Tuesday, September 14, 2021

A decentralized version of MIT's Billion Prices Project

Balaji Srinivasan, an angel investor, wants to kick start an updated version of MIT's Billion Prices Project. He will invest $100,000 in the project that best envisions how to create a publicly-available decentralized inflation dashboard, one that relies on scraped data from retailer websites.

Many years ago I was a big fan of the MIT's Billion Prices Project, so I perked up when I read about Srinivasan's contest. Created by economists Roberto Rigobon & Alberto Cavallo, the Billion Prices Project collected, or scraped, data from retailers' websites and used it to generate an alternative version of various government-tabled consumer price indexes. (I wrote about the Project here.) Members of the public could get access to Billion Prices U.S. data, albeit with a small delay.

This was incredibly useful! Because government consumer price indexes are published monthly, but websites can be scraped 24/7, the Billion Prices Project was far more responsive to price changes than government consumer price indexes are. It gave you insights into tomorrow's CPI announcement, today.

The Billion Prices Project also garnered attention because it revealed how Argentinean authorities had distorted official statistics to make inflation appear more muted than it really was. Conversely, the Billion Prices Project regularly confirmed the accuracy of U.S. Bureau of Labor Statistics' consumer price indexes, making it a useful tool for whacking gold bugs and inflation truthers over the head.  

While I like Srinivasan's general idea of bringing real-time scraped inflation data to the masses, I see three big problems.

The first problem is over-reliance on scraped data. Scraping is fast and cheap, but only a portion of the global economy's prices are scrape-able. Amazon and Walmart may sell almost every type of physical good under the sun here in Canada and the U.S., but they don't sell services. So while it's easy to find scraped prices of laptop computers, forget about prices for haircuts, rent, or healthcare.

That leaves a pretty big hole. Government statistical agencies such as the Bureau of Labor Statistics (BLS) or Statistics Canada are able to capture services prices because they send out human inspectors to check the prices of things like haircuts and back-rubs. Lacking price data on these items, Srinivasan's inflation dashboard will never be as accurate as the dashboards published by Statistics Canada or the BLS.

Consider too that goods in many developing and undeveloped countries are not available online. Amazon, for instance, isn't going to provide any clues into what is going on with vegetable prices in Afghanistan, or shoe prices in Yemen. Srinivasan says that he wants an "internationally useful" dashboard, but he's certainly not going to get one by relying on scraping alone. He's going to get a rich folks' dashboard.

Which leads into the second problem: the business model won't work. Compiling inflation indexes is costly, but Srinivasan wants his decentralized inflation dashboard to be made public, and presumably free. That's just not possible.

Rigobon & Cavallo's own Billion Prices Project is a good example of this dilemma.

Mere grants weren't enough to fund the Billion Prices Project. Yes, scraping may be cheaper than using physical data collectors, but it's still expensive to compile price indexes. Bills had to be paid. And so the whole Billion Price Project sold out. It was folded into a company called PriceStats and sold as a proprietary product to rich investors and central banks.

At first PriceStats continued to offer some free public dashboards. But this was never going to last. Rigobon & Cavallo's data had commercial value because it was quicker than government data, and could be used by traders to beat the market. Making even a portion of that data available to the public destroyed its commercial value. And so over time the public-facing parts were all discontinued. The Billion Prices Project, at least the public service side of it, is effectively dead. 

How data from PriceStats/The Billion Prices Project overlapped with US consumer price indexes [source]

Srinivasan's proposal faces the same tradeoffs as the Billion Prices Project. Price data is expensive to collect, compile, store, and process. Government agencies like the BLS are funded by taxes, not profits, and so they can give it away for free. We all benefit from this public service. But the calculus is different for private companies. To fund data collection, they must implement some sort of pay-wall. Srinivasan wants to make a public inflation dashboard, much like the BLS does. But he can't. He's not a government. 

(And no, an inflation dashboard won't be able to rely on advertising revenues, say like how Coinmarketcap does. Frenetic gamblers are addicted to checking coin prices. Inflation data doesn't attract eyeballs).

The last problem with Srinivasan's project is the basket problem. The introductory page that describes the project focuses on how to scrape for data. But this omits one of the biggest challenges to compiling any consumer price index: determining what the consumer price basket actually is. That is, what exactly is the "basket" of goods and services that the average consumer consumes each month?  

Government statistics agencies such as the Bureau of Labor Statistics solve this problem by conducting national surveys. For instance, the BLS's baskets are based on interviews with 24,000 Americans each quarter about their spending habits. The BLS gets even more precise data by having 12,000 of those participants keep a detailed diary that lists all expenses for a week.

But that's an incredibly resource-intensive process.

To avoid having to run costly surveys in order to build a representative consumption basket, the Billion Prices Project had a simple solution: it borrowed the BLS's baskets. But Srinivasan's project has declared this solution to be out of bounds. The project's website describes inflation as a "government-caused problem," and so the project can't rely on "government statistics."

Which means that Srinivasan's project will have to build its own representative price basket using its own surveys. Unless it can bring the same amount of financial resources to bear as the BLS, I don't see how it can pull this off.

Alternatively, the project will have to use the BLS's "untrustworthy" data. But that means contradicting its stated philosophy.

To sum up, Srinivasan envisions his decentralized inflation dashboard as being a superior alternative to untrustworthy government dashboards. But government consumer price indexes are far better than he is making them out to be, given the huge amount of money, time, and expertise committed to statistics agencies. (Yes, there are exceptions like Argentina). If any inflation dashboard is likely to be untrustworthy, I fear it will be Srinivasan's built-on-the-cheap dashboard.

(By the way, you'll notice I didn't discuss the decentralized aspect of the inflation dashboard. The project has enough challenges already, before even getting to the decentralized bit.)

All that being said, I'm in the same camp as Srinivasan. Scraped inflation data is neat and useful, and I think the public should be getting access to it. But my preferred solution is different than the one put forth by Srinivasan. Hey, BLS and Statistics Canada! When are you ever going to unveil some sort of free real-time consumer price index that relies on scraped data?


Srinivasan responds. Joe Weisenthal blogs.

Tuesday, August 31, 2021

The afghani could split into two (and other possibilities for Afghanistan's currency)

The new Governor of the DAB, Abdul Qahir Idrees, is introduced to staff.  [Source][Source]

Last week I made the case that the Afghanistan's currency, the Afghan afghani, might hyperinflate. In this post I'm going to take a different tack. In a chaotic economy, the afghani—or at least some version of the afghani—may be one of the country's more reliable elements. I'm going to look to several exotic currency scenarios including that of the 1990s Iraqi dinar, which split into an unstable Saddam dinar and a stable Swiss dinar, as a possible template for what might happen in Afghanistan.

My blog post from last week was about the assets owned by Da Afghanistan Bank (DAB), Afghanistan's central bank. The Taliban, which just took over control of the country, discovered to its chagrin that most of the DAB's US$9.5 billion in assets are held overseas and controlled by the U.S. and institutions like the IMF. And now those assets have been frozen.

Here is the former central banker, Ajmal Ahmady:

With a wedge being driven between the afghani banknotes that are circulating in Afghanistan and the New York-domiciled assets backing those notes, I went on to suggest in my post that the notes—now rudderless—could only fall in value.

What follows is my counter-argument, to myself.

Yes, the Taliban-controlled DAB has been cut off from its New York assets. But Taliban officials are about to learn (if they haven't already) that they have also been severed from the global banknote printing market. This means that the Taliban-controlled DAB can't issue any new banknotes. Cash is the dominant form of money in Afghanistan. With the supply of afghanis now fixed, and the demand for them rising over time along with population growth, Econ 101 tells us that the afghani's purchasing power should strengthen, or at least not fall by very much.

