Full Width 
Shortcuts 
Sign Up 
Log In 
Articles 
Reading List More from Moneyness
It appears to be official now. According to the U.S. Department of Justice, when illicit activity is routed via crypto infrastructure, then it no longer qualifies as money laundering. Earlier this week the Department of Justice's deputy attorney general Todd Blanche sent out an internal staff memo saying that the digital asset industry (read: crypto) is "critical to the nation’s economic development." (Editor's note: it's not.) As such, staff have been instructed to stop targeting crypto platforms such as exchanges, mixers like Tornado Cash and ChipMixer, and offline wallets for the "acts of their end users." What does "the acts of their end users" mean? Further clarity arrives deeper into Blanche's memo. It helpfully draws attention to how cartels operating in the fentanyl trade often use digital assets. This is well known. Tether, for instance, is a popular payments platform in the fentanyl trade. (See here, here, and here). And yet, the Department goes on to explain that while it will continue to pursue cartels, terrorist organizations, and other illicit enterprises for their financial crimes, it "will not pursue actions against the platforms that these enterprises utilize to conduct their illegal activities." This marks a radical departure from long-established financial law on Planet Earth, where financial institutions are generally held responsible for the "acts of their end users," and are pursued when criminals use them to "conduct their illegal activities." It's what's known in law as money laundering. Money laundering is a two-sided crime. There's the first leg: a criminal who has dirty money. And there is the second leg: the criminal's counterparty, a financial intermediary (a bank, crypto exchange, remittance platform, money courier, or helpful individual) who processes the dirty funds. Both legs are prosecutable. That's precisely what happened to both TD Bank and its cartel-linked customers when they were charged last year. Financial providers are held liable for the crimes of their users. The same two-sidedness goes for sanctions evasion. There is the sanctioned party and there is the financial platform that facilitates their evasion. Both are indictable. If, as Blanche suggests, digital asset platforms are no longer to be targeted for the "acts of their end users," that's effectively saying that the second leg of a money laundering or sanctions violation is no longer a violation, at least not when a crypto platform is involved. So if cartel deposits dirty money at an exchange like Binance which facilitates their crypto transactions, the exchange won't be pursued. Only the cartel will be. In effect the entire technology has been handed a get-out-of-money-laundering-jail-free card. A detached observer could safely assume that crypto platforms will respond by easing up on their compliance measures—they won't be indicted, after all—which, in turn, will allow more bad actors to make use of their services. The memo provides more details. It's quite likely that both the ongoing Tornado Cash case (which I've written about extensively) and the ChipMixer case will be dropped, as the memo explicitly states that the Department will no longer target mixing and tumbling services. Tornado Cash, a smart-contract based mixer, operates with a large proportion of its infrastructure running through automated code, whereas first-generation mixers like ChipMixer are entirely human-operated. The latter had mostly disappeared thanks to a series of successful criminal convictions, but will spring back into action as the threat of indictment recedes—leading to more anonymity for the entire system, including for criminals. The memo's prohibition against Department lawyers targeting "offline wallets" likely refers to "unhosted wallets," which presumably applies to stablecoins—a highly popular type of crypto token pegged to national currencies. Stablecoin users can either hold balances of a stablecoin like Tether or USDC in unhosted format, within their personal crypto wallets, or hold them with the issuer for redemption into actual dollars, in which case they become "hosted." The implication seems to be that if unhosted stablecoins are used by bad actors, the issuers themselves won't be targeted. It's a fantastic policy—if your goal was to encourage fentanyl cartels to use stablecoins. This decriminalization of crypto money laundering is a ratification of how much of the crypto ecosystem already operates. Just last week, for example, I wrote about stablecoin issuers like Tether and Circle allowing Garantex, a sanctioned Russian exchange, to hold balances of their stablecoins. The issuers seem to believe that providing access to illicit end users like Garantex is legal. And now, it seems, the government has confirmed their view by no longer targeting unhosted wallets for the "acts of their end users." Now that we've explored some of the immediate legal and technical consequences of this decision, it's worth asking: who on earth benefits from this sudden shift in policy? Because clearly most people will be made worse off. I'm only speculating, but here's who this policy may be designed to appease and/or reward: Trump-voting libertarians who have arrived at the odd belief that money laundering shouldn't be a crime. San Francisco crypto entrepreneurs who want to create financial platforms on the cheap, without the burden of building expensive compliance programs to prevent criminals usage. These entrepreneurs also want their crypto platforms to have access to bank accounts, but banks have been hesitant due to the high risk of crypto-based money laundering. Now that crypto has immunity, banks no longer have to worry. Crypto entrepreneurs voted for Trump, funded him, and are a big part of his administration. This is their payback. Trump himself who seems intent on building a murky authoritarian system of bribery and patronage à la Putin or Orban. This system requires money laundering-friendly financial infrastructure, and the Department's memo may be an early step to creating it. (The Trump family, with its many crypto-based entrepreneurial efforts, is also part of the second group.) In the long term, banks and other traditional providers may benefit, too. With crypto-based finance now unburdened of a major law, every single financial provider operating outside of this crypto-friendly zone, such as traditional banks and fintechs, will be incentivized to switch their database infrastructure over to crypto in order to qualify for this loophole. That means shifting your Wells Fargo U.S. dollar savings account over to a blockchain-based dollar saving account. Doing so will allow banks and fintechs to cut compliance costs and increase their profits. Once the entire financial sector has migrated through the loophole, it will no longer be a crime to launder funds for criminals. And with mixers no longer being charged by the Department of Justice, that means blanket anonymity for everyone. As far as the public's welfare goes, the memo is awful. Like theft and fraud, money laundering is immoral and should be punished. Giving one stratum of society a free pass from any law, whether that be money laundering or theft or murder, erodes trust in government and the financial-legal system. More broadly, society's money laundering laws are a key defence against all types of other crimes. The so-called predicate offences to money laundering such as robbery, human smuggling, and corruption become much more tricky to carry out when, thanks to money laundering laws, the financial system does its best to shut them out. The dissuasive effect engendered by this effort stops many would-be criminals from ever leaving the licit economy. Take away those laws and the case for becoming a criminal becomes much more persuasive.
