Have you ever wondered how technological advancements like AI and crypto are reshaping compliance frameworks in the traditional financial industry? Our next guest, Kamran Choudhary (Technical Director AFC, BCB Group) explains to Caitlin Barnett (Director of Regulation & Compliance, Chainalysis) all the technological factors that are impacting risk management and compliance in both TradFi and DeFi.
You can listen or subscribe now on Spotify, Apple, or Audible. Keep reading for a full preview of episode 158.
Public Key Episode 158: Balancing Act: Regulation, Innovation, and the Crypto Ecosystem
Have you ever wondered how technological advancements like AI and crypto are reshaping compliance frameworks in the traditional financial industry?
Our next guest, Kamran Choudhary (Technical Director AFC, BCB Group) explains to Caitlin Barnett (Director of Regulation & Compliance, Chainalysis) all the technological factors that are impacting risk management and compliance in both TradFi and DeFi.
Kamran shares the dramatic shifts in the industry over the past decade and how technology, particularly AI and crypto, is enhancing the holistic compliance approach by BCB Group, a leading provider in regulated payment, wallet and trading services across fiat and crypto.
They both talk about the current challenge of regulations such as MICA, the emerging role of stablecoins and how regulatory evolution is influencing both established and emerging financial markets, while still highlighting the increased prioritization of cybersecurity in the wake of recent crypto hacks.
Quote of the episode
”One of Spain’s largest banks, BBVA, they’re now offering Eth and Bitcoin trading and custody services. So that shows that huge players are able to reconcile crypto with their legacy risk appetite. So, this evidences that clearer regulation which is coming into Europe.” – Kamran Choudhary (Technical Director AFC, BCB Group)
Minute-by-minute episode breakdown
2 | Evolution and strategic importance of compliance in finance
4 | BCB Group’s role in bridging fiat and crypto compliance
10 | How crypto companies can maintain banking relationships via good compliance
14 | Emerging threats in crypto: AI, money laundering and cybersecurity
20 | How the crypto industry should approach state sponsored hackers like Lazarus Group
24 | EU and UK crypto regulation and the impact it has on innovation in the industry
28 | MiCA: The double edge sword of clarity and comprehensive compliance costs
30 | Stablecoins, regulatory challenges and market fragmentation
33 | Decentralized IDs (DIDs) and enhance privacy and eliminate data oversharing
35 | Scaling and innovating payment solutions for 2025
Related resources
Check out more resources provided by Chainalysis that perfectly complement this episode of the Public Key.
Speakers on today’s episode
This website may contain links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
Our podcasts are for informational purposes only, and are not intended to provide legal, tax, financial, or investment advice. Listeners should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with your use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in any particular podcast and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.
Unless stated otherwise, reference to any specific product or entity does not constitute an endorsement or recommendation by Chainalysis. The views expressed by guests are their own and their appearance on the program does not imply an endorsement of them or any entity they represent. Views and opinions expressed by Chainalysis employees are those of the employees and do not necessarily reflect the views of the company.
Transcript
Caitlin
Hi. I’m Caitlin Barnett, the director of regulation and compliance here at chainalysis, and I’m really excited to be joined by Kamran, who’s the Technical Director at BCB group. Kamran, thank you so much for joining us today. Thank you very much, Caitlin, it’s a pleasure. So you have had a number of different compliance and AML roles with various organizations, from consultancy firms, large financial institutions like BNP, Paribas, FX and payment companies. How did you get into compliance to begin with?
