Author: Mankiw Brand Department
Opening words
Startup Web3, chat every Wednesday!
"Startup Web3.0" is an interview program for Chinese Web3.0 entrepreneurs initiated by Mankiw LLP. Every Wednesday night, we will invite industry leaders, first-line institutions, well-known entrepreneurs, etc. to share their views. We hope to promote the compliance development of China's Web3.0 industry through positive voices, rational discussions, and experience sharing.
The PayFi (payment finance) wave is sweeping the world. How to reconstruct the boundary between payment and finance in the decentralized Web3 world? How to find a balance between compliance and innovation in a high-risk track? In this issue of "Startup Web3.0", Niu Xiaojing, a lawyer from Manquin Law Firm, talks with Diana, general counsel of Infini. From Peking University Law School to Web3 entrepreneurship, Diana, with a solid legal background and a young perspective, reveals the compliance practice of Infini in creating "Web3 Alipay", shares the opportunities, challenges and "blood and tears lessons" of PayFi, and offers entrepreneurs a guide to avoid pitfalls from a legal perspective!
(The audio transcription has been processed by AI, so there may be omissions and errors)
Welcome this episode’s guest, please introduce yourselves to everyone!
Diana: I am very happy to be invited by Mankiw, and thank you for the interview! I am Diana, and I am currently serving as General Counsel and Compliance Officer at Infini. Infini is a Web3 payment startup with a small scale of only about 20 people and a young atmosphere. I am responsible for corporate legal and compliance affairs, which is far beyond the corporate legal work of traditional law firms, including license applications, anti-money laundering policy formulation, transaction structure design, and even crisis public relations for theft incidents. I do everything!
My background is that I received my undergraduate degree from Peking University Law School, and my master's degree from the University of Pennsylvania. I passed the New York State Bar Exam. After graduation, I worked in a US law firm for three years. As Sino-US relations became tense and the economy declined, business shrank, and I entered Web3 by chance. I previously worked as a legal advisor for the Web3 digital department at YeePay, a leading domestic payment company. Because I had come into contact with Crypto clients at the law firm, my experience was compatible with my current position.
In 2022, Infini found me and thought my background and abilities were a good match, so they asked me to join this startup platform. I was one of the first few employees and was deeply involved in the project construction. The goal was to build a Web3 payment ecosystem, like "Web3 Alipay". I am looking forward to talking about my story with you today, and you are welcome to ask more questions!
Q1: From a law firm to Web3, what was the opportunity for your career change?
Diana: When I just graduated, I worked as a junior lawyer in a leading dollar fund law firm. The team was very strong and my boss was a big shot in the industry. He graduated from Harvard JD and brought me into the industry. He taught me how to draft fund agreements and negotiate with clients, which gave me professional enlightenment and I still benefit from it. However, the law firm industry has not been doing well in recent years. Foreign law firms have been affected by the economic downturn and Sino-US relations, and their business has shrunk significantly.
In 2021, my boss told me: "Diana, you have a good background, but it's too difficult to be promoted to partner now. In the past, a resume of Peking University and Penn University might have helped you get a chance, but now you have to work hard for more than ten years, and the return is still uncertain." When I heard this, I was disappointed. I don't like to do thankless things. I like the path of low investment and high return.
In 2022, a very close client came to chat with me and said, "Diana, why don't you buy some Bitcoin?" I was skeptical and started to study Crypto, opened an exchange account, bought some coins, and contacted several project parties. At that moment, I felt like I had discovered a new world! The world of Web3 is growing rapidly, full of young people and an atmosphere of daring to think and do. Compared with the "involution" of law firms, Web3 does not look at qualifications, but only at ability.
I remember once I was talking to a project owner about the transaction structure. They were only 25 years old, but were working on a million-dollar DeFi project. They didn’t care if I was a “senior lawyer” or not, and only asked if I could solve the problem. At that moment, I suddenly thought: What the partners can do, I can do too! Why spend more than ten years in a law firm?
This turning point made me determined to step out of my comfort zone. I first joined YeePay and worked as a legal consultant for half a year to accumulate experience. At the end of 2022, Infini found me and said, "Diana, your legal background and Crypto experience are a perfect match. Join us!" I was moved by their passion and vision, and joined Infini without hesitation to start a business with a group of young people. The openness and creativity of Web3 made me feel a sense of belonging, which is especially suitable for my unconventional personality!
Q2: What is the essence of PayFi? How does it integrate with CeFi?
