The Financial Crimes Enforcement Network wants to subject financial institutions to a new reporting plan that will cover convertible virtual currency, or CVC, transactions involving mixing, and is accepting public comments through Jan. 22.
The proposed reporting has been ignored by many who believe it covers a narrow band of services, but it deserves a second look, as it has potential for widespread impact.
The proposal has been overlooked in part because it leverages terminology—namely “mixers” and “mixing”—that already have a common definition within the blockchain ecosystem. Because services falling within the traditional definition of a mixer have been linked to notorious activity on the blockchain, including ransomware attacks and state-sponsored hacking and terrorism, many assume the reporting regime only covers transactions with such services.
FinCEN’s proposed rule defines mixing and mixers much more broadly. The result is a rule that could target for reporting to FinCEN not just transactions involving traditional mixers such as Tornado Cash, but blockchain transactions that are often innocuous, such as simply converting one form of CVC to another.
The amount of monitoring and reporting contemplated by FinCEN’s proposal could be disruptive. If this proposal is finalized as proposed, we expect it will overhaul the privacy equation and perceptions that CVC maintains and likely result in the de-risking of certain CVC customers by exchanges and wallet providers, which fall under the proposed rule.
FinCEN grounds its proposal in its “special measures” authority under Section 311 of the Patriot Act, which permits the Treasury to conclude that a foreign class of transaction is of “primary money laundering concern,” and requires domestic financial institutions to take certain “special measures” in response.
FinCEN has designated transactions involving CVC mixing with a foreign nexus as a class of transaction to be of “primary money laundering concern.” The special measure proposed will require domestic financial institutions to report on these transactions.
The proposal is simply the latest tool the federal government wants to use to combat illicit finance risks posed by mixers, typically defined as services intended to be used to obfuscate the source, destination, or amount of CVC on an otherwise public blockchain.
The federal government has long warned of the illicit finance risks posed by traditional mixers, and much of FinCEN’s discussion in proposed rulemaking focuses on these risks.
However, the proposed reporting could go well beyond transactions with traditional mixers. Financial institutions, with limited exceptions, would have to report transactions they know, suspect, or have reason to suspect involve “CVC mixing within or involving a jurisdiction outside of the United States” without regard to intent or purpose. The proposal does this by broadly defining CVC mixing to include:
- Pooling or aggregating CVC from multiple persons
- Using algorithmic code to manipulate a transaction
- Splitting CVC for transmission
- Using single use wallets
- Exchanging between types of CVC
- Facilitating delays in transactions
This definition captures processing transactions in a manner that obfuscates the source, destination, or amount of one or more transactions—not just the processing of transactions—to obfuscate those details (that is, traditional mixers).
By focusing on whether the transaction has an effect of obfuscating transaction details, regardless of whether the obfuscation is intentional, FinCEN’s definition potentially covers swaths of transactions that fall outside the traditional definition of CVC mixing and that don’t pose the same illicit finance risks as transactions with traditional mixers.
For example, FinCEN calls out facilitating “exchanging between types of CVC or other digital assets” as a form of mixing, which arguably covers any service that lets users exchange one form of CVC for another form of CVC or other digital assets, including centralized exchanges, decentralized exchanges, and non-fungible token marketplaces. FinCEN also highlights the pooling of CVC from multiple users into a single wallet.
Centralized exchanges routinely use pooled wallets to allow trades to instantly settle via internal book transfers without exposing customer funds to additional security risks. Under a broad reading of the proposed rule, any transaction with these services generally would be reportable if there’s a nexus to a foreign jurisdiction.
The proposed reporting regime itself is burdensome. Financial institutions would have to file discrete reports with FinCEN on covered CVC mixing transactions that must include a narrative component; and the filing of a report still doesn’t satisfy the financial institution’s obligation to file a suspicious activity report if the SAR criteria are also met.
Branding a broad class of transactions as being of “primary money laundering concern”—despite the risk profiles that the financial institution would independently assign to the transactions—likely ratchets up the amount of diligence that regulators will expect financial institutions to perform and significantly increases the likelihood that SARs will also need to be filed.
There are several more questions raised by the proposal: how to apply the “within or involving a jurisdiction outside of the United States” criteria to situations where blockchain analytics don’t differentiate between wallets held by a US or non-US exchange; whether indirect exposure to CVC mixing will need to be reported; and how FinCEN, law enforcement, and others will maintain and access the data.
We expect the rule may force many covered financial institutions to de-risk entire categories of otherwise legitimate customers due to overbroad and challenging monitoring and reporting obligations, or it will force institutions to engage in defensive filings by filing reports on every transaction conceivably involved in what FinCEN describes broadly as an obfuscation.
This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law and Bloomberg Tax, or its owners.
Steven Merriman is fintech compliance partner at Perkins Coie, working with growth-stage startups, venture capital-backed fintechs, blockchain firms, and Fortune 50 companies.
Jim Vivenzio is senior counsel at Perkins Coie and former policy director at the Office of the Comptroller of the Currency.
Write for Us: Author Guidelines