Over the last few weeks, the U.S. Financial Crimes Enforcement Network, or FinCEN, has been inundated with 7,477 angry comments about a rule change it proposed just before Christmas. “Impressive ineptitude," says one anonymous commenter, while another writes, "touch bitcoin and you will feel the wrath u moneygrabbing pric [sic]."
What's at stake? Up till now, exchanges like Coinbase haven't bothered to de-anonymize the non-custodial wallet owners that either send cryptocurrency to exchanges or receive cryptocurrency from exchanges. In effect, if you had a few thousand dollars in bitcoins in a paper wallet, Coinbase wouldn't ID you if you transferred those bitcoins to a Coinbase account.
FinCEN – a bureau of the US Department of the Treasury that defines rules for combating money laundering – has proposed changing this. U.S. cryptocurrency exchanges and other financial institutions dealing in cryptocurrency would be required to start collecting information about owners of non-custodial wallets. (FinCEN refers to these as unhosted wallets). This means less privacy and an end to seamless deposits or withdrawals.
But the 7,477 letter writers aren't only upset about reduced usability and less privacy. They also claim the rule is unfair. Square's Jack Dorsey says the rule "creates a double standard between them [cryptocurrency transactions] and legacy cash transactions that occur between financial institutions and individuals." Kraken, a U.S.-based cryptocurrency exchange, claims the rule "shatters parity" among money service businesses.
I sympathize with many of the concerns aired in the 7,477 letters. The new rule forces owners of self-hosted cryptocurrency wallets to give up vital personal data. Financial institutions will have to build expensive systems to collect and store this information. And to boot, the rule proposal was issued with just 15 days for public comment, much of this over Christmas and New Year's. (Proposed rulemakings usually come with at least 30 days to respond).
But I disagree with claims about unfairness. Cryptocurrency is inheriting the same regulations that already apply to other forms of money transfer.
A key part of FinCEN’s Dec. 23 proposal is a new recordkeeping requirement. All U.S. financial institutions dealing in cryptocurrency would have to keep records on unhosted cryptocurrency transactions in excess of $3,000. This would mean collecting and verifying the name and address of anyone who wants to transfer more than $3,000 in cryptocurrency onto an exchange from a self-hosted wallet, and also the reverse of that, collecting names and address of owners of unhosted wallets to which withdrawals of more than $3,000 are made.
This isn’t a new thing. Since 1996, FinCEN has required money transmitters like Western Union and MoneyGram to abide by a $3,000 recordkeeping requirement. The rule proposed in December would extend this to money transmitters like Coinbase that transmit cryptocurrency.
Let me illustrate. Say that a stranger walks into a Western Union outlet with $3,000 cash and asks the agent to transmit it overseas. The Western Union agent is required to ID that stranger and keep a record of the transaction. This obligation arises from a FinCEN recordkeeping requirement that all money transmitters collect and verify personal information from transmittors other than established customers for any transaction above a $3,000 dollar threshold.
Now let’s translate this rule into the cryptocurrency space. A stranger walking into a Western Union outlet with $3,000 cash is just like an anonymous unhosted wallet owner requesting Coinbase to transmit $3,000 in bitcoin to a Coinbase account. If Coinbase and Western Union are to be held to the same standards for dealing with transmittors other than established customers, then Coinbase should also have to collect information about the owner of this unhosted wallet.
The same applies to payouts from exchanges. When Coinbase is asked to make a withdrawal to an anonymous unhosted wallet, this is the equivalent of Western Union being ordered to provide cash to a stranger who is waiting at the counter. The law already requires Western Union to collect and verify personal information from recipients other than established customers for all transactions above $3000. Shouldn't Coinbase also be required to ID recipients that are not established customers?
Cryptocurrency fans can take at least some comfort that FinCEN’s new rule would treat cryptocurrency transactions with a lighter touch than traditional fiat transfers. In an earlier October 2020 proposal, FinCEN suggested that the 25-year old recordkeeping threshold be reduced from $3000 to $250. So a stranger who visits Western Union wanting to send $250 would now have to be identified, where before the trigger point was $3,000.
Luckily, FinCEN does not intend to apply this stricter $250 threshold to cryptocurrency transactions. Exchanges like Coinbase that deal in cryptocurrency would be subject to the separate, and looser, $3,000 recordkeeping threshold proposed on Dec. 23. This lighter touch makes sense. From a money laundering perspective, cryptocurrency is not as risky as fiat.
Earth to FinCEN: 'We care about privacy'
Fair or not, the rule won’t stop cryptocurrency users from feeling furious. FinCEN is well aware of this. From 2008 to Dec. 22, 2020, the day before it issued its unhosted wallet rule proposal, it received 3,724 submissions from the public in response to its rules and notices. A typical proposed rule change might have attracted 50 lawyerly responses. The 7,477 comments that have been lodged since Dec. 23 represents 67% of all public responses FinCEN has ever received!
Many of these comments mention privacy. FinCEN and other regulatory agencies that implement anti-money laundering rules have historically given short shrift to privacy concerns. The explosion of comments is a stern reminder the public cares about this issue. And while this probably won't stop the extension of existing money laundering law into crypto, it may start to affect the discussion about thresholds.
When FinCEN discusses the level at which to set thresholds (such as the $3,000 threshold for recordkeeping), it is trying to balance a number of conflicting concerns. These include its duty to fight the crime of money laundering, the administrative burden faced by the private sector, and the impact on financial inclusion. If thresholds are too strict, financial institutions will find them too costly to implement, and vulnerable members of society will be excluded from making payments. Too loose and FinCEN is not doing its job of stopping money laundering.
The 7,477 angry comments will oblige FinCEN to consider, perhaps for the first time, financial privacy in its decision about where to set thresholds. Why a $3,000 recordkeeping threshold? Might not privacy concerns merit a $5,000 trigger? Personal privacy should not only be a factor in setting cryptocurrency thresholds. What about the $10,000 threshold on cash transaction reporting, or the new $250 ceiling faced by money transmitters like Western Union?
I have no idea how FinCEN will react to the public’s response. But one thing is for sure. They have a lot of reading to do.