Kamran
That’s that’s a great question, because I never planned to get into compliance. I didn’t sort of have a trajectory with compliance as an endpoint, as I’m sure, many in this field feel the same same, I have always had a strong knack and a strong curiosity with regards to research and investigations that ultimately led me to my first ever role within what was in essence a first line investigations role. That role opened up the floodgates with regards to my experience, as you’ve mentioned, I’ve worked in consultancy, foreign exchange payments, large FIS and of course, the FinTech space. Each role has exposed me to, I’d say, a different facet of the industry. Every role that I’ve had has given me a different perspective to compliance and risk management, and I think that’s responsible for part of my current skill set and my mature approach to understanding controls and risk frameworks. But I would say that compliance often has a connotation about being just about rules, regulations and ticking boxes. Actually, it’s far more than that. It’s about understanding patterns behavior, and, without doubt, staying ahead of the curve. Yeah, absolutely. Go into complaints, absolutely. So you know, it’s talking about compliance. Have you noticed any materials shifts or changes over the last decade from the time you started the work you’re doing today at BCB group, without doubt, I would say when I first started out in my career, the the average compliance officer was less data driven than the current analog. So compliance officers now, we’re more data driven than our predecessors. When I started out, the main tools available, the main sort of skill sets were related to spreadsheets and databases. And of course, we know that the advent of reg Tech has been huge in the last few years. We’re now talking about implementing, or already using AI and machine learning solutions. So that alone shows you how much compliance has evolved and caught up with the technological progress, also new and potentially alien regulatory regimes and themes have emerged. So what I mean by alien is that we’re talking about things now that we probably couldn’t have envisioned talking about many years ago. Case in point, crypto. 10 years ago, crypto was an afterthought at best. I mean, it wasn’t, it wasn’t legitimized in any way. So there was no regulatory scope for it. However, however, right now we could argue that, I’d say priority for regulators worldwide to get to grips with what a prudent framework for regulating crypto is. We’ve also got other initiatives which are particularly prominent in the UK and Europe, such as open banking, and once again, this type of openness in the financial infrastructure and data sharing, this was never a conversation we were having five or six years ago. So much has changed. That’s great, but it also means that compliance officers nowadays, they have to navigate a patchwork of new regulation and legislation, for example, updates to the Payment Services directive, I would just say one more thing, Caitlin, and perhaps this is the most important thing, forgetting everything else I’ve said. I’ve noticed a big cultural shift in compliance over the last few years, which is great. It’s reassuring compliance to me, from my experience, it’s now seen as more of a strategic priority and a competitive advantage of businesses, yeah, whereas in the past, as I’m sure we all know, it was labeled as a back office function, yeah? Because proper compliance is very front office, it’s very there, it’s very Yeah. So yeah, I think the industry has changed materially over the last few years. Yeah,
Caitlin
I think you’re 100% right when you when you when you’re talking about going from back office, cost center to more of a front office, you can’t get licenses, you can’t be taken seriously or be a legitimate company, unless you have true compliance officers who can be front office facing you can go talk to the regulators, explain the products, explain what you guys are trying to do. So as a former Chief Compliance Officer, I am very happy about that material change and the cultural shift for compliance officers. So you have worked at BCB group for over four years, although I’m sure many people know your company already. For those of our listeners who might not be familiar with it, can you provide just a high level overview of the different services that BCB. Group offers.
Kamran
BCB group is a leading provider of regulated payment, wallet and trading services. So we’re active across both Fiat and crypto, and we primarily service the digital asset space. So crypto related enterprises, we’ve got a diverse customer base within the crypto ecosystem. We have relationships with crypto exchanges, institutions, market makers, etc. We also offer more than 40 Fiat and crypto pairs. So we like to say that we have deep liquidity. One of our standout points is that BCB has its own proprietary settlement system, which is called Blink, and it’s available to our customers, for them to transact between themselves. This is part and parcel of what we try and do at BCB. We try and make it easy for our customers to navigate this ever changing landscape. Really
Caitlin
super interesting. So you kind of touched on this just now. You have several different use cases, including on and off, ramping into crypto and payments. One of the most interesting use cases is your treasury management services. As more individuals and companies play in both the defi and tradfi world. Can you explain what makes BCBS platform so beneficial for your clients?
Kamran
Absolutely, I’d say that we seek to provide a unified end to end solution. So we want to add value at all touch points for our customers. It’s not enough for us to simply provide services. We want to be seen as a strategic partner for our for our customers, and once again, provide a high touch service, I think, in an era where everything is being automated, often companies who are, let’s say, sometimes feeling lost at lost in the waters, it’s really beneficial for them to have that person, that industry expert, to talk to. Now, of course, we’re not providing guidance or advice. That’s not our legal remit, but it’s just good to know that you have a partner who’s been there, done that in that sense. So one of the biggest things that I could say about BCB and what we offer, it’s it’s ultimately, reliability. We’ve been a reliable partner in this market, even through the turmoil that all of us know know about. We know what’s gone on in the last few years. It’s probably not worth a mention those market conditions. They’ve never stopped us from delivering on our core business objectives and services. And our customers know this, and they associate that with us. So I would say, really, that’s what we offer, amongst many other things, reputation
Caitlin
is everything right when it comes to this space. So from a financial crime compliance perspective, does holding digital and traditional financial products on your platform create additional risk factors? And do you think this benefits BCB, because you get a more holistic view when it comes to compliance with both the on chain and off chain data?
