Bankless - Surveillance Finance 101 with Seth Hertlein and Michael Mosier
Episode Date: September 12, 2023Seth Hertlein, VP Global Head of Policy at Ledger, and Michael Mosier, Co-Fouder of legal boutique Arktourous, Build Exante - FinCEN, Treasury, and Chief Technical Counsel at Chainalysis join us on to...day’s show to explain the modern financial surveillance apparatus. FATF, FinCEN, AML/KYC, OFAC...the blacklists, the greylists. How does it all work? Who makes the rules? ------ 🎁 Check your wallet with our brand new tool: Claimables https://bankless.cc/GetClaimables ------ 📣 AAVE V3 is Here! http://app.aave.com/ ------ BANKLESS SPONSOR TOOLS: 🐙KRAKEN | MOST-TRUSTED CRYPTO EXCHANGE https://k.xyz/bankless-pod-q2 🦊METAMASK PORTFOLIO | MANAGE YOUR WEB3 EVERYTHING https://bankless.cc/MetaMask ⚖️ ARBITRUM | SCALING ETHEREUM https://bankless.cc/Arbitrum 🛞MANTLE | MODULAR LAYER 2 NETWORK https://bankless.cc/Mantle 🦄UNISWAP | ON-CHAIN MARKETPLACE https://bankless.cc/uniswap 🗣️TOKU | CRYPTO EMPLOYMENT SOLUTION https://bankless.cc/Toku ----- TIMESTAMPS 0:00 Intro 9:10 Financial Surveillance 13:10 Data Collection 17:10 The Bank Secrecy Act 20:30 SARS 23:10 Understanding the Enforcers 30:30 Goals for FINCEN 38:55 OFAC Explained 51:11 Strict Liability 56:26 Process of Getting OFAC SDN List 1:00:50 Tornado Cash 1:11:05 What Should We Do? 1:21:05 Closing & Disclaimers ----- RESOURCES Michael Mosier https://twitter.com/m_mosier_ Seth Hertlein https://twitter.com/SethHertlein ----- Not financial or tax advice. See our investment disclosures here: https://www.bankless.com/disclosures
Transcript
Discussion (0)
Hey, Bankless Nation, I put out a tweet last week that said this,
Who can come on bank lists and explain the modern financial surveillance apparatus?
Fadeth, FinC, AML KYC, OFAC, the Blacklist, the Graylist.
How does it all work? Who makes the rules?
But in the space for years, I still don't understand these dark corners.
It's very much how I felt coming to this episode, needing the Financial Surveillance 101.
I knew it was an octopus, knew it was this multi-headed hydra.
I had no idea how deep its roots actually go.
And today we unpack this with legal experts.
Seth Hirtline from, he's the VP of Global Policy at Ledger and also Michael Mosier.
He actually has spent some time in the belly of the beast at both Finson and OFAC.
Now he's on our team.
He's the guy inside the house.
Yeah.
And now he's on team crypto.
So he's got some insider baseball that he's going to tell us as we make sense of this.
This was a really fantastic episode.
I know I want to get your comments on this episode,
but before we do, we got a message from our friends and sponsors over at AVE.
David, what does AVEA want bankless listeners to know?
AVE wants you to know that AVEV-V-3 is here.
And, I mean, it's been here.
It's been here for six months.
So why does Avey want you to know that V3 is here?
Well, because apparently, over a billion dollars of capital doesn't know that because it's still in ABE V2.
not only that, but there is a button for migrating your capital to Ave V3.
So AVE, if you are an AVEV2 enjoyer, which you are free to because it is permissionless
open source technology, they still want you.
Everything gets better if all of the liquidity goes to the same place.
So if you are using AVE but you are using AVE, an old version of AVE, perhaps consider joining
the rest of the crew in AVEV3.
It has more liquidity than AVEV2, but also some extra features as well.
So asset isolation mode
and to compartmentalize your risks.
It's got some gas optimizations.
It's got some extra bells and whistles.
It's just a better version of AVE.
App.Ave.com.
But then also there is AVE grants.
If you are a builder, building on AVEA,
especially there's brand new stable coin Go.
There are grants available to you.
So overall, there's a bunch of things to do
in the AVE ecosystem and there's a link in the show notes
to get started with all of them.
Yeah.
My favorite, I would say,
both of our favorites, lending and borrowing protocol in crypto.
They've been around since the very beginning.
Obviously is fantastic.
David, I know this episode was my idea.
It's kind of like geeky, wonkish stuff.
But I felt like it was so important,
especially on the back of developers getting rested in tornado cash.
Like, what is going on?
I just realized one day I don't even understand what all of these institutions are
and what gives the financial surveillance system their apparatus.
So what did you think of this episode?
Yeah, I definitely would categorize this one as a Ryan episode.
I was definitely in listening mode for the majority of this podcast.
I mean, I guess what it's like to be a listener here in listening mode.
So I guess telling listeners to enter listening mode, I guess it doesn't help them.
I learned a lot.
It felt like story time a little bit about American history, one of these episodes that we frequently do on bankless every now and then about just like, hey, how did just the state of laws come to be in the way that they are?
and how are they downstream from the original American values that this country was founded on?
And what about the current settling of the dust around this new player in the world of, in this universe called cryptography?
How is that disturbing the equilibrium and how do we need to extend American values into this new world?
Because if we don't do that, the non-American values will take over.
I think that's kind of the through line that I would, that will anchor bankless listeners, is that there's this new field in territory.
we can have freedom enter and establish itself legally,
or we can have authoritarian interests enter in that same field.
And I mean, I think everyone knows which side that we want to win.
We need to actually fight for that.
And fighting for that starts with understanding.
And so I think that's why I enjoyed this episode.
It helps tell that story.
Yeah.
And anytime David says American values,
if you're outside of the U.S. and you're like American values,
just think of liberal values, like lowercase L values, right?
civil liberties, you know, freedoms of citizens to express themselves and to transact without the
surveillance of the government. That's really what we're talking here. And that's what's at stake.
More than anything, I think this episode impressed upon me that unchecked, this is just an octopus.
This is just like a tree structure that will, I don't know.
It's a not an octopus. Slime mold. It will grow. Exactly. And it is growing and it has grown.
since like the 1970s. Anyway, absolutely fantastic episode. Guys, stay tuned for this. But before we do,
we want to tell you about our friends over at Cracken, which is our number one recommended
exchange. Go check them out. Cracken Pro has easily become the best crypto trading platform in the
industry. The place I use to check the charts and the crypto prices, even when I'm not looking
to place a trade. On Cracken Pro, you'll have access to advanced charting tools, real-time market
data and lightning fast trade execution, all inside their spiffy new modular interface. Crackin's new
customizable modular layout lets you tailor your trading experience to suit your needs.
Pick and choose your favorite modules and place them anywhere you want in your screen.
With Cracken Pro, you have that power.
Whether you are a seasoned pro or just starting out, join thousands of traders who trust Cracken
Pro for their crypto trading needs. Visit Pro.cratin.com to get started today.
Mantle, formerly known as BitDow, is the first Dow-led Web3 ecosystem, all built on top of
Mantle's first core product, the Mantle Network, a brand new high-performance Ethereum,
layer 2, built using the OP stack, but uses eigenlayers data availability solution instead of the
expensive Ethereum layer 1. Not only does this reduce Mantle network's gas fees by 80%, but it also
reduces gas fee volatility, providing a more stable foundation for Mantle's applications.
The Mantle treasury is one of the biggest Dow-owned treasuries, which is seeding an ecosystem of projects
from all around the Web3 space for Mantle. Mantle already has sub-communities from around Web3
onboarded, like Game 7 for Web3 gaming, and ByBit for TVL and liquidity and onramps. So if you
If you want to build on the Mantle network, Mantle is offering a grants program that provides
milestone-based funding to promising projects that help expand, secure, and decentralize Mantle.
If you want to get started working with the first Dow-ledd layer 2 ecosystem, check out Mantle at
mantle.
And follow them on Twitter at ZeroX Mantle.
Arbitrum is accelerating the Web3 landscape with a suite of secure Ethereum-scaling solutions.
Hundreds of projects have already deployed on Arbitrum 1, with flourishing defy and
NFT ecosystems. Arbitrum Nova is quickly becoming a Web3 game.
gaming hub and social apps like Reddit are also calling Arbitrum home.
And now, Arbitrum Orbit,
allows you to use Arbitrm's secure scaling technology
to build your own Layer 3, giving you access
to interoperable, customizable permissions
with dedicated throughput.
