Centre Blog

Centre's Response to FinCEN RFI

CENTRE Consortium
CENTRE Consortium

May 10, 2022 5:26:07 PM


February 14, 2022

Himamauli Das                                                                                                                Acting Director                                                                                                              Financial Crimes Enforcement Network                                                                           P.O. Box 39 Vienna, VA 22183                                                                                  Submitted electronically to http://www.regulations.gov

RE: Request for Information and Comment, Modernization of U.S. AML/CFT Regulatory Regime;  Docket Number FINCEN–2021–0008 

Dear Acting Director Das: 

Centre Consortium, LLC (“Centre”) welcomes the opportunity to offer comments in response to the  Financial Crimes Enforcement Network’s (“FinCEN”) Request for Information and Comment,  Modernization of U.S. AML/CFT Regulatory Regime (“RFI”). 

  1. Introduction 

Centre was co-founded in 2018 by digital currency industry pioneers Circle Internet Financial Limited  (“Circle”) and Coinbase Global, Inc. Centre provides the standards for technology, policy, compliance  and reserves for USD Coin (“USDC”), a US dollar stablecoin issued by Circle. 

Centre is strongly committed to preventing and deterring money laundering, terrorist financing, and  other forms of illicit finance. Moreover, we support FinCEN’s efforts to streamline, modernize, and  update the U.S. anti-money laundering and countering the financing of terrorism (“AML/CFT”)  regulatory regime. We recognize that the technological advancements that enable people and industries  to engage in borderless commerce have also introduced new challenges and are committed to  supporting FinCEN’s efforts to combat financial crime. Centre fully supports the implementation of  effective regulatory regimes to mitigate the risks presented by emerging technologies.  

Many assume that the cryptocurrency industry is rife with illicit activities and money laundering.  However, the volume of illicit activities associated with the cryptocurrency industry is comparatively  smaller than that of the traditional financial industry.1 Moreover, the assumption that cryptocurrency  introduces heightened AML risks compared to traditional finance also does not take into account that  blockchain technologies provide powerful tools for financial institutions and government authorities to  identify and track illicit digital transactions because such transactions are recorded immutably on  distributed ledgers.

In this letter, we focus on two questions relevant to identifying Bank Secrecy Act (“BSA”) regulations and  guidance that may be outdated, redundant, or do not promote a risk-based AML/CFT regulatory regime  for financial institutions. 

  1. Responses to Specific Questions in the RFI 
  2. BSA Regulations and Guidance That May Be Outdated, Redundant, or Do Not Promote a Risk-Based  AML/CFT Regulatory Regime for Financial Institutions 
  3. Are there any BSA regulations or guidance that are obsolete because of changes in compliance  business practices and/or technological innovation in the financial system or elsewhere? If so,  how should FinCEN address this? 

We respectfully request FinCEN to consider expanding the ability of financial institutions to rely on third party solutions, including decentralized identity arrangements that leverage other financial institutions’  performance of elements of their respective AML compliance program.  

Under the present U.S. AML/CFT regulatory regime, financial institutions can rely on another financial  institution to perform elements of their AML compliance program in only two circumstances. First,  financial institutions subject to the Customer Identification Program (“CIP”) Rule may rely on another  financial institution to perform any part of the financial institution’s CIP when a customer opens an  account, as long as the requirements of the CIP Rule’s reliance provision are satisfied.2Second, under  the beneficial ownership requirements of the Customer Due Diligence (“CDD”) Rule, a financial  institution may rely on another financial institution to perform any of the requirements relating to  verifying the identities of beneficial owners of a legal entity customer that is opening, or has opened, an  account with the institution.3 

As FinCEN acknowledges, technology, innovation, and the efficient application of resources to BSA  reporting play an important role in promoting a risk-based approach to BSA compliance. FinCEN should  create additional opportunities for financial institutions to rely on each other (or third-parties) to  perform certain AML compliance program requirements. For example, FinCEN could expand the types of  sources that can be relied upon for customer identity verification to include digital identity solutions;  decentralized identity frameworks; in addition to third-parties and other institutions that have the  technological capabilities, resources, and expertise to reliably verify the identity of individuals and  entities. By expanding the opportunities for reliance between and among financial institutions, third parties, and industry frameworks and standards, FinCEN would significantly reduce regulatory costs for  industry participants, thereby allowing institutions to efficiently allocate compliance resources to  address their most significant AML/CFT risks. 

