The excesses of financial supervision threaten our democracies

The excesses of financial supervision threaten our democracies

In a lengthy op-ed, the Director of Strategy at Paymium reflects on the conviction of developer Alexey Pertsev (Tornado Cash) and the threat it poses to public freedoms.

When they went down into the coal mines, the miners would take a caged canary with them. The toxic gases, particularly carbon monoxide, which accumulated in these places and put miners in mortal danger, killed the canaries before the miners did. This information made them aware of the danger, allowing them to evacuate before it was too late.

On 14 May 2024, Alexey Pertsev, a computer developer who built an open source tool to preserve his online privacy, was found guilty of money laundering and sentenced to more than 5 years in prison by a Dutch court.

The court's decision reads: "The tool developed by the suspect and his co-authors combines maximum anonymity and optimal concealment techniques on the one hand, with a serious lack of identification features on the other. The tool cannot therefore be characterised as a legitimate tool that has been unwittingly used by criminals. By its nature and operation, the tool is specifically intended for criminals."

Seeking to preserve its confidentiality is therefore at worst proof of criminality, at best complicity in crime. A threshold has been crossed.

Unfortunately this case is likely to generate little empathy or interest, as the person concerned worked in cryptos, and the tool developed, Tornado Cash, was designed to preserve the confidentiality of transactions.

However, it would be grossly wrong to dismiss this as an epiphenomenon, confined to a fledgling industry, and for which the public has little affection.

It is our canary in the mine.

It has stopped singing, and is dying. And if we don't react, all the miners will die. Cryptos are thus the early and blatant revelation of an insidious phenomenon that has been eating away at our liberal democracies for some thirty years, and is reaching a point of no return.

Despite the lack of evidence of their effectiveness, financial supervision measures continue to be regularly tightened, defying all democratic rules and requirements in the process: Primacy of secrecy, freedom as a norm, the principle of proportionality of limitations of rights, technological neutrality, presumption of innocence... Prior control of any offence is becoming the norm, law enforcement is becoming selective and arbitrary, bank account closures are taking on the appearance of censorship and financial asphyxiation, and property rights are being whittled away.

The fight against money laundering and the financing of terrorism has degenerated into collective hysteria worthy of authoritarian, even totalitarian, regimes, to the point of criminalising a fundamental and constitutional right: privacy. The famous American computer engineer Phil Zimmermann warned us in 1991: "if privacy is outlawed, only outlaws will have privacy".

Far from being a "crypto" affair, this slide away from liberal democracy is everyone's business. From India to the UK, via Canada or France, there is no shortage of examples in regimes that are nevertheless reputedly democratic.

NB: If you're not interested in the crypto part, you can skip straight to part II.

I. Lessons from the canary

1. The United States gets involved

Less than a year ago, the arrest of the developers of Tornado Cash had already legitimately caused a lot of ink to flow. But the scope of the affair, limited to the crypto world, perceived as the lair of terrorists and other money launderers, had quickly confined the outrage to a small group of insiders.

In April 2024, excited by this success, the American and European public authorities continued their advance in a worrying direction.

Several events took place almost simultaneously. The arrest of the developers of the Samouraï Wallet Bitcoin wallet by the FBI at the request of the IRS (the US tax authorities), with the culpable collaboration of the European authorities, kicked off the hostilities. Their crime is alleged to be "conspiracy to launder money" and "operating an unlicensed money transfer business". They face 20 years in prison for the first charge, and 5 years for the second. By way of comparison, the maximum unconditional life sentence in France is 30 years.

This was followed by an FBI notice urging all Americans not to use "Money transmitting businesses", money transfer services, that did not collect their identity and were not registered. And the Federal Bureau went on to threaten to block all funds that had been mixed with funds obtained by illegal means.

To better understand the absurdity of such an announcement by the FBI, let's transpose the reasoning into the physical world, where we'll see that two major issues emerge.

The first concerns the accusation of operating an unlicensed money transfer business.

Samurai Wallet is a company that provides Bitcoin wallets with transaction privacy enhancement. It does not operate the transactions on behalf of its customers, it provides the wallet software. In the physical world, their equivalent would be a craftsman-tanner who makes leather wallets to store cash. He facilitates the management of the cash, but has no say in how the holders of these wallets spend their cash.

Here, the US federal services make this amalgam and thus lump together a major bank that operates transactions on behalf of its customers and a craftsman-tanner, holding the latter responsible for how his customers will use their cash.

How far back can we go with this reasoning? The cash dispensers? To the people at the Banque de France who print these notes? To the lumberjacks who make the wood for the banknote paper?

In the same way, will we hold a joiner responsible for what his customers decide to put in the furniture he makes? Or an architect if the house he builds ends up being used as a drug trafficking site?

It soon becomes clear that this amalgam is completely absurd. A creator of a wallet is not responsible for what the holder decides to do with the money he has put into it. The fact of being in the value chain of the cash or its safekeeping should in no way imply responsibility for its final use, because there is no limit to this reasoning.

