Talking Bitcoin Regulation and Compliance with David Long, JD


By Mark Norton: Editor @� � 9/18/2014

On January 3, 2009, Satoshi Nakamoto embedded a message in the very first block of Bitcoin’s blockchain in order to prove that the block could not have been created before that date. To make the point, he selected a headline from The Times, a British newspaper. The top story that day was “Israel prepares to launch ground offensive on Gaza,” but he didn’t use that one. Instead, he went for the below-the-fold headline of “Chancellor on brink of second bailout for banks.”

Satoshi’s choice does seem to indicate his thinking about why something like Bitcoin needs to exist �that the current financial system is broken to the point that perhaps we should try something else. Protest of the current political and financial system is built into Bitcoin’s very bones and has often expressed itself as a strong anti-regulation sentiment.

The fact of the matter is that Bitcoin can exist in a regulation free world only in what amounts to a worst case scenario: If governments pass laws to illegalize Bitcoin and financial institutions refuse to have dealings with anything cryptocurrency related, then Bitcoin will be relegated to a black and grey market currency. It’s our feeling that if this were the case, growth and innovation would continue and that Bitcoin would eventually succeed in some future catastrophic financial crash. Just because we suppose that it would survive under these harsh conditions, though, is no reason to want it to. It would be much better for everyone if Bitcoin develops in at least a somewhat cooperative environment.

If Bitcoin is to grow and be used alongside national currencies, there is going to be regulation, at the very least, of those places where bitcoins and regular money are exchanged. There are going to be attempts to regulate what Bitcoin does at more fundamental levels as well, as we’ve seen with the proposed BitLicense rules. Unfortunately, especially for people who are trying to build cryptocurrecy businesses, this is creating a lot of ambiguity about what is or is not legal. The ambiguity is severe enough that some businesses have already opted to move their operations off-shore to countries with more friendly regulatory environments.

Into this gap has stepped David Long, a Northern California attorney with a background in white-collar criminal investigation, offering AML/KYC compliance services for cryptocurrency businesses as the senior consultant at NCFPS-Digital Currency AML Consultants. We were able to get David to answer a few of our questions about himself and about Bitcoin regulation and compliance.

You are a former federal white-collar criminal investigator and a certified fraud investigator. What kind of crimes have you investigate and what kinds of things did you learn from that experience?

I spent about nine years with the federal Division of Labor Racketeering, Department of Labor, Office of Inspector General, as a Special Agent working out of Atlanta and Los Angeles. While working out of the Atlanta office, I spent a tremendous amount of time working the seaports in Tampa and, to a lesser extent, Miami, Florida. At the time, the stevedores’ union, the International Longshoreman’s Association (ILA), was troubled by continuing corrupt activities. Some of the corruption emanated from the union leadership’s collusion with certain employers at the ports. Based on our investigations, we were confident that organized crime was acting behind the scenes.

In Los Angeles, the investigations were completely different with there being significant focus on identity theft schemes carried out on a grand scale with criminals stealing personally identifiable information from payroll processors and filing unemployment insurance claims against the stolen identities, to the tune of millions of dollars. Some of this was traced to elements associated with the Mexican Mafia.

From the technical criminal law perspective, my investigations typically focused on money laundering, the Racketeer Influenced Corrupt Organizations Act (RICO), mail fraud, wire fraud, extortion, and false statements.

My experience as a federal agent taught me many, many, things. I think one of the most important things that the experience taught me is how to really listen to people. After all, probably the most important skill a criminal investigator or a fraud prevention professional can possess is the ability to listen. This was a fascinating experience for me because it actually helped me to refine my skills as an attorney. As an attorney, a federal agent, and now as a consultant, it is very important that I listen to my client to learn his or her story (or the story of their company), so that I can best determine how to assist them.�

How did you find yourself assisting Bitcoin related companies with AML/KYC compliance? This would seem to be a small niche in a massive field. What got you involved in it?

