If it's crypto it's not money laundering

It appears to be official now. According to the U.S. Department of Justice, when illicit activity is routed via crypto infrastructure, then it no longer qualifies as money laundering.

Earlier this week the Department of Justice's deputy attorney general Todd Blanche sent out an internal staff memo saying that the digital asset industry (read: crypto) is "critical to the nation’s economic development." (Editor's note: it's not.) As such, staff have been instructed to stop targeting crypto platforms such as exchanges, mixers like Tornado Cash and ChipMixer, and offline wallets for the "acts of their end users." 

What does "the acts of their end users" mean? Further clarity arrives deeper into Blanche's memo. It helpfully draws attention to how cartels operating in the fentanyl trade often use digital assets. This is well known. Tether, for instance, is a popular payments platform in the fentanyl trade. (See here, here, and here). And yet, the Department goes on to explain that while it will continue to pursue cartels, terrorist organizations, and other illicit enterprises for their financial crimes, it "will not pursue actions against the platforms that these enterprises utilize to conduct their illegal activities."

This marks a radical departure from long-established financial law on Planet Earth, where financial institutions are generally held responsible for the "acts of their end users," and are pursued when criminals use them to "conduct their illegal activities." It's what's known in law as money laundering.

Money laundering is a two-sided crime. There's the first leg: a criminal who has dirty money. And there is the second leg: the criminal's counterparty, a financial intermediary (a bank, crypto exchange, remittance platform, money courier, or helpful individual) who processes the dirty funds. Both legs are prosecutable. That's precisely what happened to both TD Bank and its cartel-linked customers when they were charged last year. Financial providers are held liable for the crimes of their users.

The same two-sidedness goes for sanctions evasion. There is the sanctioned party and there is the financial platform that facilitates their evasion. Both are indictable.  

If, as Blanche suggests, digital asset platforms are no longer to be targeted for the "acts of their end users," that's effectively saying that the second leg of a money laundering or sanctions violation is no longer a violation, at least not when a crypto platform is involved. So if cartel deposits dirty money at an exchange like Binance which facilitates their crypto transactions, the exchange won't be pursued. Only the cartel will be.

In effect the entire technology has been handed a get-out-of-money-laundering-jail-free card. A detached observer could safely assume that crypto platforms will respond by easing up on their compliance measures—they won't be indicted, after all—which, in turn, will allow more bad actors to make use of their services.

The memo provides more details. It's quite likely that both the ongoing Tornado Cash case (which I've written about extensively) and the ChipMixer case will be dropped, as the memo explicitly states that the Department will no longer target mixing and tumbling services. Tornado Cash, a smart-contract based mixer, operates with a large proportion of its infrastructure running through automated code, whereas first-generation mixers like ChipMixer are entirely human-operated. The latter had mostly disappeared thanks to a series of successful criminal convictions, but will spring back into action as the threat of indictment recedes—leading to more anonymity for the entire system, including for criminals.

The memo's prohibition against Department lawyers targeting "offline wallets" likely refers to "unhosted wallets," which presumably applies to stablecoins—a highly popular type of crypto token pegged to national currencies. Stablecoin users can either hold balances of a stablecoin like Tether or USDC in unhosted format, within their personal crypto wallets, or hold them with the issuer for redemption into actual dollars, in which case they become "hosted." The implication seems to be that if unhosted stablecoins are used by bad actors, the issuers themselves won't be targeted. It's a fantastic policy—if your goal is to encourage fentanyl cartels to use stablecoins.

This decriminalization of crypto money laundering is a ratification of how much of the crypto ecosystem already operates. Just last week, for example, I wrote about stablecoin issuers like Tether and Circle allowing Garantex, a sanctioned Russian exchange, to hold balances of their stablecoins. The issuers seem to believe that providing access to illicit end users like Garantex is legal. And now, it seems, the government has confirmed their view by no longer targeting unhosted wallets for the "acts of their end users."

Now that we've explored some of the immediate legal and technical consequences of this decision, it's worth asking: who on earth benefits from this sudden shift in policy? Because clearly most people will be made worse off. 

I'm only speculating, but here's who this policy may be designed to appease and/or reward:

• Trump-voting libertarians who have arrived at the odd belief that money laundering shouldn't be a crime.
• San Francisco crypto entrepreneurs who want to create financial platforms on the cheap, without the burden of building expensive compliance programs to prevent criminals usage. These entrepreneurs also want their crypto platforms to have access to bank accounts, but banks have been hesitant due to the high risk of crypto-based money laundering. Now that crypto has immunity, banks no longer have to worry. Crypto entrepreneurs voted for Trump, funded him, and are a big part of his administration. This is their payback.
• Trump himself who seems intent on building a murky authoritarian system of bribery and patronage à la Putin or Orban. This system requires money laundering-friendly financial infrastructure, and the Department's memo may be an early step to creating it. (The Trump family, with its many crypto-based entrepreneurial efforts, is also part of the second group.)

In the long term, banks and other traditional providers may benefit, too. With crypto-based finance now unburdened of a major law, every single financial provider operating outside of this crypto-friendly zone, such as traditional banks and fintechs, will be incentivized to switch their database infrastructure over to crypto in order to qualify for this loophole. That means shifting your Wells Fargo U.S. dollar savings account over to a blockchain-based dollar saving account. Doing so will allow banks and fintechs to cut compliance costs and increase their profits.

Once the entire financial sector has migrated through the loophole, it will no longer be a crime to launder funds for criminals. And with mixers no longer being charged by the Department of Justice, that means blanket anonymity for everyone.

As far as the public's welfare goes, the memo is awful. Like theft and fraud, money laundering is immoral and should be punished. Giving one stratum of society a free pass from any law, whether that be money laundering or theft or murder, erodes trust in government and the financial-legal system.

More broadly, society's money laundering laws are a key defence against all types of other crimes. The so-called predicate offences to money laundering such as robbery, human smuggling, and corruption become much more tricky to carry out when, thanks to money laundering laws, the financial system does its best to shut them out. The dissuasive effect engendered by this effort stops many would-be criminals from ever leaving the licit economy. Take away those laws and the case for becoming a criminal becomes much more persuasive.

Tornado Cash un-OFAC'ed

The next chapter in the Tornado Cash saga just dropped. Last week a court ruled last that Tornado Cash, a bot that can be used for obfuscating crypto, is safe from being sanctioned.

I first wrote about Tornado Cash in 2021, before its legal troubles began, warning of the risks ahead. I've been tracking Tornado's legal saga since then. (See here | here | here ). The saga serves as a bellwether for how financial services hosted on blockchains are to be sliced and diced under existing laws, in particular the crucial anti-money laundering statutes and sanctions laws. More generally it foreshadows how autonomous techno-beings, many of which don't yet exist, are to be treated by the law.

In the newest chapter of the saga, a court ruled that America's sanctions authority, the U.S. Treasury's Office of Foreign Assets Control (OFAC), does not have the authority to sanction a certain type of smart contract, or string of autonomous code, that undergirds Tornado Cash: its so-called immutable contracts.

Recall that in August 2022, OFAC sanctioned Tornado Cash, which accepts traceable crypto from users and returns it in untraceable format. Tornado had been used by the sanctioned North Korean hacker group Lazarus to obfuscate its financial tracks. OFAC listed Tornado Cash's website tornado.cash along with 53 Ethereum addresses.

The sanctions were relatively effective. Americans could no longer use the bot without risking fines or imprisonment. Those who had funds deposited in Tornado had to ask OFAC for special permission to withdraw them. In the months after the sanctions were announced, usage of the privacy bot plunged and the amount of crypto deposited fell by over half.
 
After two different sets of plaintiffs challenged OFAC's actions in court, the appeals court in one of the cases returned a verdict last week. An immutable smart contract is "unownable, uncontrollable, and unchangeable—even by its creators," and therefore it doesn't qualify as property. Because OFAC's sanctioning power is limited to that which is property, it follows that OFAC cannot sanction immutable smart contracts.

