Coinbase Urges Treasury to Modernize AML with AI, Zero-Knowledge Tech

In a detailed letter to the U.S. Treasury Department, Coinbase Chief Legal Officer Paul Grewal argued that current AML frameworks are “rooted in decades-old requirements that reflect paper-based protocols designed for a financial system” where fund transfers take days. The exchange contends that when “bad guys innovate in financial crime, good guys need innovation to keep pace,” positioning technological adoption as essential rather than optional. This criticism comes as Treasury reviews responses to its August request for comment on innovative methods to detect illicit activity involving digital assets.

The proposal specifically calls for establishing regulatory safe harbors under the Bank Secrecy Act for firms responsibly deploying AI to improve compliance programs. Rather than forcing a one-size-fits-all model, Coinbase suggests conditions focusing on governance and outcomes. Federico Fabiano, Head of Legal & Compliance at Hex Trust, echoed this sentiment, telling Decrypt that “the era of ‘check-the-box’ compliance needs to evolve” and that reliance on existing laws may no longer be tenable. Fabiano described the integration of AI tools, powered by blockchain’s immutable transparency, as “an opportunity, not a constraint” essential to securing a credible financial ecosystem.

Coinbase’s submission highlights how high compliance costs create “formidable barriers to entry for smaller financial service providers, including fintech startups.” These costs are often passed on to consumers through higher banking fees and denial of financial services, disproportionately affecting low-income customers. The exchange provided concrete data showing financial institutions file over 25 million reports to FinCEN each year, mostly documenting lawful activity, yet “the vast majority never result in a follow-up.” Despite a 2020 law intended to modernize the system, Coinbase claims “little, if any, progress has been made.”

The privacy concerns are equally stark. Current rules force Americans to complete new KYC checks for every financial account, sharing personal data “with dozens of companies” that must store it for years. Coinbase describes this duplication as creating “honeypots for criminals” through widespread data vulnerability. The solution proposed involves updating the Bank Secrecy Act to recognize decentralized IDs and zero-knowledge proofs as valid identity-verification methods, which would allow verification without repeated data sharing. Additionally, Coinbase urged Treasury to issue guidance clearly recognizing API-driven compliance technologies, including outlining acceptable use cases, data privacy requirements, and interoperability standards.

Privacy advocacy group Coin Center submitted its own response, with Executive Director Peter Van Valkenburgh warning that applying traditional AML requirements to stablecoins on public chains could create a “CBDC-style panopticon.” This concern about surveillance overreach represents a significant counterpoint to the compliance efficiency arguments, highlighting the tension between crime prevention and privacy preservation in digital asset regulation.

Coinbase further requested that Treasury publish guidance explicitly recognizing Know-Your-Transaction screening and blockchain analytics clustering as more effective compliance methods than current approaches. The Treasury Department will now compile all responses into a congressional report for the Senate Committee on Banking, Housing, and Urban Affairs and the House Committee on Financial Services. These committees will then formulate relevant guidance and legislative proposals that could reshape how financial crime is combatted in the digital asset space, potentially setting new precedents for the integration of emerging technologies into financial regulation.