FinCEN’s Proposed Crypto Wallet Rule Might Hit DeFi
A proposal by the U.S. Financial Crimes Enforcement Network (FinCEN) that would require crypto exchanges to collect personal information, including names and home addresses, from individuals seeking to transfer cryptocurrencies into their own wallets is poorly defined and could have widespread repercussions, say a number of regulatory experts.
The proposed rule, unveiled last Friday, would require crypto exchanges to collect this personal information from customers who transfer an aggregate of $3,000 per day to “unhosted” wallets (which are also referred to by FinCEN as self-hosted or self-custodied wallets; crypto users may know them as private wallets or, simply, wallets). Transfers of over $10,000 per day would require the exchange to file a Currency Transaction Report (CTR) to FinCEN, reporting these transactions and the individuals making them to the federal government.
The proposed rulemaking, which was published in the Federal Register on Dec. 23, has quickly drawn widespread industry backlash, with complaints ranging from the document’s poorly defined terms to the rushed process itself. Comments are due by Jan. 4, cutting what would normally be a months-long public comment period to just two weeks.
The controversial rule is said to be a personal project of Treasury Secretary Steven Mnuchin, said Jeremy Allaire, CEO of USDC stablecoin co-issuer Circle. It originally was thought to be far more stringent than the final version published last week.
Further, it appears the rule is being jammed through the rulemaking process to ensure it is implemented before President-elect Joe Biden takes office next month, said Nick Neuman, CEO of bitcoin self-storage firm Casa.
The shortened comment period reduces how much time exchanges have to determine whether they need to change their internal processes to remain in compliance, said Amy Davine Kim, chief policy officer of the Chamber of Digital Commerce advocacy group. How exchanges would comply also remains an open question, she said.
“It could also cause these regulated financial institutions to pause transactions involving self-hosted wallets given the extremely short timeframe in which to consider the implications of this rule, while they implement the tools, processes and procedures to implement the requirements,” Kim said.
Several key details of the proposed rulemaking have been poorly defined, multiple individuals told CoinDesk.
Perhaps the most glaring omission: “unhosted wallets,” FinCEN’s favored term for storing one’s own crypto, isn’t actually defined in the proposed rule, both Kim and Seward & Kissel Associate Andrew Jacobson said.
“Notably, the preface of the NPRM [Notice of Proposed Rulemaking] explicitly discusses ‘unhosted wallets’ as prompting the need for the proposed rule. However, the actual language of the proposed rule does not mention unhosted wallets or define it, making the rule discordant in its explanatory language versus the actual language of the rule,” Kim said.
Jacobson agreed, telling CoinDesk that while there are “pages and pages of explanation and justification” explaining the regulation and discussing unhosted wallets, the proposed regulation doesn’t actually specify what unhosted wallets are. A review of the document by CoinDesk confirms this.
Read more: US Floats Long-Dreaded Plan to Make Crypto Exchanges Identify Personal Wallets
The actual reporting requirements are also unclear, Allaire said. While names and addresses must be recorded and submitted, the proposed rulemaking doesn’t specify if IP or blockchain addresses are also required.
Nor does the proposed rulemaking say if financial institutions must collect this information from counterparties, or if the customers can just submit this information, Kim said.
“Finally, how would the rule treat the CTR aggregation requirements for customers that use multiple wallets? The CTR requirement attaches to the customer, not the wallet,” she said.
The rule itself is unlikely to impact end-users, said Neuman. While there were initially rumors that Treasury’s proposed rulemaking would be far more stringent – potentially going so far as to ban unhosted wallets outright – this would have been far more difficult to implement.
“What isn’t clear is how the regulated service providers like exchanges will be actually implementing this,” he said. “There’s going to be compliance necessary if the rule passes among exchanges, brokers, other custodians, they’re going to have to implement this in one way or another and how they implement this will be important to what the user experience is like.”
Exchanges might need to whitelist individual wallet addresses to ensure funds aren’t sent to a wallet without the required personal information, he said.
One area that does seem likely to be impacted is decentralized finance (DeFi). Multiple people told CoinDesk that the proposed rule’s biggest – and most unclear – impact would be on DeFi projects.
For one thing, many DeFi projects rely on smart contracts to store or escrow funds. Users engage with, say, Compound by connecting their MetaMask wallet to the lending platform. Subsequent transactions are reflected in the wallet itself, and unique to the user’s holdings.
Plus, these smart-contract-powered platforms don’t have physical addresses, nor are they necessarily operating under the auspices of an actual company. In short, Uniswap would persist if Uniswap’s founders were arrested.
It is unclear how such DeFi platforms would be treated under FinCEN’s proposed rule.
“Since smart contracts do not have a name or physical address, they may be unable to interact with the U.S. financial system,” Kim said.
Read more: Coinbase CEO: Trump Administration May ‘Rush Out’ Burdensome Crypto Wallet Rules
Also, smart contracts don’t necessarily have counterparties, Allaire said. If a business is trying to send a large payment independently using crypto, it would need the counterparties’ names and addresses. Institutional investors providing liquidity to a DeFi platform would presumably not be covered by such rules.
This could throw an entire segment of the blockchain industry into a legal gray area, the Digital Chamber’s Kim said.
“Treasury should not impose a rule that could have a deleterious impact on this promising area of development without understanding the benefits to innovation,” she said.
“What if you want to send to the Compound Protocol? There is no name and address, it’s a market,” Allaire said. “It could create a situation where the only way to use DeFi protocols is to be outside the U.S.”
This could even affect the Eth 2.0 staking contract, he said. To stake on the next iteration of the Ethereum blockchain, users must send 32 ETH to the smart contract, or about $20,000 – well over FinCEN’s limits.
“The vagueness of the rule also calls into question whether funds that were used in DeFi would or could be accepted if a user attempted to move those funds to a ‘hosted’ wallet,” Kim said.
Allaire noted that the FinCEN rule raises new questions about privacy and how government regulators are approaching privacy concerns for digital cash. If exchanges are required to submit blockchain addresses, physical addresses and names to the agency, the federal government might be able to essentially track an individual’s digital activity.
This differs from how physical cash is treated, he said.
“When you walk out of a bank, they can report you did that, but they can’t track you,” he said. “There’s a massive amount of personally identifiable information that’s about to start getting blasted around the world.”
Moreover, the rule could prove counterproductive to FinCEN’s actual mission of tracking malicious actors, Jacobson said. While the new reporting requirements might drive bad actors away from U.S. exchanges, it’s likely they’d just set up shop at an offshore platform.
“In some ways that isn’t a bad thing but could hurt FinCEN’s regulatory objectives because they won’t collect [that data],” he noted.
Read more: Self-Hosted Bitcoin Wallets Become Front Line in Fight Over Crypto Regulations
The number of issues raised by the proposed rulemaking should mean that the comment period is extended and that the Treasury Department engages with industry participants, Allaire said.
Kim noted that the Customer Due Diligence Rule for banks took more than four years to implement, and saw an advanced notice of proposed rulemaking as well as extended conversations with the industry.
Advocacy groups and companies such as Coinbase have already begun preparing comment letters responding to FinCEN’s proposed rule.
Coin Center even set up a module to streamline the process for the general public to weigh in.
“If we don’t take the right approach the U.S. could end up significantly hamstrung versus other areas of the world in terms of development and innovation,” Casa’s Neuman said. “We definitely don’t want that to happen so it’s up to us to make sure.”