Learn more about the 2025 Coin Center Annual Dinner

Coin Center uses additional time provided by FinCEN to file another comment in ongoing surveillance rulemaking

Any expansion of automated surveillance on innocent transactions would be unacceptable

Today we filed our third comment in FinCEN’s “midnight” rulemaking. Thanks in large part to the efforts of the community and a massive outpouring of comment letters, we managed to push this comment deadline out to a standard 60-day period. That means that the deadline to file is now the end of March. We’re filing our third comment a bit early to offer, once again, a resource for other filers who may still be formulating their arguments and policy positions.

In today’s comment, we briefly repeat why customer counterparty identification requirements are unacceptable, both from an innovation and constitutional privacy rights perspective. Our first comment, however, is where we addressed those issues fully. This comment focuses on the proposed rule’s arguably less controversial creation of a currency transaction report (CTR) obligation for crypto transactions. CTRs are already required whenever a bank customer moves $10,000 or more in cash or other bearer instruments. Crypto transactions are very much like cash transactions and, therefore, it’s argued they should be subject to the same reporting requirements. We disagree.

As we discuss in depth in our comment, CTRs are anything but non-controversial. They are, by definition, automated mass surveillance of innocent transactions. Any transaction over $2,000 that is merely “relevant to a possible violation of law or regulation” will trigger a suspicious activity report (SAR) requirement, which already applies to crypto transactions today. Therefore, any CTR report filed without an accompanying SAR is, by definition, a report about an American resident’s entirely innocent and otherwise private financial activities. These reports are a brazen offense to our Fourth Amendment rights against warrantless search and seizure (a warrant, of course, requires specific reasonable suspicion of a crime). Additionally, domestic CTRs were only narrowly found constitutional back in 1970 when both (a) the reporting threshold was much higher in real terms because of inflation and (b) SARs did not yet exist. Further, CTR constitutionality was predicated on the “third-party doctrine,” a judicial construction that a Supreme Court majority today may believe was mistaken. Moreover, even Congress has tasked the Treasury Department in recent legislation with reevaluating the continued usefulness of CTRs in light of their obvious administrative and privacy costs.

All in all, now is the time to question the continued imposition of CTR requirements writ large rather than extend them to new technologies and new transaction types. Such an extension would show a disregard for the will of our elected representatives and, far worse, the privacy and data security interests of Americans.

That said, if FinCEN insists on further extending the gambit of warrantless mass surveillance, then it should by no account do so in a way that prejudices new technologies and the companies and individuals that use them. FinCEN’s proposed crypto CTR would not use the existing forms and information collection standards that already apply for regular CTRs. Instead, it would hoover up an inordinate amount of sensitive information and necessitate far more complicated compliance steps from reporting institutions. That divergence is unacceptable. As we discuss at length in our comment today, there is only one discrete piece of information conveyed by a traditional CTR: customer X has moved amount Y into or out of the surveilled financial system. A CTR for crypto should not be any more invasive. It should not include protocol addresses, transaction IDs, or any other identifiable information. Again, FinCEN should not further extend bulk warrantless surveillance of the innocent transactions of Americans, but if it does it should at the very least treat crypto transactions identically to legacy ones.