Like many other smaller countries, Afghanistan doesn't print its own notes. The DAB signed a contract in 2020 with the Polish Security Printing Works, Poland's state-owned money printer, to provide it with new cash. The first batch of new Polish-made afghani notes arrived earlier this year, with more due to arrive through 2022. 

The Taliban's takeover makes it unlikely that subsequent batches will be delivered, at least not without U.S. approval. Thus the stock of afghani banknotes is locked with no timetable for unlocking it.

Nor can the Taliban-controlled DAB print up its own series of afghani banknotes. Banknote printing is a complex affair due to anti-counterfeiting features, exotic substrates on which notes are printed, and designer security inks. I doubt the Taliban can acquire high quality presses, materials, or the requisite expertise to operate them.

Might a rogue foreign printer produce notes for the Taliban?

This is where things get interesting. We can look to other countries like Yemen, Libya or Iraq for ideas about what might happen if this happens (more on these countries at bottom).

Say that a shortage of notes pushes the Taliban to try and secure new ones. The Taliban-controlled DAB might contact an ally such as Pakistan to get some new notes printed up in secret. The rogue Pakistani printer will probably do a better printing job than the Taliban would on its own, but it still won't be able to make perfect replicas of the Polish series (or prior series). And the Taliban may not want replicas anyways. It may ask for an entirely new note design to commemorate its coming to power. Once the Taliban has received the Pakistani-printed notes, it will proceed to put these not-quite-replicas into circulation.

Now the ball is in the U.S.'s court.

If the U.S. decides to publicly disapprove of the rogue notes, then people in Afghanistan will refuse to treat old notes and new notes as being fungible, or equal to each other. The old approved notes will be seen as being tied to the billions of assets held in rich New York, the new unapproved being linked to a destitute Taliban. So the unapproved notes will trade at a discount to approved notes. At that point Afghanistan will have two afghanis: a strong Yankee one and a bad Taliban one. (This would be a situation similar to the bad Saddam dinars circulating in 1990s Iraq. More on that later.)

The Taliban may react by trying to restore fungibility. Afghan citizens would be required to treat the two unequal banknotes as equals. That is, local stores and banks would be forced to accept both the new and old notes at par on pain of execution.

But these measures would only partly work. People would adapt by limiting all their official compliant purchases to be made using the weaker unapproved banknotes. They would hoard the good approved ones, perhaps for use on the black market (where they will fetch their true value) or for export to regions of Afghanistan that are not controlled by the Taliban, and where the Taliban's one-for-one afghani rule has no effect. (Much like how stable Swiss dinars circulated in Kurdish-controlled Northern Iraq).

So a strategy of rogue printing could very well mean the emergence of a strong and a weak afghan. (Some of you will recognize this as Gresham's law in operation). That sounds like sci-fi, but as I've been hinting at throughout this post, this sort of strange currency divorce isn't all that new. I wrote about Iraq's experience here

The short version is that prior to the 1991 Gulf War, Iraqi dinar notes had been printed by a private printer, De La Rue. De La Rue's printing plates were manufactured in Switzerland. Cut off from De La Rue after the war, Iraq's leader Saddam Hussein had a new series printed up locally. These were known as the Saddam dinar and circulated at a discount to the Swiss dinar.

Iraq isn't the only example of currency separation. I've written about Libya's near split in 2016. More recently, I described the Yemeni rial breaking into two.

The possibility of a dramatic rupture of the afghani might be enough to get the Taliban to swear off the rogue printing option altogether. It may seek to work with the U.S. (i.e. submit to certain U.S. demands) in order to get access to both its Polish-printed notes and New York assets.

As for the U.S., it may agree to work with the Taliban-run DAB for humanitarian reasons, subject to certain conditions (i.e. limits on how banknotes can be issued). This compromise between enemies might lead to a surprising amount of stability for the Afghan afghani.

I've now written two blog posts about the Afghan afghani, both of them describing wildly different scenarios. What's evident is that the situation is a volatile one. It could proceed along any of vast number of arcs.

Tuesday, August 17, 2021

What happens to the Afghanistan central bank's assets?


The Afghanistan story is a tragic one and I don't have much to add to it apart from my ability to read central bank financial statements and balance sheets. Here's a quick analysis of the balance sheet of Afghanistan's central bank, da Afghanistan Bank. And following that, I'll provide some thoughts on what this means for Afghanistan. As always, feel free to add your opinions and data in the comments section.

Da Afghanistan Bank issues the Afghan afghani, the currency symbol of which is the Af. 

At year-end 2020 the central bank had 781 billion Afs worth of assets, which comes out to around US$9.5 billion at the current exchange rate of US$1-to-86 Afs. That's a lot of resources. No doubt the incoming Taliban regime is keen to access this $9.5 billion. But it will be tough for the Taliban to do so.

Here is what the assets section of the central bank's audited balance sheet looks like, in Afs:

Source: DAB

(Note: For the rest of this article, I will assume that da Afghanistan Bank's 2020 year-end numbers are similar to those prevailing as it is taken over by the Taliban.)

In what follows I'm going to analyze the four biggest components of da Afghanistan Bank's balance sheet: gold reserves, foreign currency cash reserves, due from banks, and investments.

1. To repeat, da Afghanistan Bank lays claim to 781 billion Afs worth of assets. Of this amount it reports holding 703,000 troy ounces of gold, worth 101.77 billion Afs, or 13% of da Afghanistan Bank's assets. At the current gold price, this comes out to a whopping USD$1.25 billion.

But a quick peek at the notes to the financial statements reveals that da Afghanistan Bank's gold is held on the other side of the world, at the Federal Reserve Bank of New York. With the Taliban taking over the central bank, my guess is that this gold will be frozen by the U.S. government. That is, the incoming Taliban regime won't be able to access a single ounce of the yellow metal.

2. The next big line item on da Afghanistan Bank's balance sheet is foreign currency cash reserves. A glance at the notes to the central bank's financial statements reveals that this refers to actual physical banknotes. This stock of currency seem to be held at the Presidential palace and the central bank's head office as well as its branch offices. Most of it U.S. dollars:

Source: DAB

The central bank presumably holds a big stock of U.S. banknotes because it also offers U.S. dollar accounts to locals, and account holders surely want to withdraw money in physical form to make payments. Afghanistan is mostly a cash economy.

At year-end 2020, da Afghanistan Bank held 34 billion Afs of foreign physical cash, or US$400 million. That's not as big as the gold line item, but it still accounts for another 4% of da Afghanistan Bank assets.

My guess is that this US$400 million in cash was quickly whisked away by the outgoing regime on one of the many planes departing Afghanistan, probably for eventual deposit at the Federal Reserve Bank of New York. So that's another big chunk of central bank assets wrested away from Taliban control.

3. Having dealt with gold and physical cash, the next line item is Due from banks and financial institutions. This amounts to 254.7 billion Afs (US$3.2 billion), or 33% of da Afghanistan Bank's assets. Looking through the notes to financial statements, much of this is comprised of various types of deposit accounts held at foreign banks:

Source: DAB

It is likely that these bank deposits are protected from the incoming Taliban regime, depending on the jurisdiction of the bank. If deposits are held in U.S. banks, I suspect they will have already been frozen. But if they are socked away in a place like Switzerland, perhaps the Taliban will be able to use them? I don't know enough about international politics to be sure. If the U.S. quickly institutes some sort of sanctions regime against da Afghanistan Bank, then even neutral foreign jurisdictions will have to lock down the assets of a Taliban-led central bank.

