An Interview
with Bybit’s
Chief Legal
Compliance Officer,
Robert MacDonald
An Interview with Bybit’s Chief Legal Compliance Officer, Robert
MacDonald
by Bitcoinist
3 hours ago
in Industry
0
Bybit is the world’s second-largest cryptocurrency• Экономика » Финансы » Платежные средства » Платежные системы интернета » Криптовалюта exchange by trading volume,
serving a global community of over 60 million users. Founded in 2018, Bybit is
redefining openness in the decentralized world by creating a simpler, open and
equal ecosystem for everyone
Q: Given your legal experience of financial crime, having served as a
barrister, what trends have you observed in terms of crypto assets being used
to facilitate financial fraud and in the techniques employed by criminals
utilizing blockchain• Информационные технологии » Информационно-коммуникационные технологии » Информационные технологии и телекоммуникации » Базы данных » Публичная база транзакций » Блокчейн
• Высокие технологии » Информационные технологии и телекоммуникации » Базы данных » Публичная база транзакций » Блокчейн?
A: I’ve worked in anti-financial crime for many years, covering TradFi,
FinTech and Payments, and more recently crypto. One constant I’ve observed is
that the most damaging exploits are often relatively low-tech, relying heavily
on social engineering tactics and hacking• Государство » Законы и право » Теория государства и права » Отрасль права » Информационное право » Компьютерные преступления » Преступления в сфере информационных технологий rather than sophisticated technical
tools. As with many emerging technologies, it’s typically the people behind
the exploits who pose the most risk, not the technology itself.
Given the advancements in KYC and AML procedures and technology, the most
common fraudulent attempts often involve identity theft or credential theft.
As crypto’s user base grows, more retail investors become potential targets.
Criminals frequently use phishing, impersonation, and similar schemes to trick
users into divulging verification codes and even passwords – which is true of
both crypto and online banking. At Bybit, besides continuously enhancing our
enterprise security to guard against these threats, we emphasize user
education and internal training to keep pace with emerging attack vectors.
On a related note, a recent Chainalysis report highlighted that in 2023 the
industry saw a drop in illicit activities of over $15 billion. Much of this
progress can be credited to the transparent nature of blockchain• Информационные технологии » Информационно-коммуникационные технологии » Информационные технологии и телекоммуникации » Базы данных » Публичная база транзакций » Блокчейн
• Высокие технологии » Информационные технологии и телекоммуникации » Базы данных » Публичная база транзакций » Блокчейн technology
and to conscious efforts by industry players and regulators to improve
security measures. We’re on the right track, and the onus is on all
participants to double down on these efforts to keep driving the industry
towards a point where it is no longer synonymous with illicit activity.
Q: How do you believe the level of financial crime within the crypto industry
compares to that of traditional finance, and do you believe that enhanced
compliance and reporting in recent years has succeeded in mitigating this?
A: It’s a tricky comparison because traditional finance dwarfs crypto in terms
of overall scale, making direct parallels anything but straightforward. By
sheer numbers, TradFi fraud and scams are much larger simply because that
ecosystem is far bigger. However, in an emerging industry like crypto, you’re
more likely to see a higher percentage of opportunists or rogue actors trying
their luck. That said, the view that crypto is the “wild west” is increasingly
outdated, at least when it comes to reputable exchanges which now account for
the bulk of all centralized trading activity. All major exchanges now require
rigorous checks and identification procedures that are akin to those of
virtual banks.
There are also encouraging signs that tackling fraud in crypto is getting more
effective. Blockchain• Информационные технологии » Информационно-коммуникационные технологии » Информационные технологии и телекоммуникации » Базы данных » Публичная база транзакций » Блокчейн
• Высокие технологии » Информационные технологии и телекоммуникации » Базы данных » Публичная база транзакций » Блокчейн’s innate transparency makes it easier to trace and
investigate suspicious activity. Law enforcement agencies, specialized
financial intelligence solution providers, and exchange operators are all
becoming more adept at using blockchain• Информационные технологии » Информационно-коммуникационные технологии » Информационные технологии и телекоммуникации » Базы данных » Публичная база транзакций » Блокчейн
• Высокие технологии » Информационные технологии и телекоммуникации » Базы данных » Публичная база транзакций » Блокчейн’s inherent strengths to prevent crime.
