The first round of U.S. secondary sanctions on Russia is working

Turkish banks halted transactions with Russian banks last month and are only slowly reintroducing payments for a narrow range of products that are on a so-called "green list," reports Ragip Soylu. This broad debanking of Russia by Turkey is part of the fallout from President Biden's first round of secondary sanctions, announced on December 22. 

Ukraine/sanctions watchers around the world are breathing a sigh of relief. At last the cavalry has arrived! While the Russian sanctions program has often been described by the press as the "world's strictest", in actuality it has been (till now) alarmingly light-touched due to its lack of the toughest tool of financial warfare: secondary sanctions.

Primary sanctions vs secondary sanctions

Secondary sanctions, especially when applied to foreign banks, are far more damaging than primary sanctions, which to date have been the dominant type of sanction levied against Russia. 

With primary sanctions, it is the "primary" layer – U.S. citizens and companies – that are cut off from dealing with the designated Russian target(s). However, primary sanction don't prevent non-U.S. individuals or non-U.S. companies, say a Turkish bank, from filling the void left by departing American counterparts, often acting as a re-router of the very U.S. goods that can no longer be moved directly to Russia by U.S. firms. So rather than reducing the amount of Russian trade, primary sanction often lead to little more than a displacement of trade from one route to another. That's a nuissance for the targeted country, but hardly a game changer.

Secondary sanctions are an effort to combat this displacement effect. They do so by extending the trade prohibitions placed on the primary layer, U.S. actors, to the second layer, that is, to non-U.S. actors. In the case of Biden's December order, foreign banks can no longer facilitate certain Russian transactions that have already been off bounds to Americans for several years.

So far, Biden's secondary sanctions appear to be working. In addition to halting all transactions with Russia for a month, Turkish banks have completely stopped opening accounts for Russian customers. According to Reuters, Turkish exports to Russia fell 39% year-on-year in January. In China, reports say that banks have "heightened scrutiny" of Russian transactions, in some cases going so far as to cut off Russian banks. UAE banks have also begun to restrict linkages to Russia.

Why comply with the U.S.?

Why do non-U.S. actors bother complying with U.S. secondary sanctions? After all, if you're a Turkish banker in Istanbul, Biden has no jurisdiction over you. America can't put you in jail, or fine you.

The way that the U.S. is able to sink a hook into non-U.S. actors is by threatening to take away access to the U.S. economy. Foreign banks, for instance, are told they will be exiled from the all-important U.S. banking system if they don't severe or constrict their Russian relationships. Since access to the Ne York correspondent banking system is so important relative to the small amounts of sanctioned Russian business they must give up, foreign banks are quick to fall into line.

Biden's secondary sanctions on foreign banks only apply to a narrow range of transaction types, specifically those that support Russia's military-industrial base. In short, any foreign bank that is found to be conducting transactions involving military goods destined for Russia can be penalized. Those foreign banks that deal in, say, Russian food imports needn't worry.

Turkish banks appear to have overcomplied by dropping any transaction that even has a whiff of Russia. This de-risking effect is a common by-product of various banking controls, both sanctions and anti-money laundering, whereby banks cease dealing not only with prohibited customers but certain legitimate customers that are superficially similar to prohibited customers that they are deemed too risky and expensive to touch.

According to reports, Turkish banks have reintroduced transactions for green-listed products such as agricultural products, which aren't actually targeted by the U.S. secondary sanctions.

Turkish financial institutions may be particularly sensitive to U.S. sanctions given the fact that an executive of Halkbank, a Turkish government-owned bank, was sentenced to 32-months in U.S. jail in 2018 for helping Iran evade U.S. sanctions and money laundering. One of his evasion routes was the notorious gold-for-gas trade, which I wrote about here. Halkbank itself was indicted in 2019 for sanctions evasion; the case against it is ongoing.

An unforgiving legal standard

An important element of any alleged crime is the mental state of the alleged criminal, or their "intent." This gets us to another reason for the rapidity and breadth of the debanking of Russian trade. Biden's secondary sanctions have a novel legal feature. The legal standard on which they rely, strict liability, does not require that the prosecution prove intent.

Up till now, U.S. secondary sanctions have not deployed this sort of a strict liability standard. To demonstrate that a foreign bank has engaged in evading secondary sanctions on Iran, for instance, U.S. prosecutors have been required to show that the foreign bank did so knowingly. If the banker conducted prohibited Iranian transactions unknowingly (i.e. inadvertently or unintentionally), then they couldn't be found guilty of sanctions evasion.

Under the strict liability standard set out in Biden's December 22 order, there is no onus on U.S. sanctions authority to show that a foreign bank has knowingly conducted transactions linked to Russia's military-industrial complex. Even an unintentional transaction can be punished. Because this strict liability standard makes it so much more likely that foreign banks run afoul of sanctions and get cut off from the U.S. banking system, bankers are rushing to comply.

What's next?

When the U.S government asked domestic entities to stop dealing with Russia a few years ago, many of these transactions were quickly displaced to third-parties like Turkey. By deputizing foreign banks to be equally vigilant, secondary sanctions will likely crimp the original displacement effect, resulting in a big and permanent decline in Russian trade.

To get an idea for what might happen to Russia's military-industrial goods trade, take a look at how Iran's oil exports were halved after Obama imposed secondary sanctions on Iran in 2012, leapt when they were lifted in 2016, and crumbled again when Trump reimposed them in 2018.

The lesson is that secondary sanctions on foreign financial institutions can be very effective.

Evasion efforts will begin very quickly. When secondary sanctions were first placed on Iran in 2012, Turkish bank Halkbank introduced a forged document scheme in an effort to disguise trade in sanctioned crude oil shipments as legitimate food transactions. The U.S. will have to step up its enforcement efforts to plug these holes. Without proper enforcement, the effect of the secondary sanctions will remain muted.

Using the secondary sanctions on Russia's military-industrial complex as a model, there are many more sectors of the Russian economy on which secondary sanctions might be placed. The next round could extend to Russian automobile imports, its central bank, or the diamond industry.

Secondary sanctions to strengthen the oil price cap 

Even more useful would be to use secondary sanctions to strengthen the most important piece of financial artillery heretofore deployed against Russia: the $60 oil price cap. 

The price cap endeavors to force Russia to accept a below-market price for the oil that it ships, thus hurting its ability to finance its invasion of Ukraine. The cap is currently underpinned at the primary level by threatening banks, insurers, shippers and other businesses located in the EU, U.S., and other G7 countries ("the Coalition") with penalties if they trade in Russian oil above $60. Because Russia has historically been dependent on Coalition service provides for shipping oil, it has been getting less revenue for its oil then it would otherwise receive. 

However, over time a growing chunk of Russia's oil exports has been diverted away from Coalition service providers to third-parties in jurisdictions like Turkey and UAE that are not subject to the cap. This has allowed Russia to sell at prices in excess of $60 and thus recover much of its forgone revenues. If the cap were to be applied not only at the primary Coalition layer, but also at the secondary layer by requiring foreign financial institutions to join in via the threat of secondary sanctions, then much more Russia oil would brought back under the $60 ceiling, and Russia's ability to finance its war against Ukraine would be significantly crimped.

What does the recent ruling on the Emergencies Act mean for your banking rights?

A Federal judge ruled last week that the emergency banking measures taken to end the Ottawa convoy protest in 2022 contravened the protestor's rights. In this post I want to provide my reading of this particular ruling and what is at stake for Canadians and their bank accounts. 

To be clear, Justice Mosley's ruling touched on far more than the banking measures, and extended to the broader legality of the government's invocation of the Emergencies Act on February 14, 2022, subsequently revoked on February 23. However, since this is a blog on money, I'm going to limit my focus to the banking bits of the court ruling.

(By the way, I've written about emergency banking measures a few times before.)

To remind you, there were two emergency banking measures enacted in February 2022 that affected regular Canadians. The most well-known measure was the freezing of bank accounts. The RCMP collected the names of protestors, and forwarded these to banks and credit unions, which used this information to locate protestors' accounts and immobilize their funds. In the end, 280 bank accounts were frozen.

