Monday, April 25, 2011

Peer-2-Peer Digital Currency: The Long Road Ahead for FinCEN

By Mark Herpel
DGC Magazine
Friday, April 22, 2011

FinCEN (Financial Crimes Enforcement Network): is one of the U.S. Department of Treasury’s lead agencies in the fight against money laundering. It’s mission is to enhance U.S. national security, deter and detect criminal activity, and safeguard financial systems from abuse by promoting transparency in the U.S. and international financial systems. *

Why FinCEN has an almost impossible task ahead regulating modern Internet digital currency

The financial crime enforcement folks have made some highly effective moves in the legal department during the past few year in their attempt to regulate new Internet financial products. These new products include digital currency payment software, online payment systems and value transfer systems.

The 1970 Bank Secrecy Act authorizes the Secretary of the Treasury to require certain records or reports where they have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings, or in the conduct of intelligence or counterintelligence activities, including analysis, to protect against international terrorism. In 1990, the U.S. Department of the Treasury established the Financial Crimes Enforcement Network (FinCEN) to provide a government-wide multisource financial intelligence and analysis network. The organization’s operation was broadened in 1994 to include regulatory responsibilities for administering the Bank Secrecy Act, one of the nation’s most potent weapons for preventing corruption of the U.S. financial system. The USA PATRIOT Act of 2001, broadened the scope of the Bank Secrecy Act to focus on terrorist financing as well as money laundering. The Act also gave the Financial Crimes Enforcement Network additional responsibilities and authorities in both important areas, and established the organization as a bureau within the Treasury Department.Hundreds of thousands of financial institutions are subject to Bank Secrecy Act reporting and recordkeeping requirements. These include depository institutions (e.g., banks, credit unions and thrifts); brokers or dealers in securities; insurance companies that issue or underwrite certain products; money services businesses (e.g., money transmitters; issuers, redeemers and sellers of money orders and travelers’ checks; check cashers and currency exchangers); casinos and card clubs; and dealers in precious metals, stones, or jewels. *

Using new powers created by Bank Secrecy Act along with those exciting new Patriot Act upgrades, the great legal minds of the U.S. Treasury have successfully labeled most of the new U.S. Internet payment products and grouped them into existing “financial product” categories.

The FinCEN strategy was to use changes in the existing laws or proposed changes to identify these newer payment products by their activity. Once identified as a financial business the operators would be required to provide a mandatory degree of transparency and financial reporting as required by the laws regulating Money Service Businesses and Money Transmitters. This strategy worked extremely for well over the past few years for all of the existing digital currency payment systems, both foreign and domestic which did business in the United States. The prosecutorial actions stemming from the Treasury’s oversight have effectively shut down all popular U.S. based digital currency systems and forced all existing U.S. exchange agents to close.

The red tape which faces digital currency businesses within U.S. borders is simply to troublesome and expensive.

Large companies such as PayPal which have centralized account structures, process all customer funds through existing bank channels are able to comply with regulations without any hesitation. The flow of funds always moves from the customer, through the regulated bank product and into the online payment system. These large regulated companies comply with the law…..because the can. To be clear, because all customer funds move through the bank, the origin of the funds and the person behind the deposit are always known.

From the above FinCEN statement: “…to require certain records or reports where they have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings, or in the conduct of intelligence or counterintelligence activities, including analysis, to protect against international terrorism.

Regulations require the online payment company to generate these reports, keep stored records and maintain access for the purpose of, “…criminal, tax, or regulatory investigation…“.

Each PayPal customer account is directly linked to personal information, backed by government issued ID plus the funds flow through a licensed bank where an account is also linked to the account holder and their ID. PayPal is an extension of the bank account it is not a digital currency. It is accurate to say that a PayPal payment is “owned” by that account holder and no one else. If the payment turns up bad, the owner can be easily discovered. The funds can be tracked directly to that person before during and after the transaction and an detailed record of this transaction is held for many years.

Unlike digital currency products, the PayPal system was created as a extension of regulated bank products. Complying with FinCEN regulation changes is easy for PayPal. Reporting the customer’s personal information, the account number, transaction details and where the funds originated is a snap. Suspicious transactions can also be monitored for money laundering violations. Customer records can be accessed after the fact which could help to build a rock solid legal case. To prosecute financial crimes, all of this data can be quickly accessed with a U.S. court subpoena, a judge’s order, or even a ‘sneak and peek’ warrant.

FinCEN regulations are highly effective because the identifiable “markers” are in place which recognize trouble. If an account has too many large payments moving in one direction, the centralized computer AML software sends up a flag, the suspicious transactions are tracked and those details are sent on for further investigation. If 6 months after the payment, a list of account transactions are needed to prosecute fraudulent sales practices, those records are easily accessed. The records exist because they were captured at the time of the transaction by the bank like PayPal system.