Stablecoins, a new type of financial institution, are unique in two ways. First, they use decentralized databases like Ethereum and Tron to run their platforms. Secondly, and more important for the purposes of this article, they grant access to almost anyone, no questions asked. I'm going to illustrate this openness by showing how Garantex, a sanctioned Russian exchange that laundered ransomware and darknet payments, has enjoyed almost continual access to financial services offered by stablecoin platforms like Tether and USDC throughout its six year existence, despite a well-known reputation as a bad actor. Last month, law enforcement seizures combined with an indictment and arrest of Garantex's operators appear to have finally severed Garantex's stablecoin connection... or not. Evidence shows that Garantex simply rebranded and slipped right back onto stablecoin platforms. Stablecoins' no-vetting model is a stark departure from the finance industry's default due diligence model, adhered to by banks (such as Wells Fargo) and fintechs (such as PayPal). We all know the drill—provide two pieces of ID to open a payments account. Requirements for businesses will probably be more onerous. Anyone on a sanctions list will be left at the door. Banks and fintechs must identify who they let on their platforms because the law requires it. By contrast, to access the Tether or USDC platforms, the two leading U.S. dollar stablecoins, no ID is required. Anyone can start using stablecoin payments services without having to pass through a due diligence process. Sanctioned customers won't get kicked off, as Garantex's long-uninterrupted access shows. Regulators seem to tolerate this arrangement—so far, no stablecoin operators have faced penalties for money laundering or sanctions evasion. A quick history of the Tether-Garantex nexus Garantex became notorious early on for its role in laundering ransomware payments. Russian ransomware gangs hacked Western firms, extorted them for bitcoin ransoms, and cashed out at Moscow-based exchanges like Garantex. Garantex also became a popular venue for laundering darknet-related proceeds, particularly Hydra, once the largest darknet market. Reports allege that the exchange's shareholders have Kremlin links and that terror groups Hezbollah and Quds Force have used it. Founded in 2019, Garantex was connected to Tether's platform by August 2020. We know this because an archived version of Garantex's website from that month show trading and payment services being offered using Tether's token, USDT. Archived Garantex.org trading page from March 2024 with USDT-to-ruble, Dai-ruble, and USDC-ruble markets [link] This connection to Tether allowed Garantex's customers to transfer their Tether balances to Garantex's Tether wallet, in the same way that a shopper might use their U.S. dollar account at PayPal to make payments to a business with a PayPal account. This allowed Garantex's users to trade U.S. dollars (in the form of Tether) on its platform for bitcoins or ether, two volatile cryptocurrencies, and vice versa. The Tether linkage also meant that Garantex could offer a market for trading ruble-USD. By April 2022, Garantex's bad behaviour had caught up to it: the exchange was sanctioned by the U.S. Treasury's Office of Foreign Asset Control (OFAC). U.S. individual and entities were now prohibited from doing business with Garantex. Out of fear of being penalized, most non-Russian financial institutions would have quickly severed ties with it. Yet Tether, based in the British Virgin Islands at the time, permitted its relationship with Garantex to continue without interruption. Archived copies of Garantex's trading page from mid-2022 and 2023 show that Tether-denominated services were still being offered. The Wall Street Journal reported in 2023 that around 80% of the exchange’s trading involved Tether, despite sanctions being in place. The net amounts were not small. According to Bloomberg, an alleged $20 billion worth of Tether had been transacted via Garantex post-sanctions. A 2024 Wall Street Journal report revealed that sanctions-evading middlemen used Tether to "break up the connection" between buyers like Kalashnikov and sellers in Hong Kong, with Garantex serving as their venue for acquiring Tether balances. Finally, analysis from Elliptic, a blockchain analytics firm, alleges that Garantex offered USDT trading services to North Korean hacking group Lazarus in June 2023. This transaction flow is illustrated below: The Garantex/Tether nexus in 2023: Elliptic alleges that North Korean hackers stole ether from Atomic Wallet, converted it to Tether using a decentralized exchange 1inch, and then sent Tether to Garantex to trade for bitcoin. (Click to enlarge.) Source: Twitter, Elliptic Tether's excuse for not off-boarding sanctioned entities such as Garantex? A supposed lack of government clarity. When Tornado Cash was sanctioned in 2022, for instance, the company said that it would "hold firm" and not comply because the U.S. Treasury had "not indicated" whether stablecoin issuers were required to ban sanctioned entities from using what Tether refers to as "secondary market addresses." Translating, Tether was saying that if bad actors wanted to use Tether's platform to transact with other Tether users (i.e. in the "secondary market"), it would let them do so. Tether's only obligation, the company believed, was to stop sanctioned users from asking Tether itself to directly cash them out of the platform into U.S. dollars (i.e. the "primary market"). This is quite the statement. Imagine if PayPal allowed everyone—including sanctioned actors—to open an account without ID and send funds freely within its system, only intervening when bad actors asked PayPal to cash them out into regular dollars. That was Tether's stance. Or if Wells Fargo let sanctioned actors make payments with other Wells Fargo customers, but only stopped them from withdrawing at ATM. Banks and fintechs can't get away with such a bare bones compliance strategy; they must do due diligence on all their users. But Tether seemed to believe that a different set of rules applied to it. In December 2023, Tether reversed course. It would now initiate a new "voluntary" policy of freezing out all OFAC-listed actors using its platform, not just "primary market" sanctioned users seeking direct cash-outs. This brought Tether into what it described as "alignment" with the U.S. Treasury. Soon after, Tether froze three wallets linked by OFAC in 2022 to Garantex. However, this action was largely symbolic. By the time Tether froze those wallets, Garantex had already abandoned them and opened new ones, thus allowing the exchange to maintain access to Tether's platform. Tether's no-vetting model permitted this pivot. Archived versions of Garantex's trading page show that it continued offering Tether services throughout 2024 and early 2025. The U.S. Department of Justice recently confirmed Garantex's tactic of replacing wallets in its March 2025 indictment of the exchange's operators. It alleges that Garantex frequently cycled through new Tether wallet addresses—sometimes on a daily basis—to evade detection by U.S.