DeFi's Greatest Risk: Regulation. What Changes Could We Expect In 2021?
As the market matures and mainstream adoption builds, regulators are working to keep pace and provide clarity to users, protocols, and DeFi companies. The industry is seeing a wave of regulatory focus on KYC/AML requirements, particularly related to self-hosted wallets, for banks and financial institutions and possibly virtual asset service providers.
This post dives into four significant legal and regulatory news events have occurred in Q1 2021.
- FinCEN’s Early Holiday Delivery
- FATF Releases Updated Guidance
- DeFi gets Bipartisan Support for Working Group
- OCC Rings in 2021 with a Stablecoin Kaboom
U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) announced a Notice of Proposed Rulemaking (NPRM) for requirements for certain convertible virtual currencies (CVC) and digital asset transactions, paving the way for additional recordkeeping reporting compliance.
The Financial Action Task Force (FATF) expanded on its previous guidance regarding virtual asset service providers (VASP) and whether additional KYC requirements should be placed on such VASPs.
A group of bipartisan U.S. lawmakers recently passed the proposed bill H.R. 1602 – Eliminate Barriers to Innovation Act, establishing a working group led by representatives from the SEC and CFTC to address lingering unresolved regulatory issues for digital assets.
And perhaps most exciting, the Office of the Comptroller of the Currency (OCC) released Letter 1174 confirming banks can participate in Independent Node Verification Networks (INVN) and use stablecoins to conduct payment activities and other bank-permissible functions.
ConsenSys product, Codefi Compliance, provides AML-CFT compliance solutions for Ethereum-powered digital assets. Work with us to build trust in digital assets, satisfy regulation requirements, and protect against fraud and financial crime.
FinCEN’s Early Holiday Delivery
As many were ordering that last-minute Christmas gift in time for overnight delivery to their annoying Uncle Frank, FinCEN published a notice of proposed rule-making (NPRM) imposing additional record-keeping and reporting requirements on banks and money services businesses (MSB) with respect to CVCs and digital asset transactions. Specifically, FinCEN would define CVCs and legal tender digital assets (LTDA) as “monetary instruments” under specific rules giving FinCEN statutory power to collect Currency Transaction Reports, and imposing reporting and record-keeping requirements of such CVCs and LTDA transactions over $10,000 and $3,000, respectively. Notably, FinCEN provided a hasty 15-day comment period for the NPRM. After significant pushback, it reopened the comment period for an additional 15 days for comments on the proposed reporting requirement and an additional 45 days for comments on the proposed record-keeping requirement.
If finalized, this NPRM would require banks and MSBs to report any CVC or LTDA transactions of more than $10,000 involving self-hosted wallets (i.e., the user maintains their own private key) or “covered wallet” (defined by FinCEN as wallets held by a financial institution in jurisdictions of primary money laundering concern – currently Burma, Iran, and North Korea).
Additionally, the current anti-structuring rule would be expanded such that banks and MSBs must monitor and detect those transactions that are just below the thresholds with the intention to evade the reporting requirements. Expanding upon the current Funds Transfer Record-keeping Rule, banks and MSBs would be required to keep records of the name and address between its customer and a counterparty using a self-hosted wallet for transactions greater than $3,000.
FinCEN’s goal in this NPRM is to combat bad actors who utilize self-hosted wallets and digital assets to send large sums of money to fund illicit activities. FinCEN’s long-held position is that new financial products and services must operate within the existing regulatory framework and argues its regulations are technology-neutral. Therefore, FinCEN’s approach reflects an expectation that new technologies will be developed and adapted consistent with existing frameworks.
Critics point out that these requirements impose costly compliance programs and do not account for how blockchain technology operates. Additionally, many in the DeFi ecosystem are concerned that these regulations could create a chilling effect on self-hosted wallets which serve the unbanked and underbanked.
