HAS MY MIND CHANGED?
No. Fight for the future you want, not the one “they” think you need. https://t.co/PJndMsbtYf
Hey, what a week. Coinbase sent a signal of its intent to go public. Block.one revealed it has more than its purported 140,000 BTC war chest. And bitcoin is still above $20,000 – everyday adding a new notch to its longest streak.
Crypto experts
FinCEN is hiring two policy officers to help draft regulations related to the “threats” posed by the cryptocurrency space, advise financial institutions and collaborate across government and the private sector on crypto policy. Earlier this month, rumors swirled that Treasury Secretary Steven Mnuchin would rush out self-hosted wallet regulations many think would harm the crypto industry. The Block reported this may require crypto companies file a “currency transaction report” on crypto transactions over $10,000 involving a self-hosted crypto wallet. (More on this below.)
Coinbase IPO
Coinbase filed preliminary paperwork to go public, beginning the long road to what could be the first major Bitcoin company trading on U.S. stock exchanges. This summer, rumors swirled that the firm, last valued at $8 billion, would pursue a “direct listing” rather than the bank-heavy traditional route of an initial public offering – though Thursday’s “confidential” filing offers few clues. Messari estimates the firm could fetch $28 billion on the open market.
State of the chain?
Compound Labs released a white paper Thursday detailing its plans to create Compound Chain, an application-specific blockchain that can provide money market services across multiple networks. The DeFi protocol is looking to beat Ethereum’s high gas costs, lack of chain interoperability and other technical challenges – though there’s no timeline for launch. Perhaps most important, it’s looking to target the nascent field of central bank digital currencies.
Digital cash
Two weeks ago, Coinbase’s Brian Armstrong threw the crypto community into a tizzy when he spoke of rumors of a potential Treasury Department measure meant to introduce oversight of “self-hosted wallets.” The term wasn’t exactly well-known (Armstrong even included a rough definition in his late-night tweet thread) but the possible repercussions were immediately intuited. The markets – then on a month-long climb – faltered.
Self-hosted crypto wallets are a key part of blockchain technology, and what many crypto purists would call the only acceptable way to store your coin. Also known as non-custodial wallets or self-custody wallets, they allow users to interact with a blockchain network and store crypto without relying on a “third-party financial institution,” to use Amstrong’s term. (“Unhosted” was coined by the Financial Crimes Enforcement Network [FinCEN] in 2019, to compare to wallets hosted by intermediaries.)
“This proposed regulation would, we think, require financial institutions like Coinbase to verify the recipient/owner of the self-hosted wallet, collecting identifying information on that party, before a withdrawal could be sent to that self-hosted wallet,” Armstrong tweeted at the time.
It was a broad understanding of what could have broad, irreparable harm for a young industry. Everything from hard wallets to open finance (DeFi) protocols could conceivably be affected. “It would force corporations to know every counterparty to their users’ crypto transactions, keeping logs, tracking movements and verifying identities even before a transfer could take place,” my colleagues Danny Nelson and Sebastian Sinclair wrote.
Last night, The Block gave a peak under the hood to the still murky regulation. According to an anonymous source, Treasury’s Steven Mnuchin is looking to implement a transaction reporting rule for money services businesses (MSBs) that interact with unhosted crypto wallets. The fine details, like if there is a transaction reporting level, are unknown.
Also still dark: When such a regulation might go into effect – from today on, reportedly – and whether there will be a period for public comment. What’s important to note is the rule doesn’t seem to be an outright ban on unhosted wallets.
These so-called currency transaction reports (CTR) institutions may be required to file are a way to bring the type of guidance and oversight to blockchains as had existed in much of the traditional financial system. But many argue it goes a step too far. For years, most oversight of crypto came in the form of on-ramps, such as know-your-customer (KYC) requirements at exchanges. Though the FinCEN has pushed forward a “travel rule” adopted by most jurisdictions that introduces reporting requirements for “virtual asset services providers” (VASPs).
As such, whatever regulation the Treasury may hand down is part of a greater trend towards financial oversight. As CoinDesk’s Ian Allison reported, blockchain analytics companies have long flagged funds moving to and from private crypto wallets. Now, self-custody is “the next fault line for crypto regulations,” he said.
