Regulatory Compliance

Thanks @onblock!!

I know few vendor like Blockpass, PureFi and Onfido but do not know which is best for protocol. Decentralisation is important for vendor

in talks with all three of them.

A few solutions are mentioned on article: https://cryptoadventure.com/top-5-kyc-solutions-for-crypto-or-nft-projects/

i am not sure which is the mnost suitable for panther protocol since it depends on specific infrastructure and what panther specifically needs. Looking forward to assessment since developers need to decide which vendor is the best!

Have the team connected with Fractal?

I am cruious about which vendor will be proposed. I dont know many vendors that are compatible for zero knowledge proof protocol.

The compliance and the product team spoke to different vendors and documented their offerings. The details are here :
Compliance provider

1. Onfido

Onfido’s Real Identity platform digitally proves your customers’ real identities using a photo ID and facial biometrics. So customers can verify themselves anywhere, anytime.

Features

Customer ID verification
Sanctions screening
CDD/Risk assessment
Risk rating applied
Periodic Reports
Fraud Prevention

Integration

Reduce application development costs and accelerate time to market leveraging detailed developer resources and ready-to-use functionality. Smart Capture is continuously tested and optimized to ensure compatibility with a wide range of iOS and Android devices. Built-in metrics track and measure performance to improve your verification workflows.(https://developers.onfido.com/)

Security

Onfido has been certified by BSI to ISO 27001 under certificate number IS 660122, SOC 2 Type II compliant, and data confidentiality meet the American Institute of Certified Public Accountants’ (AICPA) industry standards.

2. Veriff

Veriff is a global identity verification service company. The company offers services for online businesses to mitigate fraud attempts and assisting regulatory compliance.

Features

Identity Verification Solution
AML Screening
Biometric Authentication
ID Verification Software
Assisted Image Capture
Proof of Address
SSN Verification
Integrations
All API based calls to Veriff

Security

Veriff is compliant with CCPA, GDPR, SOC2 type II, ISO 27001, and WCAG Accessibility Guidelines.

3. PureFi

PureFi Protocol allows dApps to fully comply with local and global regulations while preserving decentralization and user anonymity.
Developed by AMLBot in partnership with Hacken Foundation to provide a full-cycle solution for crypto asset analytics and AML/KYC procedures for the Web3 infrastructure.
Moreover, PureFi Protocol will not use data from just one KYC/AML data provider, but instead will be an open market for verified providers to deliver ML analysis/KYC to dApps.

Features

PureFi On-Chain AML & KYC Framework — a framework for seamless integration and provisioning of KYC and AML pre-checks for dApp users.
Multi-chain compatibility: The architecture is built to be blockchain agnostic. It is currently deployed on the BNB Smart Chain, but can easily be deployed on any other EVM-compatible blockchain such as Ethereum, Polygon or Fantom, as well as non-EVM.
Customizable: Each dApp can set up a set of unique rules.
Developer friendly: Designed for easy plug and play with minimal code changes required. Compatible with most existing smart contracts and web3 wallets.

Integrations

Verifiable Credentials format enables for selective disclosure protocol usage thus enabling credentials holders to security share the minimum required amount of data with validators.

Security

PureFi will utilise a Zero-Knowledge based approach to generate secure data proofs capable of being validated with on-chain contracts. This provides users with the unique opportunity of receiving a PureFi Certificate and getting it validated on-chain without any third parties.

4. Blockpass

Blockpass is a reusable digital identity solution for any organizations that participate in the regulated and increasingly remote business environment where trust needs to be verified digitally. Blockpass offers an alternative process to cumbersome, repetitive and expensive identity document authentication, Know Your Customer (KYC) and Anti-Money Laundering (AML) screening. With Blockpass, end-users easily create a verified portable identity that they can control and reuse to onboard with any service instantly.

KYC Connect™ is Blockpass’ all-in-one flagship product - a full service, comprehensive solution for all onboarding needs.

