Jake Chervinsky, general counsel at Compound Labs, and Kristin Smith, executive director of The Blockchain Association, talk about the storm brewing in the cryptosphere involving self-custody and privacy. In this episode, they cover:
- the differences between hosted and self-hosted wallets and how transactions between them differ
- why the ability to transact from self-hosted wallets is so important
- compliance and regulation in the traditional financial world and how it could affect self-custody
- the “Swiss rule” and what it could mean for the rest of the world
- the proposal by FinCEN to lower the threshold for collecting data on transactions from $3,000 to $250
- how regulators might achieve their goals without “dragnet” surveillance
- how the amount of crime and money laundering in the traditional financial system compares to that in the crypto world
- why OTC brokers are considered the most significant money laundering risk in crypto, and how that risk might be mitigated
- how different political environments can influence the value of peer to peer transactions
- whether Americans should be willing to give up some of their financial privacy in favor of security
- what the recent statement by the DOJ’s cryptocurrency enforcement framework labeling anonymous transactions as “high-risk activity indicative of possible criminal conduct” could mean for privacy coins like Monero and Zcash
- Gary Gensler’s appointment as head of Biden’s financial policy transition team and whether to view it as a positive or negative for crypto
- whether they think the incoming Congress will be in favor of more surveillance or more privacy
- whether there might eventually be regulations for developers who write code for self-hosted wallets
- how potential rules regarding self-custody could affect non-monetary items like NFTs
- and the next big developments they are watching out for regarding this issue
Thank you to our sponsor!
Episode links:
Jake Chervinsky: https://twitter.com/jchervinsky
Compound Labs: https://compound.finance
Kristin Smith: https://twitter.com/kmsmithdc
The Blockchain Association: https://theblockchainassociation.org/
https://twitter.com/BlockchainAssn
Coin Center commentary on lowering FinCEN threshold: https://www.coincenter.org/app/uploads/2020/10/Coin-Center-Comment-FinCEN-FRB-250-threshold.pdf
Unchained episode about the FATF travel rule: https://unchainedpodcast.com/why-the-travel-rule-is-one-of-the-most-significant-regulations-in-crypto/
The choice of Gary Gensler to lead the financial policy transition team:
https://www.wsj.com/livecoverage/trump-biden-election-day-2020/card/peMRHGPJasECSPLezSFx
https://www.coindesk.com/biden-confirms-gary-gensler-will-lead-financial-policy-transition-team
Shapeshift delists Zcash: https://www.coindesk.com/shapeshift-delists-privacy-coin-zcash-over-regulatory-concerns
Jessie Liu interview on Unchained: https://unchainedpodcast.com/what-you-need-to-know-about-the-dojs-cryptocurrency-enforcement-framework/
Transcript:
Laura Shin:
Hi everyone, Welcome to Unchained, your no-hype resource for all things crypto. I’m your host, Laura Shin, a journalist with over two decades of experience. I started covering crypto five years ago, and as a senior editor at Forbes was the first mainstream media reporter to cover cryptocurrency full-time. Subscribe to Unchained on YouTube, where you can watch the videos of me and my guests. Go to youtube.com/c/unchainedpodcast and subscribe today.
Crypto.com – the crypto super app that lets you buy, earn and spend crypto – all in one place. Earn up to 8.5% per year on your BTC and more than 20 other coins. Download the Crypto.com app now to find out how much you could be earning!
Laura Shin:
Today’s topic is the potentially brewing fight over self-custody and privacy in the crypto space. Here to discuss are Jake Chervinsky, General Counsel at Compound Labs, and Kristin Smith, Executive Director of the Blockchain Association. Welcome, Jake and Kristin.
Kristin Smith:
Thanks, Laura.
Jake Chervinsky:
Hi, Laura. Thanks for having us.
Laura Shin:
So, the topic for today’s discussion stems back to…or rather the inspiration for this episode stems back to a tweet storm by Jake last month, in which you said that because crypto has natured there’s now anti-money laundering regulations that could be coming to crypto, and that could happen potentially in a way that infringes on users’ ability to custody their own digital assets and transact privately. So, this is just the background, but before we actually dive into the meat of today’s topic, I really think we need to define some basic terms for people so they understand how this all works and why some of these technical terms are important, so let’s just start with the definition of a self-hosted wallet and how it’s used, and then how that differs from a hosted wallet.
Jake Chervinsky:
Sure. So, I can take that. A self-hosted wallet, I think the best way to think about it is, it’s just a default Bitcoin or cryptocurrency address, so what it means is the user of a cryptocurrency has their own private key. They are able to control their assets. They decide whether to send or hold their assets in their own wallet. A custodial, or a hosted wallet, on the other hand, is when a person’s private key is managed by a trusted third party, like an exchange or a custodian, where the user who actually owns those digital assets, that Bitcoin, or some other crypto asset, has to rely on that third party in order to send or get back their assets whenever they want them, so they’re relying on a trusted third party.
Kristin Smith:
I would also add that people in government will refer to self-hosted wallets as un-hosted wallets. We just prefer the term self-hosted wallet.
Laura Shin:
Oh, interesting. And some good examples of self-hosted wallets would, for instance, maybe a Ledger, or a MetaMask, or a Blockchain.com wallet, whereas a hosted wallet would be using, for instance, something like CoinBase, or Square Cash App, or just pretty much any exchange, like Kraken or Binance. Is that correct?
Jake Chervinsky:
Yeah, I think that’s right. I think the question is just who has the private key that gives you the ability to transact in that crypto asset, so even something like a paper wallet where you literally print out your own private key is kind of like a self-hosted wallet. The wallets that you described are more like wallet software, so something like Samurai, or Wasabi, or MetaMask those are wallet software applications, whereas a self-hosted wallet I would consider even being a paper wallet or something where you print it out or have your private key in a hard copy.
Laura Shin:
And then can you just walk me through what a transaction looks like between, for instance, two self-hosted wallets versus two hosted wallets, and then maybe like a mixture between a self-hosted wallet and a hosted wallet, and then even…like I know that you guys are coming out with some materials in which you even compare some of these transactions to credit card transactions, so I’m curious to just hear you walk through these examples, and then how one of these, in particular, is similar to doing something like a credit card payment.
