Request for Comment: Private Industry's Role to Detect Illicit Activity

In August, the U.S. Treasury Department filed a Request for Comment required by the GENIUS Act, seeking new methods to detect illicit activity involving digital assets. zeroShadow responded to the RFC and proposed harnessing blockchain’s most powerful feature—its public transparency—to enable real-time detection. This transparency can be strengthened with the speed, technical depth, and global reach of the private security industry. In order to accomplish this, private industry should play a formal, active role in the fight against illicit crypto activity with real-time data sharing initiatives.

The full response is published here:

Background

Treasury’s request for comment comes at a pivotal time. Digital assets have become deeply embedded in both legitimate finance and illicit activity. While U.S. regulators and law enforcement have made substantial progress in applying existing AML/CFT frameworks to this new environment, adversaries continue to exploit gaps in detection, jurisdictional boundaries, and the pace of investigative processes.

The RFC highlights a critical policy challenge: how to harness innovation to keep pace with the evolving methods of bad actors. To date, much of the focus has been on compliance software, regulatory reporting, and law enforcement action after the fact. However, the rapid speed of digital asset movement, the role of decentralized infrastructures, and the global nature of illicit networks demand more agile and collaborative approaches.

This consultation is therefore an opportunity to reframe the conversation: the blockchain itself is the most transformative innovation for detecting illicit finance, and private investigative firms — alongside compliance vendors and law enforcement — are essential actors in unlocking its potential.

This perspective may run counter to Treasury expectations, but the reality is clear: blockchain-focused AML technology has delivered only limited results. To truly build a comprehensive stack that tackles illicit finance, firms often need to rely on a patchwork of vendors, each covering a narrow niche. The outcome? Compliance costs rise sharply—ironically, undermining the very goal of reducing financial crime.

The investigator's edge

Our position takes a different angle from the prevailing global trend. Instead of endlessly scaling technology to ease workloads, we propose harnessing blockchain’s most powerful feature—its public transparency—and empowering the private security industry to play a formal, active role in this fight.

For example, FATF’s 2023 report on “Illicit Finance in the Crypto Ecosystem” noted that North Korean cyber actors consistently exploit bridges and mixers to obscure the origin of funds. Similarly, FinCEN’s 2021 advisory on ransomware emphasized that blockchain analytics, combined with off-chain intelligence, is central to attribution. Yet, despite these findings, current industry responses remain overly dependent on siloed compliance vendors, which provide alerts but rarely pursue attribution or disruption.

An unintended consequence of this fragmented vendor landscape is the creation of investigative blind spots. Smaller institutions, unable to afford multiple providers, may lack coverage of key typologies. Larger institutions face duplication of alerts and ballooning compliance costs, which ultimately discourage innovation and reduce industry resilience. Moreover, adversaries exploit these gaps, knowing that vendor silos slow down investigative

response times.

Blockchain as the innovation

The most innovative feature enabling the detection of illicit finance is not an overlay technology, but blockchain itself. Public blockchains function as a permanent, immutable, and universally accessible record of transactions — a “shared truth” of value transfer.

Every movement of value can be traced across time and borders. Even years after an illicit transaction, the evidence remains preserved on-chain, enabling retrospective investigation and attribution in ways that are impossible with physical cash or fragmented banking data. This property has already allowed investigators to connect historic transactions to sanctioned entities, ransomware operators, and fraud schemes long after the crimes were committed.

Transparency at scale is unprecedented in financial history. While traditional financial records require subpoenas, cross-border requests, or cooperation from private institutions, blockchain data is available to all parties simultaneously — regulators, law enforcement, compliance teams, and private investigators alike. This democratization of access creates an environment where illicit actors can hide only temporarily, not permanently.

Critically, blockchain’s transparency also enables real-time detection and disruption. Unlike the monthly or quarterly reporting cycles of legacy finance, illicit flows in digital assets can be traced within minutes, creating opportunities for rapid intervention, fund freezes, and asset recovery. Combined with advanced analytics and off-chain intelligence, this makes blockchain the foundation for a new investigative model: proactive, data-driven, and globally interconnected.

