1/ After a long wait, FinCEN has finally issued its new proposed rule extending AML regulation to non-custodial wallets.
It could've been worse (really), but it's still a terrible rule in both process & substance.
Here's what it says, what's wrong with it, & what we do next 👇
2/ The rule would impose new obligations on virtual asset service providers (VASPs) like exchanges & custodians.
For deposits & withdrawals > $3k involving a non-custodial wallet, VASPs would have to record the name & physical address of the wallet owner. home.treasury.gov/news/press-rel…
3/ VASPs would also have to report any deposit or withdrawal > $10k to FinCEN in the form of a currency transaction report (CTR).
FinCEN says these requirements are necessary to "combat the financing of global terrorism," "address transnational money laundering...." You get it.
4/ Before now, the Travel Rule only imposed these record-keeping & reporting requirements on transactions from VASP-to-VASP.
Today's proposal follows a global trend of extending AML regulation to transactions from VASP-to-wallet, as we've seen from Switzerland, France, & others.
5/ Let's look on the bright side for a minute.
This doesn't require KYC for every transaction with a non-custodial wallet. It isn't an outright ban on self-custody. It doesn't prohibit the act of using a permissionless network.
It really -- REALLY -- could have been much worse.
6/ But it's still an awful rule. I'll give you three reasons why. (There are more.)
First, it does nothing to accomplish its stated goals. Even if illicit activity was a major problem (it isn't), this won't stop the flow of funds to bad actors or help law enforcement do its job.
7/ It doesn't stop VASP customers from transacting with bad guys. It just forces them to pay an extra fee to withdraw to their own wallet first.
It also doesn't give investigators any new information. VASPs already KYC their customers & keep records of transactions.
8/ Second, it infringes on US citizens' financial privacy rights.
Today, law enforcement has to subpoena VASPs to get information about customers. VASPs can, should, & often do challenge these.
This rule would force VASPs to hand over that information automatically, every time.
9/ Considering the FinCEN Files leak & recent hacks, government hasn't really shown that it's using our information effectively or storing it safely.
Now isn't the time to expand government's warrantless mass surveillance & data collection operations. coindesk.com/fincen-files-h…
10/ Third, the rule is vague & ambiguous.
How exactly can a VASP obtain the name & physical address of the owner of a non-custodial wallet? How does someone prove that they "own" a private key? What about non-custodial smart contracts -- who owns them?
The rule doesn't say.
11/ Without a clear path to compliance, it'll be left to the discretion of regulators & prosecutors to decide if a VASP's efforts are "good enough."
We've seen this before: institutions don't know how to comply, so they "de-risk" by prohibiting the uncertain activity completely.
12/ Put this together & you have the definition of bad regulation.
The rule would impose huge burdens on VASPs, their customers, & society at large, perhaps infringing constitutional rights, without conveying any benefit to government in general or law enforcement in particular.
13/ Substance isn't the only issue, though.
Federal agency rulemaking also has to follow a certain process, one designed so that members of the public, like you & me, can explain why a rule is flawed or how it can be improved.
The process for this rule is entirely out of order.
14/ The Administrative Procedures Act (APA) requires agencies to provide notice of proposed rules & give the public "an opportunity to participate in the rulemaking through submission of written data, views, or arguments."
The law says these mandates are "not mere formalities."
15/ Regular order calls for an agency to accept public comment for at least 60 days for "significant" rules. It can be longer.
FinCEN is giving us 15. At the end of December. With one month left before a new president is sworn in.
There's a name for this: "midnight rulemaking."
16/ Midnight rulemaking implies that an agency isn't giving the public a genuine opportunity to participate in the rulemaking process, but rather trying to force through a predetermined result.
Courts don't take kindly to this. Midnight rules are often struck down under the APA.
17/ So, we have an awful rule crafted in a bad process. What now?
To start, we should take advantage of our limited public comment period & make our voices heard loud & clear.
I expect there will be a template comment form with suggested language to make this easy. Stay tuned.
18/ For my part, I'll be helping @BlockchainAssn evaluate grounds to challenge the rule under the APA. They've hired one of the best lawyers in the country for this.
