SEC crypto task force searches for answers on anonymity and regulation

The U.S. Securities and Exchange Commission’s (SEC) newly created Crypto Task Force is hosting a series of roundtables in cities across the country to gather input from small teams and early-stage projects on how to regulate digital assets.

The stated goal is simple but politically charged: how can the U.S. reconcile the anonymity of crypto transactions with the anti-money laundering (AML) requirements that underpin the global financial system?

The answer may lie in a new generation of regulatory frameworks that use cryptographic proofs instead of raw personal data. Two proposals submitted to the task force, POLARIS 3.0 and the Modular Consent Mechanism, outline technical systems that are designed to square that circle. They attempt to preserve pseudonymity for everyday users while satisfying legal standards under securities law, the Bank Secrecy Act, and international anti-money laundering (AML) rules.

The roadshow is the most visible effort yet by the Crypto Task Force, the SEC unit established earlier this year following the resignation of former SEC chair Gary Gensler, a vocal skeptic of digital assets.

Under SEC Commissioner Hester Peirce, who is known as “Crypto Mom” for her industry-friendly views, the SEC has signaled a shift from an enforcement-first posture to one that is more open to collaboration. The task force’s mission is to both enforce existing law and to chart new regulatory guidelines that are tailored to the idiosyncrasies of cryptocurrencies, from decentralized finance (DeFi) protocols to stablecoins.

“We want to hear from people who were not able to travel for the roundtables that took place this past spring in Washington, D.C. and may not have had a voice in past policymaking efforts,” Peirce said. “The Crypto Task Force is acutely aware that any regulatory framework will have far-reaching effects, and we want to ensure that our outreach is as comprehensive as possible.”

One of the thorniest questions the task force faces is when and how crypto tokens fall under securities law. For decades, courts have relied on the “Howey Test,” a legal standard established by the U.S. Supreme Court in SEC v. W.J. Howey Co. to determine whether a transaction qualifies as an “investment contract” and therefore subject to federal securities laws.

Applying this test to decentralized crypto tokens where there may be no single issuer, no centralized enterprise, and no identifiable group of “others” whose efforts drive profits, has been one of the SEC’s most contentious enforcement tools.

Peirce’s roadshow thus is as much about technical and legal nuance as it is about grassroots input.

Among the proposals submitted to the task force, POLARIS 3.0 stands out for its ambition. Styled as a “technical-regulatory bridge,” POLARIS proposes a modular system of “identity oracles” that validate attributes like Know Your Customer (KYC), sanctions screening, and biometric liveness without exposing a user’s personal data.

Instead of transmitting a driver’s license number or passport details, the system would generate cryptographic proofs that these checks have been completed.

Scaling this system, though, will require more than technology. The authors propose establishing a self-regulatory organization chartered by the SEC to oversee certification of smart contracts, managing identity-oracle networks, and operating a public-facing “Civic Transparency Portal.”

This portal would provide near real-time listings of certified contracts, verified wallets, and trusted tokens, effectively serving as a public ledger of compliance without sacrificing user anonymity.

POLARIS emphasizes risk-based controls. A $20 purchase of a digital collectible might require nothing more than a pseudonymous wallet reputation score, while a $2 million stablecoin transfer could demand biometric authentication and proof of sanctions clearance. This aligns with the Financial Action Task Force’s (FATF) “Travel Rule.”

The Travel Rule requires Virtual Asset Service Providers (VASP) and financial institutions to obtain, hold, and transmit specific originator and beneficiary information immediately and securely when transferring Virtual Assets (VA). POLARIS envisions compliance with the Travel Rule through portable, automated KYC credentials that can move between exchanges like passports.

The second proposal, the Modular Consent Mechanism (MCM), reframes consent as a technical primitive, a core building block of the system rather than a peripheral step.

Instead of limiting compliance to a one-time onboarding check, the MCM embeds cryptographically verifiable consent directly into transactions themselves, triggering especially for high-risk or high-value transfers. Its design rests on a three-layer architecture that integrates contextual validation, on-chain registration, and application-specific modules, ensuring that consent functions as a fundamental operation in the crypto ecosystem.

In practice, this means a $20 micropayment for an in-game item could move seamlessly with only a lightweight proof tied to the wallet’s compliance history, while a $10,000 cross-border transfer would automatically require stronger safeguards such as biometric verification on the sender’s device and a zero-knowledge proof confirming that anti-money laundering checks had been met.

