Voima Weekly #20 – Financial Privacy: Cash, Banks, Bitcoin and Gold

From Voima’s own archive.

Money matters are generally seen as highly private. But what does financial privacy actually mean? It is an easy word to use, yet surprisingly difficult to define. Most people believe they understand it, even though the concept sits at the intersection of technology, legislation, regulation, culture and personal expectations. What counts as private, who is allowed to see what, and how much visibility can be justified have all changed rapidly over the past decade.

In practice, financial privacy today is not a single principle but a collection of various cross-border norms and obligations. Some information is strictly protected by law, some is visible only to designated institutions, and certain systems create transparency simply because of how they are designed. The purpose of this Weekly is to clarify that landscape: how does financial privacy actually work in the modern world? This article does not cover central bank digital currencies, as their implications for privacy and everyday use deserve a separate and dedicated examination.

When you pay with cash, the transaction is effectively invisible to everyone else. If I give my son ten euros for cleaning the office, the transfer of value exists only between the two of us. If I instead send the same amount to his bank account, a digital record is created. In practice, only I, my son (assuming he has access to his account), and the bank’s systems would see it. Banks do not manually review individual transfers; they are simply logged as part of the automated payments infrastructure.

Banks are bound by banking secrecy: they may not disclose account information to anyone without the customer’s explicit consent. There are only a few exceptions, all defined by law: police during a criminal investigation, the tax authority, the financial intelligence unit, customs, and court orders. In addition, the EU’s FATCA/CRS frameworks can require automatic information exchange with foreign tax authorities¹, but these reports do not include individual purchases or payment transactions—only the account balance and certain income details.

But if I give my son one gram of gold, the event is as private as cash: the transfer happens between two people without leaving a digital trace. I can also do it through a gold account.² Gold accounts are not bank accounts, nor are they public blockchains. Information can be disclosed only to authorities defined by law (such as the financial intelligence unit, the police during an investigation, or the tax authority during an audit), or with the customer’s explicit consent. There is no open, automatic or global information exchange. A gold account is a closed system in which transfers are not visible to outsiders and do not create a permanent, public history. Transactions are recorded only in the provider’s internal ledger, and no external party can access them without a legal basis. This means that the data footprint of a gold account is typically narrower and less widely distributed than that of a bank account, even though both are subject to statutory disclosure obligations in certain situations.

If I transfer value to my son’s Bitcoin wallet, the transaction is, in theory, only between the two of us. In practice, the situation is different: Bitcoin transactions are public and permanent, and most users acquire their coins through centralized exchanges, where wallet addresses can be linked to personal information. A single event that reveals an address may be enough for later transactions to be recognized as part of the same visible history.

The open ledger increases transparency but also introduces its own constraints: anyone can send funds to another person’s address, and the recipient cannot block or filter the transaction. This creates a new on-chain link that remains permanently visible. The public data structure also enables the aggregation of transaction patterns and networks, meaning that beyond individual payments, broader connections and behavioural traces can be observed – effectively forming a transaction-based “social graph”.³ From 2026 onward, crypto service providers will move under the CARF reporting framework⁴, bringing crypto assets into the same kind of automatic information-exchange system as bank accounts – while the open ledger adds an entirely separate layer of visibility on top.

Bitcoin and other cryptocurrencies have received significant attention in recent years, and they are often associated with anonymity and the idea of a “freedom money” operating outside the reach of the state. In reality, Bitcoin is likely one of the most transparent financial systems ever built: every transaction, address and technical mistake is permanently recorded on a public ledger, and sufficient KYC and analytics data can produce a detailed transactional profile of a user. A single event that reveals an address may be enough for later transactions to be recognised as part of the same visible history, and widespread adoption of Bitcoin would, in theory, create a system in which the movement of assets is traceable over the entire lifespan of the chain.

Various privacy-enhancing tools and practices have been developed around the ecosystem, and they can in practice obscure visibility to some extent ⁵ However, they do not alter the nature of the base layer: Bitcoin’s ledger is open, public and permanent, and all transaction data remains there regardless of what privacy measures a user employs.

Physical gold and cash are, in this respect, opposites: they contain no metadata, history or addresses, and the visibility of gold-account systems is limited to the provider’s internal records with no global reporting layers. Bank accounts, by contrast, generate a digital record, but its visibility is restricted: the data remains within the bank and can be accessed only through legally mandated requests from authorities or through automatic reporting frameworks. Bitcoin provides the technical freedom to own and transfer value independently, yet the same openness also makes it a potential surveillance infrastructure. Gold does not record your history; Bitcoin does.

The following and final section is an optional side path: a brief reflection on the ideas that originally shaped “Western” notions of privacy. Its purpose is to show that the balance between privacy and transparency is not only a technical choice, but also a question of where we draw the line between an individual’s personal life and institutional visibility.

Although financial privacy can be examined in terms of technical structures and regulatory layers, there is also a deeper cultural question behind it: why do we assume that a person should have anything at all that does not belong in the realm of public scrutiny? Part of this assumption traces back to the fact that many foundational ideas in Western legal systems – such as the inviolability of the home, freedom of conscience, protection of reputation, and the distinction between private and public spheres of life – arose in large part from Jewish-Christian writings and their moral understanding of the individual.⁶

On this basis, privacy is not merely a legal or technical matter. It rests on the belief that God sees everything, while a person is entitled to a protected sphere that others are not meant to monitor or control. The writings draw a recurring boundary between what belongs to public life and what belongs to the “inner room” of the person – the heart, the conscience, the private space of prayer and generosity, and one’s personal moral struggles (Matt. 6:1–6).⁷ Shame and vulnerability are to be covered, not exposed, because institutions are not intended to claim complete visibility into another person’s life.⁸

From this perspective, any system that strives for complete transparency over everyone’s behaviour is not neutral; it resembles an institution stepping into a role that, in this faith tradition, belongs in reality to God alone.

