The FinCen Travel Rule

A couple of years ago the Financial Action Task Force (FATF) extended their recommendations to include cryptocurrency exchanges and wallet providers (together referred to as Virtual Asset Service Providers, or “VASPs”). This meant that all countries should apply anti-money laundering and anti-terrorist financing controls to these businesses: that is, customer due diligence (CDD), suspicious activity reports (SAR) and, importantly, the “Travel Rule” that aims to prevent money laundering by identifying the parties to a transaction when value over a certain amount are transferred. 

The decision to apply the same travel rule on VASPs as on traditional financial institutions was greeted with some dismay in the cryptocurrency world, because it meant that service providers must collect and exchange customer information during transactions. The technically non-binding guidance on how member jurisdictions should regulate their ‘virtual asset’ marketplace included the contentious detail that whenever a user of one exchange sends cryptocurrency worth more than 1,000 dollars or euros to a user of a different exchange, the originating exchange must send identifying information about both the sender and the intended recipient to the beneficiary exchange. The information must also be recorded and made available to “appropriate authorities on request”.

However, when speaking at the recent “V20 Virtual Asset Service Providers Summit“, Carole House from the Financial Crimes Enforcement Network (FinCEN) said that they want to see this threshold reduced to $250 for any transfers that go outside the US because their analysis of SARs filed from 2016 and 2019 showed the mean and median dollar values to be $509 and $255 respectively. Almost all the transactions began or ended outside the U.S.

Note that the information demand is quite extensive. According to the FATF Interpretive Note to Recommendation 16, the information should include name and account number of the originator and benefactor, the originator’s (physical) address, national identity number (or something similar) or date and place of birth. In essence, this means that counterparty’s personal information will sent around the web. Simon Lelieveldt, a former Head of Department on Banking Supervision at the Dutch Central Bank, is very well-informed and level-headed about such things, and even he called this a “disproportional silly measure by regulators who don’t understand blockchain technology”, which may be a little harsh even if not too far from the truth.

Well, whatever the cryptocurrency folks might think about it, they will have now choice but to implement it. A standard has been proposed to make life easier in this space. The standard (you can download it here) is known as IVMS101 and it defines a uniform model for data that must be exchanged by VASP) to identify the senders and receivers of crypto payments. The standard provides a practical means to implement the Travel Rule by sending this information in parallel with the cryptocurrency transactions but along a separate path (that is, the IVMS101 messages do not themselves need the blockchain or any other crypto infrastructure).

(If you are wondering why it’s called IVMS101, it’s because the SWIFT MT101 message is the global standard request for the electronic transfer of funds, used throughout the business world to send bulk payment instructions. There is also an MT103 message that instructs a single transfer but this is mainly used to move funds between banks and other financial institutions such as money transfer companies.)

So why are people so upset about this? What critics says is that the Travel Rule automates mass surveillance without a warrant or any other oversight and forces personal information on to marketplace intermediaries (where, in my opinion, it doesn’t belong – my date and place of birth is no business of either intermediary exchanges or, indeed, the destination exchange). What’s more, since the travel rule is for value transfers between exchanges, it seems rather unlikely that it will catch any criminal flows at all. Peer-to-peer transfers of virtual assets which do not involve a VASP or financial institution (what are known as over-the-counter, or “OTC” trades) will continue and there is no obvious way to monitor them.

It is time for some new thinking. Omar Magana wrote a very good piece of this for the Chartwell “Compass” magazine. He asked whether “the enforcement of a regulation that was created over 20 years ago for a fast-evolving industry, may not be the best approach”. Note that he is not arguing against regulation, he is arguing (as I do) for a form of regulation more appropriate for our age (for which I use the umbrella term “Digital Due Diligence”, or DDD) using artificial intelligence and machine learning to track, trace and connect the dots to find the bad actors. If you look at the work of Chainalysis and others

SafeKey | Amex Security Code Feature | American Express UK

Alex Weinert from Microsoft

Today, I want to do what I can to convince you that it’s time to start your move away from the SMS and voice Multi-Factor Authentication (MFA) mechanisms.

From It’s Time to Hang Up on Phone Transports for Authentication – Microsoft Tech Community:

xxx

xxx

Don’t have the Amex App? At times we may need to check it’s really you. If so we’ll send you a verification code by text or email. Once you get it, just tap it in, and you’re good to go.

