News

Seeking to counter the use of bitcoins and other digital tokens in ransomware payoffs and fraud schemes while also further combating their use in illicit finance, U.S. lawmakers want to legislate a broader regulatory framework around cryptocurrency and other online assets.

Cryptocurrency still falls under a patchwork of state regulations despite mainstream adoption, Sen. Debbie Stabenow (D-MI) said last week in introducing the Digital Commodities Consumer Protection Act, one of three bills that aim to demarcate digital assets that function as commodities, like silver or wheat, from those that function as securities or as means of payment.

Stabenow’s legislation and two other recently introduced bills would task the Commodities Futures Trading Commission, or CFTC, with ensuring that cryptocurrency exchanges operate soundly and fairly, and the Securities and Exchange Commission, or SEC, with overseeing crypto-assets as investment products that confer ownership and potentially generate income.

All three explicitly exempt the use of cryptocurrency as payment for goods or services from either agency’s supervision.

Those similarities aside, the three bills would take vastly different approaches to preventing the use of cryptocurrency in illicit finance. Stabenow’s legislation defines exchanges as financial institutions under the Bank Secrecy Act, affirming the Financial Crimes Enforcement Network’s, or FinCEN’s, authority to regulate them as money transmitters.

It would also replace existing state regulation of cryptocurrency exchanges as money services businesses with an entirely federal system of oversight, on the basis that the companies typically do not operate like traditional MSBs with physical offices and agents on location.

The second bill, the Responsible Financial Innovation Act, pitched by Sens. Kirsten Gillibrand (D-NY) and Cynthia Lummis (R-WY) in June, would direct the CFTC and SEC to consult with Treasury in developing “principles-based guidance” on how anti-money laundering, sanctions and cybersecurity rules apply to cryptocurrency.

A new “financial innovation laboratory” within FinCEN would meanwhile study changing financial technology and recommend changes in law and regulation accordingly.

A third bill, Rep. Glenn Thompson’s Digital Commodity Exchange Act, would allow exchanges to choose between a federal money-transmission license or their current state license, provided that they do not finance purchases or list trades of “digital commodities” in which shares were already awarded before going public.

Open question

Despite delving into anti-money laundering requirements, none of the three bills take a stab at addressing the key issue of whether or how the Bank Secrecy Act’s “travel rule” applies to transactions made over blockchains, public ledgers of alpha-numeric strings that represent and describe cryptocurrency payments in real time, and in perpetuity.

Regulators are meanwhile “trying to apply a framework [to cryptocurrency] that was developed many years ago for more traditional financial institutions,” said Daniel Stipano, former deputy chief counsel at the Office of the Comptroller of the Currency, now a partner at Davis, Polk & Wardwell.

FinCEN defined exchanges as MSBs under the Bank Secrecy Act in 2013 without exempting them from the travel rule, pursuant to which financial institutions must log and forward the names, addresses and account numbers of the originators and beneficiaries of payments of at least $3,000 to the next institution in line.

Ken Blanco, then serving as FinCEN’s director, removed all doubt in 2019, telling attendees of an industry conference in New York that the travel rule unequivocally applies to cryptocurrency. The bureau included the policy in a notice of proposed rulemaking the following October and disclosed plans to lower the rule’s reporting threshold to $250.

However, while the automated messages that facilitate payments between banks include know-your customer data that compliance officers and U.S. officials can use to detect and investigate suspected financial crimes, blockchains lack readily apparent KYC information.

The absence of such data complicates the cryptocurrency industry’s compliance with the travel rule.

“That’s kind of a known gap,” said Brandi Reynolds, managing director of the Bates Group consultancy in Oregon who doubles as chief compliance officer for online investment platform eToro.To comply with the travel rule, some exchanges and wallet providers have built workarounds to share KYC information with each other in bank-to-bank fashion, she said.

Wallets and rules

FinCEN meanwhile aims to finalize a second proposal next year that would further require exchanges to “submit reports, keep records and verify the identity” of clients who send the equivalent of at least $3,000 in cryptocurrency to a “private” wallet—a type of online account not hosted by a regulated exchange—or to any wallet in Burma, Iran or North Korea.

The same workarounds exchanges now use to share KYC data on blockchain-based transactions would not work for payments that end in private wallets, which bear only a recipient code with no underlying personal information.

FinCEN’s proposal would alleviate some of the travel rule’s burden by dropping the requirement to identify and verify the beneficiaries of payments to private wallets. But reducing the travel rule’s reporting threshold from $3,000 to $250, and focus on transfers that “begin or end outside” the U.S. would create new compliance hurdles, Reynolds said.

That an entire set of blockchain-based payments inherently lacks any useful information on beneficiaries has not escaped the notice of the industry’s federal regulator, the IRS, which, according to Reynolds, has cited at least one exchange for noncompliance with the travel rule.

On the other hand, attempting to obviate the issue by embedding the actual names and other personal data of both transactional parties on public blockchains would violate their privacy, if such a system was even possible.

The Federal Reserve noted the conflict in January, concluding in a study on the feasibility of issuing a U.S. central bank digital currency that “any CBDC would need to strike an appropriate balance … between safeguarding the privacy rights of consumers and affording the transparency necessary to deter criminal activity.”

‘Til next year?

Another cryptocurrency-related bill under development by House Financial Services Chair Maxine Waters (D-CA) would regulate “stablecoins,” cryptocurrencies with values pegged to the U.S. dollar or other external reference value.

Details on other aspects of the legislation have yet to emerge, and Waters said in a statement last month that negotiations with Treasury and Republican members of her committee have yet to yield an agreement on an initial draft.

U.S. agencies meanwhile continue to bring cases against cryptocurrency companies under their existing remits, expanding their oversight in what some have called “regulation by enforcement.”

On July 21, for example, the SEC charged a Coinbase employee with insider trading in a case that rested on the regulator’s own definition of cryptocurrency as a security.

“We are not concerned with labels, but rather the economic realities of an offering,” Gurbir Grewal, director of the SEC’s enforcement branch, said in announcing the charges.

Pressure is now building on Congress to legislate which agencies will monitor the industry going forward, and under what circumstances. But with only four months left in the congressional session, the competing bills have little time to secure approval.

If the clock runs out, elements of each proposal will likely be taken up, reworked and reintroduced next year, said Jim Richards, a former senior compliance officer for Wells Fargo, now principal of RegTech Consulting in Walnut Creek, California.

Contact Fred Williams at fwilliams@acams.org