Whether you are a developer, enterprise, or user,
Arbitrum Orbit lets you take your project to new heights.
All of these technologies leverage the security
and decentralization of Ethereum
and provide a builder experience that's intuitive,
familiar, and fully EVM compatible.
Faster transaction speeds and safety
significantly lower gas fees. So visit arbitram.io where you can join the community, dive into
the developer docs, bridge your assets, and start building your first app with Arbitrum.
Experience Web3 development the way it was always meant to be. Secure, fast, cheap, and friction-free.
Bankless Nation, we are super excited to host two legal minds on our show today. Seth Hurtline is
the Vice President Global Head of Policy at Ledger and Michael Moser. He's the co-founder of a legal
boutique called Arcturos and he is also building ex-ante. He's formerly formerly
been at FinCEN and the Treasury, Chief Technical Council at Chainalysis, so he's seen a thing
or two in the space. Welcome, Michael. Thanks. All right, guys, so what we're going to attempt
to do on today's episode is give kind of the everyman explanation of financial surveillance.
I feel like this is an episode, maybe for me. It's kind of a selfish episode, because I feel like
here I am in crypto, and I've heard all of these, you know, four or five-letter agents,
and it's recently started to impact my life with like tornado cash.
I'm not entirely sure what these agencies are.
I'm not entirely sure what's legal and what's not.
I'm not entirely sure what powers each of these agencies actually have over my financial
life.
And I'm looking for like the 101.
I'm looking for like the explainer.
When we talk about fatif and we're talking about OFAC, we're talking about white lists
and gray lists.
And we're talking about, you know, can I use tornado cash or not?
and I can't because I'm an American, I just don't know what, like, what's going on here.
So I feel like we need the 101 episode.
So if you guys are game to do that, that's what we're going to try to accomplish today.
Sound good?
Great.
Absolutely.
Well, let's kind of start domestic from sort of the U.S. perspective, if we will,
and then go international to kind of the rest of the world.
But I want to start with maybe a working definition.
So I'm thinking of this episode as like a financial surveillance 101 episode.
and I'm wondering if you guys could sort of describe financial surveillance.
When I use that term, what does it mean to you?
What is kind of happening behind the scenes?
Who are some of the main agencies that hold the power?
I'll throw this one to you first, Seth.
Okay.
Well, you know, I think, you know, for the purposes of this episode,
let's sort of carve out, you know, private sector or sort of corporate surveillance.
let's sort of limit the scope of today's conversation to government surveillance.
But I think a good working definition could be information that is collected by or required to be
reported to the federal government or an agency thereof, either by individuals or by service providers,
intermediaries that they use for their everyday financial lives.
So just to check that definition, Seth, I hear me hearing two parts.
One is the legally mandated reporting requirements, which if you don't do it,
you get like something like fines in jail.
And then there's additional information, which it would seem that the powers that be
are able to just collect by their own visual mechanisms, as in like it's information
that's out there and they collect that information because it's available for them to collect.
So that's two types of data.
I mean, Mike, I'd be curious, your thoughts on this.
I think it sort of converges effectively into more or less the same thing.
So maybe not a need to draw that particular distinction.
Yeah, and I think it's a collective approach.
It sort of, I think for two reasons.
One is, you know, some of that will come into play, David, as we're, as we think,
about challenges including constitutional challenges, because courts have made a distinction between
when you put your trash out, have you relinquished control of it, and if somebody goes through
it, they just go through it, through it, versus somebody coming in your house and going through
your papers, which is the sort of genesis of the Fourth Amendment. And I think, as Seth's pointing
out, we're in a space here with Web 1, 2, and now 3, where there's tremendous amount that's
in this gray area between what's public and what isn't.
I think even the concept of what's public information at this point is a lot more of a fine-tuned, fine nuanced issue,
including, I should say, like, in a way that also these same government agencies that are,
that are collecting it for various reasons, I mean, the mission of all of this,
and I think this is important is something when I was at FinCEN,
we would say to the people on the hill making the laws too.
sometimes without asking us first,
was that the primary mission is countering exploitation here.
And so you have to factor into that,
the fact that this information out there and being collected in any form
is also subject to creating greater exploitation.
And that includes people's honeypots of people's data that gets hacked
some of this recently coming up in FTX and Kroll coming out of the bankruptcy.
And that's something that I think there's the policymakers and the politicians,
And then there's also the operators out there, including at FinCEN and DOJ,
who are saying, actually, we don't need more cases and more victims.
So can we protect some of this, too?
It's partly why we brought in privacy experts and did initiatives on zero knowledge proofs
and homomorphic encryption at FinCEN.
So I do think it's really important that we're talking about that very holistically.
There's a lot out there.
So already we're talking about Finson and DOJ and Treasury and all these kind of institutions.
I want to get some working definitions on.
But while we're talking about this term financial surveillance, all right, let's just get a grasp of what sort of data is generally being collected and like when.
Is this primarily like intermediaries that are required to submit this?
Because as a, you know, a citizen in the U.S., I don't often have to, I guess I'm not like conscious of times that I'm like filing paperwork with Treasury or Finson.
But maybe I am through an intermediary.
and I just don't know it.
So what sort of things are being tracked and surveilled and why?
I'm happy to take the first.
Yeah, I think, I mean, so it's true.
You're not, although I will say there's legislation out there,
particularly in the tax space that could make you a reporter, Ryan,
whether you like it or not.
And whether everyone around you likes it or not.
And speaking of honeypots, like you may be collecting and reporting on others.
But I think as in a traditional stand from a FinCEN perspective in the Bank Secrecy Act,
you're absolutely right.
It would be intermediaries.
And in fact, this goes back to some of the constitutional issues and the third-party doctrine that Seth mentioned.
But it's really transactional information.
And historically, in fact, we can talk through a little bit if you want the history of the Bank Secrecy Act.
But it was exactly this.
It was around reporting requirements, basically coming up through the 70s.
And basically, at the time, it was purely, it was basically large cash, law enforcement was seeing large cash deliveries to banks, pretty sure it was organized crime.
And when they would go to a bank, the bank would say, I don't know, I don't know why Bugsie Siegel dropped off $100 million.
And so the other piece of that was that there was foreign Swiss banks at the time.
And so this was the foreign transactions reporting piece of it, too, that had Swiss bank.
bank Swiss secrecy, bank secrecy, which is where this bank secrecy act comes from.
And so the U.S. would say, okay, well, we'll go to Switzerland where some of this money is
getting sent from the bank that was brought in in cash. And they'd go to the Swiss and say,
okay, you tell me about what's going on here. And they would say, there's nothing we can say.
There's a secret, there's bank secrecy here. And so part of it was going to the U.S.
banks and saying, we need you to collect more information. At the time, it was really
just information of like, who's collecting it, give me their, they're basically, they're,
their bank opening information, what do they live, what's their phone number, what's their
occupation, what's their source of income, that sort of thing. It evolved over time to suspicious
activity reports, which is much more, I think, what you're thinking through, which is, okay,
now a bank is making a determination. Seth came in the other day. He didn't just drop off a bunch
of cash. He's making anomalous deposits that don't make sense to us. This seems suspicious. He said
he was a reporter, but he makes a million dollars a day. What's going on here? And so they would
buy a suspicious activity report that would lay out, who is it? What did he say it came from? And what
is it that's suspicious about it? And I should say, like, you know, back in the day, that would
have been, he brought in a bag of cash. Then it would evolve to checks and check numbers. Then it
would evolve to wire transfers and the wire transfer information about every piece of that transaction,
who the correspondent bank was in the crypto space, that could be all sorts of things,
what wallet address was connected, what time, if it's a public ledger like Ethereum or Bitcoin,
that might be, here's a graph of everything that that wallet touched historically,
depending on what the platform is.
They may collect the IP address, even the device identifier that Seth used to connect.
So there's a tremendous amount of data and metadata that could be collected in that.
Can we, Michael, so can we?
we go back to kind of the history here with you guys to make sure I understand it. So there wasn't,
and we're still domestics, we're still talking about the U.S., and we'll expand international after
this. So prior to like the 1970s, am I right to say there wasn't much financial surveillance?
And then in the 1970s, is that correct? Yeah. Yeah, okay. So that's correct. And then in the
1970s, basically to kind of fight crime, maybe organized crime, you know, the mafia was sort of one
one organization that was in the crosshairs, the U.S. came out with a bank secrecy act.
And this started sort of the financial surveillance apparatus.
