Individuals have different options when it comes to keeping their cryptocurrencies. They could use a hosted wallet (sometimes known as a custodial wallet), which entails an intermediary (a server ) that typically receives, stores and transmits the assets on behalf of their clients. For instance, a centralized crypto exchange could be a hosted pocket supplier, with which an individual puts up an account/wallet. In such cases, the value saved goes back to the account holder, but the funds are controlled by the wallet provider/host (pursuant to the contractual arrangement and instructions from the customer ).
Alternatively, cryptocurrencies could be stored in an unhosted pocket (occasionally called also a self-hosted, or non-custodial, wallet), that can be effectively software installed on a computer, telephone or other apparatus. The money in an unhosted wallet are controlled by an individual, without the need for an intermediary, similar to the real cash in a physical wallet. Users of unhosted wallets can usually interact directly using an electronic currency system without the involvement of a bank, service provider or another intermediary. Users of unhosted wallets can get, send and exchange their crypto assets with other unhosted wallets, or on a market stage, without revealing their identity. Obviously, transactions involving unhosted wallets are somewhat more challenging to trace and scrutinize for Anti-Money Laundering and Counter-Terrorism Financing compliance.
Unhosted wallets have started to attract growing attention and scrutiny by governments. The Financial Crimes Enforcement Network (FinCEN) — the United States jurisdiction with a mandate to protect the financial system from illicit use, money laundering and terrorism financing, and to encourage national security — expressed the opinion that trades utilizing unhosted wallets increase AML/CTF risks. Its concerns also relate to pockets hosted with a foreign financial institution not subject to successful AML regulation –“otherwise covered wallets” — for instance, from countries like Burma or North Korea.
Though data on public blockchain networks will be open and transparent, and may be used to help trace network activity, governments like FinCEN do not consider this sufficient for mitigating the dangers of unhosted wallets.
FinCEN
In December 2020, FinCEN issued a proposition known as”Requirements for Certain Transactions Involving Convertible digital Currency or Digital Assets,” with a broader aim to cover the illegal finance threat regarded as caused by unhosted or coated wallets. FinCEN proposed establishing a new reporting and recordkeeping requirements, similar to the rules for conventional funds transfers.
The new requirements would be related to transactions involving unhosted or otherwise covered pockets, such as withdrawals, deposits, exchanges, and other payments or transfers of non digital currency or digital assets with legal tender status (central bank electronic currencies) through a financial institution or money service businesses (MSBs).
According to the proposal, if a transaction exceeds $10,000 (or will be just one of multiple transactions within a 24-hour interval that, in aggregate, exceeds that amount), the lender or an MSB is going to have to file an account with FinCEN and contain certain information in relation to the trade, the counterparty (name and physical address) and a confirmation of the identity of its customer. If a transaction exceeds $3,000, banks and MBSs will be asked to keep records of the trade and counterparty, including verifying the identity of the customer.
FATF
It recommends that virtual asset transfers to or from unhosted wallets should be treated as higher-risk transactions by VASPs and ought to be subject to enhanced scrutiny and constraints.
The FATF also urges that individual nations should know how peer-to-peer transactions are being used in their own jurisdiction, and also what the potential money laundering and terrorism funding from such trades. If these risks are considered unacceptably high, countries should aim to enhance the visibility of P2P trades and limit their exposure to them. They could achieve this through measures such as issuing advice or imposing controls, equal to money transaction reports or reporting of cross-border instrument transfers.
The FATF is very explicit that its guidelines do not put AML/CTF duties on individuals, but on intermediaries between individuals and the financial system. Thus, pure P2P transactions wouldn’t be subject to these duties. Nonetheless, in the event of all VA transfers where only 1 party is an obliged entity — like a VASP, and the other is an unhosted wallet, by way of instance, the FATF recommends that these virtual resources transfers are handled as higher-risk transactions by VASPs. The FATF is effectively seeking to expand the use of the Travel Rule to VASPs when a virtual asset transfer entails an unhosted wallet.
If a nation considers the risks from P2P transactions unacceptably high, the FATF also recommends mitigating measures including enhancing on-site and off-site supervision or denying licensing to VASPs that empower unhosted wallet transactions. Countries can also oblige VASPs to take trades simply to and from different VASPs, or put additional recordkeeping and due diligence demands on these VASPs that accept trades with unhosted pockets. VASPs could opt to restrict or prohibit transactions to and from unhosted pockets to or from pockets that formerly carried out P2P transactions.
FinCEN and the FATF aren’t the only authorities seeking to close the gap on unhosted wallets. For example, Switzerland and the Netherlands have introduced stricter controls.
The Swiss Financial Market Supervisory Authority already imposes stricter requirements on trades over 1,000 Swiss francs (roughly $1,020) involving personal pockets. These requirements include identification of this party, establishing that the beneficial owner and confirming this party’s power of disposal over outside wallets.
In the Netherlands, the Dutch National Bank (DNB) now requires that crypto service providers seeking to formally register with the central bank must establish their compliance with verification requirements under the 1977 Sanctions Act. It involves establishing the identity and location of residence of the counterparty, screening it against the sanctions lists and establishing that this person or legal entity is actually the recipient or the sender. This extra requirement was met with a lot of criticism and is presently being challenged in court.
Takeaways
FinCEN and the FATF appear to have aligned their approach to unhosted wallets. The FinCEN proposal alone received over 7,700 comments. Originally, FinCEN controversially allowed only 15 days for remarks, justifying such a short consultation period with their foreign affairs work, important national security imperatives and past appointments with the cryptocurrency industry. By the end of January 2021, FinCEN further extended the comments period for the following 60 days; comments were closed by March 29. On the other hand, the FATF consultation period ended on April 20.
A number of concerns are raised by the stakeholders, such as behavioral, legal, technical and moral difficulties. There are privacy issues, since discovering an identity supporting an unhosted wallet would disclose an whole log of transactions listed on a public network, which surpasses the information that’s being collected under the Travel Rule in traditional banking transactions. New rules would subject agency suppliers to additional compliance obligations with regard to parties that are not their clients, and might also force people to disclose private information to their counterparty’s service supplier. It’s not improbable that some service providers might choose not to support trades with unhosted wallets to avoid additional compliance burden, which would effectively amount to an indirect ban on such trades.
Additionally, there are a range of technical and technical problems with the implementation of these requirements. For example, DNB suggested alternatives for screening counterparties which include screen sharing or video conferencing in the time of logging in, signing up a trade or sending a small amount of crypto into the supplier on request, all which raise many problems on their own and seem unfeasible.
Imposing strict controls on unhosted wallets may additionally complicate things such as charitable fundraising in crypto funds, since the charities don’t control who makes donations and donors often wish to stay anonymous.
As the crypto market stands at around a $2 trillion market capitalization following the recent unbelievable bull run, there are a lot of interests at stake in regards to additional compliance requirements.