Therefore, financial privacy is not only a technical issue but ultimately a question of what level of visibility we choose to create between people, and what boundaries we draw around the powers of institutions. The aim here is not to prescribe the right answer, but to clarify the layers from which privacy in finance is formed – and what today’s systems actually record, reveal, or leave unseen.

–Marko Viinikka
Founder, CEO
Voima Gold Oy

¹ FATCA (Foreign Account Tax Compliance Act) is U.S. legislation that requires foreign banks and financial institutions to report the account details of U.S. citizens and tax residents directly or indirectly to the U.S. tax authorities. The reporting includes account balances and certain types of income, but not individual payment transactions. Finland and all EU member states participate in the FATCA agreement, meaning the reporting occurs automatically.

CRS (Common Reporting Standard) is a global information-exchange framework developed by the OECD, under which roughly 100 countries share data on financial accounts held abroad by each other’s tax residents. CRS reporting covers the account holder’s identifying information, the year-end balance, and certain types of income (such as interest and dividends), but not individual transactions or day-to-day account activity. The reporting is done automatically each year without separate requests.

² At Voima G, the transfer of physical gold is entirely a private exchange between two parties with no digital trace. Transfers between gold accounts are not yet generally available, with a few exceptions, but the feature is under development and is intended to enable a similarly contained transfer of value based on the provider’s internal ledger.

³ A public blockchain does not simply display individual transactions; over time it forms an entire network: who transfers to whom, at what moment, in what amounts, and through which intermediate addresses. When these transactions are combined with exchange KYC information, IP leaks or other external data sources, the transaction history can easily produce a behavioural pattern—or a kind of social graph. From this, one can infer, for example, which services a user interacts with, which addresses tend to move in proximity to one another, and what kinds of rhythms or recurring connections appear in the network.

This graph does not necessarily reveal identities directly, but it does expose the structure: hubs, connections and repeated pathways. For that reason, blockchain analytics is increasingly used in criminal investigations, anti–money laundering monitoring and commercial risk analysis—not only to trace individual payments, but to understand entire transaction networks.

⁴ Crypto-Asset Reporting Framework (CARF): Crypto exchanges and service providers in roughly 70 countries will begin automatically reporting information on Finnish users to the Tax Administration. The reporting covers purchases, sales, crypto-to-crypto exchanges and transfers between service providers. CRS reporting for bank accounts primarily shows what you own and what income those assets generated. CARF goes further: it shows what you have done in crypto. The information moves automatically between states without separate requests or investigations.

⁵ A range of privacy tools has been built around Bitcoin—such as multiple wallets, CoinJoin mixing, the Lightning Network and others—aimed at obscuring one’s transaction history and making chain analysis less certain. These can meaningfully improve practical privacy and reduce traceability, but they always operate on top of a transparent base layer: past transactions remain public, and new on-chain links can still be created outside your control. For that reason, these tools tend to blur visibility rather than eliminate it entirely. The open ledger remains in place, even if a particular user’s identity becomes harder to infer.

⁶ The Ten Commandments and the Mosaic law contain an early conception of privacy and the boundaries of personal life. The commandments “you shall not steal” (Ex. 20:15) and “you shall not covet your neighbour’s property” (Ex. 20:17) clearly assume that a person has a protected sphere of property and family life into which others should not intrude or which they must not misuse. The commandment “you shall not bear false witness” (Ex. 20:16) safeguards a person’s reputation and prevents the distortion or public exposure of private matters. Together, these principles form an early framework for the idea that individuals have areas of life to which others are not entitled full visibility or authority.

⁷ Matthew 6:1–6 (KJV): (1) Take heed that ye do not your alms before men, to be seen of them: otherwise ye have no reward of your Father which is in heaven. (2) Therefore when thou doest thine alms, do not sound a trumpet before thee, as the hypocrites do in the synagogues and in the streets, that they may have glory of men. Verily I say unto you, They have their reward (3) But when thou doest alms, let not thy left hand know what thy right hand doeth: (4) That thine alms may be in secret: and thy Father which seeth in secret himself shall reward thee openly. (5) And when thou prayest, thou shalt not be as the hypocrites: for they love to pray standing in the synagogues and in the corners of the streets, that they may be seen of men. Verily I say unto you, They have their reward. (6) But thou, when thou prayest, enter into thy closet, and when thou hast shut thy door, pray to thy Father which is in secret; and thy Father which seeth in secret shall reward thee openly.

⁸ Genesis 9:20–23 (KJV): (20) And Noah began to be an husbandman, and he planted a vineyard: (21) And he drank of the wine, and was drunken; and he was uncovered within his tent. (22) And Ham, the father of Canaan, saw the nakedness of his father, and told his two brethren without. (23) And Shem and Japheth took a garment, and laid it upon both their shoulders, and went backward, and covered the nakedness of their father; and their faces were backward, and they saw not their father's nakedness.

Disclaimer: Voima Weeklies are the personal writings of the undersigned. They do not necessarily represent the official view of Voima Gold Oy or any other company, nor do they constitute investment advice or a recommendation to purchase securities.