From SafeKey | Amex Security Code Feature | American Express UK:

xxx

AI is wrestling with a replication crisis | MIT Technology Review

xxx

To take one example, training the language generator GPT-3 is estimated to have cost OpenAI $10 to $12 million—and that’s just the final model, not including the cost of developing and training its prototypes. “You could probably multiply that figure by at least one or two orders of magnitude,” says Benaich, who is founder of Air Street Capital, a VC firm that invests in AI startups.

From AI is wrestling with a replication crisis | MIT Technology Review:

xxx

Shannon Vallor, Professor of X at Edinburgh University, summed up the current situation perfectly when she noted in the Financial Times Magazine that the danger is not that GPT-3 will become more human, but that human will become more like GPT-3. In others, we do not say what we think or post pictures that we like or 

Revised STABLE Coins for MEDIUM?

In a recent episode of Professor Scott Galloway’s podcast, he talked with one of my favourite writers: the eminent historian and Hoover Institution senior fellow Niall Ferguson. The subject of the conversation was the relationship between the United States and China. Their fascinating and informative discussion ranged across many fields, including financial services and fintech. Ferguson touched on a particular aspect of “Cold War 2” in this context, saying that American regulators “have allowed the fintech revolution to happen everywhere else” by which I think he meant that the nature of financial regulation in America has been to preserve the status quo and allow the promulgation of entrenched interests while the costs of financial intermediation have not be reduced by competition. He went on to say that “China has established an important lead in, for example, payments”, clearly referring to the dominance of mobile payments in China and the role of (in particular) Alipay in bringing financial services. He made this comment around the same time that the Chinese government pulled the plug on the Alipay IPO, what would have been the biggest IPO in history.

Weareno1

with kind permission of TheOfficeMuse (CC-BY-ND 4.0)

As an aside, if you want to understand some of the big picture around the coronavirus, currency and what Ferguson referred to as “Cold War 2”, but what I call “The Currency Cold War” in my book of the same name, then you might want listen to this podcast from CoinDesk. It is a wide ranging conversation between Ferguson and CoinDesk’s Michael Casey about our disrupted world, inevitable crisis and what it could mean for money. As the author of one of the best books on the history of finance, The Ascent of Money, Ferguson has a very wide and well-informed perspective on the issues and, indeed I quote him more than once in my book!

At a time when America is finally beginning to at least think about opening up financial services to allow real competition, China is heading in the opposite direction by clamping down on fintechs.

Ferguson’s point about payments is particularly interesting to me. One way to provide more fintech competition to the incumbents would be to provide a more relaxed environment for payments. America lacks a regulatory construct equivalent to the EU’s “Payment Institution” and it really needs one if it is to move forward. The EU regulatory framework has just been battle-tested with the collapse of Wirecard following massive fraud. No customer funds were lost in the collapse of the badly-regulated non-bank because the customer funds were ring fenced in well-regulated bank and, as I will suggest later, this might be the right regulatory balance for new US regulation. Indeed, the Bank of England’s December 2020 Financial Stability Report says that systemic stablecoins backed by a narrow range of ring-fenced, less risky assets, it may be possible to design an “appropriate regime” that would deliver the desired standards of protection without application of the full regime applied to commercial banks.

In America, the place to look for ideas about an appropriate regime could be the OCC, which has developed the concept of the Special Purpose National Bank (SPNB) charter. I don’t want to sidetrack into the controversy around these charters, except to note that the OCC expects a fintech company with such a charter to comply with capital and other requirements that seem unlikely to generate the innovation and competition that America wants as was obvious from the comments on the original proposals when fintechs made it clear they would be reluctant to invest in such an OCC license unless such a licence would require the Federal Reserve to give them access to the payments system (so they will not have to depend on banks to intermediate and route money for them). The fees associated with such intermediation are significant (ie, top five) operating cost for many fintechs. 

I agree wholeheartedly with Prof. Dan Lawry of Cornell Law School, Lev Menard of Columbia Law School and James McAndrews of Wharton Financial Institutions Center who in their response to the OCC’s proposal called them “fundamentally flawed” called for the organisation to instead look at strengthening the regime for non-bank financial institutions. The focus on banking regulation, though, seems entrenched. I notice that Congresswoman Rashida Tlaib (MI-13), along with Congressmen Jesús “Chuy” García (IL-04) and Chairman of Task Force on Financial Technology Rep. Stephen Lynch (MA-08), have just introduced the Stablecoin Tethering and Bank Licensing Enforcement (STABLE) Act, which similarly propagates this outdated (and inappropriate) regulatory perspective by requiring any prospective issuer of a “stablecoin” (let’s not even get into what is or is not a stablecoin) to obtain a banking charter.

