A new proposed rule requiring cryptos to identify personal wallets has been criticized as impossible to implement. Will it happen? We don’t know. But, here’s what your business can do about it.
Late last year, FinCEN released a controversial notice of proposed rulemaking, which would require cryptocurrency exchanges to identify information from the wallets of non-financial institution customers.
In a press release accompanying the notice, the Treasury pointed to “substantial national security concerns in the CVC (convertible virtual currency) market” as their reason for the proposed rule.
They added that the rule would “aid law enforcement by increasing transparency in digital currencies and closing loopholes that malign actors may exploit.”
Since the announcement, the notice has been widely criticized.
Cryptos cite the technical infeasibility of collecting information from unregulated self-custody wallets in critiques that echo the confusion and difficulty of implementation surrounding the Travel Rule a few years back.
Indeed, no technical solution for compliance with the Travel Rule yet exists, though compliance is still expected.
This fresh controversy has left cryptos with yet another bad taste in their mouth for regulatory rulemaking, with many feeling they have yet another “impossible” problem forced on them.
Others have critiqued the proposed rule as “rushed” and lacking a proper venue for comments and feedback to regulators (the original deadline for feedback was January 4, though it has since been extended).
Now, our commentary here won’t be featuring the familiar “11th-hour” concerns about technical infeasibility. It’s been done well elsewhere, and it’s also not our preferred role to endorse or denounce.
Rather, we’re focused on three themes today:
- This is (likely) going to happen in some form
- It will be okay
- Here’s what you can do
If we’re entering a world wherein the Treasury’s crypto wallet rule becomes reality, and there is no technological solution in sight, what will you do? Compliance will be expected as it always is. How do you solve the impossible?
Luckily, we can learn quite a lot from looking back at Travel Rule compliance to date. And yes, there are things you can be doing in lieu of waiting on a technological solution that will matter to regulators.
What we can learn from Funds Travel Rule compliance
The Funds Travel Rule has been with us now for some time; enough time that every cryptocurrency money transmitter should have a policy and process in place to comply (as much as possible) with it by now.
But what does that policy look like?
When we advise clients on Travel Rule compliance, we typically assist them with adding a policy for Travel Rule compliance to their AML program which outlines the process for the collection of the required information.
Therein, we acknowledge that implementation is technically challenging and that the matter is largely unresolved.
In practice, institutions collect whatever information they’re able to get in order to comply with the Travel Rule, and store it in such a way that it can be recalled for examination like any other record. Thus the information is ready to “travel”; we just need the channel to send.
As we’ve discussed before, crypto exchanges that have gone through Title 31 exams have reported that Travel Rule compliance is an area of examiner focus. But what examiners are looking for is that the business understands the Travel Rule and its requirements and that it is doing everything it can, despite technical issues, to comply with and ultimately prepare for it.
If you read between the lines, examiners are looking for a good-faith effort on the part of businesses to comply.
What does this mean for Treasury’s new proposed crypto wallet rule?
If you’ve taken Travel Rule compliance seriously, maybe you’ve already done some things that put you in a better position than you think.
What your institution can do to comply with the proposed crypto wallet rule
First thing’s first. Accept reality. This isn’t done yet, take a deep breath. But it is likely to happen in some form or fashion.
Second, the worst thing you can do is throw up your hands and decide that it’s not feasible. If you undergo a Title 31 and say you’re waiting for a technological solution to emerge, that’s not going to go over well. (Please don’t say that.)
You need to have something there. You have to be as proactive as you can within your technical limits.
What does this mean?
Let’s take a step back and think about what the crypto wallet rule might mean for your institution. What steps can you take to prepare?
While we can’t predict what the final rule will look like or require, it might be helpful to start with a self-audit.
What can you do right now that’s within your grasp?
What can you put on the books that reflects a culture of compliance within your institution?
How do you show regulators that you’re trying?
Like we said, if you have Travel Rule compliance on the books, you might already have a model for what you need to do.
Without knowing further details about the final rule at this time, once it is handed down, you should at least update your AML program with a section detailing the crypto wallet rule as soon as possible.
On top of that, proactively seek out training, webinars, and articles on the topic as it evolves. Share this information with your team and at Board meetings, documenting your presentation in feedback from the team. Programmers, senior leadership, and the BSA Compliance Officer each have a valuable perspective to offer. Imagine the strength and knowledge sharing with an all-hands discussion.
Every time something new about the Travel Rule came out, you should have shared it with the team, documented participation, etc. for your compliance anyway.
You can do the same thing here. It shows examiners that you’re proactively looking for solutions and staying on the cutting edge of the conversation about the topic.
The ‘break glass’ measure
If things get extremely tough and fines are on the table, the last ripcord you can pull would be to put a less than $3,000 cap on daily transactions (e.g. $2,500).
We’re not trying to tell you how to run your business, but since the rule kicks in and requires you to retain information at $3,000 or more, limiting transactions to under $3,000 would be the most direct solution, if blunt.
It wouldn’t completely remove potential risks, merely help mitigate them. There’s always human error, software glitches, and more. But it would strengthen your compliance countermeasures for sure.
Some crypto companies, including several kiosk operators, have already established per person, per day daily limits below $3,000. This is a great idea, but we understand ultimately a business decision for each institution.
The period for feedback has been extended (it’s open as of this writing). That’s a sign that regulators are listening and open to taking some feedback here. To us, this means breathing room and an opportunity for self-reflection.
Second, let’s remember that regulators have been and continue to be encouraging and patient with concerns about the Travel Rule. There’s no reason to think that the proposed wallet rule will be any different at this time. We appreciate the patience and practicality of regulators in this regard. FinCEN Director Blanco even complimented the crypto industry for working tirelessly to solve the Travel Rule conundrum. Let’s continue to earn the trust of regulators with good faith efforts and a little elbow grease.
Ultimately, we as an industry need to continue to take regulatory concerns seriously, invest time and commitment to compliance innovations, and maintain dialog and professionalism as the technological/feasibility quirks are worked out.
Lastly, if you have any questions about this or other AML compliance challenges in cryptocurrency, we are available anytime. You can reach out to us here.