FATF Releases Updated Guidance
As a global intergovernmental organization charged with developing policies to combat money laundering and financial crimes, FATF issued guidance in 2015 and 2019 recommending virtual assets be treated similar to traditional financial products, including KYC/AML requirements typically required by banks and financial institutions. On March 19, 2021, FATF announced an update to Draft Guidance on a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers. Significantly, FATF’s guidance expands the definition of VASPs to exchanges, platforms, and owners or operators of Dapps, and consequently broadens the applicability of FATF recommendations to more industry participants. These FATF recommendations would require exchanges, platforms, and dapp providers to carry out extensive KYC/AML checks for each party of a transaction, including self-hosted wallets.
Additionally, among other due diligence best practices, FATF recommends VASPs be subject to The Travel Rule, a rule applied only to U.S.-based regulated entities. This may pose significant issues and resources for certain providers, particularly non-custodial liquidity providers. Similar to that of the recent FinCEN proposed rule, reaction to the FATF guidance is mixed. DeFi enthusiasts particularly target the gap still unresolved by applying traditional regulatory rules to the decentralized technology operating virtual assets for which these rules are not a natural fit.
FATF accepted comments to the updated proposed guidance until April 20, 2021.
DeFi gets Bipartisan Support for Working Group
Introduced in March and passed on April 22, 2021, bipartisan U.S. lawmakers established a digital asset working group between the Securities Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) along with other industry representatives to clarify regulatory oversight of digital assets in bill H.R. 1602 – Eliminate Barriers to Innovation Act of 2021. The ultimate goal is to determine which regulatory body has jurisdiction over each particular token or cryptocurrency, and essentially determine whether each token or cryptocurrency is a security. If a token is deemed a security, the SEC would have jurisdiction, whereas if the token is classified as a commodity, the CFTC would preside over the jurisdiction. The bill still needs to be passed by the Senate before reaching President Biden for signature and becoming law.
The working group will have 90 days from the passing of the bill to establish itself and be charged with filing a report within one year analyzing a wide range of issues, including current regulations and their interaction with digital assets, how that interaction impacts primary and secondary markets and the U.S.’s competitive position, future best practices for fraud prevention, and how custody and private key management are currently treated under law. It will be the first time the SEC, CFTC, and other industry representatives worked together in a formal action with the purpose of working through key issues in the DeFi space. The working group’s possible success could bring unprecedented U.S. regulatory clarity and guidance to the classification of various digital assets and cryptocurrencies, the legal implications of custody and private key management, and a host of other currently unresolved issues.
OCC Rings in 2021 with a Stablecoin Kaboom
The OCC set off New Year fireworks when it published Letter 1174 on January 4, 2021, authorizing banks to use INVNs and stablecoins to facilitate payment activities. The primary role of banks is to sustain the operation of commerce and maintain the movement of money, debits, and credits across all parts of the economy. In that role, banks must monitor and adapt their practices by utilizing new technological developments that improve the transaction settlement process. In its letter, the OCC acknowledged the changing financial needs of the economy. They recognize the demand in the market for faster and more efficient payments. In recognition of this demand, they determined that banks may serve as a node on INVNs to validate, store and record payment transactions, including stablecoin transactions. The OCC was also careful to note the expectation of banks to continue to operate these activities consistent with currently applicable law and safeguards, including obtaining the identity of all transacting parties — another reference to identifying parties utilizing self-hosted wallets.
This letter is the latest of a number of supportive letters of decentralized technology published by the OCC, broadening the authority to banks to participate in DeFi, blockchain technology, and cryptocurrencies. In these letters, the OCC recognizes the importance of the U.S. financial system and, by extension, its banks’ competitive position. While OCC letters are not law and can be challenged in court or re-written by Congress, they provide crucial guidance to the industry, and specifically banks, to take advantage of this technology.
The DeFi industry is anticipating more answers regarding which agencies will oversee particular assets, future best practices and requirements for money-laundering prevention, legal treatment of private key management, among a number of other issues. The industry and regulators are still wrestling with how to close the unaddressed gap between traditional regulatory schemes built for banks and financial institutions and whether or how to apply such rules to a novel technological advancement based on decentralized systems.