Network for the enforcement of financial crime
P.O. Box 39
Vienna, VA 22183
FinCEN file number FINCEN-2020-0020, RIN 1506-AB47
4th January 2020
Dear Sir or Madam,
The proposed rules for currency transaction reports and records appear to require banks and money service providers (MSBs) to demonstrate that an identified counterparty to a transaction actually has one or more specific cryptocurrency addresses if that counterparty is using a non-hosted wallet and the transaction is worth over $ 3,000. (The $ 3,000 mark would invoke the record-keeping requirement, while the $ 10,000 mark would also invoke the currency transaction report requirement.)
The proposal does not make an explicit distinction between withdrawals and deposits. So I’m assuming the above proof of ownership requirement would apply to both types of transactions if they exceed $ 3,000 and involve a counterparty with a non-hosted wallet.
From now on, I will refer to any process or action that attempts to establish the ownership link between the identity of a counterparty and one or more cryptocurrency addresses as an “address verification process”. I’ll refer to the general process itself as “address validation”.
In my country of residence, the Netherlands, last fall, the central bank carried out address verification for stock exchanges and custodian transactions involving withdrawals to a non-hosted wallet. Contrary to your suggestion, in these cases address verification is required for withdrawals in the Netherlands, regardless of the transaction value. Address verification is not a requirement for deposits from a non-hosted wallet.
As a longtime advisor and trainer in the cryptocurrency ecosystem, I have carefully examined the practicability and desirability of address verification in the light of the measures recently taken by the Dutch Central Bank (De Nederlandsche Bank NV). And I want to share my thoughts on these issues with you.
Overall, I believe address verification is unlikely to be very productive in the fight against financial crime, with significant costs for trade and innovation, as well as customer privacy and security.
In this letter I would like to explain why I am so skeptical of the practice of address verification and why I consider your proposal to be impractical and disproportionate. Before I begin, I would like to make three comments about the scope of my critical feedback.
Firstly, neither from your suggestion nor from any additional comment from you, I have not been able to determine exactly what types of address verification measures you are proposing. However, I assume that you are considering procedures similar to those currently recommended by the Dutch Central Bank to our custodians and exchanges.
Therefore, I will use the suggested procedures as a guide in formulating my criticism of address verification. These suggested procedures are as follows:
- So that customers can take screenshots of their wallets with the destination address
- For the customer and the company for video conferencing during the transaction
- So that customers can digitally sign the destination address with the associated private key
- So that customers can return part of the Bitcoin received to the exchange or the custodian bank
- So that the company can give the customer an address (presumably by having an extended public key of the former)
Second, I’ll limit my examples to cases where money is withdrawn into a non-hosted wallet. The same criticism can be made against the case of depositing money from a non-hosted wallet. In fact, address verification is an even bigger practical problem with deposits, as cryptocurrency transactions typically involve multiple unspent transaction outputs as inputs (meaning you would have to link an identified counterparty to multiple addresses, not just one).
Third, your regulation also suggests address verification in cases where the counterparty’s wallet is hosted, but the bank or MSB of which the counterparty is a customer is located in certain foreign jurisdictions. I am only limiting my comment to cases where the counterparty is using a non-hosted wallet.
Unproductive in the fight against financial crime
The proposal provides for address verification to combat a wide variety of financial crimes. In the summary, for example, the proposal states:
As explained below, US authorities have found that malicious actors are increasingly using CVC to facilitate international terrorist financing, arms proliferation, sanction evasion, and transaction money laundering, as well as controlled substances, stolen and fraudulent identification documents and the Access to buy and sell equipment, counterfeit goods, malware and other computer hacking tools, firearms and toxic chemicals. In addition, ransomware attacks and associated payment requirements, which are almost entirely CVC, are growing in severity, and the G7 has particular concerns about ransomware attacks amid malicious actors targeting critical sectors in the context of the COVID-19 pandemic , detected.
There is no way I can talk about address verification procedures in relation to all of these crimes. Instead, I limit my discussions to just a few financial crimes that constitute at least a substantial part of the concerns about these proposed regulations: money laundering, terrorist financing and sanction evasion.
These are structurally very similar crimes, even if they differ in terms of their legal bases and substances. And address verification procedures, for the same reasons, will have little effect on combating them in my opinion.
For example, suppose the customer of an exchange intends to launder money for a drug cartel through bitcoin, and the exchange implements address verification by customers taking screenshots of their wallets. How exactly would this prevent the customer from participating in money laundering activities?
The customer could easily bypass the requirement in the following ways:
- Create an address in your own wallet and take a screenshot. After the exchange has confirmed the transaction and the customer has received the bitcoin, they can forward it to the criminal organization.
