Creativity cannot be restrained by rules anymore than it can be taught by them — Me
The Bottom Line Up Front (aka TL;DR)
- KYC History: Born in the USA. Slow evolution from 1970 Bank Secrecy Act. Sprawling, ineffective bureaucratic mess rooted in tax enforcement.
- EU Regulations on Wallets: Closes regulatory & financial surveillance gap between non-custodial wallets and fiat on/off ramps (CEXs). Perfectly sound reasoning from a regulatory perspective.
- Effect on Crypto Markets & Holders: Minimal to none. Adds one additional KYC point for already known CEX user. Transfer to new wallets & non-CEX users not impacted.
- Effect on CEXs: Minimal, but has substantial regulatory perks. Very likely to be net benefit for crypto innovation with substantially increased regulatory blessing. CEXs (and enthusiasts) should embrace, not fight.
Introduction
Back in 2016, I wrote a three-part series for The Banking Law Journal about the current state of anti-money laundering (AML) regulations. If you really want a deep dive into the AML complex, you’re welcome to give it a read.
I take an iconoclastic perspective towards the whole AML regime. My views certainly won’t be embraced by all, but I think it’s a necessary perspective. Regardless, whether we like it or not, regulations are here.
I realise regulatory issues can be dry, but my hope is to tamp down the fud and help keep the conversation productive. Moreover, I think it’s critical for crypto devs and stakeholders to be involved, or we risk being regulated by those with the barest of qualifications (think Elizabeth Warren).
That said, let’s dig in!
EU rules
The two provisions causing alarm in the EU crypto space relate to data collection and storage. Of particular concern is the mandate that centralised exchanges (CEX) collect know your customer (KYC) information for any non-custodial wallet (e.g., MetaMask, Trust Wallet). The other concern relates to the mandate that centralised exchanges share KYC information with each other.
While it is understandable why these regulations are alarming, I think those fears are overblown. In fact, contrary to popular opinion in the pseudo-libertarian leaning crypto space, I think these regulations could actually benefit and accelerate the mainstream adoption of crypto.
I know that sounds bonkers. Allow me to explain.
KYC history
While it’s common today, the idea that you had to identify yourself to anyone was not always a thing. Likewise, the notion of banks acting as state snoops is also a relatively recent development. US citizens taking advantage of Swiss banking privacy laws and numbered Swiss accounts kicked the whole show off.
All through the 1950s and 1960s, Swiss banks were routinely used to avoid paying taxes in the US. While the politicians of the time pushed a narrative that said Swiss banks were a haven for “hoodlums”, the vast majority of Swiss accounts were used to shield stock market gains from taxation.
As just one example of many, Swiss banks would take customer money overseas, pool it, and then use those pooled funds to buy stocks on behalf of their customers (thus shielding any gains from taxation). Uncle Sam is the real Original Gangster when it comes to collecting debts. This obviously didn’t sit well with him.
The result was the 1970 Bank Secrecy Act (BSA). By todays standards, it was pretty tame. But back then, people were pissed. The very common and very uncontroversial idea at the time was, it’s my money and it’s none of anyone’s damn business what I do with it.
After many a court battle and a couple trips to the Supreme Court, BSA became the law of the land. BSA formed the basis of what has become the draconian financial privacy busting laws we have today. The original core just required basic record keeping for large cash transactions. The law was pretty toothless though and super easy to circumvent.
The “war on drugs” provided the pretext to expand the reach of the law. The “war on terror” has been used as pretext for what we have now. The scheme has never worked. It can’t. The core proposition amounts to making it a crime to commit crime.
And, yes, it really is as ridiculous as it sounds.
The basic scheme today runs like this: almost every financial intermediary that deals with cash has a legal obligation to identify you and any beneficial recipient of your money. They further have a duty to report any “suspicious” activity you might be doing with your money.
Ever been questioned by a teller at a bank? “Oh, going on a trip?” Or “buying a new car?” Those aren’t benign, they’re required by law. The original requirement was that a record be kept of any cash transactions above $10,000 (roughly $75,000 in today’s dollars). Today, any amount can be flagged, but the general threshold is between $1000 and $5000 US (around $135 to $675 in 1970).
