In the past, crypto regulation in the United States has been severely fragmented. Not only have federal agencies failed to collaborate, they have outright contradicted each other and cajoled each other into a turf war to control our fledgling industry.
But recent signals from regulators suggest movement.
Earlier this month, the SEC and CFTC issued a memorandum of understanding to address past missteps and improve coordination for greater regulatory clarity. And more importantly, the two agencies released joint guidance last week on how securities and commodities laws apply to crypto assets.
This is remarkable progress and a useful step towards bringing crypto innovation back to the country. There are, however, other critical areas where disagreements between agencies create unnecessary uncertainty for American businesses and consumers. Chief among them are rules relating to financial confidentiality.
The United States does not have a single privacy regulator. Instead, financial privacy is affected by the actions of the Department of the Treasury, the Department of Justice (DOJ), and the SEC, to name a few. And when these agencies diverge, uncertainty ensues.
The Treasury’s 2019 guidance on non-custodial crypto services was later contradicted by the DOJ’s actions against the creators of Tornado Cash privacy software. Only recently has the DOJ softened its stance, while Treasury has reopened the conversation by seeking comment. A subsequent Treasury report highlighted potentially useful and lawful uses of privacy-enhancing technologies like mixers, even as it raised the possibility of rescinding its own 2019 guidance. Separately, several SEC commissioners have recently questioned whether the mandatory data collection regime imposed on financial institutions has outlived its useful life.
This is a considerable back-and-forth with potentially significant consequences for software developers and anyone wishing to maintain privacy for personal or financial reasons. But even though the stakes are high, this government review is long overdue. For many years, we normalized the mass data collection stemming from the Bank Secrecy Act of 1970. The logic was simple, but compelling: why be afraid if you have nothing to hide?
But there is growing recognition that our vast financial surveillance regime has become a governmental panopticon at odds with our democratic values. Banks and other financial institutions are required to spy on their customers and hand over their data to the government at the slightest suspicion. After decades of excessive enforcement and sanctions, many institutions have learned to err on the side of overdisclosure.
Financial institutions in the United States and Canada spend billions of dollars each year to comply. But that’s just the tip of the iceberg. The even greater cost of this surveillance is the loss of privacy – economic and social activity that never takes place because participants are forced to make a false choice between revealing everything or not participating at all.
This effect is visible throughout the financial system. Consumers and merchants continue to pay high fees to use credit cards, despite blockchain-based payment systems that could perform the same function at a fraction of the cost. Financial institutions rely on settlement infrastructure designed decades ago, with all the costs, delays and errors associated with manual processing in the pre-Internet era.
These outdated systems persist because we have yet to create a financial privacy framework for the digital age. When a system requires full exposure, rational actors withdraw. Banks, asset managers and market makers will not move their operations to a system where proprietary strategies, client positions or portfolio construction are revealed to all.
The good news is that we have the technology to solve all of these problems. Modern cryptography, like zero-knowledge proofs, allows participants to prove their compliance, creditworthiness, or eligibility without revealing the underlying data. With these advancements, fully private transactions can be carried out on fully public blockchains.
If we can do it for securities and commodities laws, we can do it for financial privacy. Much of our law already recognizes that financial privacy is not only an important civil liberties, but also an essential economic good. Software developers and market participants don’t need vulnerabilities; they must know what the law requires of them. Because if recent years have taught us anything, it’s that markets don’t only fail when the rules are wrong. They also fail when uncertainty prevents participants from showing up.