Well, as an attorney and a federal agent, I really enjoyed thinking about ways bad actors might approach a company to defraud it or to launder money through it. Once I left government service, I obtained certifications in both anti-money laundering (through the ACAMS) and in fraud examination (through the ACFE) so I could continue learning and studying criminal thought and behavior. I also became a university professor in the fields of both criminal justice and legal studies. My faculty position helps to keep me sharp by affording me the opportunity (and time) to conduct research into the topics I am called on to consult about.

When Bitcoin really came to my attention in late 2011, I became intrigued by the underlying block chain technology and I began reading about the ways that it could potentially revolutionize the financial services sector. Then I began to learn about how the block chain technology holds great potential to disrupt other industry sectors as well. Well, from my experience, where technological innovations go, so goes the criminal mind. I was just drawn to the prospect of helping companies design procedures to mitigate the impact of criminal behavior on their fledging companies, while at same time, assisting them in maintaining or achieving regulatory compliance.�

AML/KYC laws seem to be at odds with the fundamentals of Bitcoin � a pseudonymous currency that allows people to send any amount of money to anyone anywhere without the need for a third party to facilitate the transaction. Do you think it’s possible to reconcile these foundational principles of Bitcoin with these laws?

Bitcoin is indeed a disruptive technology that existing regulations did not contemplate. However, that is not to say that Bitcoin and the blockchain technology necessitate the need for additional regulations. There is an entire AML/KYC apparatus in place that with some adaptation, consideration, reflection and forethought, on the part of regulators, can be applied successfully to this new technology. I do not believe that we need new prohibitionist or otherwise strict regulatory constructs to “control” the technology. Top-down responses to innovative technologies do more harm than good.

What’s you take on the BitLicense proposal out of New York?

My dedication to ensuring that the financial system is not utilized to further the activities of bad actors is entrenched and has been a linchpin of my career. Yet, at the same time, I clearly grasp the essence and promise of the technology of the Bitcoin protocol. After thoroughly reading and digesting the regulations as proposed, I have concluded that, as written, the regulations do little to ensure the safety of the “virtual currency” industry from the threat of money laundering and the financing of terrorism, while doing much to potentially choke off the growth and innovation in this still nascent industry. Surely, this cannot be the intended result of this proposal. In my view, New York’s approach embodies a “top-down” rather than a “bottom-up” approach to regulation.

Interestingly enough, though the proposal correctly calls for the development of robust AML/KYC programs, it hastily discards the necessity of requiring effective AML programs based on robust risk assessments. In other words, it requires risk-based (presumably) AML programs and then departs from a risk-based approach by requiring a physical address for all parties to a transaction, without regard to the risk presented. Even disregarding for a moment the technological “substitutes” for a physical address, a risk-based approach could be drawn to be sensitive to the types of customer verification protocols customarily accepted in a given country. Absent that, why not consider simply recommending, as part of a risk-based analysis, lower maximum transaction thresholds and limiting the number of daily transactions available to those who are unable to furnish a physical address, or consider a combination of both? All of these assessments are properly made within the context of a risk-based AML/CFT program. In short, there are a number of other ways to more reasonably address the risks presented absent a “one size fits all” mandate. Such is the antithesis of the risk-based approach adopted by the Financial Action Task Force, of which the United States is a member.

What kind of Bitcoin businesses have you been working with and what have you found to be the most challenging part of helping them be compliant?

Ninety-nine percent (99%) of the businesses I work with are in the start-up phase. Some have received seed or first-round funding; others that I mentor are in the pre-funding stage. As far as business type, they run the gamut of Bitcoin businesses out there. I advise exchanges, remittance companies, trading platforms, derivatives exchanges, and mobile wallets. The challenges these companies face are often daunting and it is heartening to see how these entrepreneurs face these challenges with such fearlessness! I am proud and happy to have been invited to serve as a mentor at the Plug and Play accelerator in Sunnyvale, CA and at the Meltwater Entrepreneurial School of Technology (MEST), an incubator located in Accra, Ghana. MEST is fully funded by the Meltwater Foundation, a non-profit subsidiary of the Meltwater Group, headquartered in San Francisco.

