Why the FATF Travel Rule Shows the FinCEN Crypto Wallet Rule Can Work

by Maxim Bederov
  • The FATF has proved that mutually-acceptable solutions to AML and terrorism financing can be found.
Why the FATF Travel Rule Shows the FinCEN Crypto Wallet Rule Can Work
FM
Join our Crypto Telegram channel

One of the more significant controversies to roil the cryptocurrency industry in the last 12 months is the proposed crypto wallet rule.

On 18 December 2020, the US Financial Crimes Enforcement Network (FinCEN), part of the US Treasury, issued a Notice of Proposed Rulemaking (NPRM) that would require banks, crypto exchanges, and any other money services businesses to collect Know Your Customer (KYC) ) data on anyone transferring cryptocurrency worth $3,000 or more to or from a private wallet.

It caused an immediate outcry for two reasons.

Firstly, the initial consultation for the NPRM was just 15 days and was scheduled to run over the Christmas and New Year period when most of the world was shutting down for the holidays. Cryptocurrency advocates smelled a rat. Normally consultations last for at least 60 days to allow for wide-scale representations from industry participants.

Maxim Bederov

Maxim Bederov

Second, the diktat appeared designed to be pushed through as part of the death throes of the outgoing Trump administration. Within weeks, Treasury Secretary Steven Mnuchin would be deposed by the incoming Joe Biden presidency, with former Federal Reserve chair Janet Yellen lined up to replace him.

Critics swiftly rounded on FinCEN saying it would be technically impossible for most businesses engaged in crypto services to comply with the ruling. Smart contracts by design do not contain name or address information and are simply pieces of code that enact transactional data.

Within days, FinCEN reported it had received over 7,500 'robust' comments.

The response from Katie Haun, a former Federal Prosecutor and Partner at VC giant Andressen Horowitz (a16z), was typical of the immediate feedback from the industry.

Via Twitter, she alleged that Mnuchin was “trying to squeeze regulatory changes into the tail end of an administration with no process”, promising that a16z would challenge the “procedurally defective...vaguely written...overbroad” ruling in court if it ever got close to being imposed.

Peter van Valkenburgh, Director of research at Coin Center, put it best when he characterised FinCEN’s move as an underhanded ‘midnight rule’, noting that: “The time constraints of the so-called midnight period should never be an acceptable justification for imposing rules on Americans and innovative American businesses without sufficient opportunity for notice and comment.”

“In similar situations, banks have been treated to extensive consultation and a gradual (sometimes absurdly slow) rulemaking process. For example, FinCEN has had a bank customer due diligence rulemaking pending and unfinished since 2014.”

Timeline of a Bungled Rule Change

  • 18 December 2020: Steven Mnuchin’s FinCEN issues wallet rule NPRM with unprecedented 15-day consultation immediate backlash.
  • 2 January 2021: Original 15-day consultation planned to close.
  • 14 January 2021: Under-fire FinCEN announces it is extending the crypto wallet rule comment period for 45 days.
  • 21 January 2021: President Biden freezes all Treasury Department rulemaking for 60 days pending a review.
  • 22 March 2021: FinCEN regulatory ‘freeze’ scheduled to end.

What the Industry Learned from the FATF Travel Rule

In 2018 the Financial Action Task Force’s ‘Travel Rule’ — later codified as ‘Recommendation 16’ — prompted one of the first major existential crises for the industry. The Travel Rule would attempt to bring cryptocurrency transactions into line with wider Regulation around anti-money laundering (AML) and KYC, specifically calling for personal data to ‘travel’ with transactions. Any person who received over $1,000 in cryptocurrency must be identified, they said. The recommendations were finalised in June 2019 and the deadline for compliance set 12 months later.

As one of the world’s most powerful intergovernmental watchdogs, when the FATF speaks, financial services businesses sit up and listen.

But, crypto industry participants argued forcefully that the Travel Rule was anathema to the way that cryptocurrency worked. One response by Global Digital Finance laid out the issue in stark terms.

In a commentary letter to the FATF consultation back in April 2019, GDF explained the difference between Bitcoin addresses and IBAN banking codes, both of which are used to send and receive transactions. The letter noted that while IBAN numbers contain information about the entity that sends or receives a transaction built directly into their code, as opposed to Bitcoin addresses which are a randomly generated string of letters and numbers (alphanumerics).

This showed the impossibility of the FATF request; Bitcoin addresses are simply not designed to elicit identifying information in the way that traditional banking codes are. As Finance Magnates noted, efforts to collect data could in fact encourage “P2P transfers via non-custodial wallets, which are significantly harder for law enforcement to track or control.” Such is the law of unintended consequences: financial regulators’ efforts to intervene in this complex system could produce an entirely unwanted outcome.

In truth, the crypto industry managed to find a way to satisfy the FATF Travel Rule without breaking cryptocurrency altogether.

First came Ciphertrace which said it had created software that would create a validation certificate to confirm transactions sent between exchanges and wallets. At the time the company’s marketing lead, John Jeffries summed up the situation: “The industry has said it’s virtually impossible to adhere to the Travel Rule. The reality is it can be done.”