Jake Chervinsky:
Yeah, I think from the user’s perspective it will feel fairly similar. So, when you conduct a transaction using Bitcoin, or another digital asset, what you do is you specify two pieces of information. One is the receiving address, so where are you sending the asset to, and the second is what is the amount of the asset that you’re going to send, right, so you might send 0.1 Bitcoin to some particular Bitcoin address. The difference is, with a self-hosted wallet you will sign the transaction yourself, using your software, and you will upload that transaction to the Bitcoin mem pool where it can then be mined by a miner, added to the blockchain, and then the transaction will be validated, whereas with a hosted wallet really what you’re doing is you’re giving an instruction to the custodian who as the private key to make that transaction on your behalf, and you’re trusting that they will in fact process the transaction the way that you specify, but of course they could decide not to, or they could get it wrong. So, the question is really, are you the user processing the transaction yourself using your private key, or are you asking somebody else to process that transaction for you?
Kristin Smith:
And I think this is very similar. I mean, the analogy that we use when we talk to policymakers because policymakers like to think in analogies, is that a self-hosted wallet…a self-hosted wallet transaction is very much like cash. It’s like me opening up my wallet, taking a five-dollar bill, and handing it to Jake. He puts it inside his wallet. That’s all you need, right. You don’t need any sort of third party to validate that you have the cash. The fact that you have it, hold it in your hand and pass it over that is the transaction. That’s very different than if I go buy a sandwich down the street with my credit card. There are several intermediaries in between that need to have information about the transaction before it’s verified and completed, and so I think that as we think about the role of cash in society, being able to have transactions with self-hosted wallets is really important for a lot of different reasons that we can get into on this show.
Laura Shin:
Well. Yeah, why don’t we talk about those now? What are the benefits?
Kristin Smith:
Well. Privacy is one benefit. Not having…if you look at China, and some of the systems that they’ve built out, they see every single minor transaction between every single person, and then they do profiles based on top of that. That’s not great. I think there are a lot of businesses who deal with cash who might be serving customers that don’t have access to the traditional financial services system, and so cash is a fairly low-cost way of transacting because there aren’t fees associated with it, but also individuals often have need for privacy. They might be purchasing something that’s embarrassing, or purchasing something that they fear if other people knew that they would be, maybe, in trouble with their job, or something like that, or there might be a healthcare expenditure that somebody wants to keep private, and so by not having a financial record that preserves individual’s privacy.
Jake Chervinsky:
Yeah. I think this strikes directly at the core principle of what Bitcoin is all about, right. The concept of Bitcoin is that you do not need to rely on a trusted third party in order to have access to basic financial services or to be able to hold a store of value. The reason that this is so important is because if we have a world that is completely intermediated, meaning you always have to rely on some third party in order to hold your assets for you or process your transactions for you, that makes you susceptible to all kinds of attacks and other vulnerabilities in that financial system. This is honestly less of an issue in the western world, where we have a pretty good financial system. Our banks are pretty reliable. PayPal works pretty well, but in a lot of other places in the world where the banks aren’t so reliable, it’s really important for people to be able to have financial autonomy and to be able to hold their own value without relying on third parties that, frankly, are not very trustworthy, and the other aspect of this is not having to rely on those intermediaries is simply what makes this technology better than the legacy financial system, right.
So, if you want to send a transaction to somebody else on the other side of the world you don’t have to wait for the banks to open, you don’t have to go through the many different layers of intermediaries that it requires to process a wire transfer, for example. You don’t have to pay those transaction fees. All of this depends on people being able to control their own assets and not having to rely on those intermediaries in the process, so this really is the core of what Bitcoin is all about and what we’re doing here.
Laura Shin:
And so, I actually also, before we continue on discussing this, just want to ask about a few nuanced types of transactions involving hosted/self-hosted wallets. So, what does it mean when we have a company, like Coinbase, that typically offers hosted transactions…what does it mean when they offer something like a self-hosted wallet?
Jake Chervinsky:
So basically, what it means is they’re providing software that a user can use to hold their own assets, and the user will not have to rely on that trusted third party, like Coinbase or somebody else, in order to process those transactions, so basically what that means is, the user is the only one who has the private key that gives them the right to control those assets, whereas in the hosted wallet context a third party has the private key. Maybe they exclusively have the private key and the user is simply relying on them, depending on them, trusting them to do what the user says, so the difference is all about who has custody and control of the assets.
Laura Shin:
And then just to also fill out the universe of different types of crypto transactions, so we did mention exchanges as being another example of a place where you would be transacting in a hosted way, and then what about with OTC brokers, over the counter brokers? Would those be considered transactions using a hosted wallet as well, and if so, how do the privacy levels differ with those transactions versus at a hosted wallet, or are they exactly the same?
Jake Chervinsky:
It depends on the broker. There are OTC brokers who do it different ways. Some of them do have hosted wallets, and if you’re a client then you have to actually deposit your crypto with them, so they will actually control the private keys and they’ll be the ones who process the transactions when there is a trade between their customers. Some of them are non-custodial, so all they’re doing is matching up buyers and sellers, but then the buyers and sellers are processing the transactions themselves, so it depends on how the OTC broker does it. There are multiple ways of doing it.
Laura Shin:
Okay, so then let’s now draw out the picture of what compliance, and or regulation looks like for transactions in the traditional financial world just so people get a picture of what it is that you’re seeing may come to the crypto space. If somebody does a transaction using a third party in the traditional financial world, such as a bank, or a stock exchange what kind of compliance or regulatory activity takes place around those transactions?
Kristin Smith:
Yeah, so there are a couple of different things, and Jake you can add to this list, but most importantly traditional financial services have know your customer requirements, so anyone who has an account with that institution would have to fill out information about themselves. Also, when you’re going through…between the world of cash and getting into a traditional financial institution, there are reporting requirements and limits around how much cash you can move at different times, so the government will have an insight into when you’re trying to get in and out, and all of this sort of stems from this…the big Secrecy Act, the purpose of which is to give the government insight into what transactions are happening so that they can go…pursue, illicit activity in that space, but Jake might have some additional items to throw in.
Jake Chervinsky:
That’s exactly right. I mean, just to give sort of the legal side of this, the institution that the customer is using to process the transaction is known as a regulated financial institution that is required to have an anti-money laundering, AML compliance program, and for most purposes the AML compliance program will include usually five different elements, and some of it the customer never sees, so things like having a designated compliance officer that is responsible for compliance, that’s required. Having internal controls to capture any types of fraud or other issues is required. Having an employee training program is something that these financial institutions have to do to train their employees about identifying red flags that might look like money laundering or terrorist financing, and then there are, as Kristin just said, record keeping, reporting, and customer identification requirements.
