 from the Hard Rock Hotel in Las Vegas. It's theCUBE, covering HoshoCon 2018, brought to you by Hosho. Okay, welcome back everyone. This is theCUBE's exclusive coverage here live in Las Vegas for HoshoCon, the first inaugural event where security and blockchain conference is happening. It's the first of its kind where practitioners and experts get together to talk about the future and solve some of the problems and massive growth coming. They got a lot of them. It's good news and bad news, but against the most important thing is secure. Again, the first time ever, security conference has been dedicated to all the top shelf conversations that need to be had and theCUBE's here covering. Our next guest is Greg Penn, who's the head of strategy and products for iComply Investor Services. Great to have you, thanks for joining us. Very nice to be here. So we were just talking before we came on camera about all the kind of new things that are emerging with compliance and all these kind of in between your toes, details and nuances and chip wires. That have been solved in the traditional commercial world that have gotten quite boring, if you will. Boring's good, boring means it works, it's a system. But the new model with blockchain and token economics is whole new models. Yeah, I think what's so exciting about this is that in the fiat world, in the traditional financial market, everyone is so entrenched in what they've been doing for 20, 30, 40 years. And the costs are enormous. And blockchain and crypto coming in now is like, we don't have to do it that way. We have to do compliance. Compliance matters, it's important and it's your legal obligation. But you don't have to do it in the same sort of very expensive, very human way that people have been doing in the past. And cloud computing and DevOps model of software proven that automation is a wonderful thing. So now you have automation and you have potentially AI opportunities to automate things. And there's huge, what we've seen is huge, huge increases in technology in machine learning, clustering of data to eliminate a lot of the human process of doing AML and KYC verification. And that's driving down cost significantly. We can take advantage of that in the crypto space because we don't have thousands of people and millions and millions of dollars of infrastructure that we've built up. We're starting fresh and we can learn from the past and throw away all the stuff that doesn't work. Or is it needed anymore? Let's talk about the emerging state of regulation in the blockchain community and industry. Where are we? What's the current state of the union? You had to describe the progress bar, you know, zero meaning or negative. To Chen being it's working. Where are we? What is the state of? I think if you'd asked me a year ago, I think negative would have been the answer. A year ago, people, there was still a big fight in crypto about, do we even want to be part of compliance? We don't want to have any involvement in that because it was still that sort of crypto goes beyond global borders. It goes beyond any of that. What's happened now is people have realized it doesn't matter if you're dealing in crypto currency or traditional currency or donkeys or mules or computers or whatever, if you're trading goods for value, that falls under a regulatory landscape. And that's what we're hearing from the SEC, from FinCEN, from all the regulators. It's not the form, it's the function. So if you've got a security token, that's a security, whether you want it to be or not. You can call it whatever you want, but you're still going to be regulated just like a security. And I think most entrepreneurs, which welcome clarity, people want clarity. They don't want to have to be zigging when they should be zagging. And this is where we've seen domicile problem. Today it's Malta, tomorrow it's Bermuda, where is it? I mean, no one knows, it's moving train. The big countries have to get this right. 100%. And beyond that, what we're seeing, it's what's very, very frustrating for a market as global as this, is it's not just country-level jurisdiction. The US, you've got state-level jurisdiction as well. Makes it very, very hard when you're running a global business, if you're in exchange, if you're any sort of global, with a global client reach, managing that regulation is very, very difficult. You know, I interviewed Grant Fondo, who's with Goodwin law firm, Goodwin Proctor, they think they call Goodwin now. He's a regulatory guy. And they've been very on the right side of this whole SEC thing in the US. But it points to the issue at hand, which is there's a set of people in the communities that are there to be service providers, law firms, tax accounting, compliance. And you've got technology regulation, not just financial, you have GDPR, handling as a nightmare. So okay, maybe we don't even need GDPR with blockchain. So again, you have this framework of this growth of internet society, now overlaid to a technical shift that's going to impact, not only technology standards and regulations, but the business side of it, whether you have these needed service providers, which is automated, which isn't automated. What's your take on all this? I agree with you 100%. And I think what's helpful is to take a step back and realize while compliance is expensive and a pain and a distraction for a lot of businesses, the end of the day, it saves people's lives. And this is what business, just like if someone was shooting a gun as you were running down the street in your house, you're going to call the police. That is what financial institutions are doing to save these industries and individuals that are impacted by this. A lot of it from a cryptocurrency perspective, we have a responsibility because so much of what the average person's perception is, is Ross Ulbrook and Silk Road. And we have to dig our way out of that sort of mentality of crypto being used for negative things. And so that makes it even more important that we are ultra, ultra compliant. And what's great about this is there's a lot