In the past, crypto regulation in the US has been badly broken. Not only did the federal agencies fail to cooperate – they directly contradicted and outbid each other in a turf war to control our nascent industry.
But the latest signals from regulators suggest movement.
Earlier this month, the SEC and CFTC issued a Memorandum of Understanding to address past missteps and improve coordination to achieve greater regulatory clarity. And more importantly, the two agencies issued joint guidance last week on how securities and commodities laws apply to crypto-assets.
This is unprecedented progress and a useful step towards bringing crypto innovation back to land. Still, there are other critical areas where disagreement among the agencies creates unnecessary uncertainty for American businesses and consumers. First among them are the rules around financial privacy.
The US has no single privacy regulator. Instead, financial privacy is affected by the actions of the Treasury Department, the Department of Justice (DOJ), and the SEC, to name just a few. And when these agencies diverge, uncertainty follows.
Treasury’s 2019 guidance on non-custodial crypto services was later contradicted by DOJ enforcement against the creators of the Tornado Cash privacy software. Only recently has the DOJ softened its stance, while the Treasury Department has reopened the conversation through a request for comment. A subsequent Treasury report noted the potentially valuable and legitimate uses of technology to protect privacy, such as mixers, although it did offer the option to cancel its own 2019 guidance. Separately, several SEC commissioners have recently questioned whether the mandatory data collection regime imposed on financial institutions has outlived its usefulness.
That’s a fair amount of back and forth, with potentially significant consequences for software developers and anyone who wants privacy for personal or financial reasons. But while the stakes are high, this entire government inquiry is long overdue. For many years, we normalized the mass collection of data stemming from the Bank Secrecy Act of 1970. The logic was simple, yet compelling: why be afraid if you have nothing to hide?
But there is a growing realization that our extensive financial surveillance regime has become a government panopticon at odds with our democratic values. Banks and other financial institutions are required to spy on customers and release their data to the government at the slightest suspicion. After decades of overzealous enforcement and sanctions, many institutions have learned to err on the side of excessive disclosure.
Financial institutions across the United States and Canada spend billions of dollars annually on compliance. But that’s only the tip of the iceberg. The even greater cost of this surveillance is privacy deadweight loss—economic and social activity that never occurs because participants are forced into a false choice between revealing everything or not participating at all.
This effect is visible across the financial system. Consumers and merchants continue to pay high fees to use credit cards, despite blockchain-based payment systems that could perform the same function at a fraction of the cost. Financial institutions rely on settlement infrastructure designed decades ago, with all the costs, delays and errors that come with manual processing from the Stone Age before the Internet.
These antiquated systems persist because we have not yet created an economic privacy framework for the digital era. When a system requires full exposure, rational actors opt out. Banks, asset managers and market makers will not move their operations to a system where proprietary strategies, client positions or portfolio construction are revealed to all.
The good news is that we have the technology to solve all of these problems. Modern cryptography, such as zero-knowledge proof, allows participants to prove compliance, solvency or entitlement without revealing underlying data. As a result of these breakthroughs, completely private transactions can be performed on fully public blockchains.
If we can do it for the securities and commodities laws, we can do it for financial privacy. Much of our legislation already recognizes that financial privacy is not only an important civil liberty, but an essential economic good. Software developers and market participants do not need loopholes; they must know what the law requires of them. Because if the last few years have taught us anything, it’s that markets don’t fail only when the rules are wrong. They also fail when uncertainty keeps participants from showing up at all.