So, these financial institutions have to know who their customers are, they have to collect certain information about the transactions that their customers are trying to conduct, and then sometimes they are required to report details about those transactions to the government. Sometimes that’s based on the amount of the transactions, so transactions that exceed a certain US dollar value have to be reported. Sometimes it’s about the nature of the transaction if it’s suspicious. So, if the institution has some reason to believe that the transaction is involved in some criminal activity then they’ll have to report back to the government.
Laura Shin:
All right. So, now let’s turn to these proposed, and perhaps in some of these cases existing regulations that could affect self-custody. In May 2019, FinCEN, the Financial Crimes Enforcement Network here in the US, published guidance on how its regulations applied to cryptocurrency businesses. What do those guidelines say when it comes to this particular issue?
Kristin Smith:
And Jake, feel free to jump in as well. So, those guidelines provided…so there’s been two sets of FinCEN guidance, but the guidance from last year did have some positive news for self-hosted wallets in there, which again they call un-hosted wallets, and at the time it said that un-hosted wallets don’t need to register as many services businesses with FinCEN, so the money services business is the entity that is…it’s roughly equivalent to what we refer to as VASPs in the international context, Virtual Asset Service Providers, and so that was an important victory at the time, but we are now starting to see some discussion that could sort of threaten the flow between the two worlds, but that, to me, was the most important part of that guidance.
Laura Shin:
Jake, did you want to add anything?
Jake Chervinsky:
No. I mean, that’s exactly right. FinCEN has done a very good job of drawing the line between who regulated money services businesses are and what types of entities in the crypto ecosystem are not actually performing money transmission services such that they’re subject to the law, and Kristin knows a great explanation of last year’s, May 2019, guidance.
Laura Shin:
Okay. Yeah. Well. So, shortly after that, in June 2019, the Financial Action Task Force, which is a global organization, published its guidance for a risk-based approach to virtual assets and virtual asset service providers. How did this guidance differ from the FinCEN guidance?
Jake Chervinsky:
I wouldn’t say it necessarily differed, and it’s also important, maybe, to step back for a second and explain the difference between an entity like FinCEN and one like FATF. FinCEN is a bureau of the US Treasury Department. It’s responsible for administering the Bank Secrecy Act, which is the US law of governing anti-money laundering compliance, so FinCEN is actually responsible for rulemaking around how regulated financial institutions can comply with that law. FATF, on the other hand, is not an administrative body. Instead, it’s an international standard-setting body that makes recommendations about what its member jurisdictions should do with the implementation of their own laws, so basically what FATF does is every year it makes recommendations about what a good global industry standard would be for anti-money laundering regulations, and actually, I think that what the FATF said last June and what FinCEN has been saying is really quite consistent, which is that at this point the law in the US, and also in most jurisdictions, does not require any software providers, that is any developers that are providing self-hosted wallet software, to comply with anti-money laundering regulations.
The reason for that is because the regulations apply, like I said before, to financial institutions that are processing transactions on behalf of their customers, not to individuals who are processing their own transactions, and the FATF agreed with FinCEN that the current laws don’t apply in the context of those self-hosted wallets where people are processing their own transactions. However, what the FATF did was they flagged self-hosted wallets as a potential money laundering and terrorist financing risk that might require some further analysis by its member jurisdictions to find out whether perhaps the law should be changed so that there should be new regulations for those self-hosted wallets, and that was really one of the first times that we’ve heard any signals from regulators, either in the US or globally, that there is concern about people who are holding their own digital assets and processing transactions on their own behalf.
Kristin Smith:
Yeah, I think the fact that…FATF, again, is an…they meet on a regular basis. They issue reports on an ongoing basis, and guidance. And what was particularly troubling was, again, they didn’t require that any of the nations that participate in FATF take these steps, but they suggested that if there is concern that there are a couple of tools that could be considered in order to kind of help prevent concerns around illicit finance, and one of those is banning or denying licensing platforms if they do allow transactions with self-hosted wallets. Another would be introducing volume limits on peer to peer transactions in general, or mandating that transactions occur with a VASP or other type of financial institution, and so again, they weren’t saying…they weren’t recommending these, but they were throwing them out there as possibilities.
As we look at this it’s worrisome that if nations around the world start to implement some of these what we’re going to see is a bifurcated world where we have one world of the self-hosted wallets that can only interact with another, but there’s no way any interaction with hosted wallets. We also worry that because any sort of, even just, limits will be very difficult to comply with that what we’ll see is that the hosted wallets and the exchanges that are associated with them will just stop allowing transactions to self-hosted wallets. So, definitely concerning that they’re out there, and I think that the compliance with these types of solutions, if they were to be required would be so difficult that it would really, as I said, create two different worlds.
Laura Shin:
And one other thing, and I’m not sure if this is a suggestion or if this was a proposal, but I also saw that I believe, this FATF guidance either recommended or floated the idea that VASPs should get the customer info of any sender of a transaction from a hosted wallet from the customer themselves. Was that something that they recommended, or just an idea that they were floating?
Jake Chervinsky:
I interpreted that as an idea not necessarily a firm recommendation. I mean, at this point I think that the FATF is sticking pretty strictly to the idea that regulations apply to VASP to VASP transactions, meaning from one hosted wallet to another hosted wallet, and the idea is that VASP should understands who owns these funds, where they’re going, who they’re being sent to, where the funds originally came from, what is the purpose of the transaction to the extent that they can determine that so that they can comply with those reporting requirements we were talking about before, right, if there is some suspicious activity so that the VASP can report that to the right authority.
Sometimes it’s hard to get all of that information in a crypto world, and there’s been some difficulty for the VASPs in figuring out how to gather all of that information that in a traditional financial system is really easy to collect because it’s been done for decades, and it’s pretty easy to track how funds have moved through regulated financial institutions as opposed to the crypto world where funds, perhaps, were jumping through self-hosted wallets for any number of hops before they arrive at a VASP, so I think that the FATF and its members are all just thinking about how do you address that kind of situation where it’s harder to collect the information that typically is very easy to collect in the traditional financial system, but the FATF is very careful about differentiating between ideas that it’s exploring, versus standards that it is recommending for its members, and I think that’s what we saw in the June 2019 12-month review was, a lot of ideas and thoughts about what might come in the future and really holding off on making any firm recommendations at this point.
