The Case for On Chain Privacy and Compliance
Stanford Journal of Blockchain Law & Policy. Vol. 6, No. 2, 2023, Retrieved from https://stanford-jblp.pubpub.org/pub/onchain-privacy-compliance
32 Pages Posted: 8 Jul 2023
Date Written: June 27, 2023
Abstract
Recent trends in financial-regulation compliance of blockchain-based assets (“crypto”), including by the European Union and the U.S. Treasury, reflect regulators’ belief that policy frameworks and regulatory regimes designed for financial intermediaries can be effectively implemented to police the decentralized, software-mediated cryptocurrency markets. Furthermore, a principal tool relied upon to manage the risk of illicit financial transactions in these markets is blockchain analytics, which depend on blockchains’ transaction ledgers being transparent.
This paper argues that while these two core premises—intermediary regulation and blockchain transparency—play an essential role in mitigating illicit financial risk in the current environment, exclusive reliance on them raises critical questions that must be addressed as cryptocurrency markets enter mainstream adoption.
In traditional financial services, the tension between privacy and compliance is addressed by trusted intermediaries, who maintain private information silos that (when operating as intended) protect customers’ privacy by default. In addition, financial privacy rights enjoy statutory and regulatory protections within these financial intermediaries, giving rise to operational controls restricting access to personal financial information (albeit imperfectly, as reflected in persistent cybersecurity incidents). In light of this default-privacy, compelled disclosures to regulatory agencies and law enforcement support efforts to combat sanctions evasion, terrorist financing, money laundering, and other illicit financial activity.
However, in decentralized finance, such trusted intermediaries do not always exist. The vision of decentralized finance is based on peer-to-peer mechanisms that allows users to transact without the involvement of banks or other financial institutions. Intermediary regulation thus does not address the need to regulate blockchain-based finance: it leans on assumptions rooted in the traditional financial world.
Moreover, in contrast to this default privacy and compelled transparency of traditional financial services, cryptocurrency markets operating on most public blockchains are transparent by default. Historically, this transparency stems from a technical consideration: it allows the blockchain consensus rules (e.g., preservation of monetary invariants) to be easily verified. Subsequently, this public transaction data has been utilized for additional purposes, including detection of illicit activity via blockchain analytics. However, this default-transparency raises heightened risks to consumers. Transparency and immutability allows anyone with an internet connection to see the full transaction history and net holdings of any wallet holder. Absent the type of privacy protections—both practical and legal—that exist in the traditional financial system, it is not surprising that even legitimate users would employ privacy-preserving technologies like mixers to obfuscate their identity and hide their transaction history from prying eyes, without any intent or desire to engage in illegal activity. Indeed, just as law-abiding citizens and corporations strive to protect their privacy in other contexts, the use of privacy-preserving tools in cryptocurrency context may be considered a cybersecurity best practice. Moreover, imposing the same customer identification requirements (designed to overcome the default-privacy of traditional financial services) in cryptocurrency context raises heightened risks in this environment, because of its diversified nature and the ability to correlate this data with on-chain data.
Financial confidentiality and protection of personal information is necessary for widespread adoption of blockchain-based payments for personal and commercial uses. Thus, the reliance on blockchain analytics as a tool for compliance reflects a fundamental tension at the heart of cryptocurrency markets as they currently function: between the needs of consumer privacy and cybersecurity, on the one hand, and the public interest in preventing illicit financial activity, on the other.
The key question raised by this dynamic is whether it is possible to create privacy-enhancing technologies that protect legitimate customer privacy while simultaneously providing regulators and law enforcement a way of combating illicit financial risks. We believe that the answer is yes. The paper argues that advances in cryptography and blockchain technology have the potential to overcome the false binary choice between privacy and compliance, through blockchain-native solutions that permit on-chain compliance that is programmable and tailored to jurisdictional needs and enforced by consensus rules. We discuss the contours of this blockchain-native, on-chain compliance and its potential to strike a healthy balance between privacy and compliance in the crypto ecosystem.
Keywords: blockchain, crypto, onchain, cryptocurrency, privacy, compliance, aml, anti money laundering, baking, regulation, innovation, sanctions, decentralization
Suggested Citation: Suggested Citation