Government Tries To Sneak In KYC Testimony Against Roman Storm
We won't be talking about KYC your honor, except that we will.
Update: the court has endorsed the prosecution's motion, allowing the Government's expert witness to testify to the feasibility of implementing KYC/AML in Tornado Cash; despite the developer no longer being charged with KYC/AML violations.
Earlier this year, the criminal case against Tornado Cash developer Roman Storm took a drastic turn. Following instructions from Deputy Attorney General Todd Blanche to the Department of Justice, the Southern District of New York (SDNY) begrudgingly dropped part of its unlicensed money transmission charge against the developer.
Under USC 18 §1960(b)(1)(B), the Government had effectively deemed Tornado Cash a financial institution, with which the developers would have been required to implement a comprehensive Anti-Money Laundering (AML) framework, as well as Know Your Customer (KYC) checks.
But, since the Government is no longer arguing that Tornado Cash is a financial institution, Judge Failla ruled in pretrial proceedings that the words AML and KYC had no place in the trial against Storm.
A motion filed on Sunday now reveals that the Government seems to continue to try to sneak in KYC testimony – just without saying the words.
SDNY Down Bad on Semantics
The next few days of Roman Storm's trial continue to be dedicated to prosecution witnesses. One of these witnesses is Philip Werlau, a smart contract security researcher at the AML Compliance firm ANCHAIN.AI, according to LinkedIn. Werlau is set to testify to measures that Storm could have taken to prevent criminal actors from accessing Tornado Cash from a technical perspective.
One of these measures, the Government is arguing, is the implementation of "a 'registry of authorized users' that would allow the service to confirm
the identity of people making deposits and withdrawals" – while at the same time arguing that "Mr. Werlau will not make mention of regulatory obligations and related terminology," such as KYC.
While surely a compelling argument on semantics, let's let us look at how the main institutions tasked with combating money laundering define KYC.
On a global level, the Financial Action Task Force (FATF) defines KYC as a measure "intended to enable a financial institution to form a reasonable belief that it knows the true identity of each customer," allowing financial institutions to "identify and verify the identity of each customer on a timely basis."
Similarly, the International Monetary Fund (IMF) defines KYC procedures as "identifying if the potential or actual customer (or beneficiary), or the maker or recipient of assets transfers, is a criminal or terrorist."
In the US specifically, the Financial Crimes Enforcement Network (FinCEN) describes the Customer Identification Program rule – the legal equivalent to KYC as defined in the US Patriot Act – as "procedures that enable the financial institution to form a reasonable belief that it knows the true identity of its customers."
By these definitions, the Government appears to effectively be proposing to not let Werlau use the words KYC, but still let him testify to the implementation of the concept of it.
Does KYC Prevent Crime?
With the Government arguing that Storm could have implemented what can only be defined as KYC measures to prevent criminals from accessing Tornado Cash, a necessary question appears to be whether current AML frameworks – including KYC – actually work to prevent crime.
As The Rage contributor and Cato Institute policy researcher Nicholas Anthony highlights in his blog Banking and Bureaucracy, 27.5 million reports filed in 2024 under Bank Secrecy Act regulations – the legal guideline mandating the implementation of AML frameworks for financial institutions – possibly aided in 800 to 9,000 convictions.
For those who don't want to do the math: that is a success rate of 0.002 to 0.03 percent.
More strikingly, industry leaders argue that KYC may actually contribute to criminal activity in cryptocurrency. In May, Coinbase revealed that overseas support agents had sold KYC information on customers to unauthorized third parties. Soon after, Solana co-founder Raj Gokal was doxxed on social media, with hackers revealing personal information acquired in a KYC process, including his home address.
"Always remember to dress up smart for your KYC photos," the founder joked on X (formerly Twitter). "You never know what kind of reach they might get on social media."
Cryptocurrency related kidnappings and extortion have been a long term issue in the space that can be combated with privacy services like Tornado Cash, a fact to which Storm witness Matthew Green is set to testify at trial.
Independent journalism does not finance itself. If you enjoyed this article, please consider making a donation. If you would like to note a correction to this article, please email corrections@therage.co
