Blockchain Archives Blockchain

Jun 26 2025

The Bank Secrecy Act is failing everyone. It’s time to rethink financial surveillance.

The US is on the brink of enacting rules for digital assets, with growing bipartisan momentum to modernize our financial system. But amid all the talk about innovation and global competitiveness, one issue has been glaringly absent: financial privacy. As we build the digital infrastructure of the 21st century, we need to talk about not just what’s possible but what’s acceptable. That means confronting the expanding surveillance powers quietly embedded in our financial system, which today can track nearly every transaction without a warrant.

Many Americans may associate financial surveillance with authoritarian regimes. Yet because of a Nixon-era law called the Bank Secrecy Act (BSA) and the digitization of finance over the past half-century, financial privacy is under increasingly serious threat here at home. Most Americans don’t realize they live under an expansive surveillance regime that likely violates their constitutional rights. Every purchase, deposit, and transaction, from the smallest Venmo payment for a coffee to a large hospital bill, creates a data point in a system that watches you—even if you’ve done nothing wrong.

As a former federal prosecutor, I care deeply about giving law enforcement the tools it needs to keep us safe. But the status quo doesn’t make us safer. It creates a false sense of security while quietly and permanently eroding the constitutional rights of millions of Americans.

When Congress enacted the BSA in 1970, cash was king and organized crime was the target. The law created a scheme whereby, ever since, banks have been required to keep certain records on their customers and turn them over to law enforcement upon request. Unlike a search warrant, which must be issued by a judge or magistrate upon a showing of probable cause that a crime was committed and that specific evidence of that crime exists in the place to be searched, this power is exercised with no checks or balances. A prosecutor can “cut a subpoena”—demanding all your bank records for the past 10 years—with no judicial oversight or limitation on scope, and at no cost to the government. The burden falls entirely on the bank. In contrast, a proper search warrant must be narrowly tailored, with probable cause and judicial authorization.

In United States v. Miller (1976), the Supreme Court upheld the BSA, reasoning that citizens have no “legitimate expectation of privacy” about information shared with third parties, like banks. Thus began the third-party doctrine, enabling law enforcement to access financial records without a warrant. The BSA has been amended several times over the years (most notoriously in 2001 as a part of the Patriot Act), imposing an ever-growing list of recordkeeping obligations on an ever-growing list of financial institutions. Today, it is virtually inescapable for everyday Americans.

In the 1970s, when the BSA was enacted, banking and noncash payments were conducted predominantly through physical means: writing checks, visiting bank branches, and using passbooks. For cash transactions, the BSA required reporting of transactions over the kingly sum of $10,000, a figure that was not pegged to inflation and remains the same today. And given the nature of banking services and the technology available at the time, individuals conducted just a handful of noncash payments per month. Today, consumers make at least one payment or banking transaction a day, and just an estimated 16% of those are in cash.

Meanwhile, emerging technologies further expand the footprint of financial data. Add to this the massive pools of personal information already collected by technology platforms—location history, search activity, communications metadata—and you create a world where financial surveillance can be linked to virtually every aspect of your identity, movement, and behavior.

Nor does the BSA actually appear to be effective at achieving its aims. In fiscal year 2024, financial institutions filed about 4.7 million Suspicious Activity Reports (SARs) and over 20 million currency transaction reports. Instead of stopping major crime, the system floods law enforcement with low-value information, overwhelming agents and obscuring real threats. Mass surveillance often reduces effectiveness by drowning law enforcement in noise. But while it doesn’t stop hackers, the BSA creates a trove of permanent info on everyone.

Worse still, the incentives are misaligned and asymmetrical. To avoid liability, financial institutions are required to report anything remotely suspicious. If they fail to file a SAR, they risk serious penalties—even indictment. But they face no consequences for overreporting. The vast overcollection of data is the unsurprising result. These practices, developed under regulations, require clearer guardrails so that executive branch actors can more safely outsource surveillance duties to private institutions.

But courts have recognized that constitutional privacy must evolve alongside technology. In 2012, the Supreme Court ruled in United States v. Jones that attaching a GPS tracker to a vehicle for prolonged surveillance constituted a search restricted by the Fourth Amendment. Justice Sonia Sotomayor, in a notable concurrence, argued that the third-party doctrine was ill suited to an era when individuals “reveal a great deal of information about themselves to third parties” merely by participating in daily life.