And so is this the reason basically for AMLKYC, which is like I have to be identified
before I can, like, you know, with a government ID, let's say, before I can open a bank account.
And this is the reason when I go to like transfer money or take out a large deposit for my
bank, the bank teller will say, what are you doing with that? Like, how are you using that money?
They ask these questions. I'm always like, why do you need to know this? You know, and it's almost
couched as if, well, we want to protect you from frauds and scams. Maybe that's part of it.
It seems like more of it is kind of this financial surveillance apparatus. So that's why I have to
present an ID. That is why they are asking questions, like, what are you doing with the money?
And can you tell me more about the source of the funds? These are all questions. I know many
bankless listeners have have seen from their banks. And it all, all emanated from this legislation
from the 1970s in the Bank Secrecy Act. Is that, is this correct? Yeah. So it started,
Bank Secrecy Act was enacted in 1970. And, you know, at that time, it was, you know, a much smaller
version, you know, than it is now. Right. So in 1970, it had two, two core provisions,
Title I, Title I basically said banks have to record the transactions of their customers.
They have to keep an internal log of all the transactions their customers made.
Title II said banks have to report transactions over a certain size to the Treasury Department.
And in 1970, that threshold was set at $10,000 U.S. dollars.
And so that created one of these forms that the reports get made on called a CTR or currency
transaction report.
Importantly, that threshold, that $10,000 hasn't ever been adjusted, right?
So if you go back and you adjust the CTR threshold back to $1970, it's the equivalent
of about $79,000 today.
Wow.
And what that amounts, yeah, what amounts that amounts to is, you know, a gradual,
the constant tightening of the noose of transaction reporting of,
on the American people.
And so that's where it started.
But both as sort of Mike and Ryan, your comments alluded to,
there's this sort of creeping nature of it where it all,
it just expands.
So first it was just the CTRs and the record keeping.
Now it's SARS or suspicious activity ports that were added in 1992.
There was a vast expansion of the,
the scope of the types of transactions and the types.
Just really quick, SARS.
So Suspicious Activities Report.
Is that basically coming on sort of the bank teller or bank employee to be like,
hey, there's something fishy about this transaction and I'm going to report it up.
Is that right?
Exactly.
That's what that is.
Okay.
And, you know, so interesting stat on suspicious activity reports.
Somewhere north of two million SARS get filed with Vincent every year.
you know, again, curious for your, for your insider take on this, Mike, but, you know, testimony presented to Congress is that FinCEN reviews less than 1% of the SARS that are actually filed.
And, you know, and there are, you know, way more CTRs filed than SARS filed. So, you know, most of this information goes into, you know, basically just a government database and sits there waiting to be queried.
And, you know, but so these things keep getting added on to the BSA, right?
So it grows over time.
And there was a huge expansion in scope.
BSA, Bank Secrecy Act.
Bank Secrecy Act, yeah.
Got it.
And so there was a big expansion in scope as part of the Patriot Act after 9-11
that added a lot of new types of information that had to be gathered and reported
and new intermediary types that are responsible for gathering and reporting that information.
and to your initial question, Ryan, sort of, you know, is it, you know, is it just, you know,
am I self-reporting this or is it just intermediaries? The answer is both, right? So you're,
you're self-reporting on your tax returns, but your intermediaries are also filing information
returns with the IRS. Depending on your specific situation, you could be filing what are called
F-bars or sort of foreign bank account reports or, you know, any foreign bank account reports. Or, you know, any
foreign financial institution that you may have a relationship with under a law called
FATCA is filing reports on you to Treasury as well. And so there's this sort of snowballing
effect, this creep of this expansion of scope of the financial surveillance regime under both
sort of AML, the AML axis and the tax axis, such that, you know, there used to be this presumption
of innocence, right? And law enforcement agencies,
used to have to go, you know, get a warrant to, to gather information about you. And now that's
no longer the case. Now it's already sitting in, you know, a Finsend database waiting to be queried,
you know, without, you know, without court authorization in most instances. Okay. This is very helpful
for me to make sense of this. So we've got the Bank Secrecy Act and that kind of started the snowball.
And then that the reason was, you know, the mafia and kind of money laundering and,
and that kind of thing.
Then we had the Patriot Act, right, in the 2000s, I guess, the early 2000s,
and that sort of expanded it.
And I guess the idea here was anti-terrorism for sure.
That was top of mind for legislators and the American people at that time.
And what this has done is created a kind of like spidering, creeping kind of financial
surveillance apparatus.
This is at least how it's felt to me that has become increasingly more increasingly,
encroaching, I would say. And one, I guess, a feeling I have. I don't really know how to quantify this,
but it just feels like now that we've entered in the 1970s, it very much was not the digital age,
right? We didn't have computers back then. So it literally was like bags full of cash or briefcases
full of cash. Now, of course, the 80s, the 90s, the 2000s, especially now, we have increasingly
digitized everything. So it almost feels like once things get into digital,
format, these kind of financial surveillance institutions feel like, oh, we got a claim to that
data. It's digital, so we might as well put it in the database. That's kind of how it's felt.
But let me ask you a few more questions about kind of the Bank Secrecy Act and the institutions
behind it and some of these other acronyms. Okay. So, Mike, you mentioned Finson earlier
and Treasury. And these are places, by the way, that you've worked, so you know kind of the
inner workings of these places. So,
Who enforces Bank Secrecy Act, you know, Treasury Act?
What's FinC? What's OFAC?
What are some of these names that we should know if we're really trying to understand the apparatus here?
Sure. Yeah.
FinCEN actually has two rules in the U.S.
And as Seth noted, too, I think it's important to note a lot of this development is relatively recent,
at least for us older people.
it's like 90s and 2000s.
So, you know, like the Bank Secrecy Act has been in place since 1970.
It went decades without this sort of level of expansion.
And it was until 1990, you know, 20 years in that FinCin was created.
Wait, how is it created in 1990?
So was there a new legislation put in in 1990?
Yes.
There was.
Okay, so there have been legislative updates, I suppose, to kind of the big Bankers Secrecy Act type stuff in the interim here.
Yeah, there's been many, many updates.
In fact, there's a great timeline on the FinCEN web page that goes through sort of all of these steps.
But yeah, you had the Bank Secrecy Act in 70, in 86.
It was the in act, money laundering control act.
I mean, money laundering itself was not even a crime, you know, when the Bank Secrecy Act was developed.
It was much more other underlying crimes that were being investigated.
Money laundering was not even a crime?
Not at the time.
Yeah.
Interesting.
Yeah.
So, you know, a lot of this has been, and then there was the Enuncio Wiley money laundering
suppression, suppression act that required suspicious activity reporting in 1992.
Like, a lot of this is newer.
So I think it's one level set about all this is like, if you're just coming into this
from a crypto perspective, you see this huge apparatus and you're like, wow, this is nuts.
This has just been here since the 70s and when is it going to change.
But it hasn't.
But it hasn't.
But it hasn't.
Like it's grown and grown and grown and grown and grown and grown.
grown, like quite slowly until recently, obviously the Patriot Act, you know, following 9-11,
was sort of a huge expansion of a lot of different information collections. But it's continued to
grow. And I, and I also think, you know, to your question specifically about FinCEN, you know,
FinCEN's role as a dual role, it's a financial intelligence unit, which is sort of the
collection of information and dissemination of it. This goes to Seth's point of like, you know,
managing a database. And so they're managing the database that, yes, they,
query and they may query sort of 1% of them, but effectively they're they're administering
the database that law enforcement is querying. So you'd want to factor that into it. And there's
all sorts of sort of congressional oversight and questions about which parts of law enforcement
have access and how much access. So Finson is kind of this aggregator of financial information
and it serves the rest of kind of the, you know, the enforcement apparatus. I would say, you like, we might
say in the U.S.
And it reports up through Treasury.
Is that correct?
Yes.
Okay.
And then is Finson the organization that maintains kind of the OFAC list?
No, that's OFAC.
That's OFAC.
We can switch to OFAC in a second.
I'll just close up Vincent.
So FinCEN is the Financial Intelligence Unit.
They administer the Bank Secrecy Act database, which has all this information,
including oversight of, I mean, it's federal, state, local, law enforcement.
all these people have access to querying it.
And so, you know, and questions will come up at times, which including things that we've said to Congress,
every time you expand this thing, remember, you may not be the ones in power next time, please.
So I know it sounds great now and you'd love more information, but that state prosecutor in Texas
that's pulling things on a political adversary that you think is great right now,
it could very much be the New York Attorney General doing it to somebody that you like.
