Aradhita Banerjee & Vanshika Oberoi are the students of Symbiosis Law School Pune
- Introduction – Decentralised Finance In The Web 3 Era
The constant evolution of the internet has always paved the way for revolutions and technological advancements in different sectors, while the world enters the third generation, coined as the Web 3, it grapples with need to regulate and mould itself to optimally realise its potential. While Web 3 encompasses various tenets, one of them i.e. Decentralised Finance (DeFi) continues to develop as a prominent catalyst for transformation in the approach to managing financial systems and transactions which is being characterised by fundamentals like openness, user-control and immutability.
DeFi represents a revolutionary financial ecosystem operating on decentralised blockchain networks, enabling transparent peer-to-peer transactions without the intervention of traditional intermediaries. Decentralised Autonomous Organisations facilitate the process by exemplifying collective ownership on blockchain, and applications like DApps act as substitutes to financial entities, operating trustlessly to eliminate barriers of accessibility and security risks in financial services provided by the centralised networks. While the growth in adoption of DeFi is a global phenomenon, its expansion in India in India remains notable as it boasts to hold the position of the leading adopter in ‘value received on-chain’ terms. Supported by increasing investments in Startups, which majorly focus on DeFi, among others areas of Web3 application, India seeks to command an important position in this new technological landscape.
However, the fruits of innovation, come with a multitude of complex legal and regulatory implications. This research article pursues this thought and attempts to delve into the escalated risks of financial crimes, especially that of money laundering as a result of direct and anonymous decentralised ledger technologies that oversee transactions in DeFi. The article further analyses the scope of the present Anti-Money Laundering laws of India to encompass DeFi, within its regulatory ambit. Finally, the article proposes certain suggestions to pave the way ahead.
- Decentralized Finance: A Haven For Financial Crimes?
DeFi’s capacity to provide cheap, automated and intermediary-free transactions does not, however, warrants it free from being a platform susceptible to immense misuse especially in countries which lack state of the art financial infrastructure and financial literacy with a potential inception point for cross-border transaction frauds. Several reports suggest the malady of DeFi-related scams, Ponzi schemes, private key’s theft, to name a few. Money laundering is one such financial crime which can be orchestrated seamlessly due to Web3’s ecosystem which operates beyond the legal perimeter of the majority of the states. Absence of regulatory framework allows a gateway for market manipulation, unauthorized transactions and no resolution instrument. According to a report by Chainalysis “more than $33 billion worth of cryptocurrency has been laundered since 2017 and the methodology involved tracking cryptocurrency sent from illicit addresses to addresses hosted by cryptocurrency services such as centralized exchanges and peer-to-peer exchanges. Further, Chainalysis claimed that DeFi was notably popular for laundering stolen funds, particularly through hacking.” An example to highlight the argument would be that of USA’s indictment of founders of Tornado Cash, a DeFi service provider of “untraceable and anonymous financial transactions which was employed by a North Korean state-sanctioned cybercrime organization to launder in hacking proceeds”. Tornado Cash uses Ethereum’s public blockchain transactions to secure transactional privacy through smart contracts and severance of connection between deposit and withdrawal. Moreover, “Zero-Knowledge Proof” and “Anonymity Mining” are the two fundamental pillars of Tornado Cash’s functionality whereby different parties can share data without disclosing to a third-party thus reducing traffic in data on Layer 1, i.e., the base network of blockchain technology. Hence, the US Treasury rightly sanctioned the company for failure to install sufficient controls and for encouraging money laundering recurrently.
Takeaways from such cases have prompted the countries across the globe to recognize the importance of having specific legislations for DeFi as an anti-money laundering (AML) stance and to prevent misuse for further unlawful purposes, such as, terrorist financing. Moreover, in light of the proposals and suggestions laid by Financial Action Task Force (FATF), an intergovernmental organisation to combat money laundering, in 2019[1], Japan, UK, France and other countries have adopted new cryptocurrency specific AML regulations.
III. PMLA: Extending Its Frontier To Include VDA
The movement towards synchronisation of the growing DeFi platform with the Indian Anti Money Laundering regime, has attracted attention from both researchers and policy makers. Consequently, guidelines and amendments in the Prevention of Money Laundering Act, 2002 (PMLA) and The Prevention of Money Laundering (PML) Rules are been introduced to bring about a framework of regulation. The urgency for swift regulatory action by the authorities is exacerbated by the inherent challenge of categorisation or identification of intermediaries or even participants on whom accountability can be levied, in the absence of which basic regulatory and compliance features of the PMLA like identification of users, carrying out due diligence and tracking of transactions by reporting entities, among others, stand thwarted.
