The U.S. Financial Crimes Enforcement Network (FinCEN) has posted a proposal for new rules concerning “non-hosted” digital asset wallets. The proposal would require banks and money service providers to verify identities for, keep records on, and file reports on, transactions over US$3,000 involving such wallets not owned by another financial institution.
The laws would affect mainly digital asset exchanges, who under existing laws must report transactions involving CVCs (convertible virtual currencies) and LTDAs (legal tender-status digital assets) above US$10,000 in value to “hosted” wallets. The proposed rules would extend that to transactions to and from “non-hosted” wallets owned by their customers, and to any wallets hosted by financial institutions in certain jurisdictions.
In other words, you wouldn’t be able to send over $3,000 from, or withdraw it to, an address belonging to a non-hosted, or self-hosted, wallet when transacting with a financial services provider unless that provider had verified who owns the wallet. Some jurisdictions, like Switzerland and France, already have this requirement.
The proposed rules do not (yet) affect developers or companies who produce wallet software—only financial institutions that may transact with the wallets. Nor do they affect transactions between wallets where neither is a bank or money service provider.
‘National security concerns in the CVC market’
United States Treasury Secretary Steven Mnuchin (FinCEN is an arm of Treasury) said the proposals were consistent with existing requirements. “This rule addresses substantial national security concerns in the CVC market, and aims to close the gaps that malign actors seek to exploit in the recordkeeping and reporting regime,” he said.
FinCEN also listed the information that service providers would be required to know and supply, and reporting requirements:
- The name and address of the financial institution’s customer;
- The type of CVC or LTDA used in the transaction;
- The amount of CVC or LTDA in the transaction;
- The time of the transaction;
- The assessed value of the transaction, in U.S. dollars, based on the prevailing exchange rate at the time of the transaction;
- Any payment instructions received from the financial institution’s customer;
- The name and physical address of each counterparty to the transaction of the financial institution’s customer;
- Other counterparty information the Secretary may prescribe as mandatory on the reporting form for transactions subject to reporting pursuant to § 1010.316(b);
- Any other information that uniquely identifies the transaction, the accounts, and, to the extent reasonably available, the parties involved; and,
Any form relating to the transaction that is completed or signed by the financial institution’s customer.
Some digital currency enthusiasts, including lawyer Jake Chervinsky above, had mixed responses to the proposals. They “could’ve been worse (really) but it’s still a terrible rule in both process and substance,” Chervinsky wrote.
1/ After a long wait, FinCEN has finally issued its new proposed rule extending AML regulation to non-custodial wallets.
It could've been worse (really), but it's still a terrible rule in both process & substance.
Here's what it says, what's wrong with it, & what we do next 👇
— Jake Chervinsky (@jchervinsky) December 19, 2020
Chervinsky criticized the proposals for not actually doing much to prevent customers from transacting with “bad guys,” since it essentially just introduces an extra hop from a verified wallet address to an external one. It also intrudes on “financial privacy” and it would be difficult to verify exactly who “owns” a non-hosted wallet, he said. Access to the private keys of a Bitcoin address, for example, could change hands without any documentation. Many wallets also use a new address for every transaction, though these could be linked via their original seed.
10/ Third, the rule is vague & ambiguous.
How exactly can a VASP obtain the name & physical address of the owner of a non-custodial wallet? How does someone prove that they "own" a private key? What about non-custodial smart contracts — who owns them?
The rule doesn't say.
— Jake Chervinsky (@jchervinsky) December 19, 2020
Service providers may handle this problem by restricting what addresses can be used to transact with their platform, e.g. only those that can be identified as belonging to a certain provider. On the user side, those who have verified their wallet addresses would probably want to ensure it stays in their own hands. Those users might also take extra care before sending money from their wallets to “bad guys” (even with extra transactions in between) if they know that wallet is linked in documentation to their real-world identity. And as Dr. Craig Wright has often mentioned, investigators are getting better at following transactions based on public blockchain records, even if users introduce extra hops or even “coin mixers.”
Explaining ‘custodial’, ‘hosted’ and ‘non-hosted’
“Non-custodial” wallets, also known as “unhosted wallets”, are those where the users themselves hold their private keys (or at least, the local software manages them). These are opposed to custodial, or hosted, wallets where keys are stored on an account-provider’s central server and access is gained via a standard password (similar to a customer accessing a regular online bank account).
Many countries’ regulations, including those about to come into force under the EU’s AMLD5 series of rules, already require providers of “hosted” wallet services to perform KYC verification on their customers. This includes digital asset exchanges or any other provider of a hosted, standalone wallet (the latter is rare these days).
Whether digital asset users like it or not, more of this type of regulation is coming to the space. As we’ve mentioned several times before, governments simply will not tolerate any methods that allow individuals (or institutions) to transfer large monetary values digitally and near-anonymously. And where such methods continue to exist, they will make every attempt to restrict access to those methods.
Bitcoin is not “anonymous,” nor has it ever been a good asset to use for illicit activity. Its records are public for its entire transaction history. This is not unique to Bitcoin SV (BSV), and is true also for BTC and BCH, and any other public blockchain-based network.
The only way the digital asset industry can continue to exist is to find ways to negotiate and comply with governments’ demands. Sure, users may still be able to use the technology to transfer value between each other, but governments are 100% able to control gateways between those networks and local currencies—which for now, everyone needs to use at some stage.
See also: CoinGeek Live panel on Regulation of Digital Assets & Digital Asset Businesses
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.