“Policymakers fear that full maturity of these decentralized protocols could foreshadow a future without financial intermediaries, which would significantly inhibit law enforcement’s ability to identify, prosecute and otherwise disrupt illicit financial networks in an environment when the effectiveness of these tools is already being challenged,” Head of Risk, Compliance and Regulatory Policy at cLabs Jai Ramaswamy wrote for Coin Center.
What’s troubling, however, is these new rules are introducing an unprecedented level of oversight over our financial lives, the argument goes. As the Blockchain Association points out, in enabling peer-to-peer transactions, self-hosted wallets are a necessary tool in maintaining a digital equivalent of cash. Cash has no identity requirements. Cash is also used by nefarious actors. But allowing people to engage in commerce and exchange freely is a net benefit for society.
In treating all digital commerce as suspect, or “high risk,” is unnecessary and misguided the Blockchain Association argues.
“The issue at hand is nuanced, the potential implications are far-reaching, and numerous valid but sometimes competing interests, such as empowering law enforcement while protecting citizens’ fundamental rights, must be considered and balanced,” the association writes.
The Takeaway:
Regulated crypto is close to crossing the Rubicon – and we’re not talking about the next price breakthrough.
The steady creep of know-your-customer (KYC) requirements over firms that touch digital assets is now at the foot of private, self-hosted wallets.
This move, which begins with regulated exchanges being required to do due-diligence on non-custodial wallets they connect to, is already underway in places like Switzerland and Singapore, with the U.S. rumored to be next.
Self-custody (being your own bank) and carrying out peer-to-peer transactions with a modicum of privacy is how crypto was designed. And while the Financial Action Task Force (FATF) seeks to impose a traditional anti-money laundering (AML) framework onto virtual asset service providers (VASPs), it’s worth restating that crypto was born out of a desire to disintermediate traditional finance, rather than break the law or facilitate money laundering.
Deep in the thick of the standoff between crypto users and regulatory authorities are blockchain analytics firms such as CipherTrace, Chainalysis and Elliptic (which often act as a window into crypto for law enforcement agencies).
It’s uncertainty that regulators see as problematic.
Rightly or wrongly, these sleuthing companies are guided by certain red flags when it comes to tracking funds around the cryptosphere, seeing regulatory risk wherever money moves in and out of self-hosted wallets, privacy coins, peer-to-peer exchanges and bitcoin ATMs, for example.
Self-hosted wallets remain outside FATF’s reach for now, but the proportion of funds moved between exchanges and private wallets is a focal point for blockchain sleuths. This is not necessarily to do with criminal activity, said CipherTrace CEO Dave Jevans, but simply because authorities can’t see what’s going on.
“It’s uncertainty that regulators see as problematic,” Jevans said.
In a previous article, CipherTrace provided a snapshot of exchanges domiciled in the Seychelles, giving each a KYC score. Here, the analytics company dives into non-custodial and peer-to-peer exchanges such as ShapeShift, LocalBitcoins and Paxful.
ShapeShift, the non-custodial exchange launched in 2014 by privacy advocate Erik Voorhees, has been an ongoing subject of KYC and fund-flow analysis by CipherTrace. In August 2018, ShapeShift hired former Hogan Lovells partner Veronica McGregor as the exchange’s chief legal officer, and soon after began requiring customers to reveal their identities to the exchange.
ShapeShift had been given a “red” or weak KYC score by CipherTrace, which had also highlighted the proportion of funds flowing in and out of private wallets as a likely indicator of illicit activity.
However, this score has since been upgraded to green by CipherTrace, which acknowledges that grading the KYC processes of exchanges is a “dynamic state of affairs.”
“We agree that their KYC processes today are green,” said John Jefferies, chief financial analyst at CipherTrace. “ShapeShift is a very unique company, with an interesting past. This has spurred us to look at this edge case. Before September 2018 they had no KYC, and those hundreds of thousands of transactions are still on the blockchain and some are involved in ongoing investigations.”
Hannah Burke, ShapeShift director of compliance, said the firm’s revamped KYC involves the collection of a full range of personally identifiable information (PII) as well as screening for sanctions and politically exposed persons (PEPs), which the firm has been independently audited on.
As far as funds coming from private wallets is concerned, Burke said ShapeShift is non-custodial by design. “Our users will typically use their wallets rather than transferring between exchanges. So it’s not a shock to me that private wallets make up a pretty good percentage,” she said.
ShapeShift stands at the intersection of crypto privacy issues, having recently removed support for privacy coins, zcash, monero and dash.