Kamran
Yeah, to answer the first part of your question, Caitlin, of course, offering services across both Fiat and crypto, it would increase our tax service in the sense that offering across both assets would, for sure, increase our exposure to financial ground risk, because in our payment service, whereas where we don’t directly touch crypto, we offer a payment rail service, so we offer the ability for crypto exchanges to on ramp and off ramp. Of course, we know what underlies that is crypto activity. So we’re exposed to hybrid financial crime risks in our payments offering, in our trading offering, where we do directly have touch points with crypto, that’s where we leverage tools such as chain analysis. So what this means for us is that this larger exposure, of course, it attracts more scrutiny, because think of it this way, we’re active in two highly scrutinized spaces, payment services, but then crypto, we offer crypto payment services. So you can imagine the the onus on us to get this right. And of course, we have regular touch points with our regulators and counterparties. In that regard, this means that BCB group, we really do sit at the heart of the intersection between crypto and Fiat. We’re also, as a direct result, able to gain and learn a lot. For example, we are up to date with hybrid financial crime typologies, and this allows us to strengthen our framework and innovate, and also use this to give back to our customers and realize, okay, what can we do to improve our offering and further safeguard what we’re trying to do? Yeah,
Caitlin
going back again to that reputational perspective and being able to have those compliance officers that are front office facing that can explain all this to your regulators, so you’re already an amazing guest that you have plug chain analysis, but since chainalysis and VCV groups sit at different ends of the payment client life cycle, whereas your team has insights into the off chain data and customer activity, can you explain how you’re using the chain analysis tools and how Important off chain data combined with the accuracy of on chain data is for your investigations, as well as consumer protection, sure.
Kamran
So of course, as you mentioned, Caitlin, BCB and chainalysis also have their own unique perspectives on the market, because we’re positioned at different elements of that life cycle. I alluded to this before, but I’ll break it down and. End so high level, we offer both payment and trading services. Within the payment services, we don’t directly touch crypto because we’re providing Fiat to payment rails to crypto exchanges. So at the payment service level, we’re more likely to use our on chain skill set with regards to gap analysis, for example, where we’re very privileged to have access to the same tools that our customers do. So let’s say we’re onboarding a customer, or we’re doing a routine, periodic check on the customer, we can use and leverage these tools to make sure that what we’re seeing lines with what our customers are seeing. And if we’re not, if there’s a discrepancy, we can conduct that gap analysis. We can figure out why is there a breakdown and what’s going on. So whilst this isn’t sort of a unique selling point of the chain analysis product, we’ve learned to leverage it for gap analysis, and it works very well in that regard. So we use it to cross check results, in essence, within the trading arm, where we directly touch crypto, where we have crypto touch points, because we offer Fiat and crypto trading pairs, Kyt and reactor form a core part of our financial crime toolkit. They’re used every day. We couldn’t do business without having sophisticated on chain monitoring tools to alert us to risky clusters, indirect exposure or otherwise patterns that require further investigation. So as I’ve tried to detail on chain information as a very specific and useful context. And context is everything, especially in our space, because for us, on chain data without the relevant off chain context, it leads to very muted insight. So what use is it knowing that your class, your customers, for clusters exposed to a certain source? If you don’t know who your customer is you don’t know what they’re doing. You don’t know what the benchmarks are from a behavioral perspective. At the same time, having great off chain information, knowing who they are, knowing what they do, what their financial situation looks like, is brilliant, but not being able to translate that to an on chain environment is also going to lead you to missing the bigger picture, because you may know half of what they’re doing, but the full picture is not clear. So reconciling on chain and off chain data is something that is very close to my heart at the same time, it can be quite hard, because off chain and on chain data, they don’t sit in the same world. They are. They belong to different systems, and they don’t have a natural integration. But it’s very worthwhile to bring them together to provide that holistic context when it comes to, let’s say even transaction monitoring, for instance. Yeah,
Caitlin
absolutely. I think you brought up a really good point that that people who aren’t familiar with Blockchain Analytics might not understand where you can use blockchain analytics to essentially get a snapshot into your potential customers bank account, right? So if they give you documentary evidence that they don’t allow interaction with sanctions, you can very clearly go and check using chain analysis products to see whether or not that’s true. And I think coming from a tradfi perspective, that’s just foreign, right? Because you don’t have that that exposure. So that was like my big selling point, my aha moment when I saw blockchain analytics. So it sounds like it was very similar to how you approach it as well, which is cool, absolutely,
Kamran
we leverage it from a KYB perspective. As you mentioned, it’s so useful because an on chain trail is immutable, you can see the trail of events that have led to a certain attribution. So if we see exposure to gambling, for example, of course, gambling is also legal. I’m not saying many means it’s not, but it could set at odds with our risk appetite. So it’s very important and where the provenance of that gambling exposure is and what we can then do. So chainalysis really helps us in that regard.
