I began exploring the topic of financial privacy and payment anonymity in the early days of this blog. Over the past decade, my views have shifted significantly—here's how and why.
Rereading my earliest mentions of financial privacy, they now seem a bit... idealistic? extreme? For instance, in my 2014 post entitled Fedcoin, a central-bank issued digital currency, I suggested that the product should be 100% anonymous, like coins and banknotes.
Criminals would undoubtedly exploit unlimited anonymous digital currency, as I acknowledged in a 2018 article entitled Anonymous digital cash. But I figured that the bad guys would find their own ways to transact anyways, say through their own mafia-created payments system, so central banks may as well go forward with anonymous digital currency, the benefits to civil society of unlimited e-cash ultimately outweighing the cost.
I wouldn't support these same ideas today, or would at least modify them, as I'll show further down.
But idealistic and extreme aren't quite the right words. I think that I was right, at least when looking at things from a certain vantage point, but it was still early in my blogging career and I hadn't yet explored other vantage points
To be clear, financial privacy, or the ability to make transactions anonymously or near-anonymously, isn't just something that criminals require. It's crucial for regular folks, too, and in my earlier blog posts I spent a lot of time detailing why this is so. After a cashier dropped my card behind the counter (and potentially skimmed it?), I wrote that cash provides buyers with a "shield from everyone else involved in a transaction" in my 2016 post In praise of anonymous money. And I still agree with that, and to this day always pay with cash when the store I'm at feels a bit sketchy. I worry that this shield will disappear as cash usage continues to decline.
Civil society's need for private transactions isn't just a weird fringe view. In a 2018 entitled Money is privacy, I described the work being done on privacy and payments by Federal Reserve researchers Charles Kahn, James McAndrews, and William Roberds. Licit transactions can unintentionally evolve into a long-term relationship, they write, including clawbacks, extraterritorial rulings, and new forms of product liability. To boot, personal information linked to digital transactions can be stolen in data breaches.
According to the three Fed researchers, the ability to transact anonymously converts a potentially thorny transaction into a one-and-done relationship. Licit payments that might have otherwise been deemed too dangerous can proceed, the extra trade making the world better off. (See also my 2020 article Central banks are privacy providers of last resort.)
As for crypto, I've described blockchains as dystopian hellscapes or panopticons, because every single transaction is mapped out for all to see. That makes blockchains just awful places to carry out conventional business. Firms require a degree of secrecy in order to hide their corporate strategies and tactics from competitors—but the medium doesn't permit secrets. Blockchains need more privacy. (See my 2022 post DeFi needs more secrecy, but not too much secrecy, and the right sort of secrecy).
So what changed?
Starting in 2018, I focused more on studying fraud, including ransomware, tax evasion, and gift card schemes. I found gift card fraud particularly intriguing: semi-anonymous payment systems linked to Google Play and Apple iTunes have enabled an entire industry of scammers, including IRS and tech support fraudsters, to launder stolen funds. Network operators like Google and Apple, as well as major retailers such as Target and Walmart, quietly profit from all of this fraud. (See Gift Cards: When Good Products Do Bad Things [2021] and In-game virtual items as a form of criminal money [2019].)
Which led me to my next big truth: if privacy is crucial, so is the necessity of criminalizing money laundering.
Money launderers are the financial intermediaries who, knowing full well that a customer's funds are dirty, conduct transactions with them anyways, in a way designed to disguise its source.
The willful laundering of a criminal's money is an extension of the original crime, making a launderer just as morally and ethically culpable as the criminal they are helping. By facilitating the final release of illicit funds, the money launderer enables the crime to fulfill its purpose, completing the damage caused by the initial offense—be it theft, extortion, or human smuggling. This is why the launderer's actions deserve to be criminalized. (See A short and lukewarm defence of anti-money laundering standards from 2021).
The crime of money laundering bears a striking resemblance to the centuries-old crime of fencing—the art of accepting and redistributing stolen property. (See my 2024 post "I didn't launder the cash, your honor. The robot did") In earlier times, thieves were responsible for reselling their stolen goods themselves. However, by the 17th century, this task was often outsourced to specialized intermediaries, or 'fences.' At first, there was no legal term for this crime, but in 1692, England formally criminalized fencing, and deservedly so.
Thinking more about the crime of money laundering led me to become more critical of stablecoins, for instance. From 2014-2018 my articles on stablecoins were mostly neutral or positive, but now my posts focus on the fact that stablecoin issuers, by turning a blind eye to those using their platform, have allowed themselves to become launderers for all types of criminals. (Among others, see my 2019 post From unknown wallet to unknown wallet and my 2023 post Why do sanctioned entities use Tether?)
