In a few weeks, the Financial Action Task Force (FATF) is expected to adopt a proposal to impose the standards of wire transfers on blockchain transactions.
Despite concerns raised at a private sector consultative forum in Vienna, Austria, last month, the intergovernmental organization appears set on applying the “travel rule”, which means information on payer and payee must be included in any on-chain transaction.
The problem is, blockchains, in most cases, are not designed in this manner, and thus may be deemed non-compliant by design.
To put it bluntly, these requirements would be pointless at best – when not impossible to follow.
But don’t take my word for it. Listen to what a law enforcement expert has to say.
“Identifying owners of non-custodial wallets in majority cases simply cannot be done by private companies with reasonable certainty”, said Jarek Jakubcek, a strategy analyst at Europol, the European Union law enforcement agency. “Thus, mandating businesses to do something that cannot be done is an exercise in futility.”
Identifying owners who send transactions from one identified party to another is feasible, assuming that tracing tools “correctly cluster and identify the entities (which they frequently do not)”, Jakubcek told me. Of course, this would entail restricting user privacy, and allowing businesses to exchange sensitive personally identifiable information (PII) with one another.
And to what purpose? “The majority of exchange-to-exchange transactions are related to trading activities that are naturally not criminal”, said Jakubcek, “so reallocating compliance resources at a high number of relatively low-risk transactions will move the emphasis away from flagging criminal transactions to focusing on low-risk transactions, which will naturally hurt crime prevention.”
As a result, he said:
“The only benefit for the exchange will be a formal check in a compliance checkbox.”
If Jakubcek is right, a substantial part of crypto transactions will move to the underworld, leaving law enforcement and financial intelligence units with nothing, except the trace of transactions.
If the proposal is adopted, FATF’s member countries will eventually require all Virtual Assets Service Providers (VASPs) to do the same as other financial institutions do – to transmit information in one way or another.
Thereby, there would be several implications:
- VASP would need to ask the sender of a virtual asset transfer to provide information on the identity of the recipient.
- Whenever a virtual asset transfer is performed on behalf of a customer the VASP would need to be able to establish if the target address is being controlled by another VASP. Therefore, the sender would either also have to provide the name of the VASP controlling the target address or there would need to be some kind of a register that attributes all existing custodial wallet crypto addresses to their corresponding VASP.
- Furthermore, this information would need to be transmitted to the VASP controlling the target address.
Many industry representatives attended the FATF Forum to receive clarification on this proposal and its implications. (I went as a delegate of the Blockchain and Virtual Currency Working Group, or BVCWG.)
Several questions have been brought forward:
- How exactly would a VASP determine if a certain crypto address is controlled by a VASP?
- How can a VASP verify the information about the identity of the beneficiary of a virtual asset transfer, especially if the target address is not controlled by a VASP?
- How exactly should the exchange of information between the VASP of the sender and that of the beneficiary take place?
- How do we secure customer privacy?
The FATF has not addressed these questions, and delegates got the perception that nobody knows the solution for being compliant under the proposed rule.
Mission not accomplished
FATF’s attempt to apply an outdated instrument to a new vehicle is just the tip of the iceberg, however. The core issue is with the travel rule itself. Nowadays it barely serves its aims.
The recommendation, first issued in October 2001 following the 9/11 attacks, was intended to prevent terrorists and other criminals from having unfettered access to wire transfers for moving their funds and to detect such misuse by law enforcement and financial institutions when it occurs.
But in practice, the payer/payee data is either modified or not accessible to law enforcement at all.
Let’s take a look at “wire stripping.” In plain English, this is when a bank employee willfully and knowingly changes the information on originator and/or beneficiary in the funds’ transfer message, usually sent via the SWIFT messaging service in cross-border payments. No criminals, sanctioned entities or countries are formally involved in the transaction, though in reality, they are.
In the last decade, this practice has cost banks such as Standard Chartered, Deutsche Bank and UniCredit S.p.A hundreds of millions in fines to U.S. regulators.
Moreover, it demonstrates that the current approach – checking names and addresses of payers/payees – does not prevent the bad actors from getting their money.
So what is the solution?
In 2018 the U.S. government surprised compliance specialists by adding bitcoin addresses tied to two Iranian persons to the sanctions list. It appeared possible and feasible to attribute blockchain addresses for the purpose of further sanctions checks.
The response from the industry was immediate: the next day blockchain analytics services added the listed addresses to their databases, and the same day everyone who uses their services got the ability to see (on the blockchain) the sanctioned funds and trace them, to the degree previously not available to investigators.
The existing rule was drafted with the idea that the funds transfers require intermediaries and instructions in the form of messages which allow identifying the parties.
Now, the value can be transferred peer-to-peer, without the intervention of intermediaries – correspondent banks, international payment systems, other clearing venues. It sounds blatant, but peering networks are here to stay.
Of course, they brought freedoms, sometimes uncontrolled (and uncontrollable), but they also brought accountability – in the form of transparency, which, in case of financial transactions, means traceability. So, in the ideal blockchain world, anybody will know what everyone owns.
I believe the solution will be found somewhere in between. If we demonstrate that sanctions can be effectively managed through funds tracing rather than applying the overloading screening process on both ends, we will succeed.