■ Proof of Address checking
■ Face Match (matching faces with IDs)
■ Anti-Money Laundering (AML) check
■ Ongoing monitoring
■ Politically Exposed Persons (PEP) check
■ Sanctioned countries check

On-chain KYC ( in roadmap but not ready)

■ zero-knowledge product for Enterprise Customers ( not fully ready at the time of discussion)
■ Dashboard/ Support entirely managed
by Blockpass
■ Customers cannot access any KYC data on users
■ Customers check the KYC status of user
using API KEYs

Integration

Proven integrations into platforms for fully compliant token offerings and e-Wallets for compliant custody. Integrating Blockpass into virtual banks, crypto exchanges, ICO platforms, STFO platforms and Wallets.

Security

Blockpass UK is now certified to ISO 27001 by the British Assessment Bureau, a UKAS Accredited Organization. The award of this certificate (meeting the requirements of BS EN ISO/IEC 27001:2017) confirms Blockpass’ ability to provide KYC and AML tools for cryptocurrencies, Defi and other regulated industries globally, demonstrating the suitability of Blockpass for companies seeking regulatory solutions in any jurisdiction. The certificate is available to view here (https://cvs.babcert.com/babcert.asp?c=241611&v=k34q1g2c2q)

5. Trulio

Trulioo offers ID document verification by scanning a list of 5 billion identities in 195 countries. The company provides access to 4,200 types of documents, from driving licenses to residency permits. Trulioo can be used to meet KYC requirements, but also to check for AML watchlists.

6. Netki

Netki is a industry platform for working with enterprises and policy makers and creating standards in terms of tokens, identity, blockchain, risk and compliance. It features secure end-to-end encryption, high quality data services, fast onboarding, different levels of validation that addresses different risk levels, and developer tools.

Features

OnboardID for individuals
OnboardID for Corporations
Travel Rule Compliance

Security

As of 2022, Netki meets GDPR, IVMS 101, BIP75, and CCPA standards. We are actively working towards SOC-2 certification, and aim to achieve this by end of Q3 2022.

7. KYC-Chain (SelfKey Network)

KYC-Chain lets you verify identities, run Know Your Customer and AML checks and leverage blockchain KYC. The latter is offered via its sister company, SelfKey, which allows users to store their KYC details on-chain. KYC-chain has a bank-grade compliance toolkit, which can scan more than 10,000 data sources in 240 counties with a response time of 30 seconds.

Features

ID/V (Face Recognition & Biometric Analysis, Document Authentication
ID Verification, etc.)
Enhanced Corporate On-boarding
The SelfKey Network provides a set of tools for identity owners to securely manage their data in a digital identity wallet, and ‘one click sign up’ to a relying party service in the SelfKey Marketplace.

Built on SelfKey architecture, user identity data is assigned a decentralised identity key (DID) and stored in Claims documents. The SelfKey registers contain both the DIDs and a hash to these Claims documents.

Blockchain Analytics
Crypto AML

Security

Third-party audited and our protocols are transparent, documented, and verified.

Some strong contenders in this list

Partnering with Onfido will be ideal for ZKP

Purefi looks best because of the decentralisation and chain agnostic like panther protocol?

I am wondering which vendor has the best security and decentralization, we should go with the most decentralized option I think. I hope that the team takes this into consideration.

Seems like purefi has zero knowledge complaince solutions. Good fit for panther zk protocol and disclosures? since blockpass only has zk solutions on roadmap

PureFi | Panther Integration

Hello Panther Community! 𓃮

On behalf of our team, we wanted to share a few reasons why we think PureFi is the best fit for the Panther protocol ecosystem.

For a visual demonstration of how such integration would work within Panther, and a TL/DR that outlines all the key benefits of PureFi, take a look at the image linked below:

Unlike the competition, PureFi doesn’t use a single AML/KYC provider, as this would go against the core principles of crypto.