4. The fourth and last line item is investments, best described as a portfolio of U.S. government securities. These investments comprise the biggest chunk of da Afghanistan Bank's assets, summing up to 369 billion Afs (US$4.2 billion), or 47% of the total.

One more glance at the notes to the financial statements tells us that da Afghanistan Bank's investment portfolio is mostly managed by the Federal Reserve Bank of New York and the World Bank's International Bank for Reconstruction and Development (IBRD). A small chunk is run by the Bank for International Settlements. 

Source: DAB


If the chunk held at the Federal Reserve isn't already frozen, I suspect that it will quickly be rendered unusable. I don't know enough about the politics of the World Bank or the BIS to pass comment, but I'd bet that these institutions will also prevent the Taliban from getting access to the funds.

So let's do the math. Gold + foreign cash + due from banks + investments sums up to 760 billion Afs, or 97% of da Afghanistan Bank's assets. That's US$8.8 billion worth of funds. So effectively all of the central bank's assets is either already frozen or capable of being frozen.  

One thing I worry about is that a Taliban-led Afghanistan will quickly experience hyperinflation.

Here's the logic. Da Afghanistan Bank has issued around 293 billion Afs worth of Afghani-denominated coins and banknotes into circulation, for use by regular Afghans for payments. (That's around US$3.5 billion worth of cash). Banks and other customers hold another 106 billion Afs worth of electronic Afghani accounts at the central bank.

Up till now the Afghani notes and electronic deposits that the central bank has issued have been stabilized by its underlying investments, including the gold and dollars held at the New York Fed. Treasury securities yield income. So do bank deposits. Along with gold, these assets can also be used to repurchase issued Afghani currency, thus supporting the Afghani's value. 

But U.S. officials are justifiably worried about what other things the Taliban might do with those assets. What if the Taliban wants to sell $50 million of the central bank's stock of Treasury bills or gold ounces to buy more weapons? A blanket ban on accessing all of da Afghanistan Bank's funds will prevent the Taliban from using those assets to finance itself.

But with these assets being frozen, they can no longer be effectively put to work as stabilizers. And so the Afghani can only fall. In theory I suppose that the Taliban could find replacement backing, but in practice I doubt it has the resources to do so.

As far as developing nation currencies go, the Afghani has been fairly stable against the dollar for the last decade. Inflation has remained low. Freezing da Afghanistan Bank's assets hurts the Taliban, but it also means ensuring that a painful hyperinflation falls on regular Afghani people. This will be an abrupt departure from what Afghans have become used to, and a lot to bear on top of what they are already enduring.

Friday, August 6, 2021

Stablecoin regulatory strategies

Critics of stablecoins often describe them as unregulated. But that's not accurate.

Over the last few months I've been familiarizing myself with the various financial regulatory strategies stablecoin issuers have been adopting. I thought I'd share my findings in a blog post. Perhaps journalists, investors, and others will find this information useful. (For those not interested in stablecoins, I apologize. This will mostly be gobbledygook to you.) I'll most definitely make a few mistakes in this post, so readers: do not hesitate to provide feedback in the comments section.

I tweeted out the short version of this post last month:

As you can see I've isolated four regulatory strategies that the major U.S. dollar stablecoin issuers have adopted. In this post I'll provide some details on each strategy.

My guess is that when people criticize stablecoins for being unregulated, they have the fourth strategy in mind: stay offshore. But they are ignoring or unaware of the other three.

A few caveats before starting. I'm only going to deal with U.S. dollar stablecoins in this post. Which means I'm ruling out euro-based stablecoins that operate within the EU's e-money regulatory framework. But there aren't really any big non-U.S. dollar stablecoins, so focusing on U.S. stablecoins covers most of the market.

Second, I won't be talking about Dai, Terra USD, Frax or any of the more exotic decentralized stablecoins. I'm sticking to centralized stablecoins: Tether, USD Coin, Gemini Dollar, HUSD, Binance USD, Paxos Standard, and TrueUSD. By centralized, I mean that the stablecoin's backing assets are compromised of traditional assets like Treasury bills, commercial paper, or deposit accounts held at a bank. Redemption or creation of new stablecoin tokens occurs via underlying bank infrastructure.

Lastly, this post doesn't address so-called "FinCEN regulation." Stablecoins will sometimes market themselves as being regulated by the Financial Crimes Enforcement Network, a department of the US Treasury that oversees America's anti-money laundering regulations. In the tweet below, a Tether executive makes this claim:

However, this is mis-marketing. When stablecoins interface with FinCEN, they are best described as being registered with FinCEN, not regulated by FinCEN.

Further more, FinCEN registration doesn't qualify as operating under a financial regulatory framework. A financial regulatory framework sets out the rules an issuer has to follow in order to ensure that the product is safe for consumers. It is at this level that fraudsters are caught and poorly designed stablecoins pre-empted. A financial regulatory framework may also address issues like overall stability of the financial system. For its part, FinCEN has nothing to do with financial regulation. It is a money laundering watch dog.

So let's start.  

1. The New York DFS model


The first stablecoin regulatory model is the New York Department of Financial Services (NYDFS) model. The NYDFS regulates money transmitters, trust companies, and banks that do business in the state of New York.

The NYDFS has created an explicit framework for regulating stablecoin issuers. Two issuers currently conform to this model, Paxos Trust and Gemini Trust. Paxos issues its own Paxos Standard stablecoin. It also manages Binance USD (BUSD) on behalf of Binance, a large offshore cryptocurrency exchange. For its part, Gemini Trust issues the Gemini Dollar stablecoin.

Under the NYDFS model, a would-be stablecoin issuer first secures a limited-purpose trust company charter from the NYDFS. This means that it must comply with the NYDFS rules concerning trusts and submit to ongoing oversight.

Once chartered as a trust, the institution can then seek additional NYDFS approval to issue a "price-stable cryptocurrency – commonly known as 'stablecoin'– pegged to the U. S. dollar." The NYDFS says that its approvals for individual stablecoins are based on "stringent requirements for these products," and follow a "comprehensive and rigourous review." Post approval, the stablecoins are subject to continuing "examination and inspection" by DFS examiners.

2. The Nevada Trust model  

The second regulatory framework I have encountered is the Nevada trust model. There are two stablecoins that have chosen to use Nevada as their regulatory jurisdiction: HUSD and TrueUSD.

Let's deal with each stablecoin separately, because they use slightly different versions of the Nevada trust model.

Huobi Technology Holdings, the company that owns both the HUSD stablecoin and the Huobi cryptocurrency exchange, also owns a trust company, Huobi Trust Company. This trust company has been chartered by the Nevada Department of Business and Industry, or DBI. The Nevada DBI is Nevada's counterpart to New York's DFS.

The second stablecoin operating under the Nevada model is TrueUSD. TrueUSD has adopted a rent-a-charter, or multi-layered regulatory model. The TrueUSD stablecoin itself is owned by Techteryx, a Chinese company. But this isn't the layer at which the financial regulatory framework is applied; that occurs several steps removed.

Tecteryx has hired another company, TrustToken, to manage the stablecoin. TrustToken has in turn hired a third company, Prime Trust, a Nevada DBI chartered trust to manage the stablecoin's finances. Prime Trust acts as the regulated container for TrueUSD.

Prime Trust and Huobi Trust are regularly examined by the Nevada DBI to make sure that they are in compliance with Nevada's rules and regulations surrounding trusts.

What makes the Nevada model different from the New York model is that the NYDFS has explicitly acknowledged that New York trust companies can engage in stablecoin-related business. The NYDFS has a process in place to approve the stablecoins themselves, and provides continual inspections of these stablecoins.

