The Senate Banking Committee's New Market Structure Draft Is Dangerous Slop

100 63.9 year-olds walk into a bar and try to regulate the Internet. On Tuesday, the Senate Banking Committee has released a 278-page draft for market structure regulation that can only be described as dangerous slop.

Hailed by many in the industry as a positive achievement, the draft features developer protections that are not really developer protections, no Bank Secrecy Act safeguards for self-custodial wallets and even its potential application to DeFi, provisions that could pave the way for Travel Rule-like legislation, AML for web-front ends and big checks for blockchain analysis firms.

Most importantly, the Senate Banking Committee's market structure draft amends the PATRIOT Act to create special measures directly targeted at digital assets that could lead to the restriction of privacy-enabling technologies.

As Democrats – paid by big banks – and Republicans – paid by the cryptocurrency lobby – tried to reconcile their differences, the rest of us are left with laws that create nonsense distinctions between technologies and hand much of Congress' authority to establish regulatory clarity to Government agencies.

The goal, it seems, was less to bring regulatory clarity to the cryptocurrency ecosystem, and rather to have done something after months of negotiations.

According to Crypto in America, the Senate has received 137 amendments to the draft. It is scheduled for markup on Thursday, January 15th.

KYC All The Things: Is Market Structure Blowing Up?

A leaked proposal by Senate Democrats would give Treasury sweeping powers to ban non-custodial services, establishing authority over what code can be deployed, and what code can’t.

The RageL0la L33tz

Developers Can Still be Prosecuted

The draft includes a new version of the Blockchain Regulatory Certainty Act (BRCA), which has long been argued to be a key regulation to protect developers. Following negotiations, the BRCA now explicitly cites exemptions under AML/CTF laws. While it protects developers from being charged as money transmitters for creating non-custodial software, it offers no protections from the actual issue: namely being held accountable for what others do with your software.

The BRCA section states that “non-controlling” developers or providers, defined as a developer or provider that “does not have the legal right to or the unilateral and independent ability to control, initiate upon demand, or effectuate transactions involving digital assets to which users are entitled without the approval, consent, or direction of any other third party” should not be treated as a money transmitter under Section 1960 of 18 USC, which governs money transmission registration requirements.

This shaves a maximum of five years off of any potential charges, but continues to leave the door wide open to charge non-custodial developers with conspiracy to evade sanctions and conspiracy to commit money laundering if people use their software for illicit means – carrying up to 40 years in prison.

As Senator Cynthia Lummis states herself regarding the BRCA on X: it keeps "every AML protection in place."

White House Digital Assets Report Deems Financial Privacy “Primary Money Laundering Concern”

The White House Digital Assets Report asks the Treasury to finalize a rule that would codify all transactions that obfuscate the source of funds as a “primary money laundering concern”.

The RageL0la L33tz

No BSA Protections for Self Custody

Under the Keep Your Coins Act, the draft states that “a Federal agency may not prohibit, restrict, or otherwise impair the ability of a covered user to self-custody digital assets using a self-hosted wallet or other means to conduct transactions for any lawful purpose,” but under the rule of construction states that the guaranteeing of the right to self-custody digital assets should not hinder the application of the Bank Secrecy Act, or any other law relating to illicit finance.

Specifically, the draft states that “nothing in this section may be construed to limit the authority of the Secretary of the Treasury, the Commission, the Commodity Futures Trading Commission, the Board of Governors of the Federal Reserve System, the Comptroller of the Currency, the Federal Deposit Insurance Corporation, or the National Credit Union Administration to carry out any enforcement action or special measure authorized under applicable law, including the Bank Secrecy Act, section 9714 of the Combating Russian Money Laundering Act (3111 U.S.C. 5318A note), and section 7213A of the Fentanyl Sanctions Act (21 U.S.C. 2313a); or any other law relating to illicit finance, money laundering, terrorism financing, or United States sanctions.”

The rule of construction, as written, does two things: it continues to give the Government all authority to seize assets held in self-custody without violating said "right" to self-custody, and offers no protection for the future application of the BSA to non-custodial wallets.

New Market Structure Draft Amends Money Transmission Laws To Protect Developers

The new draft retroactively applies a control requirement to money transmitter qualifications, redefining a law unfit for the digital age.

The RageL0la L33tz

DeFi Services Could Be Brokers – and Forced to Apply the BSA

A bit over a year ago, the cryptocurrency industry was furious as Gary Gensler's SEC attempted to push through the so-called broker rule, which would have classified any DeFi service with sufficient control as an intermediary required to report trading activity to the IRS, and thereby KYC their users. Industry organizations deemed the rule unconstitutional and sued the SEC, which eventually backed away from its plan.

Under the title "Responsible Innovation in Decentralised Finance," the Senate Banking Committee appears to now want to bring a similar broker rule. The draft includes provisions for the SEC to issue guidance on the application of BSA and AML/CTF compliance for "non-decentralized finance protocols" in cooperation with the Treasury.

The measure of control herein does not rely on control over funds, but on control over the software – putting anyone developing a protocol that needs to be maintained and updated, which is close to every protocol, at risk.

Broker Rule: IRS Requires Non-Custodial Services To Report Trading Information

Custody over funds is not necessary to be considered a broker by the IRS.

The RageL0la L33tz

Travel Rule-like Regulations for Non-Custodial Wallets

The draft further tasks the Treasury to issue guidance for financial institutions that transact with "self-hosted wallets."

The guidance is meant to be "part of the national strategy for combating terrorist and other illicit financing required under sections 261 and 262 of the Countering America’s Adversaries Through Sanctions Act."