Diana: PayFi (payment finance) is easy to understand. It is to use blockchain technology to reconstruct payment and traditional Web2 financial tools and integrate them into daily scenarios, such as cross-border shopping and on-chain financial management. Its core value is to improve the efficiency of capital flow and reduce transaction costs. At the same time, it is highly inclusive and can be used by ordinary people. For example, traditional bank transfers may take T+2 and have high fees, but PayFi can achieve real-time transfers with fees as low as a few cents. Compared with CeFi (centralized finance, such as Binance and OKX), PayFi pays more attention to user-friendliness and scenario-based, emphasizing decentralized efficiency, while CeFi relies more on compliant custody and centralized management.
PayFi and CeFi are not replacements, but integration and multiplication. CeFi's strengths are compliance and user trust, such as the exchange's KYC and licenses, which are reassuring; PayFi's strengths are flexibility and inclusiveness, which allows Web2 users to seamlessly enter Web3. For example, Infini's virtual card allows users to swipe their cards like using Alipay, but behind it is on-chain settlement, combining CeFi's compliance and PayFi's efficiency. In the future, PayFi will be like a "lubricant", bringing CeFi closer to the public, and the two will work together to promote inclusive finance.
Niu Xiaojing: PayFi's inclusiveness and CeFi's compliance are a perfect match. Infini's vision of becoming "Web3 Alipay" is simply exciting.
Q3: What is Infini’s vision and compliance practices?
Diana: Infini has a grand vision: to be the "Alipay of the Web3 industry", to create a user-friendly payment platform that is compatible with CeFi features, allowing Web2 users to easily enter Web3. We hope that the product will be simple enough for "grandparents to understand at a glance" and achieve mass adoption. We do not do short-term coin issuance projects, but long-term, difficult and correct things, rooted in the industry for ten or twenty years.
The business consists of two major sectors:
1. Payment card issuance: Provide virtual cards based on the Visa/MasterCard network to support global consumption, such as buying coffee and booking air tickets. Users deposit USDT and exchange it for legal currency in real time. On-chain settlement must comply with MSO (Money Service Operator) or Singapore MPI license requirements.
2. Asset management: User balances can be invested in on-chain asset management products, such as staking stablecoins to earn annualized returns, which must meet the strict supervision of the Hong Kong SFC, such as reserve funds and corporate structure review.
Compliance Difficulties:
1. Payment business: KYC and anti-money laundering review are required to ensure that transactions do not involve countries on the black and gray lists. Visa/MasterCard has high compliance requirements and requires real-time risk control.
2. Asset management business: Hong Kong SFC has extremely strict requirements, requiring submission of legal opinions, disclosure of holding structure, proof of reserve funds, and a long approval cycle.
We are communicating with the Hong Kong SFC and Singapore regulators, and will announce our own licenses in the near future to strengthen compliance. I "battle" with the growth team every day to ensure that the business does not cross the red line while leaving enough room for innovation.
Q4: How does PayFi balance convenience and security?
Niu Xiaojing: PayFi pursues user-friendliness, but the blockchain private key self-holding has a contradiction between convenience and security. How does Infini balance it?
Diana: This is the classic contradiction between DeFi and CeFi. DeFi private key self-holding is very safe, but users often forget the mnemonic phrase, and if they lose it, they will lose all their money. CeFi custody is convenient, just like an exchange can be used by binding a mobile phone email, but you have to trust the platform. Infini chose the CeFi model to balance three aspects:
1. Minimalist interface: The product design is like Alipay, which allows payment with just two clicks, lowering the threshold for Web3.
2. Third-party custody: We do not touch user private keys and entrust them to compliant licensed custodians to ensure the safety of funds.
3. Compliance support: Holding Hong Kong/Singapore licenses, all contracts are reviewed by top audit companies, and the license approval will be issued in the near future.
Ordinary users do not need cold wallet-level security. Infini's custody + audit model takes into account both convenience and security. Just like Hong Kong banks, which have strict compliance but poor experience, Infini optimizes the user experience and makes card swiping as smooth as Web2 without sacrificing compliance.
Niu Xiaojing: "Alipay-style experience" + compliant hosting, focusing on both convenience and security.
Q5: What lessons has Infini learned during its development?
Niu Xiaojing: Someone left a message asking how Infini dealt with the coin theft incident?
Diana: Haha, this question is really going to ruin the party! Infini did experience a large amount of theft, the loss was not small, and the media went crazy. The specific amount and details are subject to the official Twitter statement. It is not convenient to say more in public, you can chat with me privately! This incident was a huge blow to the team, but it also sounded the alarm, and it can be regarded as a "soft landing".
Countermeasures:
1. Comprehensive audit: We urgently invited top audit companies such as CertiK to check system vulnerabilities, upgrade smart contracts, and plug security risks.
