CrossTower's Response to FinCEN/Treasury
January 3, 2020
Submitted electronically on January 3, 2020 via Federal E-rulemaking Portal: http://www.regulations.gov with copy sent via email correspondence to: [email protected]
Kenneth A. Blanco
Director, Financial Crimes Enforcement Network (“FinCEN”) US Department of the Treasury
P.O. Box 39, Vienna, VA 22183 USA
Re: FINCEN 2020-0020 RIN 1506-AB47 Requirements for Certain Transactions Involving Convertible Virtual Currency or Digital Assets
Dear Director Blanco:
On behalf of CrossTower, a digital asset platform run by capital market veterans, I thank you for the opportunity to respond to the Notice of Public Rulemaking regarding “Requirements for Certain Transactions Involving Convertible Virtual Currency or Digital Assets” (the “NPRM”) and offer the following observations and comments below.
1. Introduction. Preliminarily, I would like to note that the comment period for this NPRM is unrealistically short. It deprives the commenters of the full opportunity to respond and deprives FinCEN the benefit of a fulsome discussion of the relevant issues. As I noted in my letter to Secretary Steve Mnuchin, one of the most important and valuable aspects of America’s rulemaking process is participation by the public. Providing opportunities for public engagement and dialogue allows agencies such as FinCEN and the Treasury to obtain critical and comprehensive information that enhances the efficacy of a final rule. Public engagement of the final rule also enhances public support. Given how complex the digital asset industry is, a handful of business days throughout a period that includes Christmas and New Year’s Day is simply not enough time. Indeed, this is especially difficult for those of us that have families, particularly given the Christmas season and the global pandemic. I am proud that our team worked extremely hard given the shortened period, the holidays, and the pandemic, but I must emphasize that it written at the expense of other critical and time-sensitive, year-end business projects and at the sacrifice of our families.
I believe the nuances of the global digital asset industry, the weak economic climate, and the novelty of this asset class warrants a minimum period of 90 days for comment; and, quite frankly, given the complexity, 180 days would be more appropriate. The stated policy goal is to prevent illicit activity that results from money laundering, including human trafficking, drug cartel operations, and terrorist financing. We are urging that FinCEN provide appropriate time for research and discussion because we would like the rule to effectively combat these illicit activities.
2. About CrossTower. CrossTower is building an infrastructure for the digital asset ecosystem. We offer trading, lending, and structured products and have a comprehensive business plan to further develop our offerings for institutional and retail customers. The leadership team is comprised of (1) Kapil Rathi, co-founder and CEO of CrossTower and a twenty year veteran of the regulated equity options industry, including the Cboe, BATS, NYSE and ISE; (2) myself, Co-founder and President, and a former executive with over two decades of experience across broker-dealers, asset managers and a law firm including Merrill Lynch, Guggenheim, and Schulte Roth & Zabel; (3) Greg Bunn, Head of Capital Markets, and formerly Global Head of Prime Services at Deutsche Bank and Head of Counterparty Strategy at Citadel; and (4) Vanessa Williams, Chief Compliance Officer, and formerly CCO of a registered investment adviser and Anti-money Laundering Officer/Identity Theft Prevention Officer to U.S. and offshore mutual funds. Each of us on the leadership team have backgrounds in highly regulated industries. We are a rising firm in a powerful growth stage, but we must carefully manage our time to pivot to the next level of development, hence our particular concern for this unusually truncated comment period where resources have been reallocated to address this proposal given the potential impact of this rule on our business. CrossTower is committed to a culture of compliance. Currently, about half of our staff actively participates in compliance-oriented activities. This alone should demonstrate the level of seriousness and attention CrossTower’s leadership places on providing quality services and products to our customers and facilitating the responsible development of the digital asset industry. We are eager to continue to focus our efforts on building an excellent infrastructure and digital asset ecosystem. We hope that this rule does not go into effect as we believe may cause our business and other U.S. businesses harm.1
3. Policy Goals. In addition to our commitment to compliance and as a United States small business, we are also personally and professionally committed to the United States Treasury and FinCEN’s policy goals of preventing bad actors from money laundering and financing terrorism. However, we do not believe that adding recordkeeping and reporting obligations outlined in the NPRM are an effective means of achieving this objective. As you are aware, 2020 was a watershed year for the crypto industry with the arrival of institutional and corporate demand. Given that the digital asset industry is growing at such a rapid rate, FinCEN should carefully consider the most effective way to deter bad actors without impacting the growth of the industry, particularly for small American businesses like ours. Having a rule that impacts only certain American players has the risk of bifurcating the market, pushing liquidity onto non-U.S. based platforms. This rule is highly likely to have the effect of deterring not just bad actors, but also good actors from transacting on U.S. based platforms. From a practical perspective, the more friction that our customers have coming onto our platform, the less likely they will be to sign up. Therefore, if this rule creates friction, FinCEN will, albeit unintentionally, push liquidity offshore and provide bad actors the ability to enjoy a growing “good-actor” based pool that may result from this rule. In addition, by bifurcating the market, and sending liquidity out of the United States, FinCEN may potentially be removing technological breadcrumbs that it otherwise would have had in identifying and removing bad actors. Based upon our interpretation of this rule, FinCEN is threatening the viability of our business, one that currently employs fourteen individuals and plans to hire twenty-four more in the next year. In short, CrossTower strongly urges FinCEN to perform a detailed study about the most effective means of preventing money laundering and financial support of terrorism without adversely impacting the development of current American businesses and the digital asset market as a whole.
