The G20 group of nations has reaffirmed it will align with standards for anti-money laundering (AML) and countering the funding of terrorism (CTF) set to be finalized by the Financial Action Task Force (FATF) this month.
Finance ministers and central bank governors from the G20, who met in Fukoka, Japan, over the weekend, made the commitment to applying the rules in a communique published on the website of the Japanese Ministry of Finance on Sunday.
The FATF standards are expected to set tough operating procedures for crypto exchanges, going beyond the basic “know your customer” (KYC) rules that most major exchanges now abide by. In addition to verifying and keeping records of their users’ identities, exchanges and other service providers would have to pass customer information to each other when transferring funds, just as banks are required to do – a procedure known in the U.S. as the “travel rule.”
Blockchain analysis firm Chainalysis recently argued that the expected changes, as set out in a draft document in February, would be unrealistic and harmful for the crypto industry.
The G20, however considers the threat from crypto assets low, and recognizes their potential. The group said in the communique:
“Technological innovations, including those underlying crypto-assets, can deliver significant benefits to the financial system and the broader economy. While crypto-assets do not pose a threat to global financial stability at this point, we remain vigilant to risks, including those related to consumer and investor protection, anti-money laundering (AML) and countering the financing of terrorism (CFT). “
It’s also seeking possible additional measures, calling for the Financial Stability Board (FSB) and “other standard setting bodies to monitor risks and consider work on additional multilateral responses as needed.” The G20 welcomed the FSB’s directory of crypto-asset regulators, published in April, and its report on ongoing work, regulatory approaches and potential “gaps” in crypto-asset regulation.
Finally, addressing the issue of hacks in the crypto space, the G20 said:
“We also continue to step up efforts to enhance cyber resilience, and welcome progress on the FSB’s initiative to identify effective practices for response to and recovery from cyber incidents.”
Japanese flag image via Shutterstock
The Cat-and-Mouse Game of Crypto Regulation Enters a New Phase
Michael J. Casey is the chairman of CoinDesk’s advisory board and a senior advisor for blockchain research at MIT’s Digital Currency Initiative.
In the relentless cat-and-mouse game between regulators and cryptocurrency developers, the cats are about to add some serious firepower – this time in the form of a global alliance.
But if you think the intergovernmental Financial Action Task Force’s forthcoming know-your-customer (KYC) compliance standards spell the end for the mice, think again. If anything, the FATF’s move, expected to be released next month, will drive developers to accelerate work on non-custodial exchanges and other tools that will make it easier for end-users to transact directly outside of regulated intermediaries.
As CoinDesk managing editor Marc Hochstein explained last week , the new rules are likely to require exchanges and other custodial entities that take custody of their customers’ cryptocurrency to obtain identifying information about both parties before allowing a transaction over their platforms.
Functioning much like the FATF’s “travel rule” for correspondent banks, the new regulatory approach would be backed by the task force member institutions’ unique powers to “graylist”– and ultimately blacklist – entire countries if they are judged to be non-compliant.
When combined with the European Union’s forthcoming AMLD5 anti-money laundering rules for cryptocurrencies, the new framework conjures up the image of an all-encompassing global system for cryptocurrency transactions in which no one user is unaccounted for.
‘Satoshi’s vision’ destroyed?
Libertarian-minded cryptocurrency believers will view this as an abominable surveillance system that contravenes the censorship-resistant principles upon which bitcoin was built.
From a practical perspective, the new rules are going to be a burdensome imposition on custody-handling exchanges. It may well spur industry consolidation as smaller players may find the compliance costs too high. Blockchain analysis firm Chainalysis, which counts regulatory agencies among its clients, argued in a submission to the FATF that the new rules are impractical and would drive more activity in cryptocurrencies into services that make it much harder for authorities to track illicit activity.
The rules could also, sadly, add to the “de-risking” problem that excludes billions of under-identified people in developing countries from the global financial system.
But all is not lost. In most countries, there is nothing illegal about holding cryptocurrency itself under your own custody. And, as was clarified in guidelines recently published by the Financial Crime Enforcement Network, or FinCEN, the world’s regulatory institutions won’t, for now at least, be imposing the same KYC requirements on providers of self-custody wallet software.
What is likely to emerge, then, in parallel to the FATF-regulated ecosystem of regulated custody-taking institutions, is an entirely separate economy of peer-to-peer exchanges among people who control their own cryptocurrency.
If you hold your coins with Coinbase, you will no longer be able to send or receive crypto to or from just any old bitcoin address if it has been through a KYC process. Once you move your funds into a non-custodial account, you’ll be free to send them to any self-custody address, but if you’ve never formally associated your identity with that address via a regulated entity, you won’t be able to transact with a Coinbase address or one administered by any other regulated custody provider.
