Opinion: The latest allegations against Tornado Cash seem to contradict the Financial Crimes Enforcement Network (FinCEN) documents

Original Title: New Tornado Cash indictments seem to run counter to FinCEN guidance

Author: Peter Van Valkenburgh, Research Director at Coin Center

Translation by: bayemon.eth, ChainCatcher

ChainCatcher Note: Coin Center is a leading nonprofit organization focused on cryptocurrency policy issues, engaging in research and educational policy-making, and advocating for a reasonable regulatory approach to crypto technology.

Roman Storm and Roman Semenov have been indicted on charges of conspiracy to operate an unlicensed money transmission business. So far, not all relevant facts have been fully disclosed, but at first glance, the limited factual allegations in the indictment do not show any clear violations of relevant laws. Regarding other allegations related to this new case, we may follow up later, but it is currently necessary to discuss what constitutes money transmission and what constitutes "pure" software development or communication services. This is a key issue in this case and at the core of American citizens' rights to build and release software.

The only relevant statement in the indictment regarding "the defendants engaging in unlicensed money transmission" is that Tornado Cash "provides money transmission services to the public," and that this service has not registered with the Financial Crimes Enforcement Network (FinCEN). But does the indictment state any actual facts indicating that the defendants were engaged in legal money transmission activities?

The Bank Secrecy Act regulations define money transmission services as "accepting currency, funds, or other value that substitutes for currency from one person and transmitting that value to another organization or person by any means."

FinCEN's 2019 guidance on digital currencies elaborated on these regulations and stated regarding anonymous software service providers:

Anonymous software service providers cannot act as money transmitters. FinCEN regulations state that because services such as delivery, communication, or network access during the transfer process are necessarily related to the transaction process, software developers providing these services cannot act as money transmitters in the transaction process.

The indictment includes FinCEN's factual allegations, which describe various activities engaged in by the defendants, but these facts indicate that the defendants fully comply with FinCEN's guidance for anonymous software providers, meaning they did not act as money transmitters. The alleged activities include:

(a) Paying for web hosting services for a user interface that allows users to send transaction information to the underlying smart contract;

(b) Paying fees to GitHub for hosting smart contracts and user interface software and documentation;

(c) "Completely controlling" the Tornado Cash smart contract for a period before May 2020.

Service Providers Did Not Act as Money Transmitters

Regarding the aforementioned web hosting and software code storage services, these activities do not meet FinCEN's definition of so-called "money transmission," which is "accepting funds and transferring them to another party"; these activities merely involve the exchange and publication of software and data. Therefore, according to the 2019 document, these activities clearly do not fall within the scope of money transmission activities.

While providing these "delivery, communication, or network access services" through Tornado Cash may make it easier for individual users to access and use its smart contracts to transmit funds, this does not mean that the service provider becomes a money transmitter. As FinCEN stated in its 2019 guidance:

Individuals using software transactions for anonymous processing can be categorized based on the purpose of the transaction into ordinary users and money transmitters. Ordinary users typically use the software to pay for goods or services in their own name, while money transmitters use the software as intermediaries to engage in money transmission activities.

Since official documents indicate that there may be users conducting money transmission through anonymous software, the guidance also mentions that software developers and users do not need to be registered money transmitters, and to my knowledge, Tornado Cash operates in this manner.

Tornado Cash Lacks "Independent Control" Over Smart Contracts

As for the issue of "controlling" the smart contracts before May 2020, the analysis may be more complex. The indictment only states that the contracts were fully controlled by Tornado Cash, but in fact, Ethereum smart contracts are variable, and the degree of control can also vary. This is a key fact in determining whether a person is acting as a money transmitter.

For example, if someone has the ability to lock all funds in a contract, then that person can indeed transfer those funds and become a so-called money transmitter. However, if they only have the ability to update certain logic related to the contract but do not have full control over the funds and cannot independently decide whether to transmit the funds, then that person does not possess the "independent control" over all funds as described in FinCEN's guidance and therefore is not a money transmitter. The indictment does not clearly state the extent of the defendants' control over the smart contracts, so FinCEN does not have sufficient evidence to prove that Tornado Cash was engaged in unlicensed money transmission activities.

The investigation into Tornado Cash's control over the smart contracts is still ongoing, but as far as we know, the only control Tornado Cash has over the smart contracts is the ability to change the cryptographic logic related to privacy features, and it does not have any actual ability to view or move user funds. If this technical analysis is accurate, then Tornado Cash cannot possess the rights to "independent control" over smart contracts with money transmission capabilities as described in FinCEN's guidance, and therefore this charge cannot prove that Tornado Cash was engaged in "unauthorized money transmission" activities.

Additionally, the government also alleges that the defendants "promoted" Tornado Cash tools and profited from governance tokens while also "deliberately designing" the relevant features of their tools. However, like other allegations, these activities do not involve the "inflow and outflow" of funds. Furthermore, if the software provider only profits from advertising services, it does not demonstrate that the defendants provided regulated financial services rather than purely software services.

We will continue to monitor the progress of this case and will publish more reports after further facts are disclosed.