The second and less well-known banking measure was the requirement that banks share protestors' personal banking information with the RCMP and the Canadian Security Intelligence Service (CSIS), including how much money the protestor had in their account and what sorts of transactions they made.

Justice Mosley has ruled that these banking measures – both the freezing and the sharing – violated the Canadian Charter of Rights and Freedoms. Specifically, they contravened Section 8 of the Charter, which specifies that everyone has the "right to be secure against unreasonable search or seizure."

The best way to think about Section 8 is that all Canadians have privacy rights. These rights cannot be trodden on by the government. The police can't conduct unjustified personal searches of your body or home, say by snooping on your credit card transactions. Nor can they seize your bank statements or your computer in order to gather potentially incriminating information on you.

This doesn't mean that a Canadian can never be subject to searches and seizures. Section 8 doesn't apply when the person who is subject to a search or seizure has no privacy rights to be violated. So for example, if I leave my old bank statements in the trash on the curb, it's likely that I've forfeited my privacy rights to them, and the police can seize and search them without violating Section 8 of the Charter.

An interesting side point here is that Canadians don't forfeit their privacy rights by giving up their personal information to third-parties, like banks. We have a reasonable expectation of privacy with respect to the information we give to our bank, and thus our bank account information is afforded a degree of protection under Section 8 of the Charter.

My American readers may find this latter feature odd, given that U.S. law stipulates the opposite, that Americans have no reasonable expectation of privacy in the information they provide to third parties, including banks, and thus one's personal bank account information isn't extended the U.S. Constitution's search and seizure protections. This is known as the third-party doctrine, and it doesn't extend north of the border.

Canadians can also be lawfully subject to searches and seizure by the police if these actions are reasonable, as stipulated in Section 8 of the Charter. There are a number of criteria for establishing reasonableness, including that a search or seizure needs to be authorized by law, say by a judge granting a warrant. In addition, the law authorizing the warrant has to be a good one. (Here is a simple explainer.)

Before we dive into why Justice Mosley ruled that the government's bank account freezes and information sharing scheme violated Canadians' rights, we need to understand the government's side of argument.

On the eve of invoking the emergency measures, Prime Minister Justin Trudeau promised that the government was "not suspending fundamental rights or overriding the Charter of Rights and Freedoms." He reiterated this a week later after the Emergencies Act had been revoked:

When we invoked the Emergencies Act on Monday of last week, we had three principles in mind: restoring peace and order, making sure the measures were proportionate and compliant with the Charter of Rights and Freedoms, and making sure it was time-limited.

— Justin Trudeau (@JustinTrudeau) February 24, 2022

But what about the legal specifics of the banking measures? Were they compliant with the Charter, and how? Government lawyers argued from the outset that the requirement for banks to share personal banking information with the RCMP and CSIS did not violate Section 8 of the Charter. While the sharing order constituted a search under Section 8, it was a reasonable search, they said, and reasonable search is legitimate.

As for the freezes, and here things get more complicated, the government maintained that they did not constitute seizures at all, and thus weren't protected under Section 8. The government begins with a literal argument. The funds in the 280 frozen bank accounts were not taken or seized; rather, banks were simply asked to "cease dealing" with some of their customers in such a way that these customers never lost ownership of their funds. This was a mere freeze, the government claims, rather than a harsher sort of government "taking" of funds , say like a Mareva injunction, warrant of seizure, or restraint order, all of which are seizures under Section 8 of the Charter.

As back up, the government offered a more technical argument. According to Canadian legal precedent, it is only certain types of government searches and seizures that trigger Section 8 protections. These are laid out in a case called Laroche v Quebec (Attorney General). Specifically, only those seizures occurring in the process of an investigation and prosecution of a criminal offence are protected. The government maintains that the freezes it placed in February 2022 were not related to a criminal offence – they were merely designed to "discourage" participation in the protest – and so they were not the sorts of seizures protected by the Charter. (The government's full argument that it laid out for Justice Mosley here.)

The invocation of the Emergencies Act required the independent inquiry be launched, the results of which were released in February 2023. The commissioner of that inquiry, Justice Rouleau, ended up siding with the government's assessment of the legality of the bank account freezes. The freezing of accounts was "not an infringement" of section 8 of the Charter, wrote Rouleau, because they were not a seizure.

Here I'm going to briefly inject my own personal thoughts as a citizen blogger.

Look, I think it's a good thing that the government has various financial buttons at its disposal that it can press to lock or restrict my funds, like restraint orders. But I also think its a good thing that these buttons are subject to certain controls, one of which is that they must respect my basic rights, even in an emergency situation. I find it somewhat worrying that in this particular case the government seems to be arguing that it has at its disposal a new type of "immobilize funds" button that is completely exempt from charter oversight due to the fact that it, somewhat arbitrarily, escapes definition as a seizure. This seems like a distinction without a difference to me.
 
Disagreeing with both Justice Rouleau and the government's logic, Justice Mosley in his judicial review ends up siding with the counter-arguments deployed by two civil liberties organizations that opposed the government in the case. (Their respective arguments are laid out here and here).

First, regarding the sharing of information with the RCMP and CSIS, Mosley rules this constituted a search covered by Section 8. Contra the government, these searches were not reasonable, and thus they violated the protestors' Charter rights.

While the government had argued that the searches were reasonable due to their limited duration and targeted focus, the judge finds that they lacked an "objective standard." Banks only needed a "reason to believe" that they had the property of a protestor before reporting the information to the RCMP or CSIS, but according to Mosley this criteria was too wide and ad hoc to qualify as reasonable. Would a hunch or a rumour qualify as a "reason to believe"? Perhaps.

The searches were also unreasonable, according to Justice Mosley, because they had none of the other well-defined standards for reasonable search, including a lack of prior authorization for each search by a neutral third party like a judge. In February 2022 it was bankers, not judges, that carried out the searches, assembly line-like.   

As for the freezes, Justice Mosley disagrees with the government's arguments, finding that the freezing of bank accounts did indeed constitute a seizure of the sort protected by Section 8. Adopting the viewpoint of a regular Canadian, he first argues that a "bank account being unavailable to the owner of the said account would be understood by most members of the public to be a 'seizure'."

Mosley proposes an alternative opinion that it was the forced disclosure of the financial information by banks to the RCMP and CSIS that constituted a seizure. In this reading, what was being seized was personal payments and ownership data. The protestors had a "strong expectation of privacy" in these financial records, and thus Section 8 is applicable.

So to sum up, a Federal court has deemed that the bank accounts freezes placed on protestors in February 2022 were indeed seizures, and not some other strange sort of freeze-not-a-seizure, and therefore they were subject to the Charter. As for the searches, they were unreasonable (as were the seizures). The government will be appealing to the Federal Court of Appeal, so these arguments will be re-litigated. Stay tuned.

My take is that Justice Mosley's rulings are reasonable and helpful guidelines for future governments seeking to levy banking measures in subsequent emergencies. The ruling doesn't expressly ban the levying of bank freezes, and that's probably a good thing. Let's not forget that the requirement for banks to cease dealings with protestors, albeit illegal in this particular case as per Justice Mosley, was a fairly effective measure. The threat of having their money immobilized helped get the protestors to leave, right? And not a single person was injured. Think of bank account freezes as the domestic version of foreign sanctions, a way to bloodlessly defuse an emergency situation and avoid sending in the more deadly cavalry. This seems like a good tool, no?

The catch, as Mosley suggests, is that the government needs to tighten up the the process of freezing bank accounts come next emergency so that they are constitutional. How tight? One might argue that the standard for freezes shouldn't be as high as a regular restraint order on funds during a non-emergency. On the other hand, freezes shouldn't become some sort of dark tool for circumventing the Charter.

Do bitcoin ETFs conflict with bitcoin's original ethos?

Some folks are suggesting that a bitcoin ETF is absurd because it doesn't fit with Bitcoin's original ethos. On the contrary, I think it's a nice snug fit.

It would be a misunderstanding of bitcoin's history to assume that it was the idealism of cypherpunk-ism that gave birth to the Bitcoin movement. Bitcoin would never have got off the ground without a massive amount of old fashioned greed, too. In bitcoin-speak, this greed usually goes by the term number-go-up, and it was crucial from the start. The new bitcoin ETFs are certainly not cypherpunk, but they are very much in the founding spirit of number-go-up.