The point, though, is that this otherwise draconian regulatory framework still leaves room for Satoshi’s vision of a peer-to-peer payments system. And with more work on technical and business model development, that system could still become sizable.
In fact, the new rules could be a catalyst for developers to more urgently tackle the core technical and logistical challenges that have limited the adoption of self-custody cryptocurrency wallets. These challenges fall under the categories of security, market coordination and fiat on-ramps, all three of which are currently showing significant progress.
A key incentive for people to hold their cryptocurrency with custodial services such as Coinbase has been an unwillingness to risk either misplacing their private keys or having them stolen. Stories of hacks and loss abound and have long discouraged newbies from “being their own bank.”
In recent years, secure hardware wallets such as Ledger and Trezor have made it easier for people to control their assets without exposing their private keys to online hackers. But security experts claim to have found vulnerabilities. And the user experience is still far from convenient for the non-savvy.
Still, a new generation of smartphones that employ military grade security and end-to-end encryption should make it easier to securely hold cryptocurrency, locally, on a device that easily connects to the Internet for global payments. HTC led the way in this technology. Samsung is now catching up.
Phone makers are employing sophisticated, locally stored biometric proofs to indelibly tie control to a user. When combined with multi-signature technologies, human-friendly key recovery solutions such seed phrases kept with trusted associates, and a bit of education, the risk of loss can be reduced to an immaterial level.
Other changes to the ecosystem, such as decentralized insurance programs and more aggressive measures to hold phone carriers to account for “SIM swap” attacks such as the one that led Michael Terpin into a lengthy legal battle with a hacker and AT&T, will also boost confidence.
Over time, more and more people are going to feel more comfortable managing their own key custody.
Market coordination and fiat on-ramps
The next challenge is to reduce the widespread dependence on custody-based exchanges.
Cryptocurrency users need to efficiently find buyers and sellers, and until now, that has left them dependent on centralized exchanges, which are key targets of the new regulations.
The answer lies in the rapidly growing field of decentralized exchanges, where custody is retained by the investor and where technologies such as atomic swaps allow seamless peer-to-peer transfer of assets without either party being able to defraud the other.
As a nascent technology, DEXs currently struggle to attract the liquidity of the larger centralized exchanges, which makes them less attractive. But with Binance having launched a beta version, there is likely to be rapid development in this space.
Meanwhile, Boston-based startup Arwen has launched a protocol that would give investors access to the matching engines of large centralized exchanges but allows them to retain custody through a smart contract solution that locks up their coins in escrow. KuCoin has integrated a beta version of the technology into its exchange.
Even if decentralized exchanges and self-custody trading can help crypto-to-crypto transactions stay out of the regulatory net, they won’t solve the related problem of access to fiat currency. For the moment, that’s a service that has been almost solely provided by regulated, centralized exchanges.
The solution lies with the new batch of stablecoins, where dollar-pegged tokens such MakerDAO’s algorithmic solution, Dai, are competing with reserves-backed stablecoins such as those of Gemini, Paxos and a consortium led by Circle and Coinbase.
In theory, there’s nothing technical stopping these stable-value tokens from moving in and out of unidentified self-custody wallets, which offers a way around the fiat on-ramp problem by enabling access to de facto dollars, if not actual dollars. Only when users redeem them for actual greenbacks via the token-issuing companies will they drop into a regulated environment and have to identify themselves.
Facebook vs banks?
Now, all these services must be underpinned by real fiat resources, which means that stablecoin providers and DEX software providers will still need bank accounts. And given banks’ ongoing reluctance to support cryptocurrency businesses, obtaining them could be a potential obstacle to startups looking to grow of this ecosystem.
In this way, banks could continue to be the wedge with which regulators impose limits on the otherwise unregulated cryptocurrency industry.
But as I’ve argued elsewhere , banks’ growing interest in other blockchain developments, such as in making markets in tokenized equity and bond offerings, is going to induce them to support tokenized payments. This will eventually demand a more friendly approach to some of these service providers, especially stablecoins.
Most banks won’t want to cede the future of digital fiat payments to a competing bank such as JPMorgan , and they’ll be reluctant to let Facebook turn its more than 2 billion active users into an instant global payment network that bypasses banks. Ironically, that could draw them closer to rebel providers of these self-custody-enabling services.
The Tom and Jerry show will continue, in other words. Don’t change the dial.
Cat and mouse image via Shutterstock
Japan Scrutinizing Crypto Exchanges Ahead of G20 Summit
Japan’s Financial Services Agency (FSA) is said to be scrutinizing cryptocurrency exchanges in the country to ensure anti-money laundering (AML) processes are in place.
A report from the Nikkei Asian Review on Wednesday, citing an unnamed FSA official, said that inspections are being carried out ahead of the G20 summit next month. The G20 – the international forum of which Japan holds the presidency for 2019 – is planning measures to crack down on money laundering using cryptocurrency and, hence, the country aims to ensure that it has its financial house in order, they said.
