Policies trigger legal dilemmas: Wallets and Defi developers may face greater challenges

Author: Aiying; Source: AiYing Compliance

Since 2013, the U.S. government’s policy has been clear that cryptocurrency wallet developers and users are not money transmitters. But the recent sudden decision by the Department of Justice to prosecute wallet developers for unlicensed money transmission is very surprising, especially since these developers do not actually control the assets that users protect with their software.

Federal prosecutors have made this unprecedented interpretation in two recent cases, the Samourai Wallet indictment made public on April 26 and the opposition to exclude evidence filed against Roman Storm in the Tornado Cash case announced on the same day. At the same time, the FBI has also warned crypto wallet users that they may lose their funds due to criminal seizures and investigations if they do not transfer them to regulated institutions.

I. Here is a brief review of existing money transmission policy and a detailed summary of recent events

The United States has a series of federal laws that regulate money transmitters for anti-money laundering (AML), primarily under the Bank Secrecy Act and its amendments. These laws define the category of "financial institution" and authorize the Secretary of the Treasury to redefine this category as needed. Therefore, the enforcement rules under the Bank Secrecy Act actually specify who must or must not register as a money transmitter or other financial institution, comply with the "know your customer" (KYC) principles, submit reports to the government, and implement other anti-money laundering controls.

These regulations define a money transmitter as:

• any person who provides money transmission services, where “money transmission services” is defined as “accepting currency, funds, or other value fungible for currency from one person and transmitting currency, funds, or other value fungible for currency by any means to another location or person”;

• any other person who engages in the transmission of funds.

In the context of cryptocurrency, this definition leaves some ambiguity as to whether cryptocurrency is “currency, funds, or other value fungible for currency.” If cryptocurrency is considered “funds,” then “any person who engages in the transmission” is a money transmitter. If cryptocurrency is considered “currency,” or “other value fungible for currency,” then anyone who “accepts” and “transmits” cryptocurrency is a money transmitter. Based on a straightforward reading of the regulations, cryptocurrencies are considered substitutes for traditional currencies, so if someone accepts and transmits cryptocurrency from another person in a commercial manner, they are a money transmitter. In other words, if someone has actual control over another person’s cryptocurrency and uses that control to transfer the cryptocurrency to another person or location, they are a money transmitter.This law has been the controlling law since before the advent of cryptocurrency and has never been amended or overturned by Congress, the courts, or regulation. This slight ambiguity about whether cryptocurrency is money, money, or fungible money would be addressed by FinCEN early in the history of cryptocurrency regulation.

In 2013, FinCEN issued its first “Virtual Currency” Guidance. In this guidance, FinCEN confirmed that cryptocurrencies (which they call virtual currencies) are “values ​​that are fungible to currency” and are not “money” or “currency” per se (hence the term “virtual currency”). In a note, it also made it clear that virtual currencies are not considered “money” because such a definition would trigger some prepaid access rules that FinCEN believes do not apply to cryptocurrency activities.

FinCEN further explained that users who simply use virtual currencies are not money transmitters, and in a subsequent administrative ruling found that software developers are not money transmitters: "The mere production and distribution of software itself does not constitute the acceptance and transmission of value, even if the purpose of the software is to facilitate the sale of virtual currency."

In addition, FinCEN issued more guidance in 2019clarifying that partial control of virtual currencies is not enough to classify wallet developers as money transmitters, because those who participate in transactions and request additional verification at the request of coin holders do not have complete independent control over these values.

This guidance requires that only businesses that host cryptocurrency businesses need to be licensed and subject to federal money transmission regulations. The law has always been clear: non-custodial cryptocurrency developers are not money transmitters.

II. Case Details and Arguments

On April 26, 2024, an indictment was unsealed charging the developers of Samourai Wallet, a Bitcoin wallet that uses CoinJoin transactions to enhance user privacy, with, among other counts, illegal money transmission. For this discussion, we will not discuss the money laundering conspiracy charge, which relies on specific facts and is not necessarily based on the developer providing custodial services rather than non-custodial services. The defendants may have operated a centralized server to coordinate CoinJoin transactions, as the charges allege. However, based on our current understanding, Samourai Wallet does not provide the developers or any third party with actual independent control over the Bitcoin that users secure through the wallet software. Based on a straightforward reading of the regulations, especially in light of FinCEN's guidance and administrative rulings, the developers of Samourai Wallet do not have "complete independent control" of any user funds and therefore do not fall within the definition of a money transmitter.

In Roman Storm’s Tornado Cash case, prosecutors responded to a previously filed motion to dismiss. They discussed a law called “Section 1960,” which says it’s illegal to operate a money transmission business without a license. The prosecutors’ response specifically emphasized that the definition of this law is much broader than the definition we usually discuss.

Their main argument is that any time the Tornado Cash software is used to request a deposit or withdrawal, it causes cryptocurrency to move on the Ethereum blockchain, so they believe that the developers of Tornado Cash should be held responsible for this. This statement expands the scope of liability, meaning that by this logic, almost all cryptocurrency wallets and smart contracts are in the money transmission business, and all developers may be involved in illegal money transmission.

