Compliance is another key issue in Web3 and the metaverse. With new business areas and potential cross-border uses come new, greater liability risks. Ensuring compliance with laws and regulations in Web3 and the metaverse is therefore crucial.
Companies operating in the metaverse or on Web3 must first understand the applicable rules and corresponding liability risk. They must ensure that their internal guidelines and processes address compliance both in “old marketplaces” and in new, virtual marketplaces – and also take into account the likelihood that their Web3 and metaverse activities will fall under the jurisdiction of foreign authorities that place greater, or just different, demands on compliance management. For instance, many metaverse and blockchain servers are located in the United States – which in the recent past has been taken as sufficient grounds for U.S. law enforcement agencies to investigate. The recent wire fraud indictments for insider trading in NFT artworks is just one of many examples.
Indeed, “traditional” offences such as fraud, embezzlement, and bribery are also possible in the metaverse and Web3. Although many issues around the application of national and international law and the relationship between them have yet to be resolved, companies should be aware that they could face investigation and prepare accordingly. If employee misconduct results in a company being investigated, the company should be able to show that it has a sufficiently robust compliance management system that meets national and international requirements.
As a second step, the risk assessment should be used as a basis for reviewing internal guidelines and processes to check whether they provide sufficient protection against violations of the law in the metaverse and Web3.
Finally, it is essential to good compliance management that companies review existing policies and procedures on a continuous basis to see whether they need to be changed – and document that review accordingly. It is not yet clear in what direction Web3, the metaverse, and the specific business activities there will ultimately develop. Deficiencies in compliance are to be expected – making it all the more important to continuously adapt compliance management and document the process.
Internal investigations also face new challenges. Because the metaverse is a virtual world that individual companies do not host themselves, communications in the metaverse cannot be readily retained. Blockchains, however, offer full traceability of all the information they store. Investigating authorities often expect companies to retain all relevant information, regardless of whether it was generated on-chain, off-chain or in the metaverse. Add to this transactions in cryptoassets, which can be transferred without an intermediary and without any identification or authentication – a real challenge when it comes to due diligence under the Money Laundering Act and other requirements.