Bitcoin and Terrorism – How Compliance Will Shape Cryptocurrencies

(4:14) Working with the CIA and DC think tanks

(8:49) Impressions on Bitcoin and cryptocurrency from a national security perspective

(13:39) About working as a CIA analyst in Afghanistan

(18:30) AML \ KYC history

(26:33) Discussing the costs of KYC

(29:00) Governments passing responsibility to the private sector

(34:36) Clash of values between privacy advocates and counter-terrorist

(41:35) Private communication vs private money transfer

(44:30) The influence of money vs communication in terrorist activity

(49:31) FATF Travel rule

(56:41) Potential divergence between regulated and unregulated crypto

(1:00:44) Regulatory arbitrage

(1:04:34) AML5 in relation to FATF

(1:06:43) Where Yaya sees crypto in the next 10 years

 

Sebastien: We’re here with Yaya Fanusie. Yaya, is an adjunct senior fellow at the Center for New American Security, which is a think tank in DC, and previously was a counterterrorism analyst at the CIA, for seven years, and actually did a tour in Afghanistan, advising personnel on the ground, on issues regarding counterterrorism and economics. Thanks for joining us today.

Yaya: Thank you. Glad to be here.

Sebastien: Tell us a bit about your background. And specifically, I’m interested in learning a little bit more about what you were doing at the CIA, and your area of expertise there.

Yaya: Well, I had a bit of a transition in my career. I was actually hired by the CIA, “the agency” as we call it, in 2005, or started there in 2005. I was hired as an economic analyst, and as an analyst. I was mostly behind the desk, doing analysis on all types of intelligence and information that came in and providing my analysis to policymakers. We’re talking the highest levels of the US government, mid-level personnel, and my initial job was to look at economic threats, economic risk, to look at issues like corruption happening around the world and energy, energy issues, energy security.

My first year, year and a half, I made a change. I decided to become a counterterrorism analyst. I was really interested. This was a few years after 911. After the London bombing in 2005, I decided that I wanted to use my skills to combat terrorism and terrorist attacks. So I became what we call the CT analyst, the counterterrorism analyst, worked for a few years countering and following plots, mostly by Al Qaeda. This was before the days of ISIS, looking at Al Qaeda plotting against the United States, following issues like radicalization. And so that’s what I did.

I left the CIA in 2012. And I started working in another investigative realm, financial investigations. I worked with a consulting firm that was doing an investigation on recovering illicit assets, looking at kleptocracy, and trying to locate funds that were squirreled away by dictatorships. This was all using open sources, using contacts.

This was not a government operation, but that’s actually what got me into this whole realm of finding when people are trying to hide illicit proceeds. What do they use? How do they use the banking system? How do they use front companies? How can you try to investigate and uncover their trail, from there?

I eventually started working in the think tank community here in Washington, DC. You’ve got these think tanks, a lot of times, staffed by former government people. So I fit in, I had my government experience, and I joined an organization called the Foundation for Defense of Democracy that had a center dealing with sanctions and illicit finance. And I was a part of that center.

It was while working at a think tank, and thinking about national security issues, engaging policymakers, writing articles and briefs, that the question came to me, around 2015, “What is Bitcoin? How does it impact national security?”

I was someone who knew little about Bitcoin. My introduction to Bitcoin was probably the movie Dope, which came out in 2015, an indie film. Someone recommended that movie, and I mean, I had heard of Bitcoin before that, but that was the first time I saw an in-depth portrayal as cinematic as it was about what Bitcoin is, or what it could be used for. But I didn’t really know, I wanted to understand the context, there were a lot of policymakers that were saying things like, this Bitcoin thing is going to be used by terrorists and Bitcoin is all bad. It’s all for illicit stuff.

As someone who worked for the CIA, you’re supposed to get to the heart of the matter. You’re supposed to look at things objectively, and understand all the reporting, all the context that’s out there, about a particular subject or particular threat.

That started me down the voyage of trying to understand this technology, trying to understand how it was used, and trying, in a more objective way, to understand it in a security context, without being alarmist. That’s how I started looking at this for my own research, as part of a think tank.

Brian: That’s actually really interesting that you bring this up and definitely triggers my curiosity. So you mentioned Bitcoin in national security and looking at Bitcoin through that lens. What were your big impressions and takeaways from this early look at Bitcoin from that perspective? and what does that look like today? What’s the impact of Bitcoin and cryptocurrency on national security, from a US perspective?

Yaya: Well, good question. It definitely was a journey. In 2015, not knowing much about Bitcoin, I asked the question, “What is this? How does this relate to national security?” The first thing I noticed was that, in the press, there were a lot of assertions about things like ISIS using Bitcoin. But as an investigator, I could never really confirm this. I never could verify how much this was true, or if it was true.

In 2014-2015 there were attempts of people that supported ISIS to teach or instruct others to try Bitcoin, but this was just people posting on social media. I can never confirm if there was any effect and if terrorists were actually using it, so it was something I left aside.

At the same time, this was also when you had people talking more about Bitcoin and talking more about blockchain, so I just naturally became more interested in this technology, and started to research on my own.

In 2016, something came up. There was a media report coming out of the Middle East, there was a designated terrorist group fundraising through Bitcoin. I actually remember it to this day, because I saw the report, it was a passing report from some obscure media outlet. I said to my interns, I said, You know what, this is probably just another one of these reports, we probably can’t verify it. So why don’t you just take a look at it, I’m going to go to lunch and then let me know what you find. I came back, and one of my interns, again, my interns were much younger, and more adapted and aware of technology. They showed me the social media post this organization had put up. It was saying, “Hey send us money for, for guns and for weapons, etc.” And there was a QR code and that QR code went directly to blockchain.info. You can see the address, you can see the wallet, you can see what they had raised.