Private investigative firms leading the charge

Law enforcement agencies, while critical, are constrained by legal process, resource allocation, and case prioritization. In certain jurisdictions (US, UK/ EU) the issue is not detecting illicit finance, but rather responding to it. Law enforcement agencies have repeatedly stated that unless the crime hits a certain USD threshold, officers will not be able to open a case. This is mirrored in Commercial compliance software that often provides alerts but rarely conducts full-spectrum investigations. Private investigative firms bridge this gap:

• Speed & Agility: We can trace stolen or illicit funds within minutes or hours of an incident, well before law enforcement processes are triggered.

• Technical Depth: Firms like ours build bespoke investigative methodologies that go beyond automated clustering or exposure scoring. We combine blockchain analysis with off-chain intelligence (infrastructure, metadata, darknet activity) to build attribution cases.

• Global Reach: Private firms often operate across jurisdictions without being bound to a single country’s remit, enabling faster collaboration with exchanges, DeFi protocols, and victims.

Barriers faced

The primary obstacle is not capability, but access. Many regulated entities will only release data if compelled by law enforcement, even where GDPR and other privacy frameworks explicitly allow controlled data sharing with private security providers under legitimate interest and contractual bases. This slows investigations, increases victim losses, and burdens already overstretched government agencies.

As mentioned earlier - Law Enforcement can not currently keep up with the investigative demand of crypto investigations. Illicit activity on the blockchain can touch hundreds of services creating potentially thousands of transactions that require Court documents to follow up on. Law Enforcement has already been vocal on how they can not keep up with this. This has already resulted in the Law Enforcement relying on private investigative firms to provide intelligence to enact effective investigations.

The Treasury should encourage mechanisms — such as standardized Data Sharing Agreements — to empower financial institutions to cooperate responsibly with vetted investigative firms so that intelligence can flow swiftly to Law enforcement.

US data protection landscape

There is no U.S. GDPR equivalent. There are protections depending on the type of data and sector:

GLBA (Gramm-Leach-Bliley Act) – Applies to financial institutions. It restricts how customer “nonpublic personal information” is shared but allows sharing with service providers or for fraud prevention, law enforcement, or compliance purposes.

California Privacy Laws (CCPA/CPRA) – California has implemented the most comprehensive state-level privacy regime. Similar provisions to GDPR.

To fully leverage global resources in the fight against crypto-related money laundering, it is essential to empower the private investigative industry. We encourage regulators to clarify that Crypto Asset Service Providers may share information under the Gramm-Leach-Bliley Act (GLBA) with private investigative firms, provided those firms are engaged as vendors or service providers. Such sharing should be governed by a written agreement (e.g., Data Sharing Agreement or NDA), which ensures that:

• Data is used solely for the agreed investigative purpose

• Appropriate security and confidentiality safeguards are maintained.

This framework is consistent with existing practice under the EU’s General Data Protection Regulation (GDPR), where regulated entities are also permitted to share data with private investigative firms acting as data processors or service providers under strict contractual safeguards. In both the U.S. and EU, these mechanisms allow for lawful, controlled collaboration with the private sector to strengthen AML defenses.

zeroShadow: real-time crypto crime intelligence

In continuing this theme, zeroShadow is developing an API product designed to provide exchanges, protocols, compliance teams and Law Enforcement with a real-time feed of high-risk cryptocurrency addresses.The API is fed by a team of investigators tracking illicit funds 24/7. This product will be free for important industry players such as Law Enforcement and regulators and other supporting partners.

• DPRK-owned wallets linked to sanctions evasion and state-sponsored cybercrime.

• Addresses laundering stolen funds, including those from hacks, exploits, and ransomware.

• Fraud and social engineering wallets, used in scams, phishing, and other deceptive schemes.

• Wallets tied to active criminal investigations, offering proactive exposure monitoring.