-based crypto exchanges like Coinbase and Kraken, which are legally required to block customer payments made to sanctioned entities. That the relationship between Tether and Garantex continued even after Tether's supposed 180 degree turn to "align" itself with the U.S. government is backed up by several reports from blockchain analytics firm Chainalysis. The first, published in August 2024, found that a large purchaser of Russian drones used Garantex to process more than $100 million in Tether transactions. The second describes how Russian disinformation campaigners received $200,000 worth of Tether balances in 2023 and 2024, much of it directly from Garantex. In a March 2024 podcast, Chainalysis executives allege that "a majority" of activity on Garantex continued to be in stablecoins. After years of regular access to Tether's stablecoin platform, a rupture finally occurred earlier this month when Tether froze $23 million worth of Garantex's USDT balances at the request of law enforcement authorities. The move came in conjunction with a seizure by law enforcement of Garantex's website and servers. Garantex's website was seized in March 2025 by a collection of law enforcement agencies. In a press release, Tether claimed that its actions against Garantex illustrated its ability to "track transactions and freeze USDt." But if Tether was so good at tracking its users, why did it connect a sanctioned party like Garantex in the first place, and continue to service it for over four years? Something doesn't add up. Not just Tether: other stablecoins offered Garantex access, too Tether doesn't appear to have been the only stablecoin platform to provide Garantex with access to its platform. MakerDAO (recently rebranded as Sky) and Circle Internet may have done so, too. Circle, based in Boston, manages the second-largest stablecoin, USDC. When OFAC put Garantex on its sanctions list in April 2022, Circle was quick to freeze one of the designated addresses. It did no hold any USDC balances. However, like Tether, Circle's no-vetting policy means that it doesn't do due diligence on users (sanctioned or not) who open new wallets, hold USDC in those wallets, and use them to make payments within the USDC system. Circle only checks the ID of users who ask it to cash them out. Thus, it would have been a cinch for Garantex to dodge Circle's initial freeze: just open up a new access point to the USDC platform. Which is exactly what appears to have happened. On March 30, 2022, Garantex used its Twitter/X account to announce that it was offering USDC-denominated services. Beginning at some point in the first half of 2022, close to the time that the U.S. Treasury's sanctions were announced, Garantex began to list USDC on its trading page (see screenshot at top). The exchange's trading page continued to advertise USDC-denominated financial services through 2023, 2024, and 2025 until its website was seized last month. Tether, Circle's competitor, proceeded to freeze $23 million worth of USDT on behalf of law enforcement authorities, as already outlined. However, respected blockchain sleuth ZachXBT says that Circle did not itself interdict Garantex's access to the USDC payments platform, alleging that "a few Garantex addresses" holding USDC had not been blacklisted. MakerDAO is a geography-free financial institution that maintains and governs the Dai stablecoin, pegged to the U.S. dollar. Archived screenshots show that Garantex added Dai to its trading list by September 2020, not long after the exchange had enabled Tether connectivity. According to blockchain analytics firm Elliptic, Russian ransomware group Conti has used Garantex to get Dai-denominated financial services. Garantex is able to access the Dai platform because MakerDAO uses the same no-vetting model as Tether. In fact, MakerDAO takes an even more hands-off approach than the other stablecoin platforms: it didn't seize any of the original 2022 addresses emphasized by OFAC. That's because Dai was designed without freezing functionality. Not vetting users is lucrative Providing financial services to a sanctioned Garantex would have been profitable for Tether and competing stablecoin platforms managed by Circle and MakerDAO. All stablecoins hold assets—typically treasury bills and other short term assets—to "back" the U.S. dollar tokens they have issued. They get to keep all the interest these assets generate for themselves rather than paying it to customers like Garantex. If we assume an average interest rate of 5% and that Garantex maintained a consistent $23 million in Tether balances over the 34 months from April 2022 (when it was sanctioned) to March 2025 (when it was finally frozen out), Tether could have earned approximately $3.2 million in interest courtesy of its relationship. Not only does their no-vetting model mean that stablecoin platforms get to earn ongoing income from bad actors like Garantex, this model also seems... not illegal? Stablecoin legal teams have signed off on the setup, both those in the U.S. and overseas. Government licensing bodies like the New York Department of Financial Services don't seem to care that licensed stablecoins don't ask for ID, or at least they turn a blind eye. (Perhaps these government agencies are simply unaware?) Nor has the U.S. Department of Justice indicted a single stablecoin platform for money laundering, sanctions violations, or failing to have a compliance program, despite it being eleven years now since Tether's no-vetting model first appeared. The model seem to have legal chops. Or not? Banks and fintechs are no doubt looking on jealously at the no-vetting model. Had either PayPal or Wells Fargo allowed Garantex to get access to their payments services, the punishment would have been a large fine or even criminal charges. Sanctions violations are a strict liability offence, meaning that U.S. financial institutions can be held liable even if they only accidentally engage in sanctioned transactions. But more than a decade without punishment suggests stablecoins may be exempt. This hands-off approach benefits stablecoins not only on the revenue side (i.e they can earn ongoing revenues from sanctioned actors). It also reduces their costs: they can hire far fewer sanctions and anti-money laundering compliance staff than an equivalent bank or fintech platform. Tether earned $13 billion in last year with just 100 or so employees. That's more profits than Citigroup, the U.S.'s fourth largest bank with 229,000 employees, a gap due in no small part to Tether's no-vetting access model. The coming financial migration? Zooming out from Garantex's stablecoin experience, what is the bigger picture? I suspect that a great financial migration is likely upon us. Financial institutions can now seemingly provide services to the Garantex's of the world as long as the deliver them on a new type of substrate: decentralized databases. If so, banks and fintechs will very quickly shift their existing services over from centralized databases to decentralized ones in order to take advantage of their superior revenue opportunities and drastically lower compliance costs. This impending shift isn't from an inferior technology to a superior one, but from an older rule-bound technology to a rule-free one. PayPal recently launching its own stablecoin is evidence that this migration is afoot. The argument many stablecoins advocates make to justify the replacement of full due diligence with a no-vetting access model is one based on financial inclusion. Consumers and legal businesses in places such as Turkey or Latin America, which suffer from high inflation, may want to hold digital dollars but don't necessarily have access to U.S. dollar accounts provided by local banks, perhaps because they don't qualify or lack trust in the domestic banking system. An open access model without vetting solves their problem. What about the American voting public? Do they agree with this migration? The last few decades have been characterized by a policy whereby the government requires financial institutions to screen out dangerous actors like Garantex in order to protect the public. Forced to the fringes of the financial system, criminals encounter extra operating dangers and costs. The effort to sneak back in serves as an additional choke point to catch them. To boot, the additional complexity created by bank due diligence serves to dissuade many would-be criminals from engaging in crime. Is the public ready to let the Garantexes back in by default? I'm not so sure it is. Tether is available at Grinex, a Garantex reboot. [link] Garantex's stablecoin story didn't end with last month's seizures and indictment. According to blockchain analytics firm Global Ledger, the exchange has been renamed Grinex and continues to operate. Tether services are already available on this new look-alike exchange, as the screenshot above reveals. Global Ledger says that $29.6 million worth of Tether have already been moved to Grinex as of March 14, 2025. This is the reality of an open-access, no-vetting financial system: bad actors slip in, eventually get cut off, and re-enter minutes later—an endless game of whack-a-mole that seems, for now at least, to be tolerated. It will only get larger as more financial institutions, eager to cut costs, gravitate to it.
