i was deeply struck by the primitiveness of risk analysis, fraud monitoring, and aml systems that are widely used in the banking and payment sector. mainly we are talking about a system that applies simple manually defined rules with manually assigned weights.

such a poor set of tools pushes banks to simplify the client profile they are willing to work with as much as possible. in other words - someone who lives nearby, works at a local company, and has no other income. any deviation from the baseline causes stress, “risks,” and a desire to close the account.

but moving towards more complex control systems is also dangerous. various sanctions and blacklists, which on one hand try to close many security loopholes and prevent criminal activity, but on the other - represent an extrajudicial punishment mechanism that can, in principle, be applied to anyone.

any control system is inherently programmed to solve problems by increasing control. it is, after all, a control system. as soon as control stops working, the system will still keep “tightening the screws” and increasing control, simply because there is no other way. managers and officials are unlikely to reflect and conclude their own inefficiency. more likely, the staff will grow, and new technical tools will be purchased.

control costs money and attention at every level of corporate governance. attention also ultimately converts into money. increased control means increased complexity, which means increased speed of system degradation. the only possible solution is temporary resource mobilization (as alexander prokhorov showed in his book “the russian management model”).

on the other hand, if we discard personal ambition and the passion for gigantism, it’s not clear at all why huge and extremely inefficient corporate structures are needed. the solution to control and security problems has always lain in a completely different direction, which is very clearly visible in the case of blockchain technology, as will be discussed later.

blockchain is a universal transport layer that works very efficiently outside any control and regulation. moreover, due to the openness of the technology, fighting it makes no more sense than chopping off the heads of the lernaean hydra. you can regulate people or objects, but it’s much harder to restrict an idea, especially when it is widely liked and brings real benefit to the economy.

furthermore, blockchain architectures like bitcoin or ethereum allow for such a large number of addresses that there’s even a practice of using each address only once for a transaction. regulators’ attempts to “old-fashionedly” build a full database of addresses and assign them primitive weights are completely meaningless.

kyc/aml systems, which handled even regular payments rather crudely due to lack of capacity, budget, and technological backwardness, are hardly suitable for web3. horse-drawn carriages no longer ride city streets - they’re filled with electric cars on autopilot. it’s time to adopt technologies like zkp (zero knowledge proof) and sdi (sovereign digital identity).

but the web3 world is incompatible with web2. the state cannot be the operator of sdi, it cannot control what happens - it can only participate on equal terms with all other network participants. if part of the control functions are handed over to open algorithms, payment security and trust will increase, and criminal activity will decrease.

furthermore, the authorities in sweden and norway made an unexpected discovery. having nearly eliminated cash payments, today, fearing cyberattacks that could paralyze life in the country, they started recommending keeping part of the funds in cash. considering the eu’s plan to limit cash payments to 10,000 euros by 2027, we can expect a very precise amount of cash that officials expect to see in your pocket.

amlco has extraordinary powers. the employee responsible for aml does not report to the ceo of the organization and must report incidents directly to the amlco. the analogy with red commissars suggests itself. at the same time, the question arises - exactly what situation are we trying to fix with these measures?

no one feels protected. the central bank can revoke the license of any financial institution at the snap of a finger, liquidating huge amounts of assets, killing reputation, and disrupting logistics. essentially it’s like capsizing a boat in the middle of a storm and then suggesting sorting it out in court - the court may recognize your right, but where is your barge, boat, and goods? at the bottom of the sea?

so much talk about democracy, but i don’t see any human rights in the financial sector - quite the opposite. it seems that totally authoritarian orders reign, where an individual official has enormous power over human destiny, and all of it extrajudicially.

what fintech and innovation can there be, seriously, when full analysis of your transactions has become the norm, while privacy itself is positioned as anti-social behavior.

the central bank issues a huge number of requirements. they vary from country to country, and there is a general trend that, riding the digitalization wave, these requirements are becoming more and more detailed. the regulator sees the payments market as complex, risky, and incomprehensible. it seems to believe that its task is to simplify it as much as possible, forcing it into rigid and understandable frameworks.

let’s set aside the economic effect of such actions and focus on the risks, which, it would seem, should decrease due to increased control. this should concern both bank-level fraud and fraud involving individual accounts.

