Asset Tokenization in Financial Markets 2025

Contents40 4.5 Privacy and compliance Fragmented identity verification limits the growth of tokenized financial products. Standardized KYC is estimated to improve onboarding efficiency by up to 90% in fund management.101 On-chain identities offer potential but raise privacy concerns. Privacy is the capacity for individuals or organizations to dictate how and when their data is shared and is based on the principle of individuals controlling the degree to which they selectively express themselves digitally, including identifiers such as age, accredited investor status and nationality.102 On-chain identities can range from fully identifiable to pseudonymous and anonymous. However, fully anonymous identities conflict with Financial Action Task Force (FATF) guidelines, which require due diligence for every financial customer and prohibit untraceable accounts.103 Privacy-enhancing technologies (PETs) such as zero-knowledge proofs and fully homomorphic encryption protect sensitive data while enabling compliance. For example, PETs, including pseudonymization and zero- knowledge proofs, are being explored by the BIS under Project Aurum 2.0 to advance retail CBDCs.104 Although anonymity provides better privacy safeguards in theory, it poses risks to KYC and AML compliance as it could allow bad actors to obfuscate on-chain illicit activities, which amounted to nearly $25 billion in 2021.105 Customer and transaction identification is essential for complying with KYC, AML, sanctions and the Travel Rule, making anonymous transactions unsuitable for regulated markets.106 To address this, token standards such as ERC-3643 and ERC-5564 are emerging. ERC-3643 enables compliant transfers based on on-chain identity, while ERC-5564 supports privacy through stealth addresses and dynamic address generation.107 Tokeny’s DINO protocol uses ERC-3643 to facilitate compliant DvD transfers across platforms, executing only when both parties are KYC-verified.108 On-chain identity enforcement often follows allow- or deny-list models. Allow-lists enhance security but limit inclusivity, while deny-lists are more open but require constant monitoring to mitigate risks from malicious actors. Achieving privacy on-chain is not without its hurdles and trade-offs. While unlikely, storing personal data on-chain raises concerns about regulations such as the General Data Protection Regulation (GDPR)’s “right to be forgotten”.109 Because public networks have mixer and tumbler decentralized applications that can hide the trail of who sent and received crypto (by blending or shuffling transactions), users can mostly stay anonymous – even though wallet addresses are partly visible. Another hurdle is quantum-safe PETs, as not all PETs are protected against quantum attacks, which can break encryptions and leak sensitive data. Additionally, compliance with the FATF’s Travel Rule is heightened when handling tokenized asset transactions, and the number of jurisdictions requiring compliance in the form of tracking originator and beneficiary data in an on-chain setting is growing.110Barriers to adoption TABLE 4 Advantages and trade-offs of allow- and deny-list models MODEL Allow listing Deny listing— Tighter security and control — Simplified compliance checks — Clear accountability and audit trails— Reduced privacy and anonymity (must disclose information) — High maintenance overhead — Excludes unlisted (possibly legitimate) users — Reactive approach (must constantly update list) — Bad actors can create new identities — Potential for false positives or censorship— More open and inclusive — Less friction for onboarding — Default user privacy preservedADVANTAGES TRADE-OFFS