Privacy and compliance can coexist by design. Privacy-preserving architectures like Canton Network show that controlled visibility can support effective AML/CFT programs without exposing sensitive data.
Selective disclosure enables compliant data access. Canton Network’s model allows transaction data to remain private by default, while granting permissioned access to authorized parties when needed.
Blockchain intelligence remains critical in private environments. Even with private data, risk signals and transaction insights are essential to identify suspicious activity, enable ecosystem monitoring, and support investigations.
TRM has designed a trusted execution environment to reduce data exposure risk. This infrastructure secures private data and enables TRM to access only the data required to generate risk insights, helping minimize legal, operational, and security risks.
Hybrid privacy models are likely to shape the future of on-chain compliance. Combining selective visibility, governance frameworks, and blockchain intelligence offers a practical path forward for balancing privacy, usability, and regulatory requirements.
When financial institutions evaluate blockchains for tokenization and on-chain operations, transparency is commonly a bug, not a feature. At the same time, when institutions assess privacy-preserving blockchain solutions, a consistent question emerges: how can compliance teams effectively assess ecosystem risks if the underlying data is not publicly visible?
This concern reflects how the implementation of anti-money laundering (AML) and countering the financing of terrorism (CFT) compliance programs evolved with transparent public blockchains, where transaction data is broadly visible. This visibility enables compliance teams to identify counterparties, trace fund flows, and detect suspicious activity. Most compliance tooling assumes that transaction data is freely accessible to the entities responsible for acquiring and monitoring it.
For regulated financial activity, configurable on-chain privacy controls remain a key requirement. However, different privacy techniques and architectures can change how compliance teams access and interpret data, introducing distinct operational considerations. Reduced accessibility and visibility do not inherently limit compliance capabilities. When implemented effectively, privacy on public blockchains can enable greater control and programmability over who can access specific data and under what conditions.
Over the past year, TRM Labs has developed a framework for applying blockchain intelligence within privacy-preserving environments. Our work with Digital Asset demonstrates how privacy and compliance can coexist when both are incorporated into system design from the outset.
A common perception is that privacy-enhancing technologies primarily benefit illicit actors. In practice, institutional use cases often require confidentiality for legitimate operational, fiduciary, and regulatory reasons.
On most traditional, fully transparent blockchains, transaction data, including counterparties, volumes, and activity patterns, and wallet balances are visible to any observer on a public block explorer. For financial institutions, this creates several challenges:
Personal or sensitive financial information leakage of customers
Treasury operations, payroll, and vendor payments may expose sensitive business relationships
Market participants may face front-running or strategy replication risks
Certain jurisdictions may impose data protection requirements that limit public disclosure of transaction details
Operational, cyber, and personnel security risks
These risks are not theoretical. Public reporting has documented instances where digital asset holders received extortion attempts referencing wallet balances derived from blockchain data. While institutional contexts differ, the underlying dynamic, where full transparency introduces risk exposure, remains relevant.
As a result, privacy-preserving technologies are increasingly viewed as a prerequisite for institutional participation at scale. The key question is not whether privacy controls are needed, but how blockchain intelligence can deliver the right level of visibility; surfacing genuine risk without exposing what doesn't need to be seen.
TRM’s white paper, On-chain Privacy and Financial Compliance, frames this as a design problem: identifying the combination of privacy models, compensating controls, and governance structures that can meet the needs of all stakeholders.
Canton Network implements a model of configurable privacy at the protocol and smart contract level, where all transaction data can be private and encrypted across network participants and selectively revealed as required by use case.
This differs from other privacy approaches layered on top of transparent chains and introduces important implications for compliance. In Canton’s model, access to private transaction data is not available by default. Instead, access is explicitly allowed in a selective disclosure manner, enabling highly configurable and permissioned data visibility, implemented at the smart contract and protocol level.
A key feature of this design is the ability to define designated observer roles, allowing authorized parties to access transaction data under defined conditions programmed in Canton smart contracts. This approach embeds compliance access directly into the network architecture.
Two implications follow:
Privacy is preserved by default: transactions are not publicly observable or trivially traceable
Access is controlled and auditable: visibility is granted deliberately by parties, rather than assumed
This combination enables a model where privacy and compliance are not in tension, but instead coordinated through governance. Financial institutions that are party to a transaction can screen activity and identify both the originator and beneficiary without exposing this data to non-participating entities. This enables them to meet recordkeeping requirements and Travel Rule obligations on Canton Network. However, blockchain intelligence remains critical to developing a comprehensive view of risk and supporting an effective, risk-based AML/CFT program.
TRM’s integration with Canton is designed to operate within this privacy-first architecture while still delivering actionable compliance insights.
