Nestled in the heart of the Caribbean, the Cayman Islands have emerged as a hotspot for pioneering developments in the digital asset landscape. Among these trailblazers is Mauve Limited.
In this article, Matt McGuire, general counsel and chief compliance officer at Mauve Limited, sheds light on the company’s innovative approach to self-custody in the crypto space.
He explores how Mauve’s commitment to privacy, compliance, and decentralisation aligns seamlessly with the Cayman Islands’ progressive regulatory framework.
Mauve Limited, a Cayman Islands exempted company, launched in September 2023 as a first-of-its-kind noncustodial crypto exchange. Registered with the Cayman Islands Monetary Authority as a virtual asset service provider, Mauve showcases an improved version of safe, noncustodial crypto services.
Mauve’s successful launch is a testament to the forward-thinking and risk-based approach taken by the — the Authority’s virtual asset service provider requirements, although demanding, are clearly expressed and tailored to the registrant’s activities. Decentralised finance needs exactly this type of genuine, good faith regulatory engagement in order to grow and flourish. Self-custody is the future of all finance, and nothing about it is inconsistent with regulation, compliance, user privacy, or decentralisation.
Mauve represents the future of noncustodial crypto
To thrive and grow, decentralised finance must stop being (or at least being publicly viewed) as directly supporting illicit activity. Indeed, it is imperative that we all act to reduce bad actors’ use of crypto to further illicit activity and terrorism financing regardless of whether a protocol, service, product, or app is custodial or noncustodial, centralised or decentralised.
Mauve is part of that solution, demonstrating that self-custody crypto users can presumptively keep their privacy for their on-chain activity, while at the same time, showing that a right to privacy on-chain does not require any special treatment when it comes to anti-money laundering and terrorism financing regulations.
Privacy is at Mauve’s foundation. The exchange intentionally does not hold user data, ensuring that on a day-to-day basis Mauve only sees standard, public blockchain information about transactions. This setup best preserves user privacy when using Mauve, reducing data breach vectors by only taking in personal information when required and otherwise ensuring data cannot be misused by the exchange.
For compliance, Mauve relies on Violet, an affiliated third-party compliance provider, to send binary signals on-chain indicating whether a user has passed the checks necessary to use Mauve’s smart contracts. Mauve has the legal right to demand user identifying information from Violet when required to satisfy its legal obligations (e.g., suspicious activity reporting or subpoena response), but otherwise Mauve relies on Violet to interact with users and send the required signals.
Splitting user data from products and services is the future—one day, smart contracts will directly connect users to relevant government actors, avoiding intermediaries entirely and even further reducing data breach vectors (i.e., true self-sovereignty in compliance with applicable law).
That level of user privacy is absolutely possible without compromising on compliance with terrorism financing and anti-money laundering laws. When Violet sends the binary signal, it is telling Mauve’s smart contracts that the connected wallet passed a high-quality know-your-customer or know-your-business-customer identity verification including liveness check, geolocation screening, off-chain sanctions and anti-money laundering screening, and customised blockchain analytics screening covering their on-chain activity as well as enrolment of a second authentication factor to ensure identity continuity with the connected wallet.
Before every transaction, Mauve’s smart contracts require an access token issued by Violet’s backend, confirming the user behind the wallet has passed all checks within the last 24 hours and that the user isn’t currently in a sanctioned or otherwise prohibited geographic region.
Good actors benefit from the immense freedom and flexibility provided by this privacy-protective, composable compliance approach, whereas bad actors are thwarted and identified for law enforcement as much as possible.
Meaningful regulatory engagement, but not a compromise
Mauve’s approach is novel in many ways, and the company thought long and hard about the best jurisdiction to launch the exchange given that newness. Mauve settled on the Cayman Islands due to the sophistication, detail, and clarity of the Islands’ virtual asset service provider law, which included a reference to decentralised finance.
The process of becoming a registered virtual asset service provider was serious, detail-oriented, and required that the company be operating properly in light of all relevant risks. For example, working with expert counsel at Carey Olsen, Mauve ensured it had policies and procedures in place documenting how it handles customer identification, anti-money laundering, travel rule, risk management, and cybersecurity, among others.
While these may be relatively standard policies in traditional finance, all of these policies look different when prepared in connection with a noncustodial exchange that works based on public blockchain smart contracts and does not hold user data directly. The Cayman Islands Monetary Authority engaged with Mauve’s processes as submitted and took the time to really question and hone in on the unique risks and challenges presented by a noncustodial exchange—a real credit to good, risk-tailored regulation.
All told, Mauve received its registration after a back and forth covering all manner of issues, including smart contract security and ongoing auditing to avoid hacks that are too common in decentralised finance. The seriousness, but fairness, of the Cayman Islands Monetary Authority’s approach directly aligns with Mauve’s value and commitment to compliance and user safety. Approaches like the one taken in the Cayman Island will help crypto repair its reputation around the world while preserving the required space for innovation that the fast-moving industry demands.
The future of crypto exchanges lies in striking a delicate balance between regulatory compliance and user privacy. We firmly believe that the principles of decentralisation and user control are not incompatible with responsible compliance, and the Cayman Islands is a jurisdiction showcasing the best of crypto innovation and compliance. Our pioneering approach serves as a testament to the potential for positive change in crypto, setting a standard that others should aspire to follow.