Yaya J. Fanusie is the director of analysis at the Foundation for Defense of Democracies’ Center on Sanctions and Illicit Finance. He tweets at @signcurve.
Self-policing illicit activity on the blockchain may soon be a necessity for the cryptocurrency space.
The everyday cryptocurrency enthusiast in the future is likely to spend time identifying illicit wallets and transactions to avoid. The U.S. Treasury Department has made that inevitable.
A few weeks ago, Treasury quietly published additions to its FAQs section on the website for the Office of Foreign Assets Control (OFAC), the unit which oversees U.S. economic sanctions. The language shows that OFAC is planning to include “digital currency” addresses on its Specially Designated Nationals and Blocked Persons (SDN) list.
This would be a big deal.
Banks and all types of businesses are supposed to check the SDN list to ensure they do not provide financial services to people, organizations, and governments which the U.S. has designated as “blocked” due to involvement in terrorism, nuclear proliferation, kleptocracy, human rights violations, and other crimes.
Banks can be legally compelled to freeze any assets they have custody over that belong to those on OFAC’s list, and stop their transactions. The financial penalties for not doing so can be severe. And while most everyday cryptocurrency investors know little about the legalese-laden world of sanctions compliance, anyone running any sort of financial business knows that noncompliance can put you out of business–and potentially, in jail – quick.
Never before has a specific cryptocurrency address or wallet been listed by OFAC, although legal experts have understood for years that sending bitcoins or other cryptocurrencies to anyone on the SDN list is illegal for U.S. persons.
Still, there is a big difference between blocking funds in the fiat banking world and what can be done in the realm of crypto. Peer-to-peer cryptocurrency transactions cannot be blocked or reversed by third parties.
So an OFAC-designated crypto wallet is likely going to bring more scrutiny on the external addresses it transacts with rather than the designated wallet itself.
Some cryptocurrency industry compliance experts argue that digital currency wallet designations could usher in a new era; where tokens get categorized as either clean, tainted, or unknown with regard to their level of association with SDN addresses.
This might cause varying price levels for coins on the same blockchain, with clean tokens valued above those with tainted or unclear origins, and the end of the fungibility that cryptocurrencies have enjoyed since their existence.
One can also expect that blockchain forensics tools will become more valuable and more widely deployed as crypto exchanges aim to lessen the risk of transacting with users with tainted coins.
It's on you
However, the more significant part of a new era arising from financial authorities scrutinizing cryptocurrency addresses is going to be what the cryptocurrency community itself will have to do: Work to prevent illicit transactions on the blockchain.
This is something many in the crypto space do not want to hear.
But in practice, this technical ability has never been a scalable reality given the reach of laws in most jurisdictions relating to financial crime. While evading the impositions of corrupt governments is a worthy goal, the crypto community should recognize that it is morally unacceptable to stay passive while evidence grows that criminals and terrorists are exploiting the community’s freedom.
In recent years, anti-money laundering (AML) compliance experts focusing on the blockchain industry have encouraged cryptocurrency firms to go beyond doing the “know your customer” (KYC) due diligence required of traditional financial institutions and do “know your transaction” (KYT) analysis by leveraging data on the blockchain.
There are multiple startups specializing in such blockchain forensics, serving crypto exchanges along with other enterprise customers like law enforcement agencies and large banks. These companies’ analytic tools are useful for fighting crime, but many voices in the crypto community criticize such tools--which deanonymize financial transactions on the blockchain--for undermining privacy. However, most information from blockchain forensics is not shared publicly. One usually needs to be a corporate or government client to access the data.
But OFAC listing cryptocurrency addresses would raise the stakes of KYT analysis.
It would make it more important for anyone involved in cryptocurrency transactions to verify the “licitness” of the addresses they touch.
And although it is likely that the number of designated addresses would be minimal to begin with (OFAC does not make designations lightly), even the small chance of a sanctions violation brings compliance risk mitigation into the picture for Joe Blow Token Buyer.
An inadvertent transaction with a banned address or an address that has transacted with a banned address would be viewable on the public blockchain ledger, possibly tainting that person’s cryptocurrency wallet as well.
The only way to help everyday users of cryptocurrency navigate the maze of an SDN-laden blockchain platform would be having real-time AML/KYT insight into the funding flows of various wallet addresses. This is not possible under the current environment where blockchain analysis is done in siloes, available just to financial firms and law enforcement.
What’s needed is an open-source platform where illicit activity is flagged and derogatory information is vetted. Call it crowdsourced AML on the blockchain.
I understand this need. As a researcher at a nonprofit national security think tank, I’ve investigated cases of cryptocurrencies and illicit financing, such as bitcoin terrorist funding campaigns in the Middle East. Our team has used free public blockchain explorer websites to analyze donations to these campaigns.
These tools are not as robust as what the government and banks can access with costly specialized machine learning and algorithmic tools. And even if I, through rigorous manual tracking and analysis of blockchain activity, flag addresses I see transacting with a terrorist funding wallet, there is no efficient way to share my findings on a platform so everyday cryptocurrency users could see my “flags,” evaluate their veracity, and stay clear of those addresses, as appropriate.
The industry can help.
Two years ago, I suggested that cryptocurrency experts should set up their own watchdog groups to look out for nefarious activity on the blockchain, similar to how “white hat” hackers flag viruses and other cyber threats. Treasury’s plans make it more important now for the crypto space to build self-policing initiatives.
And besides incorporating OFAC’s blacklist, a public crowdsourced blockchain AML tool could address an illicit finance threat that affects crypto users directly: crypto heists. It would allow victims of ransomware or exchange hacks to voluntarily list their extorted or stolen tokens. While that won’t bring funds back to their rightful owners, it could make moving or stealing coins more difficult and disincentivize cryptocurrency theft in the long term.
Of course, for a self-policing AML platform to work, there would have to be a way to vet listings so that inaccurate and false information is not published. Otherwise, such a tool could be misused to falsely malign addresses, and thus, undermine innocent people financially. But this is more a technical problem to solve rather than a reason to not pursue a better way of doing AML on the blockchain.
The breakthrough of the first blockchain protocol, bitcoin, was in designing a decentralized way to incentivize strangers to compete and confirm the veracity of a global public financial record.
Certainly, with all the attention, time, and money invested in new products and services built off of cryptocurrency tokens, those who are developing this technology should be able to design ways to incentivize keeping the blockchain clean.
Police car image via Shutterstock