Laura Shin:
One other thing to come out of this was that the different countries following this guidance can implement the standards as they like, and Switzerland has come up with something called the Swiss Rule. How does the Swiss Rule differ from how most countries are implementing the FATF guidelines?
Jake Chervinsky:
Yeah, so I’ll…not to hog the limelight here, but I’ll take the first shot at that. Like I said, in general, AML regulations only apply to transactions between regulated financial institutions. The Swiss Rule goes further than that. The Swiss Rule basically says we are going to require financial institutions not only to collect information about transactions between customers’ accounts at regulated institutions, but also customers’ transactions with self-hosted wallets, so what the rule says is, in order for a financial institution to allow a withdrawal of crypto to a self-hosted wallet, or to allow a deposit of crypto from a self-posted wallet the institution must verify the beneficial owner of the self-hosted wallet, and to sort of step out of the legalese and tell you what that really means. What it means is, if I am a customer of one of those financial institutions and I want to send some Bitcoin from my account at an exchange to my Ledger hardware wallet I would have to prove to the exchange that I am actually the owner of the ledger hardware wallet that I want to withdraw those assets to, and the problem is it’s really hard to prove that my ledger hardware wallet belongs to me, right. What am I going to do, show a receipt that I purchased it, send a picture showing that it’s still in my possession, I didn’t give it to somebody else? So, this has then become a very complex and difficult standard to meet, and the result of that is, in essence, at least as I understand it, Swiss financial institutions have simply refused to allow any transactions with self-hosted wallets because it is just too complicated to figure out how to comply with that rule, so at this point, we have this bifurcated market, that Kristin mentioned, in Switzerland where you have some crypto on exchanges, or with custodians in this regulated financial institution world and that crypto can move around between those financial institutions but it can never move off of that walled garden into a self-hosted wallet, and similarly, any crypto that is in the self-hosted world, right, that people have self-custody of, that they’re moving around through their own transactions on the blockchain, they can never get those assets into the financial institution world.
Laura Shin:
Yeah. That somehow seems untenable to me, but I’m not a regulator. So, one thing I wanted to ask was Switzerland is just one place, so if this were to be implemented there would it really have a ripple effect or would it simply affect people who use some of the exchanges or wallets in Switzerland?
Kristin Smith:
Well. I worry that it could have a ripple effect. I worry that when you have one nation do something, then other countries will look around and say, oh, they’re being tougher on illicit finance than we are, and there’s sort of a race to make sure that regulations are strong enough and meeting the strongest standards. And the reason that there is such concern about un-hosted wallets is for those who understand this space, but for policymakers who might be less schooled on the inner workings of cryptocurrency, the major concern is that today cash is obviously the method of choice for criminals, whether it’s for terrorist financing or for anti-money laundering that is the preferred methodology, but if I want to finance some terrorists on the other side of the world with cash I actually have to physically deliver that cash. I have to put it in a bunch of suitcases and get on an airplane, and at some point, along the way, there’s a good chance I might get caught with all of that, but the concern that these regulators and policymakers have is that with self-hosted wallets, you can do very large amounts of volume almost instantaneously, and so that is something that they’re trying to wrap their heads around and figure out what to do. The irony is that the way that we track down these guys today is using these…there are these specialized firms that do forensic analysis of the blockchains, and because we have information about some of the wallet addresses, and we don’t have information about some of them we’re still able to piece together…we, not me. But these firms are able to piece together, and in many times identify who has that information, but the irony is that if we get to this bifurcated world we’ll have no information about the world of self-hosted wallets while having perfect information about the world of hosted wallets, and so the cure that these policymakers are coming up with that results in this split world is actually going to make it more difficult to find the bad guys and not stop it, and so we’re hopeful that by doing some education around this that we’ll be able to prevent some of these ideas from taking off in the US, and not make the Swiss Rule the standard that we will see globally.
Laura Shin:
Yeah, and it actually just occurred to me as well that this also has implications for security because if people then feel that they need to keep the coins they’ve purchased on an exchange at the exchange and can’t pull them over to their own self-hosted wallets then a lot of people’s coins will be subject to any hacks at those exchanges, whereas right now you can transact and get a good price on an exchange, but then bring your money back to your own hardware, or your own software wallet.
All right. So, in a moment we’re going to talk about some of the other regulations that could come to the self-custody area and restrict people’s ability to host their own wallets, but first a quick word from the sponsors who make this show possible.
Crypto.com – the crypto super app that lets you buy, earn and spend crypto – all in one place. Earn up to 8.5% per year on your BTC. Download the Crypto.com app now to see the interest rates you could be earning on BTC and more than 20 other coins. Once in the app, you can apply for the Crypto.com metal card which pays you up to 8% cashback instantly. Reserve yours now in the Crypto.com app.
Laura Shin:
Back to my conversation with Jake Chervinsky and Kristin Smith. So, there is actually also another regulation that may come, specifically, to the US because FinCEN is looking adopting a rule that would lower threshold for transactions that have data collected on them by financial institutions for the Bank Secrecy Act from $3000 down to $250. What do you think of this idea? Do you think it’s a good idea or a bad idea, and why do they want to do this?
Kristin Smith:
So, we think this is a bad idea. They want to do this, and this is something that we understand is a priority for the treasury department, not just FinCEN, who is the direct regulator, but they…we think this is a bad idea. It’s particularly bad for crypto because this proposed rule applies to all financial institutions that are out there, so for banks that already have a program in place for this, it’s fairly easy for them because they just sort of change a number and it will increase the volume of reports, but it’s easier for them to comply, but for crypto companies that don’t yet have a working travel rule solution in place, this is going to be hugely problematic, and it’s not going to apply to just international transactions like the rule suggests, but in practice could very well have to comply…it would very well apply to all transactions, because the way that current iterations of the travel rule solution that are in play, there’s no way to verify where a wallet is in any sort of reliable way, so if it were to be applied it would have to be blanketly applied, and so this is a big step for crypto. The VASPs in the US have been working together to try to figure out a solution, but this makes it incredibly…much more burdensome.
