Michael J. Casey is the chairman of CoinDesk’s advisory board and a senior advisor for blockchain research at MIT’s Digital Currency Initiative.

The following article originally appeared in CoinDesk Weekly, a custom-curated newsletter delivered every Sunday exclusively to our subscribers.

In last week’s column — my third on Libra — I referred to a core dilemma confronting the cryptocurrency project’s financial inclusion goals: the impossibility of being both pro-privacy and pro-KYC.

I promise a break this week from Libra and its controversial founder, Facebook. But I want to dive deeper into that dilemma because the problem is hardly unique to that project. As “know-your-customer” rules have steadily encroached into their world, all cryptocurrency startups trying to expand financial access for the poor are hamstrung by requirements to identify and track the people they seek to serve.

This contradiction stems from tough policies contained under Anti-Money Laundering and Combating the Financing of Terrorism rules (AML-CFT), which were tightened worldwide after the September 11 attacks in 2001 and then again after the financial crisis. Since virtually every bank needs access to dollars, KYC rules everywhere tend to follow models laid down in the U.S. Bank Secrecy Act and in guidelines of the U.S. Financial Crimes Enforcement Network, or FinCEN. Further internationalizing pressure comes from the inter-governmental Financial Action Task Force, or FATF, which sets the regulatory standards by which countries pressure each other to comply.

This network of rules, which empower enforcement agencies to impose stiff fines, hold the Sword of Damocles over bankers’ heads, driving them into risk-averse positions. Bank compliance officers need only mention HSBC (fined $1.9 billion for enabling Mexican drug money laundering) or Standard Chartered (hit with a $1.1 billion fine for similar lapses with Iran) to convince their bosses of a rigorous approach to identifying and profiling customers.

Yet it’s not clear these measures are effective. The UnitedNations Office on Drugs and Crime (UNODC) estimates that a 2-5% of global GDP, or between $800 billion and $2 trillion, is still being laundered each year. Would the figures be higher without these tough rules? Maybe. But we have no counterfactual against which to measure performance.

Criminals still have a host of mechanisms to move money around and avoid sanctions. Yes, some use bitcoin – which is why the FATF this year introduced tougher rules for what it calls “virtual asset service providers” – but cryptocurrency’s role is far smaller than that played by fiat currency banknotes. And as revealed in the Panama Papers in 2015, all sorts of shady entities continue to help crooked politicians and their financiers hide identities and obscure money movements.

What we do know is that these rules hinder financial inclusion.

Caribbean governments, for example, complain that their economies have increasingly suffered “de-risking,” as tougher compliance has stanched investment flows to the islands.

The consequences are even more severe for poorer countries, where state-led IDs are either non-existent or easily forged. The heavy scrutiny that foreign banks apply to their counterparties in FATF-labeled “high-risk jurisdictions” means the bar for businesses and individuals in those countries to obtain local banking services is very high. It’s a key reason why 2 billion people worldwide are considered “unbanked.”

This, of course, has a negative impact on poverty, which in turn feeds crime and terrorism – the very problems AML-CFT is intended to fight.

Consider Somalia, a failed state whose institutions are often blacklisted by the world’s biggest banks. It’s difficult and costly for Somalian expats to send money home to family members who rely on such remittances. This perpetuates poverty, drives people into informal payment systems and fosters the disenfranchising economic conditions in which terrorist organizations such as the Somali-based Al Shabaab thrive.

Talk about a perverse effect.

Is cryptocurrency the answer?

The Cypherpunk answer is to say, screw governments. People should use bitcoin, since it enables peer-to-peer digital payments without the intermediation of a regulated entity.

The problem lies at the crypto on- and off-ramps, where government surveillance has become ever more intense. The FATF’s new “travel rule” says cryptocurrency exchanges should be required to obtain information, not only about their customers but also on their customers’ customers, forcing cross-exchange information-sharing. This suggests the only environment where cryptocurrency transactions will be free from KYC exists solely between self-custody wallets. The minute a transaction touches the custodial structure that underpins most exchanges, cryptocurrency will be subject to KYC reporting.

Decentralized exchanges, or DEXes, which provide price and matching services but take no custody of clients’ coins, might be a way around this problem. Recent FinCEN guidance excluded them from the definition of regulated money service businesses in the U.S.