This question was also asked 20 years ago, concerning peer-to-peer exchanges, enabling several people to exchange information directly in a decentralised manner. This communication protocol and the software that enables it are sometimes used to commit infringements, particularly of intellectual property rights. However, despite attempts to criminalise the tool itself, some European and American courts have ruled in favour of technological neutrality, as the offending software allows both legal and illegal exchanges and its publishers are not responsible for the use made of it by third parties. Case law then focused on the liability of each individual who participated in a potentially illegal activity, acquitting certain individuals in the absence of proof of criminal intent. These jurisprudential solutions are obviously consistent with the normal exercise of fundamental rights.

The second problem lies in the threat of freezing funds.

Freezing any money that has been mixed with funds obtained by illegal means would be the equivalent of arresting anyone whose notes, in their leather wallet or pocket, have passed into the wrong hands.

In 2009, a university study relayed by CNN showed that 90% of US dollar notes bore traces of cocaine, and up to 100% in some major cities. This makes it easier to understand the absurdity of the FBI's threat: almost all the world's cash has already passed into the wrong hands. Should all holders of cash be put in prison? Of course not.

In the wake of these absurd coercive actions, on 26 April 2024, the United States Attorney for the Southern District of New York, published the government's case against Roman Storm, the lead developer of the Tornado Cash privacy software. The author insists, and wants to consider Tornado Cash "a money transfer business".

According to this argument, "Section 1960's definition of 'money transfer' does not require the money transferring business to have 'control' over the funds transferred. [...] For example, a USB cable transfers data from one device to another [...]".

A very broad definition of a "money transfer business", which by their own admission could even include USB cables. At this little game, the question will quickly become "who is not a money transmitter".

Here, the DOJ (Department of Justice) is so ambitious that it goes against the "guidelines" given by FinCen (Financial Crime Enforcement Network, an office of the US Treasury Department). In short, the US government does not agree with itself, which indicates a certain unease.

In 2013, FinCen explained that software developers were not "money transmitters" ("The production and distribution of software, in and of itself, does not constitute the acceptance and transmission of value, even if the purpose of the software is to facilitate the sale of virtual currency."[13]).

In 2019, following a query regarding certain programmable features on Bitcoin (Time-locked and multi-signature), FinCen reiterated its view that the partial control that may be exercised by wallet developers was not sufficient to qualify them as "money transmitters" ("the person participating in the transaction to provide additional validation at the owner's request does not have completely independent control over the value. "[14]).

2. Europe at the forefront of the illiberal slide

Beyond the qualifications of expediency of one and another and to return more simply to the way in which the law should be applied in a liberal democracy, let us recall that the transfer of cryptocurrencies is a transfer of electronic communications according to the definition given by European Union law[15].

Moreover, cryptocurrencies such as Bitcoin or Ethereum allow communications to be exchanged that qualify as correspondence (the possibilities for exchange not being limited to monetary units). However, electronic communications are protected by the right to protection of privacy and personal data, as a limitation such as lifting confidentiality or blocking can only be justified if it is necessary for the effective pursuit of a defined objective, in a strictly proportionate manner, particularly in the case of a proven offence personally committed by the person whose communication is restricted.

The Court of Justice of the European Union has moreover ruled along these lines, considering that systematic analysis of communications, even where possible, infringes the fundamental right to protection of users' personal data, in breach of the Charter of Fundamental Rights of the European Union. The Court states that an injunction to block the communication which does not distinguish "between unlawful content and lawful content [...] could have the effect of leading to the blocking of communications with lawful content" and thus infringe freedom of expression and communication.[16] With regard to cryptocurrency transfers, we can also invoke an infringement of the right to property.

It is therefore inconceivable, in a liberal democracy, to ask a private actor to block transactions or other types of communication without certainty of their illegality.

There is another convenient schizophrenia on the part of the US authorities, which Lyn Alden sums up well by referring to "Schrödinger's Money"[17]: Bitcoin is money only when it allows you to sue people. The rest of the time, it is a speculative tool to which this qualification is denied. Indeed, in order to apply the definition of "Money transmitter", it must be considered that what is transmitted (bitcoins) is indeed money. So much so that the government's argument points out that "Bitcoin clearly qualifies as currency" in order to be able to prosecute Roman Storm.

Europe regularly lends itself to this contortion too, as I had already shown in the justification given for including "crypto-assets" in the TFR regulation. Cryptos have in fact made their appearance in a text that was previously reserved for "banknotes and coins, scriptural money or electronic money". From there to saying that Bitcoin is a currency...

Also in Europe, by the way, by chance of the calendar, we passed a new regulation on 25 April imposing new financial constraints, again with the same laudable aim of combating money laundering[18].