This legal evolution continued in 2018, when the Supreme Court held in Carpenter v. United States that accessing historical cell-phone location records held by a third party required a warrant, recognizing that “seismic shifts in digital technology” necessitate stronger protections and warning that “the fact that such information is gathered by a third party does not make it any less deserving of Fourth Amendment protection.”

The logic of Carpenter applies directly to the mass of financial records being collected today. Just as tracking a person’s phone over time reveals the “whole of their physical movements,” tracking a person’s financial life exposes travel, daily patterns, medical treatments, political affiliations, and personal associations. In many ways, because of the velocity and digital nature of today’s digital payments, financial data is among the most personal and revealing data there is—and therefore deserves the highest level of constitutional protection.

Though Miller remains formally intact, the writing is on the wall: Indiscriminate financial surveillance such as what we have today is fundamentally at odds with the Fourth Amendment in the digital age.

Technological innovations over the past several decades have brought incredible convenience to economic life. Now our privacy standards must catch up. With Congress considering landmark legislation on digital assets, it’s an important moment to consider what kind of financial system we want—not just in terms of efficiency and access, but in terms of freedom. Rather than striking down the BSA in its entirety, policymakers should narrow its reach, particularly around the bulk collection and warrantless sharing of Americans’ financial data.

Financial surveillance shouldn’t be the price of participation in modern life. The systems we build now will shape what freedom looks like for the next century. It’s time to treat financial privacy like what it is: a cornerstone of democracy, and a right worth fighting for.

Katie Haun is the CEO and founder of Haun Ventures, a venture capital firm focused on frontier technologies. She is a former federal prosecutor who created the US Justice Department’s first cryptocurrency task force. She led investigations into the Mt. Gox hack and the corrupt agents on the Silk Road task force. She clerked for US Supreme Court Justice Anthony Kennedy and is an honors graduate of Stanford Law School.

Ecommerce MGMT 0 Comments

Feb 7 2024

Building innovation with blockchain

In 2015, JPMorgan Chase embarked on a journey to build a more secure and open wholesale banking. For chief technology officer at Onyx by J.P.Morgan, Suresh Shetty, investing in blockchain, a distributed ledger technology in its early days, was about ubiquity.

“We actually weighted ubiquity in terms of who can use the technology, who was trying to use the technology over technology superiority,” says Shetty. “Because eventually, our feeling was that the network effect, the community effect of ubiquity, actually overcomes any technology challenges that a person or a firm might have.”

Years later, JPMorgan Chase has Onyx, a blockchain-based platform to leverage innovations at scale and solve real-world banking challenges. Chief among them are global wholesale payment transactions. Much more complicated than moving money from point A to point B, Shetty says, wholesale transactions require multiple hops and fulfilling regulatory obligations.

Transferring money around the world requires several steps, including a credit check, sanctions check, and account validation. The process can lead to errors and hiccups. This is where blockchain comes in.

“Now, as you can imagine, because of the friction in this process and the multiple hops, it is a process that’s very prone to error. So this is one of the ideal use cases for a blockchain, where we try to take out that operational friction from any process.”

Although blockchain has the potential to cause major waves in financial services from securing transactions to ensuring smooth operations, sustainability remains a major consideration with any technology deployed at this scale. The shift from proof-of-work to proof-of-stake systems, says Shetty, reduces emissions and computing energy.

“The amount of energy that’s being used in a proof of stakes system goes down to 1% of the overall carbon impact of a proof of work system, so thereby, that shift alone was very important from a carbon emission perspective.”

This episode of Business Lab is produced in association with JPMorgan Chase.

Full Transcript

Laurel Ruma: From MIT Technology Review, I’m Laurel Ruma, and this is Business Lab, the show that helps business leaders make sense of new technologies coming out of the lab and into the marketplace.

Our topic today is blockchain. Technology has changed how money moves around the world, but the opportunity and value from distributed ledger technology is still in its early days. However, deploying on a large scale openly and securely should move it along quickly.

Two words for you: building innovation.

My guest is Suresh Shetty, who is the chief technology officer at Onyx by J.P.Morgan at JPMorgan Chase.

This podcast is produced in association with JPMorgan Chase.

Welcome, Suresh.

Suresh Shetty: Thank you so much, Laurel. Looking forward to the conversation.

Laurel: So to set the context of this conversation, JPMorgan Chase began investing in blockchain in 2015, which as we all know, in technology years is forever ago. Could you describe the current capabilities of blockchain and how it’s evolved over time at JPMorgan Chase?