BMO Financial Center at Market Square in Milwaukee, Wisconsin. Donald Trump has said he wants to use "economic force" against Canada. In my previous post, I worried that one way this force could be wielded was through Canada's dangerous dependence on U.S.-controlled MasterCard and Visa. But there's an even bigger risk. Canadian banks with large U.S. operations may have become unwitting financial hostages in Trump's 51st state strategy. As recently as a few months ago, back when things still seemed normal, it was widely accepted that big Canadian banks needed a U.S. expansion strategy. If one of our Big-6 banks wasn't building its U.S. banking footprint, its stock outlook suffered. Canada is a mature, low-growth banking market, after all, whereas the U.S. market remains fragmented and ripe for consolidation. This motivated a steady Canadian trek into U.S. branch banking. BMO entered the U.S. in the 1980s and steadily expanded, most recently acquiring Bank of the West in 2023, making it the 13th-largest U.S. bank. TD Bank entered in the early 2000s and has since climbed to 10th place. Given this trajectory, by 2030 or 2035, one of the U.S.’s five largest banks could very well have been Canadian. This strategy hasn’t been without flaws. Royal Bank's first U.S. retail banking foray, its acquisition of Centura, eventually failed, though its second attempt has been more successful. TD just paid the largest anti-money-laundering fine in U.S. history. But overall, the move south has been profitable for Canadian banks and their shareholders, who constitute a large chunk of the Canadian population. The U.S. has benefited, too. Canadians have historically been decent bankers, having got through the 2008 credit crisis unscathed. Allowing a bigger slice of the American market to fall under the prudential management of Canadian executives probably isn't a bad thing, TD's money laundering gaff notwithstanding. But in just a few months, Trump has upended this entire calculus. Canada is now a U.S. enemy, or at least no longer a friend. We are somewhere on Trump's timeline to becoming the 51st state, against our wishes. Our existing border treaties are no longer valid, says the President, and need to be redrawn. Trump has threatened to use "economic force" as his weapon to achieve this. The attacks have already begun, beginning with tariffs to soften us up for final annexation. Next up? My worry is that Canada's banking industry may become a second front in this war, and the hint is a stream of strange pronouncements from Trump and his surrogates about Canadian banking. According to Trump, the Canadian banking system is stacked against U.S. banks: "Canada doesn’t allow American Banks to do business in Canada, but their banks flood the American Market. Oh, that seems fair to me, doesn’t it?" This grievance is false, as I explained last month, but accuracy probably isn't the point. A charitable reading is that Trump is laying the groundwork for U.S. banks to gain more access to Canada’s banking sector—a manageable concern. My worry is that it's the reverse. His complaints may signal a shift in how Canadian banks operating in the U.S. are to be treated. Trump may have teed up a financial version of the Gulf of Tonkin incident; an imaginary affront that can serve as a pretext for justifying aggressive action against Canadian banks' U.S. subsidiaries. After years of U.S. expansion, Canada’s largest banks now have relatively large American retail banking footprints, making them tempting financial hostages. Both TD Bank and Bank of Montreal now have more branches in the U.S. than in Canada. Nearly half of BMO's revenue (44%) come from south of the border while in TD's case it's 38%. Royal Bank also has deep ties. According to a recent Bank of Canada paper, half of the Big 6 Canadian banks' assets are now foreign, far more than the roughly 40% or so in 2014, with much of that chunk being American assets. Is TD just another bank doing business in Florida, or a financial hostage? By damaging their large U.S. subsidiaries, Trump would directly weaken the Canadian parent companies, potentially causing havoc with the overall Canadian banking system. And a weakened financial sector plays right into Trump’s stated goal of economically undermining Canada in order to annex it. How can Trump hurt Canadian banks' U.S. subsidiaries? Trump and his allies control much of the U.S. financial regulatory apparatus, and he has shown little regard for legal constraints. To begin with, he could set the FBI and Department of Justice on Canadian banks, increasing scrutiny of TD, BMO, and Royal Bank’s U.S. operations under the guise of enforcing anti-money-laundering laws. More surveillance would inevitably lead to a wave of fines. To avoid punishment, a Canadian bank operating stateside will have to spend much more on anti-money laundering measures than an equivalent U.S. bank. Another tactic could be limiting access to shared financial infrastructure, such as government liquidity programs or bank deposit insurance. Trump could also try to increase the hoops that TD, BMO, and RBC must leap through to maintain their all-important accounts at the Federal Reserve, which provides access to Fedwire, the U.S.'s crucial large-value payments system. Trump’s regulators could also impose higher capital requirements on Canadian banks compared to their U.S. peers, forcing the parents to divert ever more resources to their U.S. subsidiaries. If Canadian banks are squeezed hard enough, they may eventually be forced to sell their U.S. operations at distressed prices. Trump could worsen this situation by imposing punitive exit fees, ensuring that Canadian banks take even bigger losses on the sale of their U.S. subsidiaries. The impairments caused to the parents' bank balance sheets would weaken the Canadian banking system and might even force the Federal government to step in with financial aid. Meanwhile, the discounted assets of Canadian banks could be handed over to Trump’s preferred U.S. banking CEOs. Trump, after all, seems to be on course to building a kleptocracy, and key to that is the leader's ability to generate a series of gifts (i.e. acquisition approvals) that can be bestowed on business leaders who have demonstrated their obeisance. To limit the damage, Canada may need to act quickly. The first step is freezing any further U.S. investment by BMO and the others. If Canadian banks are already financial hostages, deepening their exposure would be reckless. Bank executives may very well have already halted their U.S. growth plans of their own accord, but if not, high-level discussions with Canadian officials should drive home the urgency of the situation. Instead of doubling down on the U.S., Canadian banks should pivot toward growth opportunities in Europe, the U.K., Australia, Latin America, and Asia. Our banks have histories dealing with these geographies. Bank of Nova Scotia, for instance, is one of the leading banks in the Caribbean and Central America. Finally, there’s also a case to be made for a preemptive retreat. Bank of Montreal, Royal Bank, and TD Bank could start selling off their U.S. operations today before things escalate. It's a terribly difficult step to take; Canadian banks have spent decades painstakingly building their U.S. franchises. But by exiting now, they could secure better prices and avoid becoming tools for harming Canada down the road. What was once a symbol of Canadian financial success—our banks’ expansion into what used to be a friendly U.S.—has become a national security risk. Hoping Trump forgets his fixation on the Canadian banking system and his dream of annexing us is not a strategy. There’s a high chance he won’t, and Canada must prepare accordingly.
