A few days after the July 4 holiday in the US, a 37-year-old entrepreneur in Denver named Erik Voorhees issued his own declaration of independence. He said the company he had founded seven years earlier to help people exchange cryptocurrencies without making their names available to the government or anyone else would disappear from the face of the Earth — even as its services remained available to those who wanted them.
ShapeShift, as the enterprise is known, would become a “decentralised autonomous organisation”, or DAO, over time, he declared. Its corporate structure would fade away. Control of its open-source software for exchanging cryptocurrencies would “gradually migrate” to holders of ShapeShift’s FOX digital token, which had been distributed to employees, investors and customers. Voorhees will receive the biggest share, a little more than 5 per cent of the maximum total supply, he added.
“ShapeShift’s vision is the establishment of an immutable, borderless financial system,” Voorhees wrote on Twitter, where he has nearly 525,000 followers. “Let’s be direct: money and finance shall not be operated by coercive government among free people. They shall — like language, mathematics, and love — emerge voluntarily and without central rule.”
Voorhees’ July 14 proclamation has since become a hot topic of conversation in US regulatory circles, where it has been seen by some officials as heralding a new phase in the battle to prevent money laundering on blockchains — the digital ledgers of cryptocurrency transactions.
Regulators have long worried that the secrecy of the crypto trade — in which coins are controlled by the holder of a “private key”, a form of cryptographical password — creates opportunities to disguise the origin and ownership of funds. Now, they fear that new blockchain technologies will make it easier for criminals and kleptocrats — who are believed to launder hundreds of billions of dollars a year — to move money around the global financial system.
These anxieties are being fuelled by the growth of what has become known as decentralised finance or DeFi — a business with assets now measured in the tens of billions of dollars. Operating under names like Uniswap, Sushiswap and Pancakeswap, DeFi platforms seek to replace financial intermediaries such as banks or brokers with software known as smart contracts, commonly run on the ethereum blockchain, that would automate market activity. Although their legal status is hazy and their structures vary, DAOs are a way to put control of DeFi platforms into the hands of a community of stakeholders, often entrusted with governance tokens granting voting rights, rather than a centralised company.
The appeal of DeFi platforms is that they would lower costs and speed up trading, using digital assets. The worry among regulators is they would replace the very entities that governments turn to for help in enforcing the laws against money laundering — bankers, brokers and money transmitters that stand between people and markets.
Of particular concern is the fate of a key pillar of the anti-money laundering regime — the requirement on financial companies to “know your customer”. The KYC obligation means intermediaries are supposed to know their users’ names, monitor their transactions and report activities that raise money-laundering suspicions to the authorities.
Voorhees and his crypto allies have never really wanted to know their customers — and they now believe that DeFi innovations of recent months will enable them to break free of such obligations. As a company, ShapeShift gave into regulatory pressure in 2018 and began to collect user details. As a DAO, ShapeShift no longer sees a requirement to do KYC checks, it says.
“The company is not providing any regulated services,” said Veronica McGregor, its spokesperson, in a statement. “At present, there are no official regulators of DAOs. ShapeShift is not an exchange, is not a financial intermediary and is not holding custody of any funds. It’s simply an open-source interface for users to interact with their own digital assets.”
The most likely result of these developments will be legal conflict, industry executives say. On one side of the battle are software developers — motivated by both libertarian ideals and commercial considerations — who are looking to turn the financial services industry on its head. On the other are regulators wondering what is going to be left to regulate in the years to come.
“DeFi is using loopholes in regulation because they don’t actually hold the customer’s money, unlike a broker,” says David Jevans, chief executive of CipherTrace, a cryptocurrency intelligence company started in 2015 with funding from the US Department of Homeland Security to help prevent financial crime. “This has allowed a nice wave of innovation, which is great. But it also allows a wave of innovation by people trying to launder money through the system.”
The question facing US officials is “how does a person who writes some software get regulated” by the Treasury or the Securities and Exchange Commission, he adds, estimating it could take two years for the resulting legal challenges to unfold. “We will see how it shakes out.”
‘The most private payment system’
Money launderers do not need cryptocurrencies to be successful. Most do just fine with traditional methods — such as mixing illicit funds into trade flows or ploughing them into assets such as property or art. But while the extent of money laundering in the crypto markets is difficult to calculate, the official concern is undeniable. Janet Yellen, US Treasury secretary, in February described “the misuse” of cryptocurrencies as a “growing problem”. A month earlier Christine Lagarde, European Central Bank president, linked digital assets to “totally reprehensible money-laundering activity”.
“Criminals of all types are increasingly using cryptocurrency to launder their illicit proceeds,” the US justice department’s cyber-digital task force said in a report last year. “Transnational criminal organisations, including drug cartels, may find cryptocurrency especially useful to hide financial activities and to move vast sums of money efficiently across borders without detection.”
A bevy of analytical firms has emerged to help detect illicit activity in the industry. But their tools are better suited to spotting crimes taking place on blockchains themselves — such as thefts, scams and ransomware payments — than in quantifying the amount of money from crimes committed elsewhere that finds its way on to crypto markets.
These watchdogs take advantage of the fact that blockchain transactions are public and gather data to identify suspicious patterns of activity or addresses. Focusing on this kind of “cryptocurrency native” crime — meaning it is “practically dependent on cryptocurrency or inherently intertwined with it” — Chainalysis, a leading crypto forensics firm, estimates illicit activity represented 0.34 per cent of cryptocurrency transaction volume in 2020, down from 2.1 per cent in 2019, as the overall level of crypto activity increased last year.
Chainalysis says it knows that bad actors such as drug traffickers “are laundering their ill-gotten funds by converting them into cryptocurrency and sending them around the world”. But it adds that it is “harder to both investigate this activity in individual cases or to size it in the aggregate” because such funds move “into cryptocurrency directly from fiat [official currencies] rather than move from known illicit addresses” on blockchains, leaving no trace of how the money was originally made.
One of the ironies of the DeFi revolution is that for all the talk about supplanting banks and brokers, the crypto industry still relies on such regulated players as the first line of defence against money laundering. These firms — with their costly anti-money laundering programmes — are seen as guardians of the “on ramps” and “off ramps” connecting the fiat and cryptocurrency worlds. As in old western movies, the banks and the brokers are supposed to head off the bad guys at the pass.
“The ‘on ramps’ and the ‘off ramps’ into the blockchain, they have the traditional AML requirements,” says Michael Gronager, chief executive of Chainalysis. “So as soon as you bring in dollars into a shop, into a crypto exchange, into a broker, they are bound by the traditional rules . . . and they would catch that.”
Adding to the challenge for law enforcement is that some developers are working to make it harder to spot illicit activity. One example involves difficult to trace privacy coins — such as Monero, Zcash and Dash. The US justice department last year called their use an example of “a high-risk activity that is indicative of possible criminal conduct”.
Jevans of CipherTrace, which is being acquired by Mastercard, says privacy coins “are designed to avoid detection” through techniques including “ring signatures, meaning multiple parties are involved in signing a transaction so it is hard to tell which one actually initiated it”. He sees “room in the crypto ecosystem for privacy coins” but only if their developers add…