Instead, PureFi aims to be an open market that allows trusted providers to bring their AML data and KYC verification services on-chain to enable decentralised compliance.

And we’ve also recently announced an official collaboration with Polygon ID, which will see us become a Verifiable Credential Issuer within their ecosystem, allowing us to expand into other growing ecosystems while maintaining cross-compatibility with our standards.

We’re the only solution on the market that allows both AML Risk Score and KYC to be integrated directly into smart contracts, providing a completely unbypassable protection that ensures no one can bypass verification, even by interacting directly with the smart contracts.

This, together with effortless threshold automation, allows dApps to set the Risk Score threshold and what should happen if it is successfully met or maliciously exceeded.

Which differs significantly from the current integrations of centralised solutions within leading dApps such as Uniswap, Aave, Balancer and many more, where the protection is only present at the front end and can be easily bypassed, thereby contaminating the funds of all users using these platforms.

By operating as an open marketplace and integrating multiple providers, we are the only distributed solution on the market that allows applications to select the AML and KYC providers that best meet their needs and users to select the KYC providers they are comfortable with, improving the user experience.

We’ve been following the SSI and ZK paradigm since our inception, but in close collaboration with Panther, we’ve developed a brand new mechanism that eliminates the need to publish any data on-chain with zero footprint, ensuring that no one even knows you’ve been verified by anyone.

Our protocol is designed to be completely blockchain agnostic, ensuring that we can deploy on any blockchain that Panther deploys on, ensuring leading protection everywhere.

This is closely linked to the development of our own proprietary blockchain monitoring solution, which will use both our own extensive data sources of malicious addresses, and a decentralised system that will allow anyone to contribute and vote permissionlessly.

As Panther Protocol is being built as a revolutionary privacy solution, we fully understand that there will be a backlash from the community towards the step of integrating a compliance solution.

Privacy is normal, and as privacy maximalists ourselves, our mission is and always has been to make PureFi as decentralised and privacy-preserving as possible.

The AML Risk Score aspect is handled completely behind the scenes and doesn’t affect the user’s privacy or experience in any way, unless they would exceed the threshold defined by the Panther protocol, at which point they would be rejected by the smart contracts.

This ensures that malicious actors such as human traffickers, hackers or drug dealers are automatically rejected by the smart contracts, while fully preserving the privacy and user experience of normal users.

In order to be fully compliant, Panther has chosen a 2-step compliance process that includes the AML Risk Score and KYC, which will initially only include name and email, and if the requirements change and Panther needs to ask for other data from its users, you can be rest assured that it will be done in a completely privacy-preserving way, such as with PureFi Verifiable Credentials (VCs) powered by ZK-Proofs, ensuring that the rules can be verified but no sensitive information is shared in the process.

By becoming compliant, Panther can prevent the application and its users from being sanctioned by governments, as in the case of Tornado Cash, and normalize the use of privacy tools by completely removing malicious actors out of the equation, which will ultimately lead to a more private DeFi ecosystem and a better experience for everyone.

With PureFi being selected and incubated by the Hacken Foundation, enabling a close partnership with Hacken that allows us to maintain the highest security of our products.

Together with a dedicated team of over a dozen experienced members working full time and several more working part time, all dedicated to building our ecosystem of products.

PureFi Panther1920×1178 160 KB

Thank you PureFi team for the details here. The technical team is aligned with the solution approach.
To the community; it is good to see an ecosystem where Compliance partners are more decoupled and decentralized with standards being developed for on-chain KYC attestations and things like that. Panther is paving the way to such solution that safeguards User’s data and still makes the overall solution compliant.

Insightful contribution your decentralised approach is optimal to the safe guard users privacy, I’d encourage the community to approve PureFi as a compliance provider. How long it will take PureFi to integrate into the Panther ecosystem?

Great Solution by PureFi…I have had the time to review all the providers and thus far PureFi definitely stands out with their decentralised approach! Excited to see this being integrated into V1!

