Proposal type: 7 [IMPL]: Introduction of a New Category: "High Risk Jurisdiction"

Preface

The proposal being put forward is to add a “High Risk Jurisdiction” category to HAPI Protocol. The cryptocurrency space is constantly evolving, and new threats are emerging every day. To ensure that all blindspots are taken care of in the HAPI Protocol, new categories might need to be added as the new threats and risks arise.

What are High Risk Jurisdictions

A high-risk jurisdiction is a country or region where the risks associated with operating in the area are significantly higher than in other countries or regions due to the prevalence of cybercrime or other security threats. This could include countries with a high rate of cybercrime, poor cybersecurity infrastructure, or weak regulations to combat financial crimes such as money laundering and fraud. Operating in high-risk jurisdictions poses a greater risk to the security and privacy of users’ data and assets, and may require additional security measures to mitigate these risks

Benefit

The “High Risk Jurisdiction” category would allow the HAPI protocol to provide additional protection to users and businesses operating in these jurisdictions. This could include measures such as additional security checks, stricter verification requirements, and enhanced monitoring of transactions. By adding this category to the protocol, an additional layer of protection can be provided to users and help to mitigate the risks associated with operating in high-risk jurisdictions.

Potential Drawbacks

1. Regulatory challenges: Some high-risk jurisdictions may have regulatory frameworks that are incompatible with the HAPI protocol, making it difficult or impossible to operate in those regions.
2. Reduced accessibility: The additional security measures implemented in high-risk jurisdictions may make it more difficult for legitimate users to access the platform that is secured by HAPI and have this category set, leading to reduced adoption

Conclusion

The addition of a “High Risk Jurisdiction” category to the HAPI protocol might be a step forward in the fight against cybercrime in the cryptocurrency space. However, only HAPI community members are urged to consider and decide on this proposal and vote accordingly about its implementation to the Protocol.

Thank you for your attention

Created a PR for this: Add HighRiskJurisdiction category by ars9 · Pull Request #6 · HAPIprotocol/hapi-core · GitHub

I don’t like the idea of making nationality a criteria for risk score. I would not mind a notification that warned me of a transaction from a place associated with a high volume of scams and laundering.

But how can a nationality be identified through an address? Unless its done KYC and presuming its legitimate info, theres no way of telling.

Not sure about this one but let me try:

The thought of this category does make sense because we already have regulations in the protocol, such as the “Sanctions” category.

However, I am not sure how this category was implemented, and I doubt it’s a two-way street. What I mean is that the protocol has already “chosen a side,” because I doubt that HAPI would flag addresses that Russia would consider as “violating sanctions.”
I don’t want to bring up politics, nor am I defending Russia. (Thats impossible by the way)

I’m just saying that we have already opened Pandora’s Box, so why stop here?

I for or myself, I would appreciate a warning if I wanted to send my BTC to a new exchange with great marketing, but it’s located in a high-risk jurisdiction category like Somalia.

(I didnt know that beforehand)

It doesn’t need to be an example that extreme, but the point I want to make is: "What country or region is in the “High Risk Jurisdiction Category”?

North Korea? Probably yes.
Somalia? Yeah.
China? It depends on where you’re from.
America? It depends on where you’re from.
Europe? I think you know where this is going.

I understand the point of this category, but just like the “Sanctions” category, it depends on where you live and what your political opinion is. A Chinese individual might not want to trust an American DEX and would appreaceate to be notified before interacting.

In conclusion, this category would only work if the wallet notified is given a location and/or a political opinion.

This would mean that a Chinese Individual should get a warning if he connects to a US Based DEX and a Austrainian Idividual should probably not…

This might work great in combination with a Digital HAPI-ID or User-Profile,

This category is mostly applicable to organizations that operate in high risk jurisdictions like North Korea, but for some reason are not a part of already established sanction lists (which has a separate category). And yes, there is some amount of ambiguity about this.

These are very good points (and we discussed them internally). The idea is that we mostly ideate with the Western crypto community at the moment and may need to create a disclaimer for this category. We assume that most of people who use the protocol will either align with this ideation, or will have a choice to ignore the addresses highlighted by this category specifically.

Yes, there are many limitations for the US in crypto world, but it usually doesn’t mean that there’s higher risk - just stricter rules.

As to proof-of-humanity service, we’re currently researching for existing projects and what we can learn/borrow/use from them in this regard, so it’s a topic for another day.

Great Point, I didn’t think of it in that way.

The voting is finished, 100% voted in support: Snapshot

Accepting the PR.