In both cases, only cryptographic attestations, not personal identity data, would travel across the blockchain. The idea is to make consent dynamic and verifiable at the transaction level, adapting automatically to the scale of the risk.

Like POLARIS, MCM also relies on reputation tokens. These non-transferable digital markers build trust based on wallet tenure, governance participation, and clean compliance history. The higher the reputation, the fewer interruptions a user faces. Suspicious or brand-new wallets on the other hand would be subject to stricter consent requirements before transactions are processed.

The timing of these proposals is no accident. The roadshow and the frameworks submitted to the task force reflect a broader shift in Washington. Under President Donald Trump, the administration has rebranded crypto not as a risk to be corralled, but rather as an engine of national competitiveness. Trump has promised to make the United States the “crypto capital of the world” and to dismantle what he called “Operation Choke Point 2.0,” a Biden-era policy that allegedly pressured banks to cut ties with crypto firms.

Operation Choke Point refers to the controversial Obama-era Department of Justice initiative that targeted banks serving high-risk industries like payday lenders and firearms dealers. The crypto industry has long claimed that regulators adapted the tactic to squeeze digital asset firms by discouraging banks from offering them accounts.

By withdrawing a 2020 Financial Crimes Enforcement Network proposal targeting unhosted wallets, disbanding the Justice Department’s National Cryptocurrency Enforcement Team, and narrowing crypto prosecutions, the Trump administration has made clear that it is breaking with that approach.

Instead, it is elevating private sector-led investigations and platforms like the Illicit Virtual Asset Notification (IVAN) system where banks and exchanges share intelligence voluntarily.

IVAN is a public-private partnership created in October 2021 to improve timelines of detection and disruption of ransomware and other illicit virtual currency payment flows.

The Trump administration’s centerpiece for crypto regulation is the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act), which was signed into law in July. The law creates a framework for dollar-backed stablecoins, requires issuers to maintain strict reserves, meet redemption requirements, and register as financial institutions under the Bank Secrecy Act.

The GENIUS Act also mandates that the Treasury Department solicit public comment on tools to mitigate illicit finance risks, including application programming interfaces (APIs), AI, blockchain monitoring, and digital identity verification.

A recent Treasury notice emphasized that digital identity is not just a compliance tool but a foundational enabler of innovation. Portable credentials, officials argued, could be used not only for bank onboarding but also within decentralized finance smart contracts, ensuring that only verified users can execute certain transactions.

The notice also flagged privacy-preserving technologies like zero-knowledge proofs and selective disclosure as mechanisms to balance identity with civil liberties.

Industry leaders are echoing the call. Jordan Burris of Socure, a former federal digital identity official, has argued that the U.S. urgently needs a national digital identity strategy. Mobile driver’s licenses (mDLs) are one option, but experts caution they are only “part of the equation.” By tying digital identity to crypto regulation, the White House is attempting to converge financial innovation, consumer protection, and national security.

Not everyone is convinced. Civil liberties advocates warn that reputation tokens and consent proofs could morph into de facto identifiers if reused widely across platforms. They caution that even anonymized compliance data, when combined, could recreate the very surveillance systems that these frameworks claim to avoid.

The POLARIS proposal responds by decoupling identity from operations. Users can transact anonymously, but higher-value transfers are algorithmically supervised with risk scoring and adaptive proofs. There are no fixed links between personal identity and every on-chain action. The MCM approach ensures that biometric data never leaves local devices and that consent is auditable but revocable.

Both proposals also embed governance and transparency measures. POLARIS suggests an independent ethics committee to review scoring algorithms, while the MCM calls for National Institute of Standards and Technology-grade security practices, multi-signature upgrades, and bug bounties.

By the time commissioner Peirce arrives in Ann Arbor, Michigan in December for the final stop of the roadshow, the core arguments will have been aired across nine cities. Armed with frameworks like POLARIS 3.0 and the Modular Consent Mechanism, the task force will have to decide whether these blueprints can credibly reconcile pseudonymity with AML enforcement.

Article Topics

AML  |  biometrics  |  cryptocurrency  |  data privacy  |  decentralized finance  |  digital identity  |  financial services  |  regulation  |  Securities and Exchange Commission (SEC)  |  U.S. Government