One of the main goals of the cypherpunks, if you recall, was to create anonymous digital cash. And while bitcoin certainly has some roots in cypherpunk ideals, it soon became apparent to everyone that number-go-up was at odds with the dream of digital cash: after all, an asset with a volatile price makes for an awful medium of exchange. It didn't take long before number-go-up had drowned out the cypherpunks.

I recall walking into Montreal's Bitcoin Embassy in 2014, which was located on the busy intersection of St-Laurent and Prince-Arthur. I had already been researching and writing about bitcoin for a few years, but decided to play it dumb to see how the folks at the Embassy would approach the task of teaching a newbie about bitcoin. Instead of preaching to me about how to make a bitcoin payment from my own self-custody wallet, the ambassador walked me over to a large screen showing bitcoin's price. "Look, it's rising," he said in awe.

That, in short, sums up bitcoinism. Like 1980s televangelism with its gold-plated cowboy boots, mansions, private jets, and a dose of God on the side, bitcoin is all about the price chart with a small helping of cypherpunk ideology.

Number-go-up has always required getting ever more people into the game. Bitcoin, after all, is itself sterile. Unlike a publicly-traded business, it doesn't generate a stream of improving profits, so the only way for its price to keep rising is to recruit more players, much like a pyramid or a chain letter. From the early days, getting access to traditional financial and banking infrastructure has been crucial to making this recruitment process go as smoothly as possible.

Docking bitcoin to the existing financial edifice began in 2010 with the first bitcoin exchanges, which hooked into the crucial global bank wire systems like SWIFT, as well as local wire systems like the Federal Reserve's Fedwire system and Europe's SEPA system. These integrations were key to pumping the initial rounds of money into the game, and pushing the number above $1, and then $10, $100, and $1000.

Later on, bridges to the Visa/MasterCard debit card and credit card networks brought an even tighter fusion between bitcoin and the regular world, more inflows, and more number-go-up. The addition of bitcoin purchases to mobile payment apps like PayPal and Cash App came after. Viewed in this context, ETFs are nothing new, really; they only represent the next coupling between the two worlds.

As for regular old finance, it isn't complaining. The task of players like Visa is to generate profits – they want nothing more than to add new products like bitcoin to the list of products they already connect. The curious result is that no chain-letter style product has ever gone as mainstream as bitcoin has.

Now that bitcoin ETFs exist, number-go-up demands even more linkages to traditional finance and banking. What's next? One possibility: expect the bitcoin community to lobby for federally-chartered banks to be allowed to offer bitcoin products alongside savings deposits and retirement accounts. Banks offering bitcoin to their retail client base may seem inconsistent with bitcoin's more cypherpunk-y dreams of replacing the banking system, but on the contrary: its hard to imagine a more fantastic recruitment tool for number-go-up.

It's time to impose Iran-calibre sanctions on Russia

Russia is sometimes described as the world's most sanctioned nation. And while that's true, the long list of sanctions that the G7 coalition has placed on Russia in response to its attack on Ukraine are surprisingly light compared to the fewer but far more-draconian sanctions placed on Iran over the last decade or so.

This ordering of sanctions precedence is a mistake. With its all-out invasion of Ukraine, Russia has moved past Iran into top slot at world's most dangerous nation. Vladimir Putin merits a sanctions program that is at least as onerous as Iran, if not more so, yet for some reason he is getting off lightly. It's time to apply Iran-calibre sanctions to Russia.

What makes a draconian sanctions program draconian?

What makes the Iranian sanctions program so draconian is that many of the sanctions are so-called secondary sanctions, a feature that has been mostly absent in the Russian sanctions program.

When the U.S. or EU levy primary sanctions on an entity, they are saying that American individuals, banks, and businesses (and European ones, too) can't continue to interact with the designated party. This hurts the target, but it leaves foreign individuals, banks, and businesses with free reign to fill the void left by departing American and European actors, thus undoing part of the damage.

Secondary sanctions prevent this vacuum from being occupied. The U.S. government tells individuals or businesses in other nations that they, too, cannot deal with a sanctioned entity, on pain of losing access to U.S. economy. It's either us, or them.

When applied to foreign financial institutions (i.e. banks) secondary sanctions are particularly potent. The U.S. tells foreign banks that if they continue to provide banking services to sanctioned Iranians, the banks' access to the all-important U.S. financial system will end. Since the U.S. financial system is so crucial, foreign banks quickly offboard all sanctioned Iranian individuals and businesses. The sanctioned Iranian entity finds that it has now been completely removed them from the global financial system. This financial shunning effect is much more powerful than the effects created by primary sanctions or secondary sanctions on non-banks.

Notice that I've limited my commentary on secondary sanctions to the U.S. Since it first began to use secondary sanctions in 1996, the U.S. Treasury has become a master of the art, whereas as far as I know they are a tool the EU has long resisted adopting.

The bank-focused secondary sanction placed on Iran over the last decade-and-a-half have been particularly devastating because they target a broad sector of Iranian society, most crucially the Iranian oil sector, the life blood of Iran's economy. Secondary sanctions prevent foreign banks from processing Iranian oil trades on pain of losing access to the U.S., and so most foreign banks have chosen to cease interacting with the Iranian oil companies.

The chart below illustrates the effectiveness of this approach. When President Obama placed the first round of bank-focused secondary sanctions on Iran's oil industry in 2012, the nation's oil exports immediately cratered from around 2 million barrels per day to 1 million barrels. When he removed them in 2016, they quickly rose back up. And when Trump reapplied the same secondary sanctions in 2018, they collapsed once again, almost to zero.

Source: CRS [pdf]

In short, U.S. secondary sanctions imposed huge body blows on the Iranian oil industry. These same forces have not been brought to bear on Russia's oil industry.

A dovish Russian sanctions program

While the Russian sanctions program is often portrayed as being strict, it is far lighter than other sanctions programs, including the one placed on Iran, because it is comprised almost entirely of primary sanctions. (For a good take on this, see Esfandyar Batmanghelidj here). While a small list of secondary sanctions have been placed on Russia, for the most part they have not been of the banking type.*

The second reason why the Russian sanctions program is dovish is that the oil component of the EU and U.S. sanctions campaign has been particularly lenient. Take a look at the above chart of Iran oil exports and you can see very real evidence of damage from sanctions. Scan the chart of Russian oil exports below, however, and it suggests business as usual.

Source: CREA

Sure, the EU and other coalition partners have cut Russian oil imports to almost nil, and that's great. But overall, this effort hasn't done much harm to Putin, since over time the coalition's respective share of Iranian oil exports has simply been taken up by nations like India and China. Both before and after the 2022 invasion of Ukraine, Russia reliably shipped around 1,000 kt/day of crude oil and crude oil products.

Underlying this leniency, G7 businesses are still allowed to engage in the Russian oil trade, as long as this doesn't involve bringing the stuff back to the EU. For instance, foreign buyers of Russian oil (say like Indian refiners) are allowed to hire European insurers and shipping companies to import Russian oil.

There is a limitation on this. European insurers and shippers can only be used by an Indian refiner, or some other foreign buyer, if the purchase price of Russian oil is set at $60 or below. This is what is known as the G7 oil price cap.

Because the insurance and shipping industries of the UK, EU, and U.S. have a large share of the market, Russia has had little choice but to rely on coalition intermediaries for selling at least some of its oil at $60. This has come at a cost to Russia; it must sell at below-market prices. And that certainly makes Russia worse off than a world in which there was no oil price cap.

But the very fact that these purchases are occurring at all, compared to a world in which Iran-calibre sanctions would prevent them from ever taking place, illustrates how weak the oil price cap is. 

Russia's oil export income is the life-blood of Putin's war economy. These funds gets funneled directly to the front-line in the form of weapons and supplies. It's time to get serious about Russian sanctions, remove the dovish oil price cap, and apply to Russia the same calibre of secondary sanctions that so effectively crimped Iranian oil exports.

We may have to deescalate sanctions on Iran in order to escalate them on Russia

What has prevented the U.S. and its allies from applying draconian Iran-style sanctions to Russia? One of their main worries is that taking a major oil exporter out of the market will have major macroeconomic impact. 