Jake Chervinsky:
I agree with Kristin, and I think on principle the idea of reducing the reporting threshold is directionally incorrect. The direction that you’re moving by saying more will be reported to the government is expanding the amount of surveillance that is conducted and reducing the privacy of people who are using the financial system, and I think in the wake of the FinCEN files where we learned that basically the reports that are already being submitted to the government are not being used particularly well, and that’s for reports of many millions of dollars in value of transactions or even billions of dollars in transactions. To say that the solution to this problem is for the government to collect even more information about transactions in the $250 range just doesn’t make a whole lot of sense. I think that what we should be focusing on, to the extent that we believe that this surveillance system where financial institutions are deputized, basically, as actors of law enforcement to provide information to law enforcement so that they can root out criminal activity. The solution to that is to improve the government’s use of the information that is already receiving, not to just expand the dragnet and collect more information, so I think directionally it’s just incorrect to think of reducing the transaction thresholds.
Laura Shin:
Coin Center did write up a comment in response to this proposal, and they pointed out that when the Bank Secrecy Act was implemented in 1971, $3000 dollars back then would be the equivalent of $20,000 today, and the equivalent of $250 today would’ve been $40 back then so that just gives people a perspective on what Jake when was talking about when he says directionally it’s not maybe going in the same direction as originally intended. So, I just want to get the lay of the land here. How likely is it that you think these regulators…and I understand we’re talking about the US and some of these are international and stuff, but right now which way is the wind blowing? Do you think it’s likely that these regulations will be implemented, or do you feel like regulators kind of understand what the downsides are?
Kristin Smith:
I think a lot of it’s going to depend, at least in the US, on who we have leading the treasury department in the Biden administration, and we’ve seen various names thrown about. I think that it’s going to be not just the secretary but the undersecretary who deals with issues of terrorist financing and illicit finance. I think that a lot of it will depend on those personalities, but the FinCEN has issued this NPRM, notice of proposed rulemaking. There are lots of ways for that to slow down, and not necessarily become an actual rule, but I think it’s great that Coin Center was so quick. Peter is amazing at pumping out these letters to FinCEN. We’re working on a response at the Blockchain Association that provides some data that shows how burdensome this rule would be towards crypto, but I also think importantly when you do these proposed rules the regulatory agency is required to do a cost-benefit analysis, and if you look at the cost-benefit analysis that FinCEN provides in the rule it shows the cost to banks, which are just one category of financial institution that already have this infrastructure in place. It doesn’t take into account the non-bank financial institutions, but more importantly, it doesn’t take into account individuals that are going to have all of their information about their small transactions reported to government officials, and so we have been in discussions and are working on getting a grassroots website up and running, and we don’t have that quite yet but we should have that in time for individuals who want to comment on it from a personal privacy and liberty standpoint.
Jake Chervinsky:
I think, all else being equal, the trend is toward more regulation not less, so I think if we do nothing then we should expect there to be more regulation in any number of different ways. It might be reducing transaction limits for currently regulated financial institutions. It could be expanding the definition of those regulated financial institutions so that more folks are captured under the AML compliance obligations. It could be expanding what the regulated financial institutions are required to do. For example, the Swiss Rule, where you’re adding a new obligation to do some due diligence or compliance around transactions with self-hosted wallets. I think all of this is on the table. I do not think it’s inevitable, and I think that there is a lot of room for us to make very strong policy arguments why these regulations don’t bear out the cost-benefit analysis, why the cost is much higher than the benefits, and going back to the FinCEN files. I think what we’ve learned from that is, collecting more information is not necessarily a benefit to law enforcement, and also there are many ways for law enforcement to do their jobs, to detect and prevent criminal activity without doing dragnet financial surveillance, and on the other side I think what we see is that the cost to individual privacy, to the usefulness of crypto networks is really substantial if you limit the ability of people to use these systems the way that they’re intended, which is to say…to remove intermediaries and trusted third parties from the ability to conduct financial transactions, so I think that it’s incumbent on us in the industry, and those of us who care about this issue, to make those arguments why this matters to us, and I think this is…this is a project for not just the next few months but the next few years, and maybe the next decade. I do think that we’re entering the second phase of the crypto wars, the first part of which we mostly won in the 1990s, around encryption on the internet, although we are still relitigating that battle now in various ways. I think that’s how that argument applies to financial privacy in the crypto ecosystem is the next battle that we’re going to have to fight for a long time to come.
Laura Shin:
When you said earlier that you felt like there were other ways that regulators could achieve these goals without doing this kind of dragnet surveillance, what are some ideas that you have?
Jake Chervinsky:
Yeah. You know, I think that we need to have an open dialogue with law enforcement about what they need to do their jobs, but I mean just as an example, we had those whole arguments when it came to encryption in the 1990s, and there was a fairly strong argument that allowing criminals to use the internet to organize was going to increase the amount of illicit activity that we saw in the world, but the solution to that was not to ban the internet it was to empower law enforcement with modern tools so that they could still detect and prevent criminal activity that used new technology, and this is, frankly, not a new story, right. Criminals are always the first adopters of new technology, and then law enforcement has to figure out how to address criminal’s use of that new technology, and so I think one good example is how global law enforcement has addressed darknet markets, for example, and in a large part, they aren’t taking down darknet markets by doing massive financial surveillance and collecting information from financial institutions, they’re doing good old-fashioned police work. They’re finding out who the people are who are using these technologies for illicit purposes, they’re doing undercover work, they’re intercepting drugs that are being sent through the mail. They’re doing that kind of good old-fashioned work to figure out how to stop crime using new technology and I think we need to empower law enforcement to do even more in that sense, rather than sacrificing financial privacy in the name of what sounds like it might be helpful, but in truth seems like isn’t that helpful at all.
Laura Shin:
And I also wanted to put into perspective the level of crime or money laundering that we’re seeing in crypto versus the traditional financial system. Can you kind of make a comparison there to the levels of activity, in terms of criminal activity, and then also maybe make a comparison in terms of the response from the regulators?
Jake Chervinsky:
All of the…sorry, Kristin.
Kristin Smith:
No, go ahead, Jake.
