Opinion Tornado Cash’s latest allegations seem to contradict the Financial Crimes Enforcement Network (FinCEN) documents.

Tornado Cash's latest allegations contradict FinCEN documents.

Preliminary thoughts on the criminal charges against the software service provider.

Original title: New Tornado Cash indictments seem to run counter to FinCEN guidance

Author: Peter Van Valkenburgh, Director of Research at Coin Center

Translation: bayemon.eth, ChainCatcher

Note: Coin Center is a leading non-profit organization focused on cryptocurrency policy issues, engaged in research and policy advocacy, and advocating for reasonable regulatory strategies for cryptocurrencies.

Roman Storm and Roman Semenov have been charged with conspiracy to operate an unlicensed money transmitting business. So far, not all relevant facts have been fully disclosed, but the limited facts alleged in the indictment do not appear to show any clear violation of relevant laws. We may have further follow-ups on other charges related to this new case, but it is currently necessary to discuss what constitutes money transmission and what constitutes “pure” software development or communication services. This is a key issue in this case and a core right for U.S. citizens to build and release software.

The only relevant statement in the indictment regarding “defendants conducting unlicensed money transmission” is that Tornado Cash “provides money transfer services to the public” and that this business has not been registered with the Financial Crimes Enforcement Network (FinCEN). But does the indictment state any facts that actually indicate that the defendants engaged in legal money transfer activities?

The regulations implementing the Bank Secrecy Act define money transmission services as “accepting currency, funds, or other value that substitutes for currency from one person and transmitting it to another organization or individual in any form.”

The 2019 FinCEN guidance on cryptocurrencies provides detailed explanations of these regulations and specifically addresses anonymous software service providers:

Anonymous software service providers cannot act as money transmitters. The FinCEN regulations provide that because the delivery, communication, or network access services involved in the transfer process are necessarily related to the transaction process, software developers providing these services cannot act as money transmitters in the transaction process.

The indictment includes charges based on FinCEN’s allegations of facts, describing various activities engaged in by the defendants, but these facts all indicate that the defendants fully comply with FinCEN’s guidance for anonymous software providers, i.e., they do not act as money transmitters. The charged activities include:

(a) Paying network hosting service fees for the user interface that allows users to send transaction information to the underlying smart contract;

(b) Paying fees to Github for storing smart contracts and user interface software and documentation;

(c) “Full control” of the Tornado Cash smart contract for a period of time prior to May 2020.

The service provider did not act as a money transmitter

Regarding the network hosting and software code storage services mentioned above, these activities themselves do not meet FinCEN’s definition of “money transmission,” which involves “accepting funds and transferring them to another party.” These activities only involve the exchange and publication of software and data. Therefore, based on the 2019 guidance, these activities clearly do not fall within the scope of money transfer activities.

Although providing these “delivery, communication, or network access services” through Tornado Cash makes it easier for individual users to access and use their smart contracts to transfer funds, it does not mean that the service provider becomes the fund transferor. As stated in FinCEN’s 2019 guidance:

People who use software transactions for anonymous processing can be classified as ordinary users or fund transmitters depending on the purpose of the transaction. Ordinary users typically use the software to pay for goods or services in their own name, while fund transmitters use the software as intermediaries for fund transfers.

Since the official document indicates the possibility of users transferring funds through anonymous software, the guidance document also mentions that software developers and users do not have to be registered fund transmitters, and as far as I know, Tornado Cash operates in this way.

Tornado Cash does not have “independent control” over smart contracts

As for the issue of “control” over the smart contract before May 2020, it may be more complex to analyze. The indictment only states that the contract is fully controlled by Tornado Cash, but in fact, Ethereum smart contracts are mutable, and the degree of control is variable. This is a key fact in determining whether a person is acting as a fund transmittor.

For example, if someone has the ability to lock all funds in the contract, then that person can indeed transfer these funds and become a so-called fund transmitter. However, if they only have the ability to update certain logic related to the contract but not enough to have full control over the funds and decide whether to transfer them, then that person does not have the “independent control” over all funds as described in FinCEN’s guidance, and therefore is not a fund transmitter. The indictment does not explicitly state the extent of the defendant’s control over the smart contract, so FinCEN does not have sufficient evidence to prove that Tornado Cash is engaged in unlicensed fund transmission activities.

The investigation into Tornado Cash’s control over the smart contract is still ongoing, but as far as we know, Tornado Cash’s only control over the smart contract is to change the cryptographic logic related to privacy features, and it does not have the ability to view or move user funds. If this technical analysis is accurate, then Tornado Cash cannot have the right to independently control a smart contract with fund transfer capabilities as described in FinCEN’s guidance, and therefore this charge cannot prove that Tornado Cash is engaged in “unlicensed fund transmission” activities.

In addition, the government also accuses the defendants of “promoting” the Tornado Cash tool and profiting from governance tokens, while also “intentionally designing” the relevant features of their tool. However, like other charges, these activities do not involve the “inflow and outflow” of funds. At the same time, if the software provider only profits from advertising services, it cannot be argued that the defendants are providing regulated financial services rather than purely software services.

We will continue to monitor the progress of this case and publish more reports after further disclosure of facts.