Deluge of criticism over proposed new US KYCC rule for cryptocurrencies

Just before Christmas, regulator FinCEN suddenly overtook the US Bitcoin sector with a proposal to introduce strict regulations regarding Bitcoin, similar to the recent Dutch ‘verification requirement’. The proposal sparked an outpouring of criticism and more than 7,500 public responses. Opponents call the proposed regulations rushed, disproportionate and ineffective and they say they lead to privacy and human rights violations and risks for consumers.

On December 18, the Financial Crimes Enforcement Network (FinCEN) suddenly surprised the US Bitcoin industry with a proposal to introduce new and strict regulations. Under the proposal, US Bitcoin companies would be required to verify the identity of the owner of the receiving wallet for withdrawals and transactions above $3,000. For amounts above $10,000, an additional mandatory notification to FinCEN would apply.

Most Bitcoin companies have long had so-called Know-Your-Customer (KYC) policies, where they request identifying information from their customers. The new regulations would require U.S. Bitcoin companies to collect and monitor more personal data from their customers, as well as from any counterparties customers transact with. A kind of Know-Your-Customer’s-Counterparty (KYCC) .

Instead of the usual 60-day consultation round, the industry was given just 15 days to respond to the proposal. Combined with the timing just before Christmas, this gave many the impression that they might want to push the proposal through quickly and without too much resistance.

If that was the plan, it didn’t work out. Despite the holidays and the short time frame, FinCEN received a deluge of criticism. More than tens of thousands of responses appeared, of which about 7500 were public.

Unlawfully short procedure

Most responses are disapproving. The timing and hasty procedure went down the wrong way with most people. ?ǣThe Treasury Department is only giving the public 15 days to comment during a period over Christmas and New Year, and it is doing so during a global pandemic. That is embarrassing. To effectively give the public only a few days to study a complex proposal and make meaningful comment – at this specific time on the calendar – is contrary to the spirit, if not the letter, of the APA and demonstrates an undue disregard for the public.” , says Peter van Valkenburgh of research agency Coin Center.

The American exchange Coinbase also points to the illegality of the procedure. “Despite the justifications in the announcement, there is no legal basis to deprive the public of the ability to develop evidence to support their objections to the regulation.” wrote Chief Legal Officer Paul Grewal in his appeal letter.

Investment fund Andreessen Horowitz also agreed: “FinCEN offers no justifiable reason to deviate from traditional objection procedures in favor of a reduced objection period of six working days spread over the holidays. FinCEN’s failure to allow meaningful comment on the proposal is a violation of the APA.”

Most objections called for a normal consultation period of 60 days. That objection was – as it turned out today – honored. As a result, the intended introduction of the rule on 20 January 2021 has been cancelled.


Many pointed out that the proposed rules go beyond those that apply to other financial institutions. The Center for Capital Markets Competitiveness (CCMC) of the US Chamber of Commerce (Chamber of Commerce) writes: “We are concerned about the new administrative obligations proposed in the rules for CVC payments, which require a client’s counterparty to name and physical address is identified for amounts over $3,000. This additional administrative layer (identifying counterparty information) is currently not required for traditional payments.”

Jack Dorsey, the CEO of Square and Twitter, further elaborates in his appeal: “As an example, under this proposal – if a mother of a Square customer makes a donation to her daughter of $4,000 physical cash and the daughter deposits that money into the bank, then the bank has no obligation to collect information about the daughter’s mother Under this proposal, if the same transaction were to take place via cryptocurrency, the bank would have to reach beyond the customer relationship and breach the personal information of the mother, before the daughter can successfully deposit and approach her mother’s gift.”

Badly substantiated

According to Andreessen Horowitz, the proposal also goes further than the law allows and, moreover, they see little concrete substantiation to apply such far-reaching rules specifically for cryptocurrencies. They argue that the proposal ?ǣexpands risks related to cryptocurrencies disproportionately in relation to the volume of cryptocurrencies in the economy.?ǥ

?ǣThe scale of transactions in dollars and cash far exceeds the amount of transactions in cryptocurrencies, let alone the part where self-hosted wallets are used,?ǥ they write. ?ǣThe Clearing House Interbank Payments System alone, for example, clears $1,500 billion in domestic and international payments per day. The proposal implies that the total annual volume of cryptocurrency transactions is $1,000 billion, which is less than what is traded in a single day. sent through the US banking system.”