Hey everyone!

Thank you for contributing to the discussion thus far, and especially @jakubpurefi for his input here on the Panther forum. That said, we hereby share the Compliance Vendor Integration proposal (PIP-17) draft with everyone.

PIP-17: Compliance Vendor Integration

This proposal introduces PureFi, a compliance vendor, to the Panther Protocol ecosystem. Through this integration proposal, the community proposes a solution for Panther Protocol users to compliantly interact with the protocol and external parties providing financial services.

Background

During the last few months, the Panther community has been discussing compliance-related topics on the Panther forum [1]. During this discussion, multiple compliance vendors have been mentioned and, through this proposal, PureFi is proposed as the best solution for Panther Protocol based on, but not limited to, the following criteria:

• Decentralization
• Protocol-level integrations
• On-chain support for ZK-compatible attestations and signatures
• Fees paid (in $ZKP) on-chain by the protocol

The aim of this integration is to engage with regulatory compliance and normalize the use of privacy tools by removing malicious actors at the best of Panther’s efforts.

Description

If this proposal passes, PureFi becomes the first issuer of compliance credentials for Panther Protocol.

The “Compliance Provider” ( PureFi and the KYC provider they integrate with) performs the following duties:

• Maintains an on-chain list of valid of cryptographic key(s) (i.e. certificates) of Compliance Provider(s)
  • including the EdDSA public key available on Polygon
• Escrows the Compliance Provider’s (backup) keys with a reliable 3rd party
  • e.g. a law firm
  • in case the Compliance Provider goes offline
• Runs KYC and similar verification processes as required
  • at off-chain (HTTPS) requests from users
  • issuing a zk-friendly KYC attestation without disclosing users’ identity data to anyone else.
    • signed by the Compliance Provider (EdDSA on the babyJubJub curve)
  • supporting the “Master External Owned Account (EoA)”
    • an EoA, unique for each user
• Runs KYT checks (aka “wallet screening”)
  • performs ongoing blockchain analytics screening against sanctions lists & for illicit activity of every deposit / withdrawal
    • for stated “from”/”to” external address(es), token and amount
  • at off-chain (HTTPS) requests from users
  • Issuing a zk-friendly KYT attestation
    • signed by the Compliance Provider (EdDSA on the babyJubJub curve)
• Charges a compliance fee
  • Users pay a fee to the compliance provider to get the verification done as per the protocol’s acceptance criteria. PureFi will provide details on the fee structure after the successful testing of the integration itself. The expectation is that fees should be very economical for a user to run a transaction. The protocol onboarding reward can be viewed as compensating for this cost and hence the cost of compliance checks will be zero or very low for users.

Compliance tiers

The goal of the protocol design is to enable multiple Compliance tiers for different classes of users with different transaction limits. The compliance tiers will be tied to a ‘Zone’, where every Zone has a ‘Zone Manager which defines compliance procedures and configures rules for the Zone they operate. “Tier 1000”, as it is initially called, is the first Tier where the Zone Manager is proposed to be the Panther DAO. Other tiers for higher transaction limits and/or operated by VASP will be introduced in later phases.

Tier1000 will have:

• Simplified verification ( name, email, country)
  • Sanctions checks against major sanctions lists (US, UK, UN, EU)
• Geofencing
• KYT for every deposit/withdrawal amount (to/from addresses, token and amount transferred)
• Max $1000 daily withdrawal per user

Participation

Please vote to accept or reject the proposed actions detailed above.

Voting power is calculated by Snapshot.org taking a snapshot of the number of $ZKP tokens per holder at the block within which the proposal was created.

Sounds good to me. Would like to know more about the UK’s stance on compliance with respect to the zone - but that’s something beyond the purpose of this discussion.

I approve.

Looks good I like it. When do we vote?

Hey everyone: I hereby updated the Compliance Vendor Integration draft with the GitBook link and updated participation section.