Jake Chervinsky:
All of the data that we have now that suggests that there is very little illicit activity using crypto, so there have been a couple of reports that have been done by folks with access to really good data, so Chainalysis, for example, said that, in their most recent annual report, I think, only 1.1% of all crypto transactions involved illicit activity. There was also a report commissioned by the folks behind Zcash through the Rand Corporation, which found, I think, less than 1% of transactions in privacy coins, like Monero and Zcash, involved illicit activity. In comparison, criminals really do prefer using US dollars in cash for their criminal activity. That is still the monetary instrument of choice, and so when we talk about these concerns that regulators have, it really is an inchoate fear about some future hypothetical world where criminals have decided to start using crypto for illicit purposes in a way that they absolutely are not today, so it’s a fear about a possible future, not a concern about what’s happening right now.
Laura Shin:
In terms of what is happening right now, I believe OTC brokers are apparently the biggest money laundering risk in crypto. Why is that and how do you think that risk can be mitigated?
Kristin Smith:
Well. I would say it depends on the type of OTC broker. I think most of them that we see here in the United States are regulated and they do KYC, and they’re very good actors, but I think the problem we see is overseas there are OTC desks that facilitate large transactions without having any information, and that is probably one of the biggest holes in this system, and then if we could get those types of actors to come in and do KYC and have an AML program that that would be the source of it. It’s not the companies here…OTC desks here in the US but more overseas.
Jake Chervinsky:
I completely agree and I think this is the mission of the US government right now, is to bring overseas entities into compliance with anti-money laundering obligations, and one thing that kicked off this discussion recently was the US government’s enforcement action against BitMEX, Which really had to do with BitMEX serving US customers but not complying with the Bank Secrecy Act and performing KYC, customer due diligence, on its customers, and so I think what we’re seeing from regulators is a focus on bringing those offshore entities into compliance, and I think we’re seeing this across the board where offshore exchanges, and I’m sure this is true for OTC brokers as well, who for a long time offered no KYC services, are now starting to require KYC for all of their customers, and I think that trend will definitely continue as we go forward.
Laura Shin:
I also want to draw out the…I guess how the different political situations and different geographies can also influence one’s perspective on the value of peer-to-peer transactions, and I know that there are particular countries where the value of that is actually pretty salient right now. Hong Kong might be an example, or Venezuela, China. Can you just walk me through what the benefit is of having peer-to-peer crypto transactions possible in places like those?
Kristin Smith:
Yeah. Well. I think in Hong Kong, with everything that’s been going on there in the past year, and the protests, if you bought a metro card with the system they would be able to know that you were a part of those protests, and you don’t want the government knowing that, and so to be able to have a digital cash-like option to engage in political activity that’s one example, but I know Jake has a lot of thoughts on this, because we’ve talked about this before, so I’ll let him.
Jake Chervinsky:
And we’ve mentioned a few times already in this discussion that some of these concerns are much greater outside of what we think of as liberal democracies in the developed world. It’s really where people fear their government because their government is authoritarian and their fear of censorship is because they believe that their government will not comply with the rule of law and will not respect their basic human rights. In places like Venezuela for example, and look, we’re not seeing, I think, a whole lot of use of crypto networks in Venezuela right now, but in places like that you can imagine the argument for financial privacy and self-custody being much more important, where if you are the opposition party and you’re making legal arguments against the ruling party, and the ruling party’s response to that is to de-platform you or to cut you off from access to the financial system so that they can defeat you not through a democratic election, but rather through wielding their power to crush the opposition. That’s where these technologies really matter, and so this is a geopolitical question and I think something that the US government will have to consider as it thinks about its policy toward crypto broadly is, how is crypto a geopolitical tool for freedom and against oppression in places where governments are not respecting the rights of individuals to speak freely, to think freely, and to fight for their own voice in politics.
Laura Shin:
So, something super interesting that acting comptroller of the currency, Brian Brooks, said when he came on Unchained was I asked him about privacy and he said, look, if you’re a dissident in a country like Cuba or if you live in Venezuela you’ll care more about financial privacy, and then he said, “In the US where we are legitimately a target of terrorism every day it feels a little bit different. Yes, there are some things we would probably rather buy privately, but as a society, we seem to have made the judgment that the threat of people using our financial system for illegal, even terrorism purposes, is sufficiently tangible that we need to protect against that, and thus give up some of our privacy in favor of that.” Do you agree that this is how Americans should feel and do you also think that this then justifies the US having more regulations and less privacy?
Kristin Smith:
Well. I mean, I think, that’s what makes this a policy issue and something that needs to have the debate elected officials as opposed to just regulators, but I think Brian Brooks is right. There has been a tradeoff that has been made here, and the problem that policymakers have is once they tend to get going in a direction it’s very hard to reverse that, and so I think that, yes, somewhere along the line we realized…we decided to hand over our financial privacy and I think that we’re now seeing, with this FinCEN rulemaking, that that’s only going to increase and it’s very…nobody wants to be the congressman that says, hey, well, we’ve got enough and if we don’t do more then people will…there will be more threats and more people will be hurt. And this might be a politically unpopular thing to say, but I feel like it’s sort of with coronavirus, right. Like, yes, if everyone stayed inside their house all day for six months it would all disappear, but at the same time, there would be negative consequences of that, right. No one would go to the gym, there would be mental health problems, there would be suicides as a result of that, so all of these decisions that are made are policy tradeoffs. That’s what makes policy interesting, right. You have different interests that needs to be balanced, and what I worry is that the voice of the individual in all of this is just kind of taking it to be a foregone conclusion that this is how it has to be and that we have to give up these things, but I think that now…I mean, I think crypto entering in this space is an opportunity to revisit these questions and to educate individual users. At the Blockchain Association, we represent companies, right, but I think there are a lot of individuals who should also care about these decisions, and I think that this is something that, I know, Jake and I hope we can get more people involved in and talking about because we should be having a much more open debate about this topic.
Jake Chervinsky:
You know, I think people care very deeply about privacy here, actually, and I think that yes, it’s a tradeoff and it’s important to remember this isn’t all or nothing, right. I don’t think anyone is advocating that every single financial transaction should be anonymous, and no one should ever be able to know anyone who spends anything anywhere, right. That’s sort of an extreme view that no one is advocating for. I think what we advocate for is having the option to have anonymous transactions where it is appropriate. There are some things that we simply do not want to be known by everybody in the world, right. Just imagine a world where every single person, and all of your neighbors, and friends, and family, and business associates knows every single dollar that you spend everywhere and on what at all times. That is not a world that we want and that’s why we have cash, and that, I think, is why as a policy matter, we are very committed to having cash. We’re not trying to move to a cashless society, and the question is why would you treat physical cash, paper cash that we’re used to, any different from digital cash, right. It doesn’t mean that every single transaction will be done in digital cash, but what it means is that there should be an option, but also as I said, I think that people do care very deeply about privacy here and we see that in the form of new privacy laws, like the recent law passed in California. That does give people much more control over personal information that is collected by the businesses that they patronize, and so I do think that this is an issue that is going to get worked out for a very long time, but I’m imagining that candidates for elected office will have to be responsive to the interests of their constituency, and people are very concerned about protecting their privacy.