And so, you know, I think there was always a constant push pool at FinCEN of,
okay, on the one hand, we're tasked with disseminating this information to law enforcement.
On the other hand, our primary mission is protecting American people from exploitation,
and that can include, to Seth's point, queries that are not appropriate.
And by the way, I should say, like there are foreign governments through this process called
the Egmont process, which is basically the global financial intelligence units all over the
world that have agreements to share information when queried. Don't you just love that name,
the Eggmont group? Yeah. Yes. I mean, it sounds like something out of a bond movie.
Yeah. So that's a whole other can of worms that we can open another time, but I'll just say
that is another piece that puts FinCent at the center of, on the one hand, when Argentina
is trying to crack down on corruption and autocratic activity by the Venezuelan government
on its own people.
And once information, you know, FinCent has a reason to want to give that over, it's a pro-democracy
issue.
But the Russian Financial Intelligence Unit can ask for information, and so can the Turkish
financial intelligence unit on pro-democracy people that they think are a problem.
And that's partly up to FinCent to sort of catch, like, wait a minute, this is politically
motivated, we aren't going to turn this over.
Oh, my God.
So is FinCEN?
Is the charter of FinCEN basically more domestic-facing?
It's everything.
It's just administering this database of the financial intelligence.
I mean, certainly the primary connectors, anyone that has direct access to it is purely
domestic.
But the goal of it, like, what is the reason for maintaining this big financial surveillance
database?
Like, what are the kind of the policy goals or, you know, like the stated goals?
Is it really to protect Americans from exploitation?
Is it like to find, you know, mob bosses and like money laundering types of, like, what are the stated goals for Finson?
So I love that question because that's like a core piece, including at FinCEN when legislators would say, hey, we're going to do this thing for you.
And we would say we don't want that thing because that's not actually our goal is not, to your point, Ryan, like the goal is not to collect as much information on people as we possibly can.
that could be leaked or abused.
Okay.
The goal, the explicit mission, and I spent some time like reworking the mission statement,
which I think it's not out yet, but basically is countering exploitation of people.
So it was organized crime that was kidnapping people, extorting people, that sort of thing.
I think the bigger expansion of post-9-11 was nominally, and I think genuinely at the time,
even if there was some meaningful overreach.
But I think at the time was protecting America.
from terrorism.
And that is the basis of a lot of the information sharing is like, okay, we've determined
there's a bomber that's going to blow up a federal building, and we need to do something
about that.
And we've determined that through suspicious activity reports.
Or there's someone's been kidnapped, and we've determined that they did a credit card
transaction somewhere that showed that this was the car they rented to kidnap the person.
and now we have their home address,
and so you can go and you literally free somebody,
that sort of thing,
which is partly why the value calculus is kind of complicated on these.
But to be clear, like, the mission is not,
let's collect as much information as we possibly can.
The mission is tailored to these risks that we're supposed to address.
And I think that's partly also why FinCEN itself
has done initiatives on privacy preserving technology,
on digital identity.
You know, like our role is the flourishing of America,
it is not, we need to create a surveillance state at all cost. And by the way, it might get exploited
by all sorts of people. So I want to separate the FinCEN as the operator from like people in
Congress that might be saying, oh, you need to collect all this other information because
FinCin's not asking for that. Well, that's what's interesting is it does become kind of like this
powerful tool that can be used in all sorts of ways that maybe are kind of counter to the goals of
the institution, the data calls.
Absolutely.
In fact, your articulation of it is perfect in exactly why we said, we did a whole
privacy initiative that said banks in particular, we would love it if you'd start using
zero knowledge proofs and homomorphic encryption and other ways of the magic risk.
Because you know what?
You're collecting all this information.
It's getting leaked and hacked.
And by the way, the amount of deepfakes that are undermining your KYC process and the
amount of identity fraud is sort of through the roof. So I think so far this conversation has
exemplified why people use the term, okay, so all of these three-letter agencies, like three-letter
agencies, three-letter agencies. And we talked about just like the slow tightening of the noose
of financial privacy over time. And then in this decade, we had this new legislation. In that
decade, we had this additional legislation. The, like, the libertarian perspective on, like,
governments and nation states is that they always grow. Like, they always.
always want to grow. There's just this natural growth to them and they'll find a way to grab a
pigeonhole and then incept some sort of three-letter agency or increase its scope. It seems to be that
this is kind of just the pattern that we are identifying here with the growth of our like,
you know, surveillance state. Would you guys accept that that pattern is like how to understand
the growth of this whole thing? I think so. I mean, Seth has studied this from globally, so I welcome
his thoughts on it. My quick from the U.S. side of it is, I actually would go back to the prior
conversation where like from 1970 to 1990 plus, it actually didn't grow that much. But it's,
you know, we're now in digitized data. There's an enormous amount that can be collected.
And so you'll have folks, particularly in Congress, saying, well, wait a minute, you could collect it.
Why don't you? Yeah. So the inception of the internet was like, oh, there's so much new surface area to
collect. And so maybe they weren't growing just because they didn't have a reason to or the
optionality to, but the internet kind of gave them that. Yeah, I mean, I think, I think that's,
that's probably the right catalyst. I mean, the combination in particular of, of the internet and,
you know, really for me, smartphones is, is what, you know, really started to balloon the,
the ability, you know, both of corporate America and, and the government to collect and, you know,
analyze data on, on individuals. So, you know, I take it. So, you know, I take.
your point, Mike, that, you know, in many instances, FinCin is saying, hey, hey, hey, we, we don't want this.
Don't give us this data. Don't give us this power. And Congress is like, here, here, here,
collect this, you know, analyze this data. You know, the end result for, you know, the average citizen is the same,
you know, which is, you know, all of this information is, is increasingly becoming available and,
you know, and being used, even if not, you know, used by FinCEN, you know, once it goes in the pot,
Right? It's available for, you know, for, you know, a number of different, you know,
agencies to use for whatever purpose. And, you know, so in that sense, I often sort of think of
Finson as being, you know, the all-seeing eye at the top of the pyramid on the back of the dollar.
You know, that, to me, that's sort of FinCin's place.
Some people say it's like the eye, the eye of Mordor, though, you know, and that might be a darker view of things.
But, yeah, go ahead, Mike.
Let me just give what feels like a more realistic.
I would say it was like a very glamorous view.
I would say it's more like a coach in a peewee football game
where every parents from both sides are just yelling at you.
You know, nobody's happy because it's either like Congress is shoving more information
at you than you even want and you've got to protect.
And then on the flip side, you have other parts of Congress that are saying,
you have this information.
You better be sharing it with everybody because you're,
you should be preventing every crime.
And then you have other parts saying,
wait a minute, you can't share that information.
That's really sensitive information.
And it could be politically motivated.
Are you vetting every single person that's asking you for information?
And we're saying, geez, that's like 300,000 people.
And you haven't even funded us yet.
So no, we're not.
So it's actually, and I'll say, like, to be very concrete about it,
like there have been times where even including through the AML Act,
which was another sort of recent, like, major update to the anti-money, to BSA, which is a whole other
episode I don't want to get into.
2020, 2020.
In 2020?
Yes, like a very substantial update to it.
But in the process of that, some of it, we talked with financial institutions about the threshold,
raising the threshold, as Seth mentioned.
And some of them, it was the reverse.
It was, you know what, we're happy to just give you an API and you can have all the stuff
because we've got the infrastructure, the data is collected.
and you can just have it.
We don't even want to have to parse what's suspicious.
And the response from us was like,
that is a fucking nightmare for us.
The last thing I want.
You were just like,
we want some of your data.
And they were like,
here,
have it all.
Yeah,
we're like,
actually we want,
we don't want more of your data.
Like,
you know,
this is part of it is like,
this is why you're the ref in a peewee game.
It's like,
you get all this information.
Half the country is saying,
you need to use this
and prevent everything
and disseminate it everywhere.
The other half is saying,
you need to protect this
and make sure nobody bad ever misuse
is this data. Oh, wow. And on many ways, like, and I should say, like, to be concrete,
like FinCEN twice in 2018, 2020 put out rulemaking saying we'd like to improve the effectiveness
and the prioritization of the AML system because we think there's just a lot of overreporting.
You're just data dumping. And it's not clear to us that everybody's being as effective as
they actually could. Like, we don't just want data dumping about people.
I feel like we are unraveling it kind of a Gordian knot here.
And this might be a multi-episode thing to cover this all, but this is at least the highlights here.