We're all busy doing our best to boycott U.S. products. I can't buy Special K cereal anymore, because it's made in the U.S. by Kellogg's. But I'm still buying Shreddies, which is made in Niagara Falls, Ontario. Even that's a grey area, since Shreddies is owned by Post, a big American company. Should I be boycotting it? Probably. However, the disturbing thing is that I'm paying for my carefully-curated basket of Canadian groceries with my MasterCard. If we really want to avoid U.S. products, we can't just vet the things we are buying. We also need to be careful about how we are doing our buying. Our Canadian credit cards are basically made-in-U.S. goods. They rely on the U.S-based Visa or MasterCard networks for processing. Each credit card transaction you make generates a few cents in revenue for these two American mega-corporations. It doesn't sound like much, but when multiplied by millions of Canadians using their cards every day, it adds up. Vigilant Canadians shouldn't be using them. Canadians who want to boycott American card networks have two options. Go back to paying with cash, which is 100% Canadian. Or transact with your debit card. Debit card transactions are routed via the made-in-Canada Interac debit network.* We're lucky to have a domestic debit card option. Our European friends are in a worse position, since many European countries (Poland, Sweden, the Netherlands, Finland, and Austria) are entirely reliant on MasterCard and Visa for both debit and credit card transactions. Unfortunately, going back to debit cards means doing without all of the consumer protection that credit cards offer in an online environment. Worse, you're giving up your credit card rewards or cash back. If you don't pay with your 2% cash back credit card, for instance, and use your debit card instead, which doesn't offer a reward, you're effectively losing out on $2 for every $100 you spend. This should illustrate to you, I hope, the golden shackles imposed on us by our U.S.-based credit cards. It's fairly easy to replace your American-grown tomatoes with Mexican ones or your U.S.-made car with a Japanese car. But networks, which tend towards monopolization, are not so easy to bypass. Which gets us into the meatier issue of national sovereignty. The difficulty we all face boycotting the MasterCard and Visa networks reveals how Canada has let itself become over-reliant on these critical pieces of U.S financial infrastructure. My fear is that our neighbour's political leadership is only going to fall further into authoritarianism and belligerence, eventually making a play to slowly annex Canada—not by invasion, but by "Canshluss". If so, this will involve using our dependencies on U.S. systems, including the card networks, to extract concessions from us. "Canada, if you don't do x for me," says Trump in 2026, "we're TURNING OFF all your credit cards!" In anticipation, we need to remove this particular financial dependency, quick. We're already safe when it comes to debit cards; we've got Interac. But we need the same independence for our credit cards. More specifically, we need to pursue an end-goal in which all Canadian credit cards are "co-badged". That means our credit cards would be able to use both the Visa/Mastercard card networks and Interac (or, if Interac can't be repurposed for credit cards, some other yet-to-be-built domestic credit card network). With co-badging, if your credit card payment can't be executed by Visa because of a Trump freeze order, at least the Canadian network will still process it. This is how the French card system works. While much of Europe suffers from a massive dependency on MasterCard and Visa, France is unique in having built a 100% French card solution. The local Carte Bancaire (CB) network can process both French debit card transactions, like Interac can, but goes one step further by also handling French credit card purchases. Before paying for their groceries with a card, French card holders get to choose which network to use, the local one or the international one. THIS IS WHAT CANADA NEEDS: This French credit card, issued by Credite Agricole, is co-badged with the domestic Carte Bancaire (CB) network and the international MasterCard network. When incidents occur on one route (CB, for instance), traffic is automatically routed to the back-up route, MasterCard, and vice versa. I think that a Canadian solution to the Trump problem would look something like this French CB card. The incoming Carney government should move to co-sponsor a CB-style domestic credit card network along with the big banks (perhaps a simple upgrade to Interac will do?). All Canadian financial institutions that issue credit cards would be required to co-badge them so that Canadians can connect to this new network as well as Visa or MasterCard. Even if annexation never actually occurs, at least we've got a more robust card system in place to deal with outages arising from hacking or natural disasters. Along with France, we can take inspiration from India, which introduced their Visa/MasterCard alternative, Rupay, in 2012. Thirteen years later, RuPay is now a genuine competitor with the American card networks. I can't believe I'm saying this, but we can also use Russia as a model, which was entirely dependent on Visa and MasterCard for card payments until it deployed its Mir card network in 2016—in the nick of time before Visa and MasterCard cut ties in 2022. Europe will have to push harder, too. The EU has been trying to rid itself of its Visa and MasterCard addiction for over a decade now, without much luck. Its first attempt, the Euro Alliance of Payment Schemes, was abandoned in 2013. (In fact, one of the reasons the European Central Bank is exploring its own digital currency is to provide an alternative to the American card networks.) As Canada builds out its own domestic credit card workaround, we can learn from the European mistakes. The U.S. is no longer a clear friend. Boycotting U.S. products is one thing. But if we truly want to reduce the external threat, we need to build our own card infrastructure—before it's too late. * In-person debit payments are processed by the Interac network. However, online debit card transactions default to the Visa or MasterCard networks. While Interac does allow for online purchases, many retailers don't offer the option, and when they do, the checkout process requires the user to log into their online banking, which is more of a hassle than using a card.
