Skip to Content
Blockchain

New money-laundering rules change everything for cryptocurrency exchanges

Complying with regulators could mean the difference between going mainstream and remaining forever on the margins of the global financial system.
August 15, 2019
Conceptual photo illustration of money laundering
Conceptual photo illustration of money launderingMs. Tech; original images: Pexels

One of the biggest knocks against cryptocurrency has always been its status as a refuge for tech-savvy criminals. Even as some bigger players—particularly exchanges that handle many billions of dollars in crypto-wealth each day—have gone out of their way to play nice with regulators, the image persists, in part because some crypto firms have evaded regulators by moving to jurisdictions that are less strict. 

But the end of the lawless era may be nigh. A new set of global anti-money-laundering rules aimed at cryptocurrency exchanges has been handed down by the Financial Action Task Force, an intergovernmental organization that sets standards for policing money laundering and terrorist financing. The rules, which call on exchanges to share personal information about their users with each other, are controversial. Many cryptocurrency enthusiasts think the privacy that drew them to the technology could evaporate. On the other hand, complying with the rules is likely to make the industry more attractive to mainstream financial institutions and users. In other words, cha-ching.

The problem

The cryptocurrency market is small and immature compared with markets for traditional stocks and bonds, but the criminals trying to profit from it are among the most sophisticated in the world—and they are reaping bigger and bigger rewards. “Unfortunately, we keep seeing the criminal numbers go up and up and up,” says Dave Jevans, CEO of blockchain analytics firm CipherTrace, which is developing an anti-money-laundering product for exchanges. According to a new report published by the company, thieves and scammers took an estimated $4.26 billion from cryptocurrency exchanges, investors, and users in the first half of 2019. “All of that stuff has to be laundered out,” Jevans says. 

What draws criminals to cryptocurrency is the capacity for anonymous, peer-to-peer value transfer. Technically, most cryptocurrency systems are pseudonymous—users are identified publicly, but only by a string of random numbers and letters. Since every transaction is recorded on a public ledger, criminals resort to a range of tactics, including using multiple addresses and exchanges, to cover their tracks as they move ill-gotten money around

In regulated jurisdictions like the US, Japan, and EU, exchanges—the bridges between the traditional financial system and the cryptocurrency world—are already required to verify the identities of their users, a process commonly called “know your customer.” But many exchanges around the world have lax policies that allow people to move money or cash out without identifying themselves. 

The “travel rule”

In June the Financial Action Task Force (FATF; pronounced “fat F”) published a much anticipated, technically nonbinding guidance detailing expectations of how its 37 member jurisdictions should regulate their respective “virtual asset” marketplaces. Here’s the contentious part: whenever a user of one exchange sends cryptocurrency worth more than 1,000 dollars or euros to a user of a different exchange, the originating exchange must “immediately and securely” share identifying information about both the sender and the intended recipient with the beneficiary exchange. That information should also be made available to “appropriate authorities on request.”

Besides deterring would-be money launderers, this makes it possible to blacklist certain individuals who are subject to economic sanctions, as well as entities like terrorist organizations. It’s essentially a crypto version of a US banking regulation commonly called the “travel rule,” which imposes a similar requirement on traditional financial institutions (though the threshold is $3,000). In the US, crypto exchanges have always been subject to this rule, according to a recent guidance from the Treasury Department’s Financial Crimes Enforcement Network. The agency just hasn’t started enforcing it yet. 

Not so nonbinding

Since the Group of Seven (G7) and influential members of the G20 plan to apply the policy, it really is binding, says Jesse Spiro, global head of policy at Chainalysis, a blockchain analytics firm. In particular, the US, which held FATF’s rotating presidency from July of 2018 until last month (China now holds that responsibility), is pushing the issue. Secretary of Commerce Steve Mnuchin has called FATF’s standards “binding to all countries.”

A global anti-money-laundering system?

In July, Reuters reported that as part of an effort to combat money laundering, Japan’s government is “leading a global push” to set up for cryptocurrency exchanges a system like SWIFT, the international messaging protocol that banks use for bank-to-bank payments. Last week, a report from Nikkei suggested that 15 governments are planning to create a system for collecting and sharing personal data on cryptocurrency users. 

But several people familiar with the FATF-led international discussions around cryptocurrency regulation told MIT Technology Review that these reports don’t have it quite right. There doesn’t appear to be a government-led global cryptocurrency surveillance system in the works—at least not yet. And it’s likely that whatever does eventually emerge won’t look much like SWIFT. Exchanges are still early in the process of figuring out what systems and technologies to use to securely handle sensitive data, Spiro says, and how to do it in a way that complies with a range of local privacy rules. “There are a lot of balls in the air,” he says. 

A line in the sand

“Regulators have made clear that the old way of transacting, where you have pseudonymous transfers—that’s not going to scale,” says Yaya Fanusie, a blockchain consultant and researcher who used to be an economic and counterterrorism analyst for the Central Intelligence Agency. Some users may leave compliant exchanges for others that choose not to share personal information, or seek out more decentralized methods of exchange that are harder to police.

But Fanusie says such a community will have to remain niche. He says mainstream financial institutions, which many think could drive the next phase of cryptocurrency adoption, will be more comfortable adopting the technology knowing that money laundering controls are in place. “I would describe the crypto space as being at a crossroads,” says Fanusie. Over the next year are so, we will see the industry “trying to figure out how it wants to position itself, and if it wants to scale.”

This story has been edited to reflect that China now holds the FATF presidency.

Keep Reading

Most Popular

Scientists are finding signals of long covid in blood. They could lead to new treatments.

Faults in a certain part of the immune system might be at the root of some long covid cases, new research suggests.

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.