Conversation

Replying to
4) "Has FinCEN struck a reasonable balance between financial inclusion and consumer privacy and the importance of preventing terrorism financing, money laundering, and other illicit financial activity? If not, what would be a more appropriate way to balance these objectives?"
1
19
5) Which means, above all: they're _trying_ to be reasonable. That's what's most important.
1
19
6) So, did they succeed? I'm not sure, because I'm not sure on some of the details. Here are the biggest open questions. Can others tell what the intention is?
3
15
7) As far as I can tell, this would only apply to a US financial institution sending to a self-custodied wallet. However, offshore ones would need to have some reasonable AML system or sending to them would require this too. Is that true?
3
25
8) Second, how does a relevant institution know whether a person is sending to an MSB, or metamask? And if it is metamask, how does the MSB verify that it's the user's? It says KYC is needed--but is that KYC of the sender? How do you KYC a metamask wallet?
2
22
9) There's one reading of this where really nothing is new: it's just saying that if you're sending > $3k-$10k from an exchange, the exchange needs to KYC you (but maybe not if you're sending to another whitelisted business).
1
16
10) There's another, though, where you would need to verify the identity of the self-hosted wallet. Is that just asking the user if it's theirs, and making them check a box confirming? If not how would you do it?
2
19
11) Also, does this mean that even if Coinbase knows that a transfer is to someone's cold wallet and has fully KYCed them, they have to file a gov't report with every single transfer above $10k? That's a lot!
1
16
12) The actual record requirement is much less onerous: any exchange with KYC already has records of all customer information, deposits, withdrawals, etc. The reporting requirement, though, is new.
1
14
13) So, overall, my suggestions to FinCEN here would be: a) clarify the above! b) I don't think the gov't report part of this makes sense in context: it'll be totally spammed by people moving between metamask and coinbase. Save that for suspicious transactions.
1
26
14) c) I *do* think that the requirements for centralized exchanges to keep records of deposits/withdrawals are reasonable. d) Make the requirement for sending to a self-hosted wallet that the customer records the address as one of their self-hosted ones
3
16
15) Overall I still feel pretty uncertain about some pieces of this, but I'm heartened by the tone that FinCEN is taking here.
1
22
16) And, finally, I'd recommend a trial phase-in period so that businesses and regulators can both get used to the system and iron out the details in a way that makes sense; 2 weeks isn't very much time for a system this detailed and complex.
7
45