More in finance
At the start of July, I updated my estimates of equity risk premiums for countries, in an semiannual ritual that goes back almost three decades. As with some of my other data updates, I have mixed feelings about publishing these numbers. On the one hand, I have no qualms about sharing these estimates, which I use when I value companies, because there is no secret sauce or special insight embedded in them. On the other, I worry about people using these premiums in their valuations, without understanding the choices and assumptions that I had to make to get to them. Country risk, in particular, has many components to it, and while you have to ultimately capture them in numbers, I wanted to use this post to draw attention to the many layers of risk that separate countries. I hope, and especially if you are a user of my risk premiums, that you read this post, and if you do have the time and the stomach, a more detailed and much longer update that I write every year. Country Risk - Dimensions When assessing business risk from operating in a country, you will be affected by uncertainty that arises from almost every source, with concerns about political structure (democracies have very different risk profiles than authoritarian regimes), exposure to violence (affecting both costs and revenues), corruption (which operates an implicit tax) and legal systems (enforcing ownership rights) all playing out in business risk. I will start with political structure, where the facile answer is that it less risky to operate a business in a democracy than in an authoritarian regime, but where the often unpalatable truth is that each structure brings its own risks. With democracies, the risk is that newly elected governments can revisit, modify or discard policies that a previous government have adopted, requiring businesses to adapt and change to continuous changes in policy. In contrast, an authoritarian government can provide long term policy continuity, with the catch being that changes in the government, though infrequent, can create wrenching policy shifts that businesses have to learn to live with. Keeping the contrast between the continuous risk of operating in a democracy and the discontinuous risk in an authoritarian structure in mind, take a look at this picture of how the world looked in terms of democracy leading into 2025: Source: Economist Intelligence Unit (EIU) It is worth noting that there are judgment calls that the Economist made in measuring democracy that you and I might disagree with, but not only is a large proportion of the world under authoritarian rule, but the trend lines on this dimension also have been towards more authoritarianism in the last decade. On the second dimension, exposure to violence, the effects on business are manifold. In addition to the threat that violence can affect operations, its presence shows up as higher operating costs (providing security for employees and factories) and as insurance costs (if the risks can be insured). To measure exposure to violence, from both internal and external sources, I draw on measures developed and updated by the Institute of Economics & Peace across countries in 2024: Institute of Economics & Peace The Russia-Ukraine war has caused risk to flare up in the surrounding states and the Middle East and central Africa continue to be risk cauldrons, but at least according to the Institute's measures, the parts of the world that are least exposed to violence are in Northern Europe, Australia and Canada. Again, there are judgments that are made in computing these scores that will lead you to disagree with specific country measures (according the Peace Institute, the United States and Brazil have higher exposures to violence than Argentina and Chile, and India has more exposure to violence than China), but the bottom line is that there are significant differences in exposure to violence across the world. Corruption is a concern for everyone, but for businesses, it manifests in two ways. First, it puts more honest business operators at a disadvantage in a corrupt environment, since they are less willing to break the rules and go along with corrupt practices than their less scrupulous competitors. Second, even for those businesses that are willing to play the corruption game, it creates costs that I would liken to an implicit tax that reduces profits, cash flows and value. The measure of corruption that I use comes from Transparency International, and leading into July 2025, and the heat map below captures corruption scores (with higher scores indicating less corruption), as well as the ten most and least corrupt countries in the world: Transparency International As you can see from the map, there are vast swaths of the world where businesses have to deal with corruption in almost every aspect of business, and while some may attribute this to cultural factors, I have long argued that corruption almost inevitably follows in bureaucratic settings, where you need licenses and approvals for even the most trivial of actions, and the bureaucrats (who make the licensing decisions) are paid a pittance relative to the businesses that they regulate. As a final component, I look at legal systems, especially when it comes to enforcing contractual agreements and property rights, central to running successful businesses. Here, I used estimates from the IPRI, a non-profit institution that measures the quality of legal systems around the world. In their latest rankings from 2024, here is how countries measured up in 2024: Property Rights Alliance In making these assessments, you have to consider not just the laws in place but also the timeliness with which these laws get enforced, since a legal system where justice is delayed for years or even decades is almost as bad as one that is capricious and biased. Country Risk - Measures The simplest and most longstanding measure of country risk takes the form of sovereign ratings, with the same agencies that rate companies (S&P, Moody's and Fitch) also rating countries, with the ratings ranging from Aaa (safest) to D (in default). The number of countries with sovereign ratings available on them has surged in the last few decades; Moody’s rated 13 countries in 1985, but that number increased to 143 in 2025, with the figure below listing the number of rated countries over time: Note that that the number of Aaa rated countries stayed at eleven, even while more countries were rated, and has dropped from fifteen just a decade ago, with the UK and France losing their Aaa ratings during that period. In May 2025, Moody's downgraded the United States, bringing them in line with the other ratings agencies; S&P downgraded the US in 2011 and Fitch in 2023. The heat map below captures sovereign ratings across the world in July 2025: Moody's While sovereign ratings are useful risk measures, they do come with caveats. First, their focus on default risk can lead them to be misleading measures of overall country risk, especially in countries that have political risk issues but not much default risk; the Middle East, for instance, has high sovereign ratings. Second, the ratings agencies have blind spots, and some have critiqued these agencies for overrating European countries and underrating Asian, African and Latin American countries. Third, ratings agencies are often slow to react to events on the ground, and ratings changes, when they do occur, often lag changes in default risk. If you are leery about trusting ratings agencies, I understand your distrust, and