Laura Shin:
Last month the DOJ’s cryptocurrency enforcement framework labeled anonymous transactions “as a high-risk activity indicative of possible criminal conduct.” What do you think that statement means for the future of privacy coins, such as Monero and Zcash?
Kristin Smith:
I mean, I think it’s a challenge for them, right, and we work very closely with the Zcash guys and I think they’ve been very thoughtful in their approach and we’re continuing to figure out the right way, but I mean, I think as we saw yesterday, ShapeShift delisted Zcash. Having that report out there is problematic because that’s sort of an identifiable step that exchanges could choose to take and I think that is a huge step backward towards maintaining financial privacy and something that I think is going to have to come to a head in a larger public policy debate in order to correct that.
Jake Chervinsky:
Yeah. You know, Laura, you had Jessie Liu on to talk about the enforcement framework, and it was a fantastic conversation, so I would highly recommend everyone listen to that to get more context for what the enforcement framework means.
Laura Shin:
Yeah, and just so people know, she was the former District Attorney for Washington DC.
Jake Chervinsky:
Yes, and she was a nominee to be undersecretary of treasury for terrorism and financial crimes, so she knows more than anybody about this subject, and I would echo what she said, which is the enforcement framework was a clear message from the Department of Justice that they have a fundamental concern with anonymity enhancing cryptocurrencies, and when they talked about exchanges offering anonymity enhancing services or assets what they said was that the financial institutions should consider whether it is possible to comply with their anti-money laundering obligations while offering those cryptocurrencies, not how they can best mitigate risk or something like that. They literally said whether it is possible, and to translate that into DC speak, what lies behind that reading between the lines is they don’t think that it is possible, and it was a message, I think, to financial institutions, to exchanges, and custodians that they should not be offering those assets and I think that’s what motivated ShapeShift, which is run by a CEO, Erik Voorhees, who is, I think, very deeply committed as a personal matter to financial privacy to decide that it was just too risky to offer those assets, so I think that this is an issue that is going to be debated for quite a while.
Laura Shin:
Yeah, I have to say I find that surprising simply because both of those cryptocurrencies do come with viewing keys that could be used to show regulators the particulars of those transactions, which means that they sort of have something built into to comply with existing regulations, but apparently, that’s not enough. So, we did touch briefly on the upcoming administration, but I want to dive into it a little bit more. Gary Gensler, the former CFTC Chairman has been tapped to head up the financial policy transition team for the upcoming Biden administration, and I wondered if you consider that a positive development for crypto, and you did mention some of the key appointments that you were looking at and I wondered if there any names of who would be on your wish list.
Kristin Smith:
Yeah. No, I mean, I think that having Gary Gensler is positive. He teaches a course at MIT on blockchain and crypto and has a very good understanding of how the technology works and I think that having him in the mix is comforting. If you look down the list, sort of without naming names, there are some additional advisors on that list. When I saw that upon its release, I was a little bit worried that some of those might not be in the best interest of crypto, but I think having Gary at the top is good. I think for treasury secretary that’s really going to set the tone, and then all of the undersecretaries will stem from who the treasury secretary is, and I think there are several names in the mix. Lael Brainard, Janet Yellen, who…either of them, I think, would be thoughtful on these issues. I don’t think they have a major beef against crypto, but I also don’t think they’re the biggest champions either. I’ve been trying to get Glenn Hutchins on the list. I don’t know if Glenn Hutchins knows this, but I think he would make an amazing treasury secretary who really understands this space. I think Roger Ferguson is…I’ve heard his name on that list. I think he would be a thoughtful choice. He’s the current CEO of TIAA-CREF. There’s nobody on the list right now that I consider to be an immediate threat, especially compared to the current treasury secretary. I mean, he’s been fairly vocal that he doesn’t see much value in cryptocurrency, so I think the bar is fairly low right now and we need to just get somebody better than that, but I’m not sure when somebody shows up and they are surrounded by the career staff that have dealt with these issues they may decide to take on this next level of regulation as a priority, so we’re not out of the woods yet, but I think that that’s why it’s important that we be having this conversation within our crypto community and get people mobilized and involved, and weighing in with regulators when there’s opportunity, and talking about members of congress, and letting them know that financial privacy is important and that we don’t want the government to go too far.
Laura Shin:
And speaking of Congress, how does the makeup for the next congress look, in terms of this issue? Do you think that it will be the type of congress that wants more surveillance or that will be supportive of privacy?
Kristin Smith:
I think that it’ll…I don’t think Congress will do too much on this. I do think that the house is going to be controlled by Democrats. They tend to be in favor of more regulation and the makeup of the House Financial Services Committee has traditionally pushed for more. In the Senate, the current chair Mike Crapo, Senator Crapo of the Senate Banking Committee, he is a huge privacy advocate. Now, he is no longer going to chair the committee because he’s going to move to the senate finance committee, and so likely we’ll have Pat Toomey, but I think the leadership on the Senate Banking Committee, as a general matter, tends to value privacy, and so that actually might be two good sides of the coin that could lead to a good policy in the middle. I mean, what you don’t want is just sort of one opinion coming in and not having the debate and determining what the tradeoff should be, but I’m not convinced that that is something that’s going to move quickly. Now, what could change is if there is some horrible incident and we find out that Bitcoin was the financing behind it then that could change very quickly, and so I think that’s why we want to make sure we have our ducks in a row to have that debate. It’s one of the reasons why the Blockchain Association, this month, is putting out a report on this topic and we want to be ready to go because that could change pretty quickly under the right circumstances.
Laura Shin:
I also wanted to ask about something that maybe isn’t in any of these proposals at the moment, but certainly is out there as an idea. Could there be regulations that come for developers who write code for self-hosted wallets or for other privacy-preserving crypto products that…where they might be targeted even if they’re not actually in charge of people’s private keys?