The guidance shall be based on research on “end user and counterparty risks associated with self-hosted wallets, including consumer fraud, cybersecurity, and identity verification; the use of hardware self-hosted wallets to smuggle digital assets for financing cross-border illicit activity; the use of hardware self-hosted wallets for tax evasion and asset concealment; and other considerations the Secretary may determine appropriate,” as well as “illicit activity, such as money laundering and sanctions evasion, involving self-hosted wallets; the effectiveness of and gaps in existing methods, techniques, and strategies used by regulated financial institutions in detecting illicit activity such as money laundering, involving self-hosted wallets;” and “any illicit actors, including nation state actors, that pose a high risk of facilitating illicit activity through the use of self-hosted wallets,” among other things.

The draft clarifies that the Treasury’s guidance for financial institutions shall “not require a regulated entity to collect, with respect to any transaction, personally identifiable information about the controller of a self-hosted wallet when the controller is not both the customer of the regulated entity and a party to such transaction, except as required by United States sanctions laws and regulations or lawful process.”

The provision sounds eerily similar to the potential introduction of a FATF-style Travel Rule already in force in the EU and UK, in which crypto asset service providers must verify whether a customer sending money to a non-custodial wallet actually owns the address they are sending funds to.

Mandating Blockchain Analysis for Web Front Ends

Under “Illicit Finance Obligations for Distributed Ledger Application Layers,” the Senate Banking Committee does not just invent an entirely new term; it also imposes sanctions compliance regulations for this term, which roughly translates to web front ends.

The draft defines “Distributed Ledger Application Layers” as “a web-hosted software application that provides a user with the ability to create or submit an instruction, communication, or message to a distributed ledger application or decentralized finance trading protocol for the purpose of executing a transaction by the user.”

The draft states that this will not include a distributed ledger protocol, a distributed ledger application, a distributed ledger system, a decentralised finance trading protocol, non-custodial soft- or hardware wallets, or nodes and validators.

As the draft states, “not later than 360 days after the date of enactment of this Act, the Secretary of the Treasury shall issue guidance clarifying the economic sanctions obligations, as well as applicable anti-money laundering and countering the financing of terrorism requirements, applicable to a distributed ledger application layer that is owned or operated by a United States person, as defined in any law imposing or authorizing the imposition of economic sanctions.”

This guidance shall include the use of commercially available distributed ledger screening measures and analysis tools to “identify wallet addresses that are owned by sanctioned persons, involve jurisdictions or financial institutions subject to United States sanctions, or otherwise present indicators of activity prohibited by United States sanctions,” to block, reject, and prevent "the routing of, or otherwise restricting attempted transactions prohibited by United States sanctions laws,” to block and restrict “transactions that exhibit indicators of ransomware activity, illicit-finance typologies, or any other pattern that presents a significant and identifiable illicit-finance risk based on a commercially reasonable distributed ledger-analytics assessment,” and to implement and maintain “risk-based measures, consistent with applicable law, to identify, mitigate, and address anti-money laundering and countering the financing of terrorism risks.”

The measures, according to the draft, shall also include “monitoring for risk indicators and limiting exposure to illicit-finance risks, which may include restricting, limiting, or otherwise mitigating exposure to high-risk transactions,” and “complying, as applicable, with special measures implemented by the Secretary of the Treasury under section 5318A of title 31, United States Code.”

US Government To Bring PATRIOT Act to Digital Assets

FinCEN Director reveals that the Treasury is finalizing a ban on privacy tools, Representatives revive Special Measures to Fight Modern Threats Act

The RageL0la L33tz

Handing Authority to the Treasury under the PATRIOT Act

The handing of authority to the Treasury is found in both the Keep Your Coins Act and in the web front end provision under section 5318A, referring to the PATRIOT Act – namely its provisions on international counter-money laundering requirements.

Section 5318A allows the Treasury to implement special measures for financial institutions regarding transactions originating from certain jurisdictions, but also for certain types of transactions.

The draft herein amends the PATRIOT Act's special measures to allow the Treasury to prohibit certain types of cryptocurrency transactions it deems a primary money laundering concern.

These could, for example, be transactions that involve coinjoins or payjoins, as the Treasury has already completed a public comment period on its so-called Mixer Rule, leaving only its enforcement as the next step. The Rage has repeatedly warned of the application of the PATRIOT Act to digital assets here and here.

Under “Special Measures Relating to Certain Transmittal of Funds,” the draft states that "If the Secretary of the Treasury finds that a jurisdiction outside of the United States, or one more financial institutions operating outside of the United States, or one or more classes of transactions within, or involving, a jurisdiction outside of the United States is of primary money laundering concern in connection with illicit finance through the use of digital assets, […] the Secretary may, by order, regulation, or otherwise as permitted by law, prohibit, or impose conditions upon, certain transmittals of funds (to be defined by the Secretary by regulation) by any domestic financial institution or domestic financial agency, if such transmittal of funds involves any such institution, class of transaction, or type of account.”

For the lack of Congressional protections for privacy software developers and users present in the current draft, it can be concluded that the Senate Banking Committee’s market structure proposal is not so much a document that will give non-custodial developers the protections and clarity they so urgently need, but rather functions as a piece of legislation that will continue to put non-custodial developers and users of privacy software at the will of the Government, leaving the door wide open to the full surveillance of all users of non-custodial software.

Independent journalism does not finance itself. If you enjoyed this article, please consider making a donation. If you would like to note a correction to this article, please email corrections@therage.co