The Nevada DBI has not explicitly acknowledged that trusts may (or may not) engage with stablecoin issuers. Unlike the NYDFS, the DBI has not explicitly familiarized itself with stablecoins, and has not set up additional procedures in place to regulate trusts that are engaged in stablecoin business.

For consumers and investors, it may be preferable to own stablecoins that have received explicit regulatory approval.

You'll notice that both the New York and Nevada models are based on trust companies. A trust company is what is known as a fiduciary. That is, it has a legal obligation to place customers' interests above the company's own interests.

The fiduciary nature of the relationship between stablecoin customer and stablecoin issuer is important. When Gemini Trust, Paxos Trust, Prime Trust, or Huobi Trust take in customer funds, their duty as fiduciaries prevents them (in theory) from investing this money in risky high-yielding investments. Were they to do so, they would be breaking their fiduciary duty to end users, the stablecoin owners, and could lose their charter.

The trust structure also protects customer funds in the case that the parent company, which owns the stablecoin, goes bankrupt. That is, if Binance or Tecteryx were to go bankrupt, BUSD or TrueUSD stablecoin owners needn't worry about fighting with other creditors for a piece of the company's resources. Their funds are protected at the trust company level.

3. The dozens of money transmitter licenses model

The only stablecoin that has adopted the dozens of money transmitter licenses regulatory model is the world's second largest stablecoin, USD Coin, issued by Circle. This is the same model that is used by well-known non-bank payments companies such as Square, PayPal, Skrill, Payoneer, Transferwise, Western Union, and Moneygram.

To operate under this model, an issuer gets a money transmitter license from each and every state that requires firms that engage in the business of money transmittal to be licensed. Montana is one of the states that lets money transmitters operate without a license. A few states such as Wyoming have exceptions for firms involved in crypto.

For its part, Circle has obtained 44 money transmittal licenses.

State licensing boards impose audit requirements on money transmitters and conduct examinations. Each state sets its own unique requirements, too. These include what sorts of investments money transmitters are permitted to make, capital requirements, and the size of the surety bond they are required to post. Some states are lenient, others are strict. (Dan Awrey has a good paper on the state-by-state requirements.) 

But in general, my understanding is that the requirements placed by states on money transmitters are not as demanding as those that they impose on trust companies and banks. So pound for pound, a dollar issued under the NYDFS or Nevada trust model will have more oversight than a dollar issued under the dozens of money transmitter licenses model.

That's not the only advantage of the trust model relative to the dozens of money transmitter licenses model.

Circle is not regulated as a trust company, and thus it doesn't have a fiduciary obligation to its customers. That is, the funds Circle receives to back its stablecoins can be invested in such a way that may be good for Circle's investors and not necessarily good for Circle's customers. By contrast, issuers operating under either the New York or Nevada trust models are fiduciaries and must prioritize the customer's financial interests. Presumably that means that trusts can't put stablecoin customers' money in unsegregated accounts or risky instruments – but Circle can.

In addition, if Circle were to go bankrupt it's not apparent whether USD Coin holders would have better rights to Circle's remaining resources than other unsecured creditors. At least with the trust company model, stablecoin customers are insulated from the bankruptcy of the parent.

So from a customer's perspective, you are probably better off owning a stablecoin operating under either the NYDFS or Nevada model, rather than the dozens of money transmitter licenses model. Not only do the NYDFS or Nevada model have more oversight (because trusts generally face more oversight than money transmitters), but they are legally obligated as fiduciaries to keep the interests of their customers first and foremost. And the trust model probably provides better protection in the event of bankruptcy.

There is another difference between the NYDFS model and the dozens of money transmitter licenses model. Money transmitter licenses are generic. That is, they are a regulatory umbrella for a variety of very different businesses models, including remittance companies like Western Union, wallets like PayPal or Skrill, and finally stablecoins like USD Coin.

Compare this to the NYDFS model, which explicitly recognizes stablecoins and has created a specific process for authorizing and examining these products. (Nevada has not. The Nevada model is also a generic one). If I owned a bunch of stablecoins, I'd probably prefer if the regulator of these products had acknowledged them.

One last difference worth noting is that USD Coin must get 44 money transmitter licenses to operate across the U.S., but stablecoins operating under the Nevada and New York trust models seem to only need that one charter. Why is that?

A state chartered trust is typically exempt from having to get a money transmitters license in its home state. Depending on the circumstances, they may also be able to do business in other states without having to be independently chartered or licensed as a trust and/or money transmitter in those states. This seems to depend on whether the trust's home state has negotiated a reciprocity agreement with other states. Alas, I don't have a list of these agreements.

In any case, because trust company charters have a degree of portability, a single trust company charter seems capable of doing the work of 44 money transmitter licenses.

4. Stay offshore

The largest of the stablecoins, Tether, has adopted the last regulatory strategy: stay offshore. That is, Tether operates from the Cayman British Virgin Islands where it issues a U.S. dollar stablecoin. Tether's Cayman's-based Bahamas-based bank, Deltec, manages Tether's banking needs. And thus Tether avoids the necessity of setting up a New York or Nevada trust, or acquiring 44 money transmitter licenses.

The drawback of this structure is that that Tether can't operate in the U.S. Tether's terms of service prohibits "U.S. persons" from using the product.

Conclusion

In sum, those are the four regulatory strategies I've seen stablecoins pursue. Whereas stablecoins are often criticized for being unregulated, I think my post suggests the opposite. Yes, Tether can be criticized as such. But the New York and Nevada trust company models stand out for providing a significant amount of safety to stablecoin consumers, the NYDFS's approach particularly so because it has explicitly named and recognized stablecoins as products.

If you have comments or criticisms, do share them in the comments section of this post.

Postscript:

You'll notice that the first three strategies all operate at the state level. That is, the financial regulatory framework under which the major stablecoins are currently operating is governed by state licensing boards, and not at the national level by Federal banking regulators.

Might stablecoins eventually jump from a state-by-state framework to the national one?

One of the major financial banking regulators, the Office of the Comptroller of the Currency (OCC), has suggested that Federal financial institutions can support stablecoin transactions, but only if they involve "hosted wallets." A hosted wallet is a digital account hosted by a third-party financial institution. An unhosted one is controlled by the consumer.

But all of the big stablecoins I've mentioned in my blog post allow oodles of unhosted activity, so I suspect that Federal banks regulated by the OCC can't do business with them. Paxos, for instance, has recently secured a national trust bank charter from the OCC. But it appears that Paxos won't be using this national charter as the regulatory home for either the Paxos Standard and Binance USD stablecoins. Its NYDFS-chartered trust company will continue to be the regulatory anchor for its two stablecoin products.

Monday, July 26, 2021

Are the Bank of Canada's bond purchases illegal?

Pierre Poilievre, Conservative MP for Carleton, alleges that the Bank of Canada's bond buying program contravenes the Bank's powers enunciated in the Bank of Canada Act.

Allegations that the Bank of Canada has broken the law should be taken very serious. They should not be made lightly, either. We give our public servants at the Bank of Canada a wide range of powers to enact monetary policy, but only within the bounds that we permit them.

Poilievre has been actively criticizing the Bank of Canada's pandemic response ever since Covid-19 hit in 2020. I can't say I've ever seen as much Bank of Canada-targeted criticism emanating from a single Canadian politician since Poilievre began his campaign. It breaks with a long Canadian political tradition of staying (mostly) silent on the Bank of Canada's operations.