So we talked about Finson, and I guess this is this aggregator of all this financial information,
maintains a database and all of this information is being aggregated, primarily,
though some of itself reported, primarily from intermediaries, the U.S. banking apparatus, let's say.
Okay, what is OFAC?
let me ask that. We talked about Finson. What about OFAC? This is another four-letter agency, I suppose. What is their sphere of power? What are their stated goals? I don't know, Seth or Mike, which of you want to take this one? Mike, why don't you lead off on this one?
Sure, sure. It could also be its own episode because there's a really interesting history that goes all the way back to the War of 1812. But the basic concept of OFAC, which is the office.
of foreign assets control, the really core of it started at about 1940. It was really coming out
of World War II. And the reason it's foreign assets, and at the time it was foreign funds control,
was actually that it was protective. So it basically administers economic and trade sanctions
against foreign actors. And so at the time, it was the Secretary of the Treasury,
seeing that as the Nazi forces were occupying countries like Denmark,
they were trying to repatriate assets
and basically take the occupying country's assets.
So they might call up the Fed and say,
we want all the gold from Denmark because we're in charge now.
And so part of this was actually, it was freezing in a protective sense.
So it basically was the Secretary of the Treasury saying,
we're freezing all these assets,
we're controlling these foreign funds,
that any U.S. financial institutions have control over.
And so that same mechanism of saying to any U.S. related financial institution,
we've listed out all these funds that you should freeze, not seize, but freeze and hold.
At the time, protectively, over time that's evolved.
And there is some lineage going back to the War of 1812 when some of this was done as actual sanctions and embargoes as well.
but it was very protective at the time and it was blocking assets.
And so that has sort of evolved over time, including in 1950 with the Korean War.
President Truman declared a national emergency and blocked actually Chinese and North Korean assets that were subject to U.S. jurisdiction.
And that's much more sort of the current incarnation.
In fact, North Korean assets, I think, are the longest held blocked assets, I think, of any country in the world.
It goes back to the Korean War.
But basically the authority of OFAC is to say all U.S. financial institutions and other financial institutions subject to the U.S. jurisdiction, like you might have branches here, you need to block all these assets.
And one important piece of this that is, I think, is a really important distinction from like FinCEN and money laundering authorities is this is purely a behavior change mechanism of economic state craft.
And so the idea is the assets are blocked.
When you stop doing the bad stuff that you were doing that caused the national emergency,
we will release these.
That's your incentive to have a behavior change moment.
And we can get into the authorities, which are all under the International Economic Emergencies Act.
But it's basically the president's declares this is a national emergency,
so it can be done unilaterally by the president.
it. National Emergency, OFAC, I want you to list out all the major actors involved in, like,
North Korea's hacking to fund their nuclear regime and their oppression. Same with Syria. Like,
you know, the Syria gasses its own people. We want you to identify who are the actors that can,
that might have a behavior change if their assets were frozen. And so with the current Russian
sanctions, it's not just the Russian government and military. It would be who Treasury is,
determined are oligarchs supporting and with the idea that you create pain points and then you undo it.
And that's why also usually they're not seized assets, although it can happen.
But it's really a behavior change mechanism.
And I'll give one little footnote to this that I won't go down now, but this is also why I think the tornado
cash sanctions were sort of totally inappropriate as a behavior change mechanism.
But I'll just footnote that.
So to add on that, you know, so OFAC is also sort of an agency within the Treasury Department,
but it differs from FinCin a little bit in the source of its authority.
You know, so we talked about how FinCin is sort of a creature of statute, right?
It was created in 1990 to oversee the Bank Secrecy Act of 1970.
OFAC derives a lot of its authority directly from the president's executive powers over foreign relations and trade in Article 2 of the Constitution.
Is this more like a national defense type feel, Seth?
There's strong overtones to that, you know, but it derives from sort of the president's foreign relations powers in Article 2 of the Constitution.
And so there's also, there's a similar, there's a bit of a corollary with trade and tariffs.
And that, as Michael pointed out, you know, OFAC and sanctions are, you know, targeted at, you know, foreign actors and foreign assets as are as are tariffs on trade.
But also similarly, it's actually the American consumer that pays the tariff, right?
And it's the American individual or company that is at risk of civil or criminal punishment for violating the sanction, right?
Not the foreign actor. So, you know, they're sort of directed, you know, internationally.
But the impact and the sort of the constraints on liberty is applied domestically.
Because these intermediaries basically have this obligation to make sure that,
they, what, don't accept money from or report anyone who is on the OFAC sanction list?
If, you know, like, what is the actual obligation here?
And what are the penalties if they, you know, if they fail to meet the obligation?
I'll just quickly start, but Mike, you're probably better suited to answer this question.
So, so OFAC maintains a number of lists.
Probably the most partner one for our conversation is the SDN list or the specially designated
national list.
And an individual that the president or Treasury Department feels is acting contrary to the
interest of the United States can be placed on that list.
This would be like a terrorist, a Russian oligarch, something like this, right?
Roman Seminov, you know.
Exactly.
And then once, you know, once that foreign individual is placed on the SDN list, no U.S.
citizen, U.S. business, or even foreign business with a U.S. nexus can transact financially with that person.
Wow.
And violations of the sanctions are strict liability, meaning that the government doesn't have to show intent, right?
You can accidentally violate sanctions.
Which is what we did, right?
because we had ether from tornado cash sent to us on others behalf, correct?
Yes.
And, you know, but there's some sort of, you know, prosecutorial discretion in terms of, you know,
whether to charge a violation civilly or criminally.
But under the law, it's a strict violation or a strict liability regime.
So the government doesn't have to prove intent that you, you know, that you meant to transact
with the designated designation.
designated national. And these penalties can be severe, can't they?
Yeah, they can. I just clarify that there's a, their enforcement guidelines,
they're public guidelines. So they can be very severe, but the intentionality and the amount
of the transaction are all factors in the, in the sort of enforcement guidelines. So,
and if you look through the way the guidelines, which are public are set up, if it was,
if there was no intent and it wasn't, which, by the way, receiving wouldn't be, would clearly not
be intent. And it was like a dusting. It would basically literally be zero. And so, you know, often those
are not surprisingly, not an enforcement priority. And not even that. They just don't happen.
If you look at the actual OFAC enforcements that are, and they're all public, most have been pretty,
pretty systemic major,
you know,
hundreds of millions of dollars
and pretty intentional based.
But I think it's an important point.
And certainly for criminal,
it requires intent for sure.
But I think it's an important point
from Seth that like technically
it's strict liability
to start the process for sure.
Right.
Yeah.
So, okay,
so podcasters with public Ethereum addresses
generally don't fit the mold
as people going to criminal court
over these things.
Yeah, yeah.
Metamask portfolio is your one-stop
shop to manage your crypto assets and to tap into defy all in one place. And the most important part
of that experience, buying crypto, obviously, MetaMask portfolio's buy feature enables you to purchase
crypto easily without going through centralized exchanges. Designed with you in mind, you can fund
your wallet directly in just a few clicks with convenience and simplicity. What happens when you
press the buy button? Rather than being limited to a single payment provider, Metamask brings together
a bunch of vetted, trustworthy providers to present you with customized quotes for your crypto
purchase. Once you funded your wallet, you'll be able to plug into defy with all the money verbs like
swapping, bridging, and staking. But first things first, you need skin in the game. Head over to metamask.
io slash portfolio to buy crypto, the easy way. Are you planning to launch a token? Is your token
already live? And are you granting your employees and contractors vesting token awards? And are you
trying to figure out how to take care of taxable events for your team? Toku makes implementing
a global token incentive award simple. With Toku, you will get unmatched legal and tax support to grant
administer your global team's tokens. Toku will help you navigate across the life cycle of your
token from easy-to-use pre-launch token grant award templates to managing post-cliff taxable events
with payroll. For legal, finance, and HR teams, it's a huge complex task to have to comply
with labor laws, payroll, and tax obligations, tax reporting, and crypto regulations in every
country that you employ someone. It's difficult, time-consuming, manual, and costly, and it's
drawing more attention from global regulators and governments. Toku makes it simple for leading
companies in the space, Protocol Labs, Hedera, Gitcoin, and many more. So if you want some help
in navigating the complex world of token compliance, go to Toku.com slash bankless or click the link
in the description below. You know Uniswap. It's the world's largest decentralized exchange,
with over $1.4 trillion in trading volume. You know this because we talk about it endlessly
on bankless. It's Uniswap. But Uniswop is becoming so much more. Uniswap Labs just released
the Uniswop mobile wallet for iOS, the newest, easiest way to trade tokens on the go. With
a uniswap wallet, you can easily create or import a new wallet, buy crypto on any available exchange
with your debit card, with extremely low fiat on-ramp fees, and you can seamlessly swap on main net,
polygon, arbitram, and optimism. On the uniswap mobile wallet, you can store and display your
beautiful NFTs, and you can also explore Web3 with the in-app search features, market leaderboards,
and price charts, or use Wallet Connect to connect to any Web3 application. So you can now go directly to
D5 with a Uniswap mobile wallet, safe, simple custody from the most trusted team in D5.
the Uniswap wallet today on iOS. There's a link in the show notes.
