Tokenized deposits are reshaping how banks move money, but they've created an uncomfortable paradox. McKinsey estimates that tokenized deposit infrastructure already facilitates more than $4 trillion in annual transfers, far exceeding stablecoin payments. Yet the bigger challenge isn't speed or programmability; it's solving a problem that crypto-native assets never had to face: how to be simultaneously private and compliant.

Unlike most blockchain assets, tokenized deposits sit at the intersection of two worlds. They're regulated financial instruments subject to strict banking rules, yet they live on distributed ledgers where transparency is the default. Banks need visibility for auditors and regulators, but customers won't adopt a system that broadcasts their payroll, supplier payments, or merger activity to competitors.

What Compliance Rules Actually Apply to Tokenized Deposits?

Tokenized deposits follow the same regulatory framework as traditional bank deposits because the underlying asset class doesn't change. This means banks must implement a comprehensive compliance infrastructure covering multiple dimensions.

• Customer Verification: Know Your Customer (KYC) rules require banks to legally verify identity, date of birth, address, and legal status for every account holder, whether individual or corporate.
• Ongoing Monitoring: Customer Due Diligence (CDD) mandates continuous monitoring of deposit sources, with Enhanced Due Diligence (EDD) required for high-net-worth individuals, politicians, and cross-border companies.
• Transaction Screening: Automated systems must scan all inbound and outbound movements for anomalies, triggering mandatory Suspicious Activity Reports (SARs) to financial intelligence units like FinCEN in the US when unusual activity occurs.
• Sanctions Compliance: Every transaction must be screened against US OFAC and UN blacklists to prevent tokens from moving to or from restricted people or countries.
• Cross-Border Rules: The FATF Travel Rule requires originating banks to securely transmit customer identity data, account numbers, and addresses alongside electronic fund transfers to receiving banks.

Simultaneously, banks must protect customer confidentiality under data privacy regulations like GDPR, GLBA, and CCPA. This creates the core tension: regulators need visibility to prevent money laundering and terrorism financing, but privacy laws prohibit exposing customer financial information through block explorers, APIs, or shared node access.

Why Are Banks Rejecting Standard Public Blockchains?

The mismatch between blockchain design and banking design creates four critical problems that threaten institutional adoption.

First, public blockchains expose wallet balances and transaction histories by default, triggering immediate compliance failures and potential multi-million dollar fines under privacy laws. Second, corporations refuse to use payment systems that broadcast their financial movements; competitors could monitor payroll, supplier payments, and strategic transactions in real time, permanently capping adoption at retail levels. Third, visible capital flows enable front-running and arbitrage attacks that destroy trust in the ecosystem. Fourth, regulators will veto any completely anonymous system incapable of fulfilling anti-money laundering (AML) or counter-terrorism financing (CTF) obligations.

Permissioned blockchains solve part of the problem by restricting who can join and limiting validators, but permission doesn't automatically mean privacy. A validator may still see too much sensitive data, and that creates interoperability challenges when banks need to exchange tokens across different networks.

How Are Banks Building Privacy-Compliant Infrastructure?

Banks are pursuing two main architectural approaches, and many will likely need both.

The first model involves choosing an institutional chain architecture designed specifically for regulated finance. Networks like Canton, Rayls, Midnight, Hyli, and Provenance are emerging as alternatives to public blockchains. Canton positions itself as a privacy-enabled, interoperable network for institutional applications and tokenized assets. Rayls focuses on blockchain infrastructure for banks, real-world assets (RWAs), central bank digital currencies (CBDCs), cross-border payments, and regulated liquidity. Midnight emphasizes privacy-preserving applications using selective disclosure and zero-knowledge proofs, a cryptographic technique that proves information is valid without revealing the underlying data. Hyli describes itself as a privacy layer for private and compliant financial applications.

The second model involves adding a modular privacy layer that sits between the banking application and the blockchain layer, allowing banks to maintain control over data visibility while still leveraging blockchain infrastructure.

The key insight from institutional finance experts is that technical interoperability matters as much as privacy. According to research from Oliver Wyman and Onyx by J.P. Morgan, achieving economic fungibility among deposit tokens requires sufficient technical interoperability to enable actual exchange between different forms of money. Interoperability will most likely occur first between a bank's deposit tokens and its non-tokenized deposits, as banks naturally integrate redemption processes with core banking systems. The challenges become most pronounced when exchanging tokens issued by different banks or redeeming tokens from a bank that isn't the original issuer.

This architectural shift reflects a fundamental recognition: data privacy, data localization, interoperability, and asset leakage are key challenges for corporate blockchain adoption, and they require purpose-built solutions rather than retrofitting public infrastructure.

The tokenized deposit market is still in early stages, but the infrastructure choices banks make now will determine whether blockchain becomes a core payment rail for institutional finance or remains a niche technology. The winners will be networks and privacy layers that solve the compliance paradox without sacrificing the efficiency gains that make tokenization attractive in the first place.