In my experience, there’s also growing convergence of best practices and
information sharing between the crypto industry and traditional financial
service providers. We’re seeing more partnerships between these sectors, as
well as traditional players incorporating blockchain• Информационные технологии » Информационно-коммуникационные технологии » Информационные технологии и телекоммуникации » Базы данных » Публичная база транзакций » Блокчейн
• Высокие технологии » Информационные технологии и телекоммуникации » Базы данных » Публичная база транзакций » Блокчейн or crypto solutions to
meet client demands, particularly for institutional users. Meanwhile, digital
assets are expanding into traditional capital markets through BTC and ETH
ETFs, indicating a broadening alignment between the worlds of TradFi and
crypto.
Q: How has the emergence of AI made KYC/AML harder, and in what ways does the
technology also provide defensive capabilities e.g. better facial recognition?
A: Before we get into the defensive side, here are some of the emerging
threats changing the security landscape:
Automation of Fraudulent Activities:
a. Sophisticated Fraud Techniques: Criminal enterprises leverage AI algorithms
to create more sophisticated scams, allusions to legitimate operations, and
fake identities that could bypass traditional KYC checks.
b. Deepfakes: The rise of deepfake technology allows fraudsters to create
convincing synthetic identities or present false documentation, making it
harder for institutions to verify identities.
Data Overload:
c. Increased Volume of Data: AI generates and analyzes vast amounts of data.
This abundance can overwhelm KYC/AML processes, where identifying red flags
becomes more challenging due to the sheer volume of transactions and customer
profiles.
d. Complexity of Patterns: The complexity of AI-generated behavioral patterns
in transaction monitoring can make it harder to distinguish between legitimate
and suspicious activities.
Adversarial AI:
e. Countermeasures Against Detection: Criminal organizations can use
adversarial machine learning to train models that anticipate and evade KYC/AML
detection systems, making it more difficult for financial institutions to keep
pace.
Anonymizing Technologies:
f. Use of Anonymity in Transactions: The integration of AI in privacy
technologies (e.g., mixing services and privacy-focused cryptocurrencies• Экономика » Финансы » Платежные средства » Платежные системы интернета » Криптовалюта)
allows users to obfuscate their identities and transactions, complicating the
traceability efforts required for effective KYC/AML compliance.
AI-Driven Defensive Capabilities in KYC/AML
AI has introduced both new challenges and new defenses in KYC/AML. On the
challenge side, criminals are using AI to automate fraudulent activities,
creating more sophisticated scams, faking legitimate operations, and producing
fabricated identities capable of bypassing traditional KYC checks. Deepfake
technology can also be leveraged to craft highly convincing fake documents or
synthetic identities, further complicating the verification process.
Compounding these issues is the sheer data volume that AI can generate and
analyze. The massive influx of information makes it more difficult for
institutions to detect red flags, while adversarial AI techniques enable
criminal organizations to train their systems to evade established KYC/AML
detection methods. Additionally, anonymizing technologies such as mixing
services or privacy-focused cryptocurrencies• Экономика » Финансы » Платежные средства » Платежные системы интернета » Криптовалюта powered by AI create further
obstacles for tracking and identifying illicit transactions.
On the defensive side, AI also offers valuable tools to strengthen KYC/AML.
Advanced identity verification methods, including AI-driven facial recognition
and the analysis of biometric data, have made onboarding processes faster and
more secure. Pattern recognition and anomaly detection algorithms can
efficiently comb through transaction histories and user behavior to spot
irregularities, while continuous learning systems adapt over time to
anticipate evolving criminal methods.
AI-powered natural language processing (NLP) helps compile and analyze
information from diverse sources such as emails or social media to create more
accurate customer risk profiles. Real-time monitoring systems draw on both
historical and live transaction data, providing immediate alerts on suspicious
activities and enabling proactive intervention. Furthermore, AI can streamline
regulatory compliance through enhanced reporting and facilitate collaboration
and information sharing among financial institutions to build a collective
defense against emerging threats.
Q: Do you believe that crypto users should have the right to self-custody
their assets and to maintain self-hosted wallets without the need to verify
their identity?
A: We must acknowledge that at its heart, blockchain• Информационные технологии » Информационно-коммуникационные технологии » Информационные технологии и телекоммуникации » Базы данных » Публичная база транзакций » Блокчейн
• Высокие технологии » Информационные технологии и телекоммуникации » Базы данных » Публичная база транзакций » Блокчейн technology – and by
extension, cryptocurrencies• Экономика » Финансы » Платежные средства » Платежные системы интернета » Криптовалюта – revolves around principles like
decentralization, transparency, and individual sovereignty. Self-custody is
closely tied to these values. Service providers as custodians don’t take away
the right to self-custody; rather, they give users an alternative. Meanwhile,
more user-friendly self-custody solutions are constantly being developed, just
as exchanges are growing more sophisticated. This healthy competition enriches
the ecosystem, ensuring users have multiple options.