“We’ve taken down the privacy coins because of their regulatory concerns,” said chief legal officer McGregor. “At least for the moment, we’re not working with those coins.”
It just comes down to a fundamental view they have on what crypto should be all about.
Privacy coins such as zcash and monero, and privacy-enhancing wallets (Wasabi, Samourai and others) have valid uses, but are also clear red flags, said Jefferies of CipherTrace.
“There are ways to be compliant with tech like privacy coins,” Jefferies said. “There are ways to make them safe and establish the source of funds, so they’re not inherently bad, per se. However, they do carry with them additional risk.”
The Electric Coin Company, the creators of Zcash, commissioned the RAND Corporation to explore the use of cryptocurrencies for illicit or criminal purposes, focusing on Zcash.
Rand’s yearlong study showed the top cryptocurrency being used on dark markets or for money laundering and terrorist financing is far and away bitcoin, said Josh Swihart, vice president of growth at the Electric Coin Company.
“Of course, it’s not the number one currency, because the number one currency used for illicit purposes is the dollar, through regulated banks. But the main cryptocurrency is bitcoin, way ahead of even Monero,” Swihart said.
In terms of what’s happening on exchanges with privacy coins, Swihart pointed to the U.S.-based exchange giant Gemini becoming the first regulated exchange to support sending funds to shielded Zcash transactions. In support of Zcash shielded deposits and withdrawals, Gemini stated that they use enhanced due-diligence and may request users provide information on their source of funds, Swihart said.
“Zcash is compliant under U.S. regulation,” said Swihart. “As evidenced by Zcash support at Gemini, Coinbase and others, ShapeShift’s delisting of zcash, monero and dash does not mean that Zcash isn’t compliant. It’s specific to ShapeShift.”
CipherTrace has some history when it comes to LocalBitcoins: A
“On the subject of private wallets, we recommend to our users not to keep funds in their LocalBitcoins wallet more than they are planning to trade with because we don’t want to act as a wallet service,” said Elena Tonoyan, the firm’s chief operating officer. “Generally, it’s not very safe to keep bitcoins on any platform. There are hundreds of reasons why users might have a couple of wallets or just choose to keep their bitcoins in private wallets.”
Tonoyan pointed out that LocalBitcoins’ revamped compliance procedures means KYC is done on all users of the platform, and it’s not the case that older or previously existing accounts are grandfathered into the new regime.
“I would like to point out that we do KYC on all our customers,” said Tonoyan. “Say you had created a LocalBitcoins account back in 2014, to continue using the platform you would have to comply with everything we are asking you to do. We give those users who want to continue with us a deadline of 30 days to comply.”
The LocalBitcoins tiered KYC system, which includes mandatory ID verification and face match when a user transacts over 1,000 euros ($1,190) per annum, kicked in for all users following the arrival of the Europe’s Fifth Anti-Money Laundering Directive (AMLD5).
P2P exchange Paxful has been upgraded to a green KYC score by CipherTrace.
In April of this year, Paxful made identity verification mandatory for U.S. citizens and residents, with European and Canadian users added in August, according to Lana Schwartzman, chief compliance officer at Paxful. Paxful has also teamed up with KYC experts Jumio and uses Chainalysis’ know-your-transaction (KYT) tools.
“We have various proactive controls in place, one of which automatically blocks send-outs to specific categories, clusters or addresses,” Schwartzman said. “For example, when the Twitter hack occurred, within minutes we were able to add the addresses associated with the hack and stop all outgoing send-outs.”
Analysis of Paxful fund flows carried out by CipherTrace shows “a fairly high percentage” coming in from gambling and high-risk exchanges, and going straight out to ATMs, said Jevans. In terms of private wallets, this accounts for some 75%, so the source of those funds is “questionable,” he said.
“So people are cashing out their fiat in a way that’s probably not KYC’d because the ATM vendors are probably some of the last – at least outside of the U.S. – to start to implement KYC and AML,” Jevans said. (Despite a recent drive to clean up its act, the bitcoin ATM industry is likely to remain a clear red flag for a number of reasons.)
Summing up, John Salmon, a London-based partner at law firm Hogan Lovells who specializes in fintech, said the CipherTrace findings show the difficult marriage of regulatory and ideological concerns.
“There are also reasons why people might want to use privacy coins and it doesn’t mean that they are all money launderers or criminals,” said Salmon. “It just comes down to a fundamental view they have on what crypto should be all about.”
