Warren’s Problematic Plans for AML in Crypto
Regulate Centralised Service Providers, NOT Decentralised Technology
US Senators Elizabeth Warren and Roger Marshall have recently introduced their ‘Digital Asset Anti-Money Laundering Act’ bill.
A bill which Coin Center has described as a ‘direct attack’ on crypto.
Let’s take a look at the bill in greater detail.
Money Service Businesses
The bill first classifies the following services, through the Financial Crimes Enforcement Network, as ‘money service businesses’:
- Custodial and unhosted wallet providers
- Crypto miners, validators, nodes that validate 3rd party transactions — independent network participants (incl. MEV searchers)
- Other validators with control over network protocols
Money service businesses are defined by FinCEN as any person doing business in one of the following capacities:
- Currency dealers or exchangers
- Check cashers
- Issuers of traveler’s checks, money orders or stored value
- Sellers or redeemers of traveler’s checks, money orders or stored value
- Money transmitters
- U.S. Postal Service
Based on the definition, these categories appear to be exhaustive (i.e. you must fall within one of these categories to be an ‘MSB’).
First of all, the categories illustrate just how antiquated the concept really is. Traveller’s checks are thing of the past, and nobody sends money by post anymore (I hope).
So let’s try to think up a forcing function to entertain the possibility that the crypto services listed above may be a money service business.
First, you argue that wallet providers are a form of ‘money transmitter’ because they accept and direct the flow of funds through user accounts.
In the case of United States v. Faiella, Faiella was conducting business as a ‘money transmitter’ by sending customers’ bitcoin to the Silk Road network.
However, in that case, Faiella was an intermediary directing the flow of funds, and the customers had no active control over their money once sent. Unhosted, non-custodial wallets allow customers to retain control over their funds at all times.
Arguably, custodial wallets perform this function as well (until they don’t. FTX, looking at you. Celsius, looking at you. BlockFi, looking at you. Yes, I’m looking at three different groups all at once).
Users don’t hold their funds, the exchanges amalgamate them in larger wallets per cryptocurrency to manage capital and liquidity.
Arguably, users don’t ‘control’ their funds in the same way as a non-custodial wallet, so they’re worth distinguishing from non-custodial alternatives. Money transmitter? Maybe, maybe not.
For completeness, it’s worth stating that Validators and MEV Searchers definitely do not fall within any of the categories above.
These services interface directly with the network.
They do not directly transmit funds between network participants… This seems self-evident, but Warren and Marshall clearly want to expand the scope of money service businesses…
Transactions >$10,000
US persons engaged in digital asset transactions >10k through ‘one or more accounts’ outside the US must register the interest.
This is an act of US regulators prying into their citizens’ international affairs.
Positions are obvious here — regulators will claim they’re ‘protecting citizens’ from malicious actors and crypto traders (with large international trading positions) will claim they’re being burdened with excessive reporting and invasions of privacy.
One view is that this may prevent FTX-style scenarios (where large volumes are sent to offshore crypto entities) by surveilling the flow of funds.
It definitely won’t ‘prevent’ an FTX situation, but it could alert regulators to suspicious risk management and capital flows earlier! Other commentators are much more vocal in this belief.
I think reporting requirements for large international transactions are standard operating procedures in traditional finance.
This provision simply introduces the same reporting requirements for crypto transactions.
I’m personally not overly opposed to this provision, but I can understand that several people prefer that the government stays out of their affairs.
Maybe I’d feel differently if I had more money…
Prohibition on Privacy and Mixing
The bill prohibits ‘financial institutions’ from ‘handling, using, or transacting business’ with
- Privacy coins
- Digital asset mixers
- ‘Anonymity-enhancing technologies’ (undefined..)
- Any digital assets anonymised using the tech above
Wtf is Anonymity Enhancement?
Firstly… ‘anonymity-enhancing technologies’ is extremely broad. If a protocol takes any step to increase anonymity, it would fall within this category.
Also, how are we defining the ‘baseline’ of anonymity on the blockchain? Wallet addresses? Transaction details? Transaction amounts?
Arguably, all blockchain transactions are ‘anonymity enhancing’ because they involve wallet addresses rather than government-issued identification…
Privacy-focused coins like Monero and Secret are attempting to preserve privacy on blockchain technology.
Given how anti-privacy the government appears to be, it’s a wonder that they don’t like normal cryptocurrencies…
Regulate Activities, Not Technology
AML concerns re privacy coins and mixers are warranted, but regulation would be better directed towards the AML and CTF prevention policies on the networks — NOT a blanket ban on all financial institutions from doing business with them.
This provision is ‘guilty until proven innocent’.
They’ve decided to avoid the complexity of regulating these entities directly, and simply prohibiting other businesses from engaging with them.
Privacy-first blockchain solutions are necessary for legal and legitimate purposes.
Forcing these protocols offshore will likely create a larger regulatory headache.
Mixers will be used for illicit purposes offshore, and then the proceeds of these transactions will be expropriated back to US citizens. This seems harder to police.
Compliance was never fun. Now it’s even LESS fun.
The final point above is also challenging from a compliance perspective — preventing financial institutions from transacting business with any digital assets anonymised using privacy-related blockchain technology.
Based on my reading of the bill, each financial institution will need technology to track whether a token has ever been subject to a digital asset mixer.
A feature of tokens and wallets is that their entire transaction history can be traced.
Any token which has been mixed will retain this digital footprint forever, regardless of whether the underlying network is considered a ‘privacy coin’.
AML Compliance
All classified MSBs subject to examination and review of AML programs, reporting obligations, and compliance with AML and CTF. Examinations are to be undertaken by:
- Treasury
- SEC
- CFTC
AML regulation is important, but it misses the mark here because Money Service Businesses have been poorly defined and classified. Fix the first issue (classification), then develop solutions to the second (AML and CTF).
Digital Asset Kiosks (essentially crypto ATMs)
This part of the bill is largely irrelevant imho.
If you truly subscribe to the ‘future of digital money’, you’re not planning to go to physical ATMs to withdraw fiat for crypto. The whole business model is a big fat oxymoron.
Anyway, Warren wants to require Digital Asset Kiosks:
- Submit physical addresses of kiosks every 3 months
- Verify the identity of each customer (gov-issued ID, name, DOB, physical address, and phone number for each transaction counterparty)
- FinCEN + DEA to issue reports
More reasons to make crypto ATMs a thing of the past.
Principles for Regulation
The crypto stack can be broken down into two buckets: 1) service providers and 2) infrastructure. There are obviously more complex abstractions, but let’s stick with this for now.
Within each level sits a split between centralisation and decentralisation. For example, a crypto exchange would be an example of a service provider. You can have centralised exchanges, like Binance, and decentralised exchanges, like Uniswap. A node operator is an example of infrastructure. You can have centralised nodes/validators, like those run by companies like Marathon Digital, and decentralised validators, such as those run by individuals or communities.
The infrastructure is the technology itself. Regulation should regulate the usage of technology rather than the technology itself. This is self-evident for a few reasons:
- Technology changes rapidly, and regulation will always be reactive
- Innovation always happens at the technology level first — by hindering technological advancement, use cases never evolve.
Regulate the service providers leveraging the technology.
One step further — leave decentralised entities alone. Develop a national framework to assess decentralisation, and allow it to flourish.
Given Warren’s poor record at passing bills in Congress and public outrage at the bill, its likelihood of passing is low.
However, always good to re-emphasise core values and fight for innovation-friendly regulation.
