On Libra , regulation and financial- crime prevention.

On July 29 , 2019 Facebook has issued a warning  in the investors report, that Libra digital currency may never see the light of day: In the risk factors section of the report, Facebook said it recognizes the significance of the pushback that’s come from lawmakers and regulators since the project was announced in June. “Libra has drawn significant scrutiny from governments and regulators in multiple jurisdictions and we expect that scrutiny to continue,” Facebook said in its filing with the Securities and Exchange Commission.

This blog will try to get into the reasons of regulatory pushback and its implications for financial-crime prevention.

Excerpt #1 from “Facebook’s Libra Masterplan” — an excellent review by Eric Wall:

“The social media company’s move into cryptocurrency takes advantage of regulatory loopholes.

Facebook is very knowingly exploiting a very specific gap in regulations and technology made possible by the cryptocurrency industry that will allow their planned “Libra” cryptocurrency to flow into the black market economy while still being compliant with traditional financial entities’ compliance policies.

How the “exploit” works

The exploit works by following a playbook that was written by the Bitcoin industry. The exploit emerges in the gaps of a little puzzle consisting of a few key players:

Cryptocurrency exchanges (“on- and off-ramps”) where you can buy and sell Bitcoin for dollars

Banks that give the exchanges their bank accounts

Regulators who set the know-your-customer (KYC) & anti-money laundering (AML) rules

Blockchain analysis firms who monitor cryptocurrency transactions for “suspicious activity”

Bitcoin users who buy and sell Bitcoin at cryptocurrency exchanges and then distribute them into the global Bitcoin ecosystem

The basis of the exploit lies in combining the pseudonymity of Bitcoin’s public key cryptography with the transparency of the Bitcoin blockchain. The transparency gives the participants in the diagram above the ability to surveil the Bitcoin system and produce reports that ticks all the boxes necessary for regulatory compliance. But the pseudonymity of the system still makes it easy enough for anyone with a computer to circumvent those exact surveillance methodologies when it’s necessary (more info here & here).

In the world of financial surveillance, those surveilling know they’re not going to catch every bad guy. It’s typically enough that you can demonstrate that you’re able to provide insight into a sufficient portion of transactions coming into your platform and that you possess far-reaching blacklisting capabilities and keep updated lists of blacklisted entities. And because nearly all activity in the Bitcoin system originates from speculators who typically do not bother to circumvent surveillance, the pie-chart diagrams the blockchain analysis firms produce on behalf of their clients will indeed look compelling.

What this numbers-based exercise completely fails to capture is the underlying potential embedded in the pseudonymous design to circumvent surveillance whenever and wherever it is needed.

To understand this better, by analogy, let’s say that a government wanted to surveil 3D printers, so that no one prints guns in their homes. To make sure that 3D printers are not being used for this purpose, every 3D printer starts coming with government-installed webcams attached to them.

As soon as this happens, websites start popping up with software to patch your printer to send a static video stream to the webcam to hide your activities. Now, let’s say 98% of the 3D printer owners do not have any interest in printing guns or manipulating the video stream, so they just leave the webcams on. If the government was a blockchain analysis company, they would produce a diagram with detailed reports showing how they’ve effectively observed and cataloged 98% of all 3D printing activity, and that 3D printing is one of the most transparent systems in the world and that the country is safeguarded against 3D-printed guns.

That’s essentially how the system of Bitcoin surveillance works today. The on- and off-ramps may be regulated, but the Bitcoins themselves are fickle and leak through their cracks. This is an amazing deal for Bitcoin because it means it can both trade at regulated venues and serve the institutional market while at the same time trickle down into the hands of every person from every walk of life on the planet. Transparency and pseudonymity — it is the ultimate combination that any aspiring form of digital currency should try to emulate for global reach.

Why Facebook is doing this

The reason: Facebook believes the plan has a chance of working. And if it is successful, it pushes an enormous amount of the regulatory responsibility (KYC/AML) of operating the on- and off-ramps away from Facebook and to the cryptocurrency exchanges where the Libra is traded. It’s letting the market figure out a way to give people access to the Libra that works, anyway that works, just like it has worked for Bitcoin for 10 years. Opening up the opportunity for anyone to run a Libra exchange means that there’s probably even going to be some exchanges that will try to avoid KYC/AML regulations altogether, furthering the Libra’s reach into the world.

Many cryptocurrency exchanges have been operating without licenses and any particular regulatory oversight in the past, and some still do today. And whenever one gets shut down or implements KYC/AML restrictions, another one pops up somewhere else that doesn’t, sometimes by people who are unaware of the fact that they’re breaking any rules. And sometimes, not even the regulators in that region are aware of whether any rules are being broken.

The LocalBitcoins platform which helped people to meet in person to trade Bitcoin for cash envelopes successfully operated without ID requirements for seven years before being forced to remove the option earlier this month.

But the “gap” isn’t fully gone yet. There still exist platforms such as Bisqand Hodl Hodl where people can circumvent these types of regulations. Here’s a quote from a blog post that Hodl Hodl recently posted when LocalBitcoins shut down in Iran:

The main difference between Hodl Hodl and other P2P cryptocurrency exchanges is that we do not hold user’s funds and do not have KYC/AML procedures. Hodl Hodl is also cheaper than most of the other P2P exchanges, with a maximum fee of 0.6% per trade.

