Beware the privacy risks that come with a crypto venture
Innovation always attracts controversy, and the crypto and blockchain industry’s embrace of privacy has inspired its share of critics.
On June 21, another critic made its position clear. The intergovernmental Financial Action Task Force released formal guidance that could restrict the ability of users to privately send and receive payments of digital assets.
The new guidance proposes that every virtual asset service provider (VASP) collects and distributes sensitive details on any transaction worth more than $1,000 U.S. dollars or euros to other VASPs, including the sender’s name, account number and physical address, as well as the beneficiary’s name and account number.
It’s a decision that affects the future viability of cryptocurrency adoption. If a core part of a project’s business model is privacy, it will struggle to thrive. And what impact will the FATF have on users who are fed up with the privacy trade-offs implicit in traditional financial interactions?
The unsettling answer is that it’s too early to tell. The FATF prioritizes anti-money-laundering protections, and has been wary of privacy-focused digital assets.
The June guidance has been a long time coming. It’s the culmination of a multiyear engagement with digital asset groups. In October 2018, the FATF stated its intention to regulate the larger crypto industry, providing a formal definition for “digital assets” and permitting, in some cases, jurisdictions to ban their use altogether.
The concern, as the FATF stated in October, is that while virtual currencies can spur financial innovation and inclusion, it can “also create new opportunities for criminals and terrorists to launder their proceeds or finance their illicit activities.”
While the FATF’s intentions are admirable, its actions are disconcerting. Asking cryptocurrency exchanges to not only disclose the full names of their users, but also to disclose when and where transactions are being sent is an imposition on user privacy.
Imagine the risks associated with providing sensitive financial information to centralized entities that, as history reflects, cannot be trusted. Not only would the entity be exposing itself to privacy vulnerabilities, but it would also be exposing anyone it interacts with to those risks as well.
For now the threshold requirement is $1,000 but what if agencies lower it to $100, $50 or $10? In such a case, anytime a consumer buys a cup of coffee or sends ether to a friend, that information would be recorded and shared, without knowing who gets the data or how often.
Crypto builders can take solace in the fact that the FATF doesn’t have the authority to enforce many of its recommendations. Large countries like the United States or China will continue to set their own standards on the cryptocurrency industry.
What’s far more likely, however, is that the FATF will use its anti-money-laundering influence to force smaller jurisdictions like Malta or Bermuda to enact “model” legislation.
In the past, FATF has blacklisted countries that have not adopted its recommendations, labeling them as “noncooperative countries or territories,” a process that complicates banking practices for local institutions.
The world’s biggest superpowers may not have to worry about ending up in the FATF’s bad graces, but smaller countries might. So domestic institutions with business interests in smaller localities might want to pause to carefully review the FATF’s guidance.
The FATF decision is another sign that the cryptocurrency industry can expect regulatory clarity in the near future. The FATF’s first remit is to stop crime, not promote cryptocurrency.
It’s unclear whether other regulatory bodies will imitate FATF, but these guidelines sketch a road map for future regulators. As is the case with any compliance matter, it’s better to be safe than sorry.
The recommendations of today can quickly become the enforcement actions of tomorrow.
In the interim, blockchain projects should take a precautionary approach to the FATF guidance, carefully considering ways to work with government regulators to reduce the risk of inadvertent infringement.
Cryptocurrency is rapidly evolving, and new legislation always accompanies maturing industries.
But don’t panic; regulatory clarity is to be welcomed, not feared. The blockchain community needs to make its case about the importance of privacy, even if the future is bright.