Any “suspicious” transaction will trigger the filing of a Suspicious Activity Report (SAR). Send a $5000 wire? SAR. Deposit $3500 cash? SAR. Open a crypto account? SAR. Move money into or out of your crypto account? SAR.
AML regulators are paying close attention to crypto affiliated businesses like CEXs. Failing to ensure “adequate” AML safeguards are in place will cost a CEX huge fines. Because the ramifications of missing something are so high, the general practice is to say, “when in doubt, flag it.”
There is a largely unspoken recognition the whole thing is a smokescreen. Financial regulators receive millions of SARS every year. There are probably a few thousand people sifting through them. In reality, it’s all just noise.
Put simply, AML regulations are all form and no function. The overwhelming majority of AML prosecutions are for low level drug dealers, and usually for amounts in the hundreds of dollars. The most potent aspect of the law is it gives prosecutors enormous leverage to force a plea deal.
Doesn’t stop them from collecting info on you though. Remember, it’s never been about crime or drugs or terrorism. It’s about collecting taxes. The AML complex has been entrenched for so long now though, I think the people running the show actually believe they’re doing something useful.
Today, AML efforts are guided by a “risk-based” approach. Trouble is, how does one identify the harms and risks of money laundering? This is a sum of how the AML regime defines risk:
…money laundering risks are: a function of predicate crimes associated with money laundering, which are essential to understanding what facilitates or creates the opportunity for money laundering, in which it may be difficult to distinguish legal from illegal activity, though not all money laundering methods will have equal consequences.
If that makes sense, my hat’s off to you. In truth, the only reason we have this big convoluted mess of AML regulations to begin with is because it’s simply too difficult, politically speaking, to come right out and ban anonymous financial transactions. Cash makes it especially hard.
Why this a “nothing burger” for crypto
Obviously, it would be impossible to force a bank to prevent money laundering. AML rules essentially require financial entities to appear to be trying to prevent money laundering.
This is because the system has no way to do what it claims it can, namely to help prevent: terrorism, child trafficking, drug dealing, motorcycle gangs, piracy, illegal dumping, car theft and nearly 200 other “predicate crimes.” But it’s sure helps keeping track of where the money went and who has it now.
This leads to the EU regulations. The rule forces KYC on any wallet that interacts with a CEX. This makes sense, because a CEX is an entity where the government can:
1. Serve a subpoena.
2. Execute a warrant.
3. Seize records.
They also happen to be the only places where you can put cash in and take cash out. So, you KYC to open an account, but if you move whatever token you have on or off the CEX, it becomes difficult to prove you’re the beneficial holder of the sending or receiving wallet. The logical next step?
KYC whoever owns that wallet. Easy enough to do if it’s your wallet. You already KYC’d once, now you just have to prove you’re in control of your own wallet.
That’s it.
“But what if I want to send Bitcoin to grandma?” Easy. Move your Bitcoin to your wallet and press “send.” Grandma decides to buy a kilo of coke with it? Got nothing to do with you. They can’t make you KYC anybody.
Grandma wants to cash out at Coinbase? No problem. She’s gotta KYC. She’s got to do it anyway. This just introduces one more step. Is it a pain in the ass for the CEX to verify the wallet? Kinda.
Is there a technical solution? Almost certainly.
Does any of that sound any more difficult than what we’re doing now? It doesn’t to me. The second I’m off the CEX and into my non-custodial, it’s off to the races. And there’s nothing a regulator in the world can do about it, especially if I stay in crypto.
This new EU rule is just a logical extension of the already incomprehensible and grossly ineffective AML regulations.
Front-run transactions? No, silly, front-run the regs
As I argued in this article, crypto devs and stakeholders need to be front running regulations. To understand why, I’ll use an analogy to the firearms industry in the USA.
I know guns are a peculiarity of American culture. Whilst most of our Continental cousins (indeed, likely most of the world) are baffled by our affinity for guns, the fact remains they are an integral part of our wacky constitutional experiment (for better or worse).
But there are very clear parallels between the firearms industry and the crypto industry. Both tend to be populated by pseudo-libertarian ideologues that are adverse to any concept of government “control.” And both are incredibly irresponsible in their marketing, image projection and image protection.