Is there, can maybe one of you can explain the thought process behind strict liability,
why that's even a thing at all, like why we accept the concept of strict liability?
Like, in what use case do we enjoy the idea of strict liability?
Because to me, strict liability sounds like authoritarianism.
We have the admin keys over your position to be in jail or not, and it's our way or the
highway.
Like, that's the cursory take about what strict liability is.
maybe Michael or Seth, why do we have strict liability at all?
Well, this is taking me back to first year of law school.
Well, that's where I need to be.
The, you know, what comes to my mind, and it's been a while since I was a first year in law school,
you know, sort of the classic strict liability fact pattern is dog bites.
Right.
So in a lot of states, if your dog bite someone, it's strict liability, right?
And I think that's because in that particular instance, it's to protect victims.
Because otherwise, it would be almost impossible to prove that the owner of the dog intended the dog to bite the person.
Right. This is like negligence, right?
Right. This is not a criminal scenario.
But, you know, it creates a situation where a person who has been injured, you know, can be compensated without, they get to sort of skip.
the step of intent. You know, that's a, you know, the dog bite case is sort of a far cry from
the sanctions scenario. And, you know, so I don't exactly know, you know, what the origin of that
is with respect to sanctions. Mike, I don't know if you would know the history there.
Yeah, it's a great question. It's always sort of surprised me because I think like you, going
back to first year law school, it was very much the, keeping a wild animal, you know, particularly
in a closely populated place or storing ultra hazardous materials.
Like I just looked it up and one was you aren't, if you're fumigating with cyanide gas,
that's strict liability.
We don't need to improve intent.
Understandable.
Like he just shouldn't be doing it.
I get that.
And so, I mean, I think certainly the idea in many,
and certain product liability, by the way, are like that with the idea being.
Oh, that's the other one.
Yeah.
Yeah.
It's product liability.
And for certain products, I think people have felt like, you know what,
maybe maternal fetal care or something like that.
Like we want you to be,
we don't want to spend time fighting with you over how much you intended to do something bad.
You need to be so on notice because like using cyanide in an urban environment is so
such a bad idea that we're not going to play that game.
You just should,
you should be really worried.
And I think so that's the,
it's,
I mean,
I can't even imagine the last time a law was passed that had strict liability in it.
But I think to that point,
it's always sort of surprised me,
particularly because the enforcement guidelines are actually pretty clear that intent is such a major factor in this, the enforcement.
And so sometimes the response is like, well, but practically speaking, it's not strict liability.
But as a public policy, it should be.
I actually think, and I say this as the former head of enforcement at OFAC, it should not be strict liability.
And I said this many times at the time.
And there's probably an op-ed in there somewhere when I have time.
but I think it actually
it doesn't make sense because
practically speaking the enforcement guidelines
already make it not that
but you have this
color over it, this cloud
that people feel like wow
this is really complicated and I could make a
mistake and get in trouble
and the answer is like well
look at all the history of enforcement, it's never happened
and there are enforcement guidelines that say
it won't happen and the answer
is well yes but that can be adjusted
tomorrow depending on the administration
I think that doesn't really. That's why it's so alarming to be like dusted from a somebody like some tornado cash eth, right?
Yeah. It just seems like that FinC or OFAC just by having strict liability, they are just giving themselves the free option, which is a power taken away from citizens.
Like OFAC has the option because they have the strict liability on their side.
Yeah, and I don't know. This goes to Seth's point of like where this comes from. Like I don't know if if OFAC asks,
for it or this is what was established under AEPA, you know, like some of this could be statutory.
I think it's a, I always thought it should be changed, including when I was head of enforcement,
because I thought it sort of undermined the messaging of it. But whether they'll be able to do that,
especially if it's a statutory change, because you've got to get Congress to undo things.
And I should say to that point, like, OFAC itself for many years has wanted to undo, for instance,
Cuba sanctions, feeling like they're ineffective.
And because some of these are congressionally mandated in their statute, you actually have to have
Congress do it.
OFAC doesn't have the authority.
In fact, it was, and there's nothing they can do about it.
So I want to be careful about not always blaming OFAC when there's other political actors
that sometimes tie their hands.
In fact, that was a huge issue in the thawing with Cuba because OFAC was unable to lift
certain sanctions.
Okay, so we've got the, we've explained FinCEN.
we've got OFAC a little bit.
You've just described Seth and Mike,
kind of like the worst list ever be on it feels like,
which is the OFAC SDN list, all right?
This is like the ultimate shit list
because this means not only do you not get invited to parties,
you're basically economically excommunicated.
Like, it's a terrible list to be on.
Tell me about the process of getting added to this list.
So who gets to decide who's on this list?
You know, surely there's some kind of like,
rigorous process behind this. Can you describe a little bit about what it takes to get on the
OFAC SCN list? Yeah, I'm happy to start that just because I spent a good bit of time on it.
But it's a no, but it's, I mean, it's, so there's, again, like the statutory and the separation,
of the powers between the administrative and the legislative, there's various ways to get on the
list. It's, you know, Congress can pass an act like that just says you need to put these people
the list and OFAC has to come up with the packages. The bulk of it is OFAC, either themselves,
creating these what they're called designation packages that basically you take, you know,
usually there's a declaration by the president of a national emergency like Syria. And so you would
say, based on this latest gassing of its own citizens by this authoritarian dictator, OFAC, I want
you to find who's responsible for this, including the industrial chemical intermediary,
and put them on the list.
And here's the standards of that.
Like you are clearly involved in this.
It ties to this, you know, all the standards.
OFAC then works with the intelligence community and NGOs, frankly, as well,
in human rights organizations, depending on the topic,
and comes up with names.
And then they have to build basically an evidentiary package that has separate lines
of information that corroborate each other.
And that's cleared by the chief counsel's office.
oftentimes it goes to the Department of Justice, the federal programs branch for review as well,
sometimes main treasury. But I should say, and it's a pretty rigorous process in general,
although I would say like post-9-11, there was an expediency, I think, that pushed people to move very
quickly. But I should say there's also this sort of wild card that when the president,
him or herself, creates the national emergency, they can include what's called an annex
which is just the president of the United States saying,
I have determined this is a national emergency.
And by the way,
these seven people or 27 people or entities are part of that.
I'm just making that determination.
And they're on the list.
OFAC put them on the list and get their identifiers for people.
It doesn't happen a lot.
And a lot of times OFAC would still be tasked with creating the package.
And to be clear,
like usually those are based on somebody having done a bit of a package too.
it's not that arbitrary.
But that is a way that can happen quite quickly.
And it's two things on that is just that it's very,
everybody has an appeals process to this.
But I should say particularly if the president personally has put you on an annex,
you know, foreign policy and national emergency tend to be the peak of the executive branch authority.
And so challenging that is not going to be an easy process.
for OFAC, it's abuse of discretion, but when the president has unilaterally determined that you're
part of a national security emergency, it's going to be a high bar, which I'll just say goes to the
fact that I think we should constantly remember that this is a behavior change mechanism.
And so to the extent that you cannot get off the list and people do not feel like they can get
off the list, it is not a mechanism that works.
Because you can get off the list, right?
You have to be able to get off the list.
Otherwise, it's not a behavior change mechanism.
It's punishment.
And that's not the, I think, Ryan, you said this earlier about Vincent, like, what's the real mission?
I think that's a great question for OFAC too.
The real mission is behavior change.
Like, the goal of OFAC is above all to take people off the list because that means it's working.
You know, people have changed their behavior.
Assad has stopped gassing his own people.
Like, that's the win.
The win is not, oh, we put him on forever.
This is awesome.
Okay, all right.
So we got Finson.
We got OFAC a little bit.
And I was hoping for kind of like to get to the international.
But like I feel like this is going to have to be another podcast entirely to actually fully unravel this whole financial surveillance apparatus.
I wanted to get to a couple of quick things, though, before we leave you guys and we kind of conclude the episode.