  1. Do FinCEN’s regulations and guidance sufficiently allow financial institutions to incorporate  innovative and technological approaches to BSA compliance? If not, how can FinCEN facilitate  greater use of these tools, while ensuring that appropriate safeguards are in place and highly  useful information continues to be reported to government authorities? 

FinCEN should consider allowing financial institutions to use innovative approaches to identify  customers. We believe that a new approach to verifying identity is needed to address the AML risks  associated with emerging decentralized applications, including decentralized finance (“DeFi”) and non fungible token markets, where traditional, centralized identity models either work unsafely or do not  work at all. 

In recent years, technological innovations in blockchain and cryptography have led to decentralized  identity architectures, wherein individuals can control access to their data and share it when and with  whomever they choose. In particular, there are significant developments with respect to digital  identification verification that would allow DeFi service providers to rely on traditional financial  institutions to perform CIP procedures, thereby reducing the AML risks associated with such platforms.  

For example, decentralized identity verification protocols would enable authorized verifiers, such as  banks and broker dealers, to verify the identity of potential DeFi users. Upon completing the appropriate  CIP procedures, authorized verifiers would issue a digital credential to individuals, which can then be  presented to other financial service providers as proof of identity. This novel approach to identity  verification would allow law enforcement to identify illicit activity in a manner that is consistent with the  BSA, including executing inquiries to credential issuers, without exposing sensitive data to smart  contracts, blockchains, or the public during the normal course of transactional activity. Digital identity  verification would also significantly increase the effectiveness of AML compliance across the nascent  blockchain ecosystem, thereby reducing AML/CFT risks across the broader financial system. Accordingly,  FinCEN should consider promulgating new, or amending existing, AML regulations to allow financial  institutions to incorporate innovative technology within their AML compliance programs. 

Balancing the personal privacy needs of individual Americans and the public security needs of the U.S.  Government and financial institutions to monitor and prevent financial crime is another important  principle FinCEN should consider when modernizing the U.S. AML/CFT regulatory regime. Currently,  minimizing the exposure of sensitive identity information (particularly when anchored to immutable  datastores like distributed ledgers) while still making such information accessible to law enforcement is  a significant technological challenge. Financial institutions are currently considering solutions, which  include: (1) granting government investigators access to encrypted data via methods that bypass normal  authentication systems; and (2) sharing encrypted identity data directly with counterparty financial  institutions and providing decryption keys only to authorized law enforcement. Notably, these  approaches would continue to require the unsafe transmission and storage of sensitive, encrypted  identity data by each and every financial institution on each and every customer in an attempt to satisfy  FinCEN guidance that requires data to be in the custody of BSA-regulated entities. 

While both of these approaches guarantee government access to identity data in emergencies or for  investigative purposes, we are concerned these and similar approaches may introduce new privacy risks  to American consumers by creating additional opportunities for criminals to access sensitive personal  information. If, for CIP purposes, BSA-regulated entities were instead able to rely on verifiable  attestations of identity that minimize the data preserved in portable credentials, such an approach could  help mitigate the privacy risks associated with the distribution of personal information over open  networks, as law enforcement would be directed to the individuals and entities already in possession of  the requested information. Accordingly, we respectfully request FinCEN to consider approaches that  appropriately balance the legitimate privacy concerns of consumers with the needs of law enforcement. 

III. Conclusion 

We appreciate the opportunity to provide comments on this important RFI, and would be pleased to  provide further information upon request. 

Very truly yours, 

David Puth 

Chief Executive Officer 

Centre Consortium, LLC

2See e.g., 31 C.F.R. § 1020.220(a)(6). 

3See 31 C.F.R. § 1010.230(j). Note, we understand that the CIP Rule and the beneficial ownership requirements under the CDD  Rule only apply to banks, broker dealers, futures commission merchants, and mutual funds.