2. Custody upgrade: Change to a more compliant and reliable custodian, such as Fireblocks, to strengthen fund protection.
3. Crisis public relations: issue a statement as soon as possible to stabilize user confidence, cooperate with regulatory investigations, and ensure subsequent stability.
Lessons learned from review:
1. Lack of security awareness: In the early days, we focused too much on business growth and underestimated the risk of hacker attacks. This theft exposed a loophole in the contract, but fortunately the amount was controllable.
2. Key to choosing a custodian: The custodian we cooperated with before was not hardcore enough, so this time we switched to a top player in the industry with stronger compliance and technology.
3. Brand reshaping: After the theft, we paid more attention to our compliant brand image, proactively communicated with regulators, and promised not to make similar mistakes again.
If this happened during the peak of business, the consequences would be disastrous. The early losses made us more cautious, and the team now puts safety and compliance first. This "tuition fee" is expensive, but it brings long-term stability.
Q6: How does Infini ensure compliance for global users?
Diana: Infini does not directly serve users in mainland China, but only users with overseas identities, such as users with Hong Kong or Singapore addresses, who need to submit their overseas phone numbers and addresses for KYC verification. This strictly complies with the 924 policy (the red line for RMB in and out) to avoid legal risks.
For Visa/MasterCard channels, there are two layers of compliance:
1. Global commonality: Visa/MasterCard is a global payment infrastructure. If it meets its compliance requirements (such as KYC and anti-money laundering), it can be used in most regions without the need for country-by-country approval. Infini has passed Visa's top-level approval and covers the global network (except for countries on the FATF blacklist).
2. Regional risk control:
Counterparty: We use the KYT system of Elliptic and Chainalysis to monitor counterparties in real time. If the merchant has a record of money laundering or fraud, the system will automatically reject the transaction. For example, if a user swipes a card at a high-risk merchant, the system will reject it immediately to protect the safety of funds.
Regional restrictions: Countries on the FATF black and gray lists (such as Russia and Iran) prohibit Infini cards to prevent anti-money laundering risks.
These are the industry consensus of Crypto cards. Infini ensures global compliance through KYC, KYT and regional restrictions, while optimizing the card swiping experience, making it as smooth as using Alipay.
Q7: How does regulation affect PayFi’s innovation and constraints?
Diana: Regulation is a double-edged sword:
1. Constraints: Strict supervision increases compliance costs, such as license fees and audit fees, which are a heavy burden for start-ups. For example, the Hong Kong SFC asset management license requires disclosure of company structure and reserves, and the approval process takes half a year and costs hundreds of thousands of US dollars. The fragmentation of policies in different jurisdictions (such as the ban on stablecoins in the United States and the easing of Singapore) has led to market fragmentation, and business expansion is like "crossing a minefield."
2. Promotion: Clear supervision provides a legal environment and attracts legal funds. For example, Singapore's MPI license clearly defines the rules. Enterprises can obtain government endorsement if they operate in accordance with the rules, and can seek help if problems arise. Hong Kong's VATP (Virtual Asset Trading Platform) license is similar, regulating the industry and promoting the industry's progress.
Infini's response is tailor-made:
Low-key trial operation: Initially select regions with light regulation (such as European VASP) to reduce costs and run the business smoothly.
Compliance in stages: When business volume is small, do not rush to obtain a high-cost license. When business volume increases, apply for Singapore MPI or Hong Kong VATP.
Proactive communication: We will maintain a certain amount of informal communication with the industry and regulators, discuss industry trends, and keep information synchronized, but we will never proactively "jump out" and request review, haha!
Supervision must be balanced. Too strict regulation will stifle innovation, while clear regulation will promote the health of the industry. Infini is like a "rat in a dark corner", running its business in a low profile and waiting for an opportunity to grow.
At the same time, we hope that external law firms can help us by providing us with more of the latest regulatory trends and helping our Web3 companies interpret policies; we hope that they can help us have more positive interactions with regulators at the regulatory level.
Niu Xiaojing: Low-key compliance + waiting for opportunities to innovate is truly a survival textbook for start-ups.
Q8: How do startups balance compliance costs and business growth?
Diana: This question is too heartbreaking! The growth officer and I "battle" about this every day, and even quarrel! The core is positioning: do lightweight DeFi (no KYC, high risk) or compliant PayFi (like Alipay)? We choose the latter and focus on long-term, difficult and correct things. The core of the quarrel is: if you want to make Alipay-level products, the compliance cost is high; if you want to run DeFi, the risk is too high. In the end, we decided to take the compliance route, apply for a license, disclose team information, and never "dive".
