The Coin Center report “Tear Down this Walled Garden: American Values and Digital Identity” argues that our current AML/KYC identity system is expensive, privacy-invasive, and largely useless against real crime – and that open, decentralised digital identity built on cryptography and blockchains could do much better.
Coin Center is a Washington, D.C.–based non-profit research and advocacy group focused on public policy issues facing cryptocurrency and open blockchain networks. While its new report examines the U.S. Bank Secrecy Act and American AML/KYC practice, the core critique and the proposed digital identity model are highly relevant for Europe.
Why today’s AML/KYC identity regime is a failure
Coin Center starts from a brutal diagnosis:
For more than 50 years, banks and payment providers have been forced under the U.S. Bank Secrecy Act (BSA) and later the PATRIOT Act to collect masses of personal data about their customers (KYC), screen transactions, file suspicious activity reports and keep huge data silos. Yet less than 1% of criminal proceeds is ever intercepted or recovered. UN and academic estimates speak of interception rates around 0.1–0.2% of criminal funds – effectively “near-zero” impact on crime.
At the same time:
The financial industry spends tens of billions per year on compliance – without any real results on the extent of Money Laundering.
Ordinary customers are forced to hand over passport scans, addresses, tax IDs, sometimes biometrics, again and again to different institutions – each one creating another hacking target.
Identity theft is exploding; major breaches like Equifax have exposed data of tens of millions of people
Coin Center’s point fits what we see daily at EFRI als these efforts fail to prevent industrial-scale online investment fraud.
The report also warns of the political side: once such an infrastructure exists, it invites abuse and financial censorship. It cites examples from China, Canada and the Middle East, where financial data or banking access were used to control minorities, protesters or women
Bottom line: Coin Center argues that today’s AML/KYC regime is a walled garden of centralised databases and gatekeepers that
barely hurts serious criminals,
creates massive data-breach and censorship risk, and
excludes millions from the financial system.
Three paradigm shifts: how digital identity could work differently
Coin Center doesn’t just criticise; it sketches an alternative identity model based on tools that already exist: verifiable credentials, zero-knowledge proofs, secure multi-party computation and open blockchains
They propose three key shifts:
From siloed documentation to “passportable ID”
Today, every bank and platform re-collects and stores the same documents. The report argues for portable, user-held credentials: identity data is issued once by a trusted issuer and then carried by the user, who presents cryptographic proofs when needed. This reduces duplication, costs and the attack surface.From identity verification to attribute verification
Regulators usually don’t need your full life story; they need to know specific facts: Are you over 18? On a sanctions list? A U.S. person? A high fraud risk? Instead of sending full passports and bank statements, users could prove these attributes with zero-knowledge proofs – showing the fact without revealing underlying data.From static risk scoring to dynamic risk assessment
Today, risk assessment often happens only at onboarding – a snapshot that quickly becomes outdated. The report argues for updatable, cryptographic risk signals that can change over time without exposing raw personal data. Compliance becomes more accurate while data hoarding decreases.
Coin Center warns that for crypto is clear: a naive fully-transparent blockchain world (everything in the open, forever) would be an even better surveillance tool for authoritarian regimes than today’s banking system. So privacy-by-design is not a “nice to have” but a necessity.
Principles for a privacy-preserving identity system
Coin Center formulates seven principles that any future digital identity standard should respect:
No backdoor – no hidden government access built into the system.
No phone home – credentials shouldn’t “ping” a central server whenever used.
No chokepoint – no single actor should be able to shut down a person’s financial life.
No honeypot – avoid giant central databases that invite hacking and abuse.
No leaks – minimise data exposure at every step.
No dead zones – the system must work for everyone, including the unbanked and vulnerable.
No lockout – users shouldn’t be permanently excluded by one issuer or platform.
Policy roadmap: the “John Hancock Project”
Because identity is a public good, Coin Center argues that the market alone will not build an open standard; everyone waits for everyone else. This is where government has a role – not as central operator, but as standard setter and legal enabler.
They propose a five-part federal strategy for the U.S.:
Open standards
Encourage interoperable, privacy-preserving technical standards for credentials, revocation and proofs.Certification
Allow private organisations to certify that issuers comply with these standards, and let regulators certify their due-diligence processes for specific regulatory goals (e.g. KYC).Permission and safe harbors
Require financial institutions to accept certified credentials – and give them safe harbors when they rely on them in good faith. This reduces incentives to over-collect data “just in case”.Protection for tool developers
Make clear that building and maintaining software for user-held identity credentials is not money laundering or unlicensed money transmission. Otherwise innovation will be chilled by legal risk.Credential minimisation over time
Push AML frameworks gradually towards data-minimised proofs instead of full data dumps – aligning legal requirements with technological capabilities.
Coin Center suggest that reforms could start via regulatory sandboxes and pilot projects under existing authority, but ultimately require federal legislation to be robust and uniform.
Why this matters for EFRI and fraud victims
For EFRI, the message of the report is highly relevant:
It is a fact that the current AML regime simply does not work, neither in U.S. nor in Europe. For us the main reason is the ineffectiveness of the supervision and enforcement; and this for sure will not change in future. So the current AML/KYC system (with ineffective enforcement and supervision) for sure does not stop online investment fraud, but it did create endless KYC friction and data breaches for victims. We for sure need new approaches that could work out. A shift to open, cryptography-based digital identity could, in principle, protect victims’ privacy and make it harder for professional fraud networks to hide – if implemented with strong safeguards.
Coin Center’s “Tear Down this Walled Garden” argues for a future where citizens keep control over their identity, financial access remains open, and true criminals – not victims – are the ones under pressure.
For us at EFRI, Coin Center’s work is an essential and thought-provoking contribution: it shows an interesting approach to finally get a better grip on the long-failing AML problem. But it is not the only possible path. We are open to other models and ideas – the only condition is that they must genuinely protect victims, respect fundamental rights and actually reduce financial crime instead of just expanding the paperwork.