Russia currently exports around 4 million barrels of crude oil per day, as well as a large amount of refined products such as gasoline. Assuming that half of this were to be removed by secondary sanctions, world oil prices would probably rise. Voters in the EU and US would get angry. Neutral countries dependent on oil imports – China, India, Brazil – would push back against the colation, because they'd have to scramble to replace a major supplier. Secondary sanctions aren't just a nuisance for these neutral parties. Due to their extraterritorial  nature, secondary sanctions impinge on the sovereignty of neutral nations. This creates hostility, understandably so, the negative blowback eventually flowing back to the U.S.

So if the EU, U.S. and the rest of the coalition are going to get serious about sanctioning the Russia's oil industry, and thus removing a few million barrels of oil per day from the world market, they may need to counterbalance that in order to soften the blow. One way to do so would be to free up more Iranian oil exports, which means softening the sanctions on Iran.

That doesn't mean not applying sanctions to Iran. A version of the $60 price cap on Iranian oil probably makes a lot of sense. However, a fully armed financial battleship – i.e. bank-focused secondary sanctions directed at a major crude oil exporter's oil industry – may be something that has to be reserved for one country only: Russia.

Now, I could be wrong about the world being unable to bear draconian sanctions on two major oil exporters. Maybe I'm creating a false dichotomy, and in actuality the choice is less stark and the coalition can actually apply draconian oil sanctions on both Iran and Russia. If so, I stand corrected.

Either way, Russia's oil industry has skated through the invasion and resulting sanctions remarkably unscathed, as the Iranian counterexample illustrates. It's time to cut off Russia's main source of revenues by putting the same set of secondary sanctions that Iran has faced on Russia's oil patch. 

---

* There are a few bank-focused secondary sanctions placed on Russia. Notably, Section 226 of CAATSA (2017) requires foreign financial institutions, or FFIs, to avoid certain sanctioned Russians or sectors on pain of losing access to the U.S. banking system. (See here, for example.) However, the U.S. must not be enforcing Section 226 very tightly because I haven't found a single case of a bank being punished under 226.

This December, another round of secondary sanctions was imposed on FFIs. Any foreign bank that facilitates transactions involving Russia’s military-industrial base may be cut off from the U.S. financial system. Additionally, any bank that conducts transactions for specially designated nationals who operate in Russia's technology, defense and related materiel, construction, aerospace or manufacturing sectors may face punishment. Note that both rounds of secondary sanctions leave the Russian oil industry untouched.

Are flatcoins a good idea?

I'll start with the conclusion. I don't think flatcoins are a good idea.

The idea for flatcoins has been around for a while, but it got a wider airing when it popped up in a Coinbase marketing piece from earlier this year. Now, arch-crypto hater Nouriel Roubini has undergone a Damascene conversion and is about to introduce a crypto flatcoin, suggesting that these novel instruments are "the way forward."  

What is a flatcoin?

If you own one dollar's worth of stablecoins or one dollar's worth of Wells Fargo deposits, both stay locked at $1 dollar indefinitely. A flatcoin, by contrast, slowly rises in value over time to compensate the holder for inflation. So if you own a single flatcoin worth $1 today, it will be worth $1.0001 tomorrow, and $1.0002 the next day, and so on. Twelve months later its value will have arrived at $1.05. This 5% appreciation protects you from 5% inflation, leaving your purchasing power unchanged.

Roubini and Coinbase are marketing flatcoins as a blockchain-specific thing, but there's no reason the concept couldn't by packaged up as a traditional financial product, one without a blockchain. Imagine a Wells Fargo account that holds 100 in Wells flatbalances which rise by 3-4% a year. Or imagine a flatnote, the issuer indexing the purchasing power of its paper banknotes to inflation by promising to buy them back at progressively higher prices.

Roubini stakes out a role for flatcoins as a potential "global means of payment." As far as monetary/payments technology goes, I disagree. I think flatcoins are an evolutionary dead-end.

One of the key features of money that makes it so popular is that it is directly fused to the dominant commercial language that we all use in our day-to-day economic lives.

What do I mean when I say commercial language? We converse and haggle with each other in terms of the dollar, we think and plan in terms of dollars, we dream in dollars, and we remember in dollars. Every facet of our day-to-day commercial lives revolves around this very basic measuring unit. (In Europe, the euro serves as the basis of Europe's commercial language, and in Japan it's the yen.)

The dollars that we own in our pockets (and in our bank accounts, as well as the stablecoins in our Metamask wallets) have been conveniently designed to be fully compatible with the dollar measuring unit that we refer to in language. That is, our media of exchange are pegged, or wed, to $1. For instance, if I've got to make a $1500 rent payment next week, I know that the 1500 units sitting in my bank checking account are a precise fit for meeting that obligation. I don't know the same about my other assets, say my S&P 500 ETF, my gold, my government bonds, or my dogecoins.

This standardization is a convenient feature. It takes a lot of hassle out of day-to-day commercial life. It means that when we buy things or make plans to buy things, it's not necessary to engage in constant translations between the dollar media in our pocket and the dollars in our speech and thoughts and plans. As Larry White once put it, harmonizing the unit we use in our speech with the units we transact with "economizes on the information necessary for the buyer's and the seller's economic calculation."

Since everyone tends to converge on these very useful standardized units for making payments (i.e. deposits, stablecoins, and banknotes), the markets for them have become highly developed and liquid. This only makes them more useful for payments, in effect locking in their dominance.

A flatcoin, by contrast, has been rendered incompatible with the dollars that we use in our speech. One unit might be worth 1.1145 times the dollars we use in our speech today, and 1.1147 tomorrow, and 1.1205 next month. This erases one of the most user-friendly features of money, its concordance with the commercial vernacular, alienating anyone who might use it for their day-to-day spending. Flatcoins will thus be less liquid than standardized 1:1 dollars, and this lack of liquidity will render them even less useful for making payments.

There's the secondary problem with flatcoins that stems from taxes. Since a flatcoin rises in value over time, all purchases made with flatcoins will generate a small taxable capital gain. This introduces an administrative burden which makes it even less likely that people will use flatcoins as an everyday medium of exchange.

This incongruity between linguistic dollars and flatcoins doesn't mean that people won't hold them. They might be useful as a type of long-term savings vehicle, much like how one might buy and hold a fixed income ETF. But unlike Nouriel Roubini, I don't think they are "the way forward" when it comes to acting as a medium of exchange. No one is going to be buying a coffee with a flatcoin.

The long arm of OFAC and its reach into the Ethereum network

Coinbase, the U.S.'s largest crypto exchange, is openly processing Ethereum transactions involving Tornado Cash, a piece of blockchain infrastructure that was sanctioned by the U.S. government last year for providing mixing services to North Korea. 

Over the last two weeks Coinbase has validated 686 Tornado-linked transactions, according to Tornado Warnings. I've screenshotted the table below:

This table shows how many blocks each validator has proposed that includes a transaction that has interacted (either depositing or withdrawing) with Tornado Cash contracts in all denominations, or with TORN tokens. Source: Tornado Warnings by Toni Wahrstätter

This is awkward for everyone involved.

First, it's embarrassing for the agency that administers U.S. sanctions, the U.S. Treasury's Office of Foreign Assets Control, or OFAC. OFAC clearly states that U.S. based persons are not to transact with sanctioned entities unless they have a license. Yet here is America's largest crypto exchange interacting with a sanctioned entity, Tornado Cash, without a license.

OFAC can look away and pretend that nothing unusual is happening, which is pretty much what it has done so far. But since these financial interactions are clearly displayed on the blockchain, everyone can see the infraction occurring. Eventually, OFAC will have to confront the problem and make some tough decisions, a few of which may end up damaging companies like Coinbase and the Ethereum network.

The whole affair is also awkward for the crypto industry. After a 2022 in which much of the ecosystem went bankrupt or succumbed to fraud, crypto currently finds itself in the damaging crosshairs of the culture war and the pervasive threat of being banned. It is desperate for social license, yet here is crypto's leading company choosing to operate in contravention of one of the key pillars of U.S. national defence.

