Benjamin Lawsky, a prosecutor by pedigree, rarely sounds ambivalent. But when the topic is something as unprecedented and complex as Bitcoin, the big questions for regulators appear to give him pause demonstrating that there are few obvious answers for the financial authorities attempting to exert control over the burgeoning field of digital cryptocurrencies.
"I don't know," the superintendent of the New York State Department of Financial Services said several times during an interview Wednesday, between panels at his hearing on whether to require special "BitLicenses" from virtual currency firms. Other uncharacteristic responses from a regulator sometimes accused of grandstanding: "Let me think about it." "I see the argument." "We have to think that through."
To some extent, Lawsky may have been playing it close to the vest, as his hearings were billed as a fact-finding mission. But his reticence was striking coming from one of the country's most active and assertive regulators, who gained national prominence by going after large banks on money laundering and consumer protection issues and breaking ranks with federal counterparts.
"We're studying Bitcoin," he told me. "It is a very steep learning curve."
Lawsky looked tired near the end of the second day of hearings. Over the previous 24 hours, he'd heard from virtual currency entrepreneurs and investors optimistic about the technology's prospects; law enforcement officials fearful about its potential to facilitate illegal activities; and a national merchant Overstock.com, represented by Executive Vice Chairman Jonathan Johnson which is accepting Bitcoin payments and plans to encourage its suppliers to do so, too.
The panelists talked about everything from the bitcoin's notorious price fluctuations to banks' reluctance to open accounts for virtual currency startups to the long-term potential for the Bitcoin protocol to facilitate "programmable money" (imagine, for example, a child's allowance account that requires a parent's digital signature for purchases above $50). The recent arrest on laundering charges by federal authorities of Charlie Shrem, former CEO of the digital currency dealer BitInstant, had also kept Bitcoin in the headlines all week.
Clearly, Lawsky had a lot to process. But it was also obvious he'd been thinking quite a bit about how to achieve his stated goal of preventing bad actors from exploiting virtual currencies while allowing innovative technologies and businesses to blossom. At times, he appeared to relish playing the role of student rather than crusader. "Are you going to stay for the panel?" he beamed near the end of the interview. "I think it's going to be interesting."
During the interview, Lawsky explained why he thinks Bitcoin's privacy features are "probably compatible" with strong anti-money-laundering controls; why online payday lenders' business model could not survive in a Bitcoin world; and how he views the irreversibility of payments in this decentralized network. The transcript follows.
This first question is going to sound off topic but I assure you we're going to bring it back to the topic for today. Separate from looking at the virtual currency space, you've been dealing with the online lender issue. You recently had the letter to Nacha where you wanted to address the issue of banks continuing to debit customer accounts for these online lenders even after the customers said "please stop." The customer loses some control of the account while their [bank account] credentials are out there. From studying the virtual currency space and the Bitcoin space do you see anything that banks can learn from how Bitcoin operates that they could apply to the real world to better protect consumers?
LAWSKY: It's a great question that I might want to think more about before hazarding an answer. We're studying Bitcoin, it is a very steep learning curve and I'd want to think carefully before I spoke about the technology or the advantages that could be potentially transposed. I'm not sure. Nothing comes to mind, but I'm sure if we spent more time on that tricky question I could give you
At the risk of leading the witness
No one is going to object.
[I was thinking of] the concept of a push payment, as opposed to a pull payment.
But in your hypothetical, who would be pushing?
The customer, the accountholder, the consumer.
Oh, I see. Because the way the system works now, I go to a payday lender, online, I say, "OK, please send me $500," they then go to an ODFI [originating depository financial institution], who processes the payment with an RDFI [receiving depository financial institution] and then that's when the money comes out of the account. You're saying, have the customer in the first instance push to the ODFI no the RDFI, I forget which is which and then you go to the other bank someone would have to push into that. You'd have to cut out a link in that chain.
You're thinking it through more rigorously than I have. It was more the general concept of a payment that requires each and every time an affirmation by the customer, as opposed to the customer giving out the equivalent of a private key, which Jeremy Allaire [CEO of startup Circle Internet Financial, a hearing panelist] argued was [what consumers do now when they give out their credit card or bank account numbers].