Jake Chervinsky:
Oh, I was just going to say that would surprise me a lot, for a couple of reasons. The first is, right now there are no laws that, I think, could be construed as applying to the developer of software who is not actually taking custody of someone else’s assets, and so in order for something like that to happen you wouldn’t just need new FinCEN guidance or even formal rulemaking, you would actually need Congress to pass a new law extending regulation to the developer of open-source software. I think it’s very hard to imagine that happening for political reasons. I think it would be strongly opposed and very broadly opposed because there really aren’t laws restricting the development of open-source software in any context, let alone in the financial context. I also think that there would be a pretty strong constitutional challenge if there was an attempt to craft some law that prevents folks from simply writing software that they themselves are not using, or helping others to use, and I know this is an issue that Coin Center works on a lot, and in particular, Peter Van Valkenburg, who dives into the first amendment right to freedom of speech of developers and I think that if there was an attempt to pass a law like that there would very quickly be any number of constitutional challenges, and so I don’t expect anything on that.
Even on the administrative level, FinCEN has been, as I said before, very careful to draw the line between service providers who are actually taking custody of assets belonging to others, and then providing some service, whether that is money transmission, right, sending those assets to some other person or location, or mixing services, right, providing some level of anonymity for future transactions. FinCEN has really distinguished between those service providers and to mere software providers who FinCEN says are not subject to the Bank Secrecy Act, and it would really shock me if that changed.
Kristin Smith:
I do think, though, we could see the idea floated in Congress. There’s a lot of crazy bills that are introduced that don’t go very far, so it wouldn’t surprise me if Brad Sherman or somebody like that comes in and throws something in the hopper to get that idea out there, but yeah, I agree with Jake. I think that there would be a challenge, and if something like that happens, we would fight that tooth and nail, obviously. That would be a major problem for not just crypto but for the entire internet.
Laura Shin:
Yeah, and as a reminder for people, Brad Sherman was the congressman who proposed, I think, banning Bitcoin and other cryptocurrencies, so just to jog your memory. And then the last thing I wanted to ask about was…so everything we’ve been talking about is how these proposed rules affect these wallets, but the fact is that wallets can contain other things besides money. For instance, with Filecoin, or with this whole NFT trend they could contain documents, or they could contain art, so how could these potential rules affect those types of situations?
Kristin Smith:
Yeah. No, I mean, I think if there are…if policymakers decide that self-hosted wallets are untenable and that there need to be limits in transacting with un-hosted wallets that is not…that’s not just money. If you think your wallet today, for those who actually still have wallets, you may keep your cash in there, but you might also keep your social security card in there. You might keep a picture of a family member. You might keep your identification in there. Similar with a safe. You could have some valuable items and jewelry, some things of that nature. Self-hosted wallets can host many different kinds of crypto-based assets, but if those types of limits were to be put in place they could very well extend to wallets that host other types of assets, and so it would really have, I think, a ripple effect across all of the crypto industry, and that is…I think there’s so much potential with Web 3.0 applications of cryptocurrency that we’re just starting to see, such as Filecoin and others, that we wouldn’t want to cut off this whole part of innovation that, again, is in the early stages that…in an effort to go after terrorist financing.
Jake Chervinsky:
Yeah, and this is actually one of the two subjects of FinCEN’s notice of public rulemaking. So, we’ve talked a lot about lowering the reporting transaction threshold down to $250. That’s one aspect. The other is clarifying the definition of money, basically, under the funds travel rule, so what types of transactions are subject to these reporting requirements, and basically the notice of public rulemaking proposes clarifying that all “convertible virtual currencies” CVCs, which is FinCEN’s word for cryptocurrencies, that all transactions and CVCs are subject to the Bank Secrecy Act. I think in general that makes sense. It’s sort of what we’ve all assumed anyway that Bitcoin, and Ether, and pick your crypto, that all of them are subjected to those requirements. I think where there might be some dispute is, like you said Laura when you get outside the scope of these convertible virtual currencies, these fungible assets to non-fungible assets where there’s a token representing art or something like that. I think then there might be an argument that the traditional rules for anti-money laundering compliance don’t apply, but I don’t think we’ve really dug in from a legal perspective to that issue quite yet.
Laura Shin:
All right. Well. We will see where all of this goes. When are kind of like the next big developments that you’re looking for when it comes to whether or not this is going to go in the direction you would like, or not?
Kristin Smith:
Well. I think seeing what happens is the next step, with the FinCEN notice of proposed rulemaking, and whether they extend it and move forward with that. I also think figuring out who the treasury secretary nominee is, and who some of the other people at treasury will ultimately be, which we’ll be finding out in the weeks and months ahead, and then I think as…one we’re keeping an eye out on is FATF is expected to do another report in June, and this may or may not be addressed in that, but we’ll definitely be keeping an eye out to see if this is something that they continue to have as a matter of discussion.
Laura Shin:
Okay. Well. Where can people learn more about each of you and about this topic?
Kristin Smith:
Well. For the Blockchain Association, you can follow us @Blockchainassn on Twitter, or you can go to theblockchainassociation.org. We have a public policy page that talks all of our issues, including what we’ve been speaking about today, and that will have a link to our report on self-hosted wallets that we’re releasing in November.
Jake Chervinsky:
Yeah, and for me, I would say just follow me on Twitter. It’s @jchervinsky. I try to keep folks updated on the most important issues around self-custody and privacy, and especially as enforcement actions roll out from the Department of Justice, and elsewhere in the government. I try to keep folks updated on that, and then when there are opportunities to provide public comments, like in the case of FinCEN’s notice for public rulemaking I’ll try to keep folks updated about hose opportunities as well.
Laura Shin:
Okay. Great. Well, thanks to both of you for coming on Unchained.
Kristin Smith:
Thanks, Laura.
Jake Chervinsky:
Thank you.
Laura Shin:
Thanks so much for joining us today. To learn more about Jake and Kristin, check out the show notes for this episode.
Don’t forget you can now watch video recordings of the shows on the Unchained YouTube channel. Go to youtube.com/c/unchainedpodcast and subscribe today.
Unchained is produced by me, Laura Shin, with help from Anthony Yoon, Daniel Nuss, Bossi Baker, Shashank, and the team at CLK Transcription. Thanks for listening.