Meanwhile, Coinbase's main U.S. competitor, Kraken, has taken a very different approach to dealing with Tornado Cash. As the table above shows, Kraken has processed zero Tornado Cash transactions over the last two weeks compared to Coinbase's 686. These diverging approaches to handling sanctioned transactions only highlight the awkward nature of crypto's "compliance" with sanctions law.

Before I dive deeper, we need to fill in the basics. For folks who are confused about crypto, what follows is a quick explanation why Coinbase is interacting with Tornado Cash, whereas Kraken isn't.

What is validation?

To begin with, Coinbase and Kraken operate in many different businesses. Their most well known business line is to provide a trading venue where people can deposit funds in order to buy and sell crypto tokens.

I suspect that both companies are being very careful to ensure that their trading venues avoid any dealings with Tornado Cash. If someone were to try to deposit Tornado-linked funds to Coinbase's exchange, for instance, I'm sure Coinbase would quickly freeze those transactions, which is precisely what OFAC obliges it to do. Crypto trading venues have gotten in trouble before for dealing with sanctioned entities: last year Kraken was fined by OFAC for processing 826 transactions on behalf of Iranian individuals.

But the issue here isn't these companies' trading platforms. Coinbase's interactions with Tornado Cash are occurring in an adjacent line of business. Let's take a look at how Coinbase and Kraken's validation services business operate.

Say that Sunil lives in India and wants to make a transaction on the Ethereum network, perhaps a deposit of some ether to Tornado Cash. He begins by inputting the instructions into his Metamask wallet. This order gets broadcast to the Ethereum network for validation, along with a small fee, or tip. A validator is responsible for taking big batches of uncompleted transactions, one of which is Sunil's Tornado Cash deposit , and proposing them in the form of "blocks" to the Ethereum network for confirmation. As a reward, the validator collect the tips left by transactors.

The biggest validators are the ones that own large amounts of ether, the Ethereum network's native token. Since Kraken and Coinbase have millions of customers who hold ether on their platforms, they have become two of the most important providers of Ethereum validation services. Coinbase accounts for 14% of global validation while Kraken stands at 3%, according to the Ethereum Staking dashboard. So even though Sunil is not actually depositing any crypto to Coinbase's trading venue, he may end up interfacing with Coinbase via its block proposal and validation business.  

Validators can choose what transactions to include in their blocks. This explains the difference between the two exchanges. Whereas Kraken chooses to exclude transactions like Sunil's Tornado Cash deposit, Coinbase includes all transactions linked to Tornado Cash in the blocks that it proposes, in the process earning transaction fees linked to Tornado Cash.

To sum up, Coinbase operates its trading venue in a way that complies with OFAC regulations, but it doesn't run its validation service in the same manner, whereas Kraken does. Next, we need to fill in another important part of the story. What does OFAC do?

OFAC around and find out

For folks who don't know how U.S. sanctions work, a big part of OFAC's job is to blacklist foreign individuals and organizations who are deemed to undermine U.S. national security or foreign policy objectives. These blacklisted entities are known as SDNs, or specially designated nationals. U.S. citizens and companies cannot deal with SDNs without getting a license.

OFAC also administers comprehensive sanctions. These prevent U.S. individuals or businesses from interacting with entire nations, like Iran.

With each of the individuals or entities that it designates, OFAC discloses an array of useful information including the SDN's name, their aliases, address, nationality, passport, tax ID, place of birth, and/or date of birth. U.S. individuals and firms are supposed to take a risk-based approach to cross-checking this information against each of the counterparties they transact with so as to ensure that they aren't dealing with an SDN. They must also be aware of U.S. comprehensive sanctions so they don't accidentally interact with an entire class of sanctioned individuals, say all Iranians. Failure to comply can result in a monetary penalty or jail time.

Whereas Coinbase appears to have chosen to ignore OFAC's requirements when it comes to validation, Kraken hasn't, and has incorporated the SDN list into the internal logic of the validation services that it provides. But Kraken has only done so in a limited way, as I'll show below.

Five years ago OFAC began to include an SDN's known cryptocurrency addresses in its array of SDN data. To date, OFAC has published around 600 crypto addresses, including around 150 Ethereum addresses, of which a large chunk are related to Tornado Cash. Kraken is using this list of 150 addresses as the basis for excluding certain transaction from the blocks that it is proposing to the Ethereum network.

Data source: OFAC and Github

Among members of the crypto community, this sort of editing out of OFAC-listed addresses is sometimes described as creating "OFAC-compliant blocks." Hard core crypto ideologues believe that it compromises Ethereum's core values of openness and resistance to censorship.

While Kraken's approach may appear to be the compliant approach to proposing blocks, it's not. It's half-compliance, or compliance theatre. 

OFAC-compliant blocks as compliance theatre 

Right now, Kraken's block validation process merely weeds out transactions involving the 150 or so Ethereum wallets that OFAC has explicitly mentioned, which includes Tornado Cash addresses. But many of the SDNs linked to these 150 wallets have probably long since adapted by getting new wallets. Kraken isn't taking any steps to determine what these new wallets are, and is therefore almost certainly processing these SDN's transactions in its blocks. This would put it in violation of OFAC policy.

Of the 12,000 or so SDNs on OFAC's SDN list, most are not explicitly linked by OFAC to a specific Ethereum wallet. But that doesn't mean that these entities don't have such wallets. To be compliant, Kraken needs to scan the entire list of 12,000 SDNs and verify that none of them are being included in Kraken blocks. Again, it doesn't appear to be doing that.

Complying with OFAC isn't just about crosschecking the SDN list. Remember, OFAC has also levied comprehensive sanctions on nations such as Iran, which prohibit any U.S. entity from dealing with Iranians-in-general. Because Kraken limits its block editing to the 150 or so Ethereum addresses mentioned by OFAC, it is almost certainly letting Iranian transactions into the blocks that it is proposing. Which is ironic, since the very infraction that Kraken was punished for last year was allowing Iranians to use its trading platform. Apparently Kraken has one Iran policy for its trading venue, and another policy for its block proposal service.

Coinbase's decision to ignore OFAC altogether now makes more sense. Perhaps it's better to not comply at all and thereby retain the ability to claim the non-applicability of sanctions law to validation, than to comply insufficiently but in the process tacitly admit that OFAC has jurisdiction over validation. As part of this strategy, Coinbase may try to fall back on arguments that validation isn't a financial service, but qualifies as the "transmission of informational materials," which is exempt from sanctions law.

Having started down the path to compliance, the only way for Kraken's validation business to be even close to fully compliant with sanctions law is to adopt the very same exhaustive process that its own crypto trading venue abides by. That means painstakingly collecting and verifying the IDs of all potential transactors, cross-checking them against OFAC's requirements, and henceforth only proposing blocks that are made up of transactions sourced from its internal list of approved addresses.  

By adopting this complete approach to verifying transactions, Kraken would now be closer to compliance. As for OFAC, it would be relieved of its awkward situation.

There is no easy policy decision for OFAC

However, this approach has its drawbacks. A requirement that IDs be verified for the purposes of block inclusion would be expensive for Kraken to implement. I suspect that the company would react by ceasing to offer validation services. Even if Kraken and Coinbase were to roll out an OFAC-compliant know-your-customer (KYC) process for assembling blocks, most Ethereum transactions would probably flow to no-hassle offshore validators, which don't check ID because they are under no obligation to comply with OFAC.

So in the end, the very transactions that OFAC wants to discourage would end up happening anyway.

Compounding matters, by pushing validation away from U.S. soil, the U.S. national security apparatus would have destroyed a nascent "U.S. Ethereum nexus," one they might have otherwise levered as a tool for projecting U.S. power extraterritorially. If you're curious what this entails, consider how the New York correspondent banking nexus is currently harnessed by the state to exert U.S. policy overseas. A San Francisco-based Ethereum nexus would be the crypto-version of that. But not if it gets chased away.

To prevent validation from being performed everywhere but the U.S., the government could twin a requirement that domestic block validators implement KYC with a second requirement that all U.S. individuals and companies submit all Ethereum transactions to sanctions-compliant validators. This would pull U.S. Ethereum transactions back onto U.S. soil and into the laps of Coinbase and Kraken.