I have mixed feelings about Poilievre's approach. Yes, it's great to have more public discussion about arcane topics like the Bank of Canada Act. On the other hand, up till now Canada has avoided most of the hyperbole and conspiracies that bedevil U.S. central banking. It would be nice if things stayed that way.

Poilievre's allegations were first aired in Parliament in June. A month later he posted them on Twitter, where I became aware of them. (They garnered over 900 retweets, which is a lot for a tweet about an arcane issue like the Bank of Canada Act!) Poilievre's claims are based on his reading of Section 18(j) of the Bank of Canada Act. Section 18(j) allows the Bank to make loans to the Federal government, but those loans should not "exceed one-third of the estimated revenue of the Government of Canada for its fiscal year."

Poilievre calculates that given 2021 government revenue estimates, this would cap Bank of Canada loans to the Federal government at $118 billion. Poilievre then points to the Bank of Canada's purchases of Government securities, which have pushed the Bank's holdings of Federal government debt above the $400 billion level. Poilievre suggests that this contravenes 18(j).

The allegations caught the attention of columnist Andrew Coyne, who takes a dig at Poilievre:

In fairness to Poilievre, it's not unimaginable that the Bank of Canada has done something illegal and no one has noticed but him. 

Back in August 2007, after all, the Bank of Canada announced its intention to extend its purchases of certain kinds of securities. It was responding to the first signs of a nascent crisis in credit market. Unfortunately it lacked jurisdiction to purchase these instruments. Its actions were unwound by September 2007 in order to bring the Bank back in compliance with the Bank of Canada Act.

I only know this because I phoned the Bank of Canada up that August wondering what legal justification it had for its actions. Several awkward conversations later, it was apparent that a mistake had been made by bank officials.

My observations made their way into a report that December for the CD Howe Institute. From there a process to update the Bank of Act began. After discussions in Parliament (including a contribution from then-governor Mark Carney here) the eventual result was an update to the Act in the spring of 2008. Tucked into Bill C-50, changes included striking out Section 18(k) and rewriting Section 18(g).

These modifications to the Bank of Act made it permissible for the Bank of Canada to conduct the purchases it had originally set out to do in August 2007, and prepped it for the much bigger fallout to come: the September 2008 credit crisis.   

So maybe Poilievre has caught a breach of law. It's happened before. That being said, echoing Coyne (who cites economist Mike Moffatt), I'm not convinced by the meat of Poilievre's argument.

In response to Poilievre's allegations about 18(j) being broken, Bank of Canada officials would probably respond that their large-scale asset purchases are authorized under Section 18(g).

The Bank of Canada's ability to make securities purchases for monetary policy purposes is set out in Section 18(g), which replaced the much narrower 18(k) in 2008. The scope of Section 18(g) is very broad. First, it is open-ended about what instruments it allows the Bank to purchase. These securities can include bonds, stocks, commercial paper, mortgage-backed securities, and more.* Second, 18(g) doesn't say anything about the Bank's purchases needing to happen in the open market. If necessary, the Bank of Canada can buy straight from the issuer.

The bit of legalese that Poilievre points to, 18(j), only applies Bank of Canada loans to the Government, say a line of credit or some other type of credit facility. Because the Bank has limited its interaction with the government to buying securities, 18(j) hasn't been triggered. And so Poilievre's allegations are just that, allegations.

Section 18(j) was devised to prevent the Bank of Canada from financing the government and preserving the Bank's independence, as Poilievre rightly points out here. And I think that's a laudable goal.

In that spirit, it's worth considering that most (but not all) of the Bank of Canada's purchases of government bonds have occurred in the open market. That is, most of the securities in the Bank's government bond portfolio were bought only after the public had initially purchased them from the Government. So in a sense, the Bank has prudently removed itself from the initial price discovery process.  

More specifically, the Bank has purchased $362 billion in Government bonds since March 2020. Of that amount, $303 billion, or 84%, was bought in the open market. The remaining $59 billion was bought directly from the Government.

Even when the Bank does participate in bond auctions, it does so on a non-competitive basis. That is, the Bank pays the average of all competitive bids submitted to the auction. The competitive bids are provide by banks and other primary dealers. This practice further prevents the Bank of Canada from playing an active role in setting the government's cost of capital.

So to sum up, I think the Bank of Canada is on firm legal ground. Furthermore, I also think the spirit of 18(j), a prohibition on financing the government, remains intact.


* The one security that Section 18(g)(i) deems to be off limits are instruments that "evidence an ownership interest or right in or to an entity." If I recall correctly refers to certain types of asset-backed commercial paper (ABCP).

Thursday, July 22, 2021

The dollar isn't a meme


"Currencies are not memes that only have value because governments say they do," writes Brendan Greeley for the Financial Times. 

I agree with him.

The dollar-as-meme claim is often made by cryptocurrency enthusiasts. That this idea would emanate from the cryptocurrency community makes sense, since cryptocurrency prices are a purely meme-driven phenomenon. There is no cryptocurrency for which this is more apparent than Dogecoin, a cryptocurrency started as a joke and sustained by shiba inu gifs, but it applies equally to Doge's older cousin, Bitcoin. The harder you meme the higher a cryptocurrency's price, as the image at top suggests.

And so for cryptocurrency analysts, getting a good understanding of a given coin's value is a matter of picking through its underlying memes and meme artists. 

But if cryptocurrency analysis is ultimately just meme analysis, what sort of analysis applies to dollars?

Dollars issued by banks are secured by the banks' portfolio of loans, Greeley reminds us. And so they are subject to credit analysis, not meme analysis. An analyst appraises the quality of the bank's investments in order to determine the soundness of the dollar IOUs the bank has issued.

As for central banks like the Fed, they are just special types of banks, says Greeley, and so the dollars they issue are also subject to credit analysis.  

The idea that the money issued by central banks—so-called fiat money—is subject to the same credit analysis as any other type of debt security is a point I've also made on this blog. There are certainly some odd features about Fed dollars or Bank of Japan yen, but ultimately they are just another form of credit.

What sort of credit is fiat money? There are many different kinds of credit instruments, from bonds to deposits to banknotes, each with its own unique features. To see where central bank money fits, I've made a chart that illustrates how credit instruments differ across three different criteria (click to expand).


The first criteria along which to compare credit instruments is whether the instrument is redeemable on demand by the holder or not. That is, if I own a given credit instrument, or IOU, can I bring it back to the issuer, or debtor, at a time of my choosing and redeem it for something?

The second category concerns the instrument's maturity. Does it stay outstanding forever i.e. in perpetuity? Or is it term debt? When a credit instruments has a term, that means that it expires after a predefined period of time, the debtor cancelling it and paying back the the original amount lent.

The final category is whether the instrument pays interest or not.

By toggling these various features, we arrive at the eight different types of credit instruments, examples of which I've listed on the right side of the graphic.

As you can see, the Fed's dollars, the ECB's euros, and the Bank of Japan's yen are type 5 and type 6 credit instruments. Central banks issue two types of money: physical banknotes and electronic balances (sometimes known as reserves). Electronic central bank reserves pay interest. Banknotes do not.

Apart from that, banknotes and electronic balances are very similar instruments. Neither of these two credit instruments is redeemable on demand. That is, you can't bring a banknote back to the issuer at 5:30 PM Friday and redeem it for something. (This same lack of on-demand redeemability characterizes bonds and certificates of deposits.) And they are both perpetual, much like a perpetual preferred share or non-expiring coupons/gift certificates.

Removing a credit instrument's redemption-on-demand feature doesn't stop it from being a credit instrument. It just changes it into a different type of credit instrument. Yes, probably an inferior one, but a credit instrument nonetheless.