This not-property ruling only applies to twenty immutable Tornado Cash contracts that were on OFAC's sanctions list. Tornado's mutable contracts, those that can be controlled and changed, remain property—and thus can stay on the list of sanctioned contracts. Unless OFAC wins on appeal, it will presumably have to unsanction those twenty immutable contracts.

Now, it's possible that as long as the remaining sanctioned mutable contracts are crucial to the functioning of the Tornado Cash bot, the revised sanctions blacklist will still have an effect. And if OFAC adds other key mutable Tornado Cash smart contracts to its list (say like the contracts allowing governance, which for some reason were not originally sanctioned), American users will continue to steer clear of Tornado Cash, the bot's anonymizing capacities remaining lower than otherwise, thus diminishing its ability to serve North Korean interests. 

But if not, what can OFAC do? 

Sanction users, not code

I've already done a bit of digging on this question. In response to the sanctions, I wrote an article in late 2022 entitled: How to stop illegal activity on Tornado Cash (without using sanctions) The gist was to explore alternative tools for countering illicit activity on Tornado rather than the blunt tool of sanctioning its actual smart contracts. What I suggested was to apply pressure to the users of the smart contracts. "Rather than punishing code, penalize the people who use the code."

The logic goes like this. Any user who deposits crypto to Tornado Cash, even someone with clean crypto, is providing North Korea with prohibited financial services, the Tornado bot being the means by which the two sides are connecting as counterparties. Whether intentional or not, a user's deposits broaden the anonymity set of Tornado Cash, or its ability to obfuscate larger amounts of illicit funds sourced from sanctioned counterparties like Lazarus.

Think of it as sanctioned North Korean users passing on sanctions taint to all other Tornado Cash users by virtue of everyone interacting via the same bot, Tornado Cash. This taint spreads to those who deposited their crypto (clean or dirty) to Tornado at the same time as Lazarus and/or those who have continued to deposit to it in light of the known fact that the North Korean group regularly deposits stolen funds to the platform.

OFAC issues a public alert stating that any foreigner can and will be sanctioned if their funds interact with North Korean funds on Tornado Cash. In response, some foreign users will risk being designated and continue to engage with Tornado. Many will not. As for U.S. users, OFAC can threaten them with potential civil monetary penalties if they aid North Korea using Tornado as their a tool. A $10,000 fine for interacting with sanctioned North Korean actors via the Tornado Cash bot will probably discourage most usage.

Another core set of Tornado Cash users who OFAC has legal leverage over are the relayers—real life individuals who provide an extra layer of privacy to Tornado Cash users. (I explain here why relayers are necessary for full privacy). OFAC can threaten foreign relayers with sanctions and U.S.-based relayers with civil monetary penalties.

Pressuring these various groups of users won't stop Tornado Cash code from functioning, but it will certainly constrain the activity it facilitates, and thus make it harder for North Korea to anonymize its funds. And it is consistent with the court's not-property ruling because users, not contracts, are being targeted.

I'm not saying that OFAC will follow this playbook, or that it should, but it certainly is an option. There is another route, though, and that is to go to Congress and ask for the ability to put sanctions on immutable entities. 

More broadly, Tornado Cash may just be the first in an emerging population of unownable and uncontrollable techno-beings—bots, machines, drones, androids, AI agents,  automatons, and golems—that operate independently of human control, many of which will end up doing very dangerous things. Society may want the legal ability to protect its members from these immutable contraptions, including by sanctioning them.

For instance, imagine the following scenario...

A Russian AI-guided assassin bot

If a Russian assassin is regularly poisoning people (including U.S. citizens) for criticizing Putin, OFAC can sanction that assassin, thus preventing any American entity from dealing with him and blocking all of his accounts, his car, and his interests in various companies. That might not stop the assassin, but it'll make his job more difficult. In doing so, OFAC is simply fulfilling its mandate to use its sanctioning powers to protect Americans.

Say the assassin creates an artificial intelligence and imbues it with all of his assassin's lore, providing it with an artificial body and then throwing away the keys, rendering the robot immutable. The court's recent not-property ruling suggests that while OFAC can ably defend Americans from the flesh and blood assassin, it cannot protect them from the assassin's immutable killing robot—even though the robot performs the precise same killing function as the living assassin using the exact same techniques.

This is obviously an incongruity, one that seems like it should be fixed. Or is there a specific reason why we should provide legal safe harbor to all unownable and uncontrollable techno-beings? Feel free to explain in the comments.

In any case, OFAC's efforts to apply its national security mandate to Tornado Cash are probably not over. Let's see how it responds. Some sort of resolution is important because we are still in the early stages of being inundated with self-guided autonomous agents.

How my views on financial privacy have evolved over a decade

I began exploring the topic of financial privacy and payment anonymity in the early days of this blog. Over the past decade, my views have shifted significantly—here's how and why.

Rereading my earliest mentions of financial privacy, they now seem a bit... idealistic? extreme? For instance, in my 2014 post entitled Fedcoin, a central-bank issued digital currency, I suggested that the product should be 100% anonymous, like coins and banknotes.

Criminals would undoubtedly exploit unlimited anonymous digital currency, as I acknowledged in a 2018 article entitled Anonymous digital cash. But I figured that the bad guys would find their own ways to transact anyways, say through their own mafia-created payments system, so central banks may as well go forward with anonymous digital currency, the benefits to civil society of unlimited e-cash ultimately outweighing the cost.

I wouldn't support these same ideas today, or would at least modify them, as I'll show further down.

But idealistic and extreme aren't quite the right words. I think that I was right, at least when looking at things from a certain vantage point, but it was still early in my blogging career and I hadn't yet explored other vantage points

To be clear, financial privacy, or the ability to make transactions anonymously or near-anonymously, isn't just something that criminals require. It's crucial for regular folks, too, and in my earlier blog posts I spent a lot of time detailing why this is so. After a cashier dropped my card behind the counter (and potentially skimmed it?), I wrote that cash provides buyers with a "shield from everyone else involved in a transaction" in my 2016 post In praise of anonymous money. And I still agree with that, and to this day always pay with cash when the store I'm at feels a bit sketchy. I worry that this shield will disappear as cash usage continues to decline.

Civil society's need for private transactions isn't just a weird fringe view. In a 2018 entitled Money is privacy, I described the work being done on privacy and payments by Federal Reserve researchers Charles Kahn, James McAndrews, and William Roberds. Licit transactions can unintentionally evolve into a long-term relationship, they write, including clawbacks, extraterritorial rulings, and new forms of product liability. To boot, personal information linked to digital transactions can be stolen in data breaches.
 
According to the three Fed researchers, the ability to transact anonymously converts a potentially thorny transaction into a one-and-done relationship. Licit payments that might have otherwise been deemed too dangerous can proceed, the extra trade making the world better off. (See also my 2020 article Central banks are privacy providers of last resort.)

As for crypto, I've described blockchains as dystopian hellscapes or panopticons, because every single transaction is mapped out for all to see. That makes blockchains just awful places to carry out conventional business. Firms require a degree of secrecy in order to hide their corporate strategies and tactics from competitors—but the medium doesn't permit secrets. Blockchains need more privacy. (See my 2022 post DeFi needs more secrecy, but not too much secrecy, and the right sort of secrecy). 

So what changed?

Starting in 2018, I focused more on studying fraud, including ransomware, tax evasion, and gift card schemes. I found gift card fraud particularly intriguing: semi-anonymous payment systems linked to Google Play and Apple iTunes have enabled an entire industry of scammers, including IRS and tech support fraudsters, to launder stolen funds. Network operators like Google and Apple, as well as major retailers such as Target and Walmart, quietly profit from all of this fraud. (See Gift Cards: When Good Products Do Bad Things [2021] and In-game virtual items as a form of criminal money [2019].)

Which led me to my next big truth: if privacy is crucial, so is the necessity of criminalizing money laundering.

Money launderers are the financial intermediaries who, knowing full well that a customer's funds are dirty, conduct transactions with them anyways, in a way designed to disguise its source.

The willful laundering of a criminal's money is an extension of the original crime, making a launderer just as morally and ethically culpable as the criminal they are helping. By facilitating the final release of illicit funds, the money launderer enables the crime to fulfill its purpose, completing the damage caused by the initial offense—be it theft, extortion, or human smuggling. This is why the launderer's actions deserve to be criminalized. (See A short and lukewarm defence of anti-money laundering standards from 2021).

