Cryptocurrencies are designed to be anonymous or pseudonymous, so there is an inherent tension when protocols come into contact with legal authorities.
In the United States, the blockchain and cryptocurrency sector has been sparring with regulators over the need to comply with Know Your Customer (KYC) and anti-Money Laundering (AML) rules, and even compliance with economic sanctions regimes .
Recently, a top official of the US Commodity Futures Trading Commission (CFTC) suggested in a speech that it behooves the industry to verify the digital identity of its users. The CFTC has traditionally been kind to the crypto sector — at least compared to other US agencies like the Securities and Exchange Commission — so its views may be worth considering.
However, is it possible “for all crypto companies to move away from [digital currency] mixers and anonymity-enhanced technology,” as CFTC Commissioner Christy Goldsmith Romero urged in an April 25 speech?
What about decentralized exchanges? Romero said central parties maintain them and they can do KYC and AML if they want to. But would enforcing compliance risk spurring decentralized finance (DeFi) innovation abroad?
“Certainly, it is possible for companies to move away from anything they want — software does what we tell it to do,” Preston Byrne, a partner at the law firm Brown Rudnick, told Cointelegraph, adding:
“The real question is whether, as a policy issue, the United States wants to cut its businesses off DeFi when DeFi growth explodes abroad.”
Whether crypto protocols must comply with AML/KYC rules and other aspects of the U.S. Bank Secrecy Act (BSA) depends on whether they are “money senders” or “money services companies” under applicable state and federal laws, according to John Wagster, who heads the technology industry team at law firm Frost Brown Todd. But whether they can do that is another matter. He told Cointelegraph:
“Centralized protocols clearly have the ability to implement AML/KYC compliance, albeit at the risk of losing out to crypto idealists who will only use products that allow permissionless, anonymous access.”
What about DeFi projects? “Decentralized protocols can implement BSA compliance, but the individual steps must be approved by the protocol’s DAO — or other governing mechanism — and some aspect of the implementation will likely need to be performed by community members or DAO-authorized service organizations,” Wagster added.
But the BSA isn’t the only potential challenge for crypto companies looking to set up business in the United States; it may not even be the most serious.
All companies must comply with the Office of Foreign Assets Control (OFAC) “to ensure that their platforms are not used by individuals from prohibited jurisdictions,” such as North Korea and Iran, or by specially designated nationals, Wagster said. “However, some aspects of OFAC compliance can be implemented autonomously through the use of third parties such as Chainalysis, which provides free access to the OFAC API.”
Magazine: How to Control the AIs and Empower the People with Crypto
In August 2022, OFAC cleared digital currency mixer Tornado Cash, accusing the agency of laundering more than $7 billion in digital currencies since its inception in 2019. This included more than $455 million stolen by a North Korean state-sponsored hack group. Mixers like Tornado enable anonymous transactions “by obscuring their origin, destination and counterparties, without attempting to trace their origin,” according to the US Treasury Department. OFAC has since banned U.S. companies and individuals from doing business with Tornado Cash.
Some believe that decentralized exchanges can also shut out mixers if they want to. “When the whole Tornado Cash debacle happened, decentralized exchanges like Aave and dYdX were actively blocking addresses that interacted with mixers,” Justin Hartzman, CEO and co-founder of Toronto-based cryptocurrency exchange CoinSmart, told Cointelegraph. As Hartzman further explained:
“While mixers protect users’ identities, it is quite easy to see which addresses have interacted with these protocols, thanks to the transparency of blockchain.”
But even if crypto companies can resist anonymity-enhanced technology, would that be beneficial? Perhaps the preservation of privacy coins and anonymous cryptocurrencies is important worldwide as a counterweight to growing government surveillance.
“The answer to this question is in the eye of the beholder,” Byrne said, adding that the desirability of privacy-enhancing technology is a political one. “I think the goal of crypto is to make this technology so commonplace that it is no longer a political issue because its existence should be assumed.”
Privacy coins and regulations ‘don’t gel’
“If you want widespread adoption, rules are going to be critical,” Hartzman said, adding that “privacy coins and rules don’t make sense.” While he doubts that privacy coins will disappear, their usefulness will likely remain very “niche” and limited, he explained. “Blockchain has never been anonymous and I don’t think it will progress.”
