The Woman Who Saved Mt. Gox Herself

How massive regulatory failure inflated the failure of Mt. Gox.

March 1, 2014

[Note: My company is the plaintiff in a lawsuit involving many of the companies discussed below. I have never owned any Bitcoins, nor used any Bitcoin exchange, and neither has my company.]

One day after the bankruptcy of Mt. Gox, the former top Bitcoin exchange, questions are being raised in major media publications as to whether or not virtual currencies should be regulated. The Washington Post reports "Mt. Gox collapse spurs calls to regulate Bitcoin." The PBS NewsHour asks "Will Mt. Gox's missing money prompt regulation on Bitcoin?"

They might as well ask whether the advent of automobiles will prompt the use of "traffic lights" in 2014. What both of these venerable media establishments do not seem to realize—and they're far from the only ones—is that in the United States, Bitcoin is already regulated. It is heavily regulated, in fact. A complex maze of forty-seven state and at least ten federal laws and numerous federal regulations combine to regulate Bitcoin. It's so complicated, however, that a Gawker Media reporter recently dismissed via Twitter a critic's suggestion that Bitcoin is regulated with "now you're hedging a lot, I'm not even really sure what argument you're attempting to make." The argument his critic was rightly trying to make was that the media coverage has been, in the critic's words, "godawful."

The media does the public a major disservice when it rushes to report on a phenomenon it barely understands, and if the media's understanding of Bitcoin is poor, its understanding of the regulatory regime surrounding it is far worse. In another example of media tumult, the recent story that Fed Chairwoman Janet Yellen testified before Congress stating that the Fed had no authority to regulate Bitcoin was taken by some as a kind of surprise victory indicating that the federal government would allow Bitcoin to "continue" unregulated. What Yellen actually said was that the Federal Reserve Board of Governors specifically, at this present time, lacks Congressional authority to regulate Bitcoin because that Congressional authority has already been delegated elsewhere, specifically, to the United States Department of the Treasury's FinCEN division and the various states. This is just about the opposite of what many think she said.

So with all of this regulation, why did Mt. Gox still fail? On the surface, it might seem as though it failed because it was located in Japan, which is clearly not in the United States. The reality is that location of any business is irrelevant so long as the customers are in the United States. With Mark Karpeles in charge, Mt. Gox may have been on track to fail no matter what. But Mt. Gox failed with millions of United States dollars missing from its accounts because regulators in the United States turned a blind eye even they were warned again, and again, and again.

Money doesn't just get from Wisconsin and San Francisco to Tokyo by magic. Our financial institutions are carefully interconnected, and in order to make international payments of the traditional sort, one typically has to make a concerted effort and pay sizable fees. Ironically, this is one of the problems Bitcoin enthusiasts claim that the technology solves—but you still have to start somewhere.

In the case of Mt. Gox, and the Silk Road as well, that somewhere was for many years a company called Dwolla in the middle of Iowa. Dwolla's founder, Ben Milne, was featured on the cover of the MIT Technology Review as a brilliant innovator, but about the time that his picture was appearing on airport newsstands nationwide, Ben was in a lot of trouble. Along with about twenty other Bitcoin-related companies and investors, Dwolla had received a subpoena for information from the New York Department of Financial Services.

New York wasn't the only state that should have been curious about Dwolla. In 2011, my company, Think Computer Corporation, filed complaints about 34 companies with the then-Department of Financial Institutions of the State of California (DFI), Dwolla among them. The problem was that California's DFI wouldn't tell me how much capital Think would need to apply for a money transmission license, and had threatened to put me in jail personally if we continued to operate the mobile payment system I had worked on for three years. Meanwhile, DFI was letting all of Think's competitors do whatever they wanted, whether they had a license or not.

Dwolla had initially had an Iowa money transmission license, but it relinquished it when it discovered, likely thanks to some clever lawyering, that it could simply trick the regulatory world into thinking that it qualified for a loophole: Dwolla simply started calling itself an "agent" of a financial institution. So long as it could keep the regulators off its back, it could continue funneling money to Mt. Gox in Japan through the use of a special Dwolla account belonging to Mt. Gox's Delaware-based subsidiary, Mutum Sigillum LLC.

The trick worked. To this day, no one has reported on the enormous red flag that has been displayed in plain sight for all the world to see on Dwolla's home page for months: its "Important information about Dwolla's Financial Partner." It reads as follows:

Financial institutions play an important role in the Dwolla network. Dwolla, Inc. is an agent of Veridian Credit Union and all funds associated with your account in the Dwolla network are held in a pooled account at Veridian Credit Union. These funds are not eligible for individual insurance, and may not be eligible for share insurance by the National Credit Union Share Insurance Fund. Dwolla, Inc. is the operator of a software platform that communicates user instructions for funds transfers to Veridian Credit Union.