The crime of money laundering bears a striking resemblance to the centuries-old crime of fencing—the art of accepting and redistributing stolen property. (See my 2024 post "I didn't launder the cash, your honor. The robot did") In earlier times, thieves were responsible for reselling their stolen goods themselves. However, by the 17th century, this task was often outsourced to specialized intermediaries, or 'fences.' At first, there was no legal term for this crime, but in 1692, England formally criminalized fencing, and deservedly so.

Thinking more about the crime of money laundering led me to become more critical of stablecoins, for instance. From 2014-2018 my articles on stablecoins were mostly neutral or positive, but now my posts focus on the fact that stablecoin issuers, by turning a blind eye to those using their platform, have allowed themselves to become launderers for all types of criminals. (Among others, see my 2019 post From unknown wallet to unknown wallet and my 2023 post Why do sanctioned entities use Tether?)

At this point, you may be able to see my conundrum.    

If, like fencing, money laundering should be criminalized (and indeed it is illegal in most parts of the world), that collides with my prior belief in the importance of financial privacy. After all, the only way for a banker, money transfer agent, or stablecoin issuer to be safe from a money laundering charge is to show that they did a good faith job collecting enough personal information to ensure that they weren't dealing with criminals. And giving up personal information is necessarily privacy-reducing.

One way to resolve my conundrum would have been to pick a side and advocate for it, but I think both sides are important, so I've generally tried to find a compromise. Most of my writing on the topic over the last five or six years has been trying to wrestle with where to draw the line between financial privacy and the crime of money laundering. 

My compromise position has generally advocated a privacy safe harbour for small day-to-day transactions. But anything above a certain monetary ceiling needs to be identified in order to avoid a money laundering charge.

Here are some examples of my often clumsy attempts to balance the two ideals:

• The purchasing power of the $100 note has been eaten away by inflation. Let's improve basic payments anonymity by re-introducing $500 notes, but burden those notes with a tax in order to make up for the benefits accruing to criminals. See my posts A tax, not a ban, on high denomination banknotes and Pricing the anonymity of banknotes from 2018, and Supernotes from 2019.
• If we’re going to issue a central bank digital currency, it shouldn’t be fully anonymous or fully surveilled. Instead, it should provide a limited, rationed degree of anonymity. See The dematerialization of cash (2017) and Anonymity vouchers (2019).
• Below a certain monetary threshold, cash transaction reports (CTRs) and suspicious activity. reports (SARs) needn't be filed, which means small transactions enjoy a degree of privacy. However, these thresholds are not adjusted for inflation. To preserve the small privacy safe harbour, those thresholds should rise over time in-step with the general price level. New financial products should enjoy the same shield. (See my 2020 article Why Aren’t Anti-Money-Laundering Regulations Adjusted for Inflation? and my 2023 posts In praise of anti-money laundering thresholds and Even crypto mixing deserves a threshold).
• While the crypto privacy bot Tornado Cash makes blockchain transactions private, it is also a money laundering machine, a point I made multiple times beginning in 2021 with Tornado Cash and money laundering. The proper way to build a privacy bot is to take a balanced approach that begins with screening out bad actors, and only then provides privacy, thus ensuring that the tool isn't used for laundering money. (I explore this balanced approach in my 2022 post Crypto’s privacy/commingling dilemma , my 2024 post "I didn't launder the cash, your honor. The robot did" and my 2023 article Thoughts on Privacy Pools and the law.)
  

Balancing the two ideals rather than taking an either/or approach has led me to adopt a more comparative approach to thinking about financial privacy. I've begun to analyze cross-country differences in the intensity of financial surveillance as conducted by national financial intelligence units. Canada, for instance, has chosen a balancing point that is far more in favor of financial privacy (and accordingly more accepting of money laundering) than the U.S. has, as illustrated in my 2024 post Your finances are being snooped on. Here's how.

So that's where I've landed after ten years of writing about privacy. Hard-core privacy advocates and civil libertarians would probably describe me as a sell-out or a wishy-washy centrist because I'm willing to compromise on financial privacy. Fair enough. But I do wonder how many privacy advocates would go so far as to call for an all-out decriminalization of money laundering. Doing so would maximize privacy, but surely no privacy advocate thinks that bankers who clean money for the mob should by allowed to walk free. We are probably closer than they think.

I look forward to seeing how my opinions evolve over the next ten years, as I'm sure they will. Thoughts or comments?

Pricing the anonymity of banknotes

Banknotes are useful. Not only do they provide their owner with a standard set of payments services, they also offer financial anonymity. This post introduces the idea of trying to price the anonymity component. 

To help think about why we might want to price anonymous banknote usage, I’m going to make an analogy. Imagine Walmart sells special suits that allow people to become invisible. While most Walmart customers always pay for the goods they find in the aisles, a few try these invisible suits on, grab a bunch of stuff, and sneak out without paying. The product is weaponized and turned against its provider.

This same sort of weaponization characterizes the modern provision of banknotes. The government, like Walmart, provides citizens with a privacy-enhancing product: cash. Because its coins and banknotes don’t leave a paper trail, they act as a financial cloak. In the same way that an invisible suit can be used to evade Walmart’s checkout counter, a government-issued banknote can be turned against its provider by allowing users to avoid paying for the government services they have consumed. 

Walmart may wish to do something about the weaponization of invisible suits, especially if the costs imposed by abusers of suits begin to exceed the amount of income the company gets from buyers of invisible suits. One option Walmart has is to stop selling the product. No one would fault them for putting an end to an unprofitable business line. Invisible-suit aficionados could just shop elsewhere. 

But what if Walmart is society’s only provider of invisibility? This complicates things. While a few bad apples regularly abuse Walmart’s invisible suits by using them to steal, many others use the suits in legitimate ways. So while a decision to stop selling invisible suits might improve Walmart’s finances, it might also make society worse off. 

This same tension crops up in the debate over the future of cash. A ban on cash would help reduce tax evasion and improve government finances. But since banknotes are the only anonymous financial product, and no other entity is permitted to provide banknotes, a ban would put an immediate end to financial privacy. Because privacy is something that regular folks value for licit reasons, their welfare would be reduced.

Say Walmart does the noble thing. It continues to stock invisible suits to meet the public’s demand for privacy. But the company still has costs it must meet, including wages, inventories, and rent, and with a steady loss of payments facilitated by the weaponization of invisible suits, that hurdle becomes much harder to clear. To plug deficits, Walmart may have to ask all its rule-abiding customers to pay a little bit more for their purchases by raising all of prices by a little bit. 

But an across-the-board price increase hardly seems fair. Those abiding by Walmart’s rules are being asked to make up for a shortfall that is entirely the fault of suit-stealing rule breakers. Honest shoppers who don’t generally like to use invisible suits will be particularly furious — and who can blame them? They are being asked to pay more for the goods they hold dear in order to support the use of a single product they never cared for much anyway. 

This same lack of fairness plagues modern tax systems. The government needs to fund (via taxes) the services it provides, but the presence of cash is weaponized against the system by tax cheats. The funding gap that emerges must be made up for by all of the remaining citizens — the non-cheaters. So taxes, or the price of government services, will be higher in the presence of cash than in a world without cash. Non-cheaters, particularly those who don’t use cash, will feel betrayed because they must pay higher taxes to support the ongoing provision of a product they don’t necessarily value. 

Walmart may have a better option. Instead of increasing the price of all goods to make up for the behavior of a few invisible-suit users, it can just raise the price of suits high enough to make up for the shortfall. So customers who like invisibility end up bearing the costs imposed by thieves who weaponize suits. This targeted approach seems like a fairer path for Walmart to take. It releases a large chunk of its customer base from the obligation of offsetting the invisibility-induced shortfall while still giving those who value the privacy provided by invisible suits the option of buying them.

If setting a higher price for invisibility is the best option for Walmart, what about modern banknote-providing governments? In the same way that Walmart increases the price of invisible suits to offset the shortfall created by those who weaponize them, a government can introduce a levy on cash users. Rather than placing this levy on all banknote denominations, it might target high-denomination banknotes instead. The idea is that bulky $1s and €5s may be less useful in large-scale tax evasion than $100s and €200s. 