on the first issue, the story of saigon commercial bank puts a full stop, where the fraud volume exceeded $27 billion. one could imagine that the problem lay in the weak control by the central bank of vietnam. but there is also the story of wirecard, which was under the strictest control of bafin and still resulted in a $17 billion loss.

protection of individuals is even worse. too many people have access to user data, and the system’s overall security is now equal to the integrity of the worst operator. it was experimentally found that operators tend to share such information with friends and relatives and even sell it for very little money. needless to say who the main consumer of such data is.

the general idea of regulation, unfortunately, is not built on finding a safer and more efficient solution for the market, but on simply increasing control. and if the country is rich enough and has sufficient expertise, then, say, a national payment switch is just a feature of the payment ecosystem. but if it’s an african and not very wealthy country, then its unstable central bank payment switch becomes a general headache for years.

again, by concentrating all business logic at a single point - we make that point the most vulnerable link. the problem is partly recognized in europe, but is there a solution? besides political risks, sometimes a critical power cable can be chewed by a small and stupid animal, or hit by an excavator. how acceptable is it for a country as a whole to be left without the ability to make payments for several hours? won’t there be humanitarian consequences?

a bank account is not a way to safely store money - it’s a control tool. a residence permit or utility bill payment directly requires an account in a local bank. a bank account can be closed at any time without explanation. withdrawing money from an account is not a right but a privilege that is subject to constant verification.

politics influences the banking and payment systems, forcing them to move in a predetermined direction. the state can easily make any financial activity illegal by labeling it as facilitating unlawful conduct in one way or another. therefore, people’s basic rights in the field of payments and finance must be constitutionally protected from bureaucratic encroachment.

the psd2 directive was a great idea and was supposed to set a global trend for the decentralization of the payment industry. the problem was identified quite accurately - large banks have a vast client base accumulated over years, provide expensive and low-quality service, and refuse to let fintech companies in. as a result, the cost of customer acquisition for fintech is very high, and growth is slow.

unfortunately, even in europe, the initiative has effectively stalled, and several years later the situation remains almost the same. open banking is still being discussed at banking forums, but there has been no serious movement in this direction. i cautiously assume that even basic apis are far from universally implemented. moreover, no new decentralization steps were observed in psd3.

lightweight banking licenses like emi/pi were supposed to open access to the payment market for small and dynamic companies. capital requirements, business risk, and high competition already made the industry not too attractive, but there was a chance to enter through products and innovation.

regulation was supposed to provide clear rules of the game, a competitive environment, and business profitability. such a cocktail would reliably attract sufficient business attention and talented engineers. six years ago, i was very inspired and genuinely believed in a new reality that never came. the idea was to create trends and replace conservative universal banks with atomic and efficient fintechs that would accelerate and improve development. what could possibly go wrong?

two things.

(1) the innovation block clearly lost to the political one, which set a vector towards complete and total control of citizens’ assets and transactions. small fintechs find this very hard to implement, while a universal bank with 30 million clients and a powerful bureaucratic structure tailored for generating endless reports has a natural synergy with such demands.

(2) universal banks, in turn, were not eager at all to give up monopoly control over their customer base, which allows them to earn super-profits simply by having exclusive access. as a result, instead of 10 new fintech revoluts, the original revolut obtained two full banking licenses and with each passing day became more like those it used to compete against.

Therefore, instead of decentralizing the market and improving service quality, under central bank pressure, the industry focused on KYC/AML issues. it became possible to close any account at all without providing any explanation, entirely extrajudicially.

the complexity of organization and management requires an extraordinarily high level of personnel, which is objectively insufficient. Therefore, the quality at each segment is at best average, if not completely failed. formally everything looks fine, there are certificates, instructions are written, and of course, all reports are submitted.

but when it’s time to update the banking system, it turns out there’s a clear lack of knowledge about how it currently works. not that there’s none at all – you can essentially read the source code (if access is available) or try to read business and technical documentation, though often outdated. but this is clearly not enough.

a bank is a very complex system that requires a large number of highly specialized professionals to operate successfully. some of them must be highly qualified. training such people happens “in the field,” this is fingertip knowledge, undocumented and not taught at universities. sometimes, good knowledge of technical documentation helps.

a good metaphor is constantinople shortly before its fall. high, thick walls in the age of cannons and bombards. the city lives its life, poorly realizing that the situation and risks around have radically changed. subconsciously, everyone has long been expecting the arrival of hungarian gunners and the fall of some major institution under camera lenses.

