News

Cryptocurrency exchanges are scrambling to routinely share required details of certain transactions after a senior U.S. official emphasized that blockchain technology is no substitute for compliance, sources told ACAMS moneylaundering.com.

Under the travel rule, which the U.S. Treasury Department adopted in 1996, banks, money services businesses, or MSBs, and others must share the names, addresses and account numbers of both the originators and beneficiaries tied to payments of $3,000 or more with the next financial institution in line to handle the funds.

Some cryptocurrency firms thought the rule may not be enforced aggressively against their industry, which has relied on digital wallet addresses and the online, publicly reviewable ledgers associated with blockchain technology as an alternative, said Yaya Fanusie, a former CIA analyst.

“I think it’s pretty clear now that they’re not going to be given a free pass,” said Fanusie, now a consultant in Washington, D.C.

The industry’s assumption of non-enforcement of the travel rule was challenged in June, when the Financial Action Task Force instructed national governments to task cryptocurrency companies with similar expectations of collecting “accurate originator information and required beneficiary information” on transactions of $1,000 or more.

All remaining doubt was erased in November when Ken Blanco, the director of the Treasury Department’s Financial Crimes Enforcement Network, or FinCEN, told an industry conference in New York that the travel rule’s $3,000 threshold applies unequivocally to the cryptocurrency sector.

“In fact, to date it is the most commonly cited violation by the IRS against MSBs engaged in [cryptocurrency] transmission,” Blanco said, citing a range of infractions dating back to examinations in 2014.

Nearly five years ago, in May 2015, prosecutors and FinCEN assessed a $700,000 fine against Ripple Labs for failing to register as an MSB and ordered the San Francisco-based cryptocurrency company to ensure compliance with the “funds travel rule,” review entire batches of prior transactions for signs of money laundering, and hire an external auditor.

Blanco’s speech and FATF’s guidance have set off “a flurry of activity” inside exchanges and other cryptocurrency firms and spurred them to develop software or other solutions to meet the rule’s requirements, said Carol Van Cleef, a Washington, D.C.-based attorney with the Bradley Arant Boult Cummings law firm.

Some exchanges have sought to comply by restricting outbound transfers that trigger the travel rule to wallets that are already owned by the customer, rather than by anyone else, so that the exchange or wallet provider can rely on information they have already collected, Van Cleef said.

“There is a lot of activity that is $3,000 or more,” said Van Cleef. “The major problem is, given the nature of cryptocurrency, can you collect the information you need to comply with the rule?”

‘Click of a mouse’

Most cryptocurrency payments take place through wallets hosted by a cryptocurrency exchange. But users can also transact through unhosted wallets with no regulated entity to validate their identities.

“If a client with a hosted wallet sends funds to an unhosted wallet, the exchange does not have to get the identity behind the unhosted wallet, but there’s the added issue of having to be sure as to whether it is hosted or unhosted,” said Fanusie, the former CIA analyst. “I think [if enforcement increases], you’ll have an environment where exchanges will see unhosted wallets as riskier due to the lack of visibility into who is behind them.”

Almost 90 percent of all Bitcoin transfers conducted in the first four months of 2019 took place on formal exchanges, while just four percent were completed on a peer-to-peer basis, according to Chainanalysis, a New York-based firm.

The company reported in November that around 30 of the world’s top 120 exchanges still allowed withdrawals of more than $2,000 in bitcoins while conducting “little to no” know-your-customer checks.

Regulators may not have anticipated the “technical lift” required to bring exchanges into compliance with the travel rule, a compliance officer for a cryptocurrency firm told moneylaundering.com on condition of anonymity.

“There are significant risks in transferring people’s [personal information] to exchanges that have not been vetted,” the compliance officer wrote in an email. “All for very minimal AML benefit, since the rule can be circumvented with a click of a mouse.”

The travel rule itself, if strictly applied, could prompt illicit clients to migrate away from formal exchanges altogether, towards using their own software to transact without intermediaries, a compliance officer for a U.S. cryptocurrency firm said during a recent industry event.

“We’re trying to stay true to how this is a decentralized system … but what they’re forcing us to do is go back to a centralized system,” the compliance officer said. “I’m hoping that the regulators give us time to do this correctly.”

Contact Daniel Bethencourt at dbethencourt@acams.org