Unlike traditional compliance solutions, which often rely on delayed or static data, zeroShadow’s API is updated directly by experienced investigators in real time. This speed is critical, as malicious actors move quickly to obfuscate the origins of illicit funds and exploit gaps in conventional monitoring systems.

The API is software-agnostic, meaning it can integrate seamlessly with any compliance stack—centralized or decentralized—without requiring clients to replace their existing tools. It functions as an enhancement layer, ensuring compliance teams and risk managers receive timely, actionable intelligence to prevent illicit funds from entering or moving through their platforms.

By focusing on immediacy, precision, and flexibility, zeroShadow’s API empowers financial institutions, crypto exchanges, and DeFi protocols to stay ahead of sophisticated money laundering tactics. This product closes the gap between blockchain’s transparency and compliance workflows, enabling faster detection and mitigation of financial crime.

In an ecosystem where bad actors constantly adapt, the zeroShadow API provides the real-time intelligence necessary to protect platforms, users, and the wider financial system.

Precedents outside of crypto

Examples abound where private investigation and security firms complement, and often lead, government efforts:

• Cybersecurity: Companies like Mandiant and CrowdStrike routinely attribute state-sponsored cyber intrusions before governments act.

• Financial Forensics: Private forensic accountants uncover fraud schemes (e.g., Wirecard, Enron’s preliminary red flags) that later become criminal cases.

• Corporate Intelligence: External auditors and compliance monitors detect misconduct that regulators later formalize in enforcement.

These precedents show that private actors can not only supplement but often outperform government bodies in the early detection of illicit activity. With the current US admin wanting to be a global leader in this industry, it is imperative that we have efficient guardrails and processes to protect consumers.

Recommendations for Treasury

1. Recognize blockchain transparency as the foundational innovation in detecting illicit digital finance.

2. Affirm the legitimacy of private investigative firms as critical stakeholders in AML/CFT alongside law enforcement and compliance vendors. Work to promote data sharing initiatives.

3. Safe-harbor insertion: Treasury could look to existing models when designing safe-harbor frameworks. For instance, standardized Data Sharing Agreements could be modeled on GDPR Article 28 (Data Processing Agreements) or the DHS Automated Indicator Sharing (AIS) program in cybersecurity, where private entities share threat intelligence with the government under defined protections. Applying this to digital assets would provide clarity, legal cover, and consistency across the industry.

4. Pilot program insertion: As a practical next step, Treasury could initiate a pilot program in which vetted private investigative firms partner with regulated exchanges and stablecoin issuers to test rapid data-sharing and fund-freeze protocols. Insights from this pilot could inform broader regulatory guidance while demonstrating the

efficiency gains of private-public cooperation.

5. Cost-effectiveness insertion: Importantly, these approaches reduce overall compliance costs. Instead of multiplying vendors and duplicating alerts, financial institutions could leverage the agility of private investigators to pursue high-priority cases, allowing government resources to focus on strategic enforcement rather than tactical tracing.

Clarification request to Treasury

We would welcome further clarification from the Treasury on how private investigative firms can formally participate in the digital asset investigative ecosystem, and whether the outline above would be a good starting point. If this is not the case, does the Treasury envisage a role for private actors beyond compliance vendors, and what regulatory safeguards would enable structured cooperation between investigative firms, exchanges, and financial institutions?

Conclusion

The U.S. has an opportunity to lead not only in developing digital financial technologies but also in creating an innovative investigative ecosystem. By breaking down barriers to private-public cooperation, Treasury can unlock the full potential of blockchain’s transparency to detect, deter, and disrupt illicit finance more effectively than ever before.

The Treasury now has the chance to set a global precedent. By embedding private-public cooperation into the U.S. digital asset framework, Treasury can turn blockchain’s transparency into a force multiplier for financial integrity. This is not simply about compliance efficiency; it is about ensuring the U.S. leads the world in creating an investigative ecosystem that is proactive, cost-effective, and resilient against illicit finance.