Among the constraints, we might note in particular a limit on cash payments to €10,000 throughout Europe, but also the need for NSPs (Digital Asset Service Providers) to collect ever more information about their customers, including for transactions under €1,000, and for personal wallets, known as "self-custodial", "self-hosted" or "un-hosted", i.e. not managed on behalf of third parties by a financial intermediary. The famous leather wallets of the digital world.

A little novlanguage aside here:by imposing the terminology "self-hosted" or "un-hosted", regulators and legislators are trying to impose the view that third-party preservation is the norm, and self-hosted the exception. This is obviously a dangerous and insidious vision, consisting of suggesting the idea that wanting to keep one's money is suspect, whereas it is part of the normal exercise of freedoms. There is no such thing as an "un-hosted" or "self-hosted" wallet. There are portfolios, period. And there are third parties who hold portfolios on behalf of third parties.

Returning to the text, it is worth noting that it is particularly precise and only requires PSANs to know their customers for transactions of less than €1,000, while exempting banks and other financial institutions, which handle far greater volumes than PSANs. The proportionality of this amount and this discrimination is unjustified.

In addition, there is a ban on supporting cryptos with enhanced confidentiality. Remember here that historical commodity currencies (gold, silver, copper, bones etc.) are anonymous, but so is cash even now. The ban is therefore unfair and is being imposed under the pretext that it is electronic. Once again, it is unjustified, while it unacceptably hinders the normal exercise of a freedom, since we are talking about its pure and simple extinction (such disproportion being unaccepted by the European Court of Human Rights[19]).

As already mentioned, all of these actions are extremely problematic in several respects.

Firstly, because these constraints are not based on any rational reasoning or relevant justification, and are simply the result of crypto-related paranoia, coupled with a KYC model (Know Your Customer, the know-your-customer processes imposed on financial institutions) erived as a religion despite the lack of convincing results for several decades. Secondly, because they disregard the requirements for the protection of fundamental freedoms on which the European Union was built and to which the latter is subject. Thirdly, because they are counterproductive, i.e. they create new threats with increasingly serious consequences.

3. Unfounded paranoia

Almost all the texts dealing with the "necessary" regulation of "crypto-assets" have abandoned scientific and legal rigour to the point of never proving the initial assertion from which their reasoning is based:"Cryptos are a good way of facilitating money laundering. "

To see this, all you have to do is analyse all the texts dealing with the subject that have been issued in recent years. I have already done this for the TFR text[20]. In fact, in the "proportionality" paragraph of the proposed amendment to the Regulation, there is a little sentence stating that according to the opinion of the EU supervisory authorities, "precise" risk factors have been identified concerning cryptos.

Why is proportionality an extremely important principle in a state governed by the rule of law?

Because the appropriateness of the legislative standard to the objective pursued, i.e. the balance between the infringement of a right and the general interest, is absolutely crucial to avoid liberticidal and authoritarian excesses. We cannot hide behind an objective, however laudable, to impose restrictions on rights that are disproportionate.

For example, we might think that installing a policeman in everyone's home would reduce crime. The objective may be considered laudable, but the individual rights that would be mortgaged in the process are an unacceptable reduction in freedoms. In this way, society decides to put up with potentially higher levels of crime (subject to the risks to freedoms that surveillance itself generates) in order to preserve the rule of law and the fundamental freedoms, without which democracy cannot exist.

In contrast, banning drink-driving is a restriction that can be deemed proportionate: we don't ban alcohol consumption, we ban it where it has been shown to be systematically dangerous to ourselves and others. And the effects of such legislation can be monitored by looking at trends in the number of accidents, for example. A right has certainly been restricted, but the general interest takes precedence because the effectiveness of the measure can be demonstrated in the light of an important objective (the preservation of life) and the infringement of rights can be minimised by circumscribing the restrictions as far as possible.

In a liberal democracy, freedom is the norm and constraint the exception. It is up to the State, when it wishes to restrict a freedom, to show that it is doing no more than is necessary to achieve its objective and that the objective is being effectively achieved[21]. Furthermore, the State has an obligation to adopt standards to ensure that all persons and establishments, both public and private, comply with this rule[22].

In the case that interests us here (money laundering and terrorist financing), and despite the assertion that "the supervisory authorities have identified specific risk factors", when we play the game of the investigator who wants to go back to the source, we realise that the opinion in question, dating from 2019, itself admits that the famous "competent authorities" do not have the "knowledge and understanding of these products and assets, preventing them from carrying out a proper impact assessment"[23].

It also sidesteps by referring to another opinion (sic) from the European Banking Authority, dating back to... 2014. In that "original" opinion, there is a terse analysis: "the Virtual Currency phenomenon has not existed long enough for there to be quantitative evidence of existing risks, nor qualitative enough to constitute a robust risk ranking"[24].

To sum up, the TFR regulation, imposing oversight of all crypto transfers from one provider to another, was built on the basis of two reports, one stating that there was no evidence to qualify or quantify the risks, the other admitting that the competent authorities lacked the knowledge and understanding to make an analysis.