But this is a complicated chess game to play, and you can see why OFAC has been hesitating.  

On the other hand, OFAC can't prevaricate forever. Sure, crypto is still small. But OFAC is an agency with a democratic mandate to administer law, and law is clearly being broken. It cannot "not govern." To boot, sanctions are a matter of national security, which adds to the urgency of the issue.

One option would be for OFAC to offer an explicit sanctions law exception to U.S. blockchain validators in the form of a special license. But that invokes questions of technological neutrality and equal treatment before the law. Why should Coinbase and Kraken be allowed to maintain financial networks that admit sanctioned actors whereas other network operators, like Visa or American Express, do not enjoy this same exemption?

This isn't just about fairness. By providing a blockchain carve-out, OFAC may unintentionally spur the financial industry to switch over to blockchain-based validation, because that has become the least-regulated and therefore cheapest technological solution for deploying various financial services. At that point, OFAC will find itself with far less to govern, because a big chunk of finance now lies in the zone that OFAC has carved-out.

I don't envy the mandarins at OFAC. They've got a tough decision to make. In the meantime, Coinbase continues to process Tornado Cash transactions every hour.

Why do sanctioned entities use Tether?

Tether, a stablecoin, has been in the news for offering sanctioned actors such as Hamas a means to participate in the global payments ecosystem.

In this post I want to explore in more depth how Tether is being used to dodge sanctions. I'm going to avoid drawing on the Hamas example, which has been controversial, and will instead dissect the U.S. Department of Justice's recent indictment of group of business people who brokered oil purchases from PDVSA, Venezuela's sanctioned state-owned oil company.

Let's get right into things. In this particular case, the buyers – who indirectly represented a sanctioned Russian aluminum company – seem to have used two methods for settling payments with Venezuela: bank wires and cash. (Tether makes an appearance in the second.)  

Before we get to Tether, we need to understand how the bank wires worked.

The Russian buyers operated through a network of shell companies, or fronts, set up in places like Dubai. "Because of [sanctions] we are using 'fronting'" the Russians admit. The Russians' Dubai-based shell companies had accounts at an Egyptian bank with a branch in Dubai. In a lovely line, one of the Russians, Orekhov, describes this bank as the "shittiest bank in the Emirates ... They have no issues, they pay to everything."

...the shittiest bank in the Emirates [link]

The more reputable Dubai banks probably didn't want to risk enabling the potentially sanctioned transactions of a Russian shell company, but here was a bank that had no qualms.

The Russian front companies couldn't wire U.S. dollars directly to the PDVSA; it was sanctioned. Instead, the payments were sent via the Egyptian bank to a number of foreign shell companies owned by the PDVSA, located in places like Australia, Hong Kong, and the UK. With the payments sent, the Russian's boats could be loaded with Venezuelan oil.

The second payment method was U.S. banknotes. In fact, the PDVSA seemed to have preferred cash. In the excerpt below, the Venezuelan contact, Serrano, says that the Russian middleman, Orekhov, lost out on a previous oil shipment because a competing buyer offered to pay 100% in U.S. banknotes. "The key is cash," says Serrano. Venezuela is mostly dollarized, and with the PDVSA cut off from U.S. banks, you can understand why U.S. paper money would be quite valuable to the PDVSA.

"The key is cash" [source]

In response, the Russians suggest two cash-based payments options. In the first, they will send a bank wire to a Panamanian bank, and the Panamanian bank will pay the PDVSA cash in Venezuela. "This is simply a service that they do," says Orekhov. The second option that he suggests is to bring paper money to Evrofinance in Moscow. Evrofinance is a bank that is controlled by the PDVSA and has been sanctioned by the U.S.

The indictment doesn't detail whether either of these two solutions was chosen, but instead focuses on a third cash-based solution, one that involves using Tether, or USDt, as a switch.

The indictment documents this transaction particularly well. It's November 2021 and the Russians' ship is about to berth in Venezuela for loading. The Venezuelan contact, Serrano, notifies the Russian, Orekhov, that he needs to get ready to pay for 500,000 barrels of PDVSA oil. Orekhov responds by sending $17 million worth of USDt to a broker in Venezuela, who converts the USDt to cash. "No worries, no stress," says the Russian to his Venezuelan contact. "USDT works quick like SMS."

"...quick like SMS" [link]

Once the broker receives the $17 million USDt, the cash is placed in a bank where PDVSA officials can collect it. Now the boat can be loaded.

So in this case Tether is being used as third-party rail for buying cash in Venezuela. It is serving as an alternative to a set of bank wires made through shell companies, a notably speedier one. "It's quicker than telegraphic transfer," says Orekhov. "That why everyone does it now. It's convenient, it's quick."

Going the Tether route also has the benefit of not requiring a single know-your-customer (KYC) check. Orekhov could have bought $17 million USDt, and sent it to the Venezuelan broker, and neither of the two would have had to show the owner of the platform, Tether, their ID or fill out any forms. It's like using the "shittiest bank in the Emirates," except with even fewer hassles.

Delving further into the indictment, we learn that another key benefit of Tether is that it provides a degree of protection from the legal hazards of a traditional bank wire transfer. If you scroll down to the part of the indictment where charges are being laid, particularly Count Two, it is the bank wires that are at the root of Orekhov and Serrano's legal woes, not the Tether transactions.

Among many other crimes, Orekhov and his Venezuelan counterpart, Serrano, are accused of sanctions evasion, more specifically conspiring to violate the International Emergency Economic Powers Act (IEEPA). The IEEPA is the bit of legislation that contains U.S. sanctions law.

What specific actions incriminated them? This is a good question, because on first glance the defendants seem to be beyond the pale of U.S. jurisdiction. Both men were foreign nationals operating outside of the U.S. They connected a non-US buyer to a non-US seller. The product is not made in the America. Without a U.S. nexus, it would appear that Serrano and Orekhov are safe from the long reach of U.S. law enforcement.

The ultimate hook that catches Orekhov and Serrano is that part of their dealings were deemed to have occurred on U.S. soil. They made wire transfers using the "shittiest bank in the Emirates," and those wire transfers were ultimately processed through correspondent banks based in the New York metropolitan area.

To understand how New York-based banks touched the transaction, you need to know a little bit about how wire transfers work. To be capable of making a U.S. dollar wire transfer, the "shittiest bank in the Emirates" needed to have an account with a large U.S.-based correspondent bank, like JP Morgan. Likewise, the bank that the PDVSA shell companies were using would have also had accounts at a U.S. correspondent bank in order to accept U.S. dollar wires. A correspondent bank is a bank that, in addition to conducting regular banking business, specializes in serving foreign financial institutions.

So long story short, when U.S dollar funds moved from the Egyptian bank to the PDVSA shell accounts, much of the underlying activity to support this fund transfer occurred back in the U.S. the on the books of a bank such as JP Morgan.

That's the Department of Justice's smoking gun. Serrano and Orekhov are accused of having "caused" a U.S.-based financial institution to process tens of millions in U.S. dollar-denominated payments in violation of the IEEPA.

The Tether transactions, by contrast, do not provide the Department of Justice with anything incriminating. USDt transfer occurs on the books of Tether (which is registered in the British Virgin Islands), completely bypassing the New York correspondent banking system. So when they paid with USDt, Serrano and Orekhov didn't "cause" a U.S-based actor to do anything wrong.

Put differently, if the Russians and Venezuelans had conducted all their transactions with Tether and cash, and avoided bank wires altogether, it would have been impossible for the U.S. to indict them for violating the IEEPA. Thus, not only is Tether "quick like SMS," it also provides a degree of safe harbour from sanctions law.

But not for long?

In a recent letter to Congress, the U.S. Treasury says that stablecoins such as Tether pose a sanctions risk, and requests legislation to close this loophole. The Treasury notes that while it already has jurisdiction over offshore wires transfers because they "transit intermediary U.S. financial institutions," or correspondent banks, it does not have the same authority over "equivalent-value stablecoin transactions, because certain stablecoin transactions involve no U.S. touchpoints." (That's the core of what we were talking about in the previous paragraphs.)

