The U.S. Treasury Department’s Financial Crimes Enforcement Network finally proposed a long-awaited, and feared, rule that would require exchanges to report many transactions involving private cryptocurrency wallets.
Essentially, what FinCEN wants is to require banks, cryptocurrency exchanges, and other money services businesses (MSB) to collect identifying data about anyone who wants to transfer $3,000 or more to or from an “unhosted” wallet.
“This rule addresses substantial national security concerns in the CVC market,” said Treasury Secretary Steven Mnuchin, referring to convertible virtual currencies—a term for digital assets.
The rule, he said in a Dec. 18 press release, “aims to close the gaps that malign actors seek to exploit in the recordkeeping and reporting regime.” He added:
“The rule, which applies to financial institutions and is consistent with existing requirements, is intended to protect national security, assist law enforcement, and increase transparency while minimizing impact on responsible innovation.”
Banks and MSBs would have 15 days to file a report with FinCEN for CVCs or legal tender digital asset (LTDA) transactions of more than $10,000, and lowers the threshold to $3,000 for transactions with an unhosted—meaning private—crypto wallet.
That means that the know-your-customer (KYC) and anti-money-laundering (AML) rules required by exchange-hosted wallets would apply to anyone who wants to redeem fiat or take their crypto into cold storage.
The rule document itself cites “significant national security imperatives” driving the proposed rule. It said:
“U.S. authorities have found that malign actors are increasingly using CVC to facilitate international terrorist financing, weapons proliferation, sanctions evasion, and transnational money laundering, as well as to buy and sell controlled substances, stolen and fraudulent identification documents and access devices, counterfeit goods, malware and other computer hacking tools, firearms, and toxic chemicals.”
It also cited the growing number of ransomware attacks as a reason.
Minimal impact or industry crushing?
Industry opinions on the rule—dumped out on Friday night, when government agencies announce news they want to attract as little public attention as possible—were mixed.
“FinCEN’s proposed crypto AML/KYC rules are the mildest version discussed, and have basically no impact on the industry from my perspective,” tweeted BlockTower Capital co-founder and CIO Ari Paul, describing it as a non-lawyer’s casual opinion. “Institutions have to implement rules very similar to what they have to do for fiat.”
Adding that the rule should have a “minimal impact” he pointed out that no reference was made to transactions between two unhosted wallets, only those involving an institution like an exchange.
“[U]sers effectively already had to KYC withdrawals to unhosted [wallets] in the sense that you have to KYC yourself to get an account with an institution. This just means an added step of validating the withdrawal address.”
Paul also pointed to crypto think tank Coin Center’s initial analysis by its director of research, Peter Van Valkenburgh, which called the proposal a “midnight rule” that is being “rushed” out by the “lame duck” Trump Administration with just 15 days public comment time, including the Christmas and New Years holidays. He added:
“Regardless of the merits of this particular policy, ordering innovative businesses to implement any new compliance obligations without a standard notice and comment period is costly, sloppy, and disrespectful of the Americans companies that employ Americans, pay taxes, and contribute meaningfully to our technological prestige abroad.”
Van Valkenburgh was not as harsh on the rule itself, noting that it is not as bad as rules proposing technology specific standards, like those suggested by the Financial Action Task Force (FATF), a powerful intergovernmental financial regulatory body with deep concerns about cryptocurrencies, and the governments of Switzerland, Singapore and the Netherlands.
That said, he noted the proposed rule “has complicated new counterparty identification requirements that may be infeasible and innovation-killing in the context of cryptocurrency networks.”
On Dec. 9, Rep Warren Davidson (R-OH), Tom Emmer (R-MN), Ted Budd (R-NC) and Scott Perry (R-PA) wrote to Mnuchin asking that the Treasury Department consult with Congress before acting. That is necessary, they said, to “ensure that law enforcement needs can be properly balanced with the need to ensure an environment where individuals are empowered to transact freely with others in the digital space.”
“Over-regulating self-hosted wallets will crush a nascent industry and leave the Unites States behind the rest of the world when it comes to harnessing the power of blockchain and cryptocurrency.”
The new rules
Blockchain analytics firm CipherTrace noted that the proposed rules would require that banks and MSBs “not complete the transmission of funds until such recordkeeping and verification is complete.”
CipherTrace also pointed out that FinCEN argues “that the use of blockchain analytics software alone isn’t enough to fully protect against money laundering concerns stemming from unhosted wallets.”
Aside from crypto mixers designed to anonymize and obscure transaction data held in bitcoin and other blockchains, the proposed rule warns that privacy coins like “Monero, Zcash, Dash, Komodo, and Beam… are increasing in popularity and employ various technologies that inhibit investigators’ ability both to identify transaction activity using blockchain data and to attribute this activity to illicit activity conducted by natural persons.”
In order to complete transactions, banks and MSBs would be required to collect:
- The name and address of the financial institution’s customer
- The type of CVC or LTDA used in the transaction
- The amount of CVC or LTDA in the transaction
- The time of the transaction
- The assessed value of the transaction, in U.S. Dollars, based on the prevailing exchange rate at the time of the transaction
- Any payment instructions received from the financial institution’s customer
- The name and physical address of each counterparty to the transaction of the financial institution’s customer
- Other counterparty information the Secretary may prescribe as mandatory on the reporting form for transactions subject to reporting pursuant to § 1010.316(b)
- Any other information that uniquely identifies the transaction, the accounts, and, to the extent reasonably available, the parties involved
- Any form relating to the transaction that is completed or signed by the financial institution’s customer
FinCEN is taking public comments on the rule, using the docket number FINCEN-2020-0020 and the specific RIN number 1506-AB47.