However, cryptocurrency advocacy group Coin Center has raised concerns that the FATF’s definition of regulated “virtual asset service providers” includes a vague reference to entities which “transfer” funds. Vagueness creates uncertainty, which as we’ve seen with bank compliance officers, is toxic to risk appetites. Many lawyers will advise their DEX clients to impose KYC to be on the safe side.

Also, with Helsinki-based LocalBitcoins announcing new KYC rules this year due to a new Finnish anti-money laundering law, it has become much harder for people to find each other in person and agree on a price for exchanging cryptocurrency for fiat without being officially surveilled.

In any case, it’s simply impractical for people in the developing world to use bitcoin as their main unit of account and medium of exchange. Perhaps Libra, with its basket-based stability mechanism, could evolve into a day-to-day payment vehicle, but as we saw from David Marcus’s testimony to Congress, that corporate-backed project will require KYC.

Bottom line: the poor need an easy-access fiat on-ramp.

Monitoring tech advances

We’re back to square one: financial inclusion goals suffer at the expense of governments’ crime-fighting objectives.

One could argue governments should decriminalize money – combat the actual crimes of drug trafficking, arms dealing, and so forth, but treat the right to exchange value as a human right. Let’s be realistic, though: that isn’t going to happen.

So, how to escape this vicious cycle? The answer may lie in blockchain technology’s own capacity to track transfers between pseudonymous accounts – though not as currently applied.

For some time, transaction-trackers such as Elliptic and Chainalysis have helped law enforcement agencies trace cryptocurrency payments to and from bad guys and provided rigorous AML monitoring audit services to companies.

Now, newcomers such as the Coral Protocol and CipherTrace are using high-tech network analyses and cryptographic protections to help businesses share cryptocurrency metadata to flag suspicious behavior without revealing their customers’ personal identifying information, or PII. These could make it easier for companies to comply with the FATF travel rule and generally create a more sophisticated, systemic analysis of risk.

Quite apart from KYC rules, there’s real value here for a cryptocurrency economy increasingly dominated by “bots.”

Still, there’s no way around the law. At the on- and off-ramps, customers must be ID’ed. And, under order from a law enforcement agency armed with these sophisticated tracking tools, a firm must crack open the black box and release the PII to the authorities.

A new mindset

What if, though, governments concede that it’s both impossible and unnecessary to formally identify poor people at the on and off-ramps? What if they accepted an AML model that treats the endpoints as unidentified nodes and, drawing on these new analytic tools, actively managed access to networks based on behavior not identity?

Here, ongoing research in machine learning and high-performance computing by the MIT-IBM Watson AI Lab in collaboration with Elliptic could be a catalyst. As described by lab researcher Mark Weber, the team uses an approach known as “graph convolutional networks” to create enhanced money flow forensics to address the challenges posed by the “complex layering and obfuscation schemes utilized by sophisticated criminal networks.”

Mapping a massive pool of bitcoin transactions, the researchers have isolated patterns that distinguish between illicit and licit behavior. In a forthcoming paper, they posit their work as a contribution to financial inclusion goals.

One day businesses might use such tools to control access points to cryptocurrency networks without applying traditional KYC, ensuring that good guys get financial services but bad guys don’t, even if neither is furnishing an official ID.

Would regulators go for it? Not, it would seem, under the current mindset. Compliance is used to identify and catch criminals, not as way to control access per se. If anything, the regulatory trend has been toward a greater dependence on state ID and ever more conservative treatment of “high-risk” poor people by financial institutions.

Cryptocurrency compliance expert Juan Llanos complains that regulators “are not open to innovation.” He adds, “As long as government ID is the standard, we are going to have this problem. Anything anonymous is controversial and not allowed. It’s very unfortunate.”

Still, the FATF’s latest round of deliberations did contain one olive branch to innovators: a willingness to explore the potential for “digital identity provided by governments or by the private sector.”

Combine that “private sector” line with a brief reference in Libra’s white paper to “portable digital identity” as a financial inclusion solution, and one can at least imagine financial and tech companies such as those the Libra Association’s members hashing out an onboarding solution for the poor that no longer depends on the outdated notion of state IDs.

This approach won’t satisfy hardline privacy advocates, who rightly view exchange as a human right.

But as a pragmatic solution, it’s perhaps the best hope that the world’s 2 billion unbanked have.

Masks via Shutterstock