AMLchain

In a comment on an (untrue, as it turned out) story about one of the big British banks starting to accept Bitcoin, a Twitter correspondent responded to one of my mischievous postings about the kinds of regulations that might be applied to Bitcoin in such circumstances by suggesting that Bitcoin be subject to the same anti-money-laundering (AML) regulations as cash.

I’m not sure about this though. The British government’s own October 2015 UK national risk assessment of money laundering and terrorist financing rates cash as high risk, electronic money as medium risk and (which, according to section 9.24, includes Bitcoin) as low risk. We shouldn’t regulate digital currency as cash because it’s cash that is the big problem and the AML regulations around cash are a reflection of our helplessness concerning cash transfers. Since cash cannot be tracked around the economy, we (society) have put in place a whole bunch of complicated and expensive rules about accounting for cash when it enters the financial system. But suppose there wasn’t any cash. Suppose there was only Bitcoin. In that case, you wouldn’t need AML regulations because you would be able to follow every coin around the blockchain. A simple rule that required banks to investigate any coins that had originated in anonymous wallets (or mixers) would be sufficient.

Compare that with the sort of nonsense people have to deal with right now. A friend of mine went to open a savings account with a UK financial institution. She had had an account at that institution for more than 20 years, but wanted (for purposes of administrative convenience) to have a separate account to put money in for her daughter’s university money. Armed with a passport, she went to her local branch only to be told that she would have to go home and come back with a copy of a recent utility bill — because her passport was not a proof of address (I think) — which, naturally, she couldn’t be bothered to do. So she went home and opened an online savings account with her bank, which did not ask for a copy of a recent utility bill. This paid less interest, but the difference was marginal. I haven’t had a chance to read this week’s Competition and Markets Authority Report on banking, but I hope one of their recommendations about increasing competition is to rationalise CDD (using, for example, some kind of financial services passport, as discussed before).

This is not to complain about the financial institutions, by the way. The nutty rules are government KYC/AML/ATF rules, not theirs. But what seems odd to me is that while poor people like my friend are being annoyed and inconvenienced about an account that will hold something in the region of five or six grand maximum, rich people who want to ship huge amounts of anonymous cash around the world find it no problem at all.

…he summoned an HSBC banker to his London office near Euston station, and demanded that he authorise the £2.25m payment, to be handed over to him in Swiss francs, in Switzerland… The head of the Swiss bank himself, Peter Braunwalder, eventually gave the go-ahead…

[From HSBC files reveal mystery of Richard Caring and the £2m cash withdrawal | Business | The Guardian]

Which makes me wonder what the point of these CDD rules is, particularly the rules around AML. I’ve written before about the lack of cost-benefit analysis around the unelected and unaccountable Financial Action Task Force (FATF) rules and I’m certainly not the only person questioning the approach.

Though the regulations have limited impact on criminal activities, they still cost money. Tracking illicit money flows requires a considerable bureaucracy. Enforcing the regulations cost an estimated $7 billion in the U.S., and probably far more.

[From Why the World Is So Bad at Tracking Dirty Money – Bloomberg Business]

Note the phrase: “a limited impact on criminal activities”. The costs are absolutely huge and getting bigger, they are out of control from the point of view of the banks and there seems no prospect of reining them in. Yet the controls implemented at vast expense seem to be of limited value at best.

In the best of cases, anti-money-laundering efforts are likely to do no more than raise the cost of transactions. A system that misses all but a fraction of a percent of criminal financial flows is almost guaranteed to miss terrorism finance in particular, which involves very small sums

[From Why the World Is So Bad at Tracking Dirty Money – Bloomberg Business]

In a blockchain world, instead of using AML rules that impose costs and a high entry barrier (which is nothing more than mild inconvenience to criminals but a serious charge on the poor and a barrier to innovation), the flow of value would be policed by apps and smart contracts. As my colleague Salome Parulava has pointed out before, merging compliance and auditing into real-time monitoring would transform the nature of AML. Many levels of bureaucracy might be rendered obsolete in both banks and regulators because of the ambient accountability that comes with the blockchain. As she notes in her dissertation on the potential impact of the blockchain:

“…companies would not need to “declare” [anything] as auditing and compliance will become the same by providing regulators with an opportunity to be constant supervisors of companies’ activities on a Blockchain.

Regulatory requirements in the case of cash are designed bearing in mind its “invisibility” and intractability, while in the case of a blockchain the opposite is true. Although Bitcoin, for example, is often described as “electronic cash”, consider the crucial (at least for AML purposes) difference: when you hold a £10 note in your hand you have absolutely no idea where it might have been before – maybe it comes from an illegal drug hoard or from a charity tin, you don’t know. With blockchain assets, on the contrary, you could know exactly the provenance, the entire history of ownership, and anyone including regulators can observe the market in real-time.

So, no. Digital currency shouldn’t be subject to the same AML rules as cash, it should be subject to better ones.

Shared ledgers might not disrupt payments, but identity

Thanks to Marc Hochstein from American Banker for pointing me to this video of the Stanford Blockchain Workshop that he chaired in March. If you are interested in the subject of blockchains, identity and reputation then put your feet up get a cup of tea and enjoy watching some really smart people introduce a lot of really interesting concepts.

Panel: Casey Fenton (Sovolve / Couchsurfing), Patrick Deegan (ID3/OMS), Primavera De Filippi (LOVE), Muneeb Ali (Onename)

[From Stanford Blockchain Workshop (March 2015)]

These people are on to something. And they are not the only ones. A similar gathering of the great and good (how come that classification never includes me!) on Richard Branson’s island came to a similar conclusion, highlighting identity as one of their four key application areas for the blockchain.

We discussed that the identity stack is a core application for the blockchain, it’s a critical piece for further development and needed for a trusted information economy system.

[From Richard Branson’s Necker Island And The Blockchain Summit (Part 2) | Vancouvered Weblog]

Bearing in mind that I always interpret the word “the blockchain” in these circumstances to mean “some sort of shared ledger that will probably be permissioned in some way”, I think they may be right.

So our identities could be verified by reference to a series of our blockchain transactions. For privacy and security reasons, each blockchain transaction should be coded so as not to give away much information about the transaction itself.

[From The Fine Print: Of #Blockchains And #MultiFactorAuthentication]

This kind of idea deserves serious examination. The idea that I might demonstrate some attribute to a third party by demonstrating ownership of a transaction output on a blockchain is interesting, especially when combined with smart contract stuff. It’s an exciting field. There are companies like Shocard and OneName already active in the space and new ones coming along all the time. For many of our financial services clients, radical reduction in the costs of identity-related compliance are a much higher priority than some marginal reductions in transaction costs.

I think we can begin to speculate about the use of a permissioned ledger to hold KYC information and the merging of auditing and compliance to replace AML “gates” with permanent monitoring of transactions on a blockchain (more on this tomorrow), the restoration of financial services in accordance with the FATF risk-based approach on a per-transaction basis. This would really be a new world, and would be really a revolutionary use of shared ledger technology.