Both are also heavily (and mostly incorrectly) associated with crime and criminal activity. Likewise, both are grossly misunderstood by anyone not actively involved in their ownership and use.
What’s guns got to do, got to do with it?
There was a time in the US where you could order a gun from a catalogue and have it sent to your house, no questions asked. And by and large, no one cared.
Intense social upheaval in the 1960s coincided with a flood of inexpensive small handgun imports from overseas. The result was a rapid rise in homicides committed with those cheap imports. “Saturday Night Special” became a buzz-word.
The easy political reply was “cheap, dangerous weapons are flooding our streets.”
When regulations inevitably came in 1968, the gun industry fought them hard. Meanwhile thousands of people were getting shot daily. Public opinion became sharply divided and guns have been a political fundraising tool for both parties ever since.
From where I sit, the crypto industry is risking the same thing.
“Insane 1000x gains”
“Money printers go brrr!”
“Anonymous transactions”
“Crypto is going to replace money!”
The easy political replies are, “crypto scammers con innocent old ladies”, “crypto is a haven for fraud”, “Bitcoin enables drug trafficking (or oligarchs)”, “crypto represents a systemic financial risk.”
If the crypto industry fights the narrative, it will become a political pawn.
How do we avoid that? The industry must absorb the narrative.
Say to the EU, “hey, that wallet ID thing sounds like a GREAT idea. We’ve been worried about anonymous transactions too!” This would show everyone that we’re reasonable and responsible people. It signals that we can see why they’d be concerned about anonymous transactions (even if we don’t really give a shit).
And once we present ourselves as reasonable, responsible people, then we get an invitation to drive reasonable, responsible solutions. Why? Because we’re the experts in a highly technical field that only a fraction of the population understands.
Politicians are begging for help. All the crypto community has given them so far is a steady stream of constituents complaining loudly about fraud, scams, and hacks. That is political pressure and politicians have to respond.
The beauty of it is, AML regulations are an absolute joke. They don’t work. Surviving regulatory scrutiny in the AML space boils down to making it look like you’re trying really hard. AML compliance at the major banks amounts to:
1. Writing volumes of AML compliance manuals and procedures.
2. Documenting how they’re implemented.
3. Hiring a small army of analysts and compliance managers to sift through a mountain of noise and then flag anything and everything that looks even remotely weird.
That’s what doing “due diligence” and having “robust” AML compliance measures looks like.
In other words, it’s an ideal place to start figuring out how to integrate blockchain innovation into the political sphere with minimal functional impact.
Crypto needs a FINRA/IEEE combo platter
While the crypto space is currently dominated by computer science nerds, what it really needs is self-guided and self-determined governance. The politicians have no idea what to do about crypto.
So help them!
Model a governance body on some hybridised version of the Financial Regulatory Authority (FINRA) and the Institute of Electrical and Electronics Engineers (IEEE). Engage with political leaders and committees and see what problems need fixing.
Then find or create politically palatable solutions that don’t interfere with innovation.
Or, continue in the fashion of the recent Congressional hearings, where crypto industry leaders sat on their hands, begging a bunch of political rubes to tell them how to best run their businesses and protect their customers.
The benefits of proactive regulation and governance
Innovation thrives within sound, principled boundaries. Move fast and break things involves breaking things. The crypto industry sells itself as trying to fix things. The latest EU regulations are an opportunity to shape those boundaries by providing those fixes.
Crypto developers and enthusiasts can fight. Or they can cooperate. If blockchain devs can create sophisticated DeFi platforms, they can certainly figure out how to associate a wallet with a user who has already given up enormous amounts of identifiable information.
In turn, that kind of cooperative engagement gives politicians the willpower and political capital to embrace crypto. But we are at a crossroads right now. We can either choose the path we want, or have the path chosen for us. If we allow the latter, the likes of Elizabeth Warren might be leading the way.
In conclusion, the crypto space can either develop like the firearms industry did. Or it can develop in a way that makes crypto far more politically palatable and, more importantly, politically neutral.
We’ve only got a year or two until that door closes. We’d best figure out if we want to be inside. Otherwise, we’re going to be left out in the cold.
