Financial Crimes Compliance for Cryptocurrency: Why Can’t We All Agree?

Regulators are not on the same page when it comes to applying the “Travel Rule” to digital assets. That’s stifling growth in the crypto industry and opening the door to bad actors.

On January 7th of this year, the value of the cryptocurrency market surpassed USD$1 trillion for the first time ever. Six weeks later on February 19, bitcoin, perhaps the best-known cryptocurrency, exceeded the USD$1 trillion mark on its own.

The remarkable speculation of crypto markets is not surprising given the strong inroads digital assets have made into domains once exclusive to fiat currency. Today bitcoin (and other popular cryptos, such as ethereum, ripple, and tether) are increasingly accepted as payment for a variety of products and services or as means to execute intra- and cross-border currency transfers. Retail banks are testing cryptos as an exchange method and as an asset class offered to their customers, while a growing number of institutional investors consider digital assets as a legitimate, albeit risky, investment product.

All that sounds heady and promising for the future of the market. But a major issue continues to sow confusion within the cryptocurrency industry that threatens to retard its growth: There is no global consensus on the regulations governing transfer of funds via cryptocurrencies.

Around the world, governments and agencies apply their own interpretation of regulations, which places a major burden on Virtual Asset Service Providers (VASPs) and traditional financial institutions that handle transactions. Crypto businesses that want to avoid possible investigations and potential litigation must understand a hodgepodge of compliance rules and be aware of the resources available to them should regulators come calling.

The Financial Action Task Force (FATF), which sets standards for money transfers in its role as watchdog over global money laundering and terrorism financing, is well aware of the issue. So too are regulatory bodies in various countries, including the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN).

But the process drags out and as one agency revises its policies, others often interpret from within their own jurisdictions — all leading to regulatory inconsistencies. It’s a game of regulatory leapfrog that gives the crypto industry headaches, increases compliance costs, and, ironically, opens the door to bad actors looking to circumvent regulations by way of moving to jurisdictions with no or weak compliance controls.

Taking the Good with the Bad

Originally created to decentralize currency, digital assets are supposed to empower the people by taking money out of the hands of government and banks. That adds efficiencies and reduces exposure to bad monetary policies. However, the embedded privacy and anonymity of crypto transactions comes with a downside: Bad actors who try to exploit their relative untraceability.

In fact, a few malicious events have generated negative publicity for the industry, while prompting increased attention from regulators, who coincidentally, have been tightening oversight and enforcement through regulations on crypto service providers over the years.

Despite increased focus on compliance, the regulatory structure governing anti-money laundering (AML), countering the financing of terrorism (CFT) and financial crimes compliance (FCC) that VASPs face is still unsettled. One regulation in particular — the FATF’s “Travel Rule,” stands out as perhaps the most glaring example of the lack of global harmonization of policies designed to combat illicit financial flows in the crypto markets.

Lack of Global Harmonization in Travel Rule for Digital Assets

Dating back to 1995, the Travel Rule is intended to help law enforcement and regulatory authorities detect, investigate, and prosecute money laundering and other financial crimes by preserving an information trail about persons sending and receiving funds through the funds transfer system. ^{1 2}

DISAGREEMENT OVER THE TRAVEL RULE
The three main factors of the rule remain in dispute.

WHAT - relates to the specific instrument, or type of asset being transferred. While most jurisdictions and FATF guidance subject all of the cryptocurrency transfers to the reporting requirements (i.e., both crypto-to-fiat and crypto-to-crypto), the EU’s 5th Anti-Money Laundering Directive (AMLD5) exempts crypto-to-crypto transactions.

WHO - relates to originators, beneficiaries and intermediary institutions subject to reporting requirements. Regarding the Travel Rule, Switzerland and Netherlands have opted to subject “unhosted wallets” to the reporting requirements, and FinCEN seems to have recently sided with such restrictive approach by rushing out its own proposal on “covered wallets” last December. Meanwhile, recent FATF draft recommendations do not explicitly subject unhosted wallets to AML/CFT obligations. EU’s AMLD5 exempts crypto-to-crypto exchanges from Travel Rule compliance.^{4 5}

WHEN - relates to transaction amounts that must be reported. Last October, the U.S. Federal Reserve Board and FinCEN proposed a sweeping reduction for all instruments (i.e., not only digital assets) from the current threshold of USD$3,000 to USD$250.

The Travel Rule contains several key components needed for implementation that encompass three main factors, “what,” “who,” and “when” (see sidebar). However, as of the publication of this article, it is apparent that there is no global harmonization with respect to any of the components in relation to cryptocurrency transactions.³

Good Intentions Gone Bad

Attempts to impose stricter reporting requirements for digital assets may be well intended. But an uncoordinated regulation can potentially have a stifling effect by way of creating inconsistent regulatory requirements on top of increased compliance costs on the industry.