Suresh: Absolutely. So when we began this journey, as you mentioned, in 2015, 2016, as any strategy and exploration of new technologies, we had to choose a path. And one of the interesting things is that when you’re looking at strategic views of five, 10 years into the future, inevitably, there needs to be some course correction. So what we did in JPMorgan Chase was we looked at a number of different lines of inquiry, and in each of these lines of inquiries, our focus was trying to be as inclusive as possible. So what we mean by that is that we actually weighted ubiquity in terms of who can use the technology, who was trying to use the technology over technology superiority. Because eventually, our feeling was that the network effect, the community effect of ubiquity, actually overcomes any technology challenges that a person or a firm might have.

Now, I think that a very relevant example is the Betamax-VHS example. It’s a bit dated but I think it really is important in this type of use case. So as many of you know, Betamax was a superior technology at the time and VHS was much more ubiquitous in the marketplace. And over time, what happened was that people gravitated, firms gravitated towards that ubiquity over the superiority of the technology that was in Betamax. And similarly, that was our feeling too in terms of blockchain in general and specifically the path that we took, which was in and around the Ethereum ecosystem. We felt that the Ethereum ecosystem had the largest developer community, and we thought over time, that was where we needed to focus in on.

So I think that that was our journey to date in terms of looking, and we continue to make those decisions in terms of collaboration, inclusiveness, as opposed to just purely looking at technology itself.

Laurel:And let’s really focus on those efforts. In 2020, the firm debuted Onyx by J.P.Morgan, which is a blockchain-based platform for wholesale payment transactions. Could you explain what wholesale payment transactions are and why they’re the basis of Onyx’s mission?

Suresh: Absolutely. Now, it was interesting. My background is that I came from the markets world and markets is really involved in front office trading, investment banking and so forth, and eventually, went over to the payments world. And if you juxtapose the two, it’s actually very interesting because initially, people feel that the market space is much more complicated, much more exciting than payments, and they feel that payments is a relatively straightforward exercise. You’re moving money from point A to point B.

What actually happens is actually, payments is much more complicated, especially from a transactional perspective. So what I mean by that is that if you look at markets, what happens is if you do a transaction, it flows through. If there’s an error, what you do is that you correct the initial transaction, cancel it, and put in a new transaction. So all you do is that there’s a series of cancel corrects, all of which are linked together by the previous transaction, so there’s a daisy chain of transactions which are relatively straightforward and easy to migrate upon.

But if you look at the payments world, what happens is that you have a transaction, it flows through. If there’s an error, you hold the transaction, you correct it, and then keep going. Now, if you think about it from a technology perspective, this is a lot more complicated because what you have to do is you have to keep in mind the state engine of the transactional flow, and you have to store it somewhere, and then you have to constantly make sure that as it flows to the next unit of work, it actually is not only referenced but it actually has the data and transactionality from the previous unit of work. So a lot more complicated.

Now, from a business perspective, what cross-border payments or wholesale payments involved is that, as I mentioned, you’re moving money from point A to point B. In an ideal fashion, and I’ll give you an example. Since I’m in India, in an ideal example, we would move money from JPMorgan Chase to State Bank of India, and the transaction is complete, and everybody is happy. And in between that transaction, we do things like a credit check to make sure that the money that is being sent, there’s money in the account of the sender. We need to make sure that the receiver of the account has a valid bank account, so you need to do that validation, so there’s a credit check. Then on top of that, you do a sanctions check. A sanctions check means that we are evaluating whether the money is being moved to a bad actor, and if it is, we stop the transaction and we inform the relevant parties. So it looks relatively straightforward in an idealized version.

Unfortunately, what happens is because of the fractured nature of banking across the world as well as regulatory obligations, what happens is that it’s never a single point to point movement. It involves multiple hops. So in that same example where I’m moving money from JPMorgan Chase to India, what usually happens is JPMorgan Chase sends it to, let’s say Standard Chartered in England. Standard Chartered then sends it to State Bank of India. State Bank of India then sends it to Bank of Baroda, and then Bank of Baroda eventually sends it to my bank, which is Vijaya Bank in India.

In each of those steps or hops, a credit check happens, a sanctions check happens, and the money moves forward. Also, there’s an account validation step that also happens to make sure that the payment transactional flow is correct, as well as the detail in the payment messages are correct as well. Now, as you can imagine, because of the friction in this process and the multiple hops, it is a process that’s very prone to error. So this is one of the ideal use cases for a blockchain, where we try to take out that operational friction from any process.

