You can only transfer money through a bank wire if your bank knows exactly who you are and the receiving bank identifies the intended recipient. There is no anonymity or pseudonymity. Soon, the crypto space, usually known as a place to hide one’s identity, will start looking more like conventional banking.
Last month, the Financial Action Task Force (FATF) proposed updated standards that would require virtual asset providers (VASPs), including cryptocurrency exchanges, not only to verify their customers’ identities, but also to identify the recipients of their customers’ transfers. FATF is an inter-governmental body that sets global standards relating to anti-money laundering and combatting the financing of terrorism (AML/CFT). Last year, it announced that member states would have to start regulating their virtual asset markets and signaled that more precise instructions would be coming in 2019.
FATF is currently reviewing and seeking feedback on some of its draft language, which it will finalize in June. For example, it proposes:
Countries should ensure that originating VASPs obtain and hold required and accurate originator information and required beneficiary information on virtual asset transfers, submit the above information to beneficiary VASPs and counterparts (if any), and make it available on request to appropriate authorities.
In most well-regulated jurisdictions, crypto exchanges already verify their customers’ identities. This new FATF standard would mean that crypto exchanges would also need customers to name any person to whom they transfer funds. Assuming the recipient uses a digital wallet provided by another crypto exchange, the originating exchange will have to give the receiving exchange identifying information on the originating customer.
Many cryptocurrency exchanges will likely try to implement these procedures, but they will face major roadblocks. Thus regulators may not gain the full AML/CFT benefits they are seeking.
First, not all cryptocurrency transfers involve VASPs, especially not at both ends of the transaction. For example, a customer using a crypto exchange wallet might send funds to someone receiving funds at a hardware wallet that is independent of any third-party custodian. If crypto exchanges only allow VASP-to-VASP wallet transactions, they would be eliminating some potential transactions, reducing customer volume, and thus profits.
For crypto exchanges to fully implement the suggested FATF requirements, they might create a system where they only service “approved” wallets. From an AML/CFT perspective, this would seem ideal. It would restrict transactions involving crypto exchanges to identified and vetted individuals, making it harder for illicit actors to use exchange services. This is a textbook solution from the conventional banking system, where regulators can rest assured knowing that criminals have few options for electronically moving high volumes of funds outside of regulated institutions. But cryptocurrency technology is made for person-to-person transfers, with software and hardware available to keep middlemen out of the picture.
As good as an approved wallet system might sound, it will likely push a significant amount of transactions out of the regulated, custodial service provider environment and into spaces where regulators and law enforcement have little reach. As I wrote last year, two crypto ecosystems are evolving; one above board and AML/CFT-compliant, and the other one underground and relatively anonymous. New decentralized exchanges, the experimental crypto trading platforms that usually do not verify customer identity, fall into the latter category, although it is possible to build compliance layers for them. Also, so-called “privacy coins” will likely proliferate more in the unregulated space.
So, regulators must not be overly sanguine about the potential impact of FATF’s changes. Jurisdictions that implement and enforce these new standards will certainly clean up the above-ground crypto space. But the exchanges in jurisdictions that do not enforce them will likely see more business from illicit actors. Such regulatory arbitrage is nothing new. In fact, it results from the crypto marketplace operating almost exclusively online.
Even if the global AML/CFT gains are muted by illicit flows moving to paths of least resistance, U.S. financial authorities can take solace in one fact: the market for virtual assets is still small compared to the global economy. While the crypto space remains nascent and formative, there is an opportunity to consider and map out systems for better managing the illicit risks that will grow larger if the use of digital currencies’ scales up due to technological or market developments.
Much of the gap between the above-ground and underground crypto spaces comes from the tension between privacy and security. Financial policymakers should look at ideas for embedding AML-compliant blockchain-based systems into the banking sector that include measures for optimal (but not fully anonymous) privacy in transactions, as some academic researchers recently discussed. FATF’s update to its standards is just one step. Next, member states will have to develop a plan for dealing with the crypto underground. That playbook probably will not be found in the banking sector, but in deeper study of decentralized platforms. It is time for financial authorities to add more computer scientists to their teams of criminologists, lawyers, and finance experts.
Yaya Fanusie, a former CIA analyst, is a senior fellow at the Center on Economic and Financial Power at the Foundation for Defense of Democracies, a nonpartisan national security think tank.