Consider the proposal by the U.S. Federal Reserve Board and FinCEN to reduce the current reporting threshold from USD$3,000 to USD$250. The measure reflects regulators’ fears that criminals, terrorists and fraudsters have been using small-dollar, cross-border transactions to stay in the shadows.

In the same vein, subjecting unhosted wallets to the Travel Rule, proposed by FinCEN last December is presumably designed to detect and block cryptocurrency transfers associated with dark web activities, fraudulent and criminal schemes, and illicit financing. But both proposals will likely not only notably increase compliance costs by sharply raising the number of Travel Rule triggers and requiring more sophisticated tracing capabilities by VASPs, but also lead to reporting requirement inconsistencies with other jurisdictions.

Overall, uncoordinated and overly restrictive regulatory changes threaten to cause more uncertainty, which reduces incentive for cryptocurrency market institutions to operate uniformly. That results in two negative consequences: 1) digital asset trading platforms hop from more regulated jurisdictions to less regulated or unregulated countries, leading to so-called regulatory arbitrage (or currency speculation); and 2) regulators have more trouble detecting and blocking illicit digital asset flows, as cryptocurrency transactions are diverted away from compliant regulated VASPs to unregulated trading venues and peer-to-peer protocols.

The lack of regulatory harmonization with respect to the Travel Rule also compounds the current problems with unified technical implementation of compliance procedures in digital assets. No unified guidelines exist currently on how VASPs are supposed to identify the universe of who has to share the required ownership and transmittal information. Amid the uncertainty, various trade groups representing top cryptoexchanges, custodians, wallet providers and blockchain analytics firms are working to come up with their own guidelines.

Furthermore, multiple competing technological standards are being developed to implement the Travel Rule, authenticate counterparty VASPs and their customers, as well as transmit required information while adequately addressing data and personal information privacy issues.

Primed for Growth? Yes, If Compliance Rules Are Harmonized Globally

Regulatory harmonization of the Travel Rule for digital assets globally is strongly needed to clearly define the rule’s parameters, to prevent regulatory arbitrage, and to aid the industry in developing common technical implementation and interoperability standards.⁶

Such harmonization will produce more clarity and higher level of trust in cryptocurrencies : (a) across various jurisdictions; (b) with regard to technical implementation standards and (c) with regard to the question of which entities are subject to compliance to begin with.

In turn, more clear and unified compliance regulation for digital assets will enable anti-money laundering-compliant growth of the cryptocurrency industry. Simultaneously, it will alleviate compliance costs of the Travel Rule for VASPs and preserve personal privacy.

With these changes, a trillion-dollar cryptocurrency market may only be the beginning.

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates, or its other professionals.

Footnotes:

1: https://www.govinfo.gov/content/pkg/FR-1995-01-03/pdf/94-31977.pdf

2: https://public-inspection.federalregister.gov/2020-28437.pdf

3: Travel Rule implementation in digital assets, by nature of the young and regulatorily unsettled nature of this industry, grapples with two additional headwinds, (1) so-called “sunrise” problem and (2) lack of uniform technical standards for transmitting transaction information between entities subject to the Travel Rule. The “sunrise problem” arises because different jurisdictions have different timelines, hence it becomes unclear how first complaint VASPs begin sharing information with their peers when not all VASPs have yet implemented their travel rule solutions. The latter problem leads to issues of interoperability between various Travel Rule implementation protocols or different jurisdictions.

4: An “unhosted wallet” is where a person may store the private key controlling the cryptocurrency in a software program or written record. Unlike “hosted wallets” where a financial institution or other VASPs provide custody services for the customers’ cryptocurrency.

5: In December 2020, FinCEN issued a Notice of Proposed Rulemaking in which it seeks public comments on a proposal to “require banks and money service businesses to submit reports, keep records, and verify the identity of customers in relation to transactions involving convertible virtual currency (“CVC”) or digital assets with legal tender status (“legal tender digital assets” or “LTDA”) held in unhosted wallets, or held in wallets hosted in a jurisdiction identified by FinCEN”. See https://public-inspection.federalregister.gov/2020-28437.pdf

6: In fact, in late February, the FATF declared it is seeking public consultation on amendments to the June 2019 guidance on the Travel Rule by the time its 12-month review arrives in June, and indicated that the updated guidance will address the contentious issue of whether unhosted wallets should be subject to the Travel Rule.

© Copyright 2021. The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates, or its other professionals.

About The Journal

The FTI Journal publication offers deep and engaging insights to contextualize the issues that matter, and explores topics that will impact the risks your business faces and its reputation.