there is an alternative measure of sovereign default risk, at least for about half of all countries, and that is the sovereign credit default swap (CDS) market, which investors can buy protection against country default. These market-determined numbers will reflect events on the ground almost instantaneously, albeit with more volatility than ratings. At the end of June 2025, there were about 80 countries with sovereign CDS available on them, and the figure below captures the values: The sovereign CDS spreads are more timely, but as with all market-set numbers, they are subject to mood and momentum swings, and I find using them in conjunction with ratings gives me a better sense of sovereign default risk. If default risk seems like to provide too narrow a focus on countr risk, you can consider using country risk scores, which at least in principle, incorporate other components of country risk. There are many services that estimate country risk scores, including the Economist and the World Bank, but I have long used Political Risk Services (PRS) for my scores.. The PRS country risk scores go from low to high, with the low scores indicative of more country risk, and the table below captures the world (at least according to PRS): Political Risk Services (PRS) There are some puzzling numbers here, with the United States coming in as riskier than Vietnam and Libya, but that is one reason why country risk scores have never acquired traction. They vary across services, often reflecting judgments and choices made by each service, and there is no easy way to convert these scores into usable numbers in business and valuation or compare them across services. Country Risk - Equity Risk Premiums My interest in country risk stems almost entirely from my work in corporate finance and valuation, since this risk finds its way into the costs of equity and capital that are critical ingredients in both disciplines. To estimate the cost of equity for an investment in a risky country. I will not claim that the approaches I use to compute equity risk premiums for countries are either original or brilliant, but they do have the benefit of consistency, since I have used them every year (with an update at the start of the year and mid-year) since the 1990s. The process starts with my estimate of the implied equity risk premium for the S&P 500, and I make this choice not for parochial reasons but because getting the raw data that you need for the implied equity risk premium is easiest to get for the S&P 500, the most widely tracked index in the world. In particular, the process requires data on dividends and stock buybacks on the stocks in the index, as well as expected growth in these cash flows over time, and involves finding the discount rate (internal rate of return) that makes the present value of cash flows equal to the level of the index. On June 30, 2025, this assessment generated an expected return of 8.45% for the index: Download ERP spreadsheet Until May 2025, I just subtracted the US 10-year treasury bond rate from this expected return, to get to an implied equity risk premium for the index, with the rationale that the US T.Bond rate is the riskfree rate in US dollars. The Moody’s downgrade of the US from Aaa to Aa1 has thrown a wrench into the process, since it implies that the T.Bond rate has some default risk associated with it, and thus incorporates a default spread. To remove that risk, I net out the default spread associated with Aa1 rating from the treasury rate to arrive at a riskfree rate in dollars and an equity risk premium based on that: Riskfree rate in US dollars = T.Bond rate minus Default Spread for Aa1 rating = 4.24% - 0.27% = 3.97% Implied equity risk premium for US = Expected return on S&P 500 minus US $ riskfree rate = 8.45% - 3.97% = 4.48% Note that this approach to estimating equity risk premiums is model agnostic and reflects what investors are demanding in the market, rather than making a judgment on whether the premium is right or what it should be (which I leave to market timers). To get the equity risk premiums for other countries, I need a base premium for a mature market, i.e., one that has no additional country risk, and here again, the US downgrade has thrown a twist into the process. Rather than use the US equity risk premium as my estimate of the mature market premium, my practice in every update through the start of 2025, I adjusted that premium (4.48%) down to take out the US default spread (0.27%), to arrive at the mature market premium of 4.21%. That then becomes the equity risk premium for the eleven countries that continue to have Aaa ratings, but for all other countries, I estimate default spreads based upon their sovereign ratings. As a final adjustment, I scale these default spreads upwards to incorporate the higher risk of equities, and these become the country risk premiums, which when added to the mature market premium, yields equity risk premiums by country. The process is described below: Download spreadsheet The results from following this process are captured in the picture below, where I create both a heat map based on the equity risk premiums, and report on the ratings, country risk premiums and equity risk premiums, by country: Download equity risk premium, by country If you compare the equity risk premium heat map with the heat maps on the other dimensions of country risk (political and legal structures, exposure to violence and corruption), you will notice the congruence. The parts of the world that are most exposed to corruption and violence, and have capricious legal systems, tend to have higher equity risk premiums. The effects of the US ratings downgrade also manifest in the table, with the US now having a higher equity risk premium than its Aaa counterparts in Northern Europe, Australia and Canada. A User's Guide My estimates of equity risk premiums, by country, are available for download, and I am flattered that there are analysts that have found use for these number. One reason may be that they are free, but I do have concerns sometimes that they are misused, and the fault is mine for not clarifying how they should be used. In this section, I will lay out steps in using these equity risk premiums in corporate finance and valuation practice, and if I have still left areas of grey, please let me know. Step 1: Start with an understanding of what the equity risk premium measures The starting point for most finance classes is with the recognition that investors are collectively risk averse, and will demand higher expected returns on investments with more risk. The equity risk premium is a measure of the “extra” return that investors need to make, over and above the riskfree rate, to compensate for the higher risk that they are exposed to, on equities collectively. In the context of country risk, it implies that investments in riskier countries will need to earn higher returns to beat benchmarks than in safer countries. Using the numbers from July 2025, this would imply that investors need to earn 7.46% more than the riskfree rate to invest in an average-risk investment in India, and 10.87% more than the riskfree rate to invest in an average risk investment in Turkey. It is also worth recognizing how equity risk premiums play out investing and valuation. Increasing the equity risk premium will raise the rate of return you need to make on an investment, and by doing so, reduce its value. That is why equity risk premiums and stock prices move inversely, with the ERP rising as stock prices drop (all