At this point, you may be able to see my conundrum.
If, like fencing, money laundering should be criminalized (and indeed it is illegal in most parts of the world), that collides with my prior belief in the importance of financial privacy. After all, the only way for a banker, money transfer agent, or stablecoin issuer to be safe from a money laundering charge is to show that they did a good faith job collecting enough personal information to ensure that they weren't dealing with criminals. And giving up personal information is necessarily privacy-reducing.
One way to resolve my conundrum would have been to pick a side and advocate for it, but I think both sides are important, so I've generally tried to find a compromise. Most of my writing on the topic over the last five or six years has been trying to wrestle with where to draw the line between financial privacy and the crime of money laundering.
My compromise position has generally advocated a privacy safe harbour for small day-to-day transactions. But anything above a certain monetary ceiling needs to be identified in order to avoid a money laundering charge.
Here are some examples of my often clumsy attempts to balance the two ideals:
- The purchasing power of the $100 note has been eaten away by inflation. Let's improve basic payments anonymity by re-introducing $500 notes, but burden those notes with a tax in order to make up for the benefits accruing to criminals. See my posts A tax, not a ban, on high denomination banknotes and Pricing the anonymity of banknotes from 2018, and Supernotes from 2019.
- If we’re going to issue a central bank digital currency, it shouldn’t be fully anonymous or fully surveilled. Instead, it should provide a limited, rationed degree of anonymity. See The dematerialization of cash (2017) and Anonymity vouchers (2019).
- Below a certain monetary threshold, cash transaction reports (CTRs) and suspicious activity. reports (SARs) needn't be filed, which means small transactions enjoy a degree of privacy. However, these thresholds are not adjusted for inflation. To preserve the small privacy safe harbour, those thresholds should rise over time in-step with the general price level. New financial products should enjoy the same shield. (See my 2020 article Why Aren’t Anti-Money-Laundering Regulations Adjusted for Inflation? and my 2023 posts In praise of anti-money laundering thresholds and Even crypto mixing deserves a threshold).
- While the crypto privacy bot Tornado Cash makes blockchain transactions private, it is also a money laundering machine, a point I made multiple times beginning in 2021 with Tornado Cash and money laundering. The proper way to build a privacy bot is to take a balanced approach that begins with screening out bad actors, and only then provides privacy, thus ensuring that the tool isn't used for laundering money. (I explore this balanced approach in my 2022 post Crypto’s privacy/commingling dilemma , my 2024 post "I didn't launder the cash, your honor. The robot did" and my 2023 article Thoughts on Privacy Pools and the law.)
Balancing the two ideals rather than taking an either/or approach has led me to adopt a more comparative approach to thinking about financial privacy. I've begun to analyze cross-country differences in the intensity of financial surveillance as conducted by national financial intelligence units. Canada, for instance, has chosen a balancing point that is far more in favor of financial privacy (and accordingly more accepting of money laundering) than the U.S. has, as illustrated in my 2024 post Your finances are being snooped on. Here's how.
So that's where I've landed after ten years of writing about privacy. Hard-core privacy advocates and civil libertarians would probably describe me as a sell-out or a wishy-washy centrist because I'm willing to compromise on financial privacy. Fair enough. But I do wonder how many privacy advocates would go so far as to call for an all-out decriminalization of money laundering. Doing so would maximize privacy, but surely no privacy advocate thinks that bankers who clean money for the mob should by allowed to walk free. We are probably closer than they think.
I look forward to seeing how my opinions evolve over the next ten years, as I'm sure they will. Thoughts or comments?
I have a similar arc, albeit over a much shorter timeline. Oliver Bullough’s “Moneyland” is a stark depiction of the mess that money laundering leads to. Thanks for this roundup - looking forward to reading a bunch of the linked pieces.
ReplyDeleteThanks for the book suggestion. I'll have to give it a read.
DeleteThe Tornado Cash situation actually presents interesting legal questions (can irrevocable smart contracts really be considered “property” of a sanctioned person or group?), but the facts around the token cloud the situation enough that I doubt we get good answers in the judgment.
ReplyDeleteYes, Tornado Cash brings up some interesting questions. You cite the OFAC designation, but there's also the separate DoJ indictment of the creators/operators, which seems cut & dried to me, in particular the money laundering charge which is text book laundering.
DeleteNo, irrevocable smart contracts are not property. That just became judicial precedent.
DeleteThe OFAC case which you're referring to and the DoJ money laundering charges are very different things. There's very little read-through from the immutable smart contract ruling in yesterday's OFAC case to the latter.
DeleteEven the coiners are saying this:
https://x.com/BillHughesDC/status/1861547331906117990
Suggest you do a bit more reading on the topic before chiming in with such authority.
