3) I think really the place to start is in the Request for Comment section.
It's easy to think of regulators as unfeeling, faceless harbingers of doom. They're not.
In general, they try to be reasonable.
There are a number of requests, but all sound like this:
4) "Has FinCEN struck a reasonable balance between financial inclusion and consumer
privacy and the importance of preventing terrorism financing, money laundering, and other illicit
financial activity? If not, what would be a more appropriate way to balance these objectives?"
6) So, did they succeed?
I'm not sure, because I'm not sure on some of the details.
Here are the biggest open questions. Can others tell what the intention is?
7) As far as I can tell, this would only apply to a US financial institution sending to a self-custodied wallet.
However, offshore ones would need to have some reasonable AML system or sending to them would require this too.
Is that true?
8) Second, how does a relevant institution know whether a person is sending to an MSB, or metamask?
And if it is metamask, how does the MSB verify that it's the user's?
It says KYC is needed--but is that KYC of the sender? How do you KYC a metamask wallet?
9) There's one reading of this where really nothing is new: it's just saying that if you're sending > $3k-$10k from an exchange, the exchange needs to KYC you (but maybe not if you're sending to another whitelisted business).
10) There's another, though, where you would need to verify the identity of the self-hosted wallet. Is that just asking the user if it's theirs, and making them check a box confirming? If not how would you do it?
11) Also, does this mean that even if Coinbase knows that a transfer is to someone's cold wallet and has fully KYCed them, they have to file a gov't report with every single transfer above $10k? That's a lot!
12) The actual record requirement is much less onerous: any exchange with KYC already has records of all customer information, deposits, withdrawals, etc. The reporting requirement, though, is new.
13) So, overall, my suggestions to FinCEN here would be:
a) clarify the above!
b) I don't think the gov't report part of this makes sense in context: it'll be totally spammed by people moving between metamask and coinbase. Save that for suspicious transactions.
14)
c) I *do* think that the requirements for centralized exchanges to keep records of deposits/withdrawals are reasonable.
d) Make the requirement for sending to a self-hosted wallet that the customer records the address as one of their self-hosted ones
16) And, finally, I'd recommend a trial phase-in period so that businesses and regulators can both get used to the system and iron out the details in a way that makes sense; 2 weeks isn't very much time for a system this detailed and complex.