Then it hit me, I said, Oh, wait a second, this is interesting. We can verify that this social media account is run by this organization, because it has history, and they’ve posted this address. We can actually see something here! A light bulb went off in my mind, I said, from a security perspective, this is great. We can actually look and track what’s going on here.

That was the beginning of me looking at these types of campaigns, and in the subsequent couple of years. There were a few others that came up. Especially when the price of Bitcoin skyrocketed in 2017, you started to see, like anything, you start to see more people engage with crypto, and you started to see some jihadist websites, propaganda sites, many of them soliciting Bitcoin payments.

Let’s just jump ahead to where that is now and what I think about it now. A lot of people ask, Will terrorists use Bitcoin? Are terrorists using crypto? My response is the adoption of Bitcoin or crypto by terrorist organizations is going to mirror the adoption that you see in the regular world.

We noticed in recent years, different groups experimenting with crypto, particularly as fundraising, we’ve seen different campaigns, we’ve seen people, organizations try to get money for their computer servers. We saw a few sporadic examples. It’s clear to me that they’re experimenting, they’re learning. I’ve noticed an increase in sophistication with some of these campaigns. But also, I’ve noticed that this is just one tool in the toolkit, for any of these types of organizations.

For many reasons, cryptocurrency is not good for terrorist crowdfunding, because it’s so transparent. I think that keeps a lot of these fundraising campaigns from really earning a lot of funds. But they’re probably other uses. Other money laundering uses other use cases that it is “good for,” and being used for.

Sebastien: You spent some time in Afghanistan, when you were at the CIA. Tell us a bit about what you were doing there and how that prepared you for what you’re doing now, and your transition into the world of crypto.

Yaya: My time in Afghanistan connects to my current experience in the mindset that you have, particularly in dealing with issues like war issues like security. My role, as an analyst, I was providing analytics support and understanding of what was happening on the ground. Not even just militarily, not just necessarily what the Taliban was doing, just even what was going on in the country. The US presence, there obviously was a military one, but what a lot of people don’t realize is also there was a construction one. Not just the US, but a coalition.

So the military needed to understand what was going on. I helped to provide senior military personnel with analytic support. In terms of what does it do or what did it do for me today? This, I think might be relevant for your listener. It’s one thing to look at foreign policy and national security from an individual perspective, like “this is what I think should happen in the world, this is how I think foreign policy should run.” It’s different when you are in an environment where you actually see the risks, when you see the threats you see the political developments happening. If you see the repercussions of corruption… you see policy going well, and policy going wrong.

It gave me a sense that foreign policy is not a one way street. It’s not always simple. Whether, presidents, or military, political leaders they have successes and mistakes. That’s the way of the world. The way I see the world, is that often we’re given a world we have to figure out how we’re going to best manage what we’re dealing with. Also there’s a sense of responsibility when you think about foreign policy from the mindset of, “if I was responsible for people’s lives, how would I act?” When you’re not responsible for people’s safety, security or well-being you have a different mindset. You just think, I wish the world would work this way.

If you’re actually tasked as an analyst, as a CIA analyst, you’re not tasked with making policy. That’s actually what you’re not supposed to do. When you’re in the CIA, as an analyst, you’re supposed to check the surveillance situations, see what’s going on, and provide the best insights. When you do that, you really think not so much about what do I want? But what are the people who have to make the decisions, what do they need to understand?

That’s how I approach this issue of crypto and illicit finance, anti-money laundering risks. That’s my mindset. I see the world that way. Even though I am intrigued by blockchain technology, I don’t think that technology should be over people, I’m concerned about people. So I have a mindset of one who’s focused on supporting those who have the responsibility to keep people secure.

Brian: One of the main things that we really want to dive in here is AML and KYC. And everyone in the crypto space, of course, is familiar with AML and KYC. You sign up for an exchange, you have to go through that. We understand on some high level why it’s there. I think what’s really interesting to dive into here is to try to understand this topic a bit more deeply, try to understand: Where does it come from? What are some of the thinking behind it? What is the trajectory? Where is it going? On a high level, what’s impact this is going to have on the cryptocurrency space, in the short term to long term.

I thought one way we could start off this question is, is for asking a little bit about the history of AML and KYC. As Sebastien pointed out, people have been exchanging things for forever. Like you would have some gold and buy something else, and you’d have this monetary exchange. You had, of course, cash for a very long time. What’s the history of AML and KYC? And what’s the evolution it has taken?

Yaya: Great question. One thought about this AML stuff, when it relates to crypto, all the tension is because of rules that have evolved for how financial institutions should run and how you deal with financial transfers. Now we have this situation where there’s this new technology and people want it to be a new way of transacting, and there’s this tension, because there’s an established order for how you deal with it. I’ll go into that evolution. So let’s start by thinking of a fictional situation from the 1980s. This is how these rules evolved.

So let’s say it’s 1985. And, and you’re in Miami, picture Miami Vice, the old TV show, and a guy named Tony Montana, also known as Scarface, he walks into a bank, and he has a briefcase, walks to the teller, he sits down at the desk with this person, and he says, I’d like to open up an account.

The teller says, what’s your name? My name is John Smith. He opens up his briefcase filled with a bunch of dollars, maybe, I don’t know, $500,000 and says, Yes, I’d like to deposit this. And the teller says, Okay, Mr. Smith, I’ll sign you up. Here’s your account, nice doing business with you, and he walks out.

Okay fictional portrayal. In essence, you could maybe do that, or something close to that, in the 1980s, in Miami. That obviously has led to some issues. It led to banks being used for money laundering. Cartels using them, people washing their money through financial institutions. Also when they wanted to send money to and fro, they could do it to unknown people. So it became a big problem.