Adding to the pressure, global money-laundering watchdog, the Financial Action Task Force (FATF), will review Japan’s domestic money laundering laws this autumn – an investigation that will include cryptocurrency platforms.
Cryptocurrency exchanges are, therefore, being asked by the FSA to clearly explain what measures they are taking to prevent money laundering, such as verifying user IDs to prevent anonymous transactions.
Last month, cryptocurrency exchanges Huobi Japan and Fisco were reportedly investigated by the FSA to assess their customer protection and AML provisions.
The FSA official said in today’s report:
“We’ll continue with the on-site inspections, and we’ll make sure everything is sound.”
Japan is also trying to make improvements after receiving the FATF’s lowest rating for customer identification processes at financial institutions in 2008, the official added.
The FATF published a draft document earlier this year, proposing a number of measures that national governments should adopt to more effectively supervise cryptocurrency transactions, and therefore lower money laundering risks.
Japan has already been making moves to tighten up the crypto industry. The nation passed a law in April 2017 that brought cryptocurrency exchanges under AML/know-your-customer (KYC) rules and mandated that such platforms must be licensed. The law also notably recognizes bitcoin as a legal method of payment.
Japanese flag image via Shutterstock
Beyond KYC: Global Regulators Appear Set to Adopt Tough New Rules for Crypto Exchanges
- The Financial Action Task Force (FATF) is set to finalize new international standards for regulating cryptocurrency firms next month.
- Those standards are widely expected to subject crypto exchanges, wallet providers and others to the “travel rule” long followed by correspondent banks.
- Industry representatives say this requirement would be onerous if not unworkable for crypto businesses, and bad for user privacy.
- FATF “recommendations” aren’t legally binding, but countries that don’t follow them get blackballed in the global economy.
The cryptocurrency industry is bracing for forthcoming international regulatory standards that would require exchanges to collect and share information about where and to whom they are sending money.
This would go beyond the basic “know your customer” (KYC) rules that bedevil many crypto users. In addition to verifying and keeping records of their own users’ identities, exchanges and other service providers would have to pass customer information to each other when transferring funds, just as banks are required to do. This is known in the U.S. as the “travel rule”.
Many in the blockchain industry have argued that this practice is at best onerous if not completely unworkable with cryptocurrency and apt to drive users away from regulated platforms.
Industry representatives recently made a last-ditch effort to persuade the Financial Action Task Force (FATF), an intergovernmental body, to reconsider or delay the proposed standard.
About 200 to 300 people, ranging from chief compliance officers of top exchanges to regional bitcoin brokers, attended FATF’s consultative meeting in Vienna, Austria, on May 6–7 to voice their concerns.
But the regulators – particularly those from the U.S., which holds the FATF’s rotating one-year presidency – appeared set on finalizing the standard with at most minor tweaks, according to four people who attended the Vienna meeting and spoke to CoinDesk on condition of anonymity.
Sigal Mandelker, the U.S. Treasury’s Under Secretary for Terrorism and Financial Intelligence, reinforced that impression in a speech last week at Consensus 2019 in New York.
For one thing, she said the standard was on track for publication next month.
“During its presidency of the FATF, the United States has worked with other countries to clarify how all countries should regulate and supervise activities and providers in the digital currency space,” Mandelker said, adding:
“We anticipate that in June the FATF will adopt a final version of its Interpretative Note, along with updated guidance to further assist countries and industry with their obligations.”
While Mandelker did not mention the travel rule, she referenced the 30-page clarifying guidance on cryptocurrency released May 9 by the Financial Crimes Enforcement Network, or FinCEN, a bureau of the Treasury Department. That guidance cites the travel rule throughout as something cryptocurrency businesses must follow.
“I encourage you all to read it closely,” she said.
Square peg, round hole
The Group of 7 (G7) advanced economies created the FATF to combat money laundering and terrorist financing, and the proposed standard seeks to prevent such actors from exploiting crypto.
“Some of the features of emerging technologies that appeal most to users and businesses – like speed of transfers, rapid settlement, global reach, and increased anonymity – can also create opportunities for rogue regimes and terrorists,” Mandelker said in her speech.
At issue is a single paragraph in the interpretive note on “virtual asset service providers” (VASPs), a category that includes exchanges and hosted wallet providers, that FATF put out for public comment in February.
Paragraph 7(b) reads in part:
“Countries should ensure that originating VASPs obtain and hold required and accurate originator [sender] information and required beneficiary [recipient] information on virtual asset transfers, submit the above information to beneficiary VASPs … and make it available on request to appropriate authorities.”
Likewise, when exchanges receive crypto payments on customers’ behalf, they should have to “obtain and hold originator information.”
