Concerns about using digital currency in criminal activities, fraud, and money laundering have prompted responsible organizations to enact regulations to address these issues.
The Role of the “Information Transfer Law” in Maintaining Security
With the increasing use of digital currencies today, there are worries about their involvement in criminal activities such as theft, fraud, money laundering, and trafficking. These concerns have led responsible organizations to establish laws to combat these problems.
The Information Transfer Law, also known as the FATF Travel Rule, is one of the most important regulations established by organizations to address concerns related to digital currency. This law requires cryptocurrency exchanges to send user information to government financial institutions. This information includes names, addresses, phone numbers, and other identity-related data. These regulations aim to increase transparency in the cryptocurrency sector and assist in identifying and apprehending criminals; however, enforcing these regulations presents numerous challenges, the most significant being the violation of user privacy.
In this article, we will explore the potential negative impact of this law on cryptocurrency privacy. The objective is to determine whether information transfer regulations can help reduce criminal activities such as money laundering, fraud, and trafficking or if they merely create difficulties for users of these currencies, such as reduced privacy and increased government surveillance.
Information Transfer Law
The Financial Action Task Force (FATF) is an international organization working to combat money laundering (AML) and counter the financing of terrorism (CFT). This organization was established in 1989 by a group of countries, and its goal is to provide standards and recommendations for governments to combat illegal financial activities on an international level.
The Information Transfer Law (FATF Travel Rule) is one of FATF’s specific recommendations for combating money laundering in the cryptocurrency and virtual asset sector. This law primarily applies to Virtual Asset Service Providers (VASPs) and stipulates that they must collect customer information and data related to cryptocurrency transactions and send it to the relevant authorities if necessary. The primary goal of the FATF’s Information Transfer Law is to enhance transparency in cryptocurrency transactions to prevent money laundering and terrorist financing. According to this law, virtual asset service providers are required to exchange information regarding the identity of the sender and recipient, including names and addresses, for transactions exceeding $1,000. It is worth noting that this threshold may vary and can be different in some countries. For example, the threshold for enforcing the crypto information transfer law in the United States is set at $3,000.
Organizations Enforcing the Information Transfer Law
The FATF urges all sectors to impose the Information Transfer Law on the following organizations:
- Financial institutions, such as banks, that engage in the transfer of virtual assets (VA).
- Virtual Asset Service Providers (VASPs).
According to the FATF, a company is considered a VASP if it provides the following services:
- Exchange between virtual assets and fiat currencies (e.g., USD, EUR, GBP).
- Exchange between one or more types of virtual assets.
- Transfer of virtual assets.
- Custody and/or management of virtual assets or tools that control virtual assets.
- Participation in and provision of financial services related to the offering and/or selling a virtual asset.
Under specific conditions, decentralized finance (DeFi) services and other P2P platforms may also be considered virtual asset service providers and, therefore, must comply with the Information Transfer Law.
The definition of VASP may also vary depending on the legal jurisdiction, as the FATF’s definitions and recommendations are not mandatory. However, many FATF member countries, including the United States, South Korea, Singapore, and many others, have implemented the cryptocurrency information transfer law in one form or another in their national legislation.
Reasons for Implementing the Information Transfer Law
The objective behind the Information Transfer Law is to enable information sharing, allowing authorities to:
- Stop terrorist activities.
- Halt payments to sanctioned individuals, companies, and countries.
- Allow regulatory bodies to access transaction details.
- Monitor suspicious activities.
- Prevent money laundering through digital currencies.
- Ensure the sustainability of businesses; as governments and regulatory bodies continue to focus on cryptocurrencies, compliance with the Information Transfer Law can help businesses secure their long-term viability and mitigate potential legal and credit risks.
Required Information in the Information Transfer Law
The required information under the Information Transfer Law is as follows:
Transaction Origin Information:
- Sender’s name
- Sender’s account number (if used in the transaction)
- Sender’s physical address
- National ID or customer identification number
- Amount transferred
- Transaction date
Transaction Destination Information:
- Recipient’s name
- Recipient’s address
- Recipient’s account number or virtual wallet number (if necessary for the transaction)
- Any specific identification information related to the recipient
Collecting Sender and Recipient Information
In most cases, thanks to previous KYC (Know Your Customer) processes, companies already possess their customers’ personal information during the transaction. However, suppose a company has not conducted KYC checks. In that case, it must consider a regular customer identification process to comply with the Information Transfer Law. During the transfer, it should remember to collect additional information about its customers (such as customer identification number or date and place of birth).