"...stablecoin transactions involve no U.S. touchpoints"

To remedy this, the Treasury wants Congress to update its sanctions toolbox to give it "extraterritorial jurisdiction" over U.S. dollar-pegged stablecoin transactions. In brackets, it also adds "other U.S dollar-denominated transactions" to its wish list. What this appears to be conveying, and I could be wrong, is that the Treasury wants the ability to leverage the U.S. dollar symbol, more specifically the dollar's role as the dominant unit-of-account, as a new nexus for controlling transactions made by foreigners. 

If such a law were to pass, folks like Serrano and Orekhov could now be indicted not only for the traditional crime of making offshore U.S. dollar wire transfers that "cause" New York banks to violate sanctions law, but also for paying with Tether, because the latter invokes the U.S. dollar trademark. 

Leveraging the unit-of-account role of the U.S. dollar to get authority over foreign transactions is a huge step to take, certainly much broader than relying on correspondent banking as authority. Doing so would extend U.S. sanctioning power to a much wider set of foreign economic activity, not just U.S. dollar stablecoin-based transactions, but also potentially to U.S. cash payments, since those too make use of the U.S. dollar accounting unit. Congress will have to think hard before it grants the Treasury's request.

Even crypto mixing deserves a threshold

Many of you may not realize this, but in most parts of the developed world, banks automatically record and report our transactions to law enforcement. The logic behind this is that by giving up our personal data, we get more security, albeit at the cost of 1) losing our privacy, and 2) adding an extra layer of costly red tape into financial life.

It's a pragmatic compromise, and one hopes that the benefits outweigh the costs. The way that we've been balancing this compromise up till now is by using thresholds, so as to reduce the cost side of the equation. Below a certain dollar threshold (i.e. $10,000 for cash), transactions don't get reported. The folks making these sub-threshold transactions thus enjoy the dignity of not having their privacy invaded, nor do they add to the financial sector's administrative burden. However, they also don't contribute to the effort to improve security and safety.

Anyways, last month, the U.S. government announced a new anti-money laundering reporting requirement, one for crypto mixing. In doing so it broke with a long tradition of not including a threshold. That got my hackles up. Thresholds have always been key to balancing the costs and benefits of automatic reporting requirements.

In short, the government thinks that mixing of cryptocurrency is of primary money laundering concern. Any U.S. financial institution that knows, suspects, or has reason to suspect that a customer's incoming or outgoing crypto transaction, in any amount, involves the use of a mixer will have to flag it and send a report to the government. That report must include information like the customer's name, date of birth, address, and tax ID. 

I submitted the following comment on the proposed rule for crypto mixing. If you agree, feel free to copy it and add your own comment to the growing pile. 

Dear sir/madam,

Re: Proposal of Special Measure Regarding Convertible Virtual Currency Mixing, as a Class of Transactions of Primary Money Laundering Concern

Historically, all U.S. anti-money laundering recordkeeping and reporting requirements have been accompanied by a monetary threshold. The current proposal to impose recordkeeping and reporting requirements for crypto mixing is the sole exception. This should be fixed.

When Treasury Secretary Henry Morgenthau published an executive order to implement the U.S.'s first large cash transaction reporting regime all the way back in 1945, for instance, he established a $1,000 reporting requirement for transactions in which only bills in denominations over $50 were present. He also set a $10,000 reporting threshold when small and large denomination bills were involved in the transaction.

Morgenthau's thresholds remained in place through the 1950s and 1960s. They were eventually ratified in 1972 with the implementation of a $10,000 cash reporting threshold for the purposes of implementing the Bank Secrecy Act.

When suspicious activity reports were introduced in 1996, the government's initial proposal did not include a reporting threshold. But after receiving public comments, the government admitted that its first version of the rule would impose a "burden of reporting." In its final version it introduced a $5,000 threshold for filing a suspicious activity report, which remains to this day.

In addition to reporting thresholds for cash transactions and suspicious activity, the government has set a number of thresholds for recordkeeping requirements. For instance, financial institutions are required to keep a log of all cash purchases of monetary instruments between $3,000 and $10,000.

The government's long history of twinning reporting and recordkeeping requirements with thresholds is a pragmatic compromise. It balances law enforcement's need for information against the administrative burden imposed on the private sector as well the invasion of privacy imposed on civil society. It only seems fair and prudent to extend this pragmatic compromise to cryptocurrency mixing recordkeeping and reporting requirements, especially in light of the fact that, as FinCEN admits, there are "legitimate purposes" for mixing.

I would suggest a threshold of at least $10,000, which is in-line with the cash transaction reporting threshold.

Sincerely,
JP Koning
Moneyness Blog

Are central banks too reliant on SWIFT for domestic payments?

Central bank settlement systems are the the tectonic plates of the payment system: they are vitally important to our lives, but we never see them in action. All of a nations' electronic payments are ultimately completed, or settled, on these systems. If they stop working, our financial lives go on pause, or at least regress to older forms of payment.

In this post I want to introduce readers to a crucial feature of these payments tectonic plates: their reliance for domestic settlement on SWIFTNet, a financial messaging network used by banks and other financial institutions to communicate payments information. Think of SWIFTNet as a WhatsApp for banks, but exclusive and very secure. 

This reliance – or over-reliance – is best exemplified by a recent decision by the European Central Bank. The Target2 settlement system has long been the bedrock layer of the European payments universe. All domestic payment ultimately get tied-off on the system. Since it was introduced in 2007, Target2 has been solely reliant on SWIFTNet for sending and receiving messages. 

When the European Central Bank replaced Target2 with T2 earlier this year, it modified the system to have two access points: it kept SWIFTNet but added a competing messaging network, SIAnet, to the mix. As one commentator triumphantly put it, "SWIFT’s monopoly for access to the T2/T2S system is broken."

SWIFTNet is owned by the Society for Worldwide Interbank Financial Telecommunication, or SWIFT, which is structured as a cooperative society under Belgian law and is owned and governed by its 11,000 or so member financial institutions. Whenever SWIFT gets mentioned in conversations, it tends to be associated with cross-border wire payments, for which its messaging network is dominant. However, for many jurisdictions, including Europe, SWIFT is also integral to making domestic payments. It's this little-known local reliance that I'm going to explore in this post.

The dilemma faced by central banks such as the European Central Bank is that SWIFTNet is an incredibly useful messaging network. It is ubiquitous: most banks already use it for cross-border payments. And so the path of least resistance for many central banks is to outsource a nation's domestic messaging requirements to SWIFT, too. However, this reliance exposes national infrastructure to SWIFTNet-related risks like foreign control, sanctions, snooping, and system outages.

Financial messaging 101

Before going further, we need to understand why financial messaging is important. For a single electronic payment to be completed, a set of databases owned by a number of financial institutions, usually banks, must engage in an intricate dance of credits and debits. To coordinate this dance, these banks need to communicate, and that's where a messaging network is crucial.

Say, for example, that Google needs to pay Apple $10 million. Google tells its banker at Wells Fargo to make the payment. Wells Fargo first updates its own database by debiting Google's balance by $10 million. The payment now has to hop over to Google Apple, which banks at Chase. For that to happen the payment flow must progress to the core of the U.S's payments system, the database owned by the Federal Reserve, the U.S.'s central bank.

Along with most other U.S. banks, Wells Fargo has an account at the Federal Reserve. It communicates to the central bank that it wants its balance to be debited by $10 million and the account of Chase to be credited by that amount. Once Chase's account at the Federal Reserve is updated, Chase gets a notification that it can finally credit Apple for $10 million. At that point Apple can finally spend the $10 million.

This entire process takes just a second or two. For this "dance of databases" to execute properly, the Federal Reserve, Chase, and Wells Fargo need to be connected to a communications network.

The sort of messaging network to which the central bank is connected, and the stewardship of that network, is thus crucial to the entire functioning of the economy.

Proprietary messaging networks or SWIFTNet? 

The Federal Reserve is somewhat unique among central banks in that it has built its own proprietary messaging network for banks. All of the 9,000 or so financial institutions that use the Federal Reserve settlement system, Fedwire, must connect to the Fed's proprietary messaging network to make Fedwire payments. To make international payments, however, U.S. banks must still communicate via SWIFTNet.  