Caitlin
Yeah, it’s so great to hear so going on, you have several crypto customers. One of the biggest risks to crypto companies has always been maintaining banking relationships with the early days, many being de risked by banks or being charged exorbitant premiums to keep an account. Have you seen a shift by banks now that they are venturing more into digital assets themselves? Or do you think this is still a contentious issue within the industry? It’s
Kamran
a bit of both. I am seeing a shift, a good shift. So even large tradfi players right now, they are entering the crypto space, for example, to offer crypto custody services. Actually, I read only a few days ago that one of Spain’s largest banks, BBVA, they’re now offering Ethan bitcoin trading and custody services. So that shows that a huge player is able to reconcile crypto with with a legacy risk appetite. So this evidence is that clearer regulation, which is coming into Europe, clearer regulation and standards, is allowing banks to revise legacy and potentially outdated risk frameworks. Banks are then going to be more willing to engage with crypto companies who have prudent and robust control frameworks. However, having said that the caveat always, regulatory clarity, is still evolving, and smaller companies, truthfully, are still struggling. It’s the bigger players who are benefiting these smaller, more agile shops, they are struggling and for these companies. Means maintaining banking relationships is still a key strategic priority, and it’s very resource intensive. Now in the tradfi space, we almost take it for granted. So I can speak to the UK, because it’s a market that I’m very familiar with. Payment Services companies in the UK will get banked by a tier one bank with relative ease. They’ll go through a straightforward DD process, and they’ll have their accounts. However, a crypto company will really struggle to do the same, simply because that crypto label almost always triggers the de risking alarm bell over at the bank. So crypto firms, it’s almost like their banking relationships live in their heads, rent free. They’re always worried about their banking relationships, and that’s part and parcel of why BCB exists, we’re here to try and solve that pain point and really help our customers sleep easy at night.
Caitlin
Definitely is a huge concern for for compliance officers. So some as someone who has an intimate view of the financial crime space, working with both large companies and crypto and payments, what do you think is the most existential risk to both the defi and the tradfi space? This
Kamran
isn’t a fair question 100 different ways. Thematically, I would say that the biggest risk to both is that the complexity of the of both systems, both tradfi and defi, or of crypto and tradfi could grow to a pace where it outpaces the risk management capabilities. And by that I mean, for example, if crypto grows too much, too quick, and tradfi grows too quick, we may not have the proper tools and frameworks in place to allow it to grow safely, and that almost always leads to an explosion at some point, as history shows So, as an example, in defi, a major Oracle collapse could trigger a contagion event. Of course, defi, in tradfi, perhaps a breach of settlement rails. It could freeze liquidity globally. And one thing we’re noticing as more and more tradfi incumbents enter crypto, these two worlds that used to be seen as so far apart, they are converging and they’re becoming more interconnected. Interconnection and globalization is great, but it also means that issues in either could have a widespread implication for the other, and that’s why I’m going to go back on what I said about risk management. Now more than ever, risk management must evolve to match this increasing complexity. So that’s the largest outstanding risk from from my view,
Caitlin
yeah, I think, I think that makes a ton of sense. So are there any illicit typologies that you’ve seen emerging in the last couple of years that you haven’t seen in the past that more compliance professionals should take note of? Probably also an unfair question, because there are millions you could choose from, but we’ll take, we’ll take your top one. You
Kamran
beat me to it. There are a lot of new typologies. They’re also they’re also new iterations of existing typologies. So it’s not always the case that criminals have to reinvent the wheel. They can also just use an existing typology in us in a more smart way. Having said that, I’d say one of the most prominent New typologies that wasn’t around a few years ago is the increase in cyber enabled crime via generative AI. So we’re talking about synthetic ID documents, which are able to bypass standard KYC and IDV checks. It’s quite it’s interesting because AI, in one hand, is allowing for criminals to proliferate in their criminal activities. But at the same time, the very solution to these issues could also be AI and machine learning driven, for example, a solution to synthetic ID fraud could be behavioral biometrics, and that would be more of an algorithmic, machine learning based system. So it’s, it’s that double edged sword of AI. It gives and it takes. Yeah, it’s that balance. We have to find a few other things that I personally have found very interesting, and I’ve done a lot of deep research regarding are the increase in complexity of cross chain laundering. We’ve known for a long time now that, of course, Bitcoin is not the only space for laundering, and year on year, publications by yourselves at chain Alice’s show that that liquidity is now much larger than other chains, and where there’s liquidity, you can hide stuff. Yeah, things are no longer a drop in the bucket. They’re a drop in the ocean. But also the methods used to crush cross chain laundry becoming more and more complex, so there’s more and more sophisticated uses of bridging, of dexes and swaps. I’m sure we’ll probably get onto this later, but the Lazarus group interestingly, interesting. They’re even using meme coin swaps to launder money, which is actually crazy, if you think of it. So that’s just showing how cross chain laundering is just increasing at a scale where it’s becoming hard to catch up with it. And yeah, lastly, I would say stable coin based, trade based money laundering. So certain stable coins are now a home for a lot of sanctions, of sanctions evasion by certain regimes and actors. And that’s once again, Intel that more and more analytics companies are. Up posting about, for example, chain analysis. Yeah, so I’d say those are the three themes I would I personally focus on, because I think from those three themes you can unpack a lot of other typologies
Caitlin
for sure. Yeah, and it’s, I mean, anytime you’re dealing with criminal enterprises, it’s almost like whack a mole, right? Like, the minute you figure out whatever typology they come up with, you put controls in place, and then they get smart. I mean, criminals are smart. You can’t you can’t say that they’re not at this point, that’s for sure. So one of the few elements that crypto and traditional companies are well aware of is transaction monitoring. How are these industries different and what processes are more similar than people think?