By the end of the 80s, there was a sense amongst countries in the g7, who said, we have to codify some rules around how banks deal with their customers and how we deal with financial transactions, so we minimize these things. We make it difficult for a Tony Montana, Scarface, who says a different name, to use the banks or the banking system.

Out of that came a coordinated effort, by different governments, to raise anti money laundering standards in the early 90s. Through this, they formed the Financial Action Task Force (FATF), It really didn’t have much power, except the power of each government to say, okay, FATF get together all the financial people in the countries, the heads of the ministries and central bankers, come up with the rules for how the banks should manage themselves to prevent the use by criminals in those institutions.

So they came up with a group of standards. The idea was that each jurisdiction would then have standards and then that country would then go to its financial industry, and it would make sense that all of its banks follow these rules. What are some of these rules? You talked about AML, KYC. Know your customer, banks have to make sure that they know who they are dealing with. You say your name is John Smith. Okay, let me see your ID, let me get two forms of ID.

This actually evolved after 911 with more completeness. After 911 there was a another effort, a ramped up effort to make FATF standards not only be about anti money laundering, but also make combating the financing of terrorism, and you hear people say, AML, CTF or CFT. So the early 2000s, you had basically clear standards for all governments that belong to this organization, FATF had standards for them to regulate and manage their financial sector.

I’ll give one quick anecdote so you understand why these standards are relevant, particularly on the terrorist financing. So the 911 attack, I forget the numbers, but it was funded with less than less than a million dollars. When that attack happened, investigators went back to try to figure out, how did these 19 hijackers, how were they supported? They didn’t have jobs. They were going to flight training school. They were in the US for however long, but they had money from the outside.

After the attack, investigators were able to go back and identify how the funding happened, where funding came from, because of these rules that were in place, and I’ll give just one example. Now the 911 attack came through the conventional banking system, more than anything, not necessarily like Koalas, but investigators were able to see that there were payments from, like a money exchange. I forget the exact one, whether we’re talking like a moneygram or western Union. The financiers, in the Middle East mostly, transmitted money to the US to the hijackers, and lots of payments that went back and forth.

The investigators were able to pull up those records and see that a lot of times the financier was trying to hide who they were. When a terrorist financier is trying to send money, he may put a fake name, but if you go through the AML procedures through those exchanges, you have to put an address, you got to put a phone number. Some of these guys, they would put a fake name, but they’re going to put a real phone number. Why? Because they want to make sure that transmission goes through, and if it doesn’t, they want to be reached.

So these are little, you can say, slip ups. They were able to use that identifying information to then build a network, and figure out who sent the money. And that actually helped the investigation of those attacks. So, that’s after the fact. But it’s those rules that law enforcement is going to want to use to investigate when illicit activity is happening.

Sebastien: So would you say that there was like a clear trend towards more AML and KYC rules after 911? Is that when really things accelerated?

Yaya: Yes, absolutely. I remember, I’m in my mid 40s, and I actually remember in the 2000s, when I got a bank account, because I graduated from grad school, and I remember moving to a new city moving in DC. And I remember that getting a bank account seemed to be much more difficult. They would require more IDs, like passport and a birth certificate or whatever. You didn’t have that in the 90s. I mean, I can’t say you didn’t have that at all, but the rules were much more strict. Not only that, but also the issue of sanctions. North Korea sanctions were implemented, you started to see more of an effort to clamp down on a lot of the loopholes that allowed, whether it was terrorist financing drug cartels nuclear proliferators, who also would try to use the banking system or the shipping system. Yes, a greater effort to ensure that financial institutions follow certain rules to make it difficult for people to use the system illicitly.

Sebastien: Do we have a sense today of the costs, the global cost to businesses, of AML and KYC? Are there any figures on that?

Yaya: I don’t know offhand. But I do know that. I may have seen them because I do know that people complain about that right? The cost of what we call compliance. From a banking perspective or financial institution perspective, compliance is simply making sure that the bank is following all these rules. It’s not onboarding customers anonymously. It’s looking at the use of funds, that you’re doing due diligence on your customers. Also your sanctions compliance which relates to the AML Compliance. You’re making sure…

Sebastien: OFAC sanctions, etc.

Yaya: Yeah, OFAC sanctions. The Treasury Department puts out these sanctions. You have to make sure, as a bank, that when your customer comes up and says his name is John Smith, that his real name is not Kim Jong-un. That he’s not Kim Jong-un’s uncle using the bank on his behalf. You have to make sure that you’re not violating sanctions through your institution.

There’s a huge cost. There’s the financial cost. There’s also the issue of financial inclusion. If you have all these standards, you raise the bar for who can use the bank, you make it more difficult. These are some of the other costs that might not be financial, but can even counteract some of what you’re trying to do with terrorist financing. These are all issues.

I think, a lot of times folks in crypto are engaging these issues, particularly this issue of de-risking and the problems of compliance. Some people will say, well, anti money laundering all these standards aren’t good because so much money laundering occurs. US Treasury acknowledges there’s money laundering that goes on in the system, it’s not like this is a 100% successful thing, and many people criticize us as very unsuccessful.

But again, this is what you have to think of how do we deal with this issue? Because of the costs do we turn off these standards? or we turn down the standards, turn off these restrictions and controls? We still have to address them through policies or through whatever, whatever way society has to has to figure that out.

Sebastien: Yeah, I mean, the way that I tend to look at this… and my thinking about this has changed since I’ve been in the crypto space, and I’ve been working for and alongside companies that are having to do compliance. The systems that are meant to prevent money laundering, which may be used to fund terrorism, to fund crime, all these bad things that society doesn’t want. I think we can all agree these things are undesirable in society, but in a sense states and the police and like authorities have failed to control these things. So they’ve essentially deputized and passed this responsibility, this cost, on industry.

