Regulatory Hurdles

Then came in 1990 a report with 40 recommendations to counter the issue of money laundering. However, after the terror attacks of 2001, a goal to counter terrorist financing was also added to this body along with 8 additional recommendations that year then a 9th in 2003.

If you are interested in reading the 40+9 recommendations with its most recent revisions, you can take a look here:

Although the FATF is merely a body that recommends international standards, it continues to play an important role in setting these standards and serving as a watchdog for nations around the world. In their April 2022 Report on the State of Effectiveness and Compliance with the FATF Standards, they note widespread regulation adoption or adherence to their standards.

Not only do many of the existing 40+9 recommendations and accompanying definitions have implications in decentralized finance, the FATF has urged nations to expand or reapply their traditional Anti Money Laundering and Countering the Financing of Terrorism (AML/CFT) frameworks to account for the intrinsic decentralization and anonymity of cryptocurrencies.

We will take a brief look at some of the original recommendations and how those relate to cryptocurrencies.

One important recommendation is for nations to retain the ability to confiscate, freeze, or seize assets for the purpose of recovering laundered funds or preventing the financing of terrorism.

This directly runs counter to the ideals of privacy and ownership guaranteed by cryptocurrencies. The separation of private and public wallet keys is a major part of Web3’s concept of security and privacy. While conventional banking systems often have centralized entities that control accounts and can be subject to direct seizures through court-approved warrants, the decentralized nature of cryptocurrencies makes a unilateral seizure of assets more difficult.

However, that does not mean enforcement is impossible. An example is the recent seizure of over $3.6 Billion in stolen Bitcoin from a 2016 hack of the Bitfinex Cryptocurrency Exchange announced by the US Department of Justice in Feburary 2022.

Agents were able to seize private key information of a wallet involved in the hack through executing a search warrant on known online accounts and data of one of the parties involved. While enforcers were able to seize the stolen currency in the end, this calls into question the efficacy of future seizures should the private key of a user involved be solely stored offline. What can law enforcement do without a private key?

Another example is the recent regulatory moves taken against Tornado Cash, a popular Web3 protocol that is used for the purpose of covering up wallet transaction history.

In August 2022, the US Government announced wide-reaching sanctions on all wallets that interacted with the protocol, meaning that it becomes a felony should someone send or receive funds through the protocol or a sanctioned wallet. While in theory this effectively freezes potentially laundered funds in these accounts, it also inadvertently targets many “innocent” accounts. Additionally, the protocol is open source code, meaning it can still be reproduced, reused, or redeployed by anyone and everyone.

The wide-reaching nature of this move is again called into question when someone started sending celebrities funds from a sanctioned wallet, showing how unreasonable the initial move was given that no one can decline transfers.

These examples show that the creation of policy for this conventional AML/CFT recommendation is incredibly difficult for the world of DeFi, which could lead governments towards poor regulations, full bans, or additional checks in other steps of the process.

These Customer Due Diligence (CDD) and Know Your Customer (KYC) regulations have been applied to centralized coin and crypto exchanges where they are required to verify the identity of their users before permitting transactions through their service.

This means that major exchanges are not only incredibly centralized and subject to governmental regulation, they also require knowledge of user identity before permitting transactions. (which is kind of counter to the privacy aspect of Web3 🤔)

This falls in line with recommendations:

When a large number of crypto transactions start and end with these exchanges (convert from fiat to crypto currency), these checks can be effective at challenging the degree of decentralization and privacy that the majority of holders and transactors really have.

However, these regulations fail to take into consideration many of the transactions that occur in between. Anyone can create an anonymized wallet and transact on the blockchain without the need for KYC checks or centralized coin exchanges.

The FAFT acknowledges these difficulties, stating that peer-to-peer:

and also admits that:

As the use of cryptocurrency for peer-to-peer or retail products payments increase, there may be a less of a need to transact through coin exchanges. This would only further obfuscate the process of tacking identities onto wallets and enforcing regulation, a challenge for policy-makers and governments around the world.

This provides a US-centric perspective that still only scratches the surface of the intricacies of crypto regulation recommendations. Until an Illini Blockchain article focused solely on global regulations comes out, feel free to take a look at some materials this future deep dive will likely be based on.

Here is the 2015 Guidance for a Risk-Based Approach - Virtual Currencies:

An updated 2021 guidance can be read here:

Regulation for Crypto is hard.