Kamran
Okay, I think I’ll break this down into two questions. They are similar and different the same time. So when it comes to, let’s say, transaction monitoring, across both crypto and Trad. Fight with crypto, there’s a stronger focus on real time, on chain monitoring, utilizing advanced methods such as clustering and path finding, which are all things that chain analysis offers. This allows you to understand the provenance and destination of the assets, but without further information, you don’t necessarily know who the underlying actor is, right? You can see a cluster. You can see how it behaves in response to other addresses, but you don’t know, actually, without further attribution or evidence, who’s behind that. Now, tradify, on the other hand, has strong, has a stronger focus and framework, so you know who you’re dealing with, but you don’t always have that end to end transparency over what they’re doing without further information. So whilst you we may paint a picture that that they’re both different, they’re also similar in the sense that actually, whether it’s tradify or crypto, if you’re talking about a mature company in either space, they will be leveraging both. They’ll be leveraging strong insights, strong reg tech, but they’ll also be basing that on a strong fundamental framework, because you have to make sure your house is built upon strong foundations before you add to it. So I’d say whilst I started off talking about differences, actually they’re probably more similar than people will think. And on that note, in terms of what processes are more similar, it’s sort of what I said already. If you’re looking at strong players, established firms in the crypto and tradfi space, all of them will they’ll appreciate what it means to have an end to end controls framework so they know how their transaction monitoring feeds into their ongoing their ongoing monitoring, and they know what that that ongoing loop is to make sure that they’re protected firm wide. So I’d say, yeah, there’s a lot, there’s a lot to say that is similar across both
Caitlin
Yeah, and I think there’s probably a bit of a misconception that you know crypto transaction monitoring is so different from traditional Fiat transaction monitoring, and that it’s way more technical and way more burdensome. Where, again, my own personal bias, I think it’s easier at times, because you’re not googling Caitlin Barnett LLC, you’re quickly seeing that it’s coming from a dark net market, or it’s coming from a legitimate exchange that you have no concerns about. So I think, you know, education in this space continues to be super important, just to highlight that there really aren’t these grave differences,
Kamran
absolutely, yeah. And I think at the operational level, whilst there are a few differences, that’s more so just getting to grips with a new learning curve, once you start doing it, seeing how our teams actually work in disposition alerts, it’s very similar to what you do in try to find across web two so to speak.
Caitlin
Yeah, absolutely. So you kind of already touched on Lazarus group, so I think everyone listening to this episode is well versed to know that, you know, we’ve seen a bunch of hacks, and DPRK continues to be one of the biggest threats to this community. So what can you say, high level about hacks, and your thoughts on how the community in general reacts to these DPRK attacks?