We therefore wonder how it is possible to conclude the paragraph on "proportionality" in the TFR Regulation with "In accordance with the principle of Proportionality as set out in Article 5 of the Treaty on European Union (TEU), this Regulation does not go beyond what is necessary to achieve its objectives.". As the risks have not been assessed, it seems difficult to describe the restriction of rights as "proportionate".

In his fight against FINMA, Alexis Roussel made the same observation for Switzerland. The 2018 Swiss "NRA" (National Risk Assessment)[25], concerning the risks of money laundering in crypto, indicates, and right from its first sentence, that no cases of terrorist financing linked to cryptos have been identified, and only rare cases of money laundering. However, the rest of the statement recommends classifying these assets as "high-risk" by their very nature. In practical terms, this means, for example, that a crypto transaction, even for €10, carries the same level of risk as a €100,000 transfer to an account in Russia. An equivalence drawn up bypassing the Swiss democratic process and established without the slightest proof.

The NRA of 2024[26] appears not to have made much progress and still concedes a lack of data to establish a risk assessment.

We are beginning to see a pattern emerging: anti-money laundering regulations and ever-increasing data collection requirements are imposed on no legitimate basis, no factual data, to justify their introduction.

A more complete overview has been drawn up by Lola Leetz in Bitcoin Magazine[27] and allows us to complete this work of identifying violations of the most elementary rigour, in Europe, but also on the part of the sister Bretton-Woods institutions, the IMF and the World Bank, veritable compasses for global decision-makers.

In 2023, for example, the 2021 annual report of the European Union's FSRB[28], i.e. the European branch of the Financial Action Task Force (FATF), an intergovernmental group set up in 1989 to combat money laundering and the financing of terrorism, is coming out.

In the introduction to this report, the following quote is found: "It is well known that money launderers have abused cryptocurrencies, initially to transfer and hide the profits generated by drug trafficking. Nowadays, their methods are becoming ever more sophisticated and of greater scale."

Unfortunately, a demonstration that begins with "it is well known" is the equivalent of an essay that begins with "From time immemorial Men": it doesn't exude the rigour of the work provided.

The report itself moreover admits that a study will be devoted in 2022 to analysing money laundering trends in cryptocurrencies, suggesting that it did not exist when the report was written asserting as an obvious truth what had ultimately never been studied.

This report dedicated to studying money laundering trends in cryptocurrencies has indeed been published[29], but is devoted not to studying the phenomenon, but much more to analysing the implementation of regulations. Regulations which, it should be remembered, are based on unproven laundering.

On the study of the facts and the field, the report interestingly notes that risk assessment "lacks depth". It also notes that the majority of regulators lack the tools and expertise to effectively analyse and investigate cases of money laundering and terrorist financing linked to "virtual assets".

The study also makes the same shortcut as the aforementioned Swiss analysis: finding very few cases of money laundering involving virtual assets to get its teeth into, it prefers to conclude that this is because more regulation is needed, rather than saying that money laundering is not over-represented in these assets.

It's no better for the IMF: The latest report devoted to public policies on crypto-assets (September 2023)[30] points the finger at the lack of data on the risks of money laundering and terrorist financing, stating that "such impacts have not been studied specifically on the issue of crypto-assets".

The IMF's 2024 Global Financial Stability Report[31], meanwhile, uses figures from Chainalysis, and comes up with the figure of $1.1 billion received in cryptos for ransomware worldwide, i.e. less than 0.07% of the crypto market capitalisation.

The IMF's twin institution, the World Bank, does not really differ from the above views. In a 2023 report[32], the institution states that theissue of "Virtual Assets" had not been addressed in the Risk Assessment, and calls on public authorities and companies to provide more data on these assets.

In its publications related to money laundering from 2020[33] and 2022[34], the World Bank simply makes no mention of cryptos. In its articles[35][36] on the adoption of cryptos, the World Bank simply sidesteps when these subjects are raised, redirecting to the FATF papers.

The circle is complete: the reports quote each other, ask each other for more details on the figures, but no one ever does the actual study. We defer to the FATF, an unelected body, which is not subject to the rules of a self-respecting democracy, and in particular that of proportionality which I mentioned above.

The aim is therefore no longer to enable a proportionate fight against money laundering, but to raise the standards of controls, each year, forgetting the raison d'être of these controls.

In fact, within financial institutions, the term "compliance" is used to emphasise the fact that we are complying with what is expected in terms of control standards. The objective of efficiency and proportionality is no longer the issue. No doubt if the FATF recommended putting a policeman behind every computer, legislators would be quick to transpose this "good practice" into law...

