart contract auditing, especially for financial applications of smart contracts.

In 2017, a total of $400 million that was raised through initial coin offerings (ICOs) was lost or stolen. This year $23 million was lost to crypto scams every day, with 10% of all funds invested into ICOs also having been reported lost or stolen. The status quo of token fundraising is not sustainable, nor ready for institutional finance.

A single vulnerability once exploited can destroy an entire project. Code, if not audited may not function as intended but will work fine for a short period of time. Companies soft-launching on a blockchain network have a lot to lose from code vulnerabilities and it could end up being a costly decision to not have an audit prior to launch.

Register Now

Save Your Spot: Registration Limited to the First 100 People Date: Thursday, October 4 Time: 11:00 AM – 11:45 AM (Pacific) Who is this MasterClass for? Developers, Token Issuers, Exchanges, Cyber Security Consultants

Key Learnings:
In this MasterClass, the panel will break down what smart contract audits are, why they are essential and how they can protect you and your investors. 

About Alexander Blair
As CTO of Hosho, the global leader in blockchain technology, Alexander leads its technology teams. Every audit bearing the Hosho name or GPG signature is viewed by him. He participates in the audit of ERC-20 contracts, intensive gambling contracts, website penetration testing, and consulting work. With each project, Alexander works to help companies achieve proper security for their funds and the blockchain ecosystem. Alexander Blair possesses a depth of knowledge and experience in low-level system administration, high-level development in multiple languages, cybersecurity, and cryptocurrency mining. Within the healthcare and cybersecurity industries, Alexander has refined his extensive skills in software security protocols. His projects include the sole development of updated mining pool software for cryptocurrencies based on the Cryptonote protocol; co-running SupportXMR.com – a cryptocurrency pool that focused on providing high-quality, high-speed mining pool access worldwide; and the intensive growth of the largest Monero pool in the world to a peak position. Prior to serving as the Chief Technology Officer at Hosho, Alexander enhanced his knowledge of security at Yo Sub Kwon’s LaunchKey. Later acquired by Iovation, Kwon tapped Alexander to join his new venture, Hosho – a cybersecurity company focused on the specific needs of the blockchain industry.

About Matt Masiar
A pioneer of Web technology for almost two decades, Natt’s work has won numerous local and international web development awards. He has acted as a CTO, Tech Team Lead, and technical adviser on a number of projects. He has demonstrated experience with designing and implementing secure, high-performance, scalable applications; large-scale integration projects; native mobile and responsive web applications; and legacy client-server based applications. Skilled in software design patterns, agile methodology, architecture, ASP.net, C#, Mobile Applications, Web Design, Management, and relational database design. 

Register Now

About iComply Investor Services Inc.
iComply Investor Services Inc. (iComply) is an award-winning software company focused on reducing regulatory friction in the capital markets. With powerful data, verification, tokenization solutions, iComply helps companies overcome the cost and complexity of multi-jurisdictional compliance to effectively access new markets. Learn more: iComplyIS.com

The Evolution of Blockchain Assets and the Regulatory Silver Lining

The Evolution of Blockchain Assets and the Regulatory Silver Lining

by | Sep 4, 2018 | iComply Insights

We’ve come a long way since Mastercoin, the first reported initial coin offering (ICO) that took place in 2013. Those five years seem like eons considering the incredible progress that has been made since. From ICOs to security tokens to smart assets and digital futures – the evolution of digital assets goes way beyond the renaming of “ICO”.

ICO 1.0
The original ICOs were actually not designed to be used the way they are often used today – having been irresponsibly and quickly merged into the capital markets. ICOs were originally developed to build automated, decentralized network infrastructure that could provide trustless value transfer and autonomous incentivization leading groups toward a shared goal.

This was revolutionary because while the internet made everything free, from music to movies to software and more, blockchain was a mechanism that gave everything back its value. However, it didn’t take long for enterprising minds to figure out how to make a ton of money using this technology, as can often be expected of any innovation.

ICO 2.0
2017 saw the technology applied to fundraising on a massive scale – and the ICO became perhaps the biggest thing ever for non-dilutive equity. Ethereum smart contracts made it easy for almost anyone to simply build a few microservices-esque smart contracts and raise millions, without the need to know any intricate coding. Following this, the number of ICOs skyrocketed, and in 2017 ICO funding even surpassed venture capital funding for the year. In the eyes of an issuer – this was way better than traditional non-dilutive equity because there was no need to give investors any rights whatsoever.

