At Least They Asked This Time: Treasury Department’s Crypto AML Power Wish List Is a Non-starter

  • December 6, 2023
  • 0

Jack Solowey and Jennifer J. Schulp

November 28 was “Giving Tuesday,” but that didn’t stop the Treasury Department from asking Congress that day for additional anti‐​money laundering (AML) powers over cryptocurrency activity. The best that can be said of the Treasury’s wish list of bad ideas is that at least it bothered to ask Congress rather than simply assert feigned authority.

The fact that Treasury had to ask, though, is telling. The ask reveals what we and others have grown hoarse from shouting: that existing regulatory frameworks designed for centralized financial intermediaries do not suit the reality of decentralized crypto technologies. This substantive mismatch between the legacy AML regime and the nature of crypto technology cannot be papered over with legislative power grants, and regulators’ insistence to the contrary risks damaging both Americans’ liberty interests and America’s national interest.

One of the primary ways that Treasury has asked Congress to expand the agency’s crypto AML authority is by designating a series of core crypto technologies as “financial institutions” under the Bank Secrecy Act (BSA). Thereupon, these tools would become subject to the type of “requirements to which banks and other financial institutions are already subject.”

But most of the crypto tools that the Treasury would like to see covered under the BSA do not resemble traditional banks and financial institutions in meaningful ways. As we’ve pointed out, and as Treasury itself acknowledges, the parts of the crypto ecosystem that do resemble more traditional financial intermediaries—such as centralized crypto exchanges that custody customer funds—already are subject to the BSA regime, as they’re typically considered covered “money services businesses.” Treasury, however, would like to expand this coverage to include other parts of the crypto ecosystem: decentralized finance (DeFi) service providers, noncustodial wallet providers, miners, and validators.

Absurdly, Treasury’s request would require crypto technologies (such as miners, validators, and DeFi protocols) that do not directly interface with transacting counterparties to collect those users’ personal information and verify their identities as part of know‐​your‐​customer (KYC) programs.

Validators and miners are crypto’s backend infrastructure: computers running software to confirm the authenticity of transactions and secure cryptocurrency networks. DeFi protocols—likely covered by Treasury’s vague reference to DeFi service providers—also do not directly face users, and the applications used to access them can vary based on users’ own choices. Requiring crypto infrastructure to implement KYC programs would be as inappropriate as asking a bank’s IT contractors—from cloud computing to hardware providers—to identify the bank’s customers.

Such unworkable compliance requirements would amount to de facto bans on US crypto activity. And where crypto infrastructure providers did seek to somehow comply, it would only increase cybersecurity risk by creating—in the words of entrepreneur and Columbia Business School Professor Austin Campbell—“the least secure, biggest honeypot, most information‐​exposing ecosystem possible.”

Noncustodial (or self‐​custody) wallets—the providers of which Treasury would declare financial institutions—directly interface with crypto users. However, subjecting wallet providers to the AML/KYC regime is problematic for separate reasons. Conceptually, noncustodial wallets more closely resemble physical wallets holding cash than traditional digital payment apps. Fundamentally, a noncustodial crypto wallet is simply a tool for safeguarding the credentials (private keys) for accessing a user’s own crypto holdings.

The most basic form of a noncustodial wallet is merely a piece of paper recording a user’s credentials (or a mnemonic phrase for recovering them). Even where crypto credentials are stored via software or hardware tools, subjecting the providers of those tools to AML/KYC requirements still would be like subjecting the manufacturer of a leather wallet to rules designed for banks. In both cases, the maker of the wallet (for cash or crypto) is essentially giving the user a tool for controlling her own funds and is not inherently responsible for the broader payment ecosystem.

If Treasury nonetheless believes its proposed invasion of one of the last two redoubts of financial privacy—self‐​custodied cash and crypto—is justified because noncustodial crypto wallets present a greater illicit finance risk than cash wallets do, then it must make that argument. But that argument likely would be a loser because—by Treasury’s own repeated admission—traditional assets are more often used for illicit finance than crypto is.

Simply stating, as Treasury does in its ask to Congress, that Hamas has used “unhosted wallets,” ignores that when it comes to terror finance, “Crypto is currently a very small part of the puzzle,” as the former chair of the Israel Money Laundering and Terror Financing Prohibition Authority, Dr. Shlomit Wagman, recently told Congress.

Even if Treasury could persuasively make the case that noncustodial crypto wallets presented a compelling risk requiring an AML intervention, Treasury would still have to justify applying the legacy KYC regime. Speaking at the Blockchain Association’s Policy Summit last week, Deputy Treasury Secretary Wally Adeyemo urged the crypto ecosystem to “design new tools, and pursue new ways to protect digital assets from being abused.” But Treasury’s insistence on imposing legacy regimes that require comprehensive KYC programs would stand in the way of applying innovative solutions that may combat illicit finance risk.

Emerging crypto technologies like zero‐​knowledge proofs offer the ability to, for example, confirm that an individual is not a sanctioned terrorist without having to divulge that individual’s identity and complete set of personal information. It’s far from clear, however, that regulators would consider such innovations to satisfy existing prescriptive KYC rules that call for verifying customer identification and collecting specific personal information, unless those rules were reformed.

Treasury’s wish list similarly proposes draconian solutions for US Dollar‐​denominated stablecoins (crypto tokens designed to maintain a 1:1 peg to the Dollar) that would jeopardize the benefits those stablecoins can bring to the Dollar’s status as the world’s reserve currency. Treasury asks Congress for jurisdiction over USD‐​pegged or denominated stablecoins even where such “stablecoin transactions involve no US touchpoints.”

Even putting aside arguments that this assertion of extraterritorial jurisdiction is unprecedented and raises a host of questions, the Treasury Department loses the plot by conceiving USD‐​denominated stablecoins as a threat rather than an opportunity. As Campbell testified before the House Financial Services Committee earlier this year, “[S]tablecoins are a key to expanding the reach of the dollar”:

The United States runs a significant deficit we must fund. Simultaneously, the dollar, thanks to the strength of the American economy, the solidity of our legal system, and the core rights that come with that, is demanded globally. In the world of blockchain and crypto, the preferred fiat currency is, unsurprisingly, also the dollar. The only thing that could stop that would be the interdiction of usage of the dollar on blockchains, meaning that if the United States embraces the innovation of stablecoins, then as the usage of blockchains and crypto grows, the reach of the dollar will also grow commensurately. US Dollar stablecoins expand the reach of the dollar into a new, rapidly growing market, cementing the usage of the dollar for global trade.

When US regulators look askance at stablecoins, they shouldn’t be surprised if stablecoin users around the globe begin to consider alternatives to USD‐​denominated options.

The AML authorities on Treasury’s wish list are not the first examples of US regulators’ allergy to crypto technology. Part of that allergy stems from a tendency of US regulators to miss the forest for the trees on crypto, and whether it’s “los[ing] sight and focus from the big picture” when it comes to crypto’s relatively narrow role in illicit finance to date or ignoring the potential of crypto technology to serve America’s economic interests at home and abroad, it all leads to overreach and counterproductive interventions.

On our crypto policy wish list this year (and every previous year) is for US regulators to get out of Americans’ way. That policymakers respect financial privacy, base their interventions on evidence, and allow innovation to solve problems really should not be too much to ask for.