Author: Spinach Spinach Talks Web3
Original link: https://mp.weixin.qq.com/s/oQXbxvb2ugxYFclJNiMz4A
Disclaimer: This article is a reprint, and readers can obtain more information through the original link. If the author has any objections to the form of reprint, please contact us, and we will make modifications as per the author's request. Reprints are for information sharing only and do not constitute any investment advice, nor do they represent the views or position of Wu Shuo.
Recently, Spinach read a briefing paper published by the Bank for International Settlements (BIS) — (Anti-Money Laundering Compliance Solutions for Crypto Assets). As the central bank of central banks, every report from BIS becomes a benchmark for financial regulation across countries. So when I saw the title, my first reaction was: finally, someone has come up with a clever way to regulate cryptocurrencies? However, after reading the entire text, I realized that this paper is not a usable solution; it might be more akin to a dignified surrender. BIS, with academic language, subtly acknowledges a harsh truth: the KYC/AML systems of traditional finance have completely failed in the face of the decentralized crypto world. What is their proposed 'innovative' solution? Rating wallets, advocating for users to check each other’s compliance, and performing final checks at the points of deposit and withdrawal. This is like a martial arts master, who has spent a lifetime practicing the Dragon Subduing Eighteen Palms, suddenly realizing that the opponent is coming in a tank, and suggesting everyone put up a sign at the city gate: 'Tanks are prohibited.' Not to mention the high implementation and coordination costs of scoring, even if it is implemented, what if someone just throws some poison into a higher-rated wallet account? Advocating for users to check each other is like asking you to check if a dollar bill was used to buy drugs before accepting it. It may be theoretically feasible, but it's absurd in practice. Performing KYC/AML at the deposit and withdrawal stages may be the last dignity left for these traditional institutions, at least you can still verify identity and source of funds. Why do I say that the traditional regulatory system has almost completely failed on the blockchain? Let's take a look at a ridiculous regulatory rule that regulatory bodies around the world are still trying to enforce — the Travel Rule.
To understand the absurdity of the Travel Rule, we first need to understand its origins. In 1996, during the era of dial-up internet, the Financial Crimes Enforcement Network (FinCEN) in the United States first introduced the Travel Rule as part of the Bank Secrecy Act. The requirement at that time was simple: when banks process wire transfers over $3,000, they must pass on the sender's information to the next financial institution. This worked well in the traditional banking system. Why? Because banks are centralized, have complete customer information, and have standardized information transmission systems like SWIFT. The Industrial and Commercial Bank of China knows everything about Zhang San, and the China Construction Bank knows everything about Li Si; exchanging information when transferring funds is a natural process. But by 2019, the Financial Action Task Force (FATF) made a game-changing decision: to extend the Travel Rule to cryptocurrencies. What is FATF? It is an intergovernmental organization established in 1989 to combat drug money laundering. Its '40 Recommendations' are considered the gold standard for global anti-money laundering efforts. When FATF speaks, regulatory bodies around the world must listen. On June 21, 2019, FATF passed the interpretive note for Recommendation 15 (INR.15) in Orlando, extending the original Recommendation 16 (Travel Rule) applicable to traditional financial institutions’ wire transfers to the virtual asset space. It requires virtual asset service providers (VASPs) to collect and transmit the sender's and receiver's identity information when processing transactions over $1,000 / €1,000, including: Name, Account number (wallet address), Geographic location or ID number, and if necessary, additional detailed information. Their logic is: since the Travel Rule has been operating in traditional finance for over 20 years, it should work in the crypto world as well. The problem with this logic is that they completely misunderstand how blockchain works.
