US Treasury Seeking ‘Innovative Methods’ to Detect Illicit Crypto Activity

The U.S. Department of the Treasury has called for comment on the use of “innovative or novel” measures to “detect and mitigate” the illicit use of cryptocurrencies.

Published in the Federal Register, the request for comment expires on October 17 and aims to fulfill the provisions of the recently passed GENIUS Act, especially those pertaining to the management of financial risk and to compliance with the Bank Secrecy Act.

The Treasury aims to focus on four main areas: application program interfaces (APIs), AI, digital ID verification, and blockchain monitoring.

It’s therefore seeking input on how such solutions could enhance the ability of regulated institutions to detect illegal crypto-related activity, as well as on any privacy risks involved in monitoring transactions.

The Treasury will use responses to compile a report which it will then send to the Senate Committee on Banking, Housing, and Urban Affairs of the Senate and also the House Committee on Financial Services, who will then formulate relevant guidance and legislative proposals.

Compliance and privacy

Given the focus on detecting and preventing illicit cryptocurrency flows, there’s been some concern that proposals could have a negative impact on privacy. But experts working within the industry are optimistic that a compromise between decentralization and compliance can be reached.

“Blockchain platforms can implement KYC/AML without undermining user privacy, which is a necessary balance DeFi must strike to mature,” Katie Evans, the Head of Business Development at DeFi infrastructure provider Swarm, told Decrypt.

KYC refers to know your customer, or the requirement that banks, traditional financial institutions, and a growing number of crypto firms collect personal information about their customers. AML, or anti-money laundering, refers to safeguards these same institutions use to detect money laundering.

Evans added that Swarm has been balancing privacy and transparency for several years now by using a combination of zero-knowledge proofs and smart contracts to conduct compliance checks without “unnecessary” sharing of data.

“Our tokenized stocks run on public, permissionless blockchains, so users still benefit from decentralization’s core promises: transparency, self-custody, and 24/7 access,” she said. “At the same time, we’ve built in KYC/AML access controls to ensure eligible participants can issue and redeem these assets.”

Other experts agree that zero-knowledge proofs will play a key role in maintaining compliance in a way that respects privacy. Harry Halpin, CEO and co-founder of decentralized VPN provider Nym, warned against the collection of “excessive” KYC and AML data.

“If a platform must do KYC/AML, they should use zero-knowledge proofs like zk-creds from Aleo or anonymous credentials like zk-nyms from Nym,” he told Decrypt.

One practice at Nym is to provide users with anonymous credentials when they pay for a NymVPN subscription using a credit card, with such credentials containing no personal data or payment info.

“However, this zero-knowledge KYC tech is still very special-purpose and needs more investment and development work to be broadly applicable across different blockchains and for different use-cases,” he explained.

One thing that most commentators stress is the need to avoid the repeated inputting of personal data, something which can greatly expand the scope for breaches and misuse.

“We’ll start by saying that we shouldn’t be asking users to upload their government-issued ID to random third party platforms repeatedly,” said Riccardo Spagni and Naveen Jain, the co-founders of privacy-focused cryptocurrency Tari.

Given this red line, Spagni and Jain support compliance solutions that would incorporate reusable and selective credentials.

“Make the user KYC once, and then allow them to prove to an unlimited number of platforms that they are over 18, not on a sanctions list, and have valid KYC,” they told Decrypt.

Spagni and Jain also advocate for the use of zero-knowledge membership and attestation checks, something which would enable users to become part of a ‘verified’ set without exposing personal data.

They added, “Then DeFi front-ends can use ZK proofs or tooling like Semaphore to verify that a user is a part of this set while keeping the user pseudonymous.”

Encouragingly, Jain and Spagni report that there has been “significant” progress on privacy‑compatible tracing in recent years, such that authorities will be able to track transactions if necessary without exposing personal data to third parties.

They said, “For example, Tari has programmable confidentiality features that would allow a stablecoin issuer full access to the tx graph for compliance purposes while keeping all txs default confidential on a peer-to-peer basis.”

While there is confidence that current blockchain technology is capable of guarding privacy and enabling regulatory oversight, it remains an open question as to what exactly the Department of the Treasury will recommend to Congress.

Despite the possibility of overreach, most industry figures are hopeful that the right balance will ultimately be struck, given that the request for comment will be met primarily by the industry itself.

“We hope that our industry will propose solutions that support reusable KYC, selective disclosure, and require platforms to collect the bare minimum amount of information for compliance purposes,” said Spagni and Jain. “The goal shouldn’t be to create a global panopticon that destroys everyone’s freedom.”

Similarly, Katie Evans notes that moves to enforce KYC/AML guidelines are “inevitable” if the industry wants to attract institutional and corporate adoption in a big way.

“Without safeguards like these, DeFi risks remaining a niche,” she said. “With them, we unlock scale, legitimacy, and adoption and make DeFi usable in the real economy.”