Vote if Polkadot should be in compliance with financial regulations and laws

Hi Community,

Before I posted this referendum, I wanted to see if anyone wanted to discuss or share their concerns for not supporting this referendum.

Referendum Proposal: Procurement of AML/KYC Compliance Tools for Polkadot Community Members

Proposal Overview

This referendum proposes acquiring Decentralized Identity (DID) and Anti-Money Laundering (AML)/Know Your Customer (KYC) tools to ensure Polkadot’s compliance with legal requirements for Treasury-related activities, such as cross-border payments and financial reporting.

These tools provide the necessary infrastructure for those who need to comply with KYC regulations, leaving individual users free to conduct their own due diligence (DYOR). Verification is voluntary for community members—use is optional. Working or representing Polkadot may require verfication depending on the total value and your jurisdiction.


Why This Matters

  1. Compliance Is Not Optional:
    AML/KYC requirements are mandatory under the law. Without these tools, Polkadot risks regulatory penalties, fines, and reputational damage.
  2. Protecting the Ecosystem:
    Non-compliance could lead to regulators targeting Polkadot as a haven for criminal activity. This vote determines whether we build a compliant ecosystem or expose Polkadot to legal and financial risks.
  3. User Privacy Is Preserved:
    With Decentralized Identity (DID), users retain control over their personal data. Verification is secure, private, and limited to what is strictly necessary. Your identity will not be publicly disclosed.
  4. Focus on Accountability:
    Only those receiving payments (e.g., DOT rewards) or managing distributions on behalf of the community will need to comply with AML/KYC. For the vast majority of users, these tools will have no impact on your experience.

Key Compliance Requirements

Bounty curators and those distributing DOT must adhere to AML/KYC regulations, including:

  • Verification of Recipients for payments exceeding 1,000 CHF.
  • Reporting High-Risk Transactions (e.g., payments over $10,000 or cumulative transfers over $100,000 in 12 months).

Failure to comply can result in:

  • Fines up to $5M (jurisdiction-dependent).
  • Legal liabilities for improper reporting.
  • Criminal charges for willful non-compliance.
  • Investigations by tax authorities, including asset seizures.

Dispelling Misconceptions

  • Anonymity Is Not Under Threat:
    Polkadot remains committed to user privacy. These tools will only impact those seeking compensation or managing funds on behalf of the ecosystem.
  • Grifters and Bad Actors Will Object:
    Resistance to compliance often comes from those who benefit from the lack of transparency. AML/KYC tools ensure a fair and legal environment for contributors and curators.

The Choice

This referendum is a vote for Polkadot’s future:

  • Yes: Equip Polkadot with the tools to comply with AML/KYC requirements, protect the ecosystem, and ensure accountability.
  • No: Risk regulatory actions, fines, and reputational damage that could harm Polkadot’s ecosystem and its contributors.

Learn more about AML/KYC regulations here:
Anti-Money Laundering Regulations – A Comprehensive Guide

Vote wisely.


I am not sure if we have a compliance officer or point person - or legal advisor, but I have Disclosure Statements that should go to beneficiaries providing notice they are responsible for reporting the DOT they receive as income tax, and a draft bounty curator compliance handbook for curators and protect Polkadot from non-compliance fines and penalties.

Disclosure Statement:

Curator Compliance Handbook:

I have an in-take form with the required AML/KYC reporting that I will post up here shortly.

2 Likes

Thanks for the post @hwaktua. It’s not a new topic, there have been multiple referenda, and it’s clear that regulatory compliance is not optional for Polkadot. We are already working on Submerge (details @ submerge.io), which passed the community vote and is going to provide an AML/KYC platform for the ecosystem in collaboration with external AML/KYC providers. We are going to start sharing research and development updates this week. There is also a compliance collective forming just nowadays, please let us know your TG and we will add you to the group. Regards!