Kamran
High level using the recent example, I would say one of the clear findings is that the speed at which the analytics space attributed these events to Lazarus. So straight away, on chain, investigators were able to find previous test addresses utilized by Lazarus and linked them to the cluster that’s that’s involved in the recent events. So that’s showing that the analytics space is getting getting smarter. In the past, this would have taken several days, and I think it took about 24 hours this time. So you can see the pace is evolving at the same time, Lazarus is evolving in response to that pace. So we can see this time, I’ve been trying to carefully follow the millions of webs of transactions just on my screen, and I’m trying to look at what’s going on, but Lazarus seemed to be laundering in a much more fragmented way than usual, which probably reflects a sentiment that they know that everyone’s onto them. They know they can’t act with the same level of impunity that they’re used to, because they will get frozen if they touch a centralized touch point. So they’re using different methods, or slower methods, I think even the utilizing old mixes, for example. Yeah. So I would say that the recent events. Show that a strong, strong, coordinated approach is very, very much necessary, because this has an industry wide impact when a crypto exchange gets hacked. Also, recent stats show that around 20% of the funds have gone dark, which means that they could never be recovered. And of course, we know that North Korea is not exactly an open regime, so if 20% of the funds have gone dark, it’s unlikely that recovery attempts will be successful, so this once again highlights the impact of these events and the need to act, act quick and in a coordinated fashion. I would say one other finding from the recent events are questions surrounding information sharing both positive and negative. And of course. I guess we can unpack that separately, but there’s a lot one can say about that. I
Caitlin
think we could probably do a whole episode on topic alone. So do you believe that this is just the start of a new attack vector that hasn’t been opened by the most infamous hackers in crypto and in traditional settings, and what can other crypto companies do better to protect themselves? That’s
Kamran
a really good question. Caitlin, I think, of course, with a caveat, I’m not a cyber SEC expert, but the underlying tactics involved in the recent events were, in essence, the same as always. There were potential social engineering, phishing, device compromising and spoofing. None of these are going to alarm anyone in the cybersecurity community. Everyone knows what these are. So these underlying tactics are not new. I’d say what was new and what was surprising was the scale and the level of sophistication at which Lazarus was able to use these techniques, because they were able to do it in a way that simultaneously targeted both technical and human vulnerabilities. And I guess this reiterates the very well known saying that your security is only as strong as your weakest link, whatever that weakest link is, whether it’s human or it’s technical, and that’s a stark reminder for crypto companies going forward, what companies can do to safeguard themselves. I guess it would be things like further securing your development, your developer environments, enforcing stricter transaction controls, definitely doing further vetting of your third party integrations and overall training. I know this talks about, for example, introducing zero trust structures too, but that’s a very cryptographically intense procedure, and it’s probably not something available to every firm out there who’s worried. So I’d say what every firm can probably learn from this is make sure you’re doing the small things properly, because actually what these events show is that it was a small things that ultimately allowed Lazarus to enter the system of
Caitlin
the entity that act. And I think, wild to see that, like all of these little, small things can add up to such like a grave, grave situation. Yes,
Kamran
absolutely.
Caitlin
So switching gears a little bit. As you know, 2025 has been the year to discuss regulation, with mica coming into effect, and regulations in the UAE, Hong Kong, Singapore, and obviously a lot of momentum in the US with the new administration. Where do you position the UK when it comes to crypto asset regulation, and can you explain some of the many licenses that you have to operate in the EU region? Absolutely.
Kamran
So let’s start by talking about the UK, because I think there’s a lot of strong opinions on this topic. To say it bluntly, the UK is taking a methodical yet slower approach, because the overarching aim for the UK is to balance innovation with consumer protection so broadly, they’re trying to develop a framework that is comparable to the EU’s micro regulations. Now, this measured approach by the UK is it’s measured because they want to be able to tailor the framework to the risks of the home market, right? However, this also raises a very legitimate question, which is, does all this mean that the UK is just, is just, they’re just too late to the market. Have they stifled invasion? Have they taken too long to come up with this? And are firms now moving elsewhere, where the regulatory clarity is stronger? Um, I’m not looking for an answer there, by the way. I’m just trying to peek Yeah, because I’m there’s there’s yes and no answers to that question. But it does raise a very interesting question about potentially overreaching and the scope of regulation stifling innovation. To now speak more directly about BCB and what we hold from a license point of view. In the UK, BCB is authorized by the FCA as a payments institution. In France, we hold two licenses, so via the ACPR, we are an E money institution, and by the AMF, we are a dasp. A dasp is a digital asset service provider, also in Switzerland, via the vqf, we are a FINMA recognized we’re part of the FINMA recognized self regulatory authority. So in essence, BCB. Group holds all the requisite licenses to do business safely and sustainably across the UK and Europe, and we’ve not been afraid to chase the tier one licenses. Getting licensed in France is not an easy task by any means, but we’ve done it, and we did this for two reasons, because we want to be part of a strict regime that knows what it’s doing. But secondly, we also want to give our customers and counterparties comfort, because just by seeing that we have a tier one license, they know that we sort of know what we’re doing. Reputational impact, I think reputation is always a theme, and it’s that reputational impact that it has for us. And I think
Caitlin
you bring up an interesting point, you know, on the regulator specific to the UK, and not giving an answer one way or the other, but I do think one thing that a lot of people who live and breathe crypto daily kind of forget the regulators don’t. It’s a very, very small fraction of their overall regulatory portfolio. And so in some sense, when we see some of the regulators moving at a slower pace to balance that innovation, it does make sense, right? Because if you were to come out very quickly with regulation, we see how quickly the crypto ecosystem moves, so they’re going to come up with something new tomorrow that is going to make the regulation outdated within two weeks. So it’s a really hard act to balance. So I do show a lot of empathy for the regulators, and I do think oftentimes they are given a bad rap, but they don’t. They’re not living and breathing it like the rest of us.