Where they’ve failed to properly prevent terrorist attacks and things like this. They say, Okay, well what here, banks now you’re under the authority your your authorized and obligated to do all these compliance and do all these things where we have failed. And all that cost is now on to you. And we’re not going to pay you for this work, which is meant to be ours, we’ll just fine you if you don’t do it.

If you were to just change the names of the actors in this scenario, it looks like a mafia organization, that is itself trying to get others to do their bidding. From that perspective, I think, I don’t know if it’s unethical, but it’s highly questionable, that states would impose this on companies.

When you’re looking at the crypto space specifically, and we’ll get into, into FATF and the travel rule, you’re talking about small companies, many of whom don’t have the resources or the resources to know how to implement the sorts of this compliance and that might end up causing tremendous harm to the crypto industry. I mean, as we’re recording this, in France, there’s a new lobbying association that is being launched. It’s being announced, actually, tomorrow as we’re recording this. One of our goals is to lobby the French government to say, French companies can’t comply with the travel rule, it’s too much. We need to really like take this, take our foot off the gas here, and really assess the situation before we start imposing all of this compliance on French companies, who won’t be able to implement them, and we’ll end up closing up shop and well, who’s going to come in? Well, the Coinbases, the companies that have money will end up monopolizing the market. So that’s really my rant on that.

Yaya: Rant acknowledged. My thought on that is, well, there are two thoughts. One is the crypto space wants its cake, and wants to eat it too. I’m gonna say we with the crypto space because, I feel like I’m part of the crypto space, even though some people would probably revoke my crypto pass on your ledger.

We want to say that we have a new way, transforming the way we deal with money, the way we transfer value, we’ve solved the double spending problem, and now we can make a new way for the financial system to work. So, we acknowledge that. But the other side of that is okay, so how do you take that idea of transacting financially, could be cross border peer-to-peer decentralized, then how do you really make it scale without dealing with some of these things?

In the short to mid-term, maybe you can create something. Maybe you can do all these great things and see the benefit, but there are these other external forces that anyone has to address when you get into the issue of scaling. I don’t have a solution for the impact on business. I acknowledge it. I think the question I pose back to those with that complaint is, well, what is the technical solution for this? Is there not a technical solution?

If people are so creative to come up with these totally creative protocols and platforms. Well, are they putting time into maybe a KYC platform that does preserve privacy in some sense, but then also allows you to authenticate someone. Now that you created it, How are you going to scale that? and what is the work? Maybe there’s policy work, maybe there’s lobbying, there’s a whole bunch of work. You can’t just create the software and then think that’s going to reshape society, which I think is the way a lot of people think.

A lot of other social political work has to go on. I’m not saying I have a prescription for how to make the changes anyone wants to make. I’m just saying that these are issues, these are policy issues. There are some people that are dealing with it, some people are thinking about financial inclusion, and how the technology could help that. Maybe they need more of a platform… but these issues don’t just go away because we see them.

Brian: I mean, I guess there’s also a fundamental, maybe a clash of values and a vision that’s at hand here. And I think if you look at the cryptocurrency space many people have this view that financial privacy is very important, and needs to be protected. That means some terrorists will use it, that means some people will end up doing bad things, which is the consequence of freedom in a way.

Then you have, on the other side, let’s say, somebody in counterterrorism who’s like, I don’t care about that. I want to prevent terrorism, whatever it takes to prevent terrorism, and financial privacy that’s not my problem.

How do you see that playing out? Do you think that is just a fundamental incompatibility and there’s so going to be like this clash of forces, and then we’ll see which side and prevailing, or you think there’s something else that could happen?

Yaya: I think there’s a way to look at it, which, which I think is different, which is that this clash isn’t a zero sum game. Here’s a perfect case, and this is particularly true, I think, with the way US regulators have dealt with it. I’m going to talk from the perspective of what I see, I’d say the US has been more forward leaning and ahead of other jurisdictions, especially Europe, with guidance which is clear.

The privacy aspects of cryptocurrency, whether it’s privacy coins, or whatnot, the US approach has not been to ban privacy, or to ban privacy coins, or to make it illegal to work on these things. The US approach, of say, FINCEN, the US financial regulator on the matters. The US approach is really focused on the business of money transmission, how to regulate the business of money transmission. So the US is not outlawing mining. It’s not saying that you have to register, if you’re mining, that you’re a money transmitter. The US has a pretty clear cut definition of who is regulated and what activity is regulated.

What I think this is going to evolve into, because you can’t ban open source software. You can try to ban it, but it’s not going to do much? right. These tools are going to be here, the genie is out of the bottle. Blockchain software is not going away, and can’t be banned out of existence. Just like you have software like TOR, you have other types of software that helps with privacy. It is going to be there. So if Brian wants to send a privacy coin to someone, and if Brian’s in the US, that’s not illegal. I don’t think it’s going to be illegal in the US.

What the US is going to address is, Sebastian, are you now starting a business where you’re pretty much the guy that has Monero and people come to you, and they get their Monero from you? Well, if you’re going to do that, you need to register with FINCEN, you need to file a suspicious activity report. If you are a money transmitter, you need to be regulated.

If someone wants to transact, it’s going to be available just like it’s available for people to use Tor or to use VPN or whatever. Now, it may be difficult, it may be harder, but that’s just the nature of what we have today. For those who value privacy so much, they’re going to be able to move around anonymously or pseudo-anonymously, using crypto. It’s not going to necessarily go away, and the government is not trying to ban privacy.