2 Likes

Are curators responsible and liable? Does Polkadot provide any protection or shield? Curators aren’t legal experts, so how can everything fall on them or expect them to understand all of the laws?? On top of all of that, which countries laws and regulations apply?

They cannot expect a volunteer or very low waged contractor to be an international legal expert. Are there any lawyers or legal advisors - or Parity/W3F that can weigh in here?

If everything is true, that explains the post to setup Polkadot in the Cayman Islands.

1 Like

This implies that in Switzerland you can legally operate a privacy protocol, just cap the max widthdrawal amount per address to the equivalent of CHF 1000. Which does not really make sense on the blockchain because sybil accounts effectively circumventing it. This would make privacy protocols effectively legal. Does anybody know more about this?

2 Likes

Wasn’t aware, cool.

I see there’s a lot of pieces in there, so I assume adjusting for other Substrate chains won’t be exactly trivial… Is that a fair assumption?

1 Like

Substrate metadata simplifies multi-chain indexing, but you’re absolutely right, semantic processing of the data and translating it into cross-chain relational models is not trivial. We are working on both the infrastructure and UX/UI to provide user-friendly (and 3rd-party-friendly through our APIs) access to data display/analysis, relationship/cluster discovery, account attribution and risk assessment.

2 Likes

Right… Well, if only a subset of what your platform can do worked with metadata V14, that would still be great.

I use one “generic” Substrate indexer that was written primarily for Polkadot, and while some queries don’t work, it beats manual block dumping and ad hoc approaches!
For some queries I use the UI, others don’t work but I can still get them worked out manually in the DB (SQL) or from DB clients, and I’m grateful for that.

Personally what I miss the most is a graph charting tool (still trying to figure out how to create GraphQL queries and the tool is no longer maintained so there’s no one to ask and it’s unclear if it ever worked with “my” Substrate chain) to visualize, report and understand wallet relationships.
I don’t expect Polkadot governance-related queries in your platform to work with my chain, but if transactions could be analyzed for wallet relationships and signed extrinsic transaction patterns maybe that would be the proverbial low-hanging fruit that may work relatively smoothly across all Substrate chains (excluding exotic bridge transactions, EVM contacts, NFTs, and such)

1 Like

Hey folks,
Just joined the Polka community, so bear with my stupid questions. I’ve previously (and still am) part of the Cosmos Hub community and we’ve had these conversations before.

Yes, AML/KYC is a legal requirement. But the consensus we came to in Cosmos Hub:

  • Funding distributed directly from the Community Pool / Treasury, through the vote of all staked ATOM holders, don’t need AML/KYC. That’s because there is no counter-party to perform these checks (“distributed governance approved this funding”), and if someone did take up the role of becoming the counter-party for these checks, it theoretically would open that entity up as “the entity of the Cosmos Hub” (so, hello letter from Gary)

  • Funding distributed from a smaller DAO does require AML/KYC checks. So in Cosmos Hub, as well as direct on-chain funding from the treasury, we also have the Atom Accelerator DAO - the growth DAO for the Cosmos Hub. Small grants disbursed through the DAO does require the checks.

So I suppose my question is, isn’t OpenGov’s funding approved by “all DOT holders”? As such, there is no entity disbursing the funds, other than the protocol itself? i.e. there is no one to hold to account, investigate or sue?

Ofc this is wrt direct funding from OpenGov, not funding from smaller DAOs

1 Like

We are supporting metadata V9 onwards. Your feedback is very valuable. I’m DMing you.

1 Like

Welcome to Polkadot, @syed. Currently there are no AML/KYC checks required for treasury funding through OpenGov. The model you apply in Cosmos makes sense to me. How does the community decide which proposals should go through AADAO? Is there a funnel such that proposers first go to AADO for smaller grants, then to the treasury for larger funding?

To your question, “isn’t OpenGov’s funding approved by all DOT holders?”, I would say that a funding is approved only by the entities who have voted in favor. It doesn’t seem fair to hold nay voters accountable in relation to a funding.

