With $2 million in funding behind it and a growing user base, Lightning Network wallet and tipping service Bottle Pay was becoming one of the hottest new Lightning service providers of 2019. Then, after less than a year of operation, it shut down.
Just as it was hitting its stride, it was struck by new financial regulations from the EU.
The 5th EU Anti-Money Laundering Directive (5AMLD) is a set of rules from the European Parliament that govern financial companies to ensure best practice for deterring and identifying money laundering. It takes its cue from the Financial Action Task Force’s (FATF) global guidance for anti-money laundering and compliance regulation.
As we’ve covered in the past, the FATF recommends that cryptocurrency transactions facilitated via exchanges or other service providers adhere to the Travel Rule — a mandate that requires financial institutions to KYC recipient/sender for transfers over $1,000. It also recommends that cryptocurrency exchanges and wallets run KYC for all accounts. Many have speculated that this rule will make operations for crypto services cumbersome; they also question the gray area of where this leaves noncustodial wallets.
To take effect on January 10, 2020, the impending regulation already shook Bottle Pay enough to cause it to shutter its services.
With one significant service provider bowing out in response to these new regulations, what could the 5AMLD mean for other Bitcoin companies operating under the EU’s jurisdiction?
KYC Is an Old Dog, Crypto Is a New Trick
Bitcoin and cryptocurrency service providers are treated with regard as financial institutions under the updated 5AMLD directive. In effect, exchanges and other custodians are required to conduct KYC on all users and submit suspicious activity reports when necessary. This means logging the public address for each user’s individual wallet, and providing that address (and the identity attached to it) if called upon by authorities. In some cases, they may also be mandated to explicate the source of the funds.
“I’ve come across a few firms worried about this as it does sort of undermine the whole point of Bitcoin,” Mike Southgate told Bitcoin Magazine. Southgate is the chief compliance officer at forex advisory firm Hamilton Court Foreign Exchange in London and is also the director of Ermi Software Limited, which develops transaction monitoring software to detect money-laundering techniques.
Southgate said that the directive puts cryptocurrency “in the scope” of existing rules in a bid to curb anonymity.
“They’re not applying a different layer of rules. They’re applying rules that have been in place for ten years to a different industry,” he said.
This old/new directive doesn’t require custodians to verify KYC for inbound or outbound transfers, but it does require them to list client information on the transactions. For something like a SWIFT transfer, this is already done internally on each transaction.
“But what the hell do I do when it’s a public ledger [like Bitcoin]?” Southgate postulated.
“If I wanted to send you a bitcoin, then my name and address would need to be included as part of that transaction and included on the public ledger,” he continued. This would mean that, if an exchange received a payment from an anonymous wallet, they’d have to reject it or require that the KYC info be included in the transaction.
Bottle Pay, which has not collected KYC information from users, felt that these directives were too tall of an order.
“The amount and type of extra personal information we would be required to collect from our users would alter the current user experience so radically, and so negatively, that we are not willing to force this onto our community,” a company announcement about its shutdown reads.
Bitcoin Meets Red Tape
If Bottle Pay folded under the pressure, will other Bitcoin service providers also find that the directives are incompatible with their business models?
Tippin.me comes to mind as a Bitcoin business under a similar threat. Like Bottle Pay, the browser extension is a custodial Lightning wallet that enables its users to send tips and micropayments over social media. Bitcoin Magazine did not receive a response to questions sent to Tippin.me’s creator in time for publication.
Southgate believes it’s only a matter of time before all cryptocurrency custodians must answer the law’s call. Per the directive, any “entity that provides services to safeguard private cryptographic keys on behalf of its customers, to hold, store and transfer virtual currencies” is subject to the regulations.
The 5AMLD’s definition of cryptocurrency “is really, really widely drawn,” Southgate pointed out, so many companies will likely be caught in the directive’s wide net.
Still, he emphasized that these rules only apply to custodians or anyone who facilitates bitcoin-to-fiat transactions, while “personal, peer-to-peer transactions are like cash,” he clarified. Southgate seemed pretty confident that noncustodial wallet providers, so long as the users are in full control of their keys and the transaction process, should not be required to log information on its users.
This would also mean that noncustodial Lightning Network transfers are free from scrutiny, so long as they are not sent to an exchange like Bitfinex. As with on-chain transfers to an exchange, “the moment it goes through a fiat convertor or a custodian,” Southgate said, “then they need to know the details of all the people in the chain.”
“Which they’re not going to get,” he added to point out how difficult it would be to apply KYC requirements to all of the hops in a bitcoin’s movement. This process becomes even more infeasible (or downright impossible) with Lightning Network transactions, which are onion-routed over a Tor-like network.
However, Southgate believes that, ultimately, these guidelines are going to force other Bitcoin service providers to fold like Bottle Pay — if not for fear of compromising user anonymity, then for forcing their budgetary hand.
“Compliance is freaking expensive,” as he put it. “Cost of compliance is going to increase the cost of transactions on the exchange or on the network. So even if companies aren’t forced out of action by the regulations, they’re going to have to become more profitable.”
And the users will have to front these costs, he fears, which would undermine the whole point, especially when there’s no promise of anonymity anymore.
“Why would people still use them if, like Mastercard or Visa, there’s a 3 percent service charge?” Southgate asked. “There’s no anonymity, the costs have just increased, it creates a vastly less attractive prospect.”
Of course, a company like Bottle Pay could move jurisdictions. But then they wouldn’t be able to service U.K. users or anyone from a country that has FATF membership — and that’s basically everyone under the jurisdiction of the world’s leading financial countries, or FATF’s 39 participating countries. Eventually, every cryptocurrency company in this legal radius will abide by these terms, Southgate believes.
The United States, for instance, is stepping in tandem with the EU’s directives. Stateside financial industry regulators will require mandatory KYC verification for any transfers over $3,000 (the U.S.’s threshold for the Travel Rule), taking its cue from FATF’s guidance.
As always, these anti-money laundering rules take specific aim at illicit and criminal activity, but as is the case with Bottle Pay, Bitcoin service providers will likely be hit with the collateral damage. Bottle Pay noted in its blog post that it will deliberate “on the best course of action” for how to proceed in the face of the 5AMLD. The team always intended to make the app noncustodial, and if this would be enough to insulate it from the regulation, it could relaunch (though it has made no promises on this front).
Until that time does (or doesn’t) come, we’ll all sit tight and await for more clarity on how Bitcoin companies may coexist with rules it never had to reckon with until now; and we’ll be watching in anticipation to see if any other projects buckle under the pressure.