FATF's Crypto Guidelines Could Pose Serious Financial Privacy Issues: OECD Blockchain Advisor

The Financial Action Task Force (FATF), an intergovernmental organization that aims to combat financial crimes such as money laundering, has reportedly been working on drafting a comprehensive set of regulatory guidelines for firms dealing in cryptocurrencies.

Established in 1989 after consultations involving G7 members, the FATF’s regulatory framework for digital assets will focus on how to apply the “travel rule” to crypto exchanges, wallet providers, and various other services involving blockchain-based tokens.

“Travel Rule” for Crypto Would Be Bad for Financial Privacy

Notably, FATF’s travel rule would require that crypto exchanges share customer identification information with each other - if users transfer digital assets between different trading platforms. Several crypto industry analysts have argued that implementing this type of rule would be bad for crypto users’ financial and personal privacy.

Additionally, industry participants have said that it would become increasingly difficult to conduct business for blockchain firms - if the travel rule and other similar restrictions are imposed by the FATF and other regulatory agencies. Although FATF’s recommendations are not legally binding, most countries still follow them and often avoid engaging in trade relations with nations that don’t follow the agency’s guidelines.

Potentially “Huge Privacy Issues”

Commenting on user privacy issues related to FATF’s proposed guidelines, Joseph Weinberg, Blockhain Advisor at the Organization for Economic Cooperation and Development (OECD) (an intergovernmental agency established to promote world trade) told CryptoGlobe:

Let's say you're sending money from an exchange, and you're sending it to a smart contract. Well, is there even a person involved in the receiver data?

He added:

It becomes a huge privacy issue. Like how do you ensure that transactions are confidential? And how do you ensure that identity data is confidential? And, you know, the right to be forgotten? How does that work now? Because now it's embedded in every single transaction.

“Willing to Sacrifice Billions of People into Poverty”

While speaking to CryptoGlobe at the CryptoCompare Digital Asset Summit in London, Andreas Antonopoulos, a widely-followed Bitcoin maximalist and distributed systems expert, said that FATF’s recent guidelines regarding VASPs (virtual asset service providers) could potentially “sacrifice billions of people into poverty in order to create this illusion of safety.”

The author of “The Internet of Money” argued that “in countries where the government is taking a fairly authoritarian approach towards finance”, we might have bigger problems.

He remarked:

The truth is, we cannot address crime, or poverty, or crime arising out of poverty, by doing totalitarian surveillance of transactions.

Meanwhile, Weinberg, who’s also the Co-Founder of Shyft (“a credentials verification platform that authenticates sender identities and unlocks new economies of trust”) and the CEO of Paycase, believes: 

This is the real fight that the industry should be facing. It's these things that matter right now.


FATF Confirms Crypto Firms Must Share Customer Information

On June 21, 2019, the FATF released an update in which it confirmed that VASPs - including cryptoasset exchanges - must share customer information with each other when transferring funds from one platform to another.

FATF’s recent statements regarding the proposal it submitted in February 2019 have made it clear that crypto-related businesses will be required to pass their users’ personally identifiable information (PII) to each other. As explained, this requirement should be followed when cryptocurrency is transferred between two different exchange platforms (or other type of crypto-related services).

As noted under FATF’s guidance, the customer information that should be included for each transfer is as follows:

(i) originator’s name (i.e., the sending customer); (ii) originator’s account number where such an account is used to process the transaction (e.g., the VA wallet); (iii) originator’s physical (geographical) address, or national identity number, or customer identification number (i.e., not a transaction number) that uniquely identifies the originator to the ordering institution, or date and place of birth; (iv) beneficiary’s name; and (v) beneficiary account number where such an account is used to process the transaction (e.g., the VA wallet).

Ravencoin Vulnerability Allowed Attackers to Increase Total Supply by 1.5%

Attackers have exploited a vulnerability found in Ravencoin, an open-source fork of Bitcoin that launched in 2018, to generate extra RVN tokens “beyond the coinbase of 5000 RVN per block.”

According to a Medium post published by Ravencoin lead developer Tron Black, community members from the CryptoScope team reached out to the Ravencoin team with the findings. Both teams then worked together to stop the exploit from being leaked, and started “code review to detect, isolate, and fix the issue.” The post reads:

A community code submission caused a bug that has been exploited. Law enforcement has been notified and is working with us. The vulnerability does not allow the stealing of RVN or assets that you own and control, but the minting did create RVN that should not exist.

In total, the extra coins that were minted beyond Ravencoin’s total 21 billion supply are the equivalent of 44 days worth of mining, or about 1.5% of the RVN tokens that will ever exist. Black’s suggestion on the post was for the community to absorb the economic cost of the extra tokens, or to move the halving 44 days earlier.

He added the minted RVN tokens were moved to an exchange and traded, and as a result were mixed with other circulating RVN tokens. This means that trying to burn the tokens, even if with community backing, will “cause irreparable harm to innocent victims.”

The burden, Black added, is currently being shared across all RVN holders in proportion to their holdings in the form of inflation. The developer urged users to keep trading to a minimum until a fix is issued. Details on the vulnerability will not be revealed until the fix is implemented.

Featured image by Tyler Quiring on Unsplash.