However, a nay voter could also be held to account in relation to a breach of contract, for instance, if it damages a business or a person. This could happen in milestone-based proposals, where the DAO approving the first milestone implies that it will continue funding the upcoming milestones as documented in the first proposal as long as the proposer keeps delivering as promised.

3 Likes

It’s not really “users”, is it? Users is an unfortunate term in this context - it’s confusing as it sounds like chain / dApp users may need to undergo KYC procedures as well.

I see that the W3F validator nodes are KYC’d. Our Substrate chain also had a similar program (and we KYCed our (sponsored) validators as well). I don’t know if other chains have similar subsidies (delivered through nomination/staking) but that’s one source of the need to I mentioned in the comment about my graph requirements (in that reply to @kukabi). We currently don’t have a sponsored validation program, but it’s possible that one day we want to reintroduce it.

Another use case is “business”, to be able to observe (de)centralization in both validation and democracy (vote brigading, for example) as well as programs similar to sponsored validation mentioned above (“scam” prevention, if you will). While these aren’t legal requirements, it’s prudent to keep an eye on indicators such as these, and perform corrective steps before negative trends impact the DAO.

2 Likes

Suppose our funneling is just self-selection. Getting a funding prop passed on governance is difficult - so almost everyone chooses to go through AADAO (via their website atomaccelerator[.]com.

Since funding from AADAO comes with strings attached - milestone-based, have to definitely deliver stuff, etc - there is accountability on the DAO members when they approve funding

As for gov, our proposals thus far have just be one-off lumpsum payments, with no mechanism for milestones or ensuring people actually deliver - bar social pressure - so effectively “no strings attached” funding. This is likely why we were able to take the stance that “the protocol disbursed the funding, with no legal counterparty…so any lawsuit would have to target the protocol itself”

3 Likes

High risk accounts for potential money laundering is $10,000 per transaction or $100,000 cumulative over 12 months - for accounts to get flagged. Each jurisdiction has there minimum amounts set for reporting (Switzerland - 1000chf, US - $3,400, etc). So a privacy protocol that is in Switzerland and disperses under 1000chf to a person for the year will not have any issues. The cumulative amount was set for the high volume transaction below $10,000.

1 Like

Hey @Bountyhunter - I’m going to answer your questions in my responses below in the next comment.

1 Like

@somedude The ‘User’ is really meant to be any user subject to AML/KYC checks or any person or entity that is compensated in DOT over the 1000CHF threshold. Whoever requires KYC for Validators and Decentralized Voices Cohort2 members should be consistent requiring it across all Treasury activities. (Bounty curators, HA, Treasury recipients, etc) I am sure they do not want to appear as if they are over reaching or controlling the Treasury, but no one can dispute or make a case against them for following the law. The only one that will be against or try to prevent are the ones that will be impacted or have something to hide.

1 Like

@syed – Thank you for sharing. Your question and the comparison to Cosmos are relevant to Treasury referenda. Bounty curators assume responsibilities and liabilities in deciding who receives funding and in distributing funds to individuals and entities. A significant distinction is that most bounty curators are compensated, which implies a duty of loyalty, contractual obligations, and performance responsibilities that each curator accepts upon taking on this role.

Regarding governance participation, I have read discussions about interests in private voting and its impact on voting in the community’s best interest versus personal interests. Voting for a referendum that harms the community and against consensus can potentially lead to legal consequences for those token holders. There are two court cases (Ooki DAO and Lido DAO) where the DAO was treated as an unincorporated association, and the DAO members were held liable for the organization’s actions. The majority of lawsuit against blockchain DAOs include non-compliance charges, which led to investigations that resulted in additional criminal charges. This underscores the importance of compliance and not attracting illicit activities that draw the attention of regulators.

