Regulatory Hurdles

Regulatory Hurdles

A glance into the difficulties of regulation. By: @Larry Peng

👮‍♂️👮International Financial Crime

To understand Cryptocurrency regulations, one needs to understand traditional safeguards against financial crimes.

Founded in 1989, the Financial Action Task Force (FATF) is an intergovernmental body intended to provide international recommendations to counter money laundering that threatens banking and financial institutions around the world.

Financial Action Task Force (FATF)
Financial Action Task Force (FATF)

Then came in 1990 a report with 40 recommendations to counter the issue of money laundering. However, after the terror attacks of 2001, a goal to counter terrorist financing was also added to this body along with 8 additional recommendations that year then a 9th in 2003.

If you are interested in reading the 40+9 recommendations with its most recent revisions, you can take a look here:

Although the FATF is merely a body that recommends international standards, it continues to play an important role in setting these standards and serving as a watchdog for nations around the world. In their April 2022 Report on the State of Effectiveness and Compliance with the FATF Standards, they note widespread regulation adoption or adherence to their standards.

🤑 Now with DeFi…

Not only do many of the existing 40+9 recommendations and accompanying definitions have implications in decentralized finance, the FATF has urged nations to expand or reapply their traditional Anti Money Laundering and Countering the Financing of Terrorism (AML/CFT) frameworks to account for the intrinsic decentralization and anonymity of cryptocurrencies.

We will take a brief look at some of the original recommendations and how those relate to cryptocurrencies.

Recommendation 4 - Confiscation and provisional measures

Countries should adopt measures similar to those set forth in the Vienna Convention, the Palermo Convention, and the Terrorist Financing Convention, including legislative measures, to enable their competent authorities to freeze or seize and confiscate the following, without prejudicing the rights of bona fide third parties: (a) property laundered, (b) proceeds from, or instrumentalities used in or intended for use in money laundering or predicate offences, (c) property that is the proceeds of, or used in, or intended or allocated for use in, the financing of terrorism, terrorist acts or terrorist organisations, or (d) property of corresponding value. International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation - the FATF Recommendation

One important recommendation is for nations to retain the ability to confiscate, freeze, or seize assets for the purpose of recovering laundered funds or preventing the financing of terrorism.

This directly runs counter to the ideals of privacy and ownership guaranteed by cryptocurrencies. The separation of private and public wallet keys is a major part of Web3’s concept of security and privacy. While conventional banking systems often have centralized entities that control accounts and can be subject to direct seizures through court-approved warrants, the decentralized nature of cryptocurrencies makes a unilateral seizure of assets more difficult.

🍃 Bitfinex

Bitfinex Cryptocurrency Exchange
Bitfinex Cryptocurrency Exchange

However, that does not mean enforcement is impossible. An example is the recent seizure of over $3.6 Billion in stolen Bitcoin from a 2016 hack of the Bitfinex Cryptocurrency Exchange announced by the US Department of Justice in Feburary 2022.

Agents were able to seize private key information of a wallet involved in the hack through executing a search warrant on known online accounts and data of one of the parties involved. While enforcers were able to seize the stolen currency in the end, this calls into question the efficacy of future seizures should the private key of a user involved be solely stored offline. What can law enforcement do without a private key?

🌪️ Tornado Cash

Another example is the recent regulatory moves taken against Tornado Cash, a popular Web3 protocol that is used for the purpose of covering up wallet transaction history.

Tornado Cash
Tornado Cash

In August 2022, the US Government announced wide-reaching sanctions on all wallets that interacted with the protocol, meaning that it becomes a felony should someone send or receive funds through the protocol or a sanctioned wallet. While in theory this effectively freezes potentially laundered funds in these accounts, it also inadvertently targets many “innocent” accounts. Additionally, the protocol is open source code, meaning it can still be reproduced, reused, or redeployed by anyone and everyone.

The wide-reaching nature of this move is again called into question when someone started sending celebrities funds from a sanctioned wallet, showing how unreasonable the initial move was given that no one can decline transfers.

These examples show that the creation of policy for this conventional AML/CFT recommendation is incredibly difficult for the world of DeFi, which could lead governments towards poor regulations, full bans, or additional checks in other steps of the process.

Recommendation 10 - Customer Due Diligence (CDD)

“Financial institutions should be prohibited from keeping anonymous accounts or accounts in obviously fictitious names.” International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation - the FATF Recommendation

These Customer Due Diligence (CDD) and Know Your Customer (KYC) regulations have been applied to centralized coin and crypto exchanges where they are required to verify the identity of their users before permitting transactions through their service.

This means that major exchanges are not only incredibly centralized and subject to governmental regulation, they also require knowledge of user identity before permitting transactions. (which is kind of counter to the privacy aspect of Web3 🤔)


This falls in line with recommendations:

“…that AML/CFT controls should target convertible VC nodes—i.e., points of intersection that provide gateways to the regulated financial system—and not seek to regulate users who obtain VC to purchase goods or services. These nodes include third-party convertible VC exchangers”

Guidance For a Risk-Based Approach - Virtual Currencies

When a large number of crypto transactions start and end with these exchanges (convert from fiat to crypto currency), these checks can be effective at challenging the degree of decentralization and privacy that the majority of holders and transactors really have.

However, these regulations fail to take into consideration many of the transactions that occur in between. Anyone can create an anonymized wallet and transact on the blockchain without the need for KYC checks or centralized coin exchanges.

The FAFT acknowledges these difficulties, stating that peer-to-peer:

“transactions are not explicitly subject to AML/CFT controls under the FATF Standards…because the Standards generally place obligations on intermediaries, rather than on individuals themselves” Guidance For a Risk-Based Approach - Virtual Assets and Virtual Asset Service Providers

and also admits that:

there remains the potential risk that more VA transactions will move to P2P space to avoid regulations/supervision as more jurisdictions implement the FATF Standards and regulate and supervise VASPs. If P2P transactions were to increase to the point that illicit activity was occurring to a significant degree…this could potentially challenge the effectiveness of implementing the FATF Standards Guidance For a Risk-Based Approach - Virtual Assets and Virtual Asset Service Providers

As the use of cryptocurrency for peer-to-peer or retail products payments increase, there may be a less of a need to transact through coin exchanges. This would only further obfuscate the process of tacking identities onto wallets and enforcing regulation, a challenge for policy-makers and governments around the world.

👀 Just a Glance…

This provides a US-centric perspective that still only scratches the surface of the intricacies of crypto regulation recommendations. Until an Illini Blockchain article focused solely on global regulations comes out, feel free to take a look at some materials this future deep dive will likely be based on.

Here is the 2015 Guidance for a Risk-Based Approach - Virtual Currencies:

An updated 2021 guidance can be read here:


Regulation for Crypto is hard.


  1. Recommendations 2012.pdf