If the estimates are correct that about $300 billion is laundered annually in the US alone, of which $100 billion is related to healthcare facilities, while FinCEN’s own estimates state that only $10 billion is laundered through cryptocurrencies worldwide , Andreessen Horowitz argues that she is incomprehensible find that FinCEN is being so disproportionately harsh on cryptocurrencies.

Jack Dorsey also scratched his head: ?ǣThe proposal raises questions about what evidence there is that a $3,000 dollar transaction in crypto with an individual is riskier or more dangerous than a $3,000 cash transaction, given that data collection is only required for that. and a notification requirement starts at $10,000. Regulatory changes of this magnitude should be based on research, analysis and collaboration with industry.?ǥ

Ineffective and inefficient

According to many, the proposed rules do not work. The extra thresholds and obstacles would actually ensure that more people choose to work outside regulated service providers. “This rule is likely to make cryptographic credentials-based management solutions more attractive to both innocent and criminal users. The likely consequence is that it will accelerate the adoption of so-called ‘unhosted wallets’.” , Peter van Valkenburgh of Coin Center explained.

Otherwise, customers may prefer to use foreign or unregulated exchanges, thinks Andreessen Horowitz: “It will likely reduce the amount of information that law enforcement can obtain through legal processes.” Dorsey’s Square’s appeal also emphasizes that the rules are counterproductive: “Adding burdensome thresholds to regulated service providers will drive customers to alternatives that obscure FinCEN and enforcement agencies’ sight of the type of activity they want to capture.”

The CCMC of the American Chamber of Commerce points out that service providers may also look elsewhere, which is unfavorable for the American economy and which reduces the visibility of financial activity with cryptocurrencies. Dorsey thinks so too: ?ǣWith so many barriers, companies and individuals will move their activity to non-custodial wallets and service providers outside the US that are not bound by such requirements, driving cryptocurrency innovation and jobs beyond our borders.?ǥ A number of Republican senators had already warned Secretary of State Mnuchin about this in a letter a month ago.

“Core components of the proposed rule are so vague that they cannot be implemented effectively or uniformly,” says Andreessen Horowitz. There is therefore a lot of uncertainty about how Bitcoin companies should find out with certainty who owns a Bitcoin address. ?ǣUnlike the context of fiat money flows, cryptocurrencies do not have a standardized messaging system like the SWIFT system.?ǥ

Human rights

Moreover, according to many, the proposal is a violation of privacy and a violation of human rights. The Electronic Frontier Foundation (EFF) states that financial accounting contains highly personal and revealing information about people’s private lives, revealing everything about their personal lives, beliefs and affiliations.

FinCEN’s proposal is therefore, according to the EFF, ill-considered and even contrary to American privacy legislation. The ability to make anonymous transactions is essential to protecting the civil liberties of American citizens . ?ǣBitcoin addresses are pseudonymous, not anonymous, and the Bitcoin blockchain is a publicly viewable ledger of all transactions between those addresses. That means if you know the name of a user associated with a particular bitcoin address, you can extract information from that. derive across all bitcoin transactions from that address.” According to them, the enormous amount of data that the government has at its disposal is at odds with claims that it concerns ‘narrow’ regulations. The CCMC of the American Chamber of Commerce believes that FinCEN does not have a good basis for infringing the privacy of citizens so much.

Danger to consumers

The proposed regulations and data collection also endanger consumers. “The scale at which it is collected is a significant risk ,” the EFF explains. “Databases of this size can be a huge and tempting treasure trove of information for those with malicious intent.” After all, it would be information that would not only allow you to view someone’s transaction history, but also to find out the identities and addresses of cryptocurrency holders.