You have to think about the other alternative. If someone is saying, we know these rules, they’re someone’s perspective or they’re one government’s perspective, and I don’t think that we should have these restrictions. Here’s the thing about having your cake and eating it too. Crypto space, you’ve created this great new way of transferring value across borders, peer to peer in a decentralized way.

Okay, so let’s take things to their logical conclusion. So now when Tony back in the 80s, when Tony Montana wanted to ship millions of dollars across borders, Tony Montana had to bribe the border guards. He had to have a middleman, he had to get pallets of cash, he had to use a plane. It took him a lot to move millions and millions or billions of dollars in the old days. Today, let’s say crypto scales in the way, where now, Tony Montana 2.0, he can move billions of dollars with no friction, from an anonymous point to an anonymous point. And we’ve evolved in that way. Now that is possible through a decentralized manner.

Now, that may be a technological achievement. But you also have to realize that there are going to be some externalities that not only will it just be a case of, maybe a couple of terrorists using it or a couple of bad people, you are now enabling, potentially, total anonymity of illicit proceeds across the world, in seconds. That situation has never existed before. So you just have to think about if that happens, how would you deal with that?

If anonymous transactions totally private transactions scaled in that way? What would you do I mean, that’s not gonna be just again, A few people bad people using it, it’s gonna, you probably have to create some other infrastructure to deal with that. Someone’s gonna have to. So I just put that out there that you if we take things to the logical conclusions, these issues don’t go away.

Maybe other jurisdictions are going to ban privacy coins, maybe they are going to say you can’t download such and such protocol. And that’s a matter where, that society, that government, has to deal with it. But I actually think the way the US has addressed this is more balanced than people are giving it credit for.

Sebastien: That’s an interesting point. I tend to see the evolution of money going in similar ways is the evolution of communication. So Bitcoin is simply the transmission of information. You made a statement somewhere in one of the articles you wrote, that your position on privacy with regards to written communication was that you thought that it was reasonable to allow people to have privacy, but that on payments, you were less less favorable to full privacy in payments. Can you explain why you think this is the case? And don’t you see the I mean? I take issue with this because to me, the transmission of money, going forward is simply just another form of communication much like we send messages or have API’s or whatever. It’s just a continuation of the evolution of money.

Yaya: Yeah, I’m glad you pointed that out. And the reason why I take my perspective is I just make a greater distinction, because of the role of money in the world compared to communication. Now, you I guess you could make the case, that if I wanted to answer my own argument. I could say that well, communication is probably more powerful than money in many ways. Communication has led to revolutions. I mean, the Declaration of Independence is one of the best communication documents out there that has changed society and changed civilization, you could say. And there’s more like that. So it’s not to say that human communication does not have relevance. I make a distinction with money. Because think even more about how critical money is to motivating people, and in incentivizing behavior.

Communication is you transmit something and you need a little bit more than just information, like you need a lot of support, and you need a lot of social stuff that goes with communication. People can be bought, and people will do things for money that they wouldn’t do without money, even if they had an ideological commitment. So I think I’m just concerned that if money became as frictionless at scale, as communication is, that I guess I’m what I’m saying is that the repercussions would be greater than we are thinking about. I’m going to stand in that, I would not make that connection. I wouldn’t make that parallel or that comparison and say it’s just the same as speech. Because speech doesn’t pay people. So that’s just a distinction. I mean, I totally get it.

Brian: I don’t see that makes a lot of sense to be honest. I mean, if you if you take your example before of al Qaeda on 911, like I mean, if you look at Imagine all the communication that went on to facilitate that, and Okay, they also send some money, but like in a way, if you think of like the amount of information, the amount of work, the amount of things, the people being able to communicate certainly had a much greater part then sending some money to pay for flight school.

Yaya: It all has to do with resources, time, energy attention. Let’s just say this… that’s an interesting point. Because we actually do see that a lot of the plotting that ISIS has done in recent years has not involved money. ISIS has done these virtual planners, people do what you’re saying. They’ve used communication, secure communication, propaganda, to try to inspire people to do plotting in Europe in the US. This is actually what we saw.

Here’s the thing, though, that happened because we have encrypted communication because we have free communication, because we have the internet. Much of that plotting, particularly towards the US has been very unsuccessful, because there was not a transmission of resources along with that because it’s so hard to do that because it’s so hard to use the bank system now to fund some, some sleeper cells, some cell that you’re trying to work with.

If you had more money for it was easier to transmit money to those guys to value and for that value to be used for services, honestly, you would have a lot more havoc. So I actually think that makes my point I don’t think you can discount money and say you know if they had you know that money wasn’t a factor money is a huge factor in providing for the resources for people to do bad things and without the money, it’s going to be a lot harder.

Sebastien: I live in France, where we’ve had our share of terrorist attacks in the last couple years, and for the US, there’s a number of things that protect it, that are not the case in Europe. For instance, the proximity there’s an ocean between, immigration laws, all these things contribute to making the US a much safer place, in terms of counterterrorism than, say, France or the UK or Germany or places like that. I don’t think the Kouachi brothers and all these guys that perpetrated the Paris attacks in recent years received any direct funding from any organizations.

Yaya: What you have had is… again, a tangential topic, because we’re talking about terrorist plotting, which I even said with 911, does not take much money. 911 didn’t cost a whole lot of money, relatively speaking. The plotting happening more recently in Europe, again, not a lot of money to do these types of attacks, even to get the weapons.