So one is, uh, tornado cash.
Okay.
So takes on this, some developers wound up on the OFAC SDN list, I believe, some open source privacy developers
or attorney of cash.
So did a smart contract as well.
There's not a person.
This is like some code.
So how did that happen?
What happened there?
This was not an executive order from a president.
This was not, I don't think Joe Biden saying, these people in particular, go get them.
It was something else.
How did that happen?
What's kind of the, I guess, what's your reading of this, Mike and Seth?
Actually, Seth will have much more, I think, in sort of the legal thinking of it and the policy piece of it.
I just want to give one piece of, like, functional, very practical, because this goes to your point, Ryan, of like, the president didn't just say put these on the list.
My take on it is actually that it really, it was not President Biden 100%, but that it really was in many ways the National Security Council going to OFAC and.
saying, look, we get it.
Tornado Cash has been out there for a while.
Everybody has sort of had strategic restraint on doing anything, but we're at like
$2 billion in Lazarus DPRK funds going through there.
We're getting hammered by Congress to do something on ransomware and DPRK and cyber.
And every time DPRK launches a missile, Missile Congress comes to us at the NSC and says,
why haven't you cracked down on this?
And somebody points to like the money going through tornado cash, OFAC, do it.
and I can say from having been at OFAC, you get those calls all the time.
It's a go to the NSC, tell them why this is going to be like massive collateral impact and we don't think it's going to be effective because we're never going to get anyone off.
OFAC walks over there, gets their briefcase handed back at them and tells them to go back and do it.
And sometimes you win and sometimes you lose.
And I'll say from having been in some of those meetings in other contexts, like there were times where in political situations where we said there are no U.S.
nexus to this that's going to feel the impact.
We're just putting someone on the list for messaging.
We think this is a very bad idea and you're undermining the integrity of the process.
Sometimes you won those and sometimes you lost them.
And I don't, you know, I have no inside baseball on this one, but my feel on this one is that this is very much.
And I should say this, being at FinCEN and OFAC when Tornado Cash was very much on our radar,
like everybody knew about Tornado Cash for years.
Really?
Yeah, for sure.
I mean, this is their job.
I just didn't know, like, how people are moving money.
And I think, you know, it was always a conversation of like, yes, it's out there.
You know, it had already been...
See, David, we thought crypto was such a niche.
They're talking about it everywhere.
We're not that special.
You are special.
You are special.
But I think it was very much like, look, yes, it's happening.
Like, money's also getting laundered through.
I was going to say HSBC, but I'm not saying that because I don't get sued.
But let's just say hypothetical.
Some bank.
Some bank.
That may have had...
enforcement action in the past. But, you know, but look, there'd be collateral impact that would be,
there would be way more than we would do. We don't, typically, OFAC does not designate financial institutions
or major financial movers in any form because there's just way too much collateral impact,
which is clearly what happened here. It's pretty identifiable through chain analysis and TRM and
elliptic and everybody. You can look at the cluster and see how much of it is high risk and how
much isn't. You would look at that and say, I think, 27, 37, 17%, I think, was the main one, 17%.
There's no question you would look at that and say, there's no way we can designate this.
If this was a bank, 17%, there's no way. Like, there would be way too much collateral impact.
And if it is, you'd have a license that would exempt most of the activity afterwards anyway,
because there's too many people impacted. So my take in general is that this was the NSC saying,
just do it, we'll figure it out.
And I think that's probably why you then started seeing FAQs come out.
You started seeing a redesignation.
Is this the first time as well that like a smart contract or like some code has been?
Yeah, for sure.
Unprecedented as well.
Do you think that was a-
Totally unprecedented.
And I'm sure that was a conversation internal to OFAC as well, right?
I mean, because if you guys know it.
So this is why this is so helpful, Mike.
And it's such a black box to us looking at the outside.
don't know what in the world is going on. We just see this scary stuff happening and we have like no
idea how the inner inside the black box actually works. But that's why this is helpful. And so,
so does OFAC have actual, the actual, I guess, power to put something like a smart contract on the list? Or is
that what we're all going to find out through the legal process? We're going to find out. Okay. So,
So typically, you know, OFAC can sanction sort of two, two types of things, right?
Persons, whether natural persons or legal persons, or their property, right?
So, you know, think like the, you know, the Russian oligarchs mega yacht, right?
You don't want them to be able to sort of sell that and, you know, and circumvent sanctions, right?
So historically, the two types of things that have been put on the SDN list, that's why it's called the specially
designated Nationals list, right? Nationals refers to a person, right? Is people in their stuff.
You know, a smart contract, you know, a piece of code, right? Some, you know, executable text is
neither of those things. And, you know, so it is, it was unprecedented. It's the first time that,
you know, that that has been added to the list. And the legality of that is very much in question
and is, you know, being litigated.
You know, it's, so shortly thereafter, as I'm sure you're aware,
Coin Center and some others, you know, filed lawsuit against OFAC and Treasury on those grounds.
My co-host, David, happens to be a plaintiff in one of those lawsuits, actually, for the fact.
Awesome, awesome, thumbs up.
But OFAC very quickly,
after that lawsuit, I think, realized some of the, you know, the, well, they wanted to shore up sort of the, their legal standing in light of coin centers complaint. And so they actually sort of, sort of revoked and then reissued the sanctions. In this time, sort of, you know, alleging that the, you know, not just the code of the smart contract, but like the whole, the whole thing together,
represented sort of an unincorporated association like a business.
So kind of like the user interface, the website, the service of its host,
on all of that stuff as well?
So that's sort of the theory that they're going under now.
They seem to have won at least at the trial court level in the Van Loon case,
in the Northern District of Texas, I believe.
That's Preston Van Loon, an Heathcore developer, whom has also been on bankless, by the way.
So it's all a very small world here.
Yep.
And so, you know, I expect and hope that, you know, that is appealed.
The Coin Center case is progressing in Florida, so a different circuit, which gives, you know, a few bites at the Apple in terms of, you know, how this gets decided.
But, you know, I think, you know, we're in sort of uncharted waters here, whether, you know,
OFAC can do this.
You know, I think the, you know, some, you know, some reason for caution is, you know, is what,
you know, sort of we led with when discussing OFAC, which was the broad constitutional powers
under which OFAC operates originating from Article 2 of the Constitution, right?
So this is, you know, this is sort of a different set of rules than, you know, a typical, you know, agency action that's governed by the Administrative Procedures Act, for example.
Yeah, that's what this is, that's why all of this is, is so difficult.
It feels like, hmm, it, it almost feels like Oax arm, its power could be almost like indefinite, right?
It's just, it can do what, I mean, unless sort of.
of the social layer, unless the citizens and the population kind of say, and even, you know,
those inside the government say, hey, hold on, what are we doing? We're losing side of the big
picture. Remember what OFAC was originally for. Back to the 1940s when we were fighting Nazis and that
sort of thing, right? And like, hold on. We've gone too far. Now we have open source developers and
smart contract code. And are we sure that that is the type of society that we're trying to build?
Unless we stop it at some point, it seems certain that this kind of octopus,
financial surveillance will have all sorts of unintended consequences and continue to consume
our institutions and citizens of this country. And not this country, we're talking about the U.S.,
but we haven't even gotten to international. Sounds like that's another podcast, but it does
sound like from what you alluded to in another agency, I don't even remember at this point,
Mike, that you mentioned, that they're all tied into this too. So not only do we do this kind of
domestically across the U.S., but FinC and OFAC talk to their counterparts across other countries,
completely coordinated into this global, you know, surveillance network. I want to, as we end this,
maybe zoom out here, right, and ask the question, what do we do about this? All right, we got the tactical,
like, you know, we're fighting fights in the court system, that sort of thing. But it seems to be
the case that, just like blatantly, we don't have the civil liberties in place at the constitutional
level that are protecting us adequately for this type of thing. This seems to be almost
I don't know, maybe it is in there in some of the language.
You guys can interpret that.
But it seems to be beyond what the founders actually could conceive of,
like when they originally framed this whole thing, right?
The idea of financial surveillance at this level,
the ability to freeze an account in this way,
the digitization.
This goes back to a theme we talk about often on bankless
where it feels like we've entered in 21st century,
this whole digitization of everything.
and our digital rights aren't in place.
Like there is no digital bill of rights here that kind of gives us encryption or, you know,
property rights in some way and enshrines that into our governance apparatus.
So I guess my high level question is, what do we do about this?
How do we stop it?