By setting a levy or negative interest rate of 5 to 10 percent per year on high-denomination notes (there are various ways to do this), the government would be able to earn a large-enough stream of revenue to help offset the shortfall created by cash-using tax evaders. The effect would be a lower tax bill for all non-cheaters, both for those who generally do not use cash and those who use only small-denomination notes ($1 and €5s). In effect, the anonymity provided by $100s and €200s would now be directly paid for by the users of those $100s and €200s. Unlike an all-out ban on banknotes, financial anonymity would still be provided. 

I think it makes sense for the Walmart in our thought experiment to give anonymity pricing a shot. Maybe governments should entertain the idea, too.

[This post was originally published at the Sound Money Project. I've modified it slightly for clarity.]

Stablecoins – a digital version of Swiss bearer savings books

Before anti-money laundering laws arrived in Switzerland, anyone could walk into a Swiss bank and open an account without showing any ID. The bank would then issue you something called a bearer savings book, otherwise known as inhabersparheften or livrets d'épargne au porteur. Ownership of the savings book was considered by the bank to be proof of ownership of the underlying funds in the account. The person who opened the account could keep the book or, if they wanted to, pass it on to someone else without notifying the bank, at which point this second person was now entitled to the underlying funds, who could pass the book on to a third person, etc.

In essence, Swiss banks were issuing their very own version of cash.

As time passed and society's awareness of money laundering grew, usage of Swiss bearer savings books accounts was circumscribed by law. In 1977, banks were required for the first time to identify the initial customer to open the account. Also, anyone who wanted to withdraw over CHF 25,000 had to be identified by the bank. But the savings books still enjoyed a significant degree of anonymity. After account opening and prior to withdrawal, books could continue to circulate without identity checks.

In 2003, the issuance of new bearer savings books was prohibited by the Swiss government. Banks were now required to cancel existing savings books when they were presented to a bank's physical desk. Existing bearer savings books could continue to circulate anonymously from hand to hand, like cash, but thanks to steady cancellations they represented just 0.002% of the total assets held in Swiss bank accounts by 2019.

And so ended the Swiss bearer savings book. In the meantime, however, a similar financial instrument has arrived: the stablecoin.

To get some stablecoins, you need to deposit funds with the issuer, which will identify you upon deposit, but after that the stablecoins are free to circulate in the wild without any sort of checks. You can send them to a friend, and she can send them to a relative overseas, and that relative can transfer them to a drug dealer, and none of these subsequent owners need to show their IDs to the issuer. Stablecoin issuers, much like Swiss banks that once issued bearer savings books, often have no idea who they are dealing with.

So if Swiss bearer savings books have long been prohibited, why are stablecoins allowed to proliferate?

This is exactly the point made last month by FINMA, Switzerland's financial regulator, when it indicated that it will no longer tolerate the anonymous transfer of stablecoins. New guidance states that the identity of anyone holding a stablecoin must be "adequately verified by the issuing institution." So not only yourself, but your friend, her relative, and the drug dealer in the above transaction chain will be required to provide their ID.

To justify its new policy, FINMA appeals to the idea of technological neutrality. My take on technological neutrality is that just because a financial product—in this case a payments product—appears on a novel medium, or substrate (i.e. a blockchain) doesn't mean it is exempt from the same rules that already apply to equivalent products like bank savings books, which are issued on older substrates. Same function, same regulations.

Up till now, stablecoin issuers like Tether have tried to dodge these identification requirements with the legal fiction that only primary holders of stablecoins (i.e. those who originally deposited funds to get stablecoins) are their customers, and so it is only to this batch of holders that they have a due diligence obligation. Secondary, tertiary, and subsequent holders are not "customers", and so the issuers say they don't need to identify them.

But FINMA isn't buying this argument, and rightly so. All holders, not just primary ones, have a "permanent business relationship" with the issuer, says FINMA, and so everyone must be identified. You can certainly understand why FINMA wants to get ahead of this problem. If regular Swiss banks all see that stablecoins are enjoying special treatment, then they'll all join in on the party by switching over to the new substrate.

FINMA's guidance may not seem like a big deal. There are only two Swiss franc stablecoins to which it applies, and they are both tiny. Bitcoin Suisse's XCHF has under 1 million CHF in circulation, and Centi's CCHF doesn't appear to have much more. (Facebook may have run into an earlier informal version of this rule when FINMA assessed initial versions of its Libra stablecoin.)

But as a respected part of the global regulatory fabric, FINMA could very well be copied by other regulators. More importantly, FINMA is a member of the  Financial Action Task Force, or FATF, an umbrella organization representing the anti-money laundering authorities of 38 major nations. FATF promotes global anti-money laundering standards by blacklisting countries that fail to adopt them. If FINMA's policy on stablecoins is indicative of an emerging FATF approach to stablecoins, then expect it to spread.

The shocking thing to me is that it has taken this long for a major global regulator to issue a concrete ruling on the issue of stablecoin anonymity. It's about time. Standard anti-money laundering practice requires financial institutions to verify who is using their platform. Stablecoin issuers shouldn't get a free ride.

Your finances are being snooped on. Here's how

We all have a pretty good idea that our finances are being snooped on, but most of us aren't quite able to articulate how. We know that we're being snooped on by two groups, corporations and the government. This post will focus on how the government surveils our transactions, because democratic governments generally (but certainly not always!) tell us ahead of time what information they will gather, and how the data will be used.

Governments snoop on law abiding citizens' financial data for good reasons – they are trying to trace the money in order to catch bad guys. The government has been given the power to collect this information without having to ask a judge for approval, say by requesting a search warrant. 

I think there is a degree of acceptance among citizens that some amount of warrantless financial snooping is okay, because it reduces crime. But as the intensity of surveillance increases it eventually reaches creepy territory, at which point most of us would prefer the brakes be applied.

Where is this line? I'm a committed comparativist. To get a good sense of how one is snooped on, and whether it has passed over the line to being creepy, one needs a reference point. So in this blog post, I'll compare how two groups of citizens – Americans and Canadians – are being surveiled by their respective governments, so that both groups can better understand, by reference to each other, where they stand.

The first section focuses on the inflows of personal financial data from citizens to the government. The second section will focus on the outflows of data from the government to law enforcement.

***How citizens' personal financial data flows into the government***

Both the U.S and Canadian governments collect large amounts of financial data about their citizens. They do so by requiring banks and other financial institutions to record information about their customers and submit reports to the government about their customers' transactions when certain triggers have been met.

First, let's touch on the total amount of data being hoovered up. On this count, Canada far exceeds the U.S. In the 2022-23 reporting period, Canadian financial institutions submitted a total of 36 million reports to the government containing information about Canadians' financial transactions. That's almost one report per Canadian every year. 

Meanwhile, U.S. institutions sent 27.5 million reports to their government about Americans' financial dealings in 2023, a rate of around 0.1 report for every American, which is ten-times less intensive than in Canada. So based purely on the quantity of data collected, Canada seems to be closer to the "it's getting uncomfortable" level than the U.S. (See table below).

What accounts for this big difference in reporting intensity? In short, it's due entirely to cross-border wire transfers. In Canada, every electronic fund transfer leaving or arriving in Canada must be reported by banks to the government if it sums up to $10,000 or more. So if you've sent an $11,500 wire transfer from your Bank of Montreal account to your son or daughter who lives in London or Paris, congratulations, your name is in a Canadian government database. Or if you run a business and have received a $15,000 digital payment from a U.S. company for services rendered, your corporate data is sitting somewhere in an Ottawa government server.

If you're an American making a foreign wire transfer, your information will not get sent to a government database. The U.S. authorities do not require financial institutions to submit personal information on digital cross-border flows. (Mind you, they have been trying for some time to get the ability to collect this data.)

In the 2022-23 financial year, 27 million of these cross-border wire reports were submitted by Canadian banks, accounting for the lion's share of all 36 million reports submitted to the Canadian government that year.