In fact, what you’ve mostly have had is you’ve had a lot of people using legitimate systems, or illegitimate system but not crypto. They found ways to support themselves or to pay for what they need. So correct. But what I think… you’re arguing here, in the same way that when people talk about the banking sector, they’ll say, we have all these laws, and criminals are able to circumvent and do XYZ. If you take those laws away, you have to admit, you’re going to see an increase. For someone to say, they’re not really working, let’s get rid of these laws, it’s not going to be a change. Actually there is going to be a change. That particular problem probably is going to be worse.

I would say for a lot of these issues, also, it depends on your perspective. I mean, I encourage people with what I gained from working on financial investigations, and as a counterterrorism analyst, is I honestly try to think like an illicit actor so I can stop them.

It’s funny when we have these conversations. Often I think my issue with the crypto spaces because the space is reacting to what they feel is maybe over handedness, or unethical constraints. They will dismiss the risks and\or minimize them. I think you can’t minimize or dismiss them, you have to accept and say how are you going to deal with them.

Brian: That’s an absolutely fair point. And maybe it brings us into another topic that we really wanted to discuss with you. So I think it was last year that organization that you just mentioned before called FATF.

FATF put out this recommendation around the travel rule. And I think the travel is something like okay, some funds enter the bank. They have to send along information about the origin of the funds. They made the recommendation that this should also apply to cryptocurrency transactions. And this has caused quite a bit of confusion, maybe fear, maybe disturbance. But I’d love to get your point about what this guidance says? What do you think the impact is going to be of this travel rule that’s now supposed to apply to crypto?

Yaya: Well on this, as you might guess, I have a contrarian opinion compared to most in crypto, and I have a different way of looking at it. Most people will say they’ll echo your sentiments, which is hey, this is this doesn’t make sense because when crypto doesn’t work this way. You somewhat summed it up. But just to be specific, the travel rule is, if your financial institution, your money service business, and you’re sending a transfer, you make sure that you know who they’re sending it to, on both sides, you have to retain that information, you have to make sure you share that information.

So it’s this communication of really the ID of the people, the customers that are transacting through your institution. That’s what the travel rule is in a nutshell. And so FATF came out with guidance basically to set the standard to include cryptocurrency businesses, they call them virtual asset service providers, but to include them in the standards, the AML standards that we have to this day.

My contrarian opinion is that this is not bad for crypto, but this is good for crypto in the sense that okay, if you want this stuff to scale, if you really want it to be used internationally globally, you want it to go from just being a fringe thing that just a few people do. It’s not really widely adopted, the only pathway to do that is to reconcile these laws, rules and standards for how we deal with international transfers.

Because of all the stuff that we’ve been talking about before, in terms of the history and evolution of money laundering, these standards for transacting financially don’t go away, just because now you have a new way of transferring. I would say that this is more of an opportunity. Because unless you reconcile these constraints, I just don’t practically see how you’re going to build platforms that are going to be used in the way that folks in the crypto spaces say they want them to be used, unless they just want to be the niche group that they are now, which is just a few people that can do one to one, a few transactions here and there, but you’re not going to get global adoption.

I think this is actually an opportunity, there’s going to be pain, and there’s probably going to be consolidation. I’m not a heartless person, but I’m just looking thinking practically. Yeah, I mean, if people built a business model that neglected this stuff, probably because they felt there’s no real rules or guidance. And now they’re reaching the wall that was always there in terms of scaling, and now they’re going to have to figure out how to address that. Maybe they need to figure things out and reconfigure their vision.

Brian: So you said okay, there’s gonna be pain. And of course, there are questions right? Like, let’s say somebody develops a noncustodial wallet maybe iPhone wallet and people can just receive funds and send funds and you don’t have to make an account. To give you another example, things like bitcoin wallets like electrum, you download in your computer running on your computer. People building electrons have no idea how many users there are. Would you think the travel rule will apply with those non custodial wallets? And what are the other points of pain that you think are going to come because of the travel rule?

Yaya: In the short and medium term, those examples that you brought out, aren’t going to be impacted too much by the travel rule. In the sense that, let’s say from the US perspective, the travel rule deals with financial institutions, or organizations that are now money transmitters. If a Coinbase customer transmits with a noncustodial wallet based on the travel rule, that’s not a travel rule transaction. Maybe a lot of people don’t know this, because it’s not institution to institution, it is financial institution to a noncustodial wallet. So the Coinbase may be saying, I don’t have to worry about that. But Coinbase is going to have to worry about if it’s going from Coinbase to Bitrex. Those money transmitters now have to take account and follow the travel rule.

That’s why I was saying, a lot of the software that’s being created that people have access to and they could use if it’s their choice. They want to use it clunkier, they don’t want to use the cryptocurrency exchange, they want to use their own noncustodial wallet, they can do that. So all this is doing is setting the standard for those institutions that are acting as a money transmitter.

In the short term it is not going to do much. In the long term, I do think there will be an impact indirectly. So Coinbase compliance team, whether they like it or not, they’re gonna have to assign greater risk, I think, to non custodial wallets, even if it’s not a travel rule issue. I do think that is going to impact years ahead, in the next several years, that may make noncustodial wallets the thing of privacy enthusiasts. But, in the US, I don’t think they’re going to go away. I think you can still use them just like anybody can use Tor and use all types of security software, you can still use it.

Brian: In one of the articles you talked about this potential divergence, about how we might have ‘good crypto’ and ‘bad crypto’. Is that what you’re talking about? Let’s say Coinbase, maybe they won’t let you withdraw to a wallet with noncustodial privacy centric approach, and you would then have this isolation where you may have the same blockchain, let’s say Bitcoin, and some of the bitcoins are moving in this regulated realm, and then some more in this other way. Is that something that you could see? what do you mean with this division of good versus bad crypto?

