Amidst the regulatory blitz of President Biden’s first few weeks, the Financial Crimes Enforcement Network (FinCEN) quietly took further steps to regulate cryptocurrencies. While the White House was busy freezing all other pending rules, FinCEN was moving forward with the extension of a new rule that would require banks and money services businesses (MSB’s) to record and disclose the identities of individuals involved in crypto transactions. Although the proposed rule only targets transactions over $10,000, it nevertheless represents an existential threat to cryptocurrencies as we know them, and has prompted outrage from the crypto community.
In order to understand the magnitude of this regulatory change, it is useful to have an understanding of cryptocurrencies and the mechanics that underlie them. In the simplest terms, cryptocurrencies are a decentralized, virtual alternative to traditional currencies like the dollar that are controlled by central banks. Using crypto, individuals can store value and transact anonymously outside of government controls. In general, all of this is backed by a publicly distributed ledger of transactions typically held in a blockchain. Because the public ledger is both decentralized and anonymized, cryptocurrencies are an incredibly secure means of transacting digitally.
Since cryptocurrencies are a theoretically untraceable and decentralized means of digital transaction, it naturally follows that they would be used by malign actors for illicit purposes. Indeed, cryptocurrencies like Bitcoin have been used for everything from petty fraud to weapons trafficking. They have also become a favorite for hackers looking to cash in on ransomware like the infamous WannaCry attack. Unfortunately, as is too often the case, financial regulators are using these incidents to further regulate cryptocurrencies under the guise of “substantial national security concerns.”
Americans should have learned by now that anytime “national security” is the sole justification for any action, we ought to take a moment to consider the wider implications.
In short, FinCEN’s proposal is using a sledgehammer to drive a nail. To begin with, the proposed rule greatly overstates the problem of illicit cryptocurrency transactions. As we outlined in our formal comment on this docket, detailed analysis by Chainalysis showed that a mere 1.1 percent of crypto transactions in 2019 were associated with criminal activity. This is backed up by the 2017 testimony from Deputy Assistant Secretary Jennifer Fowler of the Office of Terrorist Financing and Financial Crimes. As she told the Senate Judiciary Committee; “Although virtual currencies are used for illicit transactions, the volume is small compared to the volume of illicit activity through traditional financial services.”
While the use of cryptocurrency for illicit transactions is a significant issue, it is clearly not as dire as FinCEN would have you believe. On the contrary, our financial regulators are making a mountain out of a molehill in an effort to justify their power grab. This is supported by the fact that FinCEN first attempted to promulgate this rule by abusing emergency authorities under the Bank Secrecy Act. In a brazen attempt to sneak this rule past stakeholders at the midnight hour, the notice was published two days before Christmas and allowed for only a 15 day comment period.
Beyond these procedural issues and a general lack of transparency on the part of FinCEN, this proposal presents very real concerns for the security of personal financial information. Requiring both hosted and unhosted crypto wallets to record and disclose personal identifying information (PII) would eliminate the anonymity that gives cryptocurrencies much of their security. In doing so, FinCEN opens up the possibility of bulk financial data collection where it would currently be unimaginable.
In order to comply with this proposed rule, banks and MSP’s would be required to maintain a database of PII for all of their clients. Armed with both the identifying data and the public ledger, both federal regulators and sufficiently savvy hackers would be granted unprecedented bulk access to Americans’ financial information. Currently, most cryptocurrencies are specifically designed to prevent this type of a security breach, relying heavily on the anonymity of wallets to protect users. Given our federal government’s horrendous track record when it comes to dragnet domestic surveillance, the fact that federal regulators are seeking another tool for bulk financial data collection is worrisome.
Fortunately, citizens and stakeholders were paying attention the first time around, and this docket garnered over 7,000 public comments in spite of the Christmas and New Year’s holidays. Hopefully, now that the docket has been reopened, even more Americans will stand up to FinCEN and urge them not to neuter cryptocurrencies as we know them.