Wagster from Frost Brown Todd, for his part, agreed that there was a fundamental incompatibility:
“Anonymization technology and BSA compliance don’t go together. If a protocol has to be BSA compliant, that protocol cannot allow users to mask their identity.”
Protocols that pursue high adoption by attracting institutional investors are “likely not to defend the use of mixers because their institutional users will not get involved with a platform that is at risk of government enforcement,” Wagster continued. Meanwhile, DeFi lenders that allow anonymization will simply have to conduct business outside of US jurisdiction.
Are ‘mixers’ worth saving?
Is digital identity verification, as demanded by the CFTC commissioner, really such a burden for crypto users, and is it worth fighting for “mixers” like Tornado Cash and Blender?
According to Hartzman, anonymity is not a matter of life and death for the vast majority of crypto users. “Most people just use crypto to make money and trade these radically different and exciting assets.” They don’t use mixers either. “I would say most don’t even know how to use these protocols.” Brown Rudnick’s Byrne added:
“Tornado Cash and Blender are not worth saving in my opinion, although I am sympathetic to the arguments […] that the Treasury Department probably doesn’t, or at least shouldn’t have the power to penalize certain technologies.”
Wagster noted that BSA requirements such as AML and KYC are enforced by the US Treasury Department through the Financial Crimes Enforcement Network, “not the SEC or CFTC.”
Many centralized crypto protocols are likely to embrace AML/KYC/OFAC requirements because they are widely used in traditional finance and “because institutional money managers may have a fiduciary duty to use compliant providers.”
On the other hand, some crypto-native DeFi protocols may want to avoid BSA compliance, Wagster said, because “compliance goes against crypto’s ethos that favors privacy and financial freedom over the government’s desire to prevent money laundering and terrorist financing .”
Mixers aren’t always used for nefarious purposes, either. People living under oppressive political regimes can use these tools to protect their wealth and freedom, CoinSmart’s Hartzman noted, but “the fact is that hackers abuse these protocols to safely steal money from hard-working people.”
Compliance regimes can also vary in importance. KYC/AML compliance may be one thing, but evading sanctions may be another. As Ethereum developer Virgil Griffith’s sad saga illustrated, it’s a surefire way to incur the wrath of US authorities.
“Treasury has been working to expose components of the virtual currency ecosystem, such as Tornado Cash and Blender.io, that cybercriminals use to cover up the proceeds of illegal cyber activities and other crimes,” the Treasury stated in August 2022.
While acknowledging that most digital currency activity is “legal,” the department said cryptocurrencies “can be used for illicit activities, including evading sanctions through mixers, peer-to-peer exchanges, darknet- markets and exchanges, which includes facilitating robberies, ransomware, fraud and other cybercrime.”
Giving regulators what they want?
Would it be a better strategic fit for the crypto sector to give US regulators what they want, which is ID verification? Consumers have been doing it for years for other activities, such as opening a bank account, and if developers don’t like it, they can simply relocate outside US jurisdiction.
“Eventually, some DeFi providers are likely to adopt AML/KYC practices, whether they are required to do so or not, both to avoid unwanted government scrutiny and to attract institutional money,” Wagster predicted. “Others will stay true to their ideological preferences because that is why they got into crypto in the first place.”
Hartzman, based in Toronto, cites Canada’s regulatory approach, which he believes has worked well. “All exchanges must register with the Ontario Securities Commission/Canadian Securities Administrators and undergo rigorous regulatory processes and audits.”
Recent: SEC crackdown on US crypto strike could boost decentralization
However, what is needed in the US is a regulatory framework designed specifically for cryptocurrencies, Hartzman continued:
“It seems that US regulators have still not decided whether cryptocurrencies are securities, commodities or something else. [SEC chair] Gary Gensler’s trainwreck of a hearing pretty much proved that these regulators are behind the eighth ball when it comes to the crypto industry.
Byrne also suggested that US regulators may be arriving too late to the party to do anything violent about the anonymity issue. “While I can understand US regulators wanting to exercise regulatory control, I think the commercial realities beyond our borders will sooner rather than later demonstrate the practical limits of their power.”