- Get an address that belongs directly to the criminal organization and incorporate it into a watch-only wallet. The customer takes a screenshot of this watch-only wallet and the destination address. The exchange confirms the screenshot and transfers the bitcoin directly to the criminal organization. The customer never has access to the bitcoin.
- Get an address that belongs directly to the criminal organization and take a fake screenshot, e.g. B. with the Bitcoin Wallet Screenshot Generator. The exchange confirms the customer’s screenshot and sends the bitcoin directly to the criminal organization. The customer never has access to the bitcoin.
Sometimes customers are tricked into being money mules rather than purposely supporting a criminal organization. Even for such customers, however, not much would change in my considerations above. If a customer can be tricked into becoming a mule for a criminal organization, it is unclear how a screenshot can help prevent their stupidity.
And these conclusions can be drawn more generally about most other address verification techniques. I didn’t just choose the screenshot implementation of address validation. Many other practical implementations – like creating digital signatures or sending some of the funds back – would experience a similar level of carelessness.
Overall, address verification procedures do not appear to offer any additional concrete benefits in terms of combating money laundering, terrorist financing and sanction evasion when standard procedures for customer due diligence and transaction monitoring are in place.
I’m not very convinced that address validation is good at combating other types of financial crime, at least not in a way that couldn’t be done any less invasively. I believe the comments above are sufficient to show what types of effectiveness issues will arise when reviewing the practice.
The cost of address verification procedures
Address verification is also associated with considerable costs. What exactly these costs are depends on the exact measures taken by banks and MSBs to implement them. However, I would like to highlight two main problems that, to varying degrees, are likely to apply to some extent to the practical implementation of address validation.
First, address screening is a hurdle for trade and innovation.
For example, suppose an exchange requires all counterparties to digitally sign the address (es) to create a link between their identity and their cryptocurrency address (es) on a non-hosted wallet. (I put aside concern for now that this would be ineffective evidence of anything.)
Most customers have no idea how to create digital signatures, which leads to an overload of customer complaints and inquiries. Customers would also need to purchase software and hardware that would allow them to create these digital signatures with relative security. Much business is likely to be lost as a result of the chaos in implementing such an address verification process.
Of course, some possible implementations of address validation may be a little less invasive to commerce, e.g. B. a screenshot of a wallet (again putting aside the concern that this would be ineffective evidence of anything). But again, we need to recognize that there will be some costs or complications for trade and innovation.
For example, since cryptocurrencies are programmable, you can also send them to addresses controlled by decentralized protocols rather than humans. While these decentralized protocols are currently experimenting for the most part, they can prove to be very interesting and valuable use cases.
But how exactly could these decentralized protocols fit into the proposed address validation requirement?
In my opinion, the proposed regulations cannot accommodate this type of use case: after all, decentralized protocols have no identities or physical addresses. Even a relatively simple measure to implement address verification by a bank or an MSB, e.g. E.g. a wallet screenshot has negative effects on trade and innovation.
Second, address verification can compromise customer privacy and security. I’ll just go through some of the possible implementations to get the point across.
To begin with, a screenshot shows what type of wallet a customer is using and possibly more information, possibly about the type of operating system or device. A video conference will reveal even more about the customer’s personal storage modalities.
This type of information is very dangerous in the wrong hands. We don’t ask customers of precious metals dealers where they store their gold and silver. So why with Bitcoin customers?
While I recognize that Bitcoin is much more liquid and brings with it additional risks in terms of financial crimes, I don’t think the risks to customer privacy and security are proportionately balanced with address verification procedures.
Another likely candidate for address verification is the creation of a digital signature over the counterparty’s address. It is a best practice in the Bitcoin industry that you only reveal your public key in one transaction (so you should only use an address once). This type of action would directly violate industry best practices.
In summary, I doubt that address screening procedures, such as those required for the contexts prescribed in these regulations, will make any real contribution to the fight against financial crimes. At least I haven’t seen a really solid implementation that would make me think differently.
In addition, address verification procedures are associated with costs for trade and innovation as well as customer security and data protection. Surely this cost will depend on how exactly you implement it. But they will have the cost, at least in a way that I can imagine implementing them.
I therefore urge FinCEN not to pursue this proposal in its current form. Any revised proposal, in my opinion, needs to answer three key questions:
- How exactly must the address verification of banks and MSBs be carried out?
- How exactly will these address verification procedures address the multiple financial crimes identified in the proposal?
- What exactly is the cost of commerce and innovation, as well as the privacy and security of these address verification processes for customers?
With best regards,
The author would like to thank Daan Kleiman for his critical feedback on an earlier version of this letter.
This is a guest post by Jan-Willen Burgers. The opinions expressed are solely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.