Balanced strategy:
1. Lightweight license: Initially choose a region with low costs, such as European VASP (virtual asset service provider), and run the business quickly. Compared with Singapore MPI (5 million SGD transaction volume threshold), VASP is like an "entry ticket".
2. Comply in stages: Do not rush to obtain high-cost licenses. When the business volume is small, use lightweight licenses first to accumulate users and revenue, and then apply for Hong Kong VATP or Singapore MPI to pave the way for the future.
3. Internal collaboration: I meet with the growth and marketing teams every day to assess business risks. For example, if they want to launch a new feature, I will say, "This may violate the SFC's anti-money laundering regulations and be fined HK$100,000. Is it okay to change it to this?" After reaching a consensus, I will make risk warnings and emergency plans.
Compliance is a cost, and the legal department is often treated as a "backstage vase". But Infini attaches great importance to compliance, because PayFi is a relatively new business, and it may touch the regulatory red line if it is not careful, which requires a high level of risk awareness. I often tell the team: "Compliance is a moat, and it cannot be saved!" Through step-by-step compliance and regional selection, we let compliance and growth drive the two wheels, haha!
Q9: Which regions are suitable for Web3 entrepreneurship?
Diana: The choice of landing area depends on the regulatory attitude. A friendly environment will achieve twice the result with half the effort. The feedback speed of company registration and license application, as well as the experience of peers, can be used to judge the regulatory friendliness. Recommended areas:
1. Dubai/UAE: A Web3 paradise in the Middle East, with a free trade zone specifically for Chinese entrepreneurs, fast license approval, low taxes, and the government actively attracts investment.
2. European VASP regions: such as Lithuania and Malta, with low compliance thresholds and annual fees of several thousand euros, suitable for initial testing. European regulation is relatively unified, and business can radiate across the EU.
3. Singapore: Long-term friendly, the MPI license is valuable but costly, suitable for mature enterprises.
Differentiated experience:
Friendly region: Dubai has fast approval and regulatory cooperation, like a "red carpet welcome". Peers say: "Dubai is simply a utopia for Web3!"
Strict regions: China has strict regulations, RMB deposits and withdrawals are red lines, and it is almost impossible to expand business.
Neutral areas: such as African countries, where regulations are loose but unstable. You can test the waters first and withdraw at any time without any loss.
Details that are easy to overlook:
Be cautious when proactively communicating: Don’t proactively write emails to regulators to ask for review! Keep a low profile when running your business, and first inquire about the policy privately through your connections.
Local connections: Talk to local colleagues before landing, for example, get regulatory updates through various information acquisition channels. Don’t work in isolation!
Q10: What advice and personal insights do you have for Web3 lawyers?
Niu Xiaojing: What advice do you have for legal professionals who want to enter Web3? Share a personal insight and explain the meaning of your LinkedIn phrase "create something unprecedented".
Diana: Advice for Web3 lawyers:
1. Professionalism is the trump card: No matter how young Web3 is, a professional image is the foundation. Don’t make low-level mistakes when writing agreements, reply to emails in a timely manner, and details are the real deal. I have seen peer agreements with messy formats, and customers directly pass them. Professionalism is the first impression.
2. Understanding the business is the core: Don’t be an outsider. When I first entered the industry, my clients talked about gray market transactions, and I was so shocked that my jaw dropped! Later I learned that this is the norm in the industry. Spend time studying the business, such as the risk control logic of payment companies and the transaction structure of DeFi, so that you can give reliable advice.
3. Be a comrade, not a policeman: Don’t say “no” right away. When the business team wants to launch a new feature, I will say: “This may violate the anti-money laundering regulations. Change it to this way to comply with the regulations and run it.” I often have meetings with the growth team, write SOPs, learn their business logic, and become a partner who “fights side by side”. Saying “no” is the simplest, but it has no value; giving a solution is awesome
Negative example: I worked with a red circle law firm. When we were talking about Infini business, they asked: "What is PayFi? Is it the same as PayPal?" I talked for two hours, but they were still asking basic questions. The efficiency was so low! Web3 lawyers need to take the initiative to research the industry and don't wait for clients to feed them answers.
Personal insight: Don’t be bound by rules, follow your inner desire.
I was trapped by the precedent in the law firm, changing templates every day, and had no creativity. Web3 allows me to break the framework and create an "unprecedented" business. I believe in Holmes' words: "The property of your fate is the desire of your soul."
Join Infini and work with the post-00s boss on "Web3 Alipay". It's like skiing down a slope, full of adrenaline! Web3 is a stage for young people. As long as you really want to do it, the world will open a way for you. Don't be afraid of falling. You have to fall a few times to slide further!
Starting a business is not easy, but your story must be cool!
