The Identity Tooling Needed for Institutional Adoption of DeFi
In the past year, the term Web3 has become an increasingly used buzzword. The growth in different blockchain protocols and metaverse projects seem to have shed a light on how the new Web3 might look like. We are on the forefront of technology innovation, and we are really excited about it. Yet, it is important to remember that Web3 is not just about crypto and metaverse, but how we define a more user-centric internet. Behind every shining DeFi protocol or NFT project, there is an infrastructural layer supporting them.
Most of the current decentralised finance (DeFi) protocols are pseudonymous in nature (meaning each user is tied to an identifier but not to its real world identity). As these protocols start to grow into institutional adoption, inevitably they will need to comply with certain institutional regulations. One example being some of the users might now need to undergo the Know-Your-Customer (KYC) verification in order to continue interacting with these institutions through the DeFi protocols. I envision that as DeFi matures, the underlying protocol that facilitates the settlement / transactions would be fully decentralised and trustless, while specific use cases can be built on top of the protocol where some might introduce regulations.
A concrete example is Aave, one of the largest DeFi protocols deployed on multiple blockchains such as Ethereum and Avalanche. Aave first started out as a decentralised lending and borrowing protocol. Earlier this year, Aave launched a permissioned protocol (Aave Arc) that targets institutional adoption. The benefits that a blockchain can bring to speed up efficiency of financial settlements do not have to be limited to a fully decentralised setting. However, users that interact with Aave Arc have to undergo KYC in order to meet regulatory requirements.
As more DeFi protocols are becoming more regulated to expand their markets to financial institutions, does that mean that as an end user, each time I want to access a different protocol, I have to undergo a KYC verification again and again? Other than not user-friendly, it makes an already high barrier to entry in DeFi even less accessible.
A digital identity might help. Imagine if an end user only has to undergo the KYC process once, where it receives a digital identity where it can subsequently present to the different DeFi protocols. With increasing awareness of data privacy and data ownership, users want to be in control of their own data. As an end user, I no longer want to delegate my identity data to a centralised data custodian (think Google ID), especially sensitive data such as what financial services I am accessing. There is a need for a privacy-preserving identity solution, which provides convenience yet still user-centric.
In my opinion, the next generation identity tooling is one where users are always in control of their own data. Once a user has undergone the usual KYC verification, it receives a cryptographic digital credential which contains the user’s verified identity data. The identity data is only stored in the user’s mobile phone and not in any central databases. An identifier of the credential is recorded on a public permissionless blockchain, such that when the user presents its credential, it is verifiable that the identity data in the credential comes from the trusted KYC provider. In fact, this technology (self-sovereign identity) is slowly gaining adoption in Web3. During KYC reverification, data transfer only happens between the user and the verifier without passing through any third parties. Therefore, users are always in control of how they want to share these data and with whom.
Web3 is still a fairly new space. People are still exploring different ways to try out different innovations and measure the impact. However one thing is for sure, in an ever growing market, an identity tooling is essential for establishing the layer of human trust.