other thins being held constant) and falling as stock prices increase. Step 2: Pick your currency of analysis (and estimate a riskfree rate) I start my discussions of currency in valuation by positing that currency is a choice, and that not only can you assess any project or value any company in any currency, but also that your assessment of project worth or company value should not be affected by that choice. Defining the equity risk premium as the extra return that investors need to make, over and above the risk free rate, may leave you puzzled about what riskfree rate to use, and while the easy answer is that it should be the riskfree rate in the currency you chose to do the analysis in, it is worth emphasizing that this riskfree rate is not always the government bond rate, and especially so, if the government does not have Aaa rating and faces default risk. In that case, you will need to adjust the government bond rate (just as I did with the US dollar) for the default spread, to prevent double counting risk. Staying with the example of an Indian investment, the expected return on an average-risk investment in Indian rupees would be computed as follows: Indian government bond rate on July 1, 2025 = 6.32% Default spread for India, based on rating on July 1, 2025 = 2.16% Indian rupee risk free rate on July 1, 2025 = 6.32% - 2.16% = 4.16% ERP for India on July 1, 2025 = 7.46% Expected return on average Indian equity in rupees on July 1, 2025 = 4.16% + 7..46% = 11.62% Note also that if using the Indian government bond rate as the riskfree rate in rupees, you would effectively be double counting Indian country risk, once in the government bond rate and once again in the equity risk premium. I know that the ERP is in dollar terms, and adding it to a rupee riskfree rate may seem inconsistent, but it will work well for riskfree rates that are reasonably close to the US dollar risk free rate. For currencies, like the Brazilian real or Turkish lira, it is more prudent to do your calculations entirely in US dollars, and convert using the differential inflation rate: US dollar riskfree rate on July 1, 2025 = 3.97% ERP for Turkey on July 1, 2025 = 10.87% Expected return on average Turkish equity in US $ on July 1, 2025 = 3.97% + 10.87% = 14.84% Expected inflation rate in US dollars = 2.5%; Expected inflation rate in Turkish lira = 20% Expected return on average Turkish equity Turkish lira on July 1, 2025 = 1.1484 *(1.20/1.025) -1 = 34.45% Note that this process scales up the equity risk premium to a higher number for high-inflation currencies. Step 3: Estimate the equity risk premium or premiums that come into play based on operations Many analysts use the equity risk premiums for a country when valuing companies that are incorporated in that country, but I think that is too narrow a perspective. In my view, the exposure to country risk comes from where a company operates, not where it is incorporated, opening the door for bringing in country risk from emerging markets into the cost of equity for multinationals that may be incorporated in mature markets. I use revenue weights, based on geography, for most companies, but I am open to using production weights, for natural resource companies, and even a mix of the two. In corporate finance, where you need equity risk premiums to estimate costs of equity and capital in project assessment, the location of the project will determine which country’s equity risk premiums come into play. When Amazon decides to invest in a Brazilian online retail project, it is the equity risk premium for Brazil that should be incorporated, with the choice of currency for analysis determining the riskfree rate. Step 4: Estimate project-specific or company-specific risk measures and costs The riskfree rate and equity-risk premiums are market-wide numbers, driven by macro forces. To complete this process, you need two company-specific numbers: Not all companies or projects are average risk, for equity investors in them, and for companies that are riskier or safer than average, you need a measure of this relative risk. At the risk of provoking those who may be triggered by portfolio theory or the CAPM, the beta is one such measure, but as I have argued elsewhere, I am completely at home with alternative measures of relative equity risk. The cost of equity is calculated as follows: Cost of equity = Riskfree rate + Beta × Equity Risk Premium The beta (relative risk measure) measures the risk of the business that the company/project is in, and for a diversified investor, captures only risk that cannot be diversified away. While we are often taught to use regressions against market indices to get these betas, using industry-average or bottom-up betas yields much better estimates for projects and companies. For the cost of debt, you need to estimate the default spread that the company will face. If the company has a bond rating, you can use this rating to estimate the default spread, and if it is not, you can use the company's financials to assess a synthetic rating. Cost of debt =Riskfree Rate + Default spread Harking back to the discussion of riskfree rates, a company in a country with sovereign default risk will often bear a double burden, carrying default spreads for both itself and the country. The currency choice made in step two will hold, with the riskfree rate in both the cost of equity and debt being the long-term default free rate in that currency (and not always the government bond rate). Step 5: Ensure that your cash flows are currency consistent The currency choice made in step 2 determines not only the discount rates that you will be using but also the expected cash flows, with expected inflation driving both inputs. Thus, if you analyze a Turkish project in lira, where the expected inflation rate is 20%, you should expect to see costs of equity and capital that exceed 25%, but you should also see growth rates in the cash flows to be inflated the same expected inflation. If you assess the same project in Euros, where the expected inflation is 2%, you should expect to see much lower discount rates, high county risk notwithstanding, but the expected growth in cash flows will also be muted, because of the low inflation. There is nothing in this process that is original or path-breaking, but it does yield a systematic and consistent process for estimating discount rates, the D in DCF. It works for me, because I am a pragmatist, with a valuation mission to complete, but you should feel free to adapt and modify it to meet your concerns. YouTube Video Paper Country Risk Determinants: Determinants, Measures and Implications - The 2025 Edition Datasets Equity Risk Premiums, by country - July 2025 Country Risk Links EIU Democracy Index Global Peace Index (Exposure to Violence) Corruption Index International Property Rights Index Moody's Sovereign Ratings Political Risk Services (PRS) Country Risk Scores Spreadsheets Implied Equity Risk Premium for S&P 500 on July 1, 2025
Escape newsletter inbox chaos and algorithmic surveillance by building your own enshittification-proof newspaper from the writers you already read
How to resist thinking of large language models as friends. Or sentient things. Or intelligences you have to treat like God.
Daily Journal has been accused of incorrectly accounting for software development costs by an activist investor seeking a consulting contract.
The Trump administration’s regulatory whiplash has left prosecutors scrambling with misattributed chat messages and questionable victim testimony