At the center of this model is the concept of a guardian, TRM’s term for the entity responsible for governing access to encrypted private transaction data for a given asset. In most cases, this is the asset issuer or another designated authority.
Rather than broadly exposing transaction data, the guardian grants access selectively, based on defined policies and use cases. TRM’s approach, designing a Trusted Execution Environment (TEE), aligns with this structure. The TEE infrastructure is built to secure and access the private data, granted by a guardian. TRM accesses only the information required to generate risk insights, reducing both data exposure and potential legal or security risks.
Differentiated visibility by user type
Access to information varies depending on the role of the user:
Compliance teams and regulated institutions: TRM surfaces risk signals for high- and severe-risk entities and transactions. Parties remain pseudonymized, enabling users to assess risk without exposing full transaction details
Asset issuers and guardians: Entities with governance responsibility can access broader visibility across their ecosystem, reflecting their need to manage asset-level compliance risk
Law enforcement with legal authority: TRM supports structured access requests routed through the guardian. When approved, specific transaction data can be made available on a time-limited basis
This model ensures that access to sensitive data is both purposeful and controlled, while still enabling effective investigation and oversight.
A central design principle in TRM’s approach is risk-based disclosure. Not all transaction data needs to be visible to support effective compliance, and public transactions are not a requirement of AML/CFT regulations. Broad exposure would undermine the purpose of Canton’s privacy-preserving infrastructure and introduce additional security risks.
Instead, to support an effective AML program, TRM surfaces pseudonymized transaction-level detail only when the transaction is associated with elevated risk. For lower-risk activity, data is only accessible for users with asset issuer-level controls.
This approach aligns with established AML and CFT principles, which prioritize investigative focus on higher-risk activity rather than treating all transactions as equally suspicious.
Importantly, disclosure thresholds are not fixed. Guardians can calibrate which risk signals are material based on their regulatory environment and risk tolerance. This allows compliance frameworks to adapt to specific use cases while maintaining consistency with broader regulatory expectations.
For participants across the Canton ecosystem, this model provides a practical path to combining privacy and compliance:
Asset issuers can design privacy-preserving assets, while improving compliance through on-chain data
Financial institutions can maintain effective AML programs while operating in Canton’s on-chain ecosystem, leveraging blockchain intelligence to better assess and mitigate risks, without revealing details of their business operations
Regulators and supervisors can access relevant data through structured, auditable processes governed by clear controls
Collectively, this enables privacy-preserving financial infrastructure to operate within established regulatory expectations, rather than outside them.
The evolution of on-chain privacy reflects a broader shift in the digital asset ecosystem. Today, privacy is widely recognized as a prerequisite for scaling digital asset adoption and real-world utility. The technical capability to protect sensitive on-chain financial data, while enabling lawful, controlled access, already exists and has been proven in production through the Canton protocol and its smart contract framework.
The remaining challenge is designing frameworks that align privacy, compliance, and governance in a coherent way.
TRM’s On-chain Privacy and Financial Compliance white paper evaluates multiple disclosure models and their tradeoffs across stakeholders. The analysis suggests that hybrid approaches, combining selective visibility, risk-based disclosure, and strong governance, are likely to provide the most sustainable path forward.
Canton Network provides an architecture that supports this model. TRM’s blockchain intelligence layer enables it to function in practice.
Read the white paper to explore the full framework and evaluate which model best fits your organization’s risk and regulatory requirements.
1.How can compliance teams operate without full transaction visibility?
Compliance teams can rely on risk-based signals and selective disclosure mechanisms. Instead of viewing all transaction data, they receive relevant insights, such as exposure to high-risk entities, which allows them to assess and mitigate risk effectively while preserving privacy.
2. What is selective disclosure in blockchain networks?
Selective disclosure is a mechanism that allows specific transaction data to be shared with authorized parties under defined conditions. In networks like Canton, access is granted programmatically, ensuring that visibility is both controlled and auditable.
3. What is a guardian?
A guardian is the entity responsible for governing access to encrypted transaction data for a specific asset. This role defines who can view data, under what conditions, and for what purpose, ensuring controlled and compliant access.
4. How does risk-based disclosure work?
Risk-based disclosure prioritizes visibility for transactions associated with elevated risk. Lower-risk activity remains restricted, while higher-risk transactions trigger additional data access, enabling more targeted investigation and oversight.
5. Why do financial institutions need privacy on blockchains?
Institutions require privacy to protect sensitive financial data, including customer information, trading strategies, and business relationships. Without privacy controls, fully transparent blockchains can introduce operational, regulatory, and security risks.