Managing KYC processes and monitoring cryptocurrency transactions can be challenging. These complex processes require a deep understanding of anti-money laundering (AML) laws and regulations. Additionally, they necessitate processing and analyzing large amounts of data. Utilizing technologies and computer systems (automated solutions) can help address these challenges. These solutions can ensure comprehensive AML compliance and facilitate transaction reviews.
Compliance with AML:
Automated KYC/AML solutions can assist businesses in adhering to the various AML requirements that may be enforced under different laws and regulations. This includes customer verification requirements, sanctions screening, and other obligations.
Transaction Review:
Automated KYC/AML solutions can review transactions for suspicious activities. This involves using artificial intelligence and machine learning to identify patterns and analyze data.
Principles of the Information Transfer Law
Customer Information Collection:
Virtual Asset Service Providers (VASPs) must collect and maintain customer information, including the sender’s and receiver’s names and surnames, addresses, and account numbers.
Information Sharing:
When a VASP conducts a cryptocurrency transaction, it must share its customer information with the receiving VASP. This information should accompany the transaction.
Verification of VASP Information:
The receiver must carefully verify the customers’ information and review the transaction with its customer to comply with anti-money laundering (AML) and counter-terrorism financing regulations.
Document Retention by VASP:
Transaction documents and customer information must be retained for a period, typically five years.
Consequences of Non-compliance with the Information Transfer Law
Failure to comply with the Information Transfer Law can lead to economic and financial sanctions from countries. In 2021, the FATF announced that countries that had not implemented the Information Transfer Law by September 2022 might be placed on its blacklist. Being blacklisted by the FATF can restrict countries’ access to financial and investment services, negatively impacting their economies.
Virtual asset service providers that do not comply with the Information Transfer Law can face heavy fines or even closure. In 2022, the cryptocurrency exchange Strike in the United States was fined by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) for violating the Information Transfer Law.
Furthermore, non-compliance with the Information Transfer Law can undermine trust in the cryptocurrency industry, as it may raise concerns about using cryptocurrencies in illegal activities.
Ultimately, each country and financial service provider must decide whether to comply with the Information Transfer Law. However, the serious consequences of failing to comply with this law should be considered.
Approaches of Different Countries
Recent data shows that approximately 151 countries have participated in the FATF survey; about 16 countries are unwilling to accept it, and 45 countries have yet to decide on acceptance or rejection, while 90 countries have responded positively. However, only a few of these 90 countries have implemented these regulations. This is due to the complexity and high costs of enforcing these laws.
According to the FATF report, North Korea, Iran, Pakistan, Syria, and Turkmenistan have not implemented the Information Transfer Law, and these countries are subject to FATF’s punitive actions.
Additionally, some countries have raised objections to the Information Transfer Law, expressing concerns that it may harm the privacy of individuals and businesses.
“Most people in the crypto industry pay close attention to anti-money laundering efforts. However, we must ensure these efforts focus on protecting user privacy.”
— Jeremy Allaire, Founder of the cryptocurrency company Circle
Here are some of the criticisms raised against the Information Transfer Law:
- The law may harm the privacy of individuals and businesses.
- The law may be difficult and costly for Virtual Asset Service Providers to implement.
- The law may lead to a decrease in the use of cryptocurrencies.
In light of these criticisms, some countries may refrain from implementing the FATF’s Information Transfer Law. Nevertheless, in response to these concerns, the FATF has stated that the Information Transfer Law is designed not to harm the privacy of individuals and businesses. The organization also announced that it is working on ways to reduce the financial burden of implementing this law for Virtual Asset Service Providers.
Meanwhile, some countries, like Switzerland, have adopted a stricter approach. Specifically, regulators want Virtual Asset Service Providers to identify the owners of private wallets they interact with. This means that if someone transacts with a private wallet in Switzerland, the service providers are required to provide the individual’s identity information to regulators. This measure aims to prevent the use of cryptocurrency in illegal activities such as money laundering and terrorism financing.
Challenges of the Information Transfer Law
Although these measures may improve the situation, is that truly the case? Do the costs and efforts of implementing these regulations benefit society’s financial security? To this end, some reports indicate that the costs of preventing money laundering in various countries amount to billions of dollars. For example, in the United States, the costs associated with money laundering have been reported to reach $35.2 billion, a significant amount.
On the other hand, user privacy and security issues also arise when these laws are implemented. For instance, the Information Transfer Law mentions the transfer of sensitive information, such as physical location and the value of cryptocurrency, which could lead to risks such as cyber intrusions and misuse of information. Therefore, factors such as costs and privacy must be considered to make the best use of measures aimed at combating money laundering and terrorism.
