Six steps show how an AML oracle can work in decentralized finance (DeFi) as part of an atomic transaction.

We all know that aligning DeFi with anti-money laundering (AML) policies is tricky. Regulators and industry leaders stress the importance of regulation. But the truth is, effective oversight in this space is tough. Meanwhile, bad actors continue to launder stolen funds using DeFi tools.

So, how do we balance decentralization with legal obligations? The answer lies in using oracles.

Traditional AML policies struggle in the DeFi world. Why? Smart contracts can't make decisions based on external information, like AML checks. They can only use data that's on the blockchain they operate on. They can't access information from other blockchains or outside sources, like websites or APIs.

This limitation exists because smart contracts run on blockchain nodes. These nodes don’t connect to the internet and can only communicate within their own blockchain. This design helps maintain security and decentralization. For a transaction to happen, all necessary data must be recorded on the blockchain. This ensures that the network operates securely and all nodes agree on the same information.

If smart contracts could connect to the internet, it would create security risks. External data, such as information from websites, might not follow blockchain rules. This could lead to manipulated or false data entering the system.

Here’s where DeFi oracles come in. They allow DeFi applications to pull in external data, helping blockchain transactions achieve consensus with off-chain information. This data can include KYC (know your customer) and KYB (know your business) information, watchlists, blacklists, sanctions lists, and transaction monitoring.

Let’s break down how the DeFi compliance oracle works:

  1. User interacts with DeFi service: Users engage with the DeFi platform to perform actions like depositing, withdrawing, swapping, lending, or staking assets. Before processing any transaction, the DeFi service must check for AML compliance.
  2. DeFi service requests AML check: When a user starts a transaction, the DeFi service requests an AML check for the user’s address and related data. It communicates with the AML oracle smart contract to get the KYC/KYB results and a risk rating.
  3. External AML provider monitors requests: The external AML provider keeps an eye on the AML oracle smart contract for incoming requests from DeFi services. Once it detects a request, it begins the AML check based on the details provided.
  4. AML provider screens data: The external AML provider conducts the AML check by analyzing both on-chain and off-chain data. On-chain data includes transaction history and wallet addresses. Off-chain data covers sanction lists and watchlists, along with KYC/KYB data linked to blockchain addresses.
  5. AML provider responds: After completing the check, the external AML provider writes the result to the blockchain. It includes a pass/fail status and a link to more detailed information for auditing.
  6. DeFi service acts on the result: Once the AML check result is available, the DeFi service takes action based on its smart contract rules. If the user passes the check, the transaction proceeds. If it fails or raises concerns, the service may halt the transaction or freeze the user’s funds.

All these steps happen as part of an atomic transaction. In blockchain terms, an atomic transaction means either all steps succeed or none do. This ensures no partial or inconsistent state is left behind, keeping the transaction secure. For example, if a user’s address appears on a sanctions list, the swap transaction gets automatically canceled according to the blockchain’s rules. No human intervention is needed, reducing the risk of errors.

DeFi systems have the potential to integrate effective AML solutions. However, achieving this goal will take time and effort. For now, oracles are a practical technical solution for implementing AML measures in DeFi.

Lex Fisun is the CEO and co-founder of Global Ledger, a Swiss company that specializes in cryptocurrency AML risk analysis, blockchain forensics, and cybercrime investigation tools. Since 2015, Lex has been involved in fintech, AI, and anti-fraud technology, leading to the founding of Global Ledger in 2019 in response to increased scrutiny of crypto regulations.