Sebastien: Here’s another scenario, where you have companies operating in a jurisdiction that is not part of the FATF or that is deemed unfavorable by sanction or regulated space. It could be just like someone who moves the company to Panama or something (I don’t know if Panama’s in the FATF) and then you have tokens that are, like Brian said, no longer fungible, and there are two realms operating within the same cryptocurrency.

Yaya: In essence, this is the problem particularly with a public blockchain that is visible, the fact you can see the origin. You can see the provenance of your crypto, you’ve hit the nail on the head, from the standpoint of folks who are looking at risk who are trying to minimize risk who don’t want OFAC to come after them, or authorities to come after them. Yeah, it’s the logical conclusion is that you’re going to try to minimize that you’re going to minimize situations where it’s likely elicit activity is going through your platform.

The biggest factor is do you know who that person is? And if you don’t know who that person is, you are incentivized, not to drop them, but maybe you’re going to put in measures, maybe you’re going to put in a threshold where you only allow certain amount to go through a non custodial wallet, because you don’t want to get rid of them, and you want there to be financial inclusion. I think you can see those things.

The two crypto ecosystems that you mentioned, I think I wrote that in 2017. It was just this idea that it just makes sense as crypto is gets more institutionalized, as it gets more accepted, you’re going to have institutional money going into it, you’re gonna have more of a formal use of it. And a lot of people don’t like that you’re going to have people that want things to remain “dark” or to stay anonymous. There are lots of blockchain projects that are doing that to this day, such as Mimble Wimble, and all these protocols that are trying to maintain anonymity.

I just think that if the broader sector grows, there’s going to be the clash that we talked about at the beginning, that clash out of all the things. It’s great because we’re having this very spirited conversation, I would say not even a debate but a good conversation.

My thing that I will push back for the crypto space is okay. You have to reconcile these issues and your argument can not just be that they’re going to be bad people using crypto regardless. It’s just not enough when you’re talking about things on a large scale. So I would put it in back to, the crypto space needs to think more about these issues. And I’m not saying that they have to do what the government, like the US government is not telling people what protocols to make. The US government is just saying, This is the financial sector. This is how we deal with finance globally. These are the standards. You want to do something on your own, one to one, but the government has a role in terms of business and finance. And if you want to create something different and new, that’s going against that. You’ve got to figure out how to reconcile. I don’t have the answer.

Brian: I do want to talk about a related question, Sebastien, you mentioned Panama before. I think just like last week a cryptocurrency derivatives exchange called Derbit, which is one of the largest, they were in the Netherlands and they announced, we’re moving to Panama because we don’t like the new AML rules coming. We think it creates too much of a burden for people to onboard and use the platform.

Of course, the crypto space, probably more than any other industry that I’m aware of is very global. Companies, almost from the start, target customers all over the place. Protocols, they’re also completely open, they can’t even enforce things like sanctions rules. How do you think is going to play out? Do you think that we will see an increasing regulatory divergence, where you have companies go to favorable jurisdictions, some of them use this as a competitive advantage. They get business, they attract startups. Others try to crack down, but we have just this ability for people to go where it’s favorable, and then that prevails, which I would say is what we’re seeing today a little bit. We have Bitmex, Binance, many of the biggest platforms tend to take that approach. Or do you think that maybe large players like the US, maybe the EU reaction will manage to almost create a greater harmonization and impose these rules across the globe?

Yaya: Well, I think you’re in the midst of seeing this transition. One. I’m pessimistic about how the EU can manage all of this. I’ve visited just a couple of places in Europe, but I was in Germany recently, a few months ago. There’s so much confusion, between what the EU says and what the local country is going to say and how do you coordinate that?

I think what we’re seeing now is crypto being welcomed to the issue of regulatory arbitrage, that happens in the financial sector. Certain jurisdictions, certain countries have, “good” or high levels of AML standards, and certain ones don’t and are questionable. That’s really what FATF is about, trying to bring all these countries to a certain standard.

The US sees it as an ongoing problem, even without crypto, but with money service businesses, in general, and with banks. It’s already an issue from the US perspective, that certain jurisdictions allow so much private shell companies, actually the US is bad with shell companies, I should acknowledge.

This is already an issue with AML regulations writ large. I would actually just say that all that’s happening now is crypto been welcomed into it. Crypto businesses have had the benefit of their regulators not really knowing what to do with crypto, and there not being clear guidance. It’s new technology. So people have been able to create businesses, that have customers, and that are earning money, and now the landscape is shifting because regulators are catching up.

So what is going to happen? There are going to be people moving to Panama, there’s going to be people moving to these other jurisdictions. And for regulators, there’s going to be cat and mouse game, because crypto is global. And how do you crack down on this? How to keep it’s gonna be difficult so I’m not saying that this is an easy issue. This is regulatory arbitrage that occurs in the banking sector even.

Sebastien: You mentioned Europe with regards to the AML5 directive, which came from the EU, how does that relate to the FATF? Is it the FATF puts out recommendations, and then the EU also then applies them in these directives, that gets trickled down into the different European countries?

Yaya: The way to think about this, which can be confusing, is a lot of this is happening or has happened simultaneously. They’re not always directly connected. It’s like different authorities are responding to the same set of problems.

In 2013, US put out guidance about how cryptocurrency businesses should be regulated. And that was actually before European countries had done anything like that. So the US had already put out a model. Then there were conversations with FATF, which the US probably informed because the US is a big player in FATF. So there have been conversations about how countries should deal with this.

At the same time, Europe and the EU was also thinking about the same question and they came up, they figured out well, we need to have a new way of anti money laundering. So a lot of this is happening concurrently. They’re having the discussions at the federal level, EU was having discussions, and then the countries are having discussions.