Apart from cross-border transaction reporting, the nature of Canadian and U.S. eavesdropping is broadly similar.

Let's start with cash transaction reports, or CTRs. When a Canadian goes to their bank and deposits $10,000 or more in cash, the bank will generate a report that it sends to the Canadian government. U.S. banks report deposits and withdrawals of $10,000 in cash to the US government.

So if you're selling a used car and the buyer pays you $12,000 in banknotes, and you deposit that to your bank account, you're now in a government database, whether that be in Canada or the U.S.

Canadian banks generated 8 million CTRs in 2022-23 whereas U.S. banks generated 20.8 million in 2023. Pound for pound, Canadian banks submit more cash transaction reports to their government than U.S. banks, around 0.21 per Canadian compared to 0.06 per American. I'm not sure why. The threshold for reporting a cash transaction in Canada is lower in the U.S. (CAD$10,000 is worth around US$7,300) which may explain some of the difference? Dunno.

With CTRs and cross-border wire transfers, the invasiveness is kept relatively low thanks to the objective criteria that triggers a filing. Exceed the $10,000 threshold and at least you know ahead of time that your information is going to be recorded. A law-abiding citizen who is uncomfortable having their finances being collected by the government can choose to avoid sending cross-border payments or dealing in large amounts of cash. But this objectivity doesn't exist with the next type of report: those related to suspicious activities. 

On both sides of the border, financial institutions must submit reports about transactions deemed suspicious to their respective governments. If you've made a transaction that a bank deems to be suspicious, you'll never know that you've landed in a government database. That's because banks are prohibited from notifying their customers that their activity has been snitched on.  

The determination of what qualifies as suspicious involves a fair amount of subjectivity. Canada requires that financial institutions have a reasonable grounds to suspect that a transactions is linked to terrorism or money laundering before reporting it. That means that mere hunch won't cut it – a Canadian banker must be able to articulate a clear reason for suspicion. Mind you, there's no penalty for banks that fail to attach a specific reason to a report, so the reasonable grounds to suspect standard is often ignored. 

We know that many of these hunch-based reports end up in the government's database. Over the years the Office of the Privacy Commissioner of Canada has collected a list of reports that failed to reach the reasonable grounds to suspect standard, including one case in which some individuals were suspected simply because they had Middle Eastern passports:

From the Office of the Privacy Commissioner's 2017 audit of FINTRAC [source]

My reading of the U.S. requirements for reporting a suspicious transaction suggest a looser standard than in Canada. While U.S. bankers are encouraged to provide a specific red flag in their CTRs, the implementing regulations say they can still file a report if they merely "suspect" a transaction to be associated with money laundering or terrorism, which is a lower standard then the requirement to have a "reason to suspect."

In Canada, there is no size threshold for suspicious activity reporting: even a $50 payment can be reported by a bank. By contrast, the U.S. has set a $5,000 threshold before a suspicious action report must be filed. (When suspicious activity reports were first introduced to the U.S. in 1994, the government floated the idea of not including a threshold at all, as Canada would later do in 2001, but retreated because this would impose a "burden of reporting.")

This difference in thresholds suggests Canada should have a much higher intensity of suspicious transaction reporting than the U.S. Not so. Canadian banks generated 560,858 suspicious transaction reports in 2022-23, around 1.4 reports for every 100 Canadians. Compare this to the 4.6 million reports filed by U.S. banks in 2023, which also comes out to 1.4 reports per 100 Americans. So even though bankers in the U.S. are required to ignore small suspicious transactions below $5,000, they more than make up for it by reporting a larger proportion of transactions than Canadian bankers do. I can only guess why, but this may be due to the looser standard for suspicion, discussed above.

There are several other types of transactions that must be reported to the government, including large virtual currency reports in Canada and foreign bank and financial accounts reports (FBAR) in the U.S., but the volume of this sort of reporting isn't as significant as the other types already discussed, so I won't touch on them.

So to briefly sum up, pound for pound a Canadian is more likely to appear in their government's financial database than an American is. This is because Canadian financial institutions collect personal information linked to cross-border wire transfers – the U.S. doesn't. The most privacy-invasive reports are suspicious ones. Compared to Canadian banks, U.S. banks are more trigger-happy when it comes to deeming a given transaction as suspicious, but the US$5,000 floor on reporting suspicious transactions somewhat mitigates this eagerness. 

Having dealt with what sorts of data flow in to the government, let's talk about what happens next with the data.    

***How personal financial data flows from the government to law enforcement***

The personal financial data accumulated by the two governments are managed by each nation's respective financial intelligent unit, or FIU. In Canada, this institution is known as the Financial Transactions and Reports Analysis Centre of Canada, or FINTRAC. In the U.S., the body that collects personal financial data is known as the Financial Crime Enforcement Network, or FinCEN.

It's here with the management of harvested financial data that the policies of the two countries really start to diverge.

To begin with, let's start with the length of time that data can be kept. In the U.S., FinCEN holds data indefinitely, so its database is forever growing. Canada allows FINTRAC to keep data for at least ten years and up to fifteen years, but after that FINTRAC must destroy any identifying information if it was not disclosed to law enforcement. Since most of FINTRAC's data is not disclosed, that means large amounts of data fall out of FINTRAC's database every year, and thus the amount of personal information collected grows at a slower rate than FinCEN's data hoard.

The differences between the two countries grows even wider when it comes to the question of who has access to citizens' financial data. In brief, U.S. law enforcement is granted broad access to the raw data whereas Canadian law enforcement's ability to see the data is strictly limited.

472 different U.S. law enforcement agencies at the Federal, state, and local levels have the ability to directly query FinCEN's database of CTRs, suspicious activity reports, and more. This amounts to around 14,000 law enforcement officers who can search through the personal financial data of American citizens. In 2023, these 14,000 users conducted 2.3 million searches using FinCEN's query tool.

FinCEN's data can also be downloaded in bulk form to the in-house servers of eleven different federal agencies, including the FBI, ICE, and the IRS. Bulk access (also known as Agency Integrated Access) means that the FBI, ICE, IRS, and eight other agencies don't need to use FinCEN's query tool. This bulk data can be access by another 35,000 agents. Alas, FinCEN doesn't track how many in-house searches were conducted by these agents in 2023, but I'd guess it's in the tens if not hundreds of millions.

By contrast, Canadian law enforcement agencies do not get direct access to FINTRAC's financial data trove. Instead, FINTRAC employs an internal force of a few hundred data analysts to parse the database for clues that suggest participation in money laundering or terrorist financing. Only when FINTRAC employees have attained a reasonable grounds to suspect that a pattern of transactions has crossed the line can they pass a report on to a Canadian law enforcement body, such as the RCMP or municipal police. This report is known as a financial intelligence disclosure and includes information like the name of the transactor, their address, telephone number, criminal record, and more.

FINTRAC submitted 2,085 of these disclosures to law enforcement in 2022-2023.

So to step back for a moment, tens of thousands of U.S. law enforcement officials conduct tens of millions of searches through Americans' personal financial data to get leads. In Canada, this same database can only be accessed a small number of FinCEN FINTRAC analysts, who selectively push a few thousand reports out to Canadian law enforcement each year. 

That's quite the contrast. Put differently, unlike their U.S. equivalents the RCMP, Sûreté du Québec, Ontario Police Police, and other policy agencies do not have the power to pull personal financial data willy-nilly from the government's database. This means far fewer eyeballs on Canadian financial records. As far as protecting the financial privacy of citizens, the Canadian access model does a better job. The U.S. access model is friendlier to law enforcement and stopping crime.

A disadvantage (or advantage, depending on your tolerance for being watched) of the American system is it allows the 11 agencies with bulk access to create "data cocktails" – personal financial data downloaded from FinCEN spiked with their own data sources – in order to better investigate suspects. For instance, according to a 2009 report from the Government Accountability Office, the FBI incorporates bulk FinCEN suspicious activity reports into its Investigative Data Warehouse along with 50 other data sets from different sources. The IRS's Reveal System, portrayed below, ingests FinCEN reports along with tax data to conduct more complex investigations.

