According to Coinbase, the Bank Secrecy Act exposes the sensitive data of millions of Americans to risks that could be avoided using technologies like Zero-Knowledge Proofs. Paul Grewal, Chief Legal Officer, stated that the current system produces an unmanageable amount of reports but often fails in its true objective: stopping criminals without violating the privacy of everyone else.
What is the Bank Secrecy Act and where does it fail according to Coinbase?
The Bank Secrecy Act (BSA), established to protect the U.S. financial system, requires banks and crypto operators to continuously monitor every suspicious transaction through Know Your Customer (KYC). This regime, although effective in combating fraud and illicit financing, according to Coinbase and Paul Grewal, has become an issue for user privacy.
The critical points highlighted:
- Multiple KYC checks, repeated by more intermediaries.
- Financial data of millions of people stored by various entities: easy target for criminals, extremely high risk of data breach.
- Administrative congestion: every year institutions produce millions of reports on suspicious transactions, but they are often not analyzed effectively.
- Central system now obsolete, not very adaptable to the era of crypto.
How do Zero-Knowledge Proofs work and why are they revolutionary?
The Zero-Knowledge Proofs, or ZKP, are innovative cryptographic protocols that allow two parties to verify a specific condition (for example, “are you over 18?”) without revealing additional personal data.
In the financial sector, this technology would allow, for example:
- Instant onboarding: exchange of minimal and non-cumulative data during registration on banks or crypto exchanges.
- Transaction monitoring without the need to track the identity of all parties involved.
- Automation through artificial intelligence: the interaction between AI and ZKP can speed up anti-money laundering checks, reducing errors and manual work.
Result: fewer exposed data, compliance guaranteed, and less attractive for cybercriminals. Privacy, according to Grewal, would once again be guaranteed without lowering the security level of the system.
What would change for banks, exchanges, and users?
If the ideas of Coinbase were adopted, KYC and financial surveillance would undergo a radical acceleration:
- Banks and exchanges should rely on third-party providers of certified ZKP, instead of accumulating redundant copies of the same personal data.
- Users could demonstrate their eligibility conditions (age, residence, absence of blacklist) without ever providing complete sensitive information.
- The reporting process would become more efficient, because it is based on targeted alerts and not on mass reporting.
- Regulatory compliance would be more agile, adapting also to the pace of crypto innovations.
These reforms, according to Grewal, would impact both the quality of surveillance and the reduction of privacy violation risks.
Why must Congress act immediately?
Coinbase makes a clear appeal to the US Congress: a regulatory update is needed that mandates and incentivizes Zero-Knowledge Proofs for anyone subject to the BSA.
Grewal argues that only in this way will it be possible to reconcile three needs:
- Defend the privacy of citizens (today too exposed).
- Protect the security of the banking and crypto system from cyber attacks.
- Maintain effectiveness in the fight against financial crimes and terrorism.
It is not, he emphasizes, about loosening the grip on controls: it is about updating the tools. The United States Department of the Treasury, according to the latest information gathered by Coinbase, is already considering how to integrate ZKP into the upcoming regulatory standards.
The risk is real: what happens if no action is taken?
In his public speech, Paul Grewal warns: “Continuing with the old systems is equivalent to exposing the Country to ever greater risks of violation.” Centralized databases will become increasingly appealing to hackers, especially considering the increase in crypto and digital activities.
The innovation of Zero-Knowledge Proofs represents the most effective solution to avoid another “Equifax case” — in fact, advanced cryptography and information segmentation could render useless the massive theft strategies typical of cybercrime in recent years.
What to expect now: outlook and next steps
The proposal by Coinbase opens a crossroads for US regulation of crypto and traditional finance: innovate quickly, or risk further scandals related to sensitive data.
The future of financial privacy will depend on how (and how quickly) Congress and the US Treasury can integrate Zero-Knowledge Proofs into the Bank Secrecy Act. The evolution of the relationship between compliance and privacy is of close interest to every user, exchange, and bank.