of great opportunities for new vendors to come into the space and harness what exists today, whether that's harnessing data, different data channels, different ID verification channels, and creating integrated solutions that enable businesses to just pull this in as a service. It shouldn't be your business. If you're in exchange, compliance is something you have to do. It should not become your business. Yeah, I totally agree. And it's become a table stakes, not a differentiator. Exactly. That's the big thing I learned this week is people saying, you know, secures a differentiator. Compliance is a, no, no, no, that has standards. All right, so how do I ask you about the, you know, I always had been on the bias side of entrepreneurship, which is, you know, when you hear regulations and you go, whoa, that's going to really put a stunt, the growth of organic innovation. Right. But in this case, the regulatory piece has been a driver for innovation. Can you share some opinions and commentary on that? Sure. Because I think there's a big disconnect. And I used to be the one saying, regulation sucks. Let the entrepreneurs do their thing. But now more than ever, there's a dynamic. Can you just share your thoughts on this? Yeah, I mean, regulators are not here to drive innovation. That's not what their job is. What's been so interesting about this is that because the regulation has come into crypto along with these other things, it's allowing businesses to solve the problem of compliance in very exciting, interesting ways. And it's driving a lot of technologies around machine learning. What people like IBM Watson are doing around machine learning is becoming very, very powerful in compliance to reduce that cost. The cost is enormous. An average financial institution is spending 15%, upwards of 15% of their revenue per year on compliance. Anything they can do to reduce that is huge. Huge numbers. And we don't want crypto to get to that point. Yeah, and I would also love to get the percentage of how much fraud is being eaten into the equation too. I'm sure there's a big number there. Okay, so on the compliance side, what are the hard problems that the industry is solving, trying to solve? Could you stack rank the- I think number one, complexity. Complexity is the biggest, because you're talking about verifying against sanctions, verifying against politically exposed persons, law enforcement lists, different geographical distributions, doing address verification, blockchain forensics. The list just stacks and stacks and stacks on the- It's a huge list. It's a huge list. And it's not easy either. These are hard problems. Right, these are very, very difficult problems and there's no one expert for all of these things. And so it's a matter of bringing those things together and figuring out how can you combine the different levels of expertise into a single platform. And that's where we're going. We're going to that point where it's a single shop. You've got, you want to release an ICO, you're in exchange and you need to do compliance. All of that should be able to be handled as a single interface, where it takes it off of your hands. There's still, the liability is still with the issuer. It's still with the exchange. They can't step away from the regulatory liability, but there's a lot that they can do to ease that burden. And to also just ignore and down-risk people that just don't matter. It's how many, so many people are in crypto. You know, not the people here, but there's so many people in crypto. You buy one-tenth of a Bitcoin, you buy a couple of Ether and you're like, okay, that was fun. Well, do we really need to focus our time on those people? Probably not. And a lot of the technology- There's a lot of big money moving from big players acting in concert. And that's where we need to be focused. Is the big money we need to be focused on where terrorists are acting within blockchain? That's not to say the blockchain in crypto is a terrorist vehicle, but we can't ignore the reality. I think the other thing, too, is also the adversary side of it. It's interesting because if you look at, like, what's happening with all these hacks, you're talking about billions of dollars in the hands now of these groups that are highly funded, highly coordinated, funded basically underbelly companies. They get their hands on a quantum computer. I was just talking to another guy earlier today. He was like, if you don't have a 16-character password, you're toast. And now it's 24, so that's going to be, at one point, they have the resources as the flywheel of profit rolls in on the hacks. You know, one of the interesting things that we talk about a lot is, we have to rely on the larger community. We can't, you can't solve all of the problems. You know, quantum computing is a great example. That's where we look for things like two-factor authentication and other technologies that are coming out to solve those problems. And we need to, as a community, acknowledge that these are real problems and we've identified potential solutions, whether that's in academia, whether it's in something like a foundation, like the Ethereum Foundation, or in the private sector. And it's a combination of those things that are really driving a lot of this innovation. All right, so what's the agenda for the industry? If you had to go, you know, obviously the list is long. How do you see this playing out tactically over the next 12 months or so? As people start to get clarity, certainly the SEC is really being proactive, not trying to step on everybody. At the same time, put some guard rails down and bumpers to let people kind of bounce around within some framework. Yeah, I think the SEC has taken a very sort of cautious approach. We've seen cease and desist letters. We've seen notifications. We haven't seen enormous fines like we see in Fiat. You know, you look at HSBC, you look at Deutsche Bank, billions of dollars in fines from the SEC. We're not seeing that. I think the SEC understands that we're all sort of moving together. At the same time, their