The IRS's Reveal System, which ingests FinCEN CTRs along with other non-FinCEN data [source]

I don't know if the FBI and IRS data cocktails still exist, and in what form, but they certainly give a flavor of what sorts of broad access law enforcement can get to personal financial records in the U.S.

By contrast, Canadian law doesn't allow for U.S.-style data cocktails. An agency like the RCMP can't mix FINTRAC's store of personal financial data with their own bespoke data sources because the RCMP is prohibited from pulling raw CTRs, cross-border wire transfer reports, and suspicious transaction reports out of FINTRAC. Only FINTRAC gets to determine what information gets pushed out to the RCMP.

This firewall isn't accidental. As Horst Intscher, a former director of FINTRAC explains, a degree of privacy protection was purposefully built into FINTRAC's original design: "Because of the very broad range of information that the [Proceeds of Crime (Money Laundering) and Terrorist Financing Act] makes it possible for us to receive from reporting entities, it was determined at the original passage of the legislation that protections had to be built, so it would not be construed that there was a flow-through of massive amounts of personal information directed to law enforcement agencies."

In other words, FINTRAC was designed to prevent the likes of the RCMP from creating an FBI-style Investigative Data Warehouse. 

However, the wall imposed between Canadian law enforcement and FINTRAC does have a degree of porosity, enough to provide law enforcement with an indirect way for pulling data out of FINTRAC. If the RCMP is investigating a suspected money launderer, it can submit information about the suspect to FINTRAC in the form of a voluntary information record. For example, it might say that "Joe Blow and his sister-in-law Martha are the subjects of an investigation for drug trafficking and money laundering, and we just thought you should know that." This new data becomes part of FINTRAC's database, against which FINTRAC's agents will check all other data. If the agents spot a match, and it meets the bar for a "reasonable grounds for suspicion", then they must send the RCMP a disclosure containing the relevant personal financial information.  

In 2022-23 FINTRAC received 2,550 voluntary information records from Canada’s law enforcement and national security agencies (including from members of the public), a large number of these eventually boomeranging back to law enforcement in the form of a disclosure. How many? The head of FINTRAC once claimed that "65% to 70%" of FINTRAC's ultimate disclosures to law enforcement are triggered by voluntary information submitted by law enforcement, which hints at how porous the wall is.

----

That sums up my comparison of the inflows and outflows of personal financial data to the U.S. and Canadian governments. This is just a cursory analysis. There are all sorts of other vectors across which to compare the scope of the two nations' data collection efforts that I haven't explored. I've focused on the factors that I think are the most important.

Readers from other countries may be curious to find out about their own FIUs to determine where they stand relative to Canada and the U.S. If so, leave your findings in the comments. My Australian readers, for instance, may be interested to note that their government collects far more private information than the U.S. and Canada combined. AUSTRAC, the Australian FIU, collected 192 million transaction reports in 2023, an astonishing 7 reports per Australian!  This is because AUSTRAC receives information on all cross-border wires, with no lower threshold.

At the outset of this article I suggested that many of us would tolerate some loss of privacy in order to make it easier for the police to catch criminals. A few of us will accept a large loss. Others will not tolerate even the smallest infringement on privacy. An individual's line in the sand is very much a personal matter. I'm going to leave it to the reader to decide which country (if either) approaches the right balance. Is Canada too lax relative to the U.S.? Does the firewall we've erected between the cops and the trove of financial information give criminals free rein? Or does the U.S. not sufficiently respect privacy? Should the FBI and its sister agencies lose some of their unfettered access to Americans' personal financial data?

"I didn't launder the cash, your honor. The robot did."

Crypto enthusiasts protest the trial of Alexey Pertsev

As the multiple Tornado Cash legal cases wend their way through courts in the Netherlands and the U.S., we continue to learn how society's money laundering laws will be applied to some of the more unique financial entities being created on the new technological medium of blockchains.

Last month Alexey Pertsev, a co-creator and co-administrator of privacy platform Tornado Cash, was found guilty of money laundering by a Dutch court. (The full decision translated into English is here). Meanwhile, Roman Storm and Roman Semenov, Pertsev's colleagues, are under indictment in the U.S. for engaging in money laundering, among other charges. Separately, Tornado Cash continues to be sanctioned by the U.S. Treasury.

In general, I think a guilty verdict is the right decision. It would have been dangerous to find Pertsev innocent, since to do so would have given all sorts of hardened money launderers – the mob, drug lords, and terrorist networks – the perfect techno-legal loophole for avoiding future money laundering charge. Shifts in the underlying technology used for disguising dirty money should not be enough to turn a crime into a non-crime.

Before I get into my reasoning, here's some context for people who are new to the issue of Tornado Cash.

Tornado Cash was introduced by Pertsev, Storm, and Semenov in 2019 as a means for crypto users to enjoy privacy, but it wasn't long before thieves and hackers began to regularly deposit large amounts of stolen crypto into the utility to be obfuscated. This was plain as day to anyone who was watching. Blockchains are radically transparent (that's why privacy tools like Tornado are needed) which meant that everyone could watch in real-time as criminal trails converged on Tornado Cash. 

Court cases in both the U.S. and the Netherlands reveal that Pertsev and his colleagues were well-aware that illicit activity passing through Tornado, yet they continued to work on the utility anyways. This is important because possessing a "knowing" state-of-mind is a key ingredient to being found guilty of money laundering. If he had had no idea that the money being disguised was dirty, Pertsev could not have been charged in the first place.

Criminals were not the only users of Tornado. Licit actors who wanted privacy also deposited funds into the entity, including Ethereum co-creator Vitalik Buterin. But the presence of good transactions amongst the bad ones doesn't dilute the seriousness of the alleged crime. All it takes to trigger a money laundering charge is a few dirty transactions. "C'mon! 82% of the money was licit!" is no alibi.

Tornado Cash is by no means the crypto economy's first privacy platform. The original generation of privacy tools, so called "mixers" or "tumblers," began to emerge in the early 2010s with the likes of ChipMixer, Helix, Bitcoin Fog, Sinbad, and Blender. Anyone who required anonymity could send their bitcoins to the platform owner, who would proceed to commingle, or "mix," all incoming bitcoins in a single address under their control, thus rendering them untraceable. After some time had passed, the platform owner manually re-sent the now obfuscated bitcoins to their original sender, less a fee.

Like Tornado Cash, the first generation of privacy utilities was used by both criminals and regular folks seeking privacy. None of these original mixers have had happy endings. The owners of Bitcoin Fog and Helix, Roman Sterlingov and Larry Harmon, were both found guilty of money laundering and are currently serving jail sentences. Minh Nguyen, the administrator of ChipMixer, has been indicted for money laundering and is on the FBI's most wanted cyber list. Blender and Sinbad have both been sanctioned by the U.S. government.

Source

By any legal standard, these bad endings were well-deserved. They may have been technological novelties, but ChipMixer, Helix, Bitcoin Fog, Sinbad, and Blender were very much text-book examples of money laundering. The owners of these entities knew that some of the transactions they were participating in involved proceeds derived from criminal sources, yet despite this knowledge they proceeded to disguise them anyways. The only thing new about Helix and the other first generation mixers was the medium they were disguising – bitcoin instead of cash or deposits.

And so professional mixers like Harmon and Nguyen join a long line of traditional money launderers – dirty bankers, drug cash couriers, crooked remittance shop owners, and hawala operators. The law shouldn't be fooled by technological novelty, and in the case of the first generation of mixers, it wasn't.

That these were textbook cases of money laundering isn't disputed by the crypto community. Crypto advocates are a vocal bunch, and while they have loudly voiced their complaints about the legal action taken against Tornado Cash, they have for the most part quietly accepted the punishments meted out to the first generation privacy platforms. A legal fundraiser to support the Tornado Cash accused, for instance, has raised hundreds of thousands of dollars; there have been no equivalent efforts to raise a legal defence for Harmon, Sterlingov, or Nguyen. Crypto lobbyists have gone to war for Tornado Cash by launching court appeals and filing amicus briefs in its support. But when it comes to defending the Bitcoin Fog or Helix operators, or challenging the government's sanctioning of Sinbad and Blender – crickets.