the situation with information security is even worse. here we are not talking about a castle with cannons but about defending a giant pot of honey in the middle of an apiary. the honey here is the vast amount of money and private customer data. even the slightest inaccuracy somewhere in the whole system, a single mistake, one open letter, or a password written on a scrap of paper at home - and control can be completely lost.

information security in a large organization is very expensive. good process documentation is no cheaper. good specialists will always demand a decent salary. without gathering enough expertise in one place, you cannot run a business. but even if you gather it - you end up with an extremely fragile (per taleb) structure that is very sensitive to changes and risks.

a centralized system has only one management tool - strengthening control procedures. even more expensive specialized software, traffic monitoring, sometimes even private mobile communication cells to intercept and control potential leaks. more it systems, more people, more documentation, more departments. then come mass management systems based on kpi and statistical methods.

furthermore, any bureaucratic system has limits to its capabilities and, when faced with a crisis, can either democratize - delegating powers downwards to address the new complexity - or be forced to strengthen control mechanisms, trying to handle new challenges through resource mobilization and repressive measures, which only increases complexity and reduces efficiency.

the method of coercion, as well described in the book “the russian management model,” has an inherent critical flaw - any system actively adapts to it and after a couple of cycles stops being sensitive to it. banks will produce perfect reports that hide the essence of what’s happening.

once upon a time, the right to banking data privacy was considered unshakable, and it was hard to imagine that a bank could disclose such data to third parties without the owner’s consent and without a court decision. the system needed more control, and doing this through the slow judicial system seemed inefficient. some banks consider it ethical and legal to intercept and analyze mobile phone traffic initiated from within the bank.

the right to freely use cash, as well as to freely exchange cash for gold, is being restricted. likewise, the right to transport cash across borders is limited. the right to open a bank account is restricted, and so is the right to make international payments. neither account opening nor payment execution is guaranteed.

moreover, account opening and closure, limits, bank transfers - all this is restricted not through judicial mechanisms. often the state has nothing to do with it at all - it will always be a private interpretation of central bank regulations by the compliance team of a financial institution.

our constitutions contain our basic rights such as the right to work or private property. a person following community rules should have the opportunity to conduct normal economic activity. they may own private property, like a car, which they may want to sell.

and here it turns out that banks, as entities processing payments, have the ability to significantly limit a person’s rights simply by closing their account or refusing to process payments. they may explain this by their interpretation of laws and regulations, or they may not answer at all. it’s easy to imagine someone in a situation where they cannot receive a salary, pay bills, or send money to elderly parents in another country.

there’s no doubt that ensuring law compliance is important. it’s also clear that the state must implement control and enforcement measures to maintain citizens’ safety. but the reasonable question arises - where is the line beyond which what’s happening starts to resemble black mirror-style dystopias? do people deserve at least a little trust and have the right to privacy in their personal and economic lives?

it’s a huge misconception that the regulator would easily solve all its problems if it had all the powers of, say, the ministry of internal affairs. as already mentioned, coercive methods work in very limited ways, and their outcomes are debatable. this illusion is fueled by pseudo-successful examples like the current policy of el salvador.

unfortunately, today there are too many exceptions from the basic model of state governance that can dramatically affect a person’s life. too many scenarios where a person’s economic life can be destroyed. there are no guarantees for the confidentiality of personal data - it’s only a matter of time before your ids and biometrics end up in the hands of fraudsters.

but there is also a solution.

the banking system was built as an institution of trust, reputation, and security in the extremely turbulent 14th century. an interesting example is the fictional bank of braavos for the rebellious kingdoms of westeros. the bank played a clear and very important role, it was possible to make transactions without it, but it provided understandable value. people dealt with the bank exclusively because it was useful.

security, confidentiality, functionality, independence, and usefulness used to define banking, but after several centuries, for some reason, banks’ level of trust towards clients has dropped significantly. the general idea of regulation now is that payments are a function of the state, not a separate industry. what independence can we talk about?

it’s hard to disagree that criminal activity must be countered, but it’s also hard not to notice that the state machinery actively extracts additional benefits by abusing its monopoly position. it’s difficult to explain how asset inflation, wealth taxes, gold bans, and non-market exchange rates are a public good. at best, it’s another form of taxation.