For instance, if a retractable bond (type 3) suddenly loses its retractability feature (and is no longer redeemable on demand by its owner) it doesn't stop being a credit instrument. It simply switches to being a regular bond (type 7). Likewise, if a perpetual puttable preferred share (type 1) loses its puttability, it doesn't stop being an IOU. It becomes a new type of credit instrument, a regular perpetual preferred share (type 5).

This same principal applies to those credit instruments we call money. Decades ago the Fed's dollars were redeemable on demand into gold, and thus they were a type 1 or 2 credit instrument. When the Fed removed redemption back in 1934, dollars didn't become mere memes. Rather, they were converted into a different type of credit instrument, a type 5 or 6 credit instrument.

Once a credit analyst has figured out what kind of credit instrument they are dealing with, their work is only half done. Next they have to go back and look at the underlying issuer. How solid is it? Does it have sufficient assets to guarantee the credit instruments it has issued? Do it generate enough income to keep paying interest? Is the issuer linked to affiliates, parents, or other third-parties who might strengthen or diminish the issuer's credit?

As you can see, none of this is meme analysis. It is credit analysis.

To recap, dollars issued by the Federal Reserve are perpetual credit instruments that lack an on-demand redemption feature. To determine how solid the Fed's perpetual non-redeemable credit instrument are, you'd want to do an analysis of the Fed's finances. That should also include investigating the soundness of the Fed's parent, the U.S. government. Does the parent's finances further enhance the Fed's credit, or detract from it?

So dollars don't only have value because the government says they do. Just like Tesla's financial health determines the value of Tesla bonds, the financial health of the issuing central bank (and its parent) is  key to determining the value of central bank money.

If you want to do meme analysis, stick to Dogecoin and Bitcoin.

Monday, July 12, 2021

Those 70s ACH payments

Here is Facebook's David Marcus, who has been involved in rolling out Facebook's much-touted Libra/Novi/Diem payments system:

By ACH, Marcus is referring to automated clearinghouse payments. If you want to pay your phone bill, the payment gets sent to a clearing house, which batches your payment together with many other payments and then settles it the next day. These systems were built in the 60s and 70s.

I don't want to pick on Marcus, since he isn't the only one with this view. But modern money no longer moves at the pace of early 70s ACH. His critique would have made sense maybe 6 or 7 years ago, and only in the US. But that's not the case in 2021.

The speeding up of modern payments is a great success story. Let me tell you a bit about it.

To begin with, central banks and other public clearinghouses have spent the last 15-or-so years blanketing the globe with real-time retail payments systems. Europe has TIPS, UK has Faster Payments, India has IMPS, Sweden has BiR, Singapore FAST. There must be at least thirty or forty of these real-time retail payments system by now. 

The speed of these new platforms get passed on to the public by banks and fintechs, which are themselves connected to these core systems. In the UK's case, for example, consumers can bypass the slower ACH system, BACS, which takes three days to settle, by choosing to make their bank payment proceed via the Faster Payments system.

The U.S. is lagging. The Federal Reserve's FedNow retail payment system, which will facilitate real-time retail payments, won't be in place till 2024, more than 15 years after UK's Faster Payments was introduced. So Marcus's tweet could just be a function of having a U.S.-centric viewpoint.

However, the Fed's private competitor, The Clearing House, has had a real-time settlement system in place since 2017, the Real-Time Payments (RTP) network. Roll-out has been slow, but as of July 2021 The Clearing House claims that RTP reaches 56% of U.S. checking accounts. 

RTP illustrates that it's not just central banks that are facilitating real-time payments. Private players are too. Visa and MasterCard, for instance, built their own proprietary real-time person-to-person payments platforms, Visa Direct and MasterCard Send, on the back of their debit card networks.

As Arturo Portilla points out, Visa Direct and MasterCard Send don't actually settle payments in real-time. They only clear them. From the perspective of the consumer, however, it makes little difference. Ned can send Jenny $100 using a Visa Direct enabled account, and Jenny can then spend that $100 within moments of receiving it. (Ned and Jenny's banks settle up the next day.)

In 2017 U.S. banks debuted Zelle, a now ubiquitous instant person-to-person bank payments option. Zelle was built using the Visa Direct and MasterCard Send networks. And now Zelle is being connected to The Clearing House's RTP network, too. Which means that settlement can be done in real-time.

Perhaps Marcus's ACH critique is limited to non-domestic transactions. But even cross-border payments are also going quicker.

Remittance companies like Western Union and MoneyGram are leveraging Visa Direct and MasterCard Send to do instant cross-border transfers. As of late 2020, Western Union was facilitating real-time payouts to 80 countries. MoneyGram recently announced that 575 corridors from 25 countries in Europe would go instant thanks to an integration with Visa Direct, complementing its existing instant payments options from the US.

Transferwise, another global remittance company, is dispatching up to 38% of its remittances instantly. Whereas Western Union and MoneyGram are building on top of Visa Direct and MasterCard Send, my understanding is that most of Transferwise's success in speeding up remittances comes from integrating with the new retail real-time payments systems I listed above, like Singapore's FAST and UK's Faster Payments.

Let's not forget SWIFT gpi, which is bringing a new speed standard to corporate cross-border payments.

Even the ACH network that Marcus criticizes is upping its game. ACH payments have typically not settled till a day or two after origination, which meant consumers have had to wait for salaries and bill payments to settle. But in 2017, same-day ACH was introduced. It's taken some time for this option to gain adoption. As of the first quarter of 2021, only 2% of all ACH transactions are done on a same-day basis.


But same-day ACH is getting better. In 2020, the limit for same-day payments was raised from $25,000 to $100,000. Just this year a third window for clearing and settling same-day ACH payments was introduced, 6:30 PM EST, making same-day ACH even more convenient for Californians and others in later time zones. Next year, limits will be raised from $100,000 to $1 million.

Lastly, Marcus maligns slow in his tweet. But remember, slow can be a good thing, too. Slowing down transactions allows us to batch them together and cancel out reciprocating payments, thus reducing the amount of work our payments systems must do. And this makes our payments systems cheaper. (I've written two articles on this topic, here and here.)

The ideal payments ecosystem isn't slow or fast. It provides a combination of slow, medium, and fast options. The Libra/Diem/Novi project project that David Marcus is working on will fit in somewhere on this spectrum. The more options, the better off are consumers. But 70s ACH is no longer a very realistic way to describe modern money.

Monday, June 28, 2021

There are two kinds of people who label bitcoin a ponzi

There are two kinds of people who label bitcoin a ponzi. The first group is made up of salty nocoiners who launch the word ponzi as an insult. These people disliked bitcoin and/or bitcoiners pretty much from the get-go. They criticize it at every chance they get.

The second group uses the word ponzi in a neutral, or analytic sense. They aren't describing bitcoin as a ponzi in order to insult bitcoin, but in the same way that a biologist would describe a certain mosquito as belonging to the family Culiseta longiareolata rather than Culiseta minnesotae.

In philosophy, this distinction is captured by the contrast between descriptive and normative statements. A descriptive claim is one that describes a situation. "Brutus killed Caesar." A normative one is that makes some sort of value judgement about how things ought to be. "Killing is wrong."

Likewise, economists distinguish between positive and normative economics. (The economic distinction is the same as the philosophical distinction, so I won't rehash it, but here is a good article.)

So returning to our two kinds of people who label bitcoin a ponzi, the first is hurling normative statements about bitcoin. "Ponzis are frauds, which makes them bad. And bitcoin is a ponzi, so it too is a fraud." The second group is making descriptive or positive statements about what sort of thing bitcoin is in the universe of financial things.