The Tornado Cash legal cases have been more controversial than those of the first generation mixers thanks to a technical innovation in Tornado's construction. Most of us would consider this to be a relatively obscure change, but crypto enthusiasts see it as a defining one.

Harmon and his counterparts controlled their platforms outright, taking possession of the dirty crypto before manually sending it back to criminals in disguised form. Not so Tornado Cash. When it was built, a layer of automation was inserted between Tornado Cash's users and Pertsev and his colleagues.

Instead of sending their crypto to wallets controlled by the trio, as users did with Helix, crypto was now deposited by users into a set of automated pools. These pools were not managed on an ongoing basis by Pertsev and his colleagues. Rather, they were built using fully automated code on the Ethereum blockchain. Originally co-created by Pertsev in 2019, this code was frozen in time by the designers in early 2020, at which point it could no longer be upgraded or changed by anyone, even Pertsev. To this day the pools continue to operate, even though the Tornado Cash creators are either jailed or under indictment.
 
Other parts of the Tornado Cash platform are not so set-in-stone and remained under the control of Pertsev and his colleagues throughout. This includes the main website by which users accessed the automated pools, which was regularly upgraded over time, as well as the relayer service. (A relayer is a way to guarantee the privacy of Tornado Cash users). Pertsev and his colleagues profited from their ongoing control over the website and relayers.

The lawyers for Pertsev, Storm, and Semenov have argued that this layer of automated code exonerates the trio of money laundering. After all, if they no longer control what the utility is doing, then how can they be said to be operating a money laundering enterprise? The lawyers also argue that as writers of code, Pertsev, Storm, and Semenov are protected by speech laws, much like an author who has written a book. It is the code-is-speech claim that has particularity riled up the crypto community.

I don't like the idea of someone being sent to jail, but I think it's a good thing that the Dutch court chose not to accept these arguments.

Using go-betweens is a time-tested criminal strategy for distancing oneself from the crime. In more conventional money laundering operations, this strategy might involve separating the leader of a cash laundering operation from the actual dirty cash with a layer of underlings. In the age of crypto, no need to use living human underlings; just insert a buffer of unliving code.  

But the law shouldn't be fooled by artificial distances between a launderer and dirty money, whether those intervening layers be living people or code.

Allowing a buffer of automated code to absolve folks like Pertsev of money laundering would make it much easier to be a professional money launderer. Bad actors like Harmon and Sterlingov who have already been deemed by the courts to be criminals would suddenly have the perfect techno-legal loophole at their disposal if they decide to reengage in crypto laundering once their jail terms are up. Instead of manually running their operations as before, Harmon an Sterlingov could insert a mute layer of automated code between them and their illicit clients, their criminal mixing no longer being a crime.

But this would be an absurd state of affairs. A simple technological change to the way a criminal mixer administers their back office shouldn't convert them into a non-criminal.

The danger of the "it was the code that did it" defence extends beyond the crypto economy. In the much-larger traditional economy, laundering physical cash is a relatively common criminal profession. Take the fictional example of Marty Byrde, the star of Ozark. If the Tornado Cash defence were to be accepted in a court of law, then Byrde need only program a set of self-operating cash-handling robots to do most of his tasks for him, and he can get away scot-free. "I don't exercise any control over the packages of cash, your honor. The robots did!"

Or take the example of drug cash couriers, who run the risk of being convicted for money laundering when they move cash across the U.S.-Mexico border. Taking a cue from Tornado Cash, if a courier were to deploy an autonomous fleet of AI-powered drones instead, then when charged with a money laundering offence he or she need only invoke the now-standard defence: "it was the drones who controlled the cash, not me."

Taken to an extreme, the Tornado Cash defence means that money laundering effectively ceases to exist as a crime. All the culpability shifts onto the undead intermediaries, which can't be punished. This eclipsing of money laundering laws would be unfortunate. Professional money laundering is a key sector within the broader criminal economy, greasing the wheels for the entire enterprise. Without any legal defences against launderers, we are all much more vulnerable to crime-in-general.

In what follows, I want to provide a historical example of how the law should act when confronted with the changing tactics and technologies of money launderers.

Money laundering is a relatively new crime, but it has a much older predecessor in the crime of fencing, also known as receiving. The laws against fencing and money laundering are similar, the idea being to punish not the original criminals but the third-parties who knowingly participate in the crime by accepting dirty proceeds.

Any thief runs a big risk of being caught with stolen goods. At some point in the middle ages, specialized intermediaries, or fences, emerged to absorb this risk by accepting stolen property from professional thieves and redistributing it. Thieves could now offload their goods much quicker, thereby achieving a degree of safe harbor. For their part the fences themselves were safe from prosecution. After all, they hadn't committed the original theft, and accepting stolen property was not a crime.

The addition of specialized wholesalers to the thievery production process helped drive a rise in the incidence of theft, according to historian Rictor Norton. To close this loophole, fencing was criminalized in England in 1692. For the first time, a third-party who knowingly accepted stolen goods could be punished as an accessory to the original theft. The business of reselling hot property, risk-free until then, suddenly became much more dangerous.

The illegal fencing market quickly evolved new tactics. Enter Jonathan Wild, an incredibly successful launderer of stolen goods who, by the mid 1710s, is said to have been the "undisputed leader in the fencing business of London," according to marketing professor Ronald Hill. Wild evaded the 1692 anti-fencing law by never himself handling stolen property. Instead, he acted as an early version of Craigslist, but for stolen objects. He arm-twisted all of London's thieves to secretly report any robbery immediately to him, asking them to retain possession until he contacted them. At the same time, the unfortunate victims of those thefts were encouraged to approach Wild with requests to help locate their missing property.

Once Wild knew who was at both ends of a theft, he would pay the thief and tell him to return the goods to the victim using an anonymous porter. The happy victim got their stolen goods back, paying Wild a large reward for his troubles.

With Wild running circles around the law, Parliament passed an additional anti-fencing law in 1718 that punished anyone who took a reward under the pretence of helping a victim of theft, without actually prosecuting the original felon. In 1725, Wild was apprehended, tried, and condemned to death on the basis of this statute. 

A gallows ticket to view the hanging of Jonathan Wild (Wikipedia)

Now, a death sentence is extreme. But this is a good example of the law staying hip to both the changing technology of theft and its evolving division of labour. As the profession began to be subdivided into specialist thieves and an emerging class of allied wholesalers of stolen goods, lawmakers recognized that wholesaling was really just an appendage of theft, and thus fencing was criminalized. Later on, when fences like Wild adapted with new methods, the law kept up by finding additional means to reach fencing operations.

With Tornado Cash, we are at a "Jonathan Wild" stage of the modern money laundering profession's development. Control of dirty proceeds is being shifted to autonomous intermediaries so that the perpetrators can avoid prosecution. Much like how the law adapted in the 1700s to encompass Wild's tactics of distancing himself from dirty property, it will have to do the same with money launderers who use crypto code, autonomous robots, or AI drones to dissociate themselves. While I don't enjoy the idea of anyone spending time in jail, finding Pertsev guilty is part of that process.

Unlike Jonathan Wild, who was a criminal mastermind, Alexey Pertsev and colleagues seem to have bungled into the crime partly out of an ideological commitment to crypto ethics, the wider community unhelpfully egging him on. That doesn't mean he's not guilty, but it does suggest a lighter sentence than the 64-month one he received might be appropriate.

I've been arguing throughout this article that money laundering law should extend to innovative financial entities created on blockchains, such as Tornado Cash. I want to close by pushing back on this a bit.

A guilty verdict for Pertsev and his colleagues should not be tantamount to a ban the creation of autonomous financial institutions, particularly those focused on privacy. If a coder wants to create an open privacy mechanism for crypto, promote it, and financially profit from it, I think that he or she should have the right to do so, subject to the following condition. The code needs to include a component that screens out dirty crypto – and this filter shouldn't be a sham attempt, it has to be a genuine effort.  

While I think the law got it right in this instance, shame on lawmakers and law enforcement if they don't accommodate future generations of code-based entities (and their creators) that actually do make good faith efforts to freeze out dirty money.

