Google Play Store Bans Wallets That Don't Have Banking License

Update: Google has clarified that non-custodial wallets are not meant to be in scope of the Play Store Policy. The Play Store policy will be updated accordingly.

Google Play Store has introduced a policy that requires any software wallet developer to obtain a license before publishing cryptocurrency wallet apps to the Google Play Store "to ensure a safe and compliant ecosystem for users."

The policy targets 15 jurisdictions, including the European Union and the United States, laying out which regulations Google Play Store expects software wallet developers to comply with. This includes being a registered Money Service Business with FinCEN in the US, as well as obtaining a MiCA license in the EU.

Google's new policy does not distinguish between custodial and non-custodial software, placing unmeetable burdens on non-custodial wallet developers.

Forcing AML/KYC on Non-Custodial Wallets in the US

In the United States, the policy requires that "the developer must be either (a) registered with FinCEN as a Money Services Business and with a state as a money transmitter or (b) a federal or state chartered bank entity." An MSB registration then requires entities to adhere to strict Anti-Money Laundering (AML), Counter Terrorist Financing (CTF), and Know Your Customer frameworks (KYC).

Google's policy thereby goes well beyond what is required of non-custodial wallets by law. As clarified in FinCEN's 2019 guidance on Convertible Virtual Currencies, FinCEN makes clear distinctions between "hosted" (meaning custodial) and "unhosted" (meaning non-custodial) wallets, which it does not classify as money transmitters.

As the number one cost point for financial institutions, the compliance programs required of MSBs by FinCEN would drive the majority of non-custodial wallets out of the Play Store, stifle free software innovation to a crippling degree, and force AML/KYC on all non-custodial wallets available on out-of-the-box Google devices.

FinCEN To SDNY: Samourai Wallet Did Not Need MSB License

A recent filing suggests that Samourai Wallet prosecutors withheld exculpatory evidence, revealing that FinCEN told SDNY that the developers likely did not need an MSB license.

The RageL0la L33tz

A Defacto Non-Custodial Wallet Ban in the EU

In the EU, the Policy states that "the developer must be authorised as a crypto-asset service provider (CASP) under the markets in crypto-assets (MiCA) regulation by a relevant national competent authority. Any other local legal requirements, including any national-level restrictions or requirements beyond MiCA, must also be complied with."

MiCA issues licenses to so-called Crypto Asset Service Providers (CASPs), which are defined as exchanges, trading platforms, and other businesses which issue or hold custody of digital assets.

Licensing burdens aside, a MiCA license would thereby not be issued to a simple non-custodial software wallet, effectively excluding all non-custodial wallet developers from offering software in the Google Play Store in the EU, leaving licensed CASPs as the only organizations to be able to offer non-custodial wallets for the Play Store.

Meet FATF: The Financial Bullies Memberclub Trying To KYC The Planet

There’s assholes, and then there’s FATF. The Financial Action Task Force is an intergovernmental body created in 1989 to “combat money laundering and terrorist financing”. In its thirty-plus years of existence, FATF has bullied countless countries into exclusionary financial policies. Now it’s coming for your bitcoin. The past week has

The RageL0la L33tz

Legislation by Commercial Enforcement

While private entities are entitled to serving their own risk appetite, Google Play Store's policy seems to be an enforcement of the Financial Action Task Force's (FATF) 2021 guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers.

As the primary money laundering authority in the world, FATF regularly updates its recommendations to include new and emerging threats and technologies. FATF recommendations are binding for member states, violations of which may lead to black- or grey listing of countries, functioning similar to a global trade sanctions regime.

FATF guidances, however, are not binding, and rather constitute suggestions for increased risk management. In 2021, FATF laid out technology which could be defined as a Virtual Asset Service Provider (VASP) – the equivalent to the EU's CASP – to include the development of non-custodial front-end services.

Specifically, the FATF defines whom it qualifies as a Virtual Asset Service Provider (VASP) by measure of control: If a service provider or developer holds control over funds, the product qualifies as a VASP to fall under local licensing requirements.

But according to the FATF, even decentralized software applications "often still have a central party with some measure of involvement or control, such as creating and launching [...] user interfaces," opening the door to the blurring of lines between custodial and non-custodial software.

After the attempted (and partially successful) regulation by prosecution in the US to force non-custodial software under existing regulatory regimes, we appear to now be entering the era of regulation by commercial enforcement, where non-custodial software is required to comply with custodial regulations not by law, but by monopoly.

Independent journalism does not finance itself. If you enjoyed this article, please consider making a donation. If you would like to note a correction to this article, please email corrections@therage.co