In the past, crypto regulation in the U.S. has been badly fractured. Not only did federal agencies fail to collaborate — they outright contradicted and cajoled each other in a turf war to control our nascent industry.
But recent signals from regulators suggest movement.
Earlier this month, the SEC and the CFTC released a Memorandum of Understanding to address past missteps and improve coordination for greater regulatory clarity. And even more importantly, the two agencies issued joint guidance last week on how securities and commodities laws apply to crypto assets.
This is outstanding progress, and a helpful step towards bringing crypto innovation back onshore. Still, there are other critical areas where disagreement among the agencies creates needless uncertainty for American business and consumers. First among them are the rules around financial privacy.
The U.S. has no single privacy regulator. Instead, financial privacy is affected by the actions of the Department of the Treasury, the Department of Justice (DOJ), and the SEC, just to name a few. And when those agencies diverge, uncertainty follows.
Treasury’s 2019 guidance on non-custodial crypto services was later contradicted by the DOJ’s enforcement against the creators of the Tornado Cash privacy software. Only recently has the DOJ softened its position, while the Treasury has reopened the conversation through a request for comment. A subsequent Treasury report noted the potentially valuable and lawful uses of privacy-protecting technology like mixers, even as it floated the possibility of rescinding its own 2019 guidance. Separately, multiple SEC commissioners have lately questioned whether the mandatory data-collection regime imposed on financial institutions has outlived its shelf life.
That’s a fair amount of back-and-forth with potentially significant consequences for software developers and anyone who desires privacy for personal or financial reasons. But while the stakes are high, all of this government reexamination is long overdue. For many years, we normalized the bulk collection of data stemming from the Bank Secrecy Act of 1970. The logic was simple, yet persuasive: why be afraid if you have nothing to hide?
But there is growing recognition that our sweeping financial surveillance regime has become a government panopticon at odds with our democratic values. Banks and other financial institutions are required to spy on customers and turn over their data to the government on the barest of suspicions. After decades of overzealous enforcement and penalties, many institutions have learned to err on the side of over-disclosure.
Financial institutions across the U.S. and Canada spend billions of dollars annually on compliance. But that is only the tip of the iceberg. The even bigger cost of this surveillance is privacy deadweight loss — economic and social activity that never occurs because participants are forced into a false choice between revealing everything or not participating at all.
This effect is visible across the financial system. Consumers and merchants continue to pay high fees to use credit cards, despite blockchain-based payment systems that could perform the same function at a fraction of the cost. Financial institutions rely on settlement infrastructure designed decades ago, with all the costs, delays, and errors that come with manual processing from the pre-Internet stone-aged days.
These outdated systems persist because we have not yet created a financial privacy framework for the digital era. When a system requires full exposure, rational actors opt out. Banks, asset managers, and market makers will not move their operations to a system where proprietary strategies, client positions, or portfolio construction are revealed to all.
The good news is that we have the technology to solve all of these problems. Modern cryptography, like zero-knowledge proofs, allows participants to prove compliance, solvency, or eligibility without revealing underlying data. As a result of these breakthroughs, fully private transactions can be conducted on fully public blockchains.
If we can do it for the securities and commodities laws, we can do it for financial privacy. Much of our law already recognizes that financial privacy is not only an important civil liberty, but an essential economic good. Software developers and market participants do not need loopholes; they need to know what the law requires of them. Because if the last few years have taught us anything, it’s that markets do not fail only when rules are wrong. They also fail when uncertainty keeps participants from showing up at all.