Let’s take a look at the current state of the Travel Rule's implementation. According to FATF's report in June 2025, 99 jurisdictions claim to have passed or are in the process of legislating the Travel Rule. Sounds impressive, right? But the devil is in the details. 75% of jurisdictions are still only partially compliant or non-compliant, the same percentage as in April 2023 — 75% of 73 countries, zero progress. Why is this the case? Because each country is working on its own set of rules. The United States has maintained the old 1996 rule: the $3,000 threshold. But FATF recommends $1,000, leading to the first division. Singapore was one of the first countries to respond, implementing the rule on January 28, 2020, with a threshold of 1,500 Singapore dollars. South Korea implemented it on March 25, 2022, with a threshold of 1 million won (approximately $821). Japan stated that all transactions must comply, regardless of the amount. The EU is even more extreme, delaying implementation of the Funds Transfer Regulation (TFR) until December 30, 2024, and then stating: we have no threshold, even 1 euro cent must comply with the Travel Rule. What is the result? A transfer of $1,500 from the United States to the EU — the U.S. says no Travel Rule is needed, while the EU says it is required. Both sides are 'compliant,' but the transaction is stuck. And this is not the most chaotic situation. Israel implemented the Travel Rule in 2021, with zero threshold, but almost no other country has connected with it. Canada also has a zero threshold, but its rules are incompatible with those of other countries. What is the result of this fragmented approach? According to an industry survey by Notabene in 2024, despite some improvement from the previous year (from 52% to 29%), 29% of VASPs still send Travel Rule information indiscriminately to all counterparties without conducting any due diligence assessments.
This 'broad net' approach actually reflects an embarrassing reality: most VASPs are just going through the motions, as there’s no way to verify whether counterparties are actually using this information or whether they are compliant.
DeFi: The Blind Spot of the Travel Rule
While regulators are still entangled in the Travel Rule for centralized exchanges, DeFi has completely circumvented this issue. The premise of the Travel Rule is the presence of VASPs (intermediaries) to enforce it. I directly swap tokens on Uniswap using MetaMask. Is MetaMask a VASP? It's just a browser plugin. Is Uniswap a VASP? It's just a piece of code. Are Ethereum miners VASPs? They are just validating transactions. When both parties trade directly peer-to-peer, there is no intermediary to enforce the Travel Rule. This is as absurd as asking the air to enforce the law. Who is required to enforce the Travel Rule? Is it asking code to provide KYC information? FATF's response to this is that developers of DeFi protocols should be considered VASPs. The absurdity of this logic is akin to saying that the inventor of the TCP/IP protocol should be responsible for all internet crimes. Vitalik Buterin created Ethereum, so does he have to take responsibility for all illegal transactions on Ethereum? If Satoshi Nakamoto were still alive, would he be sentenced to life in prison?
What do actual criminals think of the Travel Rule? They probably see it as a comedy. Criminals use traditional Smurfing tactics to evade the Travel Rule, breaking large transactions into smaller ones. Want to transfer $18,000? Split it into 20 transactions of $900 each, sent from different wallets and at different times. Each transaction is below the threshold, so the Travel Rule can't touch it. North Korean hackers stole $1.46 billion from the ByBit exchange this year — the largest cryptocurrency theft in history. Did they use the Travel Rule? Of course not. In 2024, the amount of cryptocurrency used for illegal activities reached tens of billions of dollars. None of these criminals were caught by the Travel Rule. Another consequence of the Travel Rule is that it exacerbates regulatory arbitrage; every time regulation tightens, it's like squeezing toothpaste — you squeeze it here, and it pops out there.
The Travel Rule does not bring solutions but astronomical compliance bills. According to estimates, the costs for a medium-sized exchange to implement the Travel Rule include: technology solution procurement: annual fee of $100,000 to $500,000; system integration and renovation: one-time cost of $500,000 to $2 million (requiring a complete overhaul of the trading system); compliance team expansion: annual salary cost of $200,000 to $1 million (requiring a dedicated Travel Rule compliance officer); legal consulting fees: annual fee of $100,000 to $500,000 (different countries have different rules, requiring local legal support); auditing and reporting: annual fee of $50,000 to $200,000. This is just the visible cost; what about the invisible ones? This high compliance cost is accelerating market concentration; the giants certainly support the Travel Rule — they can afford the compliance costs, while competitors cannot. This is not regulation; it is market cleansing through regulatory costs. What is the biggest hidden cost? The death of innovation. A startup team first has to consider not technical innovation, but: does this comply with the Travel Rule? Can we afford the compliance costs? What if we are identified as a VASP? The result is that innovation either shifts to regions with looser regulations or is simply abandoned. We are stifling 21st-century innovation with 19th-century thinking. This is the truth of the Travel Rule: a huge sum is spent to establish a useless system that, aside from increasing costs, reducing efficiency, and stifling innovation, has solved nothing. Meanwhile, ordinary users have to foot the bill for this regulatory farce — endless forms to fill out, interminable audits, and exorbitant fees.
