When it comes to the regulation of the Bitcoin (BTC) and crypto industry, user privacy is one of the key areas that governments are trying to address in order to maintain control over businesses and citizens, also known as taxpayers. Consequently, we are witnessing an increase in the stringency of know-your-customer (KYC) procedures in this industry, compelling centralized service providers to comply with these regulations in order to continue their operations. Furthermore, it appears that regulators are also setting their sights on decentralized BTC and crypto services.
Before delving into recent developments in privacy and KYC matters, it is essential to establish some context and understand why these issues are important to discuss.
KYC/AML (anti-money laundering) measures, as their name suggests, are intended to identify the users of financial services, prevent money laundering and other illicit activities, and aid in tax collection. Although these objectives may appear noble, the effectiveness of these measures is still a subject of debate. They significantly increase operational costs for businesses and introduce additional risks, as they may expose individuals to the potential abuse of their data by government entities or its theft/leakage by criminals, thereby jeopardizing the financial and physical security of financial services users.
Regarding the argument that BTC and other cryptocurrencies are being used for illicit activities, data from the blockchain analysis company Chainalysis shows that while illicit activities are indeed valued in the billions of USD, their share of total transactions is minuscule.
Meanwhile, the BTC and crypto industry is striving to promote financial privacy, contending that it is a fundamental human right. They argue that without genuine financial privacy, there can be no financial freedom. Furthermore, developers are actively working on multiple solutions designed to enhance the privacy of BTC and crypto users while simultaneously bolstering censorship resistance and network resilience, ultimately providing greater financial privacy for individuals. (You can read our previous report on the latest privacy debates in Bitcoin here.)
However, all of these efforts face mounting resistance from both local and international regulators.
On the international level, G-20 countries are currently collaborating in response to a joint call by the International Monetary Fund and the Financial Action Task Force (FATF), an international body responsible for developing anti-money laundering (AML) policies. The aim is to implement the FATF's standards on anti-money laundering and counter-terrorist financing, which specifically pertain to "virtual assets (VAs) and virtual asset service providers (VASPs)."
A joint report stated, "The lack of regulation creates significant loopholes for criminals to exploit. Closing the gaps in global regulation of virtual assets is an urgent priority, to be addressed through the FATF's Roadmap."
A New Battle in the US
Meanwhile, at a national level, new initiatives are emerging that could significantly undermine the privacy of BTC and crypto users. For instance, in the US, the Financial Crimes Enforcement Network (FinCEN) introduced a new proposal in October 2023 titled "Special Measure Regarding Convertible Virtual Currency Mixing," which has raised concerns within the Bitcoin industry.
In theory, FinCEN should define "virtual currency mixing" as the use of BTC and crypto mixers, services that anonymize transactions by blending and shuffling cryptocurrency to obscure their source, making it challenging to trace the origins of funds. However, the new proposal contains vague and confusing definitions that, if adopted, could potentially extend its application to many other areas within the BTC and crypto industry.
For instance, the proposal might encompass activities on the Lightning Network, a so-called layer 2 Bitcoin scaling solution, as some of its processes could be considered BTC mixing. It could also target practices such as "creating and using single-use wallets, addresses, or accounts," which are common among privacy-conscious BTC and crypto users. Additionally, FinCEN suggests that mixing activity may include "exchanging between types of Convertible Virtual Currency or other digital assets," which means that trading your BTC and other tokens on an exchange might also pose potential issues.
To monitor these activities, "FinCEN proposes to collect the following information": the customer's full name, date of birth, address, email address, taxpayer identification number, or another unique identifying number.
However, BTC and crypto users have approximately three months to provide comments on the proposal with the hope of making amendments.
KYC Changes in the EU
Meanwhile, across the pond, KYC and AML regulations are becoming increasingly stringent. Among these new rules is the EU's Markets in Crypto-Assets (MiCA) Regulation, scheduled to take effect in 2024.
According to Moody's, the implementation of MiCA signifies that crypto asset providers will be required to adhere to AML and KYC compliance standards in a manner similar to traditional financial services providers and fintechs today:
Furthermore, MiCA imposes the obligation on VASPs to verify information about a BTC and crypto wallet holder if a transaction to or from a VASP exceeds 1000 EUR.
Additionally, the current version of MiCA is just the beginning of regulatory enforcement, and BTC and crypto users should anticipate the introduction of new anti-privacy measures. For instance, MiCA mandates the European Commission to submit a report that evaluates the necessity, effectiveness, and enforceability of additional mitigation measures. These measures may include specific obligations on providers of hardware and software wallets, as well as limitations, controls, or prohibitions on transfers involving “self-hosted addresses.”
In the context of MiCA, "self-hosted addresses" refer to regular BTC or crypto addresses controlled by regular individuals or organizations. Much like a physical cash wallet in your pocket, these addresses can also be categorized as "self-hosted wallets." The deadline for submitting this report is set for June 30th, 2027.
While local jurisdictions may implement a variety of KYC/AML measures that pose threats to user privacy and security, another challenge to privacy arises from Central Bank Digital Currencies (CBDCs). These CBDCs have the potential to provide governments with new tools for tracking and controlling their citizens. While Western central banks assert that they will safeguard the privacy of CBDC users, achieving this goal may prove more challenging in less democratic countries.
Consequently, considering all the examples mentioned (and there are many more), real financial privacy and genuine financial freedom appear to be increasingly under attack. Nevertheless, the development of new technical solutions and shifts in perception that normalize financial privacy may offer a more private future than what regulators are currently imposing upon citizens.
Your email address will not be published. Required fields are markedmarked