Hammering on the BitLicense

We founded Circle to help people gain greater control over their own money. We hope to create tools and services that make it easy and profitable for people to operate as their own banks if they so desire, whether for them that means investing in digital assets, or making payments across fiat currencies with digital currency on the rails in the background, or leveraging higher-level financial instruments — all securely, affordably, instantly and globally.

But if the “BitLicense” becomes law as drafted, this way of giving people control over their own money will be impossible and illegal in New York. At Circle, we may be forced to block all New York residents from using our services. We’re not alone.

We’re realists. If we seek broad mainstream adoption — which is not the only path, but it is the path that interests us — then some form of regulated consumer protection is inevitable, and required for attaining banking, auditor, and underwriter relationships and operating fiat-crypto gateways (gaining such relationships today are impossible for most). Unfortunately the proposed “BitLicense” makes this worse, not better.

Our interest lies in working on the issues, not in waging PR wars with the NY DFS, so we’ve been raising alarms mostly behind closed doors and across tables. This approach has left some wondering where we stand. So for whatever it may be worth, here is my perspective.

BitLicense Issues

I choose to be optimistic: The “BitLicense” over-reaches, relies on vague and broad definitions, paints beyond its jurisdiction, and (regardless of intent) squashes innovation that stands to improve the lives of consumers across the globe — yet I choose to expect the next iteration of the proposal to repair many of these issues. Regs aren’t set in stone, and this was just a first draft. Looking at the Bank Secrecy Act and Dodd-Frank (which may never be completely implemented) informs some expectations.

However, I think one critical issue may prove to be an impasse.

First, I’ll group my concerns into a few buckets:

Lack of Clarity. The definitions are over-reaching, vague, and occasionally contradictory in an attempt to address any and every venture regardless of role, scale, or transactional volume. Technical specifics are over-prescribed and enforce an assumption that blockchain technology will not evolve.

Lack of Consistency. The proposal does not support federal guidelines, imposes duplicative compliance requirements, and is inconsistent with transaction value and volume thresholds relative to non-digital financial regulation. I’m not sure why someone in Dublin, buying 10 EUR worth of BTC from Bitstamp in Slovenia, should relinquish personal identity details to the state of New York simply because Bitstamp also has New York customers.

Lack of an On Ramp. The document provides no safe harbor or de minimis exception for new ventures, tinkers, experimenters, academics, and solo innovators. Satoshi would have been an outlaw. I recognize that creating useful thresholds may be a challenge, but doing so certainly isn’t rocket science.

Lack of Agility. Similarly, the state curtails new product development, new rounds of funding, and security innovations by gating all three with agency oversight. The ownership provisions alone would likely eliminate venture capital interest in affected firms. We need an ecosystem to develop, not a set of rules that permit only a handful of well-funded companies that are then prohibited from further growth. People need the Internet of money; the BitLicense wants an AOL of money.

Elimination of Consumer Protections. Identity leakage for mainstream consumers is not a money laundering solution; nor is requiring expensive, time-consuming, and ineffective requirements for legitimate companies — all while doing nothing whatsoever to address actual “bad actors” and unscrupulous companies.

The last one is my biggest concern, and I think it may create an outright impasse. Unlike the first four buckets of issues, this one represents not just a need for iteration, edits and clarification, but a fundamental difference in philosophy.

Data, Innovation, and Laundry

Somewhere in the depths within (or the cloud above) most large businesses sit central, heavily-protected, closely-monitored databases accessible only to a few trusted sources. If any person, service, or app wants to access or update the data, it talks to the trusted source (or authenticates and becomes authorized to act as that trusted source). Picture these databases as something out of Lovecraft: giant, dark, imprisoned titans only a few privileged priests are permitted to reach.

Problems emerge from this centralization of authority and trust, and it is also extremely difficult and expensive to secure valuable data at rest and in transit over time and under threat. Industries, best practices, and products exist to mitigate the risks and recover from the expected failures, but these tend to apply more policy on top of and around the existing policies rather than changing the paradigm altogether.

But now we have a means of updating a distributed database with transparent data in a manner enforced by cryptography. Setting aside the value of transaction creation authority as an asset or unit of account (though that is also critical): This is an elegant, secure, robust way to update data without requiring trust in brittle policy or corruptible central authority.

Bitcoin is more than just an optimization, but even considered only from that angle: Its way of managing transactions (“transaction” here refers to a database update, not a financial transaction) within a distributed or semi-distributed ledger restores power and value to people. Regulating all uses of this kind of software as if it’s merely a variation of a debit card makes no sense.

How does Anti-Money Laundering (AML) work today? It’s mostly based on money movement velocity rules. Financial institutions file a report when account X has greater than amount Y of inbound, outbound, or intra-account transfer activity in time period Z, especially from certain sources, and then government agencies investigate using the personal information (name and physical address of both parties involved) included in the report.

It’s a crude but powerful bludgeon. The traditional AML and KYC system lets the fiat scaffolding expose its nails, and enforcement has one big hammer for those nails. Whether it actually works today against sophisticated bad actors (who possess far more complex tools) and is worth the average consumer’s loss of privacy and exposure to identity and credit theft is a reasonable question, and one worth analysis.

The common recommendation from regulators is that Bitcoin (and family) should similarly expose a few nails for the hammer. If Bitcoin has no nails, then we in the community should manufacture a few. The hand holds a hammer, and the hammer will fall.

Toward a Solution

In the spirit of blockchain and proof of work systems and the way they transformed our view of data and trust, maybe we need a new trustless, consensus-based means of financial forensics that does not rely on anachronistic policy.

Maybe we need something that re-imagines how consumer protections can work. Maybe there is a way for a network to self-police in a manner that doesn’t expose consumers to identity theft, something innovative that serves regulator intent without infringing on an individual’s right to express desires and intentions through his or her own money.

Since we don’t have that today, we at least need the time and space to work on the problem instead of having the attempt prevented altogether. A principle-based policy — as opposed to the prescriptive AML proposal — might provide such time and space.

Meanwhile, Back on Earth…

One day we may see a few champions in the regulatory world capable of winning meaningful change in this domain. We have such champions in the banking industry, believe it or not; we, Coinbase, Bitstamp, Xapo and others would not exist if such forward-thinking folks did not exist. But in the regulatory world, we’re still waiting on Godot.

As written, compliance is impossible. It’s as if we’ve just learned that the earth does in fact revolve around the sun, but others are insisting that we fix the sun so it revolves around them.

And even if compliance was possible, it would probably be possible for only a handful of well-funded companies which would mean no ecosystem could develop, and it would come at the expense of consumers controlling their own money, which would defeat the purpose of the entire endeavor.

This is why we’re hoping for better — the principle-based policy I mentioned, and time to innovate on actual consumer protections. I would never bet against innovation, so I remain optimistic about creative solutions. Yet we’re also preparing for reality under the existing proposal. “Reality” currently means eliminating New York residents from our services, and collaborating with colleagues at similar companies planning the same. Is this a scalable solution? Possibly not, if counterparty requirements are applied even to on-chain recipients, or if other states or countries mimic BitLicense mistakes.

But meanwhile this New York exclusion, writing opinions such as these, and voicing support for the opinions of others: These appear to be the hammers we hold.