Regulatory landscape, blockchain, and privacy
Blockchain and crypto-currency have drawn a healthy debate on whether the anonymous nature of the transactions makes money laundering easier or harder. Some of the early adopters of bitcoin were synonymously criminals making dealings in the black market, using the network to wipe dirty cash off the books into untraceable virtual currency, which they could more easily access in various countries. Fears of criminals taking advantage of blockchain-based networks still exist, but practical and positive applications of using blockchain to fight against money laundering have grown in popularity amongst banks. This approach applies a secure and digital identity-management overlay on top of blockchain-based crypto-currencies to produce a traceable digital trail (in sharp contrast to the current popular and non-traceable fiat paper trail) as a reliable way to track transactions.
In the context of know-your-customer (KYC) and identity tracking, the same is true. The latest practical implementations debunk the prior notions that crypto-currencies always anonymize user identities, and in the process protect criminal identities from being traced. Many are now seeing blockchain as an opportunity to leverage the network to improve a financial institution’s ability to securely and privately identify users and comply with KYC requirements. The adoption of digital wallets by retailers will create a new barrier for users that do not opt-in to verify their accounts. Some new companies are creating blockchain-based, identity-verification solutions that allow consumers to authorize the use of their identities in real-time.
FinCEN (Financial Crimes Enforcement Network) published guidance on the “Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies”, which defines convertible virtual currency as any virtual currency, or “medium of exchange”, that either has an equivalent value in real currency or acts as a substitute for real currency. The Bank Secrecy Act (BSA), which regulates financial institutions with various subcategories, grants regulators the power to craft new or more specific subcategories and definitions, as done here by FinCEN.
The BSA is focused on what “activities” persons and/or businesses perform such as banking, funds transfer, etc., and not necessarily on which “technologies” are being used to perform those activities. The majority of these activities are defined in regards to exchanging, storing or otherwise dealing with “currency”. However, “currency” as defined by the BSA is “the coin and paper money of the United States or any other country”. So no crypto-currency activity, such as bitcoin, would fit within this definition of “currency” as the medium.
The “money transmitter” subcategory of “financial institution” has a broader definition extending to money transmission involving “currency or other value that substitutes for currency”. The newly defined convertible virtual currency falls into that category. Rather than crafting a newly regulated activity or technology-based regulation, FinCEN simply clarified why activities performed using bitcoin or any other currency substitute may fit within the existing definition of “money transmitters”. This falls into the even broader category of “money service business” (MSB) and, in turn, is one of the several sub-categories of “financial institution”. Because of this nesting game of word definitions in the FinCEN guidance, a virtual-currency business could be classified as a “money transmitter”.
The guidance also defines three categories of persons: administrators, exchangers and users, and explains why only administrators and exchangers qualify as “money transmitters” and therefore must comply with the BSA. Under FinCEN’s regulations: An exchanger that accepts and transmits a convertible crypto-currency or buys or sells convertible crypto-currencies is a money transmitter. The definition does not include individuals buying or selling crypto-currencies as a personal investment or for other personal purposes. “Accepts and transmits” means you take crypto-currencies from one customer and send it to another person or persons on their behalf. You have to do both, accept and transmit, so if you are only accepting crypto-currencies from someone or only sending crypto-currencies to someone (possibly in return for a good or service), then you are not a money transmitter. You are a money transmitter if you are an exchanger who buys and sells (such as a brokerage or exchange service for customers). If classified as an exchanger, the business must register with FinCEN as an MSB, have a risk-based know-your-customer and anti-money-laundering (AML) program, and file suspicious activity reports (SARs).
The recent upswing in KYC requirements for new and existing crypto-currency wallet owners internationally suggests that such standardization could be crucial for ensuring the proper functioning of the crypto-currency industry as it nears sovereign recognition. The blockchain protocol could be revised to limit transactions to KYC-verified wallets only. All transactions could be traced back to an identified e-wallet. Moreover, AML-risk analysis, alert and report-generating mechanisms could be integrated within the crypto-system, instead of monitoring only the entry and exit points.
Privacy regulations, specifically GDPR (General Data Protection Regulation), are at odds with key principles of blockchain, namely the “right to be forgotten” protection GDPR provides. This could severely impact crypto-currencies’ survival in Europe. The “right to be forgotten” enables users to request permanent deletion of their data from services they use. Blockchain’s immutability (a key aspect of the protocol) prevents such an action from taking place. GDPR also mandates that organizations remove any historical user data if that user is no longer their customer, yet again contradicting blockchain. The tug of war between blockchain advocates and GDPR proponents is an ongoing battle, and there are projects underway to reconcile the two.