Hello Incognito community,
Privacy is a fundamental human right that the Incognito community values, protects and upon which our platform is built. Our platform, however, requires legitimacy to be viable and to continue serving you and your privacy. The recent Tornado Cash’s sanctions, while being controversial, have raised concerns on the use of privacy platforms like Incognito.
As a result, we want to clarify our stance on this issue and our ongoing regulatory risk-mitigation approach.
Our emphasis is to ensure our users’ access to privacy while deterring money laundering and illegal activities.
Our action is to take steps in understanding how Virtual asset service providers (VASPs) deal with Anti-Money Laundering & Terrorist Financing (AML & CTF) regulations. Then, subsequently define what Incognito should do as a platform to provide a capability for VASPs to gradually become in line with the recommendations of the Financial Action Task Force on Anti-Money Laundering (FATF) on out-going virtual asset transactions from Incognito.
Practical deterrence activity (ETA: Sept 2022)
We believe that efforts to deter money-laundering and illegal activities could practically minimize, if not eliminate bad actors’ ability to move illegal funds through Incognito as well as preserve the ability of users (aka good actors) to interact with legitimate privacy tools and services.
The first task we will be working on is to detect and reject suspicious deposits (into Incognito). Currently, in the deposit (aka shielding) workflow, funds and transaction information are usually relayed by Incognito backend services to vault smart contracts so the services can integrate with reliable and trusted external services (e.g. TRM lab or coinfirm) for screening, detecting, monitoring and investigating crypto fraud and financial crimes, including but not limited to sanction lists. Suspicious transactions flagged by these services shall be rejected and be reverted to the original depositor’s wallet address.
This may be applied to both frontend and protocol levels so that we can prevent suspicious transactions in time regardless of tools (e.g. app, web, Metamask or script code) that a bad actor uses to move illegal money into Incognito.
Anti-Money Laundering & Terrorist Financing (ETA: Oct 2022)
This section is intended to provide a comprehensive understanding of AML & CTF measures recommended by the FATF. Recommended measures include customer due diligence, record-keeping, suspicious transaction report, and application of “Travel Rule” which provides necessary originator and beneficiary information for virtual asset transfers between VASPs. Based on these recommended measures, we need to decide what features we should support on our platform to enable our user to provide VASPs with his/her funds’ origin in a verifiable yet secured way.
Illustration of a typical user-flow from Incognito to a VASP
Customer Due Diligence (CDD)
Under the FATF recommendations, VASPs are required to undertake Customer Due Diligence (“CDD”) measures when establishing a business relationship. It is a fact that a VASP supports virtual assets moved out from Incognito and that a user’s intention to trade the assets does not impact the VASP’s ability to carry out CDD checks.
Virtual assets that are moved out from Incognito platform are not different from other public assets. Therefore, a VASP is completely able to monitor a customer’s transactions (e.g. deposits, withdrawals, trades), and compare transaction patterns and volumes with the expected behavior, based on the VASP’s understanding of the nature of the customer or their business (as determined during the CDD checks).
As a party engaging in its customers’ transactions (either as a recipient, in the case of deposits, or a sender, in the case of withdrawals), a VASP has visibility of the transaction details. This allows the VASP to detect transaction patterns that do not match that customer’s expected behavior and investigate further to determine whether the unexpected behavior is suspicious.
Normally, VASPs would issue a unique deposit address to each customer, thus allowing deposits to be unequivocally attributed to a specific customer. It also requires that customers provide a payment address in order to receive withdrawals, allowing VASPs to conduct sanctions screening, or restrict withdrawals to white-listed addresses.
In the same way that VASPs can monitor a customer’s transactions, they can also keep records of those transactions. It is important to note that the VASP always knows the payment address to which a withdrawal is sent.
Suspicious Transaction Reports
The ability to carry out transaction monitoring ensures that a VASP is able to detect any suspicious activity on the part of its customers. The ability to maintain records of its customers’ transactions ensures that the VASP possesses adequate information to make suspicious transaction reports where appropriate.
Incognito should be designed to be compliant with the Travel Rule. The required originator and beneficiary information can be attached directly to a shielded transaction using the encrypted memo field. As the name implies, the contents of this field are encrypted when the transaction is added to the blockchain, thus preventing inappropriate or unauthorized disclosure of personal information.
This is the second task we will be working on:
- Incognito wallet may prompt a user to attach the necessary information to a transaction via an encrypted memo.
- A compliance tool that allows customers to show their funds’ origin, and VASPs can verify the validity of the historical statements as well.
Practical deterrence makes the network less susceptible to illegitimate use in a credible manner. As user security is a key privacy benefit, our goal is to ensure deposits and withdrawals from on- and off-ramps can still be executed smoothly and reliably.
This is a controversial topic and there might be mixed opinions among our users, especially regarding censorship resistance. Your helpful suggestions are welcome and we will discuss further in the comments down below.