1/ After a long wait, FinCEN has finally issued its new proposed rule extending AML regulation to non-custodial wallets.
It could've been worse (really), but it's still a terrible rule in both process & substance.
Here's what it says, what's wrong with it, & what we do next 👇
It could've been worse (really), but it's still a terrible rule in both process & substance.
Here's what it says, what's wrong with it, & what we do next 👇
2/ The rule would impose new obligations on virtual asset service providers (VASPs) like exchanges & custodians.
For deposits & withdrawals > $3k involving a non-custodial wallet, VASPs would have to record the name & physical address of the wallet owner.
home.treasury.gov/news/press-rel…
For deposits & withdrawals > $3k involving a non-custodial wallet, VASPs would have to record the name & physical address of the wallet owner.
home.treasury.gov/news/press-rel…
3/ VASPs would also have to report any deposit or withdrawal > $10k to FinCEN in the form of a currency transaction report (CTR).
FinCEN says these requirements are necessary to "combat the financing of global terrorism," "address transnational money laundering...." You get it.
FinCEN says these requirements are necessary to "combat the financing of global terrorism," "address transnational money laundering...." You get it.
4/ Before now, the Travel Rule only imposed these record-keeping & reporting requirements on transactions from VASP-to-VASP.
Today's proposal follows a global trend of extending AML regulation to transactions from VASP-to-wallet, as we've seen from Switzerland, France, & others.
Today's proposal follows a global trend of extending AML regulation to transactions from VASP-to-wallet, as we've seen from Switzerland, France, & others.
5/ Let's look on the bright side for a minute.
This doesn't require KYC for every transaction with a non-custodial wallet. It isn't an outright ban on self-custody. It doesn't prohibit the act of using a permissionless network.
It really -- REALLY -- could have been much worse.
This doesn't require KYC for every transaction with a non-custodial wallet. It isn't an outright ban on self-custody. It doesn't prohibit the act of using a permissionless network.
It really -- REALLY -- could have been much worse.
6/ But it's still an awful rule. I'll give you three reasons why. (There are more.)
First, it does nothing to accomplish its stated goals. Even if illicit activity was a major problem (it isn't), this won't stop the flow of funds to bad actors or help law enforcement do its job.
First, it does nothing to accomplish its stated goals. Even if illicit activity was a major problem (it isn't), this won't stop the flow of funds to bad actors or help law enforcement do its job.
7/ It doesn't stop VASP customers from transacting with bad guys. It just forces them to pay an extra fee to withdraw to their own wallet first.
It also doesn't give investigators any new information. VASPs already KYC their customers & keep records of transactions.
It also doesn't give investigators any new information. VASPs already KYC their customers & keep records of transactions.
8/ Second, it infringes on US citizens' financial privacy rights.
Today, law enforcement has to subpoena VASPs to get information about customers. VASPs can, should, & often do challenge these.
This rule would force VASPs to hand over that information automatically, every time.
Today, law enforcement has to subpoena VASPs to get information about customers. VASPs can, should, & often do challenge these.
This rule would force VASPs to hand over that information automatically, every time.
9/ Considering the FinCEN Files leak & recent hacks, government hasn't really shown that it's using our information effectively or storing it safely.
Now isn't the time to expand government's warrantless mass surveillance & data collection operations.
coindesk.com/fincen-files-h…
Now isn't the time to expand government's warrantless mass surveillance & data collection operations.
coindesk.com/fincen-files-h…
10/ Third, the rule is vague & ambiguous.
How exactly can a VASP obtain the name & physical address of the owner of a non-custodial wallet? How does someone prove that they "own" a private key? What about non-custodial smart contracts -- who owns them?
The rule doesn't say.
How exactly can a VASP obtain the name & physical address of the owner of a non-custodial wallet? How does someone prove that they "own" a private key? What about non-custodial smart contracts -- who owns them?
The rule doesn't say.