If you're a crypto company in the US & haven't talked to them about joining, do it now.
19/ For everyone else, the best thing you can do to help in the fight for financial privacy & self-custody is to *do it yourself.*
Walk the walk. Learn to protect your own privacy & safely hold your own keys. Run a node. Use products & services that respect these principles too.
20/ Most importantly, keep calm & carry on.
Despite today's news, what strikes me most about this situation is how many people stepped up from every corner of our world to push back against this, from industry leaders to members of Congress.
We've become extremely anti-fragile.
21/ Sure, it'd be better if the Treasury Secretary wasn't out to get us.
But if you believe in the future of this technology as I do, you know this is just the beginning of a long, messy, inevitable transition from the old system to the new.
Ultimately, we will prevail.
[end]
• • •
Missing some Tweet in this thread? You can try to
force a refresh
3/ Crypto market infrastructure has improved dramatically in recent years.
It's now quite easy for most people to convert fiat into crypto, withdraw any amount to their own wallet, & then do as they wish without restriction or identification, subject only to the consensus rules.
The short answer (not legal advice) is the money probably gets bailed-in just like other deposits at the failed bank & no special dynamics protect stablecoin holders, afaik.
The longer answer requires looking at the relationships between all the parties . . .
2/ First, you have the stablecoin issuer & the bank custodying its reserve; is there anything special here to protect against a bail-in?
Second, you have the stablecoin issuer & the stablecoin holders; is there anything special here to give holders recourse in case of a bail-in?
3/ The best place I can think of to look for insight on these questions is in the terms, conditions, & disclosures of the issuers' whitepapers, user agreements, & attestations (links at end of thread).
1/ My last thoughts on security tokens & then I'll stop triggering everyone trying to shill their STO products here:
I agree it's possible to eke out some efficiencies by putting any financial instrument on a blockchain, & yes, disrupting central securities depositories is neat.
2/ To me, this fits the blockchain use case of "companies can save a few dollars by automating their back office."
That's fine! Nothing wrong with that!
It's just not particulary interesting in the broader context of crypto, & it gives off a very "blockchain, not bitcoin" vibe.
3/ What *is* interesting, maybe revolutionary, is allowing self-custody of financial instruments & exposing them to the composability of open protocols.
The problem is that security tokens are somewhat unfit for these goals, not only due to regulation, but by their very nature.
I'm suspicious of describing "DeFi tokens" as a category.
These tokens have vastly different characteristics & pose varied & complex risks, as do their underlying protocols.
Calling them all "DeFi tokens" both legitimizes the terrible projects & undermines the space as a whole.
I have the same problem with "personal tokens."
Some are just interesting & harmless experiments by people playing with new tech. Others are blatant attempts to raise money by selling investment contracts, reminiscent of ICOs.
The former suffers by association with the latter.
There's something genuinely exciting happening here: the creation of natively digital assets with novel, unique, & diverse (if experimental) properties.
But if we've learned anything in crypto, it's that real innovation begets flawed imitation, which begets fraudulent schemes.
2/ The cabinet includes the Vice-President & the heads of all fifteen executive departments. It gathers often to advise the President on critical issues of national concern.
These days we take the cabinet for granted, assuming it's a standard segment of the bureaucracy.
Not so.
3/ Despite its pivotal role in federal governance for centuries, the cabinet is not authorized or even addressed in the Constitution.
This was not mere oversight. The framers of the Constitution considered & *explicitly rejected* proposals to establish an executive cabinet.
1/ The BlockOne & Nebulous enforcement actions could be the most important moves from the SEC since June 2018, when Bill Hinman said bitcoin & ether aren't securities.
Call me crazy, but I think the SEC believes EOS & Siacoins aren't securities either. That's huge. Here's why.
Not coincidentally, yesterday was the last day of the SEC's fiscal year, which usually means big news.
3/ The SEC has settled a number of enforcement actions against token issuers before now, such as Paragon, Airfox & Gladius.
Still, yesterday's actions break new ground: EOS is the first target with a "top ten" market cap & Sia is the first from entirely before the DAO Report.