What is KYC? How crypto exchanges prevent money laundering
by Arthur · October 18, 2022
If you’ve ever used one cryptocurrency exchange or bought one NFT, it is likely that you have had to perform a Know Your Customer (KYC) check to verify your identity. KYC checks are a key part of the global financial system’s infrastructure, enabling cryptocurrency businesses to remain compliant with anti-money laundering (AML) regulations.
For states and regulators, KYC requirements are an important tool to prevent crypto from being used for crimes such as human trafficking, money laundering and terrorist financing.
For many cryptocurrency advocates, however, the idea of centralized entities overseeing crypto transactions goes against the fundamental principles of the space.
One thing is clear: KYC and AML policies are a part of the global financial system that is not going away anytime soon, and cryptocurrency exchanges are no exception.
What are KYC and AML and why do they exist?
Know-your-customer (KYC) procedures identify and verify that a customer is who they say they are. It is a multi-step process designed to prevent fraudulent account creation and use.
KYC aims to understand the nature of customers’ activities, qualify that their source of funds is legitimate, and assess the money laundering risks associated with them.
Know-your-customer policies in the US were first introduced in the 1990s to combat money laundering. KYC can vary from requiring name and email address, even address and photo identification.
Proponents of KYC policies emphasize the need to protect consumers from identity theft and combat money laundering and fraud.
Anti-money laundering (AML) policies are much older, dating back to the Bank Secrecy Act of 1970. AML policies are designed to deter and prevent criminals from using the services of a bank or exchange to launder money or cryptocurrency.
When the US Treasury Department added the Tornado Cash coin mixing service to its sanctions list in August 2022, the agency cited its use in money laundering and cybercrime.
The Bank Secrecy Act requires businesses to keep records and file reports that law enforcement agencies can use to identify, detect and prosecute money laundering by criminal organizations, terrorists and individuals seeking to avoid paying taxes.
Did you know?
Know-your-customer policies in the US became mandatory under the USA Patriot Act of 2001. In October 2002, the Treasury Department finalized regulations making KYC mandatory for all US banks.
KYC and cryptocurrency
Cryptocurrency exchanges are a significant part of the crypto ecosystem. Like a bank or stock exchange, but not fully regulated yet, like US-based exchanges Coin baseBinance.US, Gemini and Kraken use “Identity Verification” to comply with KYC regulations.
“As a regulated financial services company, Coinbase is required to identify the users of our platform. Under the Coinbase Terms of Service, we require all customers to verify their identity in order to continue using our service,” the exchange’s website said.
Any customer registering for a US exchange must provide basic information to get started. This information is usually name, email address and date of birth. To make full use of the exchange—for example, to buy, sell, or trade more than a token amount of cryptocurrency—a customer must provide additional information, including government-issued identification and a facial scan.
While the goals of KYC and AML may be to protect consumers and the financial system, many privacy and crypto advocates view know-your-customer (KYC) policies as an invasion of privacy that creates honeypots for cybercriminals and identity thieves.
Another problem is when a crypto company files for bankruptcy protection and its documents become public as court records.
When crypto lending platform Celsius filed for Chapter 11 bankruptcy on July 11, 2022, user and account information was provided to bankruptcy court officials. When this data was made public, it became possible to link individuals’ identities to their activity on the chain, and by extension, to every transaction they had made on the blockchain. One site, “Celsius Networth,” even allowed visitors to type their names into a search bar and see where they ranked on a “leaderboard” of the biggest losers from the Celsius debacle.
KYC and Web3
For many, the threat of doxxing, the disclosure of a person’s identity and location, is a genuine concern. Some have proposed a newer, more Web3-friendly version of KYC built around reputation combined with a limited identity verification process.
Launched in 2015, San Francisco-based Civic has made web identity its focus for Web3, offering enterprise and consumer solutions.
“Uniqueness verification is part of the suite of products we have for businesses, which is called Civic Pass,” JP Bedoya, chief product officer at Civic, told Decrypt.
Along with Civic Pass, the company has also released Civic.me, a platform that allows users to manage their online identity, NFTs, wallet addresses and reputation from one place on the blockchain.
Other projects looking to provide Web3 KYC services include Polygon with Polygon ID, Astra Protocol and Parallel Markets, each of which aims to provide a seamless customer identification and compliance process.
KYC remains a touchy subject, especially in an industry built on the fundamental principles of privacy and unauthorized transactions. But with governments increasingly taking an interest in crypto and Web3 activity, and the legacy financial system becoming increasingly integrated with the crypto space; KYC is here to stay. At least developers can make it as painless as possible.