I think it would be potentially extraordinarily disruptive to the payday lending industry. One could argue whether you want to be that disruptive. Remember their whole business model is, once they give you the $500, now they can keep taking these interest payments out of your account willy-nilly. And you're saying, set up a system where they would have to authorize each of those payments. That would totally turn on its head their business model. Because think about it: They wouldn't want to make a loan to someone knowing that to get paid back on their loan now they've got to keep coming to you to ask for authorization to take that money.
But, let me think about it more, but I see the argument.
When you have something like the blockchain, this public ledger of every Bitcoin transaction, what are your thoughts on how far the responsibility extends for the financial institutions on the edges of that ecosystem to track what happens once someone goes in? In other words, if someone buys bitcoin from an exchanger, is it the responsibility of the exchanger, or the exchanger's bank, to then monitor
What they do within the Bitcoin ecosystem?
As opposed to just doing the know-your-customer and identity verification
At the point of exchange. The testimony we're hearing is primarily saying, "focus at the point of exchange. And once they're in all Bitcoin, there's nothing really to worry about, there's no threat to the system at all, until they go back to another point of exchange to come back out." I think there's an interesting question of whether, if you accept that that is the case now, whether if Bitcoin continues to develop, and becomes more mainstream, that will continue to be the case.
Now, who you should give the responsibility to of following what they do in the Bitcoin world? Very difficult technological question. I don't know enough to know, whether, for example, at the point of exchange, you could tell the exchanger, "you must also be responsible for where they go and what they do with their bitcoins." I don't know if technologically how that would work vis-à-vis the ledger. I'm just not smart enough to know if anyone can monitor the ledger at any time. I suspect they can if you're a programmer. But I don't know the answer.
I thought you were going to ask, is there a concern that the government's going to have a back door into whatever system that ultimately does come out of this, and you have Big Brother watching over every little thing. And I don't know the answer to that so I'm glad you didn't ask it!
Is there room for anonymous transactions? I think I'll throw the question back to you. Can the existence of anonymous transactions be compatible with a robust [Bank Secrecy Act] AML system? In other words, if we all agree, and I don't think anyone disagrees, at least not around here, that it's important to make sure we're doing everything we can to have protections in place to prevent money laundering and all that comes with it, the question becomes, can you have that kind of system and also maintain some form of anonymity when you do these transactions to protect people's personal privacy?
It becomes a semantic question because you can have someone know your identity for purposes of BSA/AML, but not everybody know your identity. And so for all intents and purposes the consumer experience may feel, if we design it right, may feel anonymous. In other words, it would be nice if, when I go to Amazon and purchase whatever, I don't get 19 emails within five minutes that clearly prove to me that everything I do in terms of online purchases is being not only monitored closely but then the information is being sold to lots of other people online.
You can do a lot to protect people's financial privacy in that respect, in a way that doesn't compromise the need to have appropriate BSA/AML protections in place. So as I think it through, the two are probably compatible, though I don't think you could have a true BSA/AML rigorous program and not have at least, at some point in the chain, some real personal or identifying information being given. It's just the heart of know-your-customer.
What are your thoughts on the concept of taint analysis [i.e. designating certain Bitcoin addresses as suspect because of apparent links to illicit activities]?
Good question. One of the questions I've wanted to ask in one of the panels and we may get to it today. I don't have an answer.
[Let's talk about] chargebacks. The fact that Bitcoin payments are irreversible, how does that sit with you?
It has pluses and minuses. In a way it relates to the protection of people's data and I think people really like that part of it. But it can also be disruptive too. Certainly, on our lists of pros and cons I think [the inability to do] chargebacks can end up on both sides of the ledger. It depends who you ask in the chain.
Last question: Do you have any thoughts about the concept of a national platform shared among the states for licensing?
Like an NMLS [the National Mortgage Licensing System and Registry]?
Yeah, but for money transmitters.
Not at the moment. We have to think that through. I think coordination between the states is great. It depends on how that platform is run and whether it's effective and has enough guardrails on it. It's not out of the question. I think we're a ways away from making those decisions.