blockchain technology provides everyone with an open transport layer for conducting payment operations. security is guaranteed by the source code itself, which is under constant audit by security companies, enthusiasts, and hackers. this is an anti-fragile system that doesn’t need monopoly market control to function successfully.

this technology addresses the demand for protecting basic human rights, allowing everyone to overcome discrimination, own wealth, and actively participate in economic activity. we still need our privacy, security, and high payment functionality. and if “beavers” block the river with debris – the river will change its course. today, security and privacy can only be ensured by personal encryption. “your keys – your assets,” everything else is a variable too easily manipulated by too many.

there’s also a huge difference between “i put money in a bank because i trust it” and “i make all transactions through a bank because otherwise i’ll go to jail since cash is now illegal.”

what’s happening today in defi isn’t just rain – it’s literally a mudslide that destroys regulatory barriers like a house of cards. for example, issuing loans traditionally required either a full banking license and total control or… just 650 lines of open source code compiled into an immutable smart contract. a completely unaccountable, fully anonymous lending mechanism – welcome to morpho, where $5-6 billion circulates regularly.

private crypto tokens, often backed by private and frequently anonymous liquidity pools. tokens like xmr, which by design provide zero transparency. the total volume of all crypto-related activities now exceeds $2 trillion. tether alone has “printed” $150 billion in us dollars, making the project practically unsinkable, since no one would dare pull that much liquidity out of the markets.

deep down, we all understand that the deal of “illusory security in exchange for real rights” is somewhat unfair. people from authoritarian and totalitarian states know this best. real security stems from respecting and following basic human rights, humanity, and the individual value of each person.

history clearly shows that people can’t systematically trust each other. practice shows that delegating arbitration to bureaucracy also leads to nothing good. the bureaucratic machine quickly loses efficiency, strengthens its power and repressive apparatus… and then visibly loses efficiency again.

we can believe in source code, open source, independent audits, open reporting, and the community. clear risks and clear rules where there’s no way to flip the board or assign yourself imaginary liquidity. no wonder we’re witnessing the rise of defi lending, defi derivatives, and defi liquidity. fair and clear rules of the game are interesting to everyone – they always lead to the rise of business and trade. the same applies to talented financiers and developers.

defi effectively means the state’s loss of monopoly over payment and financial activities. banking, payment, and financial functions are atomic by nature, and where the inefficient banking machine cannot achieve the necessary synergy, individual teams and services can build meta-systems that cover all basic needs. defi is cheaper, safer, and technologically simpler.

unfortunately, the concept of banking 4.0 or “embedded banking” never took off, burying any opportunity for further development. it was about reformatting the banking sector, particularly in europe under psd2, by separating account holders and providing fintechs with open access to data.

we should have been talking about a service model, function atomization, open source, and standards for core components. instead, we’re discussing migrating to microservices and kafka data buses, writing code in go, and laughing at legacy cobol/oracle stacks. development has stalled. of new ideas, perhaps only bnpl deserves mention – decentralizing lending towards merchants.

fintechs suffered a crushing defeat to banks, but at the same time, this victory became a death sentence for the industry, which turned out to be unfit for reform. excessive centralization combined with extreme regulation left almost no room for development. as usual, this industry wasn’t created by the state, but it’s the state that took full control over its development and technologies.

a unique situation has emerged where all trends for banking are negative in the long term. scylla and charybdis.

first – the central bank. hyper-centralization leads to open competition between banks and the central bank, and, obviously, to a decrease in both the number of banks and business profitability. take “fast (qr) a2a payments” for example – thanks, of course, but no one really doubted the state could process all payments, undercutting the market.

competing with the central bank isn’t exactly a promising prospect. the central bank implements the political agenda, and today liberal ideas are out of favor, while “national interests” and “security through control” are maximally trending.

second – defi. in the defi world, even centralized crypto exchanges are pointless – there’s no trust. and vertically integrated mega-structures like modern universal banks are fundamentally impossible.

a great example is the rise of e-com crypto acquiring, simplifying payments to the level of crypto exchangers and emis making atomic basic transfers. a market that was until recently monopolized by international payment systems is now filling with new players. faster integration and significantly lower fees.

assuming the simultaneous existence of these core trends, we can predict a significant shrinkage in traditional banking’s market share. a bank can’t compete with either the central bank or a smart contract. essentially, we’re arriving at the same place we were supposed to go voluntarily under psd2. today it’s safe to say that 3-5% of capital may already be placed in crypto assets. the capital market overall has figured out what’s happening and how the risks are distributed.