Dutch multinational ING became the first bank to put forward a solution in June 2020, with its ‘FATF-Friendly’ protocol for tracking transfers. Custodian BitGo later added support for the Travel Rule through an extended API that would collect the information of the sender and receiver. And Coinbase — whose direct listing IPO is coming up shortly — designed a P2P system for sharing user information under the Travel Rule stipulations, for example.

And, the FATF has responded positively in kind, noting in a 25 February 2021 update [our emphasis]: “Transitioning from rules-based supervision to risk-based supervision takes time and can be challenging as the results of mutual evaluations have shown.”

The FATF recognised correctly that the cryptocurrency industry wants to comply with regulation: through regulation comes certainty, shared priorities around preventing money laundering and terrorism financing and an overall better experience for consumers and investors.

The same collaborative solution-building must happen when FinCEN reconvenes after President Biden’s regulatory freeze comes to an end. But, it can only work with mutual respect on both sides.

Conclusion

The picture for the crypto industry is much changed from 2018. It is no longer largely isolated from the mass of venture capital funds, private equity, banks and financial services businesses that deal with trillions of dollars of daily transactions: in fact, it is inextricably intertwined. Cryptocurrency is now firmly embedded in world banking systems — not least in recent guidelines that US banks can custody crypto and use stablecoins for payment settlement, or the fact that the world’s largest custodian bank BNY Mellon, with $41trn in AUM, no less, now moving to custody billions of dollars of crypto assets for asset managers, pension funds and endowments globally.

It is possible that FinCEN was not expecting the kind of overwhelming backlash they received. It is entirely possible that they misjudged the extent to which those affected would object to a last-minute piece of bait-and-switch rulemaking.

The FATF has proved that mutually-acceptable solutions to anti-money laundering and terrorism financing can be found: and that cliff-edge deadlines and threats are not the way to encourage better financial services. For example, the next FATF 12-month review is now underway and will come out in June 2021: suggesting that ongoing consultation with the industry will now take the form of a yearly rolling review.

New, dedicated organisations were set up in the wake of the Travel Rule to help financial services businesses comply with Recommendation 16, including the US Travel Rule Working Group, which was formed between 25 leading US virtual asset service providers to work on an industry-wide solution, and the Travel Rule Information Sharing Alliance, whose whitepaper proposes an open-source P2P mechanism to comply with the ruling.

That is the scale of the task ahead for the crypto wallet rule. More lobbying must target Joe Biden’s administration and capital must be spent, both political and financial, in pushing FinCEN towards that 'mutual evaluation' schema that the FATF has managed to introduce.

If the industry can move away from an adversarial relationship with FinCEN and push for closer collaboration as they did with the FATF, a solution that both sides are happy with is entirely within reach.

Maxim Bederov is an investor and entrepreneur.

One of the more significant controversies to roil the cryptocurrency industry in the last 12 months is the proposed crypto wallet rule.

On 18 December 2020, the US Financial Crimes Enforcement Network (FinCEN), part of the US Treasury, issued a Notice of Proposed Rulemaking (NPRM) that would require banks, crypto exchanges, and any other money services businesses to collect Know Your Customer (KYC) ) data on anyone transferring cryptocurrency worth $3,000 or more to or from a private wallet.

It caused an immediate outcry for two reasons.

Firstly, the initial consultation for the NPRM was just 15 days and was scheduled to run over the Christmas and New Year period when most of the world was shutting down for the holidays. Cryptocurrency advocates smelled a rat. Normally consultations last for at least 60 days to allow for wide-scale representations from industry participants.

Maxim Bederov

Maxim Bederov

Second, the diktat appeared designed to be pushed through as part of the death throes of the outgoing Trump administration. Within weeks, Treasury Secretary Steven Mnuchin would be deposed by the incoming Joe Biden presidency, with former Federal Reserve chair Janet Yellen lined up to replace him.

Critics swiftly rounded on FinCEN saying it would be technically impossible for most businesses engaged in crypto services to comply with the ruling. Smart contracts by design do not contain name or address information and are simply pieces of code that enact transactional data.

Within days, FinCEN reported it had received over 7,500 'robust' comments.

The response from Katie Haun, a former Federal Prosecutor and Partner at VC giant Andressen Horowitz (a16z), was typical of the immediate feedback from the industry.

Via Twitter, she alleged that Mnuchin was “trying to squeeze regulatory changes into the tail end of an administration with no process”, promising that a16z would challenge the “procedurally defective...vaguely written...overbroad” ruling in court if it ever got close to being imposed.

Peter van Valkenburgh, Director of research at Coin Center, put it best when he characterised FinCEN’s move as an underhanded ‘midnight rule’, noting that: “The time constraints of the so-called midnight period should never be an acceptable justification for imposing rules on Americans and innovative American businesses without sufficient opportunity for notice and comment.”

“In similar situations, banks have been treated to extensive consultation and a gradual (sometimes absurdly slow) rulemaking process. For example, FinCEN has had a bank customer due diligence rulemaking pending and unfinished since 2014.”