4. Our Comments on the Rule
a. Lack of Clarity in the Scope of What is Considered an Unhosted Wallet. The first issue we address is that the rule does not define “unhosted wallet,” even though the term is used extensively in the preamble. It appears that FinCEN is defining by exclusion or rather, providing us a negative definition. This provided our team a difficult task of determining all the ways in which this rule could apply: how would it apply to the rapidly developing and changing decentralized finance protocols? In order for us to implement this ambiguous concept, and assess the financial impact, we would appreciate clarity on exactly what is covered by the rule so that we can analyze what is feasible and what is appropriate. Additionally, we suggest that FinCEN define what this rule applies to rather than what it does not. Accordingly, we ask that FinCEN define an “unhosted wallet.” Although the FAQs provide some guidance by stating that an “unhosted wallet” as one that “is not hosted by a third- party financial system,” it does not define what a “third-party financial system” is or provide examples. In addition, guidance is not binding as with the provisions in a final rule.
b. Very Broad Request for Information. We are concerned about the scope of information that FinCEN is requesting. For example, the rule requests the “name and address of the individual presenting a transaction” among other items, for both incoming and outgoing transactions. It may not be feasible to obtain this information for incoming transactions (how can we actually prevent the incoming transfer? What if a customer refuses to give us information after the money is transferred?). We are also concerned about the delay to outgoing transactions, particularly from a practical business perspective. As mentioned above, once friction is introduced, it creates customer flight. Regardless of the nature of the actor’s intentions or ‘inherent goodness’ – no actor will opt for a more difficult burdensome process when there are other alternatives because of the costs on human and financial resources. In this industry, time is money and additional time and burden means losing ground to foreign competitors. Quite simply put, this rule may have the very unfortunate effect of benefiting our foreign competitors (some of whom may be based in adversarial jurisdictions). It could severely hurt how competitive we are compared to the entities not subject to this obligation.
c. Unique Issues with Blockchain. We also believe that there are significant issues relating to recordkeeping and reporting of information that are unique to blockchain and the possible implications for our customers, such as their privacy and security concerns and the scope of information that would be conveyed to FinCEN. However, we need more time to flesh out the issues that would arise.
d. Compared To FATF Solutions. We think it is important to evaluate the requirements proposed by FinCEN in the NPRM against expected Travel Rule solutions. Has FinCEN considered the Financial Action Task Force (“FATF”) work that has been ongoing for at least two years? Is it possible that the collection of data proposed by FATF may potentially assist with capturing at least partial identification of the customer holding the transaction wallet? How may we best harmonize as well as increase the efficiency, reduce the cost and ensure communication among regulators, agencies and businesses in this space?
e. Customer Data Issues. While we mention this issue briefly above, we are deeply concerned that the collection of data could potentially deter the development of our business in general given the scope of FinCEN’s proposal. A number of preliminary discussions with potential and actual customers indicate that they are seriously concerned about providing detailed information to FinCEN, citing recent security breaches at FinCEN as risks. They were unanimously concerned about certain sensitive data being compromised and exposed to parties with malicious intent. In light of the disclosure in September of 2020 by FinCEN about the security issue at FinCEN related to the leaking of information in Suspicious Activity Reports (“SARs”) reports, our customers believe that we (meaning FinCEN and industry participants) should ensure the safety of our customers’ data. Our suggestion is that FinCEN should reconsider the information it is requesting and decide whether it will actually have a meaningful benefit to FinCEN’s policy goals. It was evident from the media coverage of the “FinCEN files” that there is a lot of data already at FinCEN that may not be reviewed, possibly because of the volume and staffing shortages. Rather than ask for additional data, which FinCEN may not review and that could potentially put our customers at significant risk if leaked to the public, we suggest FinCEN reflect carefully on its approach as to data requests, collection and storage so that actions taken will truly help FinCEN achieve its goals. In addition, we believe that we are in a paradigm shift of information and technology. Rather than FinCEN taking an approach applying traditional practices of reporting and recordkeeping, perhaps FinCEN (together with industry) could develop creative solutions with technology providers and data scientists to effectively address the underlying policy concerns. There are likely many solutions that could be developed that will not require the disclosure of highly sensitive information of our customers, which is vulnerable to hacking and security breaches.
