= Subscriber content; or subscribe now to access all American Banker content.

Can You Really 'Know' a Customer Who Uses Bitcoin?

Editor at Large

The long-running tension between anti-money-laundering rules and data privacy concerns is especially pronounced in the awkward relationship between regulated financial institutions and digital currency businesses.

A few fintech startups, such as Chainalysis and IdentityMind Global, have cropped up to help banks comply with know-your-customer and AML rules as they consider providing banking services to bitcoin-related businesses. The startups analyze bitcoin transactions for patterns and anomalies that might indicate criminal behavior.

The very existence of these startups raises questions about whether bitcoin users' privacy can be protected as banks try to comply with regulations that require them to understand their customers.

Anonymity, or more precisely pseudonymity, has always been a key feature of bitcoin. People and businesses (not all of them criminals) who don't want banks or the government to see their monetary transactions turn to bitcoin.

But the digital currency is not anonymous by default. Its public ledger, known as the blockchain, provides a trail of transactions that could be analyzed to find bad actors. It's possible to connect a bitcoin address (which is just an alphanumeric string) to a person or entity through network analysis, surveillance, or just Googling the address.

To bitcoin enthusiasts and privacy advocates, preserving the anonymity of bitcoin transactions is essential.

"Freedom of private financial transactions is as important as freedom of speech," said Justus Ranvier, co-founder of the Open Bitcoin Privacy Project, a volunteer organization that rates the most popular bitcoin wallets on protecting users' privacy. "I believe in the long Western tradition of placing a premium on freedom of speech because we know the downsides of restricting it are so severe. I don't believe it's any different with money."

Banks that want to serve companies such as bitcoin exchanges or wallet providers know that to do so they must follow know-your-customer and anti-money-laundering rules. (Silicon Valley Bank and Barclays are among the institutions exploring the field.) The Bank for International Settlements argued in a recent paper that AML compliance for bitcoin will be a key part of keeping criminal behavior such as money laundering at bay:

The relative anonymity of digital currencies may make them especially susceptible to money laundering and other criminal activities. The usefulness of a digital currency for such purposes will depend on how much record-keeping the mechanism maintains about the transactions, how involved third-party service providers are in the transactions, whether such third parties comply with anti-money laundering requirements, and how easy it is to move digital currency across borders and convert that currency into sovereign currency.

To meet AML/KYC requirements, banks serving bitcoin-related businesses need to do certain things, such as look at the source and destination of funds, according to Jonathan Levin, co-founder of Chainalysis. Companies need to know if money is coming from or going to sources they don't want to do business with.

"Oftentimes fraud alerts will be triggered in other parts of the fraud detection process, and they will be linked to some bad activity on the blockchain, and that will serve as a three-point strike — someone flipped their bank account a number of times, then you see a connection to a dark market and you know that something bad is going on," Levin said. "It's not necessarily the only check you're going to be able to do, but there is some expectation that financial intermediaries should be doing source and destination of funds type analysis."

Banks need to be aware of what their customers are doing, though not necessarily what their customers' customers are doing, he said.

"If I onboard someone like Western Union, I might know the volumes they put through, the frequency, the velocity, so when wires come in that don't match that, I need to be talking to my Western Union counterpart and understanding what happened there," he said. "Very similar stuff happens for bitcoin money service businesses. Because you're stepping into potentially a high-risk business, you would want to look at high-level metrics about what that company is doing." This is where services like Chainalysis come in, to conduct that analysis and provide an overall understanding of what the business is up to.

Even this kind of big-picture monitoring of the public ledger unsettles bitcoin's privacy-conscious early adopters.

"The way I see it, if their business is viable, then our work is incomplete," Ranvier said. "As long as Chainalysis has a viable business model, we know we have room for improvement."

Ranvier acknowledged that the bitcoin ledger is a public record. "Even if I were to say they don't have the right to, that doesn't stop anyone from analyzing the blockchain," he said.

But if anyone can compromise bitcoin users' privacy, "we see that as a bug that should be fixed, and we try to brainstorm ways to encourage software developers to close those bugs," Ranvier said.

Shortly after the terrorist attacks in Paris last month, several news outlets reported that the Islamic State was using bitcoin wallets to store and manage millions of dollars' worth of the currency. No proof was provided, however.




Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.