The most challenging part for me is providing “advice” in an area so rife with regulatory uncertainty. Because Bitcoin is a disruptive technology, much of the regulation in place pre-dates the technology and, as such, the existing regulations often do not speak readily to the unique design of the software. Hence, there are huge ambiguities as far as regulation is concerned. For example, most regulation in the financial services sector assumes the existence of a third-party intermediary for most transactions. As a decentralized, disintermediated system, existing regulations generally are interpreted with great difficulty when trying to apply them to the new technology. That though, by itself, does not mean that new regulations are necessarily needed. What is needed though is clarification as to how regulators intend to apply existing regulations to digital currency companies.

In your practice, you conduct AML trainings to keep businesses compliant with the law. What are some of the most important things you stress in these trainings?

The Bank Secrecy Act and associated regulations require regular periodic training for compliance staff and for any other personnel whose responsibilities touch on AML/KYC issues. The most important items that are covered in training really surround the fundamentals of AML such as being cognizant of the types of transactions customers usually undertake so that unusual types of transactions are readily identified. I also spend significant amounts of time training in the area of report and record-keeping requirements. For example, properly preparing an appropriate Suspicious Activity Report is a task that requires some focus and training in as well.

I know that you have probably not investigated this professionally, but what’s your best professional guess about what really happened at Mt. Gox?

True. Anything I say about Mt. Gox is at best speculation as I have never spoken to anyone close to the investigation. My best speculation is that the Mt. Gox “affair” might be a combination of external hacking and internal theft. Perhaps there was collusion between the two as well. I really do not have a clue about what really happened though.

In Florida, there have been a couple of cases of people trading on This causes a lot of concern for people since it means that any user or business might be tagged as a money transmitter. Do you think this is a real concern and what can regular users do to keep themselves safe?

You are correct. I do have some real concern about those involved with being considered as money transmitters. Whether or not a particular state would consider such a user a money transmitter, it is important to remember the following. Whether or not a person or a company falls within the ambit of regulatory oversight, anyone can potentially violate money laundering statutes or involve themselves in a money laundering conspiracy if they knowingly engage in certain conduct, or, if they turn a willful blind eye to the suspiciousness of the conduct to which they might be engaged.�

California has taken the step of recognizing cryptocurrencies as legal tender. Why do you think the state took this step and what impact will it have on the development of Bitcoin and related businesses in California.

I think that California took this step in an effort to recognize the legitimacy of crypto currencies and to signal the industry that the state was not intending to quash the development of the ecosystem. Hopefully, more in the way of promoting and nurturing the industry is in the works here in California.

As far as the impact is concerned, I think it may have helped soothe any apprehension that might have been out there that the State was going to prove itself hostile to the industry. This step certainly helped venture capital and private equity elements breathe a bit more easily.

You folks have offices in the US, Britain, Mexico, and Canada. How do the regulatory environments in each of those countries compare? Which one do think is best suited for a Bitcoin startup to get going in?

NCFPS maintains strategic partnerships in those countries and we work closely with our partners there. The UK is really making strides to be a leader in the Bitcoin ecosystem. Canada is not far behind. In Mexico, things are finally starting to really come alive. The U.S. remains the goal of many start-ups; however, with the huge amount of regulatory uncertainty and existing bureaucratic red-tape, it presents a huge barrier to entry for many.�

As a member of a number of prestigious professional legal associations, I can imagine that you get a wide range of reactions to your involvement with crypto currencies. What’s the typical reaction and how do you respond?

Most people are quite curious and intrigued about my involvement in the crypto currency environment. I tend to think that many people are fairly confused by the concept of Bitcoin and do not yet understand its potential impact. I enjoy explaining it to them and my role in helping along start-ups that are interested in compliance. So far, I actually have not had any negative reactions.

How do you see Bitcoin developing as a currency and protocol developing over the next couple of years?

Well, I believe that digital currencies are here to stay. However, I am not sure that the major digital currency will end up necessarily being Bitcoin. I am fairly certain that the blockchain technology is here to stay. As you probably know, there are all kinds of developers working on the blockchain technology to enable such innovations as programmable “smart” contracts, and “smart property,” through the use of “colored coins,’ and multi-signature transactions as well.

We want to thank David for his time in answering our questions. If you’d like to learn more about David, please visit his company site: NCFPS-Digital Currency AML Consultants.