OFAC’s Designation of Tornado Cash – Protocols, Privacy and a Call to Action

This week’s far-reaching OFAC sanctions of the mixing service Tornado Cash materially raised the tension between the interaction with open software protocols, the presumption and preservation of privacy, and financial crime compliance.

Well-regulated and trusted entities obligated under financial crime compliance requirements conform to anti-money laundering (AML), countering the financing of terrorism (CFT) and sanctions directives.  However, we feel that sanctioning the protocol itself is a new escalation of policy issues, akin to ongoing policy developments on self-hosted wallets, or the use of public blockchains and open software in regulated financial markets.  While we are broadly making progress on many of these long range policy issues, including the likelihood of passage of a U.S. stablecoin bill in the near future, the intersection of privacy, open software and security clearly warrants consolidated policy action, education and advocacy.  It is also a sign of the important growth and maturation of the digital assets industry.

Lest the future of composable, programmable money and crypto assets faces the perennial compliance and national security “kill switch,” we have real industry-wide work to do to demonstrate that financial innovation, inclusion and integrity are not tradeoffs.  Traditional finance and unevolved financial crime compliance frameworks labor under a massive privacy problem for which cryptography, open software and universally accessible personal wallets are the bottom rungs of a more inclusive crypto economy.  This crypto economy is also powering a revolution in internet-scale open financial innovation, for which the development and use of open software is an asset, not a liability.

At the same time, it is indefensible and untenable that tools and software are co-opted by bad actors who remain unchecked.  Public blockchains, and the cottage industry of blockchain forensics and financial analytics they have enabled, provide financial services optionality for law-abiding people, who should enjoy privacy and financial access as a human right, while giving bad actors and illicit finance no place to hide.

With OFAC’s latest round of sanctions, our industry has at once proven that these systems and financial integrity tools work, as evidenced by the precision of reporting from TRM Labs, among others in the crypto forensics market.  It has  also demonstrated that under the banner of national security, free expression as software, code and Github repositories may become collateral damage.  This is tantamount to banning email or the open internet, because for all the good it brings, it also harbors bad actions, bad actors and negative externalities.

Herein lies our call to action.  As trusted policy, regulatory and industry leaders, as well as companies with robust policy, legal, compliance and privacy teams, we are assured to have an audience and our positions heard.  There is a crucial policy window with the White House Executive Order underway, along with stablecoin legislative developments in the U.S., the U.K., and MiCA’s implementation in Europe, to ensure the presumption of privacy as a democratic first principle is protected and not the subject of compliance or regulatory overreach.  At the same time, we think it is critical to continue outlining the art of the possible with crypto being a tool for empowering people and micro-targeting payments to good actors, even in complex, conflict-ridden places where the formal economy may be in the hands of adversaries.

Circle will engage in long range policy, advocacy, education and engagement efforts in support of privacy in blockchain finance.  We will do this through financial support of industry bodies, advancement of legal and regulatory efforts that show compliance and financial privacy are not competing objectives, as well as ongoing alignment with industry, developers and others.

Key policy opportunities include:

• Modernization of the 52-year-old Bank Secrecy Act to recognize key distinctions between protocols, software and non-proprietary open technologies and the actions, methodologies and efforts of illicit actors.
• Continuous development and support of industry-wide market integrity and financial crime compliance tools, technologies and standards that promote collective defense, while keeping blockchain-based finance open and universally accessible.
• Encouragement of the use and development of privacy preserving technologies, while continuously refining financial integrity standards, norms and protections that encourage and harmonize the legitimate use of crypto assets and open blockchains.
• Protection and defense of open source software and its normalization in regulated financial services as tools that promote competition, interoperability and the preservation of democratic values, while making exponential gains in financial integrity.
• Development, dissemination and normalization of the use of privacy preserving decentralized identity, authentication and financial integrity standards, protocols and tools.

As we are so close to long-held goals of legal and regulatory certainty for crypto in the U.S., UK Europe and other democratic nations, we should resist the urge to retreat to the shadows and bring the financial privacy debate to the light of day.

We hope you will join us in these efforts.