It’s clear what was in it for token issuers. For starters, they were able to present what is often not much more than an idea, make a compelling argument, lay it out in a white paper and generate enough hype to attract a plethora of investors to line up and support it.

ICO 2.1 – The STO
Eventually – it was clear that the “free money” era of the ICO 2.0 would come to an end. Enter: the security token offering (STO).

While this sounds more legitimate at first, because it recognizes that there is a need for some kind of regulatory oversight, the reality is that many of these projects have done little more than simply fill out a Regulation D form and still often provide investors with no rights, dividends, interest or equity. In many cases, these security or payments tokens can end up being just an extra step of friction in the process of acquiring a new user. Regulation D became popular because it exempts compulsory registration with the U.S. Securities and Exchange Commission (SEC). However, it also means that issuers must provide potential investors with documentation such as Private Placement Memorandums (PPM) and that offerings are subject to federal securities laws such as anti-fraud and civil liability.

Despite the extra paperwork, these offerings are not automatically compliant just because they are called STOs. Some absolutely crucial aspects of compliance are regularly ignored:

Location, location, location.
You’ve probably noticed the droves of people heading to Gibraltar, Malta, Switzerland and other jurisdictions to launch their ICOs with the goal of easing the compliance burden of their offerings. But the cold hard truth is – securities regulations have very little to do with where your offering is based – it’s about where the investors are. Regulations are not harmonized across borders. If one U.S. citizen buys that token, even on an exchange, – the issuer is responsible for ensuring that the token is fully compliant with the U.S. Securities Act. 

Sanctions
There are liabilities for securities offering beyond just the Securities Act –  trade sanctions for example which cannot be ignored. While you may be familiar with the Global Politically Exposed Persons (PEP) watchlist that most “lite-KYC” providers claim to review, this is something completely different and extremely important. Breaching the U.S. Patriot Act by allowing someone from Libya, Iran, or a known terrorist buy your token off of Ether Delta can land you in much hotter water than a Securities Act violation.

Lock Up Periods
A security token in the U.S. must also consider the Exchange Act or similar legislation in other countries. While Reg D requires a 12-month lock-up period (or 6 months if you meet the criteria of the Exchange Act) the Offering Memorandum (OM) is typically 4 months – although two legitimate STOs (TokenFunder and Impak Finance) are explicitly not allowed to let their tokens trade at all.

KYC is Not One-Size-Fits-All
Just like securities laws differ – so do KYC rules. In Switzerland for example – electronic signatures are not sufficient to purchase equity – the company requires a physical signature. Whereas in Canada, photo ID is not sufficient, there must be two credit checks run by two different agencies before the purchase is made. A truly compliant token offering must ensure that each investor is onboarded to the bare minimum standards – or greater – required by the jurisdiction where the investor is domiciled.

Looking for financial grade KYC and AML in an enterprise ready API?

iComply offers global screening for humans, corporations, and blockchain transactions in a single REST API.

Book a demo with one of our specialists to learn more.

ICO 3.0 and the Silver Lining

Interestingly, many of the issues mentioned above can actually be solved with the very same technology that has created these regulatory holes in ICOs. Blockchain can provide increased integrity and transparency compared to what the traditional financial markets are able to deliver today.

The demand for this technology in the capital markets shows us that traditional stock exchanges and crowdfunding platforms are unable to deliver the value that new early-stage issuers and global investors are seeking. That is true, global access to capital, liquidity for investors and the ability for entrepreneurs of all kinds to brings their ideas into the world – not just those people with connections or capital at their disposal. Great ideas come from everywhere, and no one should feel the need to skirt regulation, putting themselves and their investors at risk.

This is why iComply was created. By utilizing fully compliant tokens for ICOs, issuers are able to gain investor-confidence more easily and increase participation in their offerings from a variety of investors, including institutional investors.

 

Looking for an end-to-end token management studio?

iComply’s token compliance platform, Prefacto enables issuers to capture the value of blockchain asset management with multi-jurisdictional compliance automation for over 150 countries.

Book a demo with one of our specialists to learn more.

About iComply Investor Services Inc.
iComply Investor Services Inc. (iComply) is an award-winning software company focused on reducing regulatory friction in the capital markets. With powerful data, verification, tokenization solutions, iComply helps companies overcome the cost and complexity of multi-jurisdictional compliance to effectively access new markets. Learn more: iComplyIS.com