11ppm@11ppm11
Thank you @blocksec_xdc for your thoughtful response. I understand your position. That said, the question I continue to raise operates at a different layer.
The claim that “since KYC existed, investors were mistaken in assuming any form of screening, and therefore XDC bears no responsibility” may appear, at first glance, to be technically coherent.
However, for this claim to hold, several implicit assumptions must be accepted. None of these assumptions are self-evident, and each warrants careful examination.
First, this argument rests on the premise that the meaning of KYC is universally fixed across the industry and society, leaving no room for misunderstanding. In reality, however, the understanding of KYC varies significantly depending on the context in which it is presented.
XDC has officially explained KYC as follows:
>KYC Enabled Masternode:
>XDC Network introduces the concept of KYC-enabled Masternodes, offering an additional layer of trust and compliance. This feature enables enterprises and businesses to confidently participate in the network, ensuring regulatory compliance and fostering wider adoption.
In other words, “KYC-enabled Masternodes” were not presented merely as identity verification procedures, but as an additional layer of trust and compliance, explicitly aimed at enabling enterprises and businesses to participate in the network with confidence under regulatory compliance. This has been the consistent official message.
By contrast, in purely technical discussions, KYC is often explained narrowly as identity verification. Yet within regulatory, financial, and compliance contexts, KYC is rarely understood as a standalone procedure. It is generally treated as part of a broader framework that includes Customer Due Diligence (CDD) under FATF recommendations, AML/CFT obligations, risk assessment, and ongoing monitoring. Indeed, in FATF recommendations themselves, KYC is positioned as one component of CDD.
Given this context, once XDC explicitly framed “KYC-enabled Masternodes” as a layer of trust and compliance that ensures regulatory compliance and enables enterprises to participate with confidence, it was both natural and reasonable for investors and participants—particularly those outside a purely technical perspective—to interpret KYC in connection with FATF-aligned AML/CFT frameworks.
More importantly, XinFin’s co-founder Ritesh Kakkad himself has stated:
“BIS, FATF, AML and KYC etc comes whenever we speak to the regulators.”
This statement clearly demonstrates that XinFin has itself discussed KYC within the context of international regulatory and governance frameworks, including BIS and FATF.
The issue, therefore, is not what KYC technically is.
The issue is how KYC was communicated to society, and what expectations were thereby formed. In this regard, there is a clear tension between the substance of XDC’s official messaging and the later explanation that “KYC is nothing more than identity verification.”
This structural tension becomes even clearer when examining the positioning of Globiance. Globiance was explicitly listed on XDC’s official roadmap and positioned within the ecosystem under the banner of “KYC-enabled Masternodes,” where trust and compliance were emphasized. The issue here is not the existence or absence of any guarantee, but rather how trust was institutionally constructed through system design and official messaging.
In practice, XDC investors entrusted their XDC to Globiance not only because it was an entity capable of staking XDC masternodes, but also because of the presence of explicit support from XDC co-founders and the involvement of central figures within the XDC ecosystem serving as Globiance executives.
Taken together—official roadmap inclusion, positioning within the KYC-enabled Masternode framework, co-founder endorsement, and executive involvement by key XDC figures—Globiance was perceived not as a mere external service provider, but as an entity that had been institutionally endowed with trust.
This cannot be dismissed as mere investor misunderstanding or ignorance. It is a problem of trust pathways structurally created by the ecosystem itself.
There is also a need to clarify the previously mentioned concept of “on-chain KYC.” XDC Network has never officially defined KYC as equivalent to on-chain KYC. The consistently used term has been “KYC-enabled Masternode,” while the implementation details—such as who conducts the KYC, under what standards, through what verification methods, with what auditability, or whether records are verifiable on-chain—were never clearly defined as an institutional system.
In general, KYC practices that provide credibility to regulators and financial institutions are conducted off-chain and involve third-party professional vendors with verifiability and auditability. If XDC positioned KYC as a “layer of trust,” then the relevant question is not whether it was on-chain or off-chain, but at what level, by whom, and through what mechanisms the KYC was verified.
Ultimately, the central question is this:
Under what institutional design did XDC construct KYC as a “layer of trust,” and can it now clearly and officially explain the verification entities, standards, and auditability of that system?
BlockSec argues that it was unreasonable for investors to assume any screening based on the presence of KYC, and therefore that XDC bears no responsibility. However, the issue here is not whether investors’ understanding was correct or incorrect. The issue is whether, having linked KYC to regulatory and financial-institutional compliance in its public messaging, XDC as a management entity adequately anticipated the expectations that such messaging would generate—and whether it sufficiently explained the assumptions, limitations, and boundaries of that system.
This is neither a technical debate nor an argument about personal responsibility. It is a question of management and governance: whether those who issued the messages considered how those messages could shape societal expectations, and whether they fulfilled their responsibility to clearly explain the premises and limits of those expectations. Reframing this discussion back into narrow technical definitions itself demonstrates a failure to directly address the governance and managerial responsibilities at the core of this issue.