“Failing to learn blockchain technology could be very costly in the future.”
— Mark Cuban, American Investor and Entrepreneur
The implementation of the Information Transfer Law presents challenges for financial institutions and governments. Some of these challenges include:
- Cost and Complexity: The Information Transfer Law requires the development and implementation of new systems for collecting and sharing information. This can be costly and complex for financial institutions.
- International Agreement: The Information Transfer Law must be enforced by all countries to be effective. However, some countries may refuse to implement this law or may not enforce it fully.
- Anonymity of Cryptocurrencies: Cryptocurrencies like Bitcoin are inherently anonymous. This can complicate the enforcement of the Information Transfer Law concerning cryptocurrencies.
- Privacy Violations: One of the challenges of enforcing the Information Transfer Law is the concerns related to privacy. The law necessitates the collection and sharing of personal information such as names, addresses, and financial account details. This information could be used for criminal purposes, such as identity theft.
- High Volume of Data: The Information Transfer Law requires the collection and sharing of a large amount of data. This high volume of data can be costly for financial institutions and governments.
- Lack of Cooperation: Some financial institutions may refuse to cooperate with each other to implement the Information Transfer Law. This lack of cooperation can hinder the enforcement of the law.
- Rapid Technological Changes: Technology is rapidly evolving. This can complicate the enforcement of the Information Transfer Law, as regulations must continuously be updated to keep pace with new technologies.
The Role of the Information Transfer Law in Money Laundering
According to the Financial Action Task Force (FATF) report, it is estimated that around $2 trillion was laundered globally in 2021, equivalent to 5% of the world’s GDP. Approximately $8.6 billion was laundered through cryptocurrencies, representing a 30% increase compared to 2020. Therefore, about 0.43% of all money laundering worldwide is conducted through cryptocurrencies. This figure is relatively small but on the rise. However, this does not mean that all cryptocurrencies are used for money laundering; most cryptocurrency users employ them for legal purposes. Nonetheless, the decentralized nature of cryptocurrencies can make them attractive to criminals. Interestingly, at least $300 billion of this amount is attributed to the United States, meaning the U.S. is responsible for 15% to 38% of all global money laundering, while it is one of the advocates of the Information Transfer Law.
Data from Chainanalysis indicates that money laundering has increased since the onset of the COVID-19 pandemic, with money laundering crimes rising over 300% from 2018 to 2019. However, in the past two years, it has decreased compared to 2019 but remains higher than previous years. Therefore, the FATF’s strict measures have not significantly reduced criminal activities, and we continue to witness an increase in money laundering rates worldwide each year.
The public perception is that one of the major advantages of cryptocurrencies for criminals is the ability to remain anonymous during transactions. This means that while complete information about the sender (such as name and address) is verified during cryptocurrency transfer, the recipient can remain anonymous. While laundering with fiat currency is easier than laundering with cryptocurrency due to the transparency and traceability of information on the blockchain,
Money Laundering in Cryptocurrencies and Fiat Currency
With the emergence of cryptocurrencies, money laundering is no longer limited to fiat currency. However, laundering through cryptocurrencies is harder for several reasons:
- Despite an increase in cybercrimes in 2020, criminal activities using cryptocurrencies decreased by about 40% from 2019 to 2020.
- Over 99% of cryptocurrency transactions are conducted through regulated exchanges.
- 99.1% of money laundering is done via fiat currency, while only 0.9% is conducted with Bitcoin.
- All transactions are recorded on the blockchain and are immutable, making them easily traceable, whereas fiat money is not as easily trackable.
This feature provides a high level of security for blockchain transactions, making fraud and money laundering significantly more difficult. In other words, if a transaction is recorded on the blockchain, its complete and unalterable history is accessible, allowing individuals to easily trace all related transactions. This capability assists regulatory authorities and anti-money laundering laws in identifying and pursuing criminal activities related to money laundering and tax evasion. In contrast, fiat currency often circulates in cash without official documentation, making it much harder to track and trace cash amounts. Individuals conducting financial transactions in cash can protect their footprints to a greater extent. This is ideal for illegal financial activities and money laundering. Thus, blockchain is supported as a solution for increasing transparency and reducing criminal activities in financial transactions.
“Bitcoin’s design is incredibly smart. Paper money is going away, and cryptocurrencies are the best way to transfer value.”
— Elon Musk, Founder of Tesla
Risks of Implementing the Information Transfer Law
1.Security Risk:
Sharing sensitive financial information and customer identification details with unknown virtual asset service providers poses security threats for cryptocurrency users. Numerous hacking incidents have shown that many virtual asset service providers are not adequately prepared to counter attacks from hackers and have weak security measures.
