CipherTrace feedback on socket no. FINCEN-2020-0002; RIN 1506-AB41
November 25, 2020
Per email to: [email protected]
Subject: FinCEN file number FINCEN – 2020–0002; RIN number 1506-AB41
CipherTrace welcomes the opportunity to comment on the proposed rule change by the Financial Crimes Enforcement Network (“FinCEN”) regarding the “limit on the requirement to collect, hold and communicate information on money transfers and money transfers that begin or end outside the EU” take US, and clarify the requirement to collect, retain and transmit information on transactions in convertible virtual currencies and digital assets with legal tender status. “
Leading cryptocurrency intelligence company, CipherTrace, protects financial institutions from crypto laundering risks and helps grow the crypto economy by making virtual assets trusted by governments safe for mass adoption. We provide the world’s most comprehensive information on cryptocurrencies to detect money laundering, conduct financial investigations, monitor risky payments and enable regulatory oversight. Our founders are dedicated to protecting consumer privacy and defending against illegal funding. Deep expertise in cybersecurity, eCrime, payments, banking, encryption and virtual currencies form the basis of CipherTrace’s commercial offerings
We look forward to our continued collaboration with FinCEN in these and future endeavors.
Proposed reduction in records and thresholds for “travel rules”
The proposed rule change will lower the existing dollar threshold in 31 CFR 1020.410 (a) and 31 CFR 1010.410 (e) and (f) to collect information about money transfers and transfers of funds of $ 3,000 or more and transfers up to $ 250 for wire transfers and transfers of funds beginning or ending outside of the United States.
According to the published document (2020-23756), the data used to derive this new lower threshold was based on SAR filings related to the fentanyl trade or potential transfers of funds related to terrorist financing. According to the data, 57% of terrorist financing-related transfers were at or less than $ 300, with 99% being cross-border. Additionally, over 82% of suspected fentanyl trafficking cases involved cross-border transfers, of which 52% were at or less than $ 300.
This dataset, which is used to calculate the $ 250 threshold, has inherent bias. Since transactions of these small amounts are below the thresholds for required reporting of suspicious transaction reports, institutions typically only report transactions of this small amount (i.e. $ 250) if they are certain of criminal activity and have actionable information about the crime . This means that the percentage of actionable SARS of $ 250-300 is significantly higher than the data lake of SARs submitted at or above this threshold. This means that below-transaction SARS are much better quality than above-threshold SARS, which are mostly submitted by FIs or NBFIs as “just in case” CYA access.
While CipherTrace recognizes that lowering the threshold for detecting cross-border and lower value money transfers may initially appear valuable to law enforcement and national security agencies, we believe that the combination of an immutable blockchain and proper suspicious activity reporting programs are sufficient, to allay FinCEN’s concerns.
In 2019, MSBs filed 852,925 SARs and FIs 1,116,400 SARs. These data lakes are large and the information is not always used effectively.
The difficulty of VASPs in identifying cross-border transactions in crypto
Unlike traditional financial institutions, the virtual currency industry faces particular challenges when it comes to FinCEN’s money transfer rule – specifically, the challenge of a) determining when a counterparty is another virtual asset provider, and b) where that provider is resident of virtual assets.
Knowing when a counterparty is another financial institution isn’t as easy in the crypto sector as it is in the formal financial sector. With cryptocurrencies, it’s not just banks and other financial institutions that initiate and receive transfers. The application of the fund travel rule means that VASPs face the particular dilemma of having to identify and check whether a recipient cryptocurrency address belongs to another VASP or not. To make things even more complicated, VASPs are constantly adding new deposit addresses and, unlike routing numbers or SWIFT codes, there are no clear connections between these new addresses and their respective VASP without the use of blockchain analysis.
The rule change proposed by FinCEN is based on transactions that “start or end outside of the United States”. These transactions are defined by whether a financial institution “knows or has reason to believe that the forwarder, the forwarder’s financial institution, the recipient, or the recipient’s financial institution is located in a jurisdiction other than the United States or in a jurisdiction within the United States. “
Due to the cross-border nature and global reach of virtual assets and VASPs, adherence to this definition would be difficult to enforce, especially since many VASPs are often registered in multiple jurisdictions around the world. A financial institution would only have “reason to know” that a transaction began or ended outside the United States if this information was disclosed or obtained from the forwarder upon receipt of the transmission order – provided it even knew the true scope of the cross-border nature of its transaction .