f. Aggregation Rules were Difficult to Follow. Our team has certain issues with the aggregation rules for purposes of the CTR-like reporting requirement for CVC/LTDA. These rules apply across different types of digital and crypto assets and related entities, which could prove very difficult to implement. We have not had enough time to explore whether a service provider has the ability to track this and, even if we had a service provider that could, it would raise additional concerns for our customers, further decompartmentalizing blockchain forensic data from proprietary-customer trading-platform data, creating a higher risk of information security concerns with the increased transmission of personally identifiable information. There is also the issue with the 24-hour rolling period in general with respect to the aggregation rules. The rolling period creates a barrier for detection of potential structuring. There were also other practical considerations, such as applying the appropriate exchange rate; exchange rates can vary wildly in developing markets, digital or traditional and, the volatility of the asset class may make these assets vacillate above and below the USD 3,000 and USD 10,000 thresholds. We would like to further consider the appropriate way in which aggregation should occur by consulting with lawyers, technology companies and wallet providers as to potential solutions. As previously noted, this new asset class and technological innovations demand a tailored approach which is both ‘fit for purpose’ and ready to fulfill the needs of FinCEN, U.S. national security and the broader public interest.
g. Extraterritorial Reach Unprecedented. In general, we were surprised about the extraterritorial reach of the rule itself. The aggregation of both onshore and offshore accounts seems unprecedented in other contexts where FinCEN appears to be requesting aggregating offshore and onshore accounts, across segregated technology systems, legal systems and order books. We believe there are serious questions as to whether this is within the scope of what FinCEN should be able to request but we were unable to fully explore this within the shortened period of time and without the benefit of outside counsel.
h. Foreign Jurisdiction List. We are concerned about FinCEN’s ability to add countries to the Foreign Jurisdiction List without any notice and feedback from the industry. Of course, if there is a national security risk, we should all work together quickly. However, if FinCEN has sole discretion to modify this list at any time, it could have a detrimental implication on our vendors, technology build, customers and business activities. We would like the rule to build in a notice and comment period for any changes – of course, baring extreme circumstances
5. Significant Burden on MSB organizations. In general, we have an overall question as to why this burden is falling on MSBs and not on other entities engaged in activities involving CVC/LTDA. Although we are a rising company, CrossTower is a start-up company with high costs associated with obtaining our money-transmitter licenses. Many in the industry recognize this as a difficult task mainly due to the amount of time and labor required because of the varying state requirements that need to be fulfilled to obtain these licenses. We already practice a culture of compliance and would like to ensure that we commit to building out the platform in a manner that is acceptable to FinCEN, the various state regulators, and that is consistent with our customers’ and investors’ expectations of excellence. However, the new requirements proposed in the NPRM would require additional capital expenditures increases beyond those already earmarked for compliance, without any proven or quantifiable metric that the new requirements proposed in the NPRM will effectively deter money laundering or terrorist financing involving CVC/LTDA. FinCEN is placing a burden solely on MSBs that should be equally applicable to other U.S. entities active in the digital asset and crypto industry. By forcing these obligations on MSBs, FinCEN is effectively moving suspicious transactions from MSBs to non-MSBs, making it easier for bad actors to continue the practices FinCEN is trying to stop. We think it would be in FinCEN’s interest to encourage entities that are committed to compliance to succeed rather than saddle them with obstacles.
6. Compared to Current Practice. We have not had the opportunity to evaluate how these obligations compare to the obligations of other firms or if this NPRM is more onerous an obligation on CrossTower compared to other industry participants. However, even if it is the same obligation, certain entities that could comply with a new rule are often established entities with a robust balance sheet and may have built up their compliance programs over many years. Applying the same standards to a start-up business will make it difficult for us and other emerging firms to compete with those entrenched incumbents. We suggest to FinCEN that perhaps if a rule were to go into effect, it only goes into effect when revenues or transaction volume surpass a certain level in order to protect entrepreneurship and innovation in the sector as well as diversity and healthy competition. Alternatively, FinCEN should support subsidies for small businesses in order to support them in their adoption and implementation of the final rule. Finally, another suggestion is that FinCEN consider a lengthy period for compliance, so that service providers and technology can develop to assist the industry participants implementation.
7. Not Enough Time to Consider Impact on Particular Coins. We have not been able to consider the impact of including stablecoins, central bank digital currencies and other tokens in this record keeping and reporting rule and worry about the impact it might have on the health of the market.
