Senator Elizabeth Warren (D-Mass.) confirmed during a Senate committee hearing Tuesday that she will reintroduce the controversial Digital Asset Anti-Money Laundering Act (DAAMLA) with one or more co-sponsors in the near future. It was originally introduced in December and did not go anywhere. It was met with little fanfare and considerable criticism, among other reasons because it was patently unconstitutional.
As the senator’s previous press release explained, that bill sought to mitigate national security risks by “closing loopholes in the existing anti-money laundering and countering the financing of terrorism (AML/CFT) framework and bring the digital asset ecosystem into greater compliance with the rules that govern the rest of the financial system.” In Tuesday's hearing, Warren reiterated claims, without little evidence, that crypto empowers criminal actors far more than the little guy.
Bill Hughes is senior counsel and director of global regulatory matters at ConsenSys.
The 2023 version of DAAMLA is reportedly revised, but it still falls irreparably short in several material respects. Legislators and their staff should look beyond the national security sales pitch, which is arguably compelling, and give the substance of this bill as much careful scrutiny as the last version received from some corners. Its rather remarkable implications are set forth below.
1. Software developers and users are the new financial institutions
If you desire ground-breakingly expansive compliance regimes, then this is the bill for you. It requires the Financial Crimes Enforcement Network (FinCEN) to apply its rules, which currently only apply to financial institutions and money transmitters, to any U.S. person who develops or uses certain foundational crypto software.
Specifically, DAAMLA instructs FinCEN (whether it likes it or not) to treat U.S. developers of crypto software and even people who simply run open-source crypto software as “financial institutions” for purposes of the U.S. anti-money laundering (AML) regime. This includes software that mines or validates blockchain transactions, which is the global technical mechanism that secures blockchains like Ethereum.
In other words, this bill requires U.S. persons publishing and running certain types of software, whether as a business or merely a hobby, to set up an AML program according to standards generally applied to, among other things, banks.
Treating devs and crypto users as “financial institutions,” as that term is defined in FinCEN’s operative statute the Bank Secrecy Act, would also compel them to first get FinCEN’s permission before publishing or using crypto software via a registration regime. It follows that users and devs would be required to collect sensitive personal information from lots of people, namely anyone who uses the code, and to add to the fire hose of suspicious activity reporting from which FinCEN already drinks.
FinCEN implicitly declined this approach when it released guidance on virtual currencies in 2019. That guidance is still operative. There is precisely zero indication that FinCEN has otherwise identified gaps in its mass collection of financial information.
As you may have suspected, no other free country has thought to go this route.
2. Broad new supervision
Warren’s bill also compels the U.S. Treasury Department, Securities and Exchange Commission (SEC), and Commodity Futures Trading Commission (CFTC) to spin up new compliance audits of AML programs of financial institutions and software developers alike. Regular, hands-on scrutiny of countless thousands of registrants would be a massive undertaking and that requires resources.
There is no evidence DAAMLA accounts for the additional staff and budget that would be required, other than to say that “such sums as are necessary” will be appropriated. It similarly does not reflect any analysis of how burdensome compliance would be on the public in terms of time, money and manpower, or the extent this type of supervisory regime would kill off small players and serve as a barrier to entry to all but entrenched incumbents.
3. Doing something is important, whether it actually works or not
For all of the major changes DAAMLA would bring, it would not meaningfully fix any crypto money laundering problem. U.S.-based wallet providers, validators and miners as well as other software developers and users are not network gatekeepers that can meaningfully impact nefarious actors exploiting blockchain.
Wallets, validators and miners are built, deployed and operated around the world in almost every conceivable jurisdiction, often far beyond the grasp of U.S. authorities. As a functional matter, the network and its participants to some degree do not care whether the software or network service is American or developed and provided from elsewhere.
If all the U.S. software wallets and nodes vanished tomorrow, the network would not really skip a beat operationally. It would also continue to mature, without considerable U.S. participation or influence.
This all overlooks that these software tools do not “facilitate” any illicit transaction in any common usage of that word. So called “unhosted wallets” facilitate money laundering as much as your Google Chrome browser does. Indeed, Google Docs and Gmail probably do more to “facilitate” sanctioned transactions than unhosted wallets.
See also: Bill Hughes – Money Crypto Versus Tech Crypto | Opinion
Perhaps Google should start an AML program, too?
4. Overlooking the Constitution
DAAMLA is almost assuredly unconstitutional in a number of important respects, particularly in its application to particular regulatory targets. The bill appears to require software developers to register before publishing code – even freely available, open-source code.
Regulating the non-commercial publishing of code, including by compelled registration, is a “prior restraint” problem in light of the U.S. Constitution's First Amendment, which the U.S. Supreme Court has repeatedly held to apply to programming language.
Further, compulsory AML programs would force software developers to write certain code to ensure the developers can survey and report on users of that code. American jurisprudence’s high bar for compelled speech can be a perilous thing to legislate around. Requiring users of this software to relay or confirm only those transmitted messages that conform to government requirements would quite clearly constitute content-based censorship.
Room for improvement
DAAMLA is just as notable for what it leaves out, namely the one AML tactic that has proven productive to date. Blockchain analytics technology is being broadly used by law enforcement to track illicit flows and pinpoint the crypto exchange that the launderer uses to exit the system.
See also: A 5-Pronged Approach to Sensible Crypto Regulation After FTX | Opinion
Law enforcement is getting better at this but needs more training and resources. Exchanges both in the U.S. and abroad, through which the vast majority of illicit flows pass, should be more responsive to stopping these flows. Both the government and public sector could collaborate better to share information so illicit flows can be identified, stopped and recovered. A bill that supported efforts along these lines would actually produce tangible outcomes.
There is very little on which Sen. Warren and the digital asset space sees eye to eye. Both recognize that illicit finance is an important issue but there is not much agreement on the extent of the problem or how to address it through public policy. It is of little surprise that the crypto ecosystem’s reaction to DAAMLA has been full-throated criticism. Whether lawmakers can agree with that criticism requires them to take positions on the key implications set forth above. And for those who might consider co-sponsoring this bill, it’s important they recognize precisely what they would be promoting.