It's not even disguised. In the regulation passed on 24 April by the European Union[37], the justification for imposing new standards on crypto businesses is absolutely not the fight against money laundering and its effectiveness. Indeed, since MiCA has not even entered into force yet, and the adaptation of the TFR text to cryptos is very recent, how could we therefore make an a posteriori analysis of the effectiveness of measures that have not yet produced any effect, and possibly judge that they need to be strengthened?

No, to explain the strengthening of controls, the justification is much simpler: "Following rapid technological developments and the advancement of FATF standards, it is necessary to review this approach".

It is not the evolution of the threat, or of its assessment, or of the means used by criminals, or of the results of a study, etc. but rather the advancement of the FATF standards which is leading Europe to fall into line.

And the rest is already prepared: "At the same time, advances in innovation, such as the development of the metaverse, provides new avenues for the perpetration of crimes and for laundering their profits. ".

While the most popular metavers are still in the experimental stage, seeing barely a few hundred people connect simultaneously, and while the hype is dying down, here we are already being told about them as nothing less than money-laundering "avenues".

If you want figures and analysis, move along. The imposition of additional surveillance standards is based on beliefs and feelings far more than facts, because no one dares to object as a policymaker, at the risk of being equated with a defender of terrorism or money laundering.

The transition to digital technology has been a godsend for governments: with the need to bank in order to benefit from financial globalisation, the number of potential targets to monitor has been drastically reduced, to the point where only a handful of banks are involved. The transition from a world where everyone held their money in cash at home to a world where, at least in the OECD, bancarisation is the norm, has meant that financial intermediation has become unavoidable.

In this respect, Bitcoin was a huge kick in the anthill, because it comes to mean that the entirety of financial regulation for 30 years is obsolete, because it is based on an assumption that is no longer verified, namely the need to use a financial intermediary to operate transactions in the digital world.

In tomorrow's world, where businesses make wallet-to-wallet payments, who will do the KYC?

Will we only realise how absurd the model is when half the planet is working to monitor the other half?

Bitcoin is shaking the very foundations of the fight against money laundering. And rather than questioning the regulations and their relevance, both in terms of effectiveness and in terms of respect for fundamental freedoms, we prefer the path of blindness which leads to restricting the use of a technologically neutral tool by arbitrarily hindering innovation, property rights and the protection of the confidentiality of exchanges, the importance of which for democracy, particularly via the encryption of exchanges, was recently reaffirmed by the European Court of Human Rights[38].

Bitcoin is a canary in the mine. A signal that something is slipping away, not concerning cryptos, but concerning the fundamental freedoms of all citizens, threatened by financial supervision.

II. The ravages of financial supervision

1. Unproven effectiveness and efficiency

I am not aware of any study establishing the effectiveness of customer knowledge measures in combating money laundering. And that's not for lack of looking.

On the contrary, there are numerous studies tending to conclude the opposite. Ronald Pol, a researcher at La Trobe University in Melbourne, summarised numerous studies in a research paper published in 2020: Anand 2011; Brzoska 2016; Chaikin 2009; Ferwerda 2009; Findley, Nielson, and Sharman 2014; Harvey 2008; Levi 2002, 2012; Levi and Maguire 2004; Levi and Reuter 2006, 2009; Naylor 2005; Pol 2018b; Reuter and Truman 2004; Rider 2002a, 2002b, 2004; Sharman 2011; van Duyne 2003, 2011; Verhage 2017.

The main lesson of this research paper gave it a more than eloquent title: "Anti-money laundering: the least effective public policy in the world? "

What do we learn?

That KYC and AML procedures recover around 0.05% of criminal money worldwide, i.e. $1.5 billion out of the $3 trillion in criminal money that circulates around the world each year. And that's assuming that 50% of the money recovered is through these procedures, whereas an empirical study in New Zealand showed an entirely different reality, in which 80% of seizures were made using conventional means, and only 20% through these KYC and AML procedures.

The paper's author sums it up as follows: "If the impact of three decades of anti-money laundering controls results in barely a rounding error in criminal accounts and "Criminals, Inc" retains up to 99.95% of revenues, and reasonable prospects for better outcomes remain consistently unexplored, the stark reality is that current policy inadvertently protects, supports and enables much of the serious profit-driven crime it seeks to counter. Be that as it may, the anti-money laundering experiment remains a viable candidate for the title of least effective policy initiative ever(Cassara 2017, 2)."

A Europol study in 2016[39] came up with similar figures: criminals would retain almost 99% of their profits.

So much for efficiency.

What about efficiency, i.e. what resources are mobilised to achieve this result?

The answer is once again edifying.

Studies vary enormously in their estimates of the compliance costs imposed on businesses, particularly financial ones, ranging in 2018 from $304 billion a year according to LexisNexis, to $1,280 billion according to Thomson Reuters[40], without even taking into account the costs imposed on States and public services, as well as indirect costs (lost productivity, friction etc.).

The answer is once again edifying.).