Now, bitcoiners tend to bristle at all bitcoin is a ponzi statements. And that's because they perceive them to be attacks on their tribe. And the normative statements are, for the most part, designed to be attacks. And so bitcoiners raise their defences and engage in blustery counterattacks. These counterattacks are also composed of value-laden normative statements.

I find these flareups of normative versus normative statements to be unhelpful.

The positive/descriptive claim that bitcoin is a ponzi isn't an attack. And it can't be countered with ideological bluster. It deserves a much more nuanced critique.

And to clarify, the word ponzi is not an entirely accurate description of what bitcoin is. Back in 2017 Preston Byrne provided a more precise description of Bitcoin as a Nakamoto scheme. Give it a read. It's quite well-written. For my part I've been using the Bitcoin as a chain letter descriptor since 2018 and more recently here.

Byrne's and mine are essentially the same idea, that bitcoin is a ponzi. Except not quite. Bitcoin is a decentralized ponzi scheme, one without a schemer. I describe it as an honest chain letter. Byrne uses the word automated.

After all these years, I still haven't seen a convincing explanation for why bitcoin is neither a Nakamoto scheme nor an honest chain letter. That is, I haven't seen a good positive/descriptive response to the positive/descriptive statement that bitcoin is a decentralized ponzi. One of the best alternative theories, bitcoin-is-money, broke down long ago in the face of empirical evidence. And the bitcoin-is-gold description isn't panning out too well.

Bitcoiners haven't turned the perceived slight into a virtue. If someone is calling you names, then proudly adopt the slur. If the descriptive statement bitcoin is a ponzi is accurate and popular, then adopt it and make it your own. "Yep, of course bitcoin is a chain letter/Nakamoto scheme. And that's a good thing."

I mean, there are many ways to go about making bullish normative statements about bitcoin being a ponzi. For instance, a chain letter is managed in a decentralized manner. That make it almost impossible for authorities to suppress them. A creative bitcoin meme artist could rejig this descriptive statement into a celebration of bitcoin being impregnable.

Put differently, up till now all normative statements invoking bitcoin's ponzi nature have been used by critics to attack bitcoin. Where are the normative statements that embrace bitcoin's ponzi nature in order to defend bitcoin?


P.S. After publishing this post, someone sent me a perfect example of a meme that puts a positive slant on bitcoin's ponzi nature.

Tuesday, June 22, 2021

A short and lukewarm defence of anti-money laundering standards


These days it seems that everyone is a critic of anti-money laundering rules. In this post I want to try and defend our current approach to anti-money laundering.

I'm writing from the perspective of an outsider. That is, I'm not a regulator. Nor am I a member of the growing anti-money laundering industry. Mine is a lukewarm defence. I'm not terribly wedded to my views.

First, a quick definition. What I mean by anti-money laundering rules are the set of standards that banks and other financial institutions have to follow to prevent criminals from using them. For instance, a cryptocurrency exchange is required to verify ID before it can open a new account. For international wires, a bank must follow the travel rule and send their customer's personal information to the recipient bank. This is just a sample. There are hundreds of rules.  

I want to start waaay back at the beginning with first principles.

1) Should money laundering be a criminal offence?

Society has criminalized money laundering. But we could also imagine living in an alternative universe where money laundering is perfectly legal. In this parallel world a criminal could walk into a bank with $1 million in cash, announce loudly that they had stolen it, and the banker could casually accept the criminal's deposit without ever having to worry about being indicted for laundering money.

But we don't live in that world. It's illegal for the banker to knowingly accept a $1 million deposit of dirty money.

When I think about money laundering I put it in the same category as fencing. Criminalizing money laundering makes sense to me for the same reason that fencing is illegal.

A fence is a third party who specializes in providing burglars and thieves with a market to re-sell stolen property. The fence knows full well that they are contributing to the process of facilitating property theft. They may have an explicit relationship with the thief, or they may only have a pretty good idea that the goods they are buying are stolen. But they partake anyways. And so like the original thief, they are guilty of hurting innocent victims.

A banker who launders money is like a fence. They specialize in providing fraudsters and mob families with a venue for depositing and converting stolen money. Because they are knowing participants in this transactional chain, these bankers abet the original crime, just like a fence does.

We could decriminalize the acts of money laundering and fencing. But I think this would be a mistake. Any financial intermediary who deliberately specializes in serving a criminal clientele is engaging in the very same act as the criminal themselves. It's wrong and deserves to be made illegal.

2) Should we have anti-money laundering standards?

If you accept my premise that money laundering should be criminalized, I think that you should also accept that we need an anti-money laundering standard. That is, you should agree that we need a minimum set of anti-money laundering rules that all financial institutions are required to implement.

Consider Jack, a banker. He specializes in providing financial services to criminals. If money laundering is declared illegal, Jack can avoid prosecution for money laundering by following a policy of don't-ask-don't-tell or ask-but-don't-check. That allows him to continue serving his criminal clientele while not explicitly running afoul of society's prohibition on laundering money.

To close these don't-ask-don't-tell and ask-but-don't-check loopholes, we need a standard, a minimum set of anti-money laundering rules that Jack and all his banking competitors must implement. Without a standard, the criminalization of money laundering is meaningless. We'd be letting the Jacks run rampant, and that equates to living in a world where money laundering is "illegal" but is actually permitted.

Put differently, if you don't support anti-money laundering standards, then you effectively support a decriminalization of money laundering.  

3) Is our current standard the right standard?

You may agree that money laundering should be criminalized, and you may also agree that we need to augment this with a standard set of rules to prevent folks like Jack from exploiting loopholes. Which gets us to our third and last point: is our current standard the right one?

Our current standard involves requiring every bank to set up strict know-your-customer (KYC) procedures, thus (hopefully) keeping criminals out of the system.

KYC comes at a cost. First, it is expensive for financial institutions to implement, favoring incumbents. Second, KYC shuts those who lack ID out of the financial system. Lastly, according to the UN, privacy is a fundamental human right. Universal KYC sacrifices this right by forcing everyone to give up their valuable personal information to an assortment of financial institutions.

Privacy advocates are appalled at the costs of KYC. On the other hand, calling for the abolition of KYC requirements on human rights grounds would be tantamount to endorsing the decriminalization of money laundering. After all, without KYC we would be allowing dirty bankers like Jack to operate with impunity. One of the two ideals, either the criminalization of money laundering or privacy as a fundamental human right, inevitably has to give.

For now, we accept the costs or KYC as the unfortunate by-product of our original choice to make money laundering illegal. It's not an easy compromise, but we're plowing ahead with it.

What if it was possible to improve our current standard so we could reduce the aforementioned deficiencies while still catching the Jacks of the world? Dave Birch recently described a different sort standard. Instead of keeping criminals out, maybe banks should let them into the financial system (by setting up minimum KYC) and then use AI and analytics to catch them. (Presumably all of those good actors who formerly lacked ID can now get the financial services they deserve.)  

It's an interesting idea.

So to sum up, I'm tepidly in favor of current anti-money laundering standards. First, I support the criminalization of money laundering. And second, I accept that we need a minimum set of rules and standards to out the Jacks of the world. Third, I'm not sure if our current standard is the best. Maybe it is, maybe it isn't. I'd like to learn more. If we can squeeze out a bit more privacy while still catching the same number of money launderers, I'm all for it.

Friday, June 11, 2021

Why do ransomware gangs like bitcoin? It's the censorship resistance

A new type of crime has recently emerged: big-ticket repeatable ransomware. Bitcoin is the chosen payments method for ransomware gangs. But these gangs don't use bitcoin because it is anonymous. They've chosen it because it is censorship-resistant.

