Subscribe to industry newsletters

KYC compliance catches up with crypto

Know your customer (KYC) procedures are still a work-in-progress in the cryptocurrency industry. But businesses in this space, though still largely unregulated, need to comply with anti-money laundering (AML) legislation or risk facing punitive measures.
James George, compliance manager, Compli-Serve SA.
James George, compliance manager, Compli-Serve SA.

KYC in crypto: Playing opposites


Probably the biggest difference between crypto exchanges and traditional financial institutions is that KYC is usually applied after, a user is signed up on crypto exchanges, instead of before or upfront on the traditional side.

CipherTrace, a blockchain analytics company reported that a third of the top 120 exchanges have weak KYC verification systems, while two out of three exchanges lack strong KYC programmes. This is especially problematic when considering the Financial Action Task Force (FATF) recommendation 16 requirement - that virtual asset service providers (VASPs) like exchanges, collect and share beneficiary and recipient transaction data with each other when a transaction exceeds $1,000.

A closer look at KYC processes


Most crypto exchanges allow users to register an account without conducting a full KYC onboarding process. Most exchanges use a tiered level-system to determine when a user must provide more information, which is usually in order to add or withdraw a bigger amount of cryptocurrency.

Often for users with small portfolios, no KYC is needed, which can lead criminals to spreading their assets over hundreds of individual accounts. In recent times, exchanges are beginning to employ at least some type of KYC protocol.

KYC efforts generally fall into one of three categories. No KYC is when an exchange allows a new user to open an account without any checks, but also limited functionality, for example, not allowing withdrawals. Basic KYC requires an uploaded ID document and photo, with a small fixed deposit and withdrawal limit, while Full KYC is for users who want to deposit, withdraw and transfer large sums of crypto.

Why does KYC/AML compliance count?


Financial businesses can mitigate risk, improve the security of their systems, protect their integrity and keep bad actors off their books, which also keeps regulators happy. All of this counts towards greater trust and reassurance for customers.

Used effectively, KYC can help financial institutions replace obsolete verification systems, assist with some services like screening and registering new users, and can ensure that high-profile transactions are fully compliant.

Keeping up with KYC – trends to watch


Technological features that increase anonymity like peer-to-peer exchange websites or anonymity-enhanced cryptocurrencies should be avoided. Geographical risks exist when week or absent national security measures for virtual assets exist too. When transaction patters are irregular or strange, criminal activity may be at play. Unusual transaction size can be an indication of fraud, for example.

KYC to KYT


Correct KYC implementation may assist the regulatory efforts around cryptocurrency but it’s not enough just yet. Soon to come, know your transaction (KYT) sets out to investigate origins of funds, suspicious transfers and tying these to real identities.

A standardised identification protocol is still needed to facilitate compliance throughout all exchanges, but KYT should help discourage criminals from using VASPs and will separate the reputable exchanges from the ones who are less so.

KYC processes meanwhile should be more automated and standardised to relieve administrative pressure, which also simplifies and makes for a more user-friendly process. Businesses carrying out certain crypto-asset activities must register with the FIC and comply with the relevant AML regulations.

While trade-offs will have to be made, an improved KYC regime makes way for a stronger foundation and future for compliant virtual assets.

About the author

James George is the compliance manager at Compli-Serve SA.

Let's do Biz