Bitcoin: FBI and FinCEN Weigh In
Bitcoin, an anonymous currency imagined by a mysterious individual with a secret identity, is on everybody’s mind. The cryptographic digital currency, operating through a decentralized peer-to-peer network, is both an opportunity for criminals and entrepreneurial early adopters as well as a challenge for regulators. Since inception, bitcoin has captured headlines, gone on a roller coaster valuation ride, suffered security breaches and hacking attempts and, more recently, garnered interest from institutional investors. Last year, a leaked FBI report provided a snapshot into the government’s concern that bitcoin could become cybercriminals’ choice currency. In a surprise move this spring, the Financial Crimes Enforcement Network of the U.S. Department of the Treasury (“FinCEN”) provided interpretive guidance on how federal financial regulations implicate virtual currencies. Where will the bitcoin market, or its regulation, be in a year from now? Nobody knows, and that’s what makes it so exciting.
Bitcoin’s origins are shrouded in mystery. Four years and twenty-five weeks ago, an entity named Satoshi Nakamoto posted a paper abstract to the Cryptogarphy Mailing List. Bitcoin: A Peer-to-Peer Electronic Cash System conceived of a currency that could be “sent directly from one party to another without going through a financial institution.” Instead of using a trusted third party to facilitate electronic transactions, Satoshi’s payment system would be based on the power of cryptography. Fraud would simply become “computationally impractical.” Through a process known as “mining,” anybody with a CPU powerful enough could generate, or discover, new bitcoins. Unlike centralized currencies where a central bank controlled the monetary base, bitcoin’s decentralized system algorithmically defined the number of bitcoins generated per block such that more than 21 million bitcoins would ever exist. On January 3rd, 2009 at 18:15 UTC, Satoshi Nakamoto—transforming his theoretical system into reality—created the first (genesis) block of bitcoins.
By spring 2012, bitcoin emerged onto the scene. The novel cryptographic currency system made a few rounds of blogosphere hype and spawned a variety of related services. Observers decried it as a failed experiment or, alternatively, a triumph of the web’s democratizing promise. In 2010, multiple bitcoin exchanges opened shop. User “laszlo” purchased the first pizza with 10,000 Bitcoins on May 21. November saw the overall market for Bitcoin surpass one million dollars. The electronic currency’s value reached parity with the U.S. dollar the following year. Next, the first sale of a car for bitcoins. Growth, however, brought attention from hackers and criminals. Heists and attacks on central bitcoin exchanges, such as Mt. Gox, became routine. Despite sporadic attacks and loss of confidence, however, bitcoin markets stayed open, value reached new highs, and CPUs cycled on to generate new BTCs.
FBI Leaks Assessment
Criminals weren’t the only ones taking note of bitcoin’s realized potential. With increased popularity and adoption came increased scrutiny from government officials. The FBI spent considerable resources analyzing bitcoin to get a grasp on potential challenges. Its findings were leaked in May 2012, providing a glimpse into the bureau’s perspective on the virtual currency. At the time of the FBI’s analysis, estimated market size of the bitcoin economy was between $35 and $44 million. A few unique aspects of bitcoin concerned the FBI: (1) its popularity with criminals seeking to conduct illicit transfers or launder money, (2) the potential for anonymity, and (3) its decentralized nature precluding easy monitoring and reporting of suspicious activity.
The FBI documented several instances of bitcoins used to make illegal purchases and exploited to aid money laundering schemes. According to intelligence sources, multiple criminal groups—including LulzSec—purchased botnets with bitcoins in 2011. That year, LulzSec received close to twenty thousand dollars in bitcoin donations. On Silk Road, an online market for illegal drugs and other contraband, bitcoin was the only accepted payment form. Intelligence sources indicated various criminal groups had laundered money by using bitcoin combined with virtual in-game currencies. The rue extent of money laundering schemes, however, was difficult to ascertain. Due to bitcoin’s decentralized nature, no central authority existed for law enforcement to monitor suspicious activity, identify users, or obtain transaction records.
