David Marcus, the head of Facebook's new Calibra payments division, appeared before two hostile congressional committees this week with a simple message: Facebook knows policymakers are concerned about Libra, and Facebook won't move forward with the project until their concerns are addressed.

While he didn't say so explicitly, Marcus' comments at hearings on Tuesday and Wednesday represented a dramatic shift in Facebook's conception of Libra. In Facebook's original vision, Libra would be an open and largely decentralized network, akin to Bitcoin. The core network would be beyond the reach of regulators. Regulatory compliance would be the responsibility of exchanges, wallets, and other services that are the "on ramps and off ramps" to the Libra ecosystem.

Facebook now seems to recognize its original vision was a non-starter with regulators. So this week Marcus sketched out a new vision for Libra—one in which the Libra Association will shoulder significant responsibility for ensuring compliance with laws relating to money laundering, terrorist financing, and other financial crimes.

Facebook's new stance addresses some of the questions I raised in last week's Libra feature. But it also raises new questions that Facebook will need to answer in the coming months. Marcus said Wednesday that the Libra Association will require regulatory compliance by Libra-based service providers, but he didn't explain how it will do so. However it's done, there's likely to be an inherent tension between improving regulatory compliance and Facebook's other goals to build an open network and make it accessible to marginalized people around the world.

Meet the new Libra—not the same as the old Libra

Comparing Facebook and Libra Association statements in June to Marcus' statements this week makes it clear that their stance has changed significantly.

"The Libra Blockchain will be open to everyone: any consumer, developer, or business can use the Libra network, build products on top of it, and add value through their services," Facebook wrote in its June white paper. "Open access ensures low barriers to entry and innovation and encourages healthy competition that benefits consumers. This is foundational to the goal of building more inclusive financial options for the world."

The white paper made it clear that Libra wouldn't be fully decentralized. The Libra Association would organize Libra's transaction-clearing process and retain the power to decide who could be a validator (that's Libra's equivalent to a bitcoin miner). The association will also manage the conventional currency that will back up Libra's value.

But last month, Facebook and Libra representatives stressed that the association would have a deliberately limited role—including a hands-off role in regulatory matters. Shortly after Libra's unveiling, podcaster Laura Shin asked Libra Association representative Dante Disparte what would happen if the US government asked the group to blacklist Libra addresses under US sanctions laws. Disparte demurred, stating that "the Association won't interact with any jurisdiction." He argued that complying with sanctions laws would be "the subject of individual wallets and providers in this ecosystem."

So would the Libra Association screen "individual wallets and providers" to make sure they followed the law? In June, Calibra's Kevin Weil told TechCrunch that "there are no plans for the Libra Association to take a role in actively vetting" developers.

In short, Facebook's vision for Libra followed the decentralized, user-beware model of conventional cryptocurrencies like Bitcoin. Facebook's own wallet service, Calibra, would follow US regulations on consumer protection, money laundering, sanctions, and so forth. But Facebook didn't seem to have plans for the Libra Association, Facebook, or any associated entity to police illegal activity on the Libra network as a whole.

Marcus' Wednesday testimony represented an abrupt change in Facebook's position. Over and over again during Tuesday's hearing before the Senate Banking Committee, senators grilled Marcus about the risk of money laundering and other financial crimes taking place on the Libra network. And Marcus took a very different tone from that of his colleagues a month earlier.

"As far as the Libra network is concerned, we'll have an anti-money-laundering program," Marcus said on Tuesday. Later he promised to ensure that "the proper measures are taken to avoid this network to be used for other purposes than it was designed for."

On Wednesday, Marcus made a more specific commitment, promising that the Libra Association "will implement safeguards that require service providers in the Libra network to fight money laundering, terrorism financing, and other financial crimes."

The new Libra will be less open

Networks like Bitcoin and Ethereum are fully open and permissionless: anyone can create services and software for these networks without seeking advance approval from anyone else. Bitcoin and Ethereum can get away with this because no one owns and controls these networks. There's no one regulators can fine or imprison for non-compliance, so regulators have focused their enforcement efforts on intermediaries at the edges of the network.

But the Libra Association will ultimately control the Libra network—both because it decides who can be a validator and because it will have control of the hard currency backing each Libra coin. So regulators can pressure the Libra Association to enforce money-laundering and other laws across the entire Libra network.

A key question is how the Libra Association will enforce regulatory requirements. The most obvious way to do it would be to require that each Libra transaction be signed by a wallet service that has earned prior approval from the Libra Association. Then the association could periodically audit these wallets, verify that they are adequately complying with various regulations, and report back to authorities in the United States and around the world. Or conversely, the association could require a wallet to first get sign-off from regulators in countries where it operates—and only then add the wallet service to the official list of approved services.

That would represent a dramatic change in Libra's design. It would raise the barrier to entry for new Libra-based financial services. That would be significant because lowering barriers to entry—both for wallets and for users in under-banked parts of the world—is one of the Libra project's stated goals.

Non-custodial

Another side effect of white-listing wallet providers would be to effectively ban what blockchain experts call non-custodial Libra holdings. Some people use the Bitcoin network via intermediaries like Coinbase. But others do so by creating their own public and private keys and directly submitting transactions to the Bitcoin network using open source software.

The original Libra white paper envisioned accounts being owned by "direct end users of the system as well as entities, such as custodial wallets, that act on behalf of their users." But this seems hard to square with the Libra Association's repeated claims that it won't directly interact with consumers. The owners of these non-custodial Libra addresses are interacting directly with the Libra Network. No other intermediaries are involved, so only the Libra Association will have the power to require these users to supply the kind of identifying information required by know-your-customer regulations.

In short, there's a pretty fundamental tradeoff between network openness and effective enforcement of regulations governing payment networks. If the Libra Association doesn't have a way to enforce compliance by wallet providers, criminals are likely to flock to wallet services that don't strictly enforce the rules—or to download open source wallet software and use non-custodial accounts.

But if the Libra Association does have a mechanism for forcing compliance, that inherently raises the bar for entering the market and makes the Libra network look more like conventional financial networks—with all the red tape that entails. This could be particularly harmful for marginalized people in developing countries, since developers in those markets will have the fewest resources to jump through regulatory hoops.

So Facebook's challenge in the coming months is to design a new network architecture that strikes a reasonable balance between these competing objectives—a network that is locked-down enough to satisfy regulators but open enough to attract a healthy developer ecosystem. Facebook, of course, can choose to add a Libra-based payment system to WhatsApp and Messenger, instantly giving the new network millions of users. But Facebook has a lot of work to do if it wants the broader Libra network to become a global standard.