FinCEN works very effectively using the tools and “markers” that are provided through the existing financial regulatory structure. During the past few years, regarding the newer Internet payment products, FinCEN has either changed the laws or is proposing regulatory changes that force all newer online payment systems into these existing categories. Domestic or foreign, big or small, the rule changes are attempting to fit all these products into existing reporting categories so that FinCEN will have access to all those reports or “markers” which identify crimes and suspicious activity. Based on the data created from the reporting company’s payment accounts, FinCEN acts as a sort of intermediary to regulate the financial industry online.

The government has been tightening up this process over the past 5 years in an effort to catch up with new software and technology. Since the identifying markers for online accounts are widely available in the current centralized payment systems, like PayPal, these regulatory moves towards transparency have been highly effective.

The Dead End Ahead: No More Markers

While the government has been tightening up their arsenal of regulatory tools, the software designers have been moving in exactly the opposite direction. This is the rapidly approaching problem for FinCEN and other government agencies.

The free creative minds that mold financial software have been busy building systems absent of the data markers which FinCEN needs.

Examples of where the markers are missing:

  • Any possible AML software within a system that would identify a suspicious pattern of payments….gone and impossible to implement in a decentralized system.
  • All personal information identifying the account owner…..gone and never even requested to open or operate.
  • Centralized record systems that maintain transaction histories on each account or the system as a whole….gone, not present, not possible.
  • Internet information from the user’s connection that might identify their location….gone.
  • All funding and withdrawals originate from multiple third party sources including unknown third parties. Source of fund details are impossible to determine.

The new decentralized value transfer and Peer-2-Peer payment products emerging across the Internet are free from all the markers that would permit proper oversight by FinCEN. The reports and records which FinCEN requires after they have categorized a business as a “financial product” are simply not available.

This new value transfer software is Open Source, decentralized, often P2P and striped of all existing markers that would generate data and permit a transaction to be a valuable tool for monitoring the movement and source of funds.

Here’s how it’s done:

1) No personal information is required. What is loosely called an “account”, is simply a long number or a nick name. The field holds no identifying information, not even an email address. There is nothing which links this “account” activity to any specific person. Even a straw man owner of this account can not be identified.

2) No records of transactions are kept. There is no middleman or third party intermediaries capturing data and no central database to access and locate past transactions. In most instances, payments do not move through any centralized point, the online value moves from person to person. It is simply not possible to capture any information during the transaction unless voluntarily and manually offered up by the participants.

3) The value of each unit is not often predetermined. The changing digital units of these systems are not pegged to one currency or they have floating value. The value of a unit is often different from another unit on the same system, it might be determined through a variety of methods such as market demand, daily precious metal prices or even the issuer’s reputation. 100 units moving from one owner to another could have a value of $100 dollars, 100grams of gold or even $1,470 which was the $147.00 daily value of that unit at the time of the transaction.

4) It is impossible to track the cumulative value moving through the system at any one time or over any long period. 100% of the funds entering the system do not originate through the ”account” owner’s regulated bank. There is no central record of overall amounts. Transactions can be funded or withdrawn using a variety of methods including cash using third parties.

5) No Internet identifiable information on the user’s connection can be tracked. Generally the time of a connection and the IP, along with other information is logged and that record kept for all users. These logs don’t exist in any of these systems because the connection does not contain such data.

6) These software systems are small, Open Source, can be copied and installed in a matter of minutes. The code is highly configurable and installation is can be accomplished on any server in any country around the globe. An organization having members in multiple countries around the world could set up a new system each day to mask their business, with absolutely no traceable connection between any system.

7) There are no reporting requirements for non-U.S. agents which engage in the exchange operations. (cash to digital) Independent small and large agents are located in many international countries and operate with no financial oversight.


Since FinCEN draws intelligence from financial markers and data generated by reporting companies, regulators have recently changed the rules and tried to make all Internet payment systems reporting companies. However, software designers have now created, built and operate systems that do not generate any of the traditional markers needed for proper regulation. Even categorized as a reporting company, because the raw data is simply not available, these new Internet payment systems operate far outside the reach of existing financial enforcement.

Presently there about a half dozen of these systems operating across the Internet which are known to the public. At least one holds value of more than $5 million or more. Since the programs are open source and free for anyone to download, it is impossible to track how many are in operation, how many clients are using them or a the amount of funds moving through them.

Industry experts are predicting several hundred of these systems to gain popularity in the next 12 months. Who sets them up and what they will be used for is unknown.

Reprinted with permission.

No comments:

Post a Comment