In response to the dynamism of Web 3’s financial landscape, India’s PMLA and PML Rules have undergone significant updates by way of a notification released in 2023, vide the powers conferred on the Central Government under the PMLA. The move significantly expands the ambit of the AML legislation to encompass the regulation of cryptocurrencies and transactional aspects of Virtual Digital Assets (VDA) and its related financial services.[2] It stipulates that the definition of VDA under the PMLA would be same as has been laid in Section 2(47a) of the Income Tax Act, 1961[i] which accords administrators of VDAs, custodians of funds and other participating units with similar obligations of a ‘Reporting Entity’ including requirements of compliance to user identification, due diligence, maintenance of records of transactions and reporting suspicious dealings and undertakings to the Financial Intelligence Unit (FIU). Additionally, in accordance with directives from CERT-In, it has been mandated that entities classified as “virtual asset service providers,” “virtual asset exchange providers” and “custodian wallet providers” are required to uphold Know Your Customer guidelines and retain records of financial transactions for a five year duration.[3] Further, the regulatory reforms enables the Indian government to oversee and track DeFi transactions, treating them as potential ‘proceeds of crime’ on the same level of scrutiny as is levied on transactions involving fiat currency under the PMLA. Lastly, the jurisdiction of the Enforcement Directorate to investigate financial wrongdoings and lack of disclosure by individuals or entities, stands extended to upcoming VDA holdings also.
The recent amendments certainly must be lauded as a move towards integration of technology with the legal framework of the nation, and setting standards for international best practices. However apart from assessing them on grounds of efficacy and implementation, it is vital to adjudge the extant of the control that can be exercised in light of the global and transcendental nature of transactions on the Web 3 platform. As the territorial scope of the PMLA is limited to India, foreign DeFi agencies providing services within India, might still not be subject to the provisions outlines in the new notification. Further, as per the repeated cautions issued by the FATF, “gaps in the global regulatory system have created significant loopholes for criminals and terrorists to abuse.” The absence of a global and aligned action on the subject matter will continue to create scope for laundering money through DeFi platforms despite of national efforts.
IV. Suggestion And Conclusion: Extrapolation Of The Intersection Of AML Laws And DeFi Insurgence
While the legislative intent regarding bringing VDA under the ambit of PMLA is a right step towards bridging the legislative gap between technology laws and an alternative investment ecosystem, the abyss still exists and there will be implementation challenges in the future which needs to addressed by a separate legislation concerning DeFi along with a separate statutory body as certain amendments to the PMLA are not enough to efficiently deal with AML schemes and the said body will act as the one-stop-solution for investigation instead of multiple forums like FIU and ED. The new legislation should incorporate the FIU-IND’s “AML & CFT Guidelines for Reporting Entities providing services related to VDA” to make it legally binding as it encapsulates some of the internationally recommended best practices. The authors also suggest to train the userbase about the nature of DeFi infrastructure, functionality and the crimes involved and procedure to implement cyber cleansing compliances in order to reduce user-based fallacies. Apart from KYC and other record maintenance mandates by the law for enabling the authorities to trace large transactions, the authors suggest the mandate of creating an office of Smart Contract Auditor by the administrators of VDA, to examine the contract’s code to identify security issues.
Irrespective of passing new laws, one cannot not lose sight of the fact that DeFi is inherently borderless and demands for global cooperation to avoid Regulatory Arbitrage and Money Laundering to establish jurisdictional equivalence. Under India’s G20 Presidency, dialogues for launch of global VDA regulation has been initiated and India should continue this lead in international technology jurisprudence for the global good.
[1]‘Regulator Guidance for VASPs’ (LexisNexis Risk Solutions, 17 October 2024
<https://risk.lexisnexis.com/global/en/insights-resources/infographic/guidance-for-regulating-vasps>
accessed 2 January 2024
[2] Saai Sudharshan Sathiyamoorthy & Sriram Venkatavaradan, ‘Digital Assets & the Indian Anti-Money Laundering Regime’ (Oxford Business Law Blog, 25 July 2023) <https://blogs.law.ox.ac.uk/oblb/blog-post/2023/07/digital-assets-indian-anti-money-laundering- regime#:~:text=’%20Due%20to%20the%20decentralised%20and,novel%20method%20of%20money%20laundering.&text=In%20India%2C%20the%20Prevention%20of,of%20cryptocurrencies%20and%20digital%20assets.> accessed 1 January 2024
[3] Nishchal Anand, Pranay Agarwala & Dhrupad Das, ‘Blockchain and Cryptocurrency Laws and Regulations 2024’ (Global Legal Insights) <https://www.globallegalinsights.com/practice-areas/blockchain-laws-and-regulations/india> accessed 1 January 2024
[i] The Income Tax Act, 1961, Sec 2(47a) (IND)