In terms of regulatory definitions, the prosecutors’ response ignores all previous guidance and interprets “funds” in the law very broadly, simply defining it as anyone who participates in the transfer. They even compared it to a package delivery, trying to show that control of the money is not a requirement. This explanation ignores the fact that FinCEN has previously stated that virtual currencies are not "money", which is also ridiculous.

If Tornado Cash is a package service, it is obviously not just for criminals. Secondly, the prosecutors' comparison actually proves the exact opposite of what they want to prove. A courier service that cannot access the contents of the packages it delivers is obviously not a money transmission service. First, if you can't open the package, how do you know what's inside? If you are told that you are only delivering boxes of canned goods, and you can't open the box, how can you be guilty of operating an unlicensed money transmission service? Secondly, FinCEN clearly stipulates that armored car services that are limited to the safe transportation of money are not money transmission services!

At the same time, the Federal Bureau of Investigation (FBI) issued a warning bulletin about crypto wallets. The announcement "reminds Americans not to use cryptocurrency transmission services that are not registered as money services businesses (MSBs) under U.S. federal law. The FBI also provides an official tool from FinCEN that allows users to check whether a company is registered as an MSB."

In light of the Tornado Cash and Samourai Wallet prosecutions, if the Department of Justice's position is that any action that enables cryptocurrency to be transferred from one place to another on the Ethereum blockchain (as Tornado Cash argues in its response) is a money transmission, then every crypto wallet is a money transmitter, whether it is software running on your phone, software running on your Trezor or Ledger USB drive, or software running on Coinbase servers. Of the three, only Coinbase is registered. Given the recent prosecutions, this is a precedent that many wallet companies in the industry, including some decentralized wallets, need to pay attention to.

It is not clear whether the Department of Justice deliberately changed its long-standing policy through criminal enforcement, or whether there is a serious disconnect between the Department of Justice and the Financial Crimes Enforcement Network (FinCen). In any case, this approach is undoubtedly a serious damage to the rule of law in the United States. As a digression, whether it is the passage of the TikTok bill or the recent "Anti-Semitic Awareness Act" that has been making a lot of noise, we can feel that the United States is also tearing itself apart.

Third, uncertainty has led to the withdrawal of crypto wallets from the US market

Acinq, a Bitcoin company based in Paris, stated that "the recent announcement by the US authorities has raised questions about whether self-custodial wallet providers, lightning service providers and even lightning nodes can be regarded as money service businesses and be regulated as such. On the grounds of regulatory uncertainty, it will remove its popular lightning network wallet Phoenix from the US app store. Users are advised to close channels and transfer funds before access is terminated on May 3, 2023

A day later, zkSNACKs announced that it would shut down access to its privacy-protecting Wasabi wallet in the United States, saying in a statement on April 27 that "in accordance with recent announcements by U.S. authorities, zkSNACKs now strictly prohibits U.S. users from using its services."

Fourth, Question

1. If the wallet is not for U.S. users, do you still need to obtain a license and registration?

If a cryptocurrency wallet or service is clearly not for U.S. users and ensures that U.S. users cannot use its services, it generally does not need to obtain a U.S. money transmission license or register as a money service business (MSB). U.S. laws and regulations mainly apply to businesses that operate in the United States or serve U.S. residents.

However, even if a service is not directly for US users, it may still attract the attention of US regulators if it is operated through the US financial system or if US users find ways to use these services. Therefore, it may be difficult to completely avoid the risks of US law, especially in a globalized and Internet environment.

In order to avoid potential legal risks, non-US cryptocurrency service providers should take measures to ensure that their services are not accessed or used by US users. This may include technical measures such as geo-blocking, IP address filtering, and clear statements in the terms of service that services are not provided to US residents.

2. If it is impossible to prevent US users from finding a way to use it, what is the safe way?

• Register as a Money Services Business (MSB):

  Any person or company that provides money transmission services must register as a Money Services Business (MSB) as required by the Treasury Department's Financial Crimes Enforcement Network (FinCEN). This includes filing the necessary registration forms and updating any material changes.

• Comply with Bank Secrecy Act (BSA) regulations:

  Businesses registered as MSBs are required to comply with the provisions of the Bank Secrecy Act and its amendments, including, but not limited to, Anti-Money Laundering (AML) regulations and the filing of Suspicious Activity Reports (SARs).

• Implement Know Your Customer (KYC) Procedures:

• Money transmission services are required to implement Know Your Customer procedures, which is a customer identity verification process designed to prevent identity theft, financial fraud, and money laundering.

• Obtain a State License (MTL License):

  In addition to registering at the federal level, most states require money transmission services to obtain a state license. The specific requirements may vary from state to state, so you will need to apply for the appropriate license based on the specific state in which your business operates.

• Maintain Compliance Records and Reports:

  Comply with all recordkeeping requirements and regularly report large transactions and suspicious activities to FinCEN. These records may need to be provided during an audit or examination.

• Capital and insurance requirements:

  Depending on the scale of operations and the type of transactions, certain capital reserve and insurance coverage requirements may need to be met to ensure the safety of customer funds.