Determining the actual place of residence of a centralized VASP makes it even more difficult to identify “cross-border” transfers. In contrast to traditional institutions, a VASP can support many countries and regions without having to create different “branches” for each jurisdiction. Likewise, some VASPs deliberately chose to be based in regions where AML regulations are more relaxed, even though the majority of their customer base is outside of their official place of residence. The global makeup of the customer bases of these VASPs interferes with the purpose of identifying cross-border transfers in the first place. Unlike centralized VASPS, decentralized VASPs – or decentralized exchanges – often don’t even have a central office, which enables them to be truly global.
Because of this cross-border nature of VA activities and VASP operations, the FATF has in its Guidelines for a Risk Based Approach for Virtual Assets and Virtual Asset Service Providers that “countries should treat all VA transfers as cross-border transfers as per the Interpretation Notice of Recommendation 16 (INR. 16) and not as domestic transfers.” CipherTrace recommends that FinCEN treat all cryptocurrency transfers as cross-border. Adoption of this standard would help US-based VASPs more easily meet their new and existing obligations under the BSA.
Technology and startup costs: Reducing the threshold by 92% results in a 150% higher load on the VASPs
The proposed reduction in compliance with travel rules is a significant shift that would lower the threshold for keeping records and delivering “travel rules” messages by nearly 92%. CipherTrace has calculated that this change would increase the number of transactions that trigger travel compliance each year by a factor of at least 2.5.
To meet the current US Travel Rule threshold of $ 3,000, US VASPs would have had to send over 34,000 messages in October. Over 27,000 of these messages – about 78% – would have been cross-border, meaning the sending or receiving VASP was based outside of the United States. At the current threshold, this would mean over 417,000 messages per year.
Lowering the threshold to $ 250 would increase the number of Travel Rule messages required to be shared and stored per year to over a million. At this lower threshold, cross-border transactions account for 83% of all travel rule triggers for US VASPs.
The proposed change would increase the volume of Travel Rule messages required by 150% (2.5x). As a result, US VASPs are likely to incur significant additional expenses, such as more compliance staff, higher technical resource costs, and lost revenue due to the slowdown in the transaction process. Cryptocurrency users need, and often need, fast transactions to take advantage of market conditions. Slowing down these transactions would have a huge impact on the crypto economy.
These are just a few examples of the potential impact of the proposed rule change. The 30-day comment window provided is insufficient for the Virtual Asset Service Provider to fully calculate the impact of the lowered threshold. These changes come as many in the industry are still developing their compliance strategies for “travel rules,” which already require the use of new technologies and processes to collect and send the necessary information.
Safe Harbor for Travel Compliance
The uneven adoption of cryptocurrency travel rule regulations outside of the United States creates a potentially dangerous circumstance for US VASP customers whose data is being transmitted to non-FATF-compliant jurisdictions.
CipherTrace suggests that FinCEN grant US VASPs a “Safe Harbor” exception for the transmission of “Travel Rule” data until a functional system is in place. Similar “Safe Harbor” exceptions have already been introduced by FinCEN; especially in 1998, shortly after the “travel rule” was first implemented. We believe FinCEN should allow VASPs the same administrative flexibility it expanded to financial institutions in 1998 as leaders in the cryptocurrency sector continue to develop the appropriate means of compliance.
Much progress has been made in the past year as world leaders in the cryptocurrency sector continue to work together to develop appropriate solutions for compliance with the Travel Rule after the FATF announced the Travel Rule last June.
Final Thoughts – Adopting a FATF Level Threshold
CipherTrace believes that adopting a $ 1,000 threshold for cross-border transfers would be compatible with both FATF requirements and FinCEN’s proposed rules for domestic transactions. The interest of law enforcement agencies in tracking information related to cross-border transactions with lower dollar values can be achieved through Suspicious Activity Reports (SARs) and other existing reporting requirements without undue burdening VASPs and their customers. Harmonizing all travel rule regulations at $ 1,000 and treating all crypto asset transfers as cross-border would help U.S. VASPs more easily meet their new and existing obligations under the BSA.