Some might argue that the only solutions create a degree of centralization, which is true to some extent. However, the reality narrows the options down to these two choices: determining an acceptable degree of centralization or continue to do nothing and risk everything. The option to establish a legal entity to protect DAO members from legal liabilities requires centralizing the decision making and control to the legal entity, and

The best option to preserve the existing decentralized structure is having a preemptive and proactive governance model, by adding accountability checks and committees or groups that pre-screen referenda. This would also require enforcing compliance with AML/KYC, which it seems almost all major blockchains require to participate in governance and treasury related activities. If validators and decentralized voices members are required to KYC, it only makes sense to consistently apply that rule across all treasury activities. That in itself will mitigate activities instead of allowing it to grow and more difficult to control. @kukabi – what is the projected launch and availability of the tool? If it will take some time, is there a temporary solution that is in-market – like Kilt’s DID product or Deloitte’s KYC product (compatible or easily integrate)?

1 Like

Did not know most curators were compensated, so that changes things as you pointed out. Who requires and how do validators and DV KYC? If the KYC requirement is not consistent, that is a liability we need to fix asap, no? Thanks for the response and informative post.

1 Like

Decentralized Voices and Decentralized Nodes are both recipients of delegated tokens from the Web3 Foundation, not Treasury, so they are not Treasury activities at all.

1 Like

@hwaktua I support your suggestion for “a preemptive and proactive governance model,” which we can say is being partially applied by the Decentralized Voices delegates in pre-screening referenda, albeit not fully mature and without strict processes in place.

The projected launch date for our project is May 2024, but we plan to make parts of the API and application available earlier. I will update this post as we release.

In the meantime, the best course of action regarding proposers is the enforcement of on-chain identities, which is almost standard practice, and the application of strict due diligence (e.g. investigate online presence, track record, hold multiple calls) by the delegates and the community at large.

Regarding voters, it is close to impossible, and arguably undesirable, to apply strict measures on who can vote. A restrictive approach could harm the social and innovative fabric of decentralized networks. However, retrospective investigations would probably be necessary in cases where individuals or groups with significant voting power act in conflict of interest. This is a theme around which I predict there will be a number of investigations.

To close, I have to emphasize that we have to protect the ethos of decentralized networks and avoid highly restrictive measures that could potentially stifle creativity, expression and innovation, but not at the expense of the exploitation of communities by private agendas.

1 Like

Below is an excerpt from Blockchain Governance by P. de Filippi, W. Reijers and M. Mannan, regarding the Ooki DAO case, which @hwaktua pointed at.

Another example of legal enforcement over a blockchain-based system is the case of Ooki DAO. The CFTC filed a complaint against the operations of Ooki DAO, which was allegedly in violation of the Commodity Exchange Act by allowing users to engage in retail commodity derivative trading transactions without registering as a trading platform. The court held that although Ooki DAO had not been incorporated into a legal entity, it could be regarded as a general partnership or unincorporated association because it was “formed by mutual consent for the purpose of promoting a common objective” and could therefore be sued. To the extent that token holders could vote to promote the common objective of governing the Ooki protocol, ownership of governance tokens can result in DAO members being considered co-administrators or general partners of the DAO. This means that all members of the DAO are legally responsible for any actions taken by the DAO, and since there is no limited liability protection, the collective liability of the DAO becomes the individual liability of each member.

Yet, while all members of an unincorporated association are typically jointly and severally liable, in the case of Ooki DAO, given that many token holders were not active participants in the DAO, the court considered that liability would only be imputed to token holders who effectively exercised the governance rights associated with these tokens. Using their tokens to influence the activities of the DAO means that they are voluntarily becoming a member of the unincorporated association that governs the Ooki protocol. As a result, even though only the founders were held responsible for violating laws in the Ooki DAO case, the case suggests that in the future, all active token holders of a DAO could be held personally accountable for any illegal actions taken by the DAO, not just the founders. Because of these measures, anyone who interacts with the smart contract addresses will be held strictly liable, meaning there is no need to prove ill-intention or even awareness of the sanctions.