For example, the French hardware wallet manufacturer Ledger was recently hacked. In doing so, attackers captured 1 million email addresses, but also a list of addresses of 272,000 customers who had ordered a hardware wallet via the website. Now that their names and residential addresses are ‘on the street’, something that can never be reversed, they are at personal risk of becoming a target in the physical world.

Bitcoin exchanges are also regularly victims of hacks. Often, many client funds are stolen and the damage is serious enough, but when exchanges are required to collect large amounts of highly sensitive and personal information from consumers, the danger increases exponentially. Then, apart from the transaction history, the criminals also know who owns the funds, where they live and how much they bought. Chief Policy Officer Amy Davine Kim of the American Chamber of Commerce sees similar risks in FinCEN’s proposal: “The requirement to collect so much data opens the door for these kinds of attacks.”

FinCEN should know. It recently emerged that FinCEN had also leaked data, the so-called FinCEN Files, as a result of the Solar Winds hack. FinCEN stressed the seriousness of this by stating that disclosing personal information is a crime that, among other things, “may threaten the security and safety of institutions and individuals.”

Nowadays, no organization seems capable of keeping hackers out and data leaks have been the order of the day for years. Perhaps that is why it is better not to store such information centrally in one place. “The treasury’s poor info sec shows how vital our financial privacy is,” said Dayton Young of advocacy group Fight for the Future. “We are more secure when we use our own wallets.”

Dutch situation

Dutch Bitcoiners have also shared their views on the proposal. The developments in the US have a lot in common with recent changes in the Dutch situation.

The so-called ‘crypto law’ has been in force in the Netherlands since last year, which obliges Bitcoin companies to verify the identity of their customers. It also introduced mandatory registration for Bitcoin companies. In addition, since last September, the Dutch regulator has also required Dutch Bitcoin companies to link the identity of their customers to the external wallets they use for each transaction.

Unlike in America, this requirement does not only apply to amounts above $3000 in the Netherlands, but to any amount. This means that the rules in the Netherlands are even stricter than in the American proposal. The Dutch legislation regarding cryptocurrencies is therefore among the strictest in the world. Due to the crypto law, it is no longer common practice in the Netherlands to pay for webshops from a platform of a Dutch Bitcoin company or to make transactions to a wallet of another, which hinders many applications of bitcoin.

The additional rules were also suddenly introduced in the Netherlands. The new requirement was announced by the regulator in September, just two months before the deadline for mandatory registration expired. In the Netherlands, no consultation round was held at all about the expansion of the requirements. However, DNB states that the requirement is not new, but has always been there. The 38 Bitcoin companies in the registration process were surprised by this and, in collaboration with industry association VBNL, 25 of them therefore sounded the alarm in November and asked for an explanation of the background to the requirement.

That explanation is still not in and so far only 15 Bitcoin companies have received a registration. It seems at odds with promises made by Finance Minister Hoekstra to the House of Representatives, who last year firmly promised MPs that there was no question of a disguised permit system: “You register and a permit is granted to you. That is really something otherwise.” The reality, however, seems to paint a different picture.

The Dutch Bitcoin companies are not leaving it at that. Some service providers, such as Bitonic, have indicated that they will take the matter to court. A new development is that the European Data Protection Committee (ECG), an important EU advisory body, recently announced that far-reaching anti-money laundering and terrorism measures may not conflict with privacy legislation such as the AVG/GDPR.

“The (ECG) considers it a matter of utmost importance that anti-money laundering and terrorism measures are compatible with privacy rights and data protection as enshrined in Articles 7 and 8 of the Charter of Fundamental Rights of the European Union, the principles of necessity of the measures in a democratic society and their proportionality ,” the (ECG) recently wrote in a statement. The AVG/GDPR states, among other things, that the privacy of citizens may not be unnecessarily harmed and that people have the right to be forgotten, but anti-money laundering and terrorism measures require companies to screen consumers very extensively and to store data for a long time.

The story in the Netherlands will probably get another tail.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2024 Cryptocoin