Coinbase to U.S. Treasury: Zero-Knowledge Proofs Could Fix AML

The @coinbase exchange has submitted a formal response to the U.S. Department of the Treasury’s Request for Comment on Innovative Methods to Detect Illicit Activity Involving Digital Assets.

The exchange insists that existing anti-money-laundering (AML) and know-your-customer (KYC) regulations are outdated, data-heavy, and prone to abuse. The solution it proposes is the introduction of zero-knowledge proofs and decentralized identifiers (DIDs) as compliant, privacy-preserving verification methods under the Bank Secrecy Act.

This marks one of the first policy-level efforts by a major U.S. institution to legitimize ZK as regulatory infrastructure.

Outdated infrastructure

Coinbase’s letter describes the current compliance system as “archaic”. Every regulated entity repeatedly collects and stores copies of user documents, creating unnecessary attack surfaces and inconsistent verification standards.

The company argues that this model - built on static documents and centralized databases - cannot scale with a global, digital economy.

Zero-knowledge proofs offer a technical remedy: they allow a user to prove facts about their identity (for example, jurisdiction, age, or sanctions status) without exposing underlying personal data. Coinbase positions ZKPs as a means to meet regulatory requirements without perpetuating surveillance or privacy risk.

The proposal

Coinbase’s recommendations to the Treasury and Congress include:

• Recognizing ZKPs and DIDs as valid non-documentary methods of customer verification under the Bank Secrecy Act.
• Allowing financial institutions to rely on third-party ZK verification providers instead of collecting redundant user data.
• Establishing safe-harbor provisions for entities implementing ZK-based identity solutions within existing AML/CFT frameworks.
• Maintaining governance and auditability controls to ensure that privacy technology does not compromise law-enforcement visibility.

In short, Coinbase advocates a compliance model where verification is based on cryptography rather than a documentary-based system.

Implications for ZK adoption

The significance of this letter extends beyond compliance reform. It reframes ZK as a regulatory enabler.

If adopted, these proposals would:

• Provide legal recognition for ZK-based identity proofs.
• Encourage development of interoperable, privacy-preserving KYC systems across exchanges, wallets, and DeFi protocols.
• Reduce institutional risk associated with data custody by outsourcing verification to cryptographic proofs.

This represents a potential inflection point for ZK, moving from experimental cryptography to standard infrastructure in financial regulation.

A shift in narrative

Zero-knowledge systems have long been associated with anonymity and privacy. Coinbase’s submission changes that framing: ZK becomes a tool for verifiable privacy - ensuring compliance without exposure.

This interpretation aligns with a broader industry movement toward compliant privacy, where users maintain control over personal data while regulators retain the ability to request disclosure under due process.

The result would be transparency for systems, privacy for individuals.

What this signals

The Coinbase letter may not immediately alter regulation, but it sets a precedent. It signals that:

• Institutional actors now view ZK as essential infrastructure for the next phase of regulatory modernization.
• Policymakers are being asked to formalize cryptographic proofs as a legitimate compliance primitive.
• The next wave of ZK adoption could come not from DeFi, but from financial institutions seeking privacy-preserving compliance.

This is the first visible bridge between ZK cryptography and U.S. regulatory frameworks.

If regulators accept this model, verification could evolve from document exchange to cryptographic attestation - an internet-native system of trust that satisfies both privacy and oversight.

That possibility places ZK at the center of a new paradigm: as a mechanism to prove selectively, securely, and verifiably. 

ZK is becoming mainstream infrastructure.