Even with the low estimate, every euro wrung from crime required €200 of expenditure. The situation is so absurd in Europe that compliance costs (€144 billion) exceed the total money (€110 billion) generated by crime every year!

Given the poor results and the enormity of the costs, any sensible person or company would take some time to think about the sustainability of such a scheme. But we are dealing here with a religion, and asking for proof and reasoning can make one suspect of complicity with money laundering and terrorism.

This industry has also become extremely lucrative for a whole series of players who have developed a wide range of services: lawyers specialising in regulatory compliance, consultancies, but also start-ups offering dedicated tools, which even have a name: RegTech. More curiously, with nearly $4.3 billion in penalties imposed on financial institutions in 2018, and $8.1 billion in 2019, the business is also proving juicy for states, which earn more in fines than they recover from criminals...

2. Totalitarian regimes dreamt of it, liberal democracies have done it: financial supervision and its consequences

With the imposition of these procedures on the financial system, new or existing risks are taking on major proportions.

The first is that of censorship, linked to the drastic reduction in online anonymity. The second is that of arbitrariness in the application of decisions and sanctions. The third is that oftheft of sensitive information.

a) Financial censorship as a political weapon of democratic asphyxiation

The risk of censorship is often perceived as a distant problem from Western democracies. And yet, living in a democracy does not prevent the temptation to censor that plagues human beings, and there is no shortage of examples.

The democracy index published by the British newspaper The Economist ranks Canada 13th, the UK 18th and South Korea 22nd. All are described as "complete democracies", ahead of France (23rd). India, the world's largest democracy, is in 41st place, not far from our neighbours Belgium (36th) or Italy (34th).

And yet, these countries have a story to tell about censorship related to know-your-customer and KYC procedures.

First, in Canada, as recently as 2022, as trucker protests redoubled in intensity, the Ontario government and then the Canadian government declared a state of emergency and imposed financial coercion measures on the protest movement bypassing the usual democratic and legal processes.This is the first time in Canadian history that this state of emergency has been imposed.

Under the pretext of wanting to know the origin of the funds for the kitty financing intended to fund the movement, the financial monitoring agency (FINTRAC) is seized. The two financial platforms GoFundMe and GiveSendGo were forced to freeze the funds. Even more worrying,the Canadian government invoked the use of its emergency powers to freeze the individual accounts of nearly a hundred people involved in the protests. A veritable financial asphyxiation using a political pretext.

Whether or not you agree with the reason for the demonstrations is not the point. This state of emergency would later, in January 2024, be ruled unconstitutional by the Federal Court of Canada[41]. But the damage had been done: protest had stopped, demonstrators had been financially strangled, and the rule of law and individual freedoms had been curtailed.

In the UK, another case had hit the headlines and caused particular scandal: that of Nigel Farage. This Brexit supporter and leader, who had been a customer of the same bank for 43 years, announced on Twitter[42] in 2023 that his accounts had been closed without any explanation. Two days later, as the scandal was roaring in the UK, he announced that he had had his applications to open an account rejected by 9 banks, on the pretext that he is a "politically exposed person", a PEP, an acronym owed to these know-your-customer regulations. However, other political decision-makers do not have the same problems opening or maintaining a bank account, which raises the question of differential treatment based on political views.

The case caused quite a stir in the UK, and the BBC confirmed that the account had been closed for reasons of political orientation[43]. Prime Minister Rishi Sunak had to take up the matter[44], and summoned the country's major banks to ensure that freedom of expression was respected.

In India, even more recently, at the end of March 2024, the banking sector's influence on the finances of economic players was reflected in the country's political life, enabling the ruling party to financially asphyxiate its rival, the Indian National Congress, Gandhi's former party.

As the Human Rights Foundation points out in its 17th Financial Freedom Report newsletter[45], "The Indian government, led by Prime Minister Narendra Modi, froze the bank accounts of its largest political opposition party, the Indian National Congress (INC), citing allegations of tax evasion, just weeks before the forthcoming election. According to INC statements on X[46], "all our bank accounts have been frozen. We cannot carry out our campaign work. We cannot support our workers and candidates. Our leaders cannot travel across the country." A few days later, India's anti-financial crime agency also arrested opposition leader Arvind Kejriwal[47] in what is seen as a wider move to eliminate competition in the upcoming elections. These events underline the growing need for a neutral, apolitical currency as a tool for democratic activism and political campaigning."

The temptation is strong to say that this sort of thing "doesn't happen at home". But the examples I have cited, by design, are democracies, and for the most part ranked higher in this respect than France.

France, which has already tipped its hand on similar issues.

b) The return of arbitrariness: selective application of measures

The collection of identity and the fight against terrorism have also demonstrated in areas other than finance that they can be largely diverted from their original purpose. In this respect, we might mention the example of South Korea, the first country to want to combat anonymity on the Internet, and which in 2008 enacted a law requiring the collection of identity by social networks in order to combat hatred and disinformation.