2.Privacy Risk:
Sharing sensitive financial information and customer identification details with unknown virtual asset service providers creates significant privacy issues for cryptocurrency users. The information that needs to be shared may include the user’s physical geographic location and the value of their cryptocurrency under the Information Transfer Law.
Some privacy risks include:
Identity Theft:
If identity information is stolen, it can be used for identity theft, financial fraud, and other criminal activities.
Identification of User’s Cryptocurrency Amount:
Cryptocurrency transactions are recorded on the public blockchain ledger. This means that anyone can link a user’s wallet address to other addresses in past transactions. This information can be used to identify the amount of cryptocurrency a user holds.
Physical and Cyber Attacks on Users:
Cryptocurrency users may be targets of both physical and cyber attacks. Physical attacks could include the theft of hardware wallets or personal information, while cyber attacks may involve phishing, hacking, and other forms of attack.
3.Existence of Fake Asset Service Providers:
Fake virtual asset service providers may appear credible and collect personally identifiable information (PII) from users. This information can be misused or stolen.
4.Risk of Surveillance and Monitoring:
Sharing information with oppressive regimes can lead to risks such as data exposure, data mining, weak security, and interference with information, all of which can harm cryptocurrency users.
5.Government Tracking of Transactions:
This law could be utilized by governments to track individuals’ financial transactions. Governments could use this information to monitor people’s financial activities, even if those activities are legitimate. This situation could infringe upon individuals’ freedom and autonomy.
6.Denial of Service (DDOS) Attacks:
Cryptocurrency users are continually targeted by phishing attacks and fake wallets. For example, in 2020, Ledger, a provider of cryptocurrency hardware wallets, exposed the personal information of over 270,000 of its users. This information included names, email addresses, and IP addresses. This data breach led to phishing attacks and the delivery of counterfeit hardware wallets to unsuspecting owners.
7.Risk of Reduced Innovation in the Cryptocurrency Industry:
One of the main concerns regarding the Information Transfer Law is that it may stifle innovation in the cryptocurrency industry. This law could impose additional costs on virtual asset service providers and hinder newcomers from entering the market. Consequently, the implementation of the Information Transfer Law poses multiple risks for cryptocurrency users and violates their privacy.
“Cryptocurrency regulation needs to be flexible enough to allow for innovation to flourish in this space.”
— Vitalik Buterin, Creator of Ethereum (ETH)
Measures to Mitigate the Risks of the Information Transfer Law:
- Receiving VASPs should store sender information in two separate databases: one for information on sanctioned users and another for blockchain Know Your Transaction (KYT) data.
- Receiving VASPs should encrypt the sender’s personal information with encryption keys that are accessible only to authorized officials.
- If a virtual asset service provider can verify that the sender is not a malicious actor or politically exposed person, there is no need to retain the sender’s personal information. They can collect only the information necessary to comply with the Information Transfer Law and encrypt it with keys accessible only to authorized officials.
Example:
Consider a virtual asset service provider processing a $100 transaction from User A to User B. Suppose User A is neither a malicious actor nor a politically exposed person. In that case, the virtual asset service provider can collect only User A’s identifier, User B’s identifier, and the transaction amount. This information can then be encrypted with keys accessible only to authorized officials.
These measures can help receiving virtual asset service providers mitigate the risks associated with implementing the Information Transfer Law while fulfilling their obligations concerning anti-money laundering and counter-terrorism financing.
Impact of Information Transfer on Privacy Coins
The implementation of the Information Transfer Law can have various negative effects on privacy coins:
1.Reduced Privacy:
This law requires virtual asset service providers to share personal information (such as names and addresses) of the senders and receivers involved in transactions. This information can violate users’ privacy and make their data accessible to regulatory authorities.
2.Diminished Privacy Coins:
Due to their specific designs, some cryptocurrencies possess high privacy features. Information sharing mandated by the Information Transfer Law may harm these coins. Consequently, many well-known exchanges, such as Coinbase, have taken steps to remove them from their platforms.
3.Preference for Greater Privacy Coins:
Some individuals may gravitate towards cryptocurrencies that offer enhanced privacy capabilities in response to the diminished privacy of cryptocurrencies resulting from the Information Transfer Law.
Ultimately, the impact of implementing the Information Transfer Law on privacy coins depends on the extent of its enforcement and how it is implemented in each country. Overall, the Information Transfer Law presents a potential challenge for the crypto industry. It can jeopardize users’ privacy, make legitimate use of crypto more difficult, and hinder innovation in this space.