So, by combining the properties of pseudonymity and transparency into their own Libra blockchain, Facebook hopes to achieve this sweet spot of simultaneous regulatory compliance and regulatory arbitrage, allowing the Libra to spread all over the world like wildfire while other businesses shoulder the heat. And why wouldn’t it spread like wildfire? The Facebook app family (Facebook, Messenger, WhatsApp, Instagram) is home to ~2.5 billion users. And the Libra, being backed by a basket of national currencies and government debt securities, is probably going to be a more stable currency alternative than what anyone else can provide in today’s world except for maybe the Federal Reserve”.

Excerpt #2 from “Facebook answers how Libra taxes & anti-fraud will work”

“How will Libra stop fraud or laundering while offering access to unbanked users without an ID?

Weil: There are very important populations that don’t have an ID. People in a refugee camp may not, as an example, and we want Libra to serve them. So this is one example of many of why it’s important that Calibra isn’t the only option for people who want to participate in the Libra ecosystem . . . Others of these will be run by local providers and they have programs to meet customers face-to-face and other ways to serve people and even KYC them that we may not . . . We’re not going be the only wallet, we don’t want to be the only wallet.

This is one of the reasons NGOs have been members of the Libra association from the start because we want to encourage the monetization of identity processes both through working with governments issuing credentials for more people and also making use of new types of information for identity and authentication. We hope this process will help the last mile problem.

In the case of a non-custodial wallet, the user isn’t trusting anyone. The way the regulations have worked and this is evolving as we speak. The on-ramps and off-ramps to the crypto world are regulated and they have direct customer relationships and it’s their responsibility to KYC people. In our case, we’ll be a custodial wallet and we’ll KYC people. There are many wallets in the Bitcoin or Ethereum ecosystem — non-custodial wallets that don’t have direct relationships with the users. . . They have to get that Bitcoin somehow. Usually, they’re going through an exchange where usually as part of the process they’re KYC’d.

In a lot of emerging markets, you have LocalBitcoins.com where you can find a representative or agent who will meet you in person and exchange cash for bitcoin in whatever market you have to be in. And I believe that they just started making sure that they KYC everyone, but they’re doing it in person. And they have more flexibility in how they do it than you might otherwise. I think there are lots of ways that this will happen and the fact that Libra is an open ecosystem will enable people to be entrepreneurial about it.

There are lots of people who are underserved by today’s financial ecosystem who have a government ID. So even with requiring everyone to go through a KYC process, we’ll be able to serve many, many people who are not well-served by today’s financial ecosystem. We want to find ways to support people who can’t KYC and the important part is that Calibra will fully interoperate with any other wallet, including ones that people in local markets are using because it’s a better fit for their needs.

TechCrunch: Through that interoperability, if someone with a non-custodial wallet receives Libra and then sends it a Calibra wallet user, does that mean you Libra coming into Calibra from users who weren’t KYC’d and could be laundering money?

Weil: So it’s part of the regulatory situation that’s evolving as we speak. There’s something called the Travel Rule . . . If there’s a transfer above a certain value you have to make sure that you understand both who the sender is, which you do if they’re using a custodial wallet, and who the receiver is. These are evolving regulations, but it’s something that we’re going to make sure that we implement as regulations solidify.

TechCrunch’s Analysis: Calibra appears to be inviting regulation that it can strictly abide by rather than trying to guess at what the best approach is. But given it’s unclear when concrete rules will be established for transfers between non-custodial wallets and custodial wallets, or in-person cashing, Facebook and Calibra may need to establish their strong protocols. Otherwise, they could be guilty of permitting the “unlawful behavior” Trump describes.”

Excerpt #3 from: “All Global Crypto Exchanges Must Now Share Customer Data, FATF Rules”

“A powerful intergovernmental organization devoted to combating money laundering and terrorism financing has finalized its recommendations on regulating cryptocurrencies for its 37 member countries.

As expected, the Financial Action Task Force (FATF) standards released Friday include a controversial requirement that “virtual asset service providers” (VASPs), including crypto exchanges, pass information about their customers to one another when transferring funds between firms.

“… obtain and hold required and accurate originator [sender] information and required beneficiary [receipient] information and submit the information to beneficiary institutions … if any. Further, countries should ensure that the beneficiary institution… obtain and hold required (not necessarily accurate) originator information and required and accurate beneficiary information …”

Under the new guidance, the required information for each transfer includes:

(i) originator’s name (i.e., the sending customer);

(ii) originator’s account number where such an account is used to process the transaction (e.g., the VA wallet);

(iii) originator’s physical (geographical) address, or national identity number, or customer identification number (i.e., not a transaction number) that uniquely identifies the originator to the ordering institution, or date and place of birth;

(iv) beneficiary’s name; and

(v) beneficiary account number where such an account is used to process the transaction (e.g., the VA wallet).”

Our Conclusion:

Does the on/off ramp regulation solve the problem? NO!

The on/off ramps AML/KYC is successful in single % digits (according to Facebook’s admission). So they say — why to bother?.

The questions for Libra to answer are:

1. How can Libra prevent sanctioned individuals from using it daily?

2. How can Libra prevent from someone to pay a ransom?

3. How can Libra prevent from “money mules” launder money for Cartels?

4. How can Libra prevent terrorism financing?

5. How can Libra prevent human trafficking financing?

Can we do better?

We waste trillions of dollars because if Financial Crimes. If we trim this number — all of us, including the unbanked population will benefit greatly! We need on/off ramps and "highway police". The latter will take bad guys off the road! And the privacy for the good guys will remain intact!