The popularity of privacy coins and external privacy mechanisms, such as mixers and tumblers, have increased, creating challenges for exchanges, custodians, and in-house compliance departments. In response, U.S. regulators have taken aim at the use of privacy coins and external privacy mechanisms to launder funds, evade economic sanctions, or otherwise conceal illicit activity.
Recently, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network assessed a $60 million civil monetary fine against Larry Dean Harmon for operating Helix and Coin Ninja as a mixer or tumbler, in an effort to assist customers in anonymously transacting in Bitcoin. The Treasury Department’s Office of Foreign Assets Control has also recently taken action with respect to privacy coins, adding Zcash and Dash digital currency addresses to its SDN List, as well as a Monero payment ID. The IRS has sought out technology solutions to address the challenges of privacy coins and external privacy mechanisms.
What does the future hold for privacy coins and external privacy mechanisms? There certainly are legitimate privacy considerations, such as potential protections against identity theft, which users of digital assets have advocated for over the past decade. That said, industry actors such as exchanges, custodians, and others that process digital asset transactions face real anti-money laundering and economic sanctions risks when permitting privacy coins on their platforms.
For example, ransomware attackers have increasingly begun demanding payment in Monero, and not Bitcoin, to obscure the payment history. Payments made to a sanctioned actor or jurisdiction (e.g., Iran or North Korea) could otherwise be undetectable. This comes as other illicit actors have flocked to conventional digital assets in an effort to obscure payment history and source of funds, making transaction and customer due diligence a challenge.
In short, exchanges, custodians, and other industry actors should thoughtfully incorporate the risks posed by privacy coins and external privacy mechanisms into their internal compliance and screening programs. In addition, they should consider existing blockchain analytic technology, which has made in-roads on tracing certain privacy coin payment history, though there is plenty of innovation still needed before the full financial crimes compliance risk of privacy coins is mitigated.