Laurel: That’s a really good illustrative example since one of the benefits of being a global firm is that JPMorgan Chase can operate at this massive scale. So what are some of the benefits and challenges that blockchain technology presents to the firm? I think you kind of alluded to some there.

Suresh: Absolutely, and it’s interesting, people sometimes conflate the technology innovation in the blockchain with a moonshot. Now, what’s interesting is that blockchain itself is based on very sound computing principles that have been around for a very long time, which are actually based on distributed computing. So at the heart of blockchain, it is a distributed computing system or platform. Now, all the challenges that you would have in a distributed computing platform, you would have within blockchain. Now this is further heightened by the fact that you have multiple nodes on the network. Each of those nodes has a copy of the data as well as the business logic. So one of the real challenges that we have is around latency in the network. So the number of nodes is directly correlated to the amount of latency that you have in the network, and that’s something that in a financial transaction, we have to be very cognizant about.

Secondarily is that there is an enormous amount of existing assets that are already in place from a code perspective within the enterprise. So the question is do we need to rewrite the entire code base in the languages that are supported by the various blockchains? So in Ethereum, do we need to rewrite all of this in Solidity, or can we somehow leverage the language or the code base that’s already been created? Now in our experience, we’ve had to actually do quite an extensive analysis on what needs to be on chain as opposed to what needs to be off chain. The off chain code base is something that we need to be able to leverage as we go forward because the business feels comfortable about that, and the question is why would we need to rewrite that? And the stuff that’s on the chain itself, that needs to be something that we really feel is important to be able to be distributed to the various nodes in the network itself. So I think that that’s some of the challenges that we’ve had in the blockchain space.

Now, in terms of benefits, I think that at the end of the day, we want to be able to have a cryptographically secure, auditable transactional record. And I think that there are many use cases within banking, especially those that are really within the sweet spot of the blockchain, such as those that require a lot of reconciliation. There are multiple actors, and in a distributed platform, regardless of whether it’s in blockchain or not.

Laurel: And cybersecurity is definitely one of those areas where blockchain can help, for example, transactions, improve transparency, et cetera. But how can organizations ensure safe and robust blockchain transactions and networks?

Suresh: Fantastic question. It’s interesting, that JPMorgan Chase is a private permission network. Now what does that mean? That means that every actor within our blockchain network is actually known to us. Now, it’s also interesting that hand in hand with that security aspect is the operational considerations of actually running a network. So we would need to be able to not only ensure security across the network, but we need to also ensure that we have transactional flow that meet the service level agreements between the various actors. Now, in a centralized private permission network, which is what Onyx is, is that JPMorgan Chase has taken the onus in terms of running the network itself.

Now, people want to be able to say that they want to run their own nodes and they want to be able to ensure their own security, which is great if it’s unique and singular to themselves, but when you’re participating in a network, the weakest link in the chain actually becomes your greatest challenge. So all of the actors or all the nodes that are participating in our network would have to meet the same security and operational considerations that everyone else has. So when we pose that question to the participants in our network and say, “Listen, you have an opportunity to run your own node or you can have us do it for you,” most of them, 95% of them, want us to run their nodes for them. So I think that that’s one of the big challenges or one of the big aspects of a private permission network as opposed to a public network.

Now, we’re increasingly seeing that there needs to be some integration across private permission networks and public networks. And again, when we have to integrate between these, we again run into classical problems or classical challenges, I should say, with the interconnected distributed platforms. But I think that this goes directly to the level of scale that we need to be at, especially within JPMorgan Chase, in order to be successful.

Laurel: So there’s also the challenge of keeping up with emerging technologies. What are some of the emerging or advanced technologies that have enabled blockchain innovations? And this is clearly important to Onyx since it created a blockchain launch to focus on developing and commercializing those new applications and networks.

Suresh: Absolutely. So within Onyx, we have three main lines of businesses and then we have Blockchain Launch, which looks at the hill beyond the hill in terms of evaluating new technologies. And we’ve done everything from looking at zero-knowledge proofs to trying to beam payments through a satellite back down to Earth and all of those types of things to create business value for our clients.

So I would say that the two most exciting things, or there’s a third one which I think there’s a topic that we’ll broach later, but the two most exciting topics that we’ve talked about so far and we’re very excited about is around zero-knowledge proofs as well as artificial intelligence and machine learning. If you think about the network that we have right now within JPMorgan Chase for Onyx, the various participants within the network will eventually start to create enough data through the network effect that it might be very interesting to see what other data enrichment, data mining type use cases can come out of that, and we are only going to see an uptick in that as you start to expand the network and we start to get more scale as we add more use cases onto the Onyx network.

