Stricter verification laws in the U.S. won’t stop international terrorists from using crypto

It’s important to note that crypto companies in the U.S. are regulated—and have been since 2013. Exchanges and other financial intermediaries are money service businesses under Bank Secrecy Act regulations, and they’re already required to register with FinCEN and report any suspicious—potentially criminal—activity. U.S. exchanges do AML/KYC checks and screen all potential customers for sanctions. It makes the U.S. safer. In this case, other countries have something to learn from the U.S.

The recent proposal by more than 100 lawmakers, including Sens. Elizabeth Warren (D-Mass.) and Roger Marshall (R-Kans.), does nothing to address the problem of where more crypto-related crimes occur—overseas, and by unregulated actors. They are proposing KYC rules akin to suggesting that copy machine manufacturers would need to verify anyone using their copiers. The authors unfortunately fail to understand that the underlying blockchain technology actually makes transactions public, providing investigators a digital paper trail to identify terrorist operatives and their financial contributors. There are solutions.

Back in 2016, I started doing research on terrorist crowdfunding campaigns. In fact, the very first campaign I tracked was organized by a Palestinian militant network aiming to raise funds to purchase missiles and other weapons. The campaign was active for a few weeks and garnered only a little over $500 in Bitcoin. In the years that followed, a variety of terrorist groups, including Hamas, have become more familiar—and more sophisticated—when it comes to crypto. But it’s not at all clear that public crowdfunding has been the most reliable way to raise funds.

Crowdfunding is risky to those who have the gall to send funds to a terrorist group. In fact, earlier this year, Hamas’s military wing announced that it was suspending its Bitcoin campaign because the funding network suffered so many disruptions. It turns out that the public solicitation of  crypto enabled security forces to easily track donations and go after Hamas supporters and its financial apparatus. In 2020, the Department of Justice reported how U.S. law enforcement conducted a covert operation to subvert a Hamas crypto campaign, take over its websites, and divert donations into U.S.-controlled wallets.

Given this reality, how could it be that Hamas and affiliated Palestinian terrorist groups have gained tens of millions in crypto?

Most of the recent reporting about Hamas crypto funding relies on information from Israeli seizure documents—legal records of accounts linked to criminal activity that have been blocked or seized. What might not be well understood is that when law enforcement seizes terrorist assets, it blankets everything in the targeted accounts, no matter the source. It seems unlikely that the millions of dollars worth of crypto funds in these accounts came from direct public donations. What’s more plausible is that these funds represent holdings from a mix of terrorist financial activities and sources that were converted into crypto. These digital wallets could also include local money service businesses that serve Hamas as well as benign customers. (Such businesses would still be considered terrorist facilitators and could have their accounts seized, even if they include funds associated with non-terrorist customers.)

What is missing in much of the conversation about Hamas using crypto is the scope of their funding operation. Hamas’s precise financial streams are opaque and difficult to verify, but the group relies on funding from Iran, possibly tens of millions of dollars annually, along with overseas donations from Gulf countries, in particular. Funds also flow from taxation and tariffscash smuggling, and various money exchange businesses and front companies. Counter-terrorist finance officials attack this funding mix by targeting the facilitating institutions. For example, last year the U.S. Treasury sanctioned Hamas financial officials running the Hamas Investment Office, which manages a portfolio of global companies—construction, real estate, and mining firms among them—with assets of over $500 million from operations in Sudan, Turkey, Saudi Arabia, Algeria, and the United Arab Emirates. The designation package targets the assets of key individuals who enable Hamas to earn and move money.

Although the role of crypto for Hamas is most likely a small part of Hamas’ budget, Treasury should take a similar, laser-focused strategy to deal with Hamas’s access to crypto accounts. The U.S. should target any business or entity that continues to enable Hamas’s network to buy, receive, and send crypto. The international community has laid out standards for how crypto exchange businesses should legally operate in order to prevent money laundering and terrorist use. Some businesses based in countries or regions that don’t enforce these standards offer Hamas ways to evade sanctions and acquire crypto. Treasury should consider applying sanctions to these non-compliant crypto exchange businesses, and the U.S. government should take concrete steps to ensure that crypto exchange businesses continue to flourish onshore, where the U.S. has better regulatory reach.

The U.S. doesn’t need new legislation or enforcement tools to go after Hamas’s crypto holdings. The realm of terrorist financing is always a cat-and-mouse game. Those seeking to stop Hamas will need to be as nimble and creative as the adversary, using the tools already at our disposal to identify and disrupt its financial network.

