Blockchain Association Submits Second Comment Letter on FinCEN’s Crypto Notice of Proposed Rulemaking
This week, the Blockchain Association submitted an additional comment letter in response to the Notice of Proposed Rulemaking (the “NPRM”) titled “Requirements for Certain Transactions Involving Convertible Virtual Currency or Digital Assets.” In its response, the Association advocated for a recordkeeping requirement instead of FinCEN’s proposed reporting requirement.
Transparent blockchains eliminate the need for a reporting requirement and the centralized database of information that it would create for law enforcement because — for every transaction — they already aggregate the information that law enforcement needs to identify and trace suspicious activity. Transparent blockchains create an immutable record of every transaction ever made by users of a given network, a record that includes six of the eight data points the NPRM proposes to be included in the proposed “value transaction report.” Law enforcement can use these immutable and public records, which in effect create a “pseudonymous currency transaction report (CTR) database,” to first identify suspicious transactions involving financial institutions and then obtain personally identifiable information from the relevant institution. A recordkeeping requirement would also help mitigate the real and severe security and privacy concerns raised in the over 7,000 comments FinCEN has received on this NPRM.
Tying one’s identity to their public address on a public blockchain allows for the aggregation of one’s entire financial life, representing a gross invasion of an individual’s right to privacy. While a traditional threshold-based currency transaction report (“CTR”) provides law enforcement with evidence of a transaction’s existence and information about a single financial transaction at a distinct moment in time, the filing of just one of the threshold-based reports proposed in the NPRM would provide the government with the ability to centralize and surveil, in real time, every transaction — past, present, and future — an American citizen makes on a transparent blockchain. In the cash ecosystem, this surveillance power would equate to the filing of a CTR for every single cash transaction a citizen has ever conducted or will ever conduct regardless of the amount of money or parties involved in the transaction. In addition, the proposed requirement would centralize the storage of this extremely sensitive personal information, creating a data “honey pot” that represents a new and significant financial incentive for hostile actors, both criminal and nation-state. Such surveillance power and data aggregation does not strike the right balance between providing useful information to law enforcement while respecting the privacy rights of individuals. By contrast, a pure recordkeeping requirement substantially reduces these privacy and security risks while still ensuring law enforcement has access to relevant investigatory information. Pursuant to a recordkeeping requirement, sensitive personally identifiable information would be distributed among individual financial institutions charged with protecting their customers’ information and could be made available to law enforcement when necessary.
Another benefit of a recordkeeping requirement is that it avoids inundating FinCEN with an enormous amount of highly sensitive information, the vast majority of which would be related to completely innocuous transactions. The unique characteristics of the cryptocurrency ecosystem almost guarantees that financial institutions would file the proposed reports for transactions well beyond the written parameters of the NPRM, producing a deluge of useless and duplicative, yet highly sensitive, information.
Finally, FinCEN should wait to proceed with this rulemaking until active reviews of Bank Secrecy Act (BSA) reporting requirements are complete. In the cash ecosystem, many have raised concerns that threshold-based reporting requirements, like the one newly proposed in the NPRM, are generally not useful to law enforcement as they are not based on any identified suspicion, just on transactions meeting a certain threshold. Indeed, the CTR is currently being scrutinized, in part due to the abundance of innocuous customer information that it produces. The Anti-Money Laundering Act of 2020 (AMLA) mandates the Treasury conduct several studies related to the efficiency of BSA reporting requirements, including CTRs and suspicious activity reports (SARs). Such reviews will provide information squarely relevant to this rulemaking, such as the rate at which law enforcement uses CTRs to advance investigations. Waiting to proceed with this rulemaking until those reviews are complete will lead to a more effective, informed rulemaking.
The Blockchain Association fully supports and shares FinCEN’s objectives of protecting our national security and disrupting illicit activity and malicious actors. Its membership stands ready and willing to work with regulators to accomplish these objectives in a manner that will ensure the United States remains at the forefront of financial innovation in the 21st century.