FinCEN’s Proposed Crypto Wallet Rule Might Hit DeFi

FinCEN’s proposed rule regulating “unhosted” wallet transfers has a number of potential issues, including unintended consequences for decentralized finance.

AccessTimeIconDec 23, 2020 at 8:40 p.m. UTC
Updated Sep 14, 2021 at 10:47 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

A proposal by the U.S. Financial Crimes Enforcement Network (FinCEN) that would require crypto exchanges to collect personal information, including names and home addresses, from individuals seeking to transfer cryptocurrencies into their own wallets is poorly defined and could have widespread repercussions, say a number of regulatory experts.

The proposed rule, unveiled last Friday, would require crypto exchanges to collect this personal information from customers who transfer an aggregate of $3,000 per day to “unhosted” wallets (which are also referred to by FinCEN as self-hosted or self-custodied wallets; crypto users may know them as private wallets or, simply, wallets). Transfers of over $10,000 per day would require the exchange to file a Currency Transaction Report (CTR) to FinCEN, reporting these transactions and the individuals making them to the federal government. 

The proposed rulemaking, which was published in the Federal Register on Dec. 23, has quickly drawn widespread industry backlash, with complaints ranging from the document’s poorly defined terms to the rushed process itself. Comments are due by Jan. 4, cutting what would normally be a months-long public comment period to just two weeks. 

The controversial rule is said to be a personal project of Treasury Secretary Steven Mnuchin, said Jeremy Allaire, CEO of USDC stablecoin co-issuer Circle. It originally was thought to be far more stringent than the final version published last week.

Further, it appears the rule is being jammed through the rulemaking process to ensure it is implemented before President-elect Joe Biden takes office next month, said Nick Neuman, CEO of bitcoin self-storage firm Casa.

The shortened comment period reduces how much time exchanges have to determine whether they need to change their internal processes to remain in compliance, said Amy Davine Kim, chief policy officer of the Chamber of Digital Commerce advocacy group. How exchanges would comply also remains an open question, she said.

“It could also cause these regulated financial institutions to pause transactions involving self-hosted wallets given the extremely short timeframe in which to consider the implications of this rule, while they implement the tools, processes and procedures to implement the requirements,” Kim said.

Vaguely defined

Several key details of the proposed rulemaking have been poorly defined, multiple individuals told CoinDesk. 

Perhaps the most glaring omission: “unhosted wallets,” FinCEN’s favored term for storing one’s own crypto, isn’t actually defined in the proposed rule, both Kim and Seward & Kissel Associate Andrew Jacobson said. 

“Notably, the preface of the NPRM [Notice of Proposed Rulemaking] explicitly discusses ‘unhosted wallets’ as prompting the need for the proposed rule. However, the actual language of the proposed rule does not mention unhosted wallets or define it, making the rule discordant in its explanatory language versus the actual language of the rule,” Kim said. 

Jacobson agreed, telling CoinDesk that while there are “pages and pages of explanation and justification” explaining the regulation and discussing unhosted wallets, the proposed regulation doesn’t actually specify what unhosted wallets are. A review of the document by CoinDesk confirms this.

The actual reporting requirements are also unclear, Allaire said. While names and addresses must be recorded and submitted, the proposed rulemaking doesn’t specify if IP or blockchain addresses are also required. 

Nor does the proposed rulemaking say if financial institutions must collect this information from counterparties, or if the customers can just submit this information, Kim said. 

“Finally, how would the rule treat the CTR aggregation requirements for customers that use multiple wallets? The CTR requirement attaches to the customer, not the wallet,” she said.

‘Breaking’ DeFi

The rule itself is unlikely to impact end users, said Neuman. While there were initially rumors that Treasury’s proposed rulemaking would be far more stringent – potentially going so far as to ban unhosted wallets outright – this would have been far more difficult to implement. 

“What isn’t clear is how the regulated service providers like exchanges will be actually implementing this,” he said. “There’s going to be compliance necessary if the rule passes among exchanges, brokers, other custodians, they’re going to have to implement this in one way or another and how they implement this will be important to what the user experience is like.”

Exchanges might need to whitelist individual wallet addresses to ensure funds aren’t sent to a wallet without the required personal information, he said.

One area that does seem likely to be impacted is decentralized finance (DeFi). Multiple people told CoinDesk the proposed rule’s biggest – and most unclear – impact would be on DeFi projects.

For one thing, many DeFi projects rely on smart contracts to store or escrow funds. Users engage with, say, Compound by connecting their MetaMask wallet to the lending platform. Subsequent transactions are reflected in the wallet itself, and unique to the user’s holdings. 

Plus, these smart contract-powered platforms don’t have physical addresses, nor are they necessarily operating under the auspices of an actual company. In short, Uniswap would persist if Uniswap’s founders were arrested.

It is unclear how such DeFi platforms would be treated under FinCEN’s proposed rule.

“Since smart contracts do not have a name or physical address, they may be unable to interact with the U.S. financial system,” Kim said. 

Also, smart contracts don’t necessarily have counterparties, Allaire said. If a business is trying to send a large payment independently using crypto, it would need the counterparties’ names and addresses. Institutional investors providing liquidity to a DeFi platform would presumably not be covered by such rules.

This could throw an entire segment of the blockchain industry into a legal gray area, the Digital Chamber’s Kim said. 

“Treasury should not impose a rule that could have a deleterious impact on this promising area of development without understanding the benefits to innovation,” she said. 

“What if you want to send to the Compound protocol? There is no name and address, it’s a market,” Allaire said. “It could create a situation where the only way to use DeFi protocols is to be outside the U.S.”

This could even affect the Eth 2.0 staking contract, he said. To stake on the next iteration of the Ethereum blockchain, users must send 32 ETH to the smart contract, or about $20,000 – well over FinCEN’s limits.

“The vagueness of the rule also calls into question whether funds that were used in DeFi would or could be accepted if a user attempted to move those funds to a ‘hosted’ wallet,” Kim said. 

Privacy concerns

Allaire noted the FinCEN rule raises new questions about privacy and how government regulators are approaching privacy concerns for digital cash. If exchanges are required to submit blockchain addresses, physical addresses and names to the agency, the federal government might be able to essentially track an individual’s digital activity.

This differs from how physical cash is treated, he said. 

“When you walk out of a bank, they can report you did that but they can’t track you,” he said. “There’s a massive amount of personally identifiable information that’s about to start getting blasted around the world.”

Moreover, the rule could prove counterproductive to FinCEN’s actual mission of tracking malicious actors, Jacobson said. While the new reporting requirements might drive bad actors away from U.S. exchanges, it’s likely they’d just set up shop at an offshore platform.

“In some ways that isn’t a bad thing but could hurt FinCEN’s regulatory objectives because they won’t collect [that data],” he noted.

The number of issues raised by the proposed rulemaking should mean the comment period should be extended and that the Treasury Department engages with industry participants, Allaire said.

Kim noted the Customer Due Diligence Rule for banks took more than four years to implement, and saw an advanced notice of proposed rulemaking as well as extended conversations with the industry.

Advocacy groups and companies such as Coinbase have already begun preparing comment letters responding to FinCEN’s proposed rule.

Coin Center even set up a module to streamline the process for the general public to weigh in. 

“If we don’t take the right approach the U.S. could end up significantly hamstrung versus other areas of the world in terms of development and innovation,” Casa’s Neuman said. “We definitely don’t want that to happen so it’s up to us to make sure.”


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.