In 2012, South Korea's constitutional court terminated the law[48], deeming it unconstitutional. The latter noted with regret numerous pitfalls: selective and arbitrary application of this law because the application criteria were far too vague, the lack of evidence showing that application of the law had reduced the amount of illegal content posted online, or the asphyxiation of local economic players, who had to comply with costly standards, to the benefit of foreign players who continued to operate in the country by attracting South Korean internet users anxious to be able to express themselves freely.

The Court concludes by stating that the collection of identity had "a chilling effect on the expression of individuals' opinions" which constitutes an "obstacle to the free formation of public opinions - a foundation of a democratic society".

In fact, you don't have to go to Asia to see the danger posed by this censorship and these laws designed to combat terrorism.

In France, certain political groups, particularly on the left, had a rude awakening when, after supporting the various laws aimed at limiting hateful content and apology for terrorism, they are now being targeted for "ecoterrorism" or "apology for terrorism". The fight against terrorism is often used as a convenient pretext to restrict the expression of legitimate political opposition, which is serious and damaging in a democracy, where the ability to disagree with the majority opinion must be absolutely preserved.

And in this respect, the parallel with the collection of identities from financial institutions is striking: no evidence of their effect, drastic economic standards that lead to the concentration of the sector and to the benefit of foreign players, and selective application by the authorities of the prosecutions to be brought, among other things.

How else can we explain, as we saw in the introduction, that developers of a Bitcoin wallet are already in pre-trial detention and facing up to 25 years in prison for misdeeds they are falsely accused of, while certain financial institutions, crypto or otherwise, regularly escape prison sentences despite committing far more important, far more serious, and sometimes conscious acts?

In 2012, HSBC was accused by the US government of money laundering for Mexican drug cartels and violating sanctions against countries such as Iran. The amounts involved were said to be close to$1 billion[49]. HSBC agreed to pay a record $1.9 billion fine to the US authorities.

But no jail time was handed down.

Also in 2012, UBS was convicted by the US authorities of helping US citizens avoid taxes by hiding undeclared assets overseas, to the tune of$20 billion[50]. UBS paid a fine of $780 million and had to provide the names of thousands of US clients.

But no jail time was handed down.

More famously in France, in 2014 BNP Paribas pleaded guilty to violating US sanctions against countries such as Sudan and Iran, as well as money laundering charges, to the tune of $30 billion[51]. The bank agreed to pay a record $8.9 billion fine and was temporarily banned from certain dollar transactions.

But no jail time was handed down.

In 2019, Danske Bank was fined €150 million by Danish authorities for facilitating large-scale money laundering, involving $227 billion[52] mainly from Russia.

But no jail sentence was handed down.

In 2012, Standard Chartered was charged by US authorities with laundering money for Iranian clients, bypassing US sanctions, totalling $250 billion[53]. The bank agreed to pay a fine of $667 million.

But no jail sentence was handed down.

$250 billion is more than the total capitalisation of Bitcoin in 2020. So much for the order of magnitude.

The largest bank in the United States, JP Morgan, has been sentenced 277[54] times by the courts since 2000, for a total of nearly $40 billion in fines. That's about one conviction of nearly $150 million, every month, for 24 years, for offences ranging from consumer protection violations to mortgage abuses, not forgetting, of course, anti-money laundering deficiencies. The latter account for $2 billion of the $40 billion in fines.

I have not been able to find a single person in mainstream finance, since the 2008 crisis, who has gone to jail on an anti-money laundering or terrorist financing charge.

In contrast, between Pertsev, developer of Tornado Cash, who spent nine months in prison without trial, and has just been sentenced to five years, and those of Samurai Wallet, who spent some time in prison, again without trial, and one of whom was released on bail, it would appear that we are in the midst of what the Korean Constitutional Court called a "selective application by the authorities of the prosecutions to be brought".

c) Not-so-personal data

The third extremely dangerous point raised by these practices of collecting customer data and combating money laundering and the financing of terrorism is obviously the theft of this data.

You don't have to go far back in time to find examples of computer flaws exploited by cybercriminals.If you've been unemployed just once in the last 20 years, your data is no longer personal. Your surname, first name, date of birth, social security number (and therefore gender, département and commune of birth), email address, postal address and telephone number: all this is now out in the wild, in the hands of cybercriminals, who have already started to use it for their works.

Of course, what's happening to France Travail is also happening in the world of finance.

Some of the biggest data leaks in recent years include Equifax in 2017, an American credit rating company, affecting the personal data of more than 150 million people[55],[56], or JP Morgan in 2014, 76 million households and 7 million businesses[57], or Capital One in 2019, with more than 100 million customers affected, among the biggest in recent years. And Europe has not been spared: HSBC has suffered multiple data leaks over the past ten years[58],[59], but fintechs like Revolut[60] are not immune either.

In short, from the moment your personal data is collected, the question is no longer "if" but "when" it will be accessible to hackers.