in fact, today we’re in a unique situation where, like king hammurabi, we’re writing into the blockchain the foundations of a payment system proportional in complexity to the world we live in. this is a fork in the road we’re actively trying to navigate – either decentralize and tame complexity or forcibly simplify the system, throwing us back into the era of digital feudalism.

right to assets. it’s necessary to recognize that owning wealth or assets is a natural right of every person. development is only possible through complexity, diversity of meaning, and new ideas. development is not the result of state tax distribution. asset ownership is a continuation of the idea of private property, which must not become a variable.

this is very important because it follows that the existence and non-immorality of liquidity pools, including anonymous liquidity pools, is normal – they allow energy concentration around ideas supported by the communities that created them.

distributed liquidity allows all pool participants to profit while minimizing costs. there’s no justification for why only bank owners should monopolize earnings in the payment market. it’s immoral to build a profit-extraction system that’s initially designed to worsen the position of the community as a whole.

digital reputation. the key problem of lending is scoring. but mass lending uses overly simplified borrower assessment mechanisms, effectively normalizing issuing bad loans and accumulating excessive debt.

the solution for scoring in blockchain is digital reputation, which should become the strongest objective criterion for granting a loan by a decentralized pool.

ban on centralized registries. centralized registries of everything must be replaced with open-source systems due to the impossibility of ensuring information storage and processing security with tangible resources. this especially applies to centralized biometric data storage. therefore, kyc/aml systems should work exclusively through zkp protocols, which makes sense as it’s hardly justifiable to have multiple storage locations for highly sensitive information like passports.

regulator limitation. regulator policy must support market creation and fight monopolies. the regulator cannot provide any service to end consumers and has no moral right to compete with market participants. this is an unfair fight. the regulator itself should be seriously restricted in decision-making, crisis excuses cannot be used endlessly, nor can absolute powers be used to make arbitrary and often discriminatory decisions.

respect for human rights, for personal assets, for the ability to conduct financial transactions must be absolute. depriving someone of financial life should only happen for very serious crimes by court decision – it cannot occur at someone’s whim or for political reasons.

right to open an account must exist for any community member, and an account should not be closed without a court decision. financial institutions must not act as judge and police in one person for the sake of anti-money laundering enforcement, and regulator instructions should not push them in that direction.

right to privacy and personal cryptography. creating systems of total control over movements, email, or financial transactions is unacceptable. the scale of abuse, the harm to democracy, and the surprising utility for tyranny should deter us from deploying them widely. it’s deeply immoral and unnatural.

presumption of innocence. when making transactions, a person cannot be responsible for the integrity of the account (or crypto wallet) to which they sent money. this is a very important principle and deserves detailed attention.

person a paid an english tutor 20 euros via transfer to person b, who then transferred 100 euros to an organization engaged in illegal activity. the responsibility of person a should clearly equal zero. only person b can be questioned, and even then, only through judicial procedure.

furthermore, even in the case of person b, one must be extremely delicate – when buying a watermelon at the market via qr payment, the payer essentially has no idea what’s on the other end of the payment. and there’s no way to check.

similarly with crypto payments. the nature of crypto tokens is that they constantly change ownership, so the presence of certain organizations in a transaction chain cannot characterize the current owner of crypto assets.

banks. the banking system is deeply inefficient and unfair. often, regulation severely damages the industry with measures that are too blunt and don’t fit every case. but isn’t that easier for management? easier to set nice universal rules and force masses of countries and communities to follow them regardless of consequences, all for the sake of some grand idea or general sense of order.

digital modernism. there’s no difference here from what modernists did when they disfigured cities with their ideas of beauty. little more can be added to what james scott already wrote in his fundamentally important book “seeing like a state.” extraordinary powers corrupt officials and make them feel like little gods – and that’s where many misfortunes begin.

complexity. system complexity is very high and the only option is deep decentralization. efficiency, control, and security can only be based on artifacts that cannot be forged or compromised for the sake of short-term expediency. therefore, there are no technological measures that will allow universal banks to retain their positions.

the value of freedom. i don’t believe in systems that declare progress at the expense of reduced privacy and civil liberties. it seems like an act of desperation. but it’s very easy to believe that on this slippery slope we’ll end up in one version or another of digital totalitarianism, straight out of black mirror nightmares.