Outside of money laundering and illegal purchases, the leaked assessment also reviewed government intelligence on bitcoin theft. The year 2011 saw multiple high profile bitcoin thefts along with development of the first malware software capable of transferring a user’s bitcoin wallet to a foreign server. The FBI reviewed the June 2011 attempt to sell seven million dollars worth of bitcoins on Mt. Gox—a hack leading to a suspension of trading after BTC value plummeted close to zero. Criminals weren’t just stealing bitcoins, they hacked unsuspecting computers into mining bitcoins as well. The FBI documented multiple ZeuS botnet attacks instructing hundreds of thousands of infected machines mining thousands of dollars worth of bitcoins per day.
In light of these assessments, the FBI predicted bitcoin would continue to draw cyber criminals to “transfer, launder, or steal funds as well as a means of making donations to [hacktivist] groups.” Of particular concern was the ease with which such groups could appropriate bitcoin for illegal conduct in the physical, rather than online, world. The leaked memo showed a focus on human traffickers, terrorists, and other types of agents who seek to skirt around traditional, regulated, financial systems. Despite these concerns, the FBI concluded with “medium confidence” that, over time, law enforcement could discern malicious actors’ identities, especially at the point of bitcoin conversion into traditional currency. Moreover, the FBI placed hope that eventual FinCEN regulations would require third-party services that met the definition for a “money transmitter” register with FinCEN and “implement an anti-money laundering program.”
While many, including the FBI, speculated about how FinCEN would treat bitcoin exchanges, the mystery ended in March of 2013. Under the Bank Secrecy Act legislative framework (“BSA”), FinCEN is authorized to regulate banks and “other financial institutions.” FinCEN regulations require that such institutions keep records, file reports, and take other precautions against financial crime, money laundering, and terrorism. FinCEN had, until its March guidance, previously kept quiet about whether or not bitcoin exchanges fell under its purview. Although it did not declare users of virtual currency a money services business (“MSB”), FinCEN did include any virtual currency “administrator” or “exchanger” in the long list of MSBs subject to BSA regulation.
FinCEN’s guidance defines virtual currency users as “person[s] that obtain virtual currency to purchase goods or services.” Exchangers, under the regulatory guidance, are “person[s] engaged as . . . business[es] in the exchange of virtual currency for real currency, funds, or other virtual currency. Administrators are “person[s] engaged as . . . business[es] in issuing . . . a virtual currency, and who [have] the authority to redeem . . . such virtual currency.” Since users’ activities do not constitute “money transmission services,” FinCEN does not consider them subject to its “registration, reporting, and recordkeeping regulations.” Administrators and exchangers, on the other hand, perform functionally the same function as banks or money transmission services in the physical world. In the eyes of FinCEN regulators, convertible virtual currencies are no different from “real” currencies.
The guidance discussed both e-currencies and centralized currencies before turning to “de-centralized virtual currencies,” such as bitcoin. Decentralized convertible currencies, according to FinCEN, (1) have no central repository or single administrator and (2) can be obtained by people’s own computing efforts. Under this formulation, “miners” who use bitcoin to “purchase . . . goods and services” are considered “users” for the purposes of FinCEN regulation. Anybody that creates virtual currency, however and then sells it to another for “real currency” is considered a money transmitter. This formulation appears to place bitcoin exchanges squarely within FinCEN’s authority, while leaving regular bitcoin users outside the scope of regulation.
Bitcoin stakeholders reacted, predictably, with some concern over FinCEN’s virtual currency guidance. The Bitcoin Foundation, which seeks to standardize, protect, and promote bitcoin, portrayed the guidance as less than “comprehensible” and an example of regulatory overreach. The Bitcoin Foundation objected that FinCEN’s new framework would “widly expand the reach” of the BSA and “would be infeasible for many, if not most, members of the bitcoin community to comply with.” BitPay, a provider of bitcoin “business solutions,” considered itself safely within two exemptions to the definition of a money transmitter.
Mt. Gox, the largest bitcoin exchange, has partnered with the venture backed U.S. startup CoinLab to facilitate its business in North America. Cash flows from the partnership are underpinned by Silicon Valley Bank, which is already a registered FinCEN MSB. While no official response from Mt. Gox on FinCEN’s virtual currency guidance is available at this time, the CoinLab partnership illustrates the cryptographic currency shrouded in anonymity mixing with established financial institutions and the new regulatory framework.
With the FBI’s leaked assessment and FinCEN’s surprise guidance, bitcoin miners, users, and exchanges are on notice. What began as an anonymously posted paper on a cryptography listserv has matured into a billion dollar market. All eyes are on bitcoin, including those of regulators and law enforcement.