Like, is this going to require, I don't know, big movements from our institutions?
Do you feel like we have adequate protections in place in our,
our legal system to preserve some rights that we as a Democratic Republic actually want to preserve
going in the 21st century. I'll throw this to Mike. And by the way, Mike, I've really appreciated
your insight here. I didn't realize how, like, FinCen and OFAC and all the institutions that
they've previously served. And now you're going to crypto, which is, I don't know if they see
that as the dark side, but like, welcome. It's great to have you. Thank you. Like, we need people
like you, you know, fighting for these things in space. But let me throw it to Mike first. And then we'll
get Seth and we'll tie this all off. Yeah, no, thanks. And, yeah, and Seth will be far more eloquent
about this because he's doing this all the time. Like, he is engaging with, like, the entire world.
I'm just dealing with the U.S. mainly. So it's partly why I'm thrilled for that and for a whole
episode on how he's solving fattif. I wish I could claim me just in time. But yeah, no, I think
it is. I think if there's anything to leave from this from my perspective is that, like,
there are a lot of folks within OFAC and FinC and FinCEN even that really do believe that to the
mission of countering exploitation and providing opportunity and democratization of the ability
for people to flourish that like in many ways Web3 and Crypto is an answer. It's partly why I left
being the acting director of FinCEN to go in-house at espresso systems, you know,
building a decentralized sequencer and decentralized private computation was actually
here's someone, here's a group building a solution, which is resilience.
it's configurable privacy.
It's helping people have the personal sovereignty,
which was literally the founding of this country.
And so I think there is a great opportunity here
if we can get to the people that we need to in time,
which I think part of what's helpful about doing this podcast
about these actors is it's not, yes, it's Vincent and OFAC.
It's helping educate them stuff that like Seth's doing all the time
all around the world is like educating people
and how the tech actually works.
because they're just seeing headlines
about Sam Bank bin Freed and Doe Kwan
and that's partly why when I was at FinCent,
we brought in core developers from Zcash and Dash
and all kinds of folks to talk to people
and get aligned of like, hey,
if you're worried about exploitation of people,
let me tell you about privacy technology.
There's a great opportunity for alignment here.
To the extent that it's about democracy
and preventing authoritarian's,
which is very much, you could be describing the North Korea program from OFAC,
or you could be describing what crypto is doing with democratizing finance and creating greater
resilience.
Like there's opportunity for alignment, but it has to be engaging with all these policymakers.
It's not just, yes, it's Vincent and OFAC, and including, by the way, arming the people in there
with the talking points who do want to fight against Mnuchin's wallet's role and stuff like that.
But it's also going to the hill because there are politicians coming up with bills every day.
that FinCena and OFAC are not asking for,
but they have limited ability to push back on those.
And I assure you that there are entrenched incumbents
that have an interest in keeping intermediaries in the space
that are extremely organized and out there doing that sort of advocacy.
And I think that's an important piece of it,
is keeping organized on this in the way,
and spreading the word in the way you guys are doing
and the way Seths out there educating people all around the world,
because it's really, it's everybody.
to hear, look, this is not just about risk.
This is about all the opportunity here to prevent exploitation.
And it all goes back to Ryan, your earlier question of like, well, what's the mission here?
And I think there has to be, we have to be able to get to a point where there is great alignment
on the fact that Web 3 is about countering exploitation, empowering people with personal
sovereignty to flourish.
And how can that not possibly align with United States sort of mission?
Thank you.
Excellently well said. Yeah, Mike. Seth, what do you think? Do we get a shot at this? How can we win here?
You know, I'm not super optimistic. I think just because, you know, the, you know, these, you know, it's like, you know, turning a cruise ship or an aircraft carrier, right?
You know, this, the structure, the global AML regime has been built up, you know, piece by piece, year after year,
for a very long time.
And it's become very big and a very big part of, you know, not just the U.S. government,
but, you know, many governments around the world.
And I think, you know, I hope we do do another episode on sort of international, you know,
and we take a look at sort of the global AML regime, you know, and try to put some, you know,
some evidence to the argument.
Just sneak peek for that, though, Seth.
Is it worse outside the U.S.?
Or just as bad?
Any better?
Some better, some better, some worse.
All right.
All right.
You know, but let's take a look at the numbers and see what the numbers say on, you know, how this system is performing and, you know, and whether it's justifying the cost.
You know, but anyway, because it's become so big and it's existed for so long, it, you know, it's not easy to change.
And, you know, Ryan, to some of the points that you made to sort of tee up this question, going back to sort of the intent of the framers of the Constitution.
Unfortunately, I think one of the sort of the gravest omissions of the founders was the failure to include an explicit right to privacy in the Bill of Rights.
Agreed.
And so because of that, the Supreme Court has had to sort of cobble together a right to privacy under a theory called, you know, penumbra, where they sort of look at, you know, the other enumerated rights and say, well, in order to really have or execute that right, you know,
you have to have privacy in this area.
Like the right to, you know.
Privacy is implied but not made explicit and we needed the courts to tell that story.
Exactly.
So there's a, there's a, there's a 1965 case called Griswold v. Connecticut that the court
explicitly found for the first time of a fundamental right to privacy under the Constitution.
You know, but even, even still, these penumbra rights don't sort of have the same level of
protection that the enumerated rights do.
Right.
So they called it a fundamental right.
fundamental right, but fundamental rights in other contexts enjoy a standard of review by the court
called strict scrutiny, which means that any government infringement of that right must be
narrowly tailored to achieve compelling state interest. I don't think the BSA at this point,
particularly the enlargement after the Patriot Act, meets that standard. But I
because it's not an explicit enumerated right in the Constitution, it's very difficult to challenge.
And so I think to your question of, you know, how do we win or can we win?
You know, short of, you know, the Supreme Court's overturning or significantly limiting the Bank Secrecy Act,
perhaps by doing away with sort of the third-party doctrine that props up the whole House of Cards.
You know, I think that, you know, that's the only way that I sort of see that we win here.
You know, and I think as we digitize everything and Web3 sort of, you know, slowly gains adoption, you know, we have the opportunity to say, look, hey, there is a different way.
There's a better way to do all of this stuff.
But it comes down to trust, right?
How much trust does, you know, does the government want to have in the people, right?
And the current system is one of almost no trust, right?
That's why you have to file this information and why they don't even trust you to file the information.
So they gather it from the intermediaries that you use.
Right.
And so in this sort of the current state of financial surveillance that we're in is one where the government really doesn't trust the citizens.
And we have this now sort of presumption of guilt rather than presumption of innocence.
All this information is going to be available to law enforcement.
And, you know, if it's ever in question, you know, you.
you now have to prove that you're innocent, which is a complete sort of turning on its head
the system that the framers set out.
So we've gone very far astray, I'm afraid, and I think it would take something very,
you know, very significant to have a reset or sort of write the ship at this point.
Well, let's maybe end with that.
If we have any shot at a reset here, I think it's got to come in the form of crypto.
like this is kind of
I mean you guys were mentioning that
hey you know that this whole
expansion of the Bank Secrecy Act
and Finson that happened in the 90s
I don't remember a time when it didn't exist
and it's part of the problem
is population doesn't remember a time
where this financial surveillance apparatus
wasn't set up and yet with crypto
it's off by default
and somebody has to come in and turn it back on
and I think crypto this level of responsibility
with private keys, this focus on encryption,
this power of cryptography,
I think this will reignite the conversation,
especially when we see things happening
like open source developers
are getting thrown in prison, right?
That starts to, I hope,
makes society question
where we're actually going
with this financial surveillance apparatus.
And I do hope there is a time.
I tweeted this out recently.
It's like, I wish Americans cared as much
about cryptography
as they do guns. Do you know what I mean? Like, I wish we had a right to bear arms second amendment
for encryption rights and for privacy, and we don't right now. But maybe now is the opportunity
to get this into social awareness. So that's what we're going to try to do, because what other
alternative do we have, honestly, guys? Seth and Mike, I think we're going to have to have you on
for an episode two. At some point in the future, if you're willing to talk about kind of the
international apparatus here. And there are a million things we didn't touch.
today, but this has been a great primer. And I want to thank you both for your time today. This has been
fabulous. Yeah, thanks, guys. Thanks for putting together. Absolutely. Yeah, thanks for having us. Wow.
What an episode. Guys, risk and disclaimers got to end with this. Of course, crypto is risky.
You could lose what you put in. But we are headed west. This is the frontier. It's not for everyone.
But we're glad you're with us on the bankless journey. Thanks a lot.