What Dwolla is attempting to do with this statement is qualify for two loopholes at once: one on the federal level that allows software vendors, or "payment processors," to avoid being considered money services businesses; and another on the state level that exempts banks, credit unions, and their agents from money transmission laws. Unfortunately, Dwolla's disclaimer is so convoluted it ends up being self-contradictory.

Agents of other companies do work on their behalf. An agent of a bank, such as a company that resells credit card processing services, actually brings customers into that bank. The revenues from those customers go to the bank, and the costs associated with their transactions appear on the bank's balance sheet as well. The agent may receive a commission, but fundamentally the bank's interests come first.

Dwolla's disclaimer references a "pooled account." Pooled accounts are used by money transmitters to store assets belonging to a number of customers all in one place, while a general ledger (usually in the form of computer software) keeps track of whose funds belong to whom. In other words, there would be no need to use a pooled account unless the funds belonged to Dwolla—which means that Dwolla is not an agent of anyone at all. It's a money transmitter.

When the United States Department of Homeland Security seized Mutum Sigillum LLC's Dwolla account over the summer of 2013, it left Dwolla the company alone. But it shouldn't have. Dwolla's relationship with Veridian Credit Union had already come under scrutiny by industry publication PaymentSource in November, 2012.

With Dwolla operating as an unlicensed money transmitter, the only entity left to scrutinize was Veridian. This small credit union in Des Moines was responsible for funneling potentially hundreds of millions of dollars to Mt. Gox and the Silk Road through its "strange symbiosis" with Dwolla. The individual in charge of overseeing Veridian was (and remains) JoAnn Johnson, Superintendent of Credit Unions with the Iowa Division of Credit Unions. Prior to her role in Iowa's government, she was the chairwoman of the NCUA, the National Credit Union Administration, or the FDIC equivalent for credit unions.

On November 1, 2013, three days after Dwolla quietly told its customers that it would no longer handle Bitcoin-related transactions, I filed a formal complaint with the NCUA about Veridian Credit Union and its relationship with Dwolla, which I asserted was being falsely advertised. Since Veridian has a state charter, the complaint was forwarded to the Iowa Division of Credit Unions and the Consumer Financial Protection Bureau, which determined that it did not have any jurisdiction. On December 2, 2013, I received a written reply to my complaint from JoAnn Johnson herself. It stated:

"We are concerned that your complaint appears to make unsubstantiated allegations. You have not provided evidence of any statutory or regulatory violation by Veridian Credit Union. There is no regulatory or statutory infraction by having Dwolla act as a legal agent of Veridian Credit Union. The credit union is examined regulary, including for Bank Secrecy Act compliance. Please be aware that false statements against the credit union, without any basis in fact, may be a violation of Iowa Code §533.508(2), which prohibits the malicious or intentionally deceptive circulation of false statements which may otherwise injure or tend to injure the business or goodwill of a state credit union."

In other words, in retaliation for filing a confidential complaint through proper channels about a financial institution involved (though not directly, of course) in the loss of approximately $500 million, that institution's regulator came back and threatened me with what would seem to be carefully-worded criminal charges.

While JoAnn Johnson could have taken my complaint and investigated Veridian's activity with regard to Dwolla, Mt. Gox, and the warrant obtained by the Department of Homeland Security, she instead did nothing except try to shut me up. The question we should all be asking is, why? Did she know something we didn't?

So I reported her to the United States Department of Justice, which in turn sent my letter to the Federal Bureau of Investigation.

I don't know if anything will come of my complaint. But I do know that the failure of Mt. Gox, while perhaps not completely preventable, could have been mitigated considerably if Johnson had done her job in Iowa.

Of course, Johnson is not alone in her utter incompetence as a financial regulator. She has good company in virtually every state in the union, none of which took action despite Mt. Gox's nationwide reach. I have written in the past in considerable depth about the failings of California's DFI, which is now the Department of Business Oversight, run by Washington Mutual's former chief lobbyist, Jan Lynn Owen.

The fact of the matter is that it's time to fix the non-bank regulatory system so that incidents ranging from MF Global to Peregrine Financial to Mt. Gox can be avoided. Bitcoin doesn't need special treatment from New York. It needs the same treatment as every other financial instrument, and that treatment needs to come from Washington.

To my knowledge, I am the only individual or company representative who has proposed a detailed framework to reform non-bank financial regulation. The entrepreneurs and investors hoping to profit from Bitcoin, such as the founders of Coinbase and now the unfortunately-named Buttercoin (actually called Digital Currencies FinTech Company, Inc.), have been too busy trying to bring Mt. Gox's customers into their own illegal operations to bother talking to Congress about fixing the laws that would protect them. They consistently refuse to answer questions about why their companies are unlicensed. The regulators consistently refuse to answer questions about why they do nothing. It's a sad state of affairs.

We should regulate Bitcoin, and we have. We've just done it in such an asinine and confusing manner, that it encourages, rather than prevents, financial fraud.