Kamran
You’re so right. I do echo your sentiment. And to add to what you you said, Caitlin regulation doesn’t exist in a vacuum. Yeah, it’s iterative, and it changes. And I think the FCA is in the UK, has done a very good job, because quite often they release consult consultation papers, yeah, where they actually reach out to industry saying, Okay, what do you think about these themes? What can we do? And they consolidate those responses to inform the next steps. So, yeah, I think we do need to cut regulators some slack too. They’ve not got a very easy task whatsoever. Yeah.
Caitlin
And now give BCB some brownie points for for giving that slack as well. Right? Exactly. So as Mika and the TFR continue to roll out, there seems to be a lot of confusion when it comes to reading these regulations in unison with guidelines from the EBA, etc. What are your overarching thoughts about Mika, which also could probably be an entire episode. Feel so feel free to just go as high level as you’d like. My first
Kamran
question is about to be, how long do you have high level mica and related regulations such as a transfer regulations? They they mark the largest step towards harmonizing EU crypto regulation, which is brilliant, because this is what we’ve been screaming about for years. We want harmonious, consistent regulation across markets, right? Yeah, however, the success is a different story. So the success of these regulations and guidelines that would hinge on a consistent implementation and that would require clear guidance to avoid fragmentation, because on paper, it’s a unified regulation, right? What if different different countries have a different interpretation of the guidance, they apply it differently, and that leads to fragmented understandings which are not transportable across jurisdictions. This is why the regulators are being highly cautious, and they’re making sure to provide clear guidance that is equivalent across jurisdictions to counter the highest risk of fragmentation, really.
Caitlin
Yeah. Yeah. So do you think having such a comprehensive regulation is beneficial for the EU adopting and innovating in digital assets, or do you believe the cost to get a license and follow the compliance requirements will potentially price out many of the players in the region,
Kamran
as with most things in this industry kit, and it’s a balancing act, so there are good and bad, if we put on a scale, the good or the great is that the industry, for a long time, as I mentioned, has demanded a consistent regulatory framework. Markets hate uncertainty. So with this certainty coming in, that’s going to allow crypto to be more comparable to Trad fight, it’s going to the certainty will attract more players to the market. At the same time, you’ll probably drown smaller players who don’t have the resources or time to come to terms with these onerous requirements and regulatory burdens. So whilst these comprehensive regs that allow companies to position position themselves at the forefront of, I would say, of what is an increasingly legit industry, it’s probably going to be very concentrated in the sense that those who will benefit the most will be the bigger players who have the resources to do so the smaller, agile shops that are otherwise great May, unfortunately get priced out. And for them, it’s, it’s really, it’s up to them to them to decide what their direction is.
Caitlin
Yeah. Compliance does have a cost, unfortunately. Yeah, exactly. So similarly, does the new implementation of the travel rule help compliance programs to reduce fraud and scams due to the amount of beneficiary information that will be needed, or does it just. To add to the burdensome reporting requirements for most crypto companies,
Kamran
it does help, because conceptually, the travel rule is trying to create a system similar to Swift messaging, which will allow for or not allow for anonymous transactions. It’s much harder to operate anonymously in this new world. So this enriched information will, of course, assist financial crime departments, because it’s it leads to more transparency. Compliance loves many things, and compliance loves transparency the most. Probably so without doubt, it will, it will be beneficial. However, you already mentioned Caitlin that there will be come with some reporting requirements, particularly at the start. So these will naturally lead to operational challenges. So the main challenge for firms is going to be how to find balance between compliance and innovation, how they can grow without compromising their regulatory requirements that are ever increasing and probably are going to change time and time again. Yep,
Caitlin
I would expect that. I think that’s a good, good bet. So what have been the biggest advantages and challenges for your clients that are also operating in these regions?
Kamran
The biggest advantage, I would say, is something I already mentioned, is that the knowledge of regulations coming has allowed for certainty and consistency and for firms, part of the battle is actually just knowing what’s expected of them. It’s very hard. Sometimes you’re sometimes playing a guessing game of trying to figure out what your counterparties and regulators want off you. But now having hard caps and knowing what’s required is great. And as I mentioned before, markets hate uncertainty, but they love certainty. So that’s brilliant for everyone. Yeah. Most obvious disadvantage that I could spell out is that it will lead to more complexity, and it will lead to a higher cost of navigating new requirements. So this, this certainty comes at a cost, and the cost is operational and financial.