According to the ITRC (Identity Theft Resource Center), an American NGO dedicated since 1999 to evaluating crimes linked to identity theft in the United States, in 2023 there will have been more than 3,200 data leakage or hacking events in the United States, resulting in more than 350 million victims. That's more than the entire population of the country. The financial industry stands out as the main victim, just behind the medical industry and its precious healthcare data[61].

According to the US Federal Trade Commission, credit card fraud between 2019 and 2023 rose by more than 50%, from around 280,000 consumer complaints to more than 425,000[62]. Of these frauds, around 90% come from identity theft that has allowed a new account to be opened in the name of a person who has had their personal information stolen, and only 10% come from fraud on an existing card.

According to Transunion, a company that collects, controls and protects banking data, the use of personal data to forge new false identities has again reached new records in 2023, reaching a loss of 3 billion dollars in the United States[63].

With the development of AI in particular, which is reaching frightening levels of sophistication in terms of identity theft (voice, video etc.), it is becoming necessary for this fair with personal data to stop as quickly as possible. Protecting personal data is therefore also a moral duty towards others, because protecting oneself means protecting others from scams and breaches of trust.

So what's at stake is the physical and digital security of everyone. This is notably the fight that has been launched in Switzerland, where the canton of Geneva has already voted 94% in favour of amending the constitution to create a right to digital integrity[64].

Conclusion: an excessive, unjustified and counter-productive lockdown that tramples on fundamental rights

The practices and instruments of financial regulation place extreme limitations on the exercise of several fundamental rights and freedoms. In particular, they reduce both monetary confidentiality and the freedom to dispose of one's own funds in a totally disproportionate manner, while leading to the prohibition, legal or practical, of technologies and tools regardless of their use, as well as to differences in treatment, for a given behaviour, depending on the actor concerned. As a whole, this is a fatal blow to innovation in Europe.

These practices and regulations have not, however, been justified, as their effectiveness in combating money laundering and the financing of terrorism has not been demonstrated "convincingly" [65], even though this is an obligation for the State in any undertaking to limit freedoms.

Inversely, they carry greater risks, for individuals and society, than those they claim to combat, particularly in the field of personal data protection (the fact that the individual cannot escape a major risk concerning highly sensitive data constituting, moreover, an attack on his dignity).

Finally, their cost to the economy - and therefore to entrepreneurial freedom - alone outweighs the proceeds from the crime they claim to target.

In these circumstances, the infringements of the fundamental rights referred to above are arbitrary and unacceptable in a democratic society.

More specifically, in the first place, the rights to dignity, to self-determination, to resistance to oppression, are being trampled underfoot. A substantial part of the right of property is now no more than a chimera, in a Europe where individuals have to ask permission before spending their own money, without being certain that it will not be blocked the next day for a reason that has no legal basis and against which there is no effective remedy.Freedom of trade and industry is being stripped of the opportunity to develop innovative tools.

The right to privacy, more generally, is also flouted, to the point of annihilating its very essence: when anonymous cryptos are banned, when transfers without KYC are blocked, before any suspicion of infringement and therefore regardless of whether they are being used illegally or not, it is indeed privacy per se that is targeted, whereas it constitutes the normal exercise of private life.

However, this right to privacy is a pillar of democracy: described as "fundamentally fundamental" in that it "preconditions the enjoyment of most other rights and freedoms"[66], it is intended "to ensure the development, without external interference, of the personality of each individual in relations with his fellow men", to quote the European Court of Human Rights (ECHR)[67]. This capacity for personal development, combined with the freedom to make choices in complete confidentiality, guarantee the "democratic functioning of society"[68].

So many fundamental freedoms that can only be restricted on the basis of a clear and precise legal basis, motivated by a demonstrated need, in a strictly proportionate manner, with safeguards to attest to this.

But none of this is respected as it stands. This is the advent of a presumption of guilt that leaves a boulevard for selective application of disproportionate laws, by governments, but also by financial players. The hypertrophy of the banking sector is in fact largely the child of these regulations, imposing staggering costs and consequently concentration, protected by giant barriers to entry, leading de facto to recurring abuses of dominant position.

A priori control, of everyone, all the time, before the slightest suspicion of infringement, is becoming the norm. And this despite the fact that both the Court of Human Rights and the Court of Justice of the European Union prohibit it. For companies subject to these regulations, it is the absence of control that becomes an infringement, in violation of primary law.

A situation that should frighten any citizen wishing to live in a liberal democracy.

Thanks to Estelle De Marco, Doctor of Private Law and Criminal Sciences, expert with the Council of Europe specialising in the protection of fundamental rights, for the contribution on legal developments.

Everything that matters in Web3. Each week.
Try insider for free, for 30 days.
All that matters in crypto.
Deciphering, insights, Data. Access the best of the ecosystem.
In this article
No items found.
Read next
No items found.
In this category