It's time to assess the potential for terrorist use of cryptocurrencies

Bank derisking and irrational state by state licensing help create the conditions for criminals and terrorists to abuse cryptocurrency networks.

News reports today that Congress may soon commission a study assessing the link between terrorism and virtual currencies have generated concern within the cryptocurrency community, but they shouldn’t. No one should want cryptocurrency networks to be used to finance terrorism, and an assessment of how they may be used and how to prevent that use should be welcome. Just such an assessment was recently published by the respected Center for a New American Security and it is, by and large, excellent.

First and foremost, the report acknowledges that virtual currencies (VCs) are legitimate and positive innovations that, like cars, phones, or the internet itself, are unfortunately misused by bad actors:

VCs and associated technologies hold great promise for low cost, high speed, verified transactions that can unite counterparties around the world. For this reason they could appear appealing to terrorist groups (as they are at present to cybercriminals). Currently, however, there is no more than anecdotal evidence that terrorist groups have used virtual currencies to support themselves.

That last sentence is very important. At the moment there is only anecdotal evidence of terrorist use of the technology, which means there is time to develop an appropriate response to the possibility. In the meantime, the CNAS report acknowledges that law enforcement has the tools to handle the problem:

The use of VCs by “lone wolf ” terrorists—a much bigger potential threat because of the small scales of funding needed to execute an attack—represents the kind of problem in intelligence and digital forensics that law enforcement agencies are well equipped to handle, even if they tax existing resources.

The work we have done with the Blockchain Alliance and the cryptocurrency industry help buttress this capability. But as the CNAS report states, at the moment cash and the legacy financial system continues to be how terrorist move funds:

[The] most important reason that terrorist groups have not adopted virtual currencies at scale is that these groups, and individual terrorist operatives, have not yet perceived the need to do so. They still find it possible to circumvent global rules governing terrorist financing with suficient ease and frequency that using VCs is unnecessary. They exploit incomplete implementation of regulatory requirements and global standards at banks, use unlicensed and undersupervised money services businesses (MSBs), or simply cart around cash. As long as these value transfer methods are readily available, there is no great need to invest in new, complicated techniques to transfer value.

So what can regulators do to make sure that we are prepared for the potential that terrorists will use cryptocurrency networks? The CNAS report identifies two roadblocks to better regulation that Coin Center has long been focused on: the irrational system of state-by-state licensing, and the aggressive “derisking” by banks that cut off the cryptocurrency ecosystem from traditional financial networks. As CNAS notes:

One particular challenge in this area is the requirement for a virtual currency firm to obtain licenses in all states in which it operates and maintain compliance consistent with both federal and applicable state standards where they are licensed to operate. With only a single federal registration for virtual currency firms, compliance costs would be more manageable for smaller firms, and regulators would be better able to oversee firms.

Inconsistent and unclear state-by-state licensing of innovative fintech firms is preposterous in the 21st Century. It is even more preposterous that modest attempts to offer a federal alternative to state-by-state licensing like the OCC’s special purpose bank charter would be opposed in court by the New York Department of Financial Services and the Conference of State Bank Supervisors. By making it more difficult for legitimate firms to operate, they will only succeed in ceding the networks to illicit use into which they will have little visiblity.

Second, citing Coin Center research, the CNAS report explains the challenged pose by excessive bank “derisking”:

In the past decade, financial regulators responsible for supervising banks have imposed significant fines for violations of laws designed to counter illicit finance. [T]hese enforcement actions have inhibited the development of effective public-private collaboration in the governance of VCs, because they have generated a significant amount of uncertainty within banks. Such collaboration is critical to prevent virtual currencies from being abused for illicit purposes at greater scale, particularly by terrorist groups. […]

This trend has led many financial institutions to shed expensive-to-service accounts, correspondent relationships, and clients, and is commonly referred to as “de-risking.” Virtual currencies have been caught in this trend. Businesses that deal extensively in VCs have found it dificult to establish relationships with the largest global banks because the businesses are often perceived as relatively risky and therefore too costly to take on. As a result, VC businesses have had to conduct their banking operations at smaller financial institutions that do not devote as many resources to compliance as do large global banks, and that are less well regulated than large money center banks. This dynamic, in turn, increases the likelihood that VCs will be used for the conduct of illicit activity at a scale, posing a security threat. […]

By extension, this also discourages banks from taking on new payment technology firms, or virtual currency platforms, given the risks of assimilating such new and unknown customers. Banks therefore do not have as much insight as they could into illicit financial flows in virtual currencies. Thus it is harder for law enforcement and intelligence offcials to track and halt such activity. A more holistic and effective approach to countering terrorist financing would encourage and incentivize banks to take on new payment technologies and virtual currency firms while managing the potential risks of abuse.

From a public policy standpoint, it is concerning that banks do not appear to be incentivized to be as proactive as possible in detecting terrorist financing and adopting innovative strategies for information sharing and coordination with law enforcement and intelligence officials. They should be working in coordination with both to sustain and manage certain risky clients.

We therefore agree in principle with the recommendations of the CNAS report, in particular its recommendation to “make financial technology innovation more sustainable”:

Financial regulators should consider strategies to limit the regulatory “tax” on development of financial technology, including virtual currency technology. Financial technology companies must shoulder the compliance burden of financial system operators, and policies to limit this strain for virtual currency companies—which may not necessarily be inherently risky—would appropriately underscore a risk-based approach to financial regulation. It would also have the effect of stimulating financial technology innovation. Financial policymakers should consider how to actively support beneficial financial technology development, particularly when it can bring virtual currency and new payment technology platforms successfully into the regulated financial sphere.

We believe that an honest assessment by Congress would reach the same conclusions and we stand ready to work with all parties to help address these challenges.

Based in Washington, D.C., Coin Center is the leading non-profit research and advocacy center focused on the public policy issues facing cryptocurrency and decentralized computing technologies like Bitcoin and Ethereum. Our mission is to build a better understanding of these technologies and to promote a regulatory climate that preserves the freedom to innovate using permissionless blockchain technologies.