Timeline of a Bungled Rule Change

  • 18 December 2020: Steven Mnuchin’s FinCEN issues wallet rule NPRM with unprecedented 15-day consultation immediate backlash.
  • 2 January 2021: Original 15-day consultation planned to close.
  • 14 January 2021: Under-fire FinCEN announces it is extending the crypto wallet rule comment period for 45 days.
  • 21 January 2021: President Biden freezes all Treasury Department rulemaking for 60 days pending a review.
  • 22 March 2021: FinCEN regulatory ‘freeze’ scheduled to end.

What the Industry Learned from the FATF Travel Rule

In 2018 the Financial Action Task Force’s ‘Travel Rule’ — later codified as ‘Recommendation 16’ — prompted one of the first major existential crises for the industry. The Travel Rule would attempt to bring cryptocurrency transactions into line with wider Regulation around anti-money laundering (AML) and KYC, specifically calling for personal data to ‘travel’ with transactions. Any person who received over $1,000 in cryptocurrency must be identified, they said. The recommendations were finalised in June 2019 and the deadline for compliance set 12 months later.

As one of the world’s most powerful intergovernmental watchdogs, when the FATF speaks, financial services businesses sit up and listen.

But, crypto industry participants argued forcefully that the Travel Rule was anathema to the way that cryptocurrency worked. One response by Global Digital Finance laid out the issue in stark terms.

In a commentary letter to the FATF consultation back in April 2019, GDF explained the difference between Bitcoin addresses and IBAN banking codes, both of which are used to send and receive transactions. The letter noted that while IBAN numbers contain information about the entity that sends or receives a transaction built directly into their code, as opposed to Bitcoin addresses which are a randomly generated string of letters and numbers (alphanumerics).

This showed the impossibility of the FATF request; Bitcoin addresses are simply not designed to elicit identifying information in the way that traditional banking codes are. As Finance Magnates noted, efforts to collect data could in fact encourage “P2P transfers via non-custodial wallets, which are significantly harder for law enforcement to track or control.” Such is the law of unintended consequences: financial regulators’ efforts to intervene in this complex system could produce an entirely unwanted outcome.

In truth, the crypto industry managed to find a way to satisfy the FATF Travel Rule without breaking cryptocurrency altogether.

First came Ciphertrace which said it had created software that would create a validation certificate to confirm transactions sent between exchanges and wallets. At the time the company’s marketing lead, John Jeffries summed up the situation: “The industry has said it’s virtually impossible to adhere to the Travel Rule. The reality is it can be done.”

Dutch multinational ING became the first bank to put forward a solution in June 2020, with its ‘FATF-Friendly’ protocol for tracking transfers. Custodian BitGo later added support for the Travel Rule through an extended API that would collect the information of the sender and receiver. And Coinbase — whose direct listing IPO is coming up shortly — designed a P2P system for sharing user information under the Travel Rule stipulations, for example.

And, the FATF has responded positively in kind, noting in a 25 February 2021 update [our emphasis]: “Transitioning from rules-based supervision to risk-based supervision takes time and can be challenging as the results of mutual evaluations have shown.”

The FATF recognised correctly that the cryptocurrency industry wants to comply with regulation: through regulation comes certainty, shared priorities around preventing money laundering and terrorism financing and an overall better experience for consumers and investors.

The same collaborative solution-building must happen when FinCEN reconvenes after President Biden’s regulatory freeze comes to an end. But, it can only work with mutual respect on both sides.

Conclusion

The picture for the crypto industry is much changed from 2018. It is no longer largely isolated from the mass of venture capital funds, private equity, banks and financial services businesses that deal with trillions of dollars of daily transactions: in fact, it is inextricably intertwined. Cryptocurrency is now firmly embedded in world banking systems — not least in recent guidelines that US banks can custody crypto and use stablecoins for payment settlement, or the fact that the world’s largest custodian bank BNY Mellon, with $41trn in AUM, no less, now moving to custody billions of dollars of crypto assets for asset managers, pension funds and endowments globally.

It is possible that FinCEN was not expecting the kind of overwhelming backlash they received. It is entirely possible that they misjudged the extent to which those affected would object to a last-minute piece of bait-and-switch rulemaking.

The FATF has proved that mutually-acceptable solutions to anti-money laundering and terrorism financing can be found: and that cliff-edge deadlines and threats are not the way to encourage better financial services. For example, the next FATF 12-month review is now underway and will come out in June 2021: suggesting that ongoing consultation with the industry will now take the form of a yearly rolling review.

New, dedicated organisations were set up in the wake of the Travel Rule to help financial services businesses comply with Recommendation 16, including the US Travel Rule Working Group, which was formed between 25 leading US virtual asset service providers to work on an industry-wide solution, and the Travel Rule Information Sharing Alliance, whose whitepaper proposes an open-source P2P mechanism to comply with the ruling.

That is the scale of the task ahead for the crypto wallet rule. More lobbying must target Joe Biden’s administration and capital must be spent, both political and financial, in pushing FinCEN towards that 'mutual evaluation' schema that the FATF has managed to introduce.

If the industry can move away from an adversarial relationship with FinCEN and push for closer collaboration as they did with the FATF, a solution that both sides are happy with is entirely within reach.

Maxim Bederov is an investor and entrepreneur.

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}