Friday, January 1, 2021

The Financial Crimes Enforcement Network Has Proposed Some New Rules For Cryptocurrencies

 From Bitcoin Magazine, December 30:

An Open Letter To FinCEN: Newly Proposed Regulations On Cryptocurrency

Policy Division
Financial Crimes Enforcement Network
P.O. Box 39
Vienna, VA 22183
FinCEN Docket No. FINCEN-2020-0020, RIN 1506-AB47

December 30, 2020

To Whom it May Concern:

I am Ben Davenport, an entrepreneur and investor. I previously co-founded BitGo, the first non-custodial multi-sig wallet provider, and now leading provider of custodial services for cryptocurrencies. I am also an investor in companies like Kraken, Xapo and Paxos. Today, I am a Venture Partner at Blockchain Capital, the oldest venture fund in the cryptocurrency space. These comments are my own, and do not reflect the opinions of either my current or former employer, or the companies I have invested in.

I appreciate the opportunity to comment on the proposed regulations. However, I take serious issue with the process by which these proposed rules are being rolled out. Rather than a more standard 30- or 60-day comment period, FinCEN has decided to use only a 15-day comment period, at the peak of a pandemic, at a time of year when most people are enjoying time with their families. It feels unnecessarily rushed, and gives the appearance that FinCEN and/or the Secretary are attempting to slip new regulations through unopposed, or to simply steamroll through any such opposition. FinCEN owes it to its own reputation & credibility, as well as to the American people, to immediately lengthen the deadline for comments, so that more thoughtful & diverse voices can be heard.

I also have serious objections to the substance of the rules themselves. The new rules would:

  • go far beyond any existing measure of financial surveillance,
  • provide little in terms of new investigatory powers,
  • push bad actors to offshore or unregulated venues,
  • destroy Americans’ financial privacy, and
  • put Americans in real physical danger.

Comments on CTR Requirement

The rules propose applying the existing CTR reporting framework to any customer making a withdrawal or series of withdrawals over $10,000. On the surface, this may seem reasonable, since the same rules apply to customers withdrawing cash from a bank or MSB. But below I give some important reasons why this is not a straightforward analogy, and explain why the rules as proposed would create serious risks for Americans.

i) The traceability of cryptocurrency means permanent privacy loss for Americans.

While Bitcoin and cash are both bearer assets, they are very different in terms of traceability. Cash is effectively untraceable once it has left the bank. On the other hand, Bitcoin and other cryptocurrencies are highly traceable, and law enforcement agencies say that they would much prefer that criminals use cryptocurrency rather than cash, exactly because of the tracing powers it gives them. In fact, transaction history on a blockchain lives forever, and becomes more traceable every day, both as new techniques evolve, and as more blanks are filled in, making it a particularly bad choice for criminals.

All this means that once FinCEN has a database of every major withdrawal by any customer, they not only know the fact of that withdrawal, but they can watch and trace, in real time, the flow of all of those funds on the blockchain. Or, if the transaction is a deposit, FinCEN can look back in time to trace the user’s complete prior history of transactions no matter how small or innocuous. In other words, the proposed rules would violate law-abiding Americans’ privacy in a way that is far beyond the existing ability to subpoena bank/MSB records, because they operate in a broad undiscriminating manner, much like mass wiretapping and bulk phone metadata gathering.

ii) The massive aggregation of data puts Americans in real, physical danger.

The proposed CTR requirements would create a massive database at FinCEN/Treasury which would ultimately put Americans in real physical danger. The huge amount of data would create a honeypot so juicy as to be irresistible to hackers, whether state-sponsored or monetarily-motivated. And with the recent revelation of major databases at Treasury being hacked and stolen, this risk is far from theoretical. 

It is likely that most cash withdrawals subject to CTR are not taken home and put under the customer’s mattress. Rather, they are used relatively soon thereafter, to make a large purchase, to gamble in Las Vegas, or for some other transactional purpose (whether licit or illicit.) On the other hand, Bitcoin and other cryptocurrencies are largely used as investments. So, a withdrawal to a non-custodial wallet is more likely than not to be simply a person deciding to hold his own assets without being subject to counterparty risk.

This means that, while a traditional CTR record for cash is not that valuable to an attacker, since the cash is usually long gone, a CTR for cryptocurrency can be extremely valuable. The record would contain the subject’s name and physical address and the address and amount of cryptocurrency. The attacker can even see on the public blockchain whether the coins have moved or not, guiding them to the most vulnerable victims to extort. Even a database theft from a single bank or MSB can cause innumerable problems for the affected customers. But concentrating the risk at the Federal level, endangering every American holding more than a token amount of cryptocurrency, is simply unconscionable.

This point is so critical, I will reiterate: Creating a centralized repository of individual owners of cryptocurrency puts them all at serious risk, and, far from reducing crime, creates the potential for an eventual unprecedented wave of violent crime.

iii) Large cryptocurrency deposits & withdrawals are far more common than with cash.

The percentage of cash withdrawals or deposits where something nefarious is involved may be relatively substantial (although I don’t know the specific numbers). This is simply because in today’s world there are not that many types of transactions where cash is needed or desired, and so illicit uses make up a correspondingly higher fraction of the overall cash transactions. On the other hand, with cryptocurrencies, which are predominantly held as investments, larger transactions are simply an everyday occurrence. And it is common wisdom in the community that trusting exchanges to hold one’s coins for the long term is a very bad idea due to the risks of cybercrime and/or fraud by the MSB....