U.S. regulator wants to make use of proprietary wallets an indication of money laundering

Shortly before Christmas, the US financial regulator FinCEN published a proposal for new rules. According to it, exchanges should report in the future if a user transfers higher amounts to a non-fiduciary wallet. The crypto industry is anything but pleased. Is this the beginning of the war for financial autonomy that many believe is inevitable?

On Dec. 23, U.S. financial regulator FinCEN gave the crypto industry a rotten Christmas present: The agency released a proposal for “requirements for certain transactions involving convertible virtual currencies and digital assets.”

FinCEN justifies the proposal by citing “significant national security concerns.” That’s because malicious actors are increasingly using cryptocurrencies for – FinCEN is bringing out all the guns: “terrorist financing, weapons proliferation, sanctions evasion, and international money laundering, as well as to acquire and sell controlled substances, stolen and counterfeit identity documents and access devices, counterfeit goods, malware, hacking tools, firearms, and toxic chemicals.” On top of that, there would be ransomware attacks, which the G7 is particularly concerned about in light of the Covid pandemic. We already know this. But what measure does FinCEN now propose to put a stop to criminal crypto users?

Unhosted wallets trigger suspicion case

wallets for btcFinCEN’s proposal goes beyond anything regulators have wanted before. Namely, it targets what the agency calls “unhosted wallets.” You can probably guess what’s meant by that.

“Hosted wallets” are “provided by financial service providers that receive, store, and send virtual currencies on behalf of their customers.” These financial service providers are regulated in the U.S. by the appropriate governing bodies and laws, which requires them to, among other things, identify their customers and report suspicious activity. Hosted wallets allow criminal transactions to be detected and prevented. You can find a list of them at https://www.marginbull.com/.

“Unhosted wallets,” on the other hand, do not require a financial institution to execute transactions. Their users “interact directly with the virtual currency system and have independent control over the transfer of value.” These “unhosted wallets” are what is commonly recommended, as they grant the user the most security, privacy, and autonomy. They are what cryptocurrencies are really all about. However, they are a thorn in FinCEN’s side, as the usual anti-money laundering measures do not apply to them, or only to a limited extent.

With the proposal released on Dec. 23, FinCEN wants to get unhosted wallets under control: “The proposed rule will require banks and financial services providers to send a report to FinCEN containing certain information about the virtual currency or digital asset transaction and the recipient (including the name and mailing address) if the counterparty to the transaction uses an unhosted wallet and the transaction exceeds $10,000 in value.” Transactions to “unhosted wallets” whose value exceeds $3,000 are not required to be reported, but must be documented. In both cases, the service provider is required to verify the identity of the customer.

To reiterate: https://www.fincen.gov/ wants exchanges to report to it when users disburse amounts over $10,000 to a proprietary wallet. Anyone who presumes to want to manage the private keys for such sums themselves should henceforth be considered suspicious of money laundering. Stepping out of the system of financial middlemen and custodians becomes an indication of criminality.

Is this the moment we have been fearing for years? Is the open war against financial autonomy now beginning, that battle for money to which the copyright wars against file sharing were only a prelude?

A defining moment for cryptocurrencies

The crypto economy is not reacting too happily to FinCEN’s wishes. The proposals are so drastic that even Jack Dorsey, the founder of Twitter and the payment service provider Square, published an open letter. In the letter, he states that this is “a defining moment in the evolution of cryptocurrencies and related regulation.”

FinCEN’s proposal would require cryptocurrency service providers like Square to comply with documentation and reporting requirements that “go far beyond what is required for cash payments.” FinCEN, he said, wants to extend the “Know Your Customer (KYC)” rules, which require financial service providers to verify the identity of their customers, to parties “who are not our customers … To be clear, if the proposal is implemented, Square will be required to collect unreliable data from individuals who have neither registered as our customers nor agreed to our service.”

But this is not only a blatant violation of all privacy principles. It “also creates unnecessary friction and perverse incentives for users to avoid regulated cryptocurrency providers and instead use unhosted wallets or service providers outside the U.S.” As a result, FinCEN will have less, not more, insight into the nature of crypto transactions than it does today.

The proposal, Dorysey explains, hurts people’s financial independence, inhibits innovation by American companies, and reduces FinCEN’s ability to protect the financial system.

A leak of such a database would be a hacker’s dream

hacker and bitcoinJack Dorsey is not alone in this damning judgment. He is joined by, among others, a company that in itself is clearly on the side of the regulators:

Blockchain analyst Chainalysis. Chainalysis’ objections are similar to those of Twitter’s founder: the requirements introduced new privacy risks by requiring crypto companies to collect names and mailing addresses from the owners of unhosted wallets and pass them on to FinCEN, which maintains the information in a central database. “A leak of such a database would be a hacker’s dream, as it would give them a list of targets, including info on where they live and how many cryptocurrencies they own.”

Further, the proposal will push criminal activity away from regulated parts of the ecosystem. Chainalysis cites that 62 percent of identified illicit transactions originate from regulated exchanges. While weaknesses in the system still need to be addressed – such as mixers and unregulated exchanges – law enforcement is already good at tracking criminals through crypto-transactoins, it said. The rules now proposed could undo those law enforcement successes.

Finally, the new rules would introduce regulatory costs that many crypto companies would find impossible or difficult to bear. This, he said, will inhibit the competitiveness of U.S. companies and startups. Both Jack Dorsey and Chainalysis decidedly lament the short time FinCEN is giving the industry to comment on the proposal: The proposal was released Dec. 23, and the agency is accepting comments until Jan. 4. It’s hard not to fault that timing for being intentional.

“We are deeply concerned that the shortened review period for this proposed rule will limit the industry’s ability to provide thorough and quality comments,” Chainalysis writes. Especially given the profound importance of this rule, a full-fledged review period is enormously important, it adds. The analytics firm sees “no pressing reason to rush this rule through in such a hurry.” There is no immediate risk of criminal funds flowing into the system that could be stopped by this rule, it said. Law enforcement already has the tools to track transactions – including to unhosted wallets – and identify their recipients, he said.

The unnecessarily short period of time that FinCEN is allowing for comment without need shows that the goal may not be to prevent money laundering at all – but to attack cryptocurrencies and the financial autonomy they stand for.