Crypto companies will soon have to share their customers’ identities when sending transactions to other exchanges and payment service providers, according to regulations issued by the Financial Action Task Force—the international body that sets the world’s standards for anti-money laundering practices—in June, 2019.
The new “wire transfer rule” states that cryptocurrency businesses that handle payments—such as exchanges or custodians—should collect information about customers sending cryptocurrencies and provide it to the financial institution that receives it.
The FATF has indicated that it would like to see meaningful progress by June 2020. Member states will likely push for implementation by October 2020, when the FATF will once again evaluate which of the world’s countries are playing by its rules.
The risk of rushing
Industry experts told Decrypt that cryptocurrency exchanges—the biggest crypto businesses likely to be affected by the rules—haven’t yet worked out how to send or receive information in a secure and efficient manner, and in a way that flags suspicious customers to authorities.
Implementing such a system would result in users having to hand over more of their personal information to cryptocurrency payment service providers, many of which are frequent targets of hackers and scammers. If crypto businesses rush to implement a solution before it’s ready, there’s the risk that the personal information crypto businesses have to securely send to each other could get leaked or hacked.
Traditional banks are subject to the same regulations, but Anton Moiseienko, a research fellow at the Royal United Services Institute’s Centre for Financial Crime and Securities, told Decrypt, “When you try to apply the same rules to cryptocurrency businesses, you have major technical difficulties just because this industry doesn't operate the same way.” He added, “A cryptocurrency business can’t just transfer information about its customers to another cryptocurrency business in the same way that a bank would be able to do.”
What is the crypto industry doing to solve the problem?
Industry associations like Global Digital Finance, a London-based industry body that works with exchanges such as Diginex, Coinbase, and Binance, have been set up to address the problem. But Teana Baker-Taylor, executive director of GDF, told Decrypt that “there isn't currently a mechanism with which to transmit that information,” and that the crypto community “has been charged with coming up with a solution themselves.”
Will customer data go through a third, centralized party, like a crypto version of SWIFT, the international payment settlements network that banks use? If so, “Any central point of failure [of] an essential repository of information or data certainly carries risks,” Baker-Taylor said. Alternatively, the system could be completely decentralized, and “information [could be] sent in an encrypted and encoded way,” she added. Still, if exchanges don’t implement the system consistently, things could easily go wrong.
“I think there's still quite a lot of work to do,” she said. Workshops and round tables have been going on for the past six months or so, but she added that “the industry has had a little bit of a slow start getting their arms around the approach and collaborating with each other.”
Creating a global standard
Malcolm Wright, chief compliance officer at Hong Kong-based exchange Diginex, said that a number of solutions are now on the cards, and it’s a case of stringing them together to create a unified global standard.
Current protocols under consideration, said Wright, could require consumers sending cryptocurrencies to wallets held in different exchanges to provide information about who they’re sending it to. Recipients would also have to obtain information prior to accepting transactions.
Wright said that such a system could, for instance, require wallet holders to send additional codes to each other, or might mean that exchanges only sanction withdrawals to pre-validated wallets that have been “whitelisted” by exchanges. Through this proposed design, customers wouldn’t have to know the name of their recipients, but exchanges could read the codes to work out who owned the wallets.
Another solution, he said, would be to use a third party to segregate personal information from an exchange's database. “The industry is still working through what this looks like,” he said.
However it’ll work, Wright acknowledged that “the system will become more controlled.”
More controls would make it easier to track hackers, but it would also make it difficult for all users to trade cryptocurrencies anonymously. This, Wright said, is a “natural tradeoff,” since the industry has to ensure that crypto can’t be used for money laundering and terrorist financing.
The risk, if precedent is anything to go by, is that some exchanges’ security systems will fail. Future hacks thus won’t just result in a loss of funds, but could potentially include leaks of customer information, and who’s paying whom.
That’s why Baker-Taylor and Wright call for a global solution, one that’s cost effective and easy to implement for all exchanges.
“Without multiple service providers enabling this, you're back to a central point of failure. And you're also in a situation where whoever that one technology provider might be, it's controlling the price. If there are multiple, then you'd have competition,” said Baker-Taylor.
Wright concurred. He believes the market will eventually settle on a few key players, who’ll arise after healthy competition. In addition, “it might drag traffic away from exchanges that are lower quality.”
Speaking about his own exchange, Diginex, Wright said, “If we've got customer information, of course we want to protect that customer information. We don't want to release it and it to be available or misused; it's very high on people's minds.” But at the moment, “we're one step back from that,” he said.
Crypto exchanges will surely have a busy year ahead of them.