Yaya J. Fanusie, a former CIA analyst, is the director of policy for anti-money laundering and cyber risk at the Crypto Council for Innovation. The opinions expressed in commentary pieces are solely the views of their authors and do not necessarily reflect the opinions and beliefs of Fortune.

Learn more about all things crypto with short, easy-to-read lesson cards. Click here for Fortune’s Crypto Crash Course.

How not to regulate DeFi 101

In the rapidly evolving landscape of cryptocurrencies and DeFi, regulators worldwide are grappling with the task of preventing illegal activities without crippling innovation.

To this aim, a recent bill from Sens. Reed, Rounds, Warner and Romney proposes to impose the Bank Secrecy Act and sanctions compliance requirements on certain entities within the crypto space. 

While the intention behind this proposal is commendable and offices are open to constructive dialogue about next steps, analysis reveals that the bill’s requirements are largely arbitrary and poorly defined, presenting significant challenges for implementation. 

A more technologically sound approach is needed, to effectively address illicit finance in the DeFi ecosystem: One that balances regulatory goals with the unique nature of the crypto-assets.

The bill raises concerns from its inception, as it lacks clear definitions and objective criteria for determining who falls under its scope. 

For instance, the bill targets “Digital Asset Protocol Backers” and “Digital Asset Transaction Facilitators” without providing explicit guidelines to identify them. The secretary of the Treasury is expected to determine a person’s “control” of a digital asset protocol without referencing established legal guidelines, leaving room for ambiguous interpretations.

Moreover, the bill’s language is overly broad, potentially encompassing entities that have no real influence over DeFi protocols. For truly decentralized and autonomous protocols, investors and developers often lack the power to alter operations after deployment, making it impractical to hold them accountable for compliance.

In addition to the challenges posed by the bill’s arbitrary requirements, the proposal’s $25 million valuation threshold for determining Digital Asset Protocol Backers raises questions about its underlying rationale. The lack of transparency regarding how this specific amount was chosen suggests that the bill may be targeting existing ventures rather than influencing future activity since funding levels may vary widely from past projects.

The proposal also falls short in guiding decentralized protocols on how to comply with Bank Secrecy Act reporting requirements. 

DeFi protocols operate in a permissionless environment, making it challenging to collect personal identification information. The bill fails to address this technical complexity, leaving decentralized projects without practical solutions to meet the reporting obligations.

Furthermore, the bill’s provisions for crypto kiosks, or crypto ATMs, could potentially hinder financial inclusion. 

While the notion of improving anti-money laundering (AML) objectives for these kiosks is commendable, certain requirements — such as customer verification for any transaction amount and recording counterparties’ personal data — may be impractical due to technical limitations. Striking a balance between AML objectives and facilitating financial access is essential in a rapidly digitizing world.

Instead of adopting a one-size-fits-all approach to regulation, a more nuanced and collaborative effort is necessary. The Crypto Council for Innovation (CCI) is currently working on a comprehensive framework for appropriate DeFi regulation, engaging with industry experts and financial regulators to develop a technologically feasible and effective approach. 

Read more from our opinion section: The private vs. public blockchain debate gets it wrong

Recognizing the unique characteristics of DeFi protocols, this approach aims to tailor compliance measures to suit the decentralized nature of the crypto ecosystem, ensuring that the industry can continue to innovate while adhering to the highest standards of security and anti-money laundering practices.

The proposed bill’s ill-defined requirements risk impeding progress in the crypto and DeFi space while offering limited efficacy in combating illicit finance. 

It is important to note that this bill is in early stages and that its authors are interested in a constructive dialogue on how best to mitigate illicit activity in crypto. As the industry continues to evolve, policymakers must collaborate with experts and stakeholders to develop a technologically sound and practical approach to address illicit activities in DeFi. 

The path forward should involve distinct categorization of elements within the DeFi technology stack and harnessing the inherent transparency and programmability of blockchain systems. Such an approach will foster innovation, protect consumers and strengthen the global financial system while preserving the essence of decentralization and financial inclusion that makes the crypto ecosystem unique. 

As we navigate this crucial phase of regulatory development, open dialogue and collaboration will be the keys to unlocking the full potential of decentralized finance while mitigating illicit activities effectively.

Get the day’s top crypto news and insights delivered to your email every evening. Subscribe to Blockworks’ free newsletter now.

Want alpha sent directly to your inbox? Get degen trade ideas, governance updates, token performance, can’t-miss tweets and more from Blockworks Research’s Daily Debrief.

Can’t wait? Get our news the fastest way possible. Join us on Telegram and follow us on Google News.