Caitlin
Yeah. So stable, stable coins are increasingly becoming the killer app in crypto, accounting for almost two thirds of every crypto transaction. We have seen a lot of regulatory scrutiny that seems to be dulling the teeth of this innovative technology to provide inexpensive cross border payment options. What are your thoughts about stable coins and the regulations in the EU and elsewhere that may impact their usage. Man, every question I’m asking you could be an episode in and of itself. So again, like high level, feel free to answer however you see that you
Kamran
prepared well today, yeah. So stable coins, for sure, have attracted significant reg attention in mainly, not just mainly, but if you look at the news, is the US, UK and EU, that’s sort of leading the charge against stable coins or the charge to support them. This is not my area of expertise, but from what I understand, the US proposes to extend banking related acts to stable coin issues. So stable coin issues would fall part of the bank fall as part of the banking system proper. The UK is a bit different. The UK is proposing to treat stable coins under their electronic money frameworks. But I think the overarching theme is similar, that they see stable coins as a form as a form of money, and that form of money needs to be prudentially regulated and supervised. So in the EU mica itself, it imposes strict requirements for certain stable coins, such as, there must be one to one backed with low risk assets, and that does mean that certain stable coins will not have a home in Europe anymore once the legislation is fully passed and the grandfathering period is over, so certain stable coins that don’t meet those hard caps that requirements will have to go elsewhere. So it will fragment the market, and it will probably create some type of arbitrage where a certain stable coin will be more prominent in developing markets and a certain Stephen the proxy for the developed markets. So in addition to that, the biggest challenge, I would say, lies in preserving the transformative potential of stable coins whilst all these regulatory changes are taking place, because I think Mika and their equivalent frameworks are great for reasons I mentioned, but they come at a risk, and the risk is stifling the underlying utility of stable coins so that that marriage needs to be very carefully evaluated
Caitlin
Absolutely. So, taking the industry as a whole, is there any technology or initiative that you see emerging in the industry that you’re excited about? Whether it’s real world asset tokenization, various new ETFs? What excites you the most? What
Kamran
excites me a lot is something that was quite prominent many years back, you know, when the metaverse and web three narratives were super hot, and then it sort of just died, and all the vaporware left. But there’s been one, there’s been one concept that is still around because it’s has a legitimate value proposition, and it’s called a decentralized ID or a or. A D ID. I’ll say a D ID for short, because it’s easier on my tongue. Yeah, a D ID, it’s a unique identifier that’s linked to a user’s public, private keeper. So in essence, their ID is cryptographically verified when they share it, and this eliminates the need for a centralized intermediary, because you, in essence, you, you are in charge of sharing your ID details. And having said all of that, I think the biggest benefit of this is because a D, I d is going to enhance information sharing and privacy because it allows you to share only what’s required that avoids data misuse. As a more practical example, let’s say that someone is asked to prove that they were born in 1990 right? They might present their driver’s license to prove that, but in showing that you’ve shown your age, probably your address, your jurisdiction, what vehicles are authorized to drive, and any other metadata associated with the driving license. So for one piece of information, you’ve given away potentially five unnecessary points of information. D IDs do away with these with this data misuse and this data over sharing, and that also then eliminates single points of failure, because only one piece is being shared through a more sort of zero trust or zero knowledge mechanism. And I would say D IDs, they’re going to be a huge part of the building of a user centric digital ecosystem. So that’s why I’m so keen to understand more and more about the IDs. I’m
Caitlin
so glad you said something like that instead of some of the things that I mentioned, because I find that to be a super interesting use case. Okay, so can you share where or what is next on your roadmap and what announcements or partnerships that you’re excited about as we continue on into 2025
Kamran
absolutely for myself and primarily for BCB, the focus for 2025 is to scale our core offerings for scalability and sustainability. So we large part of what we want to do is improve upon what we already have and just offer a stronger, sleeker and more streamlined service, streamlined service to our customers. Having said that, we’re also launching new products, and one of our latest launches is flex collect now. Flex collect it. It enables the collection payout process of processes across currencies. So imagine you’re a customer with both a Fiat and a crypto Treasury requirement, or a Treasury in Fiat and crypto, and you may be a payment service agent, or you may be a merchant acquirer, or something where you have both collection and payout needs. Flex collect is going to allow you to do that all in a unified platform. So it really simplifies complexity and it unifies it in a single, consolidated platform for your access. So tell everyone to stay tuned and look out for that.
Caitlin
Yeah, for sure. So what is the best method for our listeners to see what you’re working on and to connect with you on social media?
Kamran
LinkedIn? Without doubt, just search my name up and you’ll find me. But I I’m trying to get more and more active on LinkedIn, and if I’m not posting, I’m probably liking something that someone else has posted, so just reach out, and I’m sure if there’s a conversation to be had, we can have it on LinkedIn. Cameron,
Caitlin
it was such an absolute pleasure having you today. Sorry. So many of my questions were heavy hitters that could have kept us here for hours, but I’m so glad we got to chat and really appreciate you taking the time
Kamran
likewise. And thank you very much. Caitlin, you.
