Chapter 10

Privacy vs Compliance

Financial privacy and regulatory compliance are often framed as opposites, but the reality is more nuanced. Laws like the Travel Rule require virtual asset service providers to share originator and beneficiary information for transfers above thresholds. Sanctions lists from OFAC and similar bodies prohibit dealings with designated addresses — including smart contracts like sanctioned mixers.

Regulated businesses need audit trails and sanctions screening; users want confidentiality for ordinary payments. Protocol designers search for architectures that satisfy both partially.

Competing design goals

Regulatory requirements

KYC at fiat on-ramps and custodial services
Travel Rule data for cross-VASP transfers
Sanctions screening on addresses and contracts
Record keeping for tax and AML reporting

Privacy-preserving responses

View keys for auditor-only transaction visibility
ZK proofs of non-sanctioned status without doxxing
Privacy Pools with provable exclusion sets
Self-custody outside VASP scope for non-custodial activity

Selective disclosure — view keys, ZK credentials, and association-set proofs — is where much of the industry is heading, though standards and enforcement remain unsettled.

Privacy tool developers face legal risk when products are used to launder stolen funds — several mixer operators have been prosecuted regardless of stated intent. Exchanges delist privacy coins and block withdrawals to flagged addresses to protect their licenses. Users remain responsible for complying with local tax and AML laws even when using self-custody tools.

The regulatory squeeze does not eliminate demand for privacy; it shapes which designs can integrate with mainstream finance. Studying compliance tradeoffs helps builders and users choose tools that match their legal context rather than assuming cryptography alone resolves policy conflict.