responsibilities protect the investor. And to make sure that people aren't being... Duped. Duped. I was trying to find an appropriate term. Suckered. Suckered, duped. And that, we've seen that a lot in ICOs, but we're not seeing it, the headlines are so often wrong. You see, this is an ICO scam. Often it's not a scam, it's just the project failed. Like, lots of businesses fail. That doesn't mean it's a scam, it means it was a business failure. Well, if institutional investors have the maturity to handle it, it can deal with failures, but not the average individual investor. Right, which is why in the US we have the accredited investor, where you have to be wealthy enough to be able to sustain the loss. They don't have that anywhere else. And so globally, the SEC care and the other financial intelligence units globally are monitoring this, so we make sure that we're protecting the investor. To get back to your question, where do I see this going? I think we're going to need to fast-track our way towards a more compliant regime. And this ICO is being a step-wise approach. Starting with sanctions, making sure everyone is screened against the sanction lists, then we're going to start getting more into politically-exposed persons, more adverse media, more enhanced due diligence, where we really have that suite of products and identify the risk based on the type of business and the type of relationship. And that's where we need to get fast. And I don't think the SEC is going to say, yeah, be there by 2024. It's going to be be there by next year. I saw in a hard-touch, who was one of the co-founders of Ho Show, and we were talking on theCUBE about self-regulations, some self-policing. I think there's some self-governance, certainly in the short-term. And we were talking about the hallway conversations, and this is one of the things that he's been hearing. So the question for you, Greg, is what hallway conversations have you overheard that you kind of wanted to jump into or you found interesting? And what hallway conversations that you've been involved in here? I think the most interesting, I mentioned this in the panel and it got into a great conversation afterwards about the importance of the crypto community reaching out to the traditional financial services community because it's almost like looking across the aisle and saying, look, we're trying to solve real business problems. We're trying to create great, innovative things. You don't have to be scared. And I was speaking at a traditional financial conference last week and there it was all people like, this crypto is scary and it's, I don't know if you understand it. I think he warned Buffett and Bill Gates poopooing it and freak out. But we have an obligation then to, we can't wait for them to come to the rush to realize what needs to be done. We need to go to them and say, look, we're not scary. Look, let's sit down with, if you can get a seat at a table with a head of compliance at a top tier bank, sit down with them and say, let me explain what my crypto ATM is doing and why it's not a vehicle for money laundering and how it can be used safely. Those sorts of things are so critical as a community for us to reach across the aisle and bring those people over. Yeah, bridge the cultures. Exactly, because it's night and day cultures but I think there's a lot more in common. And they both need each other. Exactly. All right, so great job. Thanks for coming on and sharing your insights. Thank you so much. Give a quick plug on what you're working on. Give the plug for the company. Sure, so iComply Investor Services is here to help people who want to issue ICOs do that in a very compliant way because you shouldn't have to worry about all of your compliance and KYC and blockchain forensics and all of that. You should be worried about raising money for your company and building a product. All right, final questions. I got you here, this is on my mind. Of course. Security token has got traction. People like it, because it's no problem being security. What are they putting against that these days? What trend are you seeing in the security token? Are they doing equity? I'm hearing from hedge funds and other investors. They'll want a little bit of equity, preferred and or common plus the token. Or should the token be equity conversion? What are some of the things you're saying? I think it's really just a matter of do you want paper or do you want a token? Just like a stock certificate is worth nothing without the legal framework behind it, the security token is the same way. So we're seeing where some people are wanting to do equity where some of their investors want the traditional certificate and some are fine with the token. We're seeing people do hybrid tokens where morphs from security to utility are back where they're doing very creative things. That's it's what's so great about the Ethereum network and the smart contracts. Is there all of these great options? The hard part then is, how do you fit those options into a regular- And defending that against being a security? And this is interesting because if it converts to a utility, isn't that what security is? So that's the question. Is that an IPO? Is that an IC? Again, these are new. This is new territory. Right. And very exciting territory. It's an exciting time to be involved in this industry. In fact, I just had an 83B election on tokens first time ever. Yeah, it's an amazing state that we're in where serious investors are saying, yeah, token's great for me. Give me an ERC-20. I'll stick it in my MetaMask wallet. It's unbelievable where we are. And only more exciting things to come. Great, Penn. Thanks for coming out and sharing your insights. Cube Coverage live here in Las Vegas. Hoshokon, the first security conference in the industry of its kind, where everyone's getting together, talking about security. Not a big ICO thing. In fact, it's all technical, all business, all people shaping the industry. It's community. It's the Cube Coverage here in Las Vegas. Stay with us for more after this short break.