Laurel: And so while we’re on that topic of emerging technologies, how does quantum computing and blockchain, how do those two technologies work together?

Suresh: So the quantum computing piece and the blockchain piece are very collaborative and very symbiotic in nature. Now, if you think about the idea of utilizing quantum mechanics, it’s been around since the mid 1970s when it was first proposed that there was an algorithm that we can with very large numbers that can be factored using a theoretical quantum computing. It was pretty much in the background, and then suddenly in October 2019, Google announced that it achieved quantum supremacy by solving a problem in 200 seconds that would’ve taken thousands of years to be able to solve.

And although that specific use case was sort of not specific to a business use case, the impact of that is very far-reaching because all of a sudden, it demonstrated that you could use quantum computing to actually create a mechanism that would impact pretty much every cryptographically secure transactional flow.

So as we are looking through this, some of the things that we looked at in quantum computing was around looking at the quantum key distribution, looking at cryptographically secure vaulting, distributed identity. All of these we believe are key to the future of blockchain and actually impact even things as mundane as the topic that we spoke about before, which is around the cross-border transactional flow as well.

Laurel: So while blockchain certainly seems to have the potential to shift the financial services industry, the need to focus on sustainability goals and follow regulations are also a major consideration. So how can innovations in blockchain be balanced with mitigating its emissions and environmental impact?

Suresh: This is a question that we’ve been asked many times by our businesses in terms of how environmentally conscious are we? I would say that one of the big advances recently, especially within the Ethereum space, was the shift from proof to work to proof of stake.

Now in proof-of-work systems, miners compete with one another to see who can problem solve the fastest in exchange for crypto rewards, and because of this, the proof-of-work systems take up a large amount of energy. Juxtaposing this is the proof-of-stake systems which rely on market incentives and validators, and in exchange for the right to add blocks, they remove the competition from the system. Now, because of this, the amount of energy that’s being used in a proof-of-stakes system goes down to 1% of the overall carbon impact of a proof-of-work system, so thereby, that shift alone was very important from a carbon emission perspective.

Secondarily, within the Onyx system itself, we’ve shifted to a situation where we have set our gas fees to zero and the only compute is minimalistic in terms of just computing the business logic itself. And also, we’re using the BFT class of algorithms as well as RafT. Both are not compute intensive, aside from the business logic itself.

Laurel: Thank you, Suresh. You’ve certainly given us a lot to think about. So looking to the future, what are some trends in technology that you’re excited about in the next three to five years?

Suresh: So I think that we mentioned some of the topics before around quantum computing, artificial intelligence, machine learning. All of those I think are very important to us. Now, I would also say that the three to five year time horizon is probably too long. I think that when we speak in investment banking, we speak about an 18- to 24-month time horizon. We think that that’s probably a similar time horizon that we’re seeing in the blockchain space itself. So as we evolve, I think that the really interesting aspect of this is going to be where social networks and business networks overlap and how they organically evolve to support each other as we go forward, and how the payment space itself evolves in order to take advantage of this.

Laurel: Excellent. Thank you so much for joining us today on the Business Lab, Suresh.

Suresh: Fantastic. Thank you so much, Laurel.

Laurel: That was Suresh Shetty, who is the chief technology officer at Onyx by J.P.Morgan, who I spoke with from Cambridge, Massachusetts, the home of MIT and MIT Technology Review.

That’s it for this episode of Business Lab. I’m your host, Laurel Ruma. I’m the global director of Insights, the custom publishing division of MIT Technology Review. We were founded in 1899 at the Massachusetts Institute of Technology, and you can find us in print, on the web, and at events each year around the world. For more information about us and the show, please check out our website at technologyreview.com.

This show is available wherever you get your podcasts. If you enjoyed this episode, we hope you’ll take a moment to rate and review us. Business Lab is a production of MIT Technology Review. This episode was produced by Giro Studios. Thanks for listening.

This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by MIT Technology Review’s editorial staff.

This podcast is for informational purposes only and it is not intended as legal, tax, financial, investment, accounting or regulatory advice. Opinions expressed herein are the personal views of the individual(s) and do not represent the views of JPMorgan Chase & Co. The accuracy of any statements, linked resources, reported findings or quotations are not the responsibility of JPMorgan Chase & Co.

Ecommerce MGMT 0 Comments