Coinbase CEO concerned at possible new KYC regulations

Could new regulations require Bitcoin and other digital asset transactions to be sent only to ID-verified wallets? That’s what Coinbase CEO Brian Armstrong appeared to suggest, based on “rumors” he had heard. Though it’s hard to see how such a law would work, it’s a reminder that governments remain very keen to track all digital transactions, no matter what platform they’re on.

Armstrong posted what he’d heard, and his opinions on it, in a series of tweets.

Armstrong didn’t mention where he’d heard the rumors, and therefore no specific details are available on the reportedly-proposed regulations, and what they would/wouldn’t allow. He did offer some opinions based on the notion that Coinbase and similar companies would need to verify recipient addresses before performing a withdrawal, even if the address belonged to a self-hosted wallet.

Presumably, the only people withdrawing from a Coinbase exchange wallet would be someone who has already been through the Coinbase KYC process. It’s not entirely clear from Armstrong’s tweets, but the regulation could cover withdrawals to any address that isn’t already verified as belonging to a Coinbase customer.

If that’s the case, a user could always withdraw to their verified self-hosted wallet and then send it anywhere they liked. Any additional cost or burden would be Coinbase’s only, but exchanges are already required to identify customers. It would be more restrictive if it covered any transaction sent from individuals to any address—but that doesn’t appear to be proposed (yet).

Armstrong’s concerns

Armstrong’s posts added a possible concern: that some users withdraw funds from Coinbase directly to smart contracts, e.g. DeFi apps. Again, though, that would probably just necessitate an extra transactional step for customers (and, if using BTC, additional high fees).

His points (later in the tweetstream) about making it difficult to send money to people in emerging markets with no ID are moot. His concerns about sending more and more information/ID documents to services that could be hacked are legitimate—since ID theft is a very real problem, and companies have a poor record of protecting such personal data.

A few thoughts: Bitcoin BSV presents a useful solution to some of Armstrong’s concerns. Contracts on the BSV blockchain would have real life identities behind them, making KYC simpler for whoever needed it. It also makes them more trustworthy to individuals and investors. As for emerging markets, BSV’s miniscule fees make it the best option for remittances. BTC’s high-fee transactions are probably more of a barrier to emerging market use than KYC regulations.

A few responders to Armstrong’s posts queried how such a rule would work—most Bitcoin and other digital asset wallets generate a new address for every transaction. However, a regulation may require that exchange customers always use the same address (which still go to the same wallet whether or not it generates new addresses for other transactions using the same HD seed phrase).

Incidentally, CoinGeek has learned that a number of people from Coinbase came to the London offices of nChain back in 2018, where they had meetings with a number of mining pools and other large digital asset exchanges. Dr. Craig Wright confirmed that among the topics he discussed was “the need for identity and how legal enforcement is going to be a part of all of the requirements in operating exchanges”—to which the Coinbase people reportedly said, “…because Bitcoin is decentralized there is nothing they can do and nothing that government will do.”

“It didn’t get much further than that, and they didn’t want to listen,” Wright tells us.

Whatever the rumors, more ID will be required in the future

It might not be worth debating the possible merits or disadvantages of any regulatory rumors until more official details become available. But make no mistake, governments are concerned about “anonymous” digital asset transactions and will be keen to introduce whatever new rules they can to either track them, or prevent them.

New regulations will probably mean more ID verification requirements. At this stage, exchanges are bound by similar rules to financial institutions like banks under international KYC/AML guidelines.

AMLD5, aka the European Union’s Fifth Anti-Money Laundering Directive, will apply to “hosted” digital asset wallets containing over EUR150 from January 2022. Services providing those wallets, whether they be exchanges or simple wallet providers, will be required to know and verify the identities of users.

This directive will not apply to developers or companies who provide “self-hosted” digital asset wallet software. This most likely includes BSV wallets like Money Button, or RelayX. Since the users themselves generate and store their own private keys/seed phrases locally, they are not considered “custodial” of their users’ funds.

Some self-hosted wallets, like HandCash, require a certain amount of ID like a mobile number to sign up—but that’s still not as strict as requiring a passport or driver’s license. Companies operating in the BSV ecosystem are encouraged (if not yet required) to know who their users are. This is part of an effort to improve the reputation of the digital asset industry, which has seen hundreds of scams, frauds, thefts and unregulated investments schemes over the past decade.

Tokenized ID solves part of the problem

In the future, a tokenized identity system may fulfil much of the KYC role—though there isn’t a service yet available that provides this on a mass scale. This would allow digital asset holders to verify their identity once only, and then use their identity tokens to verify themselves anywhere else. Hurdles to achieving this include: building a tokenized ID platform trusted by both governments and users, deciding which blockchain it should be built on (BSV is most suitable), and the service providers’ ability to keep their own original records secure. A single provider with an insecure database could be a single point of failure.

If tokenized ID can be achieved, then it would be far simpler to verify identities on other services (and to law enforcement if requested). And the trusted ID token would be adequate to verify identity, without hundreds of companies needing to store copies of individual users’ identity documents—protecting against hacks and identity theft.

While blockchain analysts are getting better at unmasking real-life identities behind Bitcoin (and other) addresses, it still requires an extensive effort to do so. Thus, Bitcoin addresses still provide privacy in the public sense (ie: the blockchain doesn’t show your real-life identity publicly) but provide a permanent, traceable/auditable record of all transactions should anyone have the need and means to investigate.

It’s not only the BSV ecosystem that is moving towards a more ID-verifiable digital asset world. Some digital asset exchanges have already made moves towards removing “privacy coins” from their platforms, and most are already complying with KYC/AML regulations.

While many privacy advocates balk at the notion of all transactions being traceable, it is an inevitability. Governments find the notion of fully-anonymous digital transactions unacceptable, and as Dr. Craig Wright has said many times in the past, a society where everyone wears a mask cannot function for long, as trust eventually breaks down.

See also: CoinGeek Live panel on Regulation of Digital Assets & Digital Asset Businesses

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.