In December, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) rushed out a consultation on new rules that will reduce the threshold for anti-money laundering (AML) recording to $3,000 for certain digital asset transactions, including a future central bank digital currency (CBDC). FinCEN announced the plans on 18 December, saying comments had to be received by 4 January.
However, the 72-page paper was only published on 23 December. Hence the Federal Regulations website states that feedback will be accepted until 8 January. Eight members of Congress complained about the rushed timescale over the holiday period. So far there have been more than 6,500 comments, including from Square, Andreessen Horowitz and crypto sleuth Ciphertrace.
The paper refers to cryptocurrencies as convertible virtual currency (CVC) but also adds digital assets with legal tender status (LTDA), which by implication includes a future CBDC. The rules apply if a user chooses to self host a wallet rather than keep the assets at an exchange or bank. Additionally, it applies to wallets hosted by financial institutions in certain foreign jurisdictions.
Transactions of more than $10,000 a day that involve a self-hosted wallet must be reported. Plus, records of self-hosted transactions of more than $3,000 must be retained by the institution. A critical point is this is not just KYC, because the data is about the customer’s counterparty.
Despite the invitation to the public to comment, the FinCEN paper says it doesn’t need comments because terrorists have used cryptocurrencies and hence it’s a matter of national security. It says that “notice and public procedure thereon are impracticable, unnecessary, or contrary to the public interest.”
Given that, one has to ask whether it’s worth the time and effort to comment.
“FinCEN seeks to expand reporting and Know Your Customer (“KYC”) type obligations to parties who are not our customers,” said Square’s Jack Dorsey in a letter responding to the paper. “Square would be required to collect unreliable data about people who have not opted into our service or signed up as our customers.” He believes it would drive users to avoid interfacing with regulated entities altogether and is concerned about the impact on American innovation. The hurdle it creates could inhibit digital asset usage for payments and end up limiting it to investment.
Katie Haun of venture capital firm Andreessen Horowitz and a former U.S. Department of Justice prosecutor described the FinCEN’s plans as a “non-vetted rule under the cloak of the holidays that violates the government’s own established rulemaking procedures.” The letter states that “the rule imposes a novel requirement—one found in no other Part of FinCEN’s regulations implementing the Bank Secrecy Act (“BSA”) — to collect and potentially verify identifying information not about customers, but about the counterparties of customers in all cases.”
A letter from crypto investigation firm Ciphertrace supports Jack Dorsey’s point about unreliable data. “I do not see how asking the name and address of holders of unhosted wallets creates any improvement in the reduction of criminal and terrorist financing, as those names will not be validated, nor can they reasonably be validated,” wrote David Jevans, CEO of CipherTrace. “Futhermore, if CVCs are viewed as an analog to cash, this requirement exceeds that required by banks and MSBs (money services businesses) today.”
He also highlighted that digital assets are sometimes used to pay remote workers and employees and argued for similar exemptions afforded to banks.
This latter point is often under-appreciated. Employees and freelancers in certain jurisdictions such as Eastern Europe have to jump through very expensive hoops to receive payment for legitimate services. This is especially in the software and games sectors. Moreover, the firms that pay for these services attract time-consuming scrutiny from their own banks.
Another crypto investigation firm Chainalysis states the vast majority of self-hosted wallets are used “by individuals and organizations to either store their cryptocurrency for investment purposes, or move it between regulated trading venues. ” Chainalysis assess a tiny proportion (3%) of self-hosted wallets being involved in illicit or ‘risky’ transactions. Additionally, it says that ” the majority of bad actors still attempt to cash out illicit funds at regulated exchanges” and puts the figure at 62%.
Many regulators bandy about the term ‘same risks, same rules’, which is very reasonable. However, the question is whether the current rules work.
We previously explored how ineffective anti-money laundering (AML) procedures are. Perhaps before spreading the net even wider and further invading privacy, some effort should be put into getting current AML procedures to work. That’s instead of creating new hurdles for SMEs as the OECD has previously noted.