Participants in the Regulatory Theater
Current cryptocurrency regulation is like a carefully choreographed drama, with each player having their own script: Regulatory agencies: 'Look, we are enforcing the Travel Rule! We are protecting investors!' (Knowing it's useless, but needing to show results) Large institutions: 'We are fully compliant!' (Actually just going through the motions, asking you, 'Is this your wallet?') Small institutions: 'We are working hard to comply!' (Actually thinking about how to move to a less regulated place) Users: 'I comply with the Travel Rule!' (Actually have learned how to circumvent it) Criminals: 'Travel what Rule?' (Continue doing what they do) Recognizing reality but not giving up on thinking. At this point, you might ask: what should we do? First, we need to clarify: this article is not criticizing regulation itself but pointing out the current situation. The original intention of regulation is good — to prevent money laundering, protect investors, and maintain financial stability. These goals are unassailable and indeed necessary. What we criticize is using the wrong tools to achieve the right goals, akin to using a hammer to tighten screws — the tool is wrong, and no amount of effort will help. We need to acknowledge a fact: in a decentralized world, traditional regulatory tools have failed. This is not a technical problem but a paradigm issue. Just as you cannot manage cars with the methods used for managing horse-drawn carriages, you cannot manage DeFi with the approaches used for managing banks. But this does not mean abandoning all regulatory efforts. On the contrary, we need a new way of thinking. Good regulation should be like traffic rules — not preventing people from driving but making the roads safer. Perhaps what we need is not a globally unified standard, but healthy competition among different jurisdictions. Regulatory innovation and technological innovation should proceed in parallel, not in opposition. This requires strong on-chain data analysis capabilities. Companies like Chainalysis have already proven that suspicious transactions can be effectively identified through behavioral analysis, without needing to know everyone’s ID number. In a future where regulatory frameworks become clearer, compliance infrastructure will become critical infrastructure for the crypto industry. What we should be calling for is not anarchism but wiser governance. Regulators and practitioners should sit down for sincere dialogue, understand each other's concerns, and jointly explore regulatory paths suited to the characteristics of new technologies. After all, the true enemy is not regulation or cryptocurrencies, but those who exploit technological loopholes for criminal activities. In this regard, the goals of regulators and practitioners are aligned. In conclusion, going back to that BIS report. On the surface, it proposes solutions. In reality, it records the end of an era — the traditional financial order's jurisdiction over crypto assets is irreversibly declining. This is the state of crypto regulation in 2025: an expensive game that all participants know is a joke, yet everyone has to continue performing. The Travel Rule, from the bank wire transfer rules of 1996 to being forcibly transplanted into the crypto world in 2019, itself reflects regulatory inertia — putting new wine in old bottles, managing highways with horse-drawn carriage rules. As Hayek said, 'The road to hell is paved with good intentions.' Current cryptocurrency regulation may very well be such a road. The original intention is good — to prevent money laundering, protect investors, and maintain financial stability. But the result of execution is increased friction, hindered innovation, and activities pushed underground. Pandora's box has been opened, and the decentralized genie will not go back into the bottle. Rather than continue this doomed war, it is better to think about how to find balance in the new world. This requires not stricter rules but entirely new wisdom. And this wisdom will clearly not come from those regulatory bodies still managing 21st-century technology with 20th-century thinking. The future is not a place we are going to; it is a place we are creating. We can only hope that when history looks back on this era, it will not record it as: humanity once had the opportunity to establish a more open, transparent, and efficient financial system, but it was ultimately messed up by a group of bureaucrats who did not understand technology. That would be a greater joke than any regulatory failure.