Here's a quick illustration of how ransomware works. A university's servers are encrypted by a ransomware operator. Common victims also include corporations, hospitals, or police departments. Only a payment of, say, $1.14 million in bitcoins will release them (see below). The gang may up the ante by threatening to auction off the institution's data if a ransom isn't paid.

Ransomware isn't new. What is new and unique about the recent spate of ransom attacks is that they are:
 
big-ticket
factory-scale

That is, the average size of these attacks registers around $170,000, according to Sophos. Prior bouts of ransomware involved much smaller amounts. Secondly, these aren't isolated one-off attacks. They are manufactured at industry-scale with gangs like Ryuk or REvil carrying out dozens of attacks each day.

What makes bitcoin such a great tool for carrying out big-ticket repeatable attacks?

It's not the anonymity. A lot of people think that bitcoin is anonymous it's actually pseudonymous. All bitcoin transfers can be seen on the blockchain, or Bitcoin's public ledger. This is inconvenient for ransomware gangs because a ransom can be tracked from the original victim to its final destination. While it's possible to use a tool called a mixer to obfuscate one's bitcoin transactions, most ransomware gangs don't bother. Nor do gangs use cryptocurrencies that provide native anonymity, like Monero.

All of this points to the fact that anonymity is not really important to Ryuk, REvil, and other ransomware operators.

So what is it about Bitcoin that is attractive to these gangs? The feature they are after is something called censorship resistance. That is, Bitcoin allows value to be electronically transferred across vast distances without being halted or frozen. A ransomware gang can extort $1.14 from a victim in a country like the U.S. with strong law enforcement and repatriate it to a country with weak law enforcement like Russia, and then sell it for hard cash all without having to worry about a bank or the FBI freezing their funds somewhere in-between.

Bitcoin isn't the only censorship resistant payment network.

You wouldn't think it, but gift cards like iTunes and Google Play cards are (semi) censorship resistant payments networks, and it is for this reason that they've become popular with criminals. Scammers in call centres located in India frighten their U.S. victims with the fake threat of being apprehended by IRS agents, then tell the victim send a $500 gift card number by text in order to be exonerated. The gang will either resell the card number for cash or spend the balances in an app that they control. Gift card issuers don't have effective measures to freeze balances, so the bad guys can more-or-less use gift card networks with impunity.

So why are today's ransomware gangs using bitcoin instead of gift cards to extort money from the likes of the University of California San Francisco?

At the outset of this post I specified that one of the unique features of modern ransomware is that it is big ticket. A gang that wants to extort a victim for $1.14 million can't do so using gift cards. The maximum gift card size is $500. University of California San Francisco would have to buy 2,500 cards and send the attacker all the card numbers. And then the gang would have to launder all those cards. It's just too inconvenient. 

No, some other payment rail is necessary to do big ticket ransoms. Bitcoin is perfect for this there is no limit on transfer size.

What about carrying out big ticket ransom attacks via wire transfers? A wire transfer is an electronic payment from one bank account to another, often overseas.

Wire transfers are ideal for big ticket payments, but they aren't censorship resistant. Banks require identification and can freeze suspicious transfers. Our ransomware gang might be able work around this by setting up a network of money mules and accounts using fake ID in a foreign jurisdiction with weak law enforcement. They could then order a victim such as the University of California San Francisco to wire $1.14 million to the gang's foreign bank account. If the $10 million successfully arrives without being frozen, the gang  quickly withdraws the funds as cash before an injunction arrives.

But remember, the second key feature of modern day ransomware is that these gangs are carrying out multiple attacks each day. Setting up fake accounts at various foreign banks in order to receive wire transfers requires a lot of effort. Once one account has been used, it is compromised forever. By contrast, using the Bitcoin network over and over is a cinch. 

In short, wire transfers don't scale. Only Bitcoin allows for the mass production of ransom payments.

So now we know why ransomware gangs like to use Bitcoin. It's not the anonymity. Rather, Bitcoin opens up the field to big-ticket repeatable censorship-resistant payments. 

The next question we may want to ask ourselves is this: should we try and modify the Bitcoin payment network to stop these attacks?

We have a long history of making changes to payments systems that have become popular with criminals. When electronic gold issuer E-Gold became a tool for carders, it had to introduce a customer identification program. Western Union became a haven for “wire money to get me out of jail!” scams. It was fined and introduced much stricter know-your-customer rules. In the early 2010s Green Dot's MoneyPak became a popular network for FBI scams. Green Dot shut MoneyPak down for a year and rebuilt it from scratch to make it much harder for scammers to penetrate.

Bitcoin can't be modified, though. It is censorship-resistant. Which means we need other responses.

One possibility is to ban cryptocurrency. But as I wrote in a recent article for the Sound Money Project, I'm not a big fan of that solution. It seems like overkill. Rather, I suggested putting an embargo on the ransom payments themselves in order to cut off ransomware gangs' revenue. (I also fleshed this idea in an article for Coindesk in 2020.)

Here's another option. The U.S. government could make it difficult for ransomware operators by dusting off Section 311 of the USA Patriot Act. Let me explain how this would work.

A big chunk of the ransom payments that gangs like REvil collect are routed to cryptocurrency exchanges in jurisdictions with minimal anti-money laundering controls. The bitcoins then get converted into cash. Without these liquid offshore exchanges, it would be difficult for ransomware operators to launder their funds into spendable cash.

According to cryptocurrency analysis firm Chainalysis, one large Russian cryptocurrency took in nearly 44% of all ransomware funds sent to exchanges in 2019. (Chainalysis refused to name names). More recently, I stumbled on the following anecdote. It shows how a certain Russian exchange (perhaps the same one that Chainalysis mentions?) converts incoming bitcoin ransomware directly to U.S. dollar banknotes.

Now, without rogue exchanges such as the one above it would be difficult for ransomware operators to engage in business. But these exchanges are usually located outside of U.S. jurisdiction, so there seems to be little that the U.S. can be done about it.

This is where Section 311 comes in.

Section 311 allows the the Financial Crimes Enforcement Network (FinCEN), an arm of the U.S. Treasury, to designate any foreign based financial institution (like our Russian cryptocurrency exchange) as a primary money laundering concern. Once so designated, it becomes illegal for any U.S. financial institution to interact with the listed entity. 

For those readers with long memories, Section 311 was used to shut down Liberty Reserve, a Costa Rican-based electronic money issuer that became popular with criminals involved in identity fraud and credit card theft. Below is a list of entities that have been designated under Section 311.

Entities designated by FinCEN under Section 311 of the Patriot Act

What really provides Section 311 with the extra oomph for reaching rogue exchanges is that it allows FinCEN to require that U.S. financial institutions stop doing business with any other entity that provides banking services to the designated entity. Think of this strategy as the friend of my enemy is my enemy. Any Russian bank that offers an account to the offending Russian cryptocurrency exchange could be cut off from the U.S. banking system, too. Because the U.S. market is such an important market, most Russian banks will stop doing business with the exchange just to stay friendly with the US.

So Section 311 would cripple ransomware-friendly exchanges by severing them from the financial system. And without these rogue exchanges, it becomes much trickier to be a ransomware gang.

To sum up, Bitcoin is censorship-resistant. That's why ransomware gangs like it. This very same feature also prevents democratic societies from modifying the Bitcoin protocol to exclude ransomware gangs. Bitcoin may be censorship resistant, but the venues where it is traded are not. Section 311 and other tools that allow for leverage over these venues remain one of the best ways to attack bitcoin-based ransomware.