8. Costs to Comply with Rule. We have attempted to evaluate the cost to comply with this rule. We have preliminarily concluded the following:
i) Additional Staff. We will have to hire an additional compliance person to engage with service providers and ensure that this program satisfies the rule. (We already have such a high concentration of our staff focused on compliance. It seems very unusual to have this many compliance people at our stage of growth.)
ii) AuditCosts: Our audit costs will increase to comport with an expanded scope of annual independent AML audits, as required under applicable BSA regulations.
iii) Counsel Costs: We will have to engage external counsel to interpret the applicability of the regulation to our specific business model.
iv) Vendor Costs:
(1) We will incur additional vendor costs related to identification of covered wallets, and the costs of entities that analyze the data and report obligations. These will likely be separate product offerings for our current service providers with a separate pricing schedule.
(2) We may have to hire other vendors. It will be outside the scope of our current compliance budgeting. (This cost will be in addition to expected costs to be incurred with Travel Rule compliance.)
(3) Given the likely volume of covered transactions, we also anticipate the need to build or hire vendor resources for generation of Currency Transaction Report (“CTR”) reports.
(4) Along with securing vendors, we anticipate having to allocate vendor management and due diligence resources to properly evaluate all prospective vendor service offerings and their ability to legally do business with such counterparties, their financial stability, and information security controls (given the amount of personally identifiable information (“PII”) that would be transmitted to such vendors).
(5) Separate insurance covering vendors should be considered. Insurance covering the PII risk should be obtained.
v) Record Retention: We anticipate costs related to retaining records for covered wallets, including evidence of due diligence of potential covered wallets, evidence of potential structuring activities, and record retention of CTR and SAR filings, and corresponding supporting documentation. In addition, our costs related to storage (typically digital or cloud-based) will rise due to an increase in volume to comply with the 5 year retention period.
vi) Technology Costs: We will need to build out our technology and make significant system enhancements in order to:
(1) Flag transactions meeting the USD 3,000 recordkeeping and USD 10,000 reporting requirements (building in the complexities to the rolling period, exchange rate, aggregation issues described above);
(2) Build out the aggregation function by each covered wallet across all digital assets, related parties and platforms;
(3) We will have to determine a reasonable way to identify potential structuring activity by customers seeking to evade recordkeeping and reporting thresholds;
(4) We will need to connect customer know-your-customer data, typically retained in CRM systems or dedicated antimony laundering systems, to wallet screening data, which may be held separate and within blockchain forensics software, in order to avoid manual reviews between systems; and
(5) We will have to develop screening tools when FinCEN makes changes to the Foreign Jurisdiction List.
vii) Cost Analysis. We anticipate that the costs to comply with the above will be higher than USD 1,000,000 for CrossTower and on-average, well over USD 100,000,000 for the industry. FinCEN is strongly encouraged to weigh the costs and burdens that it is imposing on this growing industry against the questionable benefit of this rule as it is currently proposed. FinCEN should consider the unintended consequences of the loss of business on American businesses, the unintended consequence of facilitating bad actors and whether this NPRM will ultimately satisfy FinCEN’s intended policy goal.
[The remainder of this page is intentionally left blank.]
CrossTower genuinely appreciates the opportunity to provide comments to FinCEN regarding the NPRM. We fully support FinCEN’s ultimate policy goals of protecting our country from the ills associated with money laundering, terrorism financing and other illicit activities. We understand the very human nature of what FinCEN is trying to prevent and how they are seeking to protect us, CrossTower’s customers, and the American public. CrossTower is a proud U.S. emerging business and we wear this badge with honor.
Thank you for taking the time to review this letter and for the consideration of the substance of our points.
Happy New Year!
Kristin Boggiano Co-Founder & President CrossTower Inc.
1 Given the complexity of the rule and the subject matter expertise that is required, we reached out to outside counsel to see if we could obtain assistance in drafting this letter, as we do not have a banking lawyer or a lawyer with deep expertise with the Bank Secrecy Act (“BSA”) on staff. We thought it was prudent to compare what is required in other contexts. How does this compare to what is required with fiat? How does this compare to what is required with other financial entities? The law firms we did contact declined to assist us because of the short period of time FinCEN provided for comments. One firm agreed but conveyed that it would have to charge us a premium on their normal billing rate given the short time period. Therefore, we are writing this letter without the assistance of outside counsel. We were also unable to thoroughly research service providers to explore whether they could help us comply with the technological aspects of this rule, whether they could facilitate recordkeeping and reporting obligations. All of these deficiencies jeopardize our ability to provide meaningful input into this request for comment. Without offering the public a meaningful opportunity for comment, FinCEN risks issuing a final rule that is out of touch with the current market.
CrossTower Inc. provides this content for general information purposes, to better inform you on your digital asset investment journey. We do not provide investment recommendations or provide tax advice. Please consult your investment professional or tax advisor if you require assistance in these areas.