Really interesting— like your idea of clean pools that can transact anonymously
ReplyDeleteI think the issue with criminalization of money laundering is the widespread perception and perhaps reality that most money laundering prosecutions have involved criminal activities where there was two party consent. So, things like drugs, obscenity/pornography, prostitution, etc. There are many people like famed Canadian law professor Alan Young who believe that Parliament has no right or business being able to criminalize any activity with two party consent and AML laws are a means to further Parliament's involvement in activity they have no business being in.
ReplyDeleteOn the other hand AML enforcement in recent years has genuinely shifted more towards crimes that don't involve two party consent. And Canada in particular has long had anti-fencing type laws that for example prohibit used car dealers and salvage/scrap yards from dealing in vehicles with destroyed or damaged VIN numbers even if the actual car in question wasn't stolen. So one might say AML laws as applied to banks are simply an extension of similar laws that apply to auto salvage/scrap yards.
" So one might say AML laws as applied to banks are simply an extension of similar laws that apply to auto salvage/scrap yards."
DeleteGood example, I hadn't thought of that before.
No comment on police action or prosecution but FINTRAC discloses intelligence against the crime of money laundering and nothing else - it is all that is in its mandate to do.
DeleteGoing back to 2012, when FINTRAC first started reporting suspected predicate offences, it is most often fraud, drugs and tax evasion. Drugs being the only two-party.
Also, I get that sometimes drugs could be considered two-party - but is that true of all levels of the crime chain? - Importers?
My very rough understanding of FINTRAC in Canada is they do work a bit more cooperatively with different policing agencies than FINCEN which has a much larger number of data consumers. If FINTRAC knows that the Montreal Police or the Toronto Police aren't very interested in prosecuting certain violations of the Criminal Code in their jurisdictions FINTRAC won't bother them with SARs or CTRs indicating activity the TO or MTL police consider low priority. Whereas say a more "conservative" jurisdiction like London, Ontario that has long taken a more letter of the law will get a differently tailored feed from FINTRAC.
ReplyDeleteLong story but many of the original Charter challenges to criminal code provisions related to things like drugs and obscenity took place in London, Ontario because the people challenging them couldn't get busted for breaking the law in Toronto because the police just weren't that interested in certain crimes. Hence the legal advocates involved moved to London to break the law and get into court.
FINTRAC is arm's length from law enforcement. Voluntary information provided by police may inform a disclosure but it will not result in a disclosure. FINTRAC must disclosure to law enforcement after reaching threshold to disclose. There is no wiggle room.
DeleteBank notes are numbered, most people carry a telephone with a camera, ergo there is an opportunity to track cash that has been available for decades, and yet no one mentions it. It would also make it trivial to eliminate counterfeit money at the same time. It seems odd that measures so simple have never been tried. Quo vadis?
ReplyDeleteYep, it could happen.
DeleteI've written two posts on how to track banknotes with serial numbers and a mandatory app:
- https://jpkoning.blogspot.com/2016/10/how-anonymous-is-cash.html
- https://jpkoning.blogspot.com/2019/12/the-watergate-banknotes.html
Interesting that you consider Canada to be more on the side of privacy. I am not sure if that was my take away from your post.
ReplyDeleteI thought this was pretty clear, no?
Delete"That's quite the contrast. Put differently, unlike their U.S. equivalents the RCMP, Sûreté du Québec, Ontario Police Police, and other policy agencies do not have the power to pull personal financial data willy-nilly from the government's database. This means far fewer eyeballs on Canadian financial records. As far as protecting the financial privacy of citizens, the Canadian access model does a better job. The U.S. access model is friendlier to law enforcement and stopping crime."
Okay, I understand. Perhaps I would suggest less privacy on the intel-side but more privacy on the enforcement-side.
DeleteYou could be right about that.
Delete"...less privacy on the intel-side..."
How so? Because Canada collects more financial records on a per capita basis?
I watched the "harmful tax competition" morph into crime prevention through Anti-Money Laundering. It is a farce. Banks no even call the fines a spank task as the tortious laws are so complex no one can comply.
ReplyDeleteFinancial instituitions are no police or investigators. In fact if it was not for their immunity under the AML laws they would have been sued into oblivion for the really dumb mistake they have made.
I suggest law enforcement fight crime, that is what they do. Bankers stink at it. Continue the SAR routine buy do not let banks have the authority to freeze accounts.
As for AML outside of financial institutions - forgetabout it. They are hopeless.
I am a fraud investigator and I have been deep inside many an AML problem. My solution jail those who knowingly assist money laundering. For those who did not look or care, ban them from any job in finance. As for the idiots - they are there own punishment.