Technical Compliance Solutions: Privacy-Preserving AML Without Full Surveillance
Rachel’s point about FATF Travel Rule enforcement being essentially impossible for P2P Tron transfers is technically correct — but I think the conversation is stuck in a false binary between “full KYC surveillance” and “no compliance at all.” There are cryptographic and architectural solutions that could bridge this gap, and they’re closer to production-ready than most regulators realize.
Zero-Knowledge Proofs for Travel Rule Compliance
The core insight is that the Travel Rule requires information sharing, but it doesn’t require that information to be publicly visible or stored in centralized databases. Zero-knowledge proofs (ZKPs) allow a party to prove a statement is true without revealing the underlying data. Applied to stablecoin compliance, this means:
- A user can prove they’ve passed KYC verification without revealing their identity to the counterparty or to on-chain observers
- A transfer can prove it originates from a verified entity in a FATF-compliant jurisdiction without exposing the entity’s details on a public blockchain
- An exchange can verify that a counterparty wallet has completed AML screening without requiring the wallet holder to submit documents to that specific exchange
Projects like zkPass are building exactly this: privacy-preserving identity verification that uses ZK proofs to attest to KYC completion without storing or transmitting personal data. Holonym takes a similar approach, creating “human credentials” that prove sybil-resistance and jurisdiction membership without linking to government IDs on-chain.
These aren’t theoretical. zkPass has processed over 2 million credential verifications as of late 2025, and Holonym’s ZK passport verification is live on multiple chains.
On-Chain Analytics: AML Without Universal KYC
There’s a persistent misconception among regulators that AML monitoring requires KYC on every individual user. In practice, on-chain analytics firms like Chainalysis, Elliptic, and TRM Labs already provide comprehensive AML monitoring for stablecoin flows without requiring identity verification on every wallet.
How this works in practice:
- Chainalysis tracks USDT flows across Tron, Ethereum, and other networks, flagging wallets associated with sanctioned entities, known fraud operations, and darknet markets
- Elliptic’s transaction screening can identify suspicious patterns — structured transactions, rapid layering, connections to high-risk jurisdictions — in real time
- TRM Labs provides risk scoring for individual wallets based on behavioral analysis, not identity verification
This is already how most major exchanges handle compliance: they monitor on-chain flows for suspicious activity and apply enhanced due diligence when risk indicators appear. The system isn’t perfect, but it’s far more effective than the “KYC everyone or KYC no one” framework that FATF seems to be operating under.
A Tiered Compliance Model
Building on Rachel’s proportional regulation framework, here’s what I’d propose as a technically feasible compliance architecture for stablecoin transfers:
Tier 1: Small transfers (<$1,000)
- No individual KYC required
- On-chain analytics monitoring for sanctioned address interaction
- Wallet-level risk scoring via Chainalysis/Elliptic APIs
- This covers the vast majority of remittance and daily commerce use cases in the Global South
Tier 2: Medium transfers ($1,000 - $10,000)
- ZK proof of identity verification (prove you’ve completed KYC somewhere, without revealing to whom)
- Enhanced on-chain monitoring with automated suspicious activity flagging
- Optional Travel Rule compliance via privacy-preserving messaging protocols like TRISA or OpenVASP with ZK extensions
Tier 3: Large transfers (>$10,000)
- Full Travel Rule compliance with originator/beneficiary information sharing between VASPs
- Real-time transaction monitoring and reporting
- Standard AML/CTF procedures equivalent to traditional banking
This tiered model preserves financial access for the small-value use cases that matter most in emerging markets — the $50 remittance, the $200 business payment — while applying progressively stricter compliance for larger flows where money laundering and terrorism financing risks are materially higher.
The Implementation Path
The technical stack exists today. What’s missing is regulatory buy-in. FATF’s 2025 guidance acknowledges gaps but doesn’t endorse ZK-based solutions or tiered exemptions. Getting from here to a workable framework requires regulators to engage with the technology rather than defaulting to the banking compliance model that was designed for a world of intermediated transactions.
Rachel, I’d love to see your regulatory sandbox proposal explicitly include ZK compliance tools as a testable innovation. The sandbox is the right venue to prove these approaches work — and to give regulators the evidence they need to update their frameworks.