Let's flesh the story out by trekking north of the border. Whereas the Federal Reserve has no reliance on SWIFTNet, Canada's core piece of domestic settlement infrastructure, Lynx, relies entirely on SWIFTNet for messaging.

For example, if Toronto Dominion Bank needs to make a $10 million to Scotiabank, it enters this order into SWIFTNet, upon which SWIFT forwards the message to Lynx, which updates each banks' accounts by $10 million and sends a confirmation back to SWIFTNet, which tells Scotiabank that the payment has settled.

For payments nerds, this network setup is called a Y-copy topology. The network looks like a "Y" because the originating bank message is relayed from the sending bank via SWIFTNet, the pivot at the center of the Y, down to the settlement system, and then back up via SWIFTNet to the recipient bank. It is illustrated below in the context of the UK's payment system, with the CHAPS settlement system instead of Lynx, but the idea is the same.

A Y-copy network topology for settling central bank payments in the UK [source]

The upshot is that the Federal Reserve controls the messaging apparatus on which its domestic settlement depends, whereas Canada outsources this to a cooperative on the other side of the ocean.

Many of the world's small and middle-sized central banks have adopted the same Y-copy approach as Canada. This list includes Australia, Singapore, New Zealand, Nigeria, UK, Sweden and South Africa. However, some members of this group are starting to have second thoughts about fusing themselves so completely to SWIFT.

Removing the single point of failure

The European Central Bank is at the vanguard of this group. Prior to 2023, the European Central Bank was in the same bucket as Canada, relying entirely on SWIFTNet to settle domestic transactions. 

With its upgraded T2 system, Europe doesn't go quite as far the Fed's model, which is to build its own bespoke messaging network. Rather, European banks now have the option of either sending messages to T2 using SWIFTNet, or they can use SIAnet, a competing network owned by Nexi, a publicly-traded corporation. SIAnet stands for Societa Interbancaria per l'Automazione, a network that originally connected Italian banks but has now gone pan-European.

The reason for this design switch is that European Central Bank desires "network-agnostic connectivity." This dual access model will make things more complex for the European Central Bank. If a commercial bank originates a SIAnet message, the central bank will have to translate this over to a SWIFT message if the recipient bank uses SWIFTNet. Nevertheless, the European Central Bank believes this dual structure will offer more choice to domestic banks.

The ECB also hints at the enhanced "information security" that this new setup will provide, without providing much detail. The UK's recent efforts to update its core settlement layer sheds some extra insights into what these security improvements might be. Right now, the UK's core settlement system, CHAPS, can only be accessed by SWIFTNet, much like in Canada, so that all domestic UK payments are SWIFT-reliant.

In its roadmap for updating CHAPS, the Bank of England is proposing to allow banks to access the system via either SWIFTNet or a second network, which doesn't yet exist. The idea is to enable "resilient connectivity" to the core settlement layer, especially in periods of "operational or market disruption." Should SWIFTNet go down there would be no way for financial institutions to communicate with CHAPS, and the entire domestic economy would grind to a halt. A second network removes the "single point of failure" by allowing banks to re-route messages to CHAPS.

The Bank of England also highlights the benefits of competition, which would reduce the costs of connectivity.

This sounds great, but there are tradeoffs. Using a a single network for both domestic and international payments is valuable to the private sector because it offers standardization and efficiencies in banks' processing. Adding a second option will also complicate things for the Bank of England, since it will have to design and build a system from scratch, much like the Fed did, which could be costly. Either that or it will have to find another private option, like the ECB did with SIAnet. This second network may not be as good as SWIFTNet which, despite worries about resiliency, has been incredibly successful.

When CHAPS went down earlier this year for a few hours, for instance, it wasn't SWIFT's fault, but the Bank of England's fault. The same goes for a full day outage in 2014. 

Comparing a V-shaped network topology to Y-Copy in an Australian context [source]

The type of settlement topology that the UK is proposing is known as "V-shaped," since all messages are sent directly to the central bank settlement system for processing via any of a number of messaging networks, and then back to the recipient bank. The difference between a V-shaped topology and Y-copy is visualized in the chart above in an Australian context, but the principles apply just as well to the UK.

Sanctions and "the SWIFT affair"

The decision to make domestic payments less dependent on SWIFTNet is much more easy to make for outlier nations like Russia. SWIFT is based in Belgium and is overseen by the Belgian central bank, along with the G-10 central banks: Banca d’Italia, Bank of Canada, Bank of England, Bank of Japan, Banque de France, De Nederlandsche Bank, Deutsche Bundesbank, European Central Bank, Sveriges Riksbank, Swiss National Bank, and the Federal Reserve. That put SWIFT governance far out of Russian control.

You can see why this could be a problem for Russia. Imagine that only way to settle domestic Russian payments was by communicating through SWIFTNet. If Russia was subsequently cut off from that network for violating international law, that would mean that all Russian domestic payments would suddenly cease to work. It would be a disaster.

Needless to say, the Central Bank of Russia has ensured that it doesn't depend on SWIFTNet for communications. It has its own domestic messaging network known as Sistema peredachi finansovykh soobscheniy, or System for Transfer of Financial Messages (SPFS), which was built in 2014 after the invasion of Crimea. Prior to then, it appears that "almost all" domestic Russian transactions passed through SWIFTNet – a dangerous proposition for a country about to face sanctions.

Mind you, while Russia has protected its domestic payments from SWIFTNet-related risk, it can't do the same for its international payments. SWIFTNet remains the dominant network for making a cross border wire. There is no network the Russians can create that will get around this.

I'm pretty sure that most larger developing states and/or rogue nations have long-since built independent domestic financial messaging systems to avoid SWIFTNet risk. I believe China has done so. Brazil has the National Financial System Network, or Rede do sistema financeiro nacional (RSFN). India also has its own system, the Structured Financial Messaging System (SFMS), built in 2001. India is even trying to export SFMS as a SWIFT competitor.

The Japanese were typically way ahead on this. The Bank of Japan built its messaging network, the Zengin Data Telecommunication System, back in 1973, several years before SWIFT was founded.

The last SWIFTNet risk is snooping risk. This gets us into the so-called SWIFT affair. After 9/11, the U.S. intelligence agencies were able to pry open SWIFT through secret broad administrative subpoenas. They had the jurisdiction to do so because one of SWIFT's two main data centres was located in the U.S.

To ensure data integrity, SWIFT had been mirroring European data held in its data centre in Belgium at its U.S. site. That effectively gave U.S. intelligence access to not only SWIFT's U.S. payments information, but  also information on foreign payments sourced from Europe or directed to Europe. Worse, it also provided spooks with data on domestic European payments. Recall that the European Central Bank's Target2 settlement system, which settles all digital domestic payments in Europe, was entirely reliant on SWIFTNet for communications.

When the U.S.'s snooping arrangement was made public by the New York Times in 2006, it caused a huge controversy in Europe. SWIFT tried to placate Europe by building a third data warehouse in Switzerland to house Europe's back-up data. But the precedent was set: SWIFT is not 100% trustworthy. And that may be part of the reason why the European Central Bank chose to downgrade its reliance on SWIFTNet when it introduced its new system, and is surely why other nations want to entirely hive their domestic systems off from it.

---

In sum, central banks face a host of complicated decisions in how to bolt on messaging capabilities to their key settlement systems. SWIFTNet is a top notch network. However, too much SWIFT-related risk may be perceived as having negative implications for national security. For large nations with extensive banking industries, building a proprietary domestic messaging alternative seems to be the preferred option. It also seems to be the default choice for rogue states like Russia.

Another alternative is to fallback on using multiple independent networks for access, of which one is SWIFTNet, and thus mitigating exposure to SWIFT-related problems. This is the approach taken by Europe and the UK.

For smaller nations that comply with the global consensus, like Canada, the calculus is different. Building an alternative communications network is likely to be costly. The risk of sanctions and censorship are negligible while the benefits of using a high-quality ubiquitous network for both domestic and foreign payments messaging are significant. Given these factors, it may be worthwhile to bear all SWIFT-related risks and adopt the Y-copy model.