Caribbean governments, for example, complain that their economies have increasingly suffered “de-risking,” as tougher compliance has stanched investment flows to the islands.
The consequences are even more severe for poorer countries, where state-led IDs are either non-existent or easily forged. The heavy scrutiny that foreign banks apply to their counterparties in FATF-labeled “high-risk jurisdictions” means the bar for businesses and individuals in those countries to obtain local banking services is very high. It’s a key reason why 2 billion people worldwide are considered “unbanked.”
This, of course, has a negative impact on poverty, which in turn feeds crime and terrorism – the very problems AML-CFT is intended to fight.
Consider Somalia, a failed state whose institutions are often blacklisted by the world’s biggest banks. It’s difficult and costly for Somalian expats to send money home to family members who rely on such remittances. This perpetuates poverty, drives people into informal payment systems and fosters the disenfranchising economic conditions in which terrorist organizations such as the Somali-based Al Shabaab thrive.
Talk about a perverse effect.
Is cryptocurrency the answer?
The Cypherpunk answer is to say, screw governments. People should use bitcoin, since it enables peer-to-peer digital payments without the intermediation of a regulated entity.
The problem lies at the crypto on- and off-ramps, where government surveillance has become ever more intense. The FATF’s new “travel rule” says cryptocurrency exchanges should be required to obtain information, not only about their customers but also on their customers’ customers, forcing cross-exchange information-sharing. This suggests the only environment where cryptocurrency transactions will be free from KYC exists solely between self-custody wallets. The minute a transaction touches the custodial structure that underpins most exchanges, cryptocurrency will be subject to KYC reporting.
Decentralized exchanges, or DEXes, which provide price and matching services but take no custody of clients’ coins, might be a way around this problem. Recent FinCEN guidance excluded them from the definition of regulated money service businesses in the U.S.
However, cryptocurrency advocacy group Coin Center has raised concerns that the FATF’s definition of regulated “virtual asset service providers” includes a vague reference to entities which “transfer” funds. Vagueness creates uncertainty, which as we’ve seen with bank compliance officers, is toxic to risk appetites. Many lawyers will advise their DEX clients to impose KYC to be on the safe side.
Also, with Helsinki-based LocalBitcoins announcing new KYC rules this year due to a new Finnish anti-money laundering law, it has become much harder for people to find each other in person and agree on a price for exchanging cryptocurrency for fiat without being officially surveilled.
In any case, it’s simply impractical for people in the developing world to use bitcoin as their main unit of account and medium of exchange. Perhaps Libra, with its basket-based stability mechanism, could evolve into a day-to-day payment vehicle, but as we saw from David Marcus’s testimony to Congress, that corporate-backed project will require KYC.
Bottom line: the poor need an easy-access fiat on-ramp.
Monitoring tech advances
We’re back to square one: financial inclusion goals suffer at the expense of governments’ crime-fighting objectives.
One could argue governments should decriminalize money – combat the actual crimes of drug trafficking, arms dealing, and so forth, but treat the right to exchange value as a human right. Let’s be realistic, though: that isn’t going to happen.
So, how to escape this vicious cycle? The answer may lie in blockchain technology’s own capacity to track transfers between pseudonymous accounts – though not as currently applied.
For some time, transaction-trackers such as Elliptic and Chainalysis have helped law enforcement agencies trace cryptocurrency payments to and from bad guys and provided rigorous AML monitoring audit services to companies.
Now, newcomers such as the Coral Protocol and CipherTrace are using high-tech network analyses and cryptographic protections to help businesses share cryptocurrency metadata to flag suspicious behavior without revealing their customers’ personal identifying information, or PII. These could make it easier for companies to comply with the FATF travel rule and generally create a more sophisticated, systemic analysis of risk. Quite apart from KYC rules, there’s real value here for a cryptocurrency economy increasingly dominated by “bots."
Still, there’s no way around the law. At the on- and off-ramps, customers must be IDed. And, under order from a law enforcement agency armed with these sophisticated tracking tools, a firm must crack open the black box and release the PII to the authorities.
A new mindset
What if, though, governments concede that it’s both impossible and unnecessary to formally identify poor people at the on and off-ramps? What if they accepted an AML model that treats the endpoints as unidentified nodes and, drawing on these new analytic tools, actively managed access to networks based on behavior not identity?
Here, ongoing research in machine learning and high-performance computing by the MIT-IBM Watson AI Lab in collaboration with Elliptic could be a catalyst. As described by lab researcher Mark Weber, the team uses an approach known as “graph convolutional networks” to create enhanced money flow forensics to address the challenges posed by the “complex layering and obfuscation schemes utilized by sophisticated criminal networks.”
Mapping a massive pool of bitcoin transactions, the researchers have isolated patterns that distinguish between illicit and licit behavior. In a forthcoming paper, they posit their work as a contribution to financial inclusion goals.
One day businesses might use such tools to control access points to cryptocurrency networks without applying traditional KYC, ensuring that good guys get financial services but bad guys don’t, even if neither is furnishing an official ID.
Would regulators go for it? Not, it would seem, under the current mindset. Compliance is used to identify and catch criminals, not as way to control access per se. If anything, the regulatory trend has been toward a greater dependence on state ID and ever more conservative treatment of “high-risk” poor people by financial institutions.
Cryptocurrency compliance expert Juan Llanos complains that regulators “are not open to innovation.” He adds, “As long as government ID is the standard, we are going to have this problem. Anything anonymous is controversial and not allowed. It’s very unfortunate.”
Still, the FATF’s latest round of deliberations did contain one olive branch to innovators: a willingness to explore the potential for “digital identity provided by governments or by the private sector.” Combine that “private sector” line with a brief reference in Libra’s white paper to “portable digital identity” as a financial inclusion solution, and one can at least imagine financial and tech companies such as those the Libra Association's members hashing out an onboarding solution for the poor that no longer depends on the outdated notion of state IDs.
This approach won’t satisfy hardline privacy advocates, who rightly view exchange as a human right.
But as a pragmatic solution, it’s perhaps the best hope that the world’s 2 billion unbanked have.
— Michael J Casey 
The global privacy dilemma