The idea of another kind of federal charter that would allow regulated institutions access to payment systems, but would not allow them to provide credit, seems much more appealing for not only stablecoin issuers but almost all other fintechs as well. Such a charter would separate the systemically risky provision of credit from the less risky provision of payment services, a very different concept to the SPNB charter. The economist George Selgin, Senior Fellow and Director of the Cato Institute’s Center for Monetary and Financial Alternatives, recently posted a similar point on Twitter, arguing for the Federal Reserve to give fintechs direct access to payment systems (instead of having to go through banks). This was the approach taken in the UK when the Bank of England decided to give settlement accounts to fintechs, where examples of fintechs who took advantage of this opportunity to deliver a better and cheaper service to customers range from the $5 billion+ Transferwise money transfer business to the open banking startup Modulr (which just recieved a $9 million investment from PayPal Ventures). Interestingly, Singapore has just announced that it will go this way as well, so that non-banks that are licenced as payment institutions will be allowed access to the instant payment infrastructure from February 2021.

Meanwhile, in September, the European Commission (EC) adopted an expansive new “Digital Finance Package” to improve the competitiveness of the fintech sector while ensuring financial stability. The proposed framework includes a legislative approach to the general issue of crypto-assets, called Markets in Crypto-assets (MiCA). I’ll spare you the whole 168 pages, but note that it introduces the natural extension of existing electronic money regulation by introducing the concept of crypto-asset service providers (CASPs) and defining stablecoins as being either “asset-referenced tokens” that refer to money, commodities or crypto-assets or “e-money tokens” that refer to one single fiat currency only.  I think the EU may be charting a reasonable course here. China needs to regulate lending more, the US needs to regulate payments less. America needs more competition in the core of financial services and now is a good time to start. With the Biden administration on the way, they can tackle this core issue that, as The Hill says, the U.S. government has “ignored and neglected” the need for a regulatory framework that will support American technological innovation around cryptocurrency, setting aside an embarrassing and “outdated regulatory approach to fintech”. Prof. Lawry suggest a simple and practical response for the US regulators, which is to amend the state-level regulatory frameworks around money services businesses (MSBs), which they say “are the product of a bygone age”, and learn from M-PESA and Alipay where a 100% reserve requirement seems to have proved very successful. There is no evidence that such a requirement stifles growth. Congress need only introduce a uniform requirement that MSB hold a 100% in insured deposits at a bank that holds account balances at the Federal Reserve, which is in essence the same as an EU Electronic Money License and therefore ought to lead to mutual acceptance.

In short, China needs tighter regulation of fintechs around credit, America needs lighter regulation of fintechs around payments, and the way forward is to separate the regulation of payments from the regulation of credit from the regulation of investments. This is the way to get competition and innovation in financial services.

China’s President Xi Jinping Personally Scuttled Jack Ma’s Ant IPO – WSJ

xxx

Chinese regulators have long wanted to rein in Ant, according to the Chinese officials with knowledge of the decision-making. The company owns a mobile payments and lifestyle app, called Alipay, that has disrupted China’s financial system. Alipay is used by roughly 70% of China’s population, has made loans to more than 20 million small businesses and close to half a billion individuals, operates the country’s largest mutual fund and sells scores of other financial products.

Ant largely focused on serving people and companies that traditional banks long ignored, and it has emerged as an important cog in Chinese finance. It has long been spared from the tough regulations and capital requirements that commercial banks have been subject to.

From China’s President Xi Jinping Personally Scuttled Jack Ma’s Ant IPO – WSJ:

xxx

FYI: Alibaba Cloud says it has robot sysadmins that swap faulty disks in four minutes • The Register

xxx

Alibaba said this year’s 11.11 sales holiday generated $74.1bn in gross merchandise volume through its online mall, handily beating the $38.4bn splashed at 2019’s event. To put that into context, Amazon.com’s Prime Day shopping spree generated an estimated $10bn this year – $3.5bn by third-party sellers and about $7bn by Amazon itself

From FYI: Alibaba Cloud says it has robot sysadmins that swap faulty disks in four minutes • The Register:

xxx

FYI: Alibaba Cloud says it has robot sysadmins that swap faulty disks in four minutes • The Register

xxx

Alibaba claims its online marketplace coped with a peak load of 583,000 orders per second on this year’s Singles Day, China’s internet shopping frenzy event akin to Cyber Monday.

From FYI: Alibaba Cloud says it has robot sysadmins that swap faulty disks in four minutes • The Register:

xxx

Design a site like this with WordPress.com
Get started