11/ Without a clear path to compliance, it'll be left to the discretion of regulators & prosecutors to decide if a VASP's efforts are "good enough."
We've seen this before: institutions don't know how to comply, so they "de-risk" by prohibiting the uncertain activity completely.
We've seen this before: institutions don't know how to comply, so they "de-risk" by prohibiting the uncertain activity completely.
12/ Put this together & you have the definition of bad regulation.
The rule would impose huge burdens on VASPs, their customers, & society at large, perhaps infringing constitutional rights, without conveying any benefit to government in general or law enforcement in particular.
The rule would impose huge burdens on VASPs, their customers, & society at large, perhaps infringing constitutional rights, without conveying any benefit to government in general or law enforcement in particular.
13/ Substance isn't the only issue, though.
Federal agency rulemaking also has to follow a certain process, one designed so that members of the public, like you & me, can explain why a rule is flawed or how it can be improved.
The process for this rule is entirely out of order.
Federal agency rulemaking also has to follow a certain process, one designed so that members of the public, like you & me, can explain why a rule is flawed or how it can be improved.
The process for this rule is entirely out of order.
14/ The Administrative Procedures Act (APA) requires agencies to provide notice of proposed rules & give the public "an opportunity to participate in the rulemaking through submission of written data, views, or arguments."
The law says these mandates are "not mere formalities."
The law says these mandates are "not mere formalities."
15/ Regular order calls for an agency to accept public comment for at least 60 days for "significant" rules. It can be longer.
FinCEN is giving us 15. At the end of December. With one month left before a new president is sworn in.
There's a name for this: "midnight rulemaking."
FinCEN is giving us 15. At the end of December. With one month left before a new president is sworn in.
There's a name for this: "midnight rulemaking."
16/ Midnight rulemaking implies that an agency isn't giving the public a genuine opportunity to participate in the rulemaking process, but rather trying to force through a predetermined result.
Courts don't take kindly to this. Midnight rules are often struck down under the APA.
Courts don't take kindly to this. Midnight rules are often struck down under the APA.
17/ So, we have an awful rule crafted in a bad process. What now?
To start, we should take advantage of our limited public comment period & make our voices heard loud & clear.
I expect there will be a template comment form with suggested language to make this easy. Stay tuned.
To start, we should take advantage of our limited public comment period & make our voices heard loud & clear.
I expect there will be a template comment form with suggested language to make this easy. Stay tuned.
18/ For my part, I'll be helping @BlockchainAssn evaluate grounds to challenge the rule under the APA. They've hired one of the best lawyers in the country for this.
If you're a crypto company in the US & haven't talked to them about joining, do it now.
If you're a crypto company in the US & haven't talked to them about joining, do it now.
https://twitter.com/BlockchainAssn/status/1340061599030251522?s=20
19/ For everyone else, the best thing you can do to help in the fight for financial privacy & self-custody is to *do it yourself.*
Walk the walk. Learn to protect your own privacy & safely hold your own keys. Run a node. Use products & services that respect these principles too.
Walk the walk. Learn to protect your own privacy & safely hold your own keys. Run a node. Use products & services that respect these principles too.
20/ Most importantly, keep calm & carry on.
Despite today's news, what strikes me most about this situation is how many people stepped up from every corner of our world to push back against this, from industry leaders to members of Congress.
We've become extremely anti-fragile.
Despite today's news, what strikes me most about this situation is how many people stepped up from every corner of our world to push back against this, from industry leaders to members of Congress.
We've become extremely anti-fragile.
21/ Sure, it'd be better if the Treasury Secretary wasn't out to get us.
But if you believe in the future of this technology as I do, you know this is just the beginning of a long, messy, inevitable transition from the old system to the new.
Ultimately, we will prevail.
[end]
But if you believe in the future of this technology as I do, you know this is just the beginning of a long, messy, inevitable transition from the old system to the new.
Ultimately, we will prevail.
[end]
• • •
Missing some Tweet in this thread? You can try to
force a refresh