However, when self-custody intersects with active trading and other forms of
participation in the wider marketplace, it inevitably bumps into compliance
requirements. At some point, most users find themselves needing to verify
their identity if they want to move beyond just holding assets in a private
wallet. That’s the balancing act: freedom versus compliance.
Exchanges such as Bybit have a responsibility to safeguard users and the
broader community against criminal activities. KYC is one of the tools we rely
on to achieve that goal. An imperfect analogy might be the choice between
holding physical gold bars in a private vault or keeping cash at a bank:
self-custody remains an option, while exchanges offer a more liquid and
practical alternative.
Q: What role do exchanges such as Bybit play in mitigating the effects of
hacks that occur onchain e.g. freezing suspicious assets, reporting fraudulent
behavior, and do you believe centralized exchanges should proactively support
such efforts where possible, as opposed to focusing on the activities of their
own users?
A: Bybit is regulated in multiple jurisdictions, and we’re obligated to comply
with valid requests from local authorities. We view the battle against
cybercrime• Государство » Законы и право » Теория государства и права » Отрасль права » Информационное право » Компьютерные преступления » Преступления в сфере информационных технологий and financial crime as part of our core promise to protect customer
assets. We proactively screen transactions for suspicious activity and employ
AI tools and specialized teams to thwart hacking• Государство » Законы и право » Теория государства и права » Отрасль права » Информационное право » Компьютерные преступления » Преступления в сфере информационных технологий attempts. In the first half
of 2024, for example, Bybit prevented the unauthorized withdrawal of over $79
million worth of digital assets. Our main focus is to safeguard customer
funds, and in rare cases that may involve freezing accounts and launching
internal investigations.
We also maintain a dedicated team to handle around 1,000 requests per month
from law enforcement agencies worldwide. This level of effort reflects our
commitment to protecting users and supporting broader security initiatives
across the industry.
Q: There are a lot of conflicting crypto regulations due to the lack of a
unified regulatory framework governing all internet users. How does this make
your job harder, and what are the biggest improvements you would like to see
to streamline industry regulation?
A: The global patchwork of regulatory regimes for cryptocurrencies• Экономика » Финансы » Платежные средства » Платежные системы интернета » Криптовалюта creates
uncertainty for businesses and investors alike. Different agencies focus on
different risks – some prioritize money laundering, others consumer
protection, and still others taxation – making it challenging to build
cohesive solutions. From a compliance perspective, this diversity forces us to
look at the underlying concerns regulators want to address and figure out
comprehensive ways of meeting those concerns.
At Bybit, we believe compliance should mean more than just ticking boxes; it
should be about genuinely engaging with and mitigating the risks regulators
have identified. We’ve experienced rapid user growth, adding 10 million users
in a single month in one of our strongest quarters, so we understand we have a
responsibility to help our customers navigate the changing regulatory
environment.
I’d like to see major jurisdictions lead the way in developing thoughtful,
pragmatic models that promote sustainable growth. Bybit’s global footprint
means we can serve as a role model, and through ongoing legal debates and
deliberations, I’m optimistic we’ll see more clarity emerge in the near
future.
Q: Do you believe that more stringent compliance will incentivize more
institutions to enter the industry, and what are the main things that need to
be done to accelerate TradFi adoption from a regulatory perspective?
A: Institutional participation in digital assets is already substantial. The
intersection of TradFi and the crypto sector’s institutional solutions has
expanded rapidly over the past few years. From a B2B standpoint, the nature
and depth of compliance differ from B2C, and institutions are generally
well-equipped to gauge the compliance standards of their counterparties. What
often attracts these larger players is the tech stack, liquidity, and
crypto-native capabilities of providers like Bybit. Rather than strict rules
alone, regulatory clarity and approvals for crypto-related financial products
tend to be the main drivers for institutional adoption.
Better classification of crypto assets would be a major boost. Right now,
different tokens can fall under different regulations, forcing investors to
manage a complicated set of rules post-launch. When you consider how
specialized legal and compliance teams in TradFi are, this complexity can be a
significant barrier to entry. We have seen the benefits of a sensible approach
to regulating stablecoins in the European Economic Area• Объект организация » Организации по алфавиту » Организации на Ев » Европейская экономическая зона, which has boosted
confidence, improved market stability, and increased investor protection.
These benefits could be replicated across other types of cryptocurrencies• Экономика » Финансы » Платежные средства » Платежные системы интернета » Криптовалюта,
providing greater clarity and more uniform standards.