Thoughts on the Tornado Cash defence and what happens when everyone adopts it

Payments companies are regularly punished for engaging in money laundering. MoneyGram, for instance, has has to pay multiple fines. Western Union was famously busted in 2017. Meanwhile, Cash App is being probed as we speak for inadequate anti-money laundering controls.

In the future, these companies may have in their grasp a very simple techno-legal trick that allows them to deal with dirty money and get away with it. All they need to do is transfer their entire IT apparatus from a regular set of databases onto "immutable" smart contracts hosted on blockchains.

This, at least, is what happens when you take the arguments put forward by the Tornado Cash defence team to their logical conclusion.

If you follow this blog, you'll know I've written a lot about Tornado Cash.

Cryptocurrency isn't private; it's radically transparent. The function that Tornado Cash serves is to accept traceable crypto from users, both licit and illicit, and return it to them in untraceable format. Beginning in late 2020, a steady stream of stolen crypto began to be moved by thieves onto Tornado Cash for the purposes of obfuscation. In effect, money laundering was now occurring on the platform. But who were Tornado Cash's money launderers? More specifically, someone was to blame for helping these thieves to disguise their tracks – who was this someone?

Last August the U.S. government indicted two people involved with Tornado Cash for conspiracy to commit money laundering.  I wrote about the government's indictment here. (They were also indicted for conspiracy to evade sanctions and the operation of an unregistered money transmitting business, but that's another story.)

Roman Storm and Roman Semenov, the accused, wrote the original smart contracts for Tornado Cash and exercised a degree of control over a key website for accessing those smart contracts. The government alleges that Storm and Semenov knew that the property being transferred to Tornado Cash was criminally derived, and that they also knew that the hackers wanted to disguise its source. Yet the duo conducted the financial transactions anyways. These three elements – knowledge, the conducting of financial transactions, and the presence of unlawful money – are key ingredients to building a money laundering charge. (See specifically 18 U.S.C. § 1956(a)(1)B(i).)

Last week the defence lawyers for one of the accused parties, Roman Storm, filed a motion to dismiss the case, giving observers some initial insights into what arguments will be used to try and beat the government's money laundering charge. As I'll show, assuming these arguments are right, then a big chunk of the existing payments system has a fool proof plan for avoiding money laundering laws.

The distinction between the Tornado Cash front end and the actual Tornado Cash smart contracts looms large in the case, so let's touch on that briefly. The smart contracts are bits of code that reside directly on the Ethereum blockchain. This code allows users to deposit their trackable crypto to a pool along with many other users and then withdraw it, obfuscated. A front end, by contrast, is a regular website that allows users to interact with the smart contracts, and is hosted through a normal internet provider .

While users are free to interact directly with the Tornado Cash code, the most popular way to access Tornado was allegedly via the intermediation of the main website that was under the control of Storm and his colleagues.

The key argument made by Storm's lawyers is that the accused are not subject to the money laundering statutes because the money laundering statutes only apply to people who "conduct" what are defined as "financial transactions," and Storm did not conduct financial transactions.

The defence says that in order to show that someone was conducting a financial transaction it must be the case that control was exercised by that person over the actual criminally-derived funds. Storm may have had some control over the front end, but the defence claims this doesn't really matter because the front end itself did not exercise any control over the proceeds. "It did not access the funds directly," the lawyers argue. "It merely provided an interface to permit a user to interact with the smart contracts."  

As for the smart contracts, Storm clearly had no control over them. He had relinquished control back in May 2020, when a trusted setup ceremony ensured that no further changes could be made to the code. At that point, the smart contracts worked automatically. Bad actors only discovered Tornado Cash several months after the ceremony, at which time Storm had long gone. Furthermore, the smart contracts didn't actually control the funds, say Storm's lawyers, it was users of Tornado Cash who controlled the funds within the pool.

So, there you have it. The government's money laundering charge against Storm and Semenov requires locating a person or institution who is in control of the dirty funds and conducts financial transactions with them, says the defence. But it isn't the accused who exercised this control, it is the users who did so, via the intermediation of a set of financial automatons, the smart contracts.

For the philosophically crypto-pilled, the defence's arguments will make sense, since according to this view crypto is a revolutionary force for good, one destined to "break" what they see as a corrupt and old-fashioned financial system. For this breaking to happen, crypto shouldn't be forced to conform to the same old laws as stodgy payments companies like Western Union. New laws, or new ways of looking at old laws, should be shaped around crypto.

But to the non-crypto pilled, a successful defence of Storm and Semenov is quite concerning. As described by Bruce Schneier and Henry Farrel, it could potentially mean that anyone who wants to facilitate illegal activities would have a strong incentive to copy Tornado Cash, effectively turning their operation into a "golem" – a deathless artificial being run on smart contracts – and then throwing away the keys to avoid the law.

More specifically, by shifting their entire IT infrastructure over to smart contracts or some other equivalent automaton, payments institutions like MoneyGram that are currently subject to the money laundering statutes (and have already been punished under them several times) might be able to avoid future prosecution. If criminals start using the autonomous MoneyGram robot to make payments, MoneyGram can simply say: "The robot allowed them to do it, not us!" As for the official MoneyGram front end, even if the mob becomes a happy customer MoneyGram needn't worry since the front end is nothing but a filmy gauze between users and the autonomous robot, the company never actually controlling the funds (although according to the Tornado Cash lawyers the front end can continue to safely generate a profit for its owners!)*

The money laundering statutes – 18 U.S.C. § 1956 and § 1957 – are two of democratic society's key legal bulwarks against criminal behaviour. In a world in which the Tornado Cash defence prevails and payments companies adopt it as a techno-legal shield against money laundering charges, 1956 and 1957 become much less effective – and not because we decided to soften them via a democratic process, but because financial institutions found sneaky ways to get around the rules.

Mind you, the money laundering statutes wouldn't disappear entirely. The Tornado Cash defence's point is not that there is *no* money launderer. Rather, their argument is that it is the users of Tornado Cash, the public, who had "exclusive control," and not Storm and Semenov, so the latter duo aren't the guilty parties. Taking this control theory further, if the government wants to charge anyone with money laundering, it should probably be trying to target folks like Vitalik Buterin, a member of the public who regularly put his funds into Tornado Cash and thus potentially participated in the concealment of unlawful proceeds deposited by criminals.

What a dangerous financial tool to make available to the public!

Right now, I can safely transfer $1000 to Western Union without having to worry about commingling my $1000 with a criminal and thus facing a potential money laundering charge. The company takes on that liability for me. But if Western Union stops performing this legal responsibility by building financial automatons to which everyone has open access, both good and bad actors, then I am suddenly at risk of being a counterparty to criminals when I transfer $1000 to Western Union, and that could turn me into a money launderer. Money launderers can face up to 20 years in prison.

For users, a Western Union transfer suddenly becomes the financial equivalent of handling nuclear waste or operating a five-story crane. It's a task most people can't, and shouldn't, handle. Given the inherent legal risks, it's possible that the market will never widely adopt financial services delivered in the form of robots or golems or immutable smart contracts, preferring to stick with the traditional safe intermediaries who take on the burden of compliance. Or not?

Storm's lawyers may win this particular case. Their logic certainly seems sound, but I'm no lawyer. If so, there's a good argument to be made for lawmakers to consider modifying the definitions of words like "conducting" and "financial transactions" found under the money laundering statutes to prevent future efforts to use the Tornado Cash techno-legal trick. If  by merely swapping the technology used to deliver financial services a payments institution can suddenly avoid the law and offload legal responsibility onto users, that's probably a hole that needs closing.

---

* MoneyGram would still be able to financially profit from the combination of smart contracts and a front end, much like how Storm and Semenov did with Tornado Cash, by finding canny ways to use their control over the front end. According to the indictment, Storm and Semenov, along with others who had control over the front end, curated a list of "relayers" – third parties who provided users with bolstered privacy protection – and then extracted resources from relayers who wanted the privilege of getting on the list.

This profit motive can't help prove that Storm was engaged money laundering, says the defence, since there are many examples of criminals using "lawful tools for unlawful ends," and even though the tools' developers have "profited from that use" those developers were not punished.