5AMLD was already voted on that was already in train, before FATF came out with this thing. What you’re going to have is with FATF, and the 5AMLD, they’re both ordering something. The way you can see it differently, FATF doesn’t have any ability to enforce, it’s just “these are the standards”. Five AMLD, that’s the EU’s thing. Whatever powers the EU has over the actual central banks, there’s power leverage.

FATF does not have the authority to enforce what a country does. The only thing that it can do is that it can say, “this country doesn’t meet the standards”. It’s not making you do anything, but it can assess you, it can put you on what’s called the FATF grey list, or the blacklist, which there aren’t a lot of countries on, but FATF can do that. So they’re all interplaying at the same time.

Sebastien: Right. And we should point out that individual EU countries like France and Germany are part of FATF, also the European Commission itself is a member of FATF. These recommendations are then making their way into EU directives that make their way into nationalistic regulations. There’s a lot of layers here to unpack. Before we wrap up, I just wanted to get your thoughts on where do you think the space is going and where do you see cryptocurrencies in the next 10 years with regards to all this stuff?

Yaya: Well, I’ll just put the caveat there, that no one knows. And whatever I give you is obviously not a prediction. I don’t think this is going to be a do or die thing for crypto. Honestly, I think the world evolves. I think this space is going to evolve so that there is, I won’t say happy medium, but I will say that I’m not one of those “blockchain not Bitcoin” people at all. So I don’t I don’t want this to be misconstrued. I think there’s going to be a role for crypto.

Once most stuff gets worked out, some of the features of crypto that people do like, real true public blockchain crypto, that some of those features will be integrated and will be part of the global financial system. I actually think, and getting we’re looking further out there, that there may be a place for public blockchain cryptos in financial transactions, that maybe even banks will service, allow their customers to use them. It’s not going to look the way it is now.

We haven’t talked that much about privacy coins, maybe there’s going to be an adaptation of things like the Zcash protocol, where there are private transactions and shielded and unshielded transactions. I see that there could be value in that. I don’t know how it’s going to look. I think that, at least in the value transfer, the somewhat decentralized transfer value, I think there’s going to be a place for it. I don’t think that the anonymous aspect that some folks advocate for is going to scale. You’re going to still have it but it’s not going to scale like many people want it to scale, and maybe that’s fine, maybe that’s the happy medium.

The other thing that I would say maybe this is a good thought to leave with which is again, more philosophical, maybe even somewhat political, maybe a lot of this back and forth that the crypto space is having on these issues is going to have to be dealt with by society at a societal level, maybe there has to be a compromise.

When you look at the banking sector, it’s interesting because earlier you were talking about this clash, with your banks being deputize and banks having to do what the government doesn’t want to do itself. Now, there’s another way to look at that. Right? Which is, yes, it’s burdensome on banks.

Sebastien: Not that it doesn’t want to do, that it can’t do it.

Yaya: Okay. The government can’t do it in most of the societies that we’re in, where we’re broadcasting from, because there would not be much openness to a government policing, in real time, all of your financial transactions. And actually, in most of our societies, we have this interesting compromise where banks actually have access to your financial activity. They know what you bought, the credit card you’re using, they all know. Fortunately, though, the government is not seeing that data in real time. And they have to go through certain things to get that information. When they show up at the banks door, they can get it, but it’s not in real time. And that is that came about because of the way our societies are structured, the way government structured the way industry is structured. That evolution may need to happen. Incorporating crypto into that, how does that fit into that framework where we don’t give the government 100% insight into everything everyone is doing, but there are stopgap measures so that people that have authority can get that. Maybe that needs to be developed somehow in crypto.

Sebastien: What I’m fearful of, and not to take it to very dark places, but let’s have a look at this through a more dystopian lens. Effectively as governments, through the FATF and its reach, as things become more complex and governments want more and more access to people’s financial data under the guise of anti terrorism and anti money laundering, we may get to a point where, in fact, governments have complete access in real time to everyone’s financial records. So that’s one thing. And then the other potential risk is that these tools of surveillance might not have that much effect on us who live in affluent societies and have the means etc. But tools of oppression are often used against more vulnerable populations, than less vulnerable population. And so that’s where I see the risk of this thing going. Governments, in-fact, inching their way into having more and more access to our financial data in real time. And then these tools being used to oppress people that really shouldn’t be oppressed.

Yaya: The question is then how do you deal with it? We’re tiptoeing into a non technical conversation. How do you have a society that respects that? If there are settings where there’s authoritarianism, how do you change that with technology? Or does that change or evolve in a different way? And it’s a tough issue to solve, but I think it else it should make those of us who care about those issues, need to think more about the non technological things that play.

Sebastien: That’s an excellent way to end it. Before we do though, I want to direct our listeners to anywhere where they might find your excellent writings. And why don’t you tell us about your podcast briefly?

Yaya: Well, in terms of the crypto stuff, I contribute to Forbes, so if you Google my name, and Forbes, you should see a lot of my articles, I try to produce an article every month or so.

Sebastien: And we’ll link to many of the articles we referenced here.

Yaya: Great. You can find me on Twitter @SignCurve, although I’m taking a Twitter break now. Sebastian, thanks for mentioning my podcast. I created a podcast actually a few years ago. ago which is a personal storytelling podcast that talks a lot about my own journey going working in national security, a lot of personal stories. That podcast is called Rhythm of Wisdom, the rhythm of wisdom podcast, and you can find it on your podcast platforms. be great if you want to hear more of my personal story.

Sebastien: I listened to a couple of episodes. It’s really cool. It’s like storytelling of your time and the CIA and stuff. Really cool. Well, thanks a lot. Yeah, it was great talking to you is a really fascinating conversation and look forward to speaking again sometime.