To Joseph Weinberg, co-founder of the blockchain startups Shyft Network and Paycase Financial, this is shoehorning digital currencies into analog-era practices.
While the travel rule and similar regulations were written for a world when funds were always sent through intermediaries, “cryptocurrency transactions can occur from person to person, machine, smart contracts, and any other infinite set of potential endpoints – not just exchanges or businesses,” noted Weinberg, who is also an advisor on blockchain issues to the Organisation for Economic Co-operation and Development (OECD).
“This would become excessively onerous to manage and could drive the entire ecosystem back into the dark ages.”
A compliance officer at a U.S. exchange was more measured in his assessment, calling the pending requirements feasible, but a “paper-chasing exercise” and a “nuisance” that won’t further law enforcement goals.
“We’ll end up bothering good customers and asking them for information we can’t verify,” the executive said.
Illustrating the challenge, Global Digital Finance (GDF), a trade group based in London, noted in an April comment letter to the FATF that unlike a wire transfer, which by design requires bank, branch and account numbers for the recipient, a crypto transaction requires only an address.
Hence, an exchange sending crypto on a customer’s behalf “does not know with any certainty who the destination address is owned by, as there is no register of such addresses and new addresses can be created at any time.” Indeed, the sending exchange can’t be sure whether the recipient address belongs to another business, regulated or otherwise, or to an individual.
Further, the proposed reporting requirements could easily be circumvented, GDF argued. For example, a customer could send funds from an exchange to a non-custodial wallet (where the user controls the private keys). The owner of that wallet could then send the coins to someone at a different exchange, and neither platform would have captured both sides of the transaction.
As such, the standard could have the unintended consequence of “encouraging P2P transfers via non-custodial wallets, which are significantly harder for law enforcement to track or control,” warned the GDF letter, which executives from U.S. exchanges Coinbase and Circle and even bank-owned enterprise blockchain firm R3 co-signed.
FATF has teeth
To be sure, even if the FATF does adopt the guidance with the contentious part intact, the requirements wouldn’t take effect overnight. Member countries would first have to pass legislation or write rules putting the recommendations into effect.
But make no mistake: the oft-used phrase “FATF recommendations” understates the organization’s influence.
“The FATF recommendations are not legally-binding international law; however, because the FATF’s members – 36 economies and two regional bodies – include the largest and most important financial systems in the world, its rules have teeth,” said Julia Morse, Assistant Professor in the Department of Political Science at the University of California, Santa Barbara.
“When countries with large financial systems like the United States and the U.K. implement FATF standards, they change how international banks and financial firms do business globally. This creates downstream effects for countries that are not FATF members,” she said.
Further, the FATF examines member countries’ compliance with its standards, and those that don’t follow the standards can become pariahs in the global financial system.
“If non-compliance is severe enough, states/jurisdictions can be placed on a FATF graylist or, eventually, a blacklist. That serves as a strong warning to financial institutions around the world that transactions with those jurisdictions are suspect,” said Mark T. Nance an Associate Professor in the School of Public and International Affairs at North Carolina State University.
For now, industry members are awaiting the final guidance and hoping that governments will give them enough time to agree on a solution for sharing information among companies.
Industry leaders should be “recommending an extended adoption timeframe to ensure proper implementation and coordination across the industry implement,” Weinberg said.
There is some precedent for a grace period: FinCEN finalized the U.S. version of the bank travel rule in 1995 but due to required software changes it was not put into practice until 2004, according to American Banker.
Yet apart from the operational burdens on exchanges and hosted wallet providers, a travel rule-like requirement will likely be anathema to privacy-conscious crypto users.
Already uneasy entrusting their personally identifiable information (PII) to regular hacking targets, the cypherpunk crowd may chafe at having this sensitive data shared with yet more entities.
As Weinberg put it:
“This would eliminate pseudonymity as it pertains to any regulated entity and with it a significant portion of the basic appeal and premise of cryptocurrency.”
Sigal Mandelker image by Anna Baydakova for CoinDesk
Business News6 months ago
A Crypto Project That Raised $20 Million Is Caught Faking Its Founding Team
Asia-Pacific7 months ago
Two Thirds of Korean Crypto Exchanges Fail Government Security Check
eToro4 months ago
eToro Launches Full Crypto Exchange and 8 Custom Stablecoins
Features9 months ago
Why You Shouldn’t Fear the Blockchain Regulators
AMD7 months ago
AMD Cites ‘Absence’ of GPU Sales to Crypto Miners in Q1 Estimate
Accenture4 months ago
Central Banks Settle Cross-Border Payments With Blockchain for First Time
2018 Review8 months ago
Africa Needs Open Currency Competition. It Needs Cryptocurrency
Bitcoin9 months ago
Bitcoin Drops Below $3.4K to Set a New 2018 Low