AML KYC in Crypto

KYC and AML in Crypto

From Bitcoin to Dogecoin to Ethereum, cryptocurrencies are exploding in popularity. There are literally thousands of different cryptocurrencies out there and, so far, they have been largely unregulated. The wild west of blockchain sourced currency with its own value independent of government involvement is enticing to many different crowds from the personal liberties-concerned to those worried about the falling (and arbitrary) value of the dollar. And since we’re not likely to see a return to a gold standard anytime soon, crypto is only going to continue to increase in value and popularity. Additionally, it allows individuals to make exchanges amongst themselves more simply and without the middlemen such as Amazon, Uber, or Airbnb. 

However, along with those who have legitimate reasons to use crypto, there are also those who wish to use it to engage in criminal activity with money that will leave almost no paper trail. Cryptocurrency transactions are anonymous, they are not monitored (in large part) by governments, and the servers that run them are completely decentralized, making them an ideal type of currency for criminals. As the government catches up on its knowledge of how it works, there are sure to be regulations to follow to prevent such crimes from being conducted via cryptocurrencies. Additionally, as someone involved in finance, you may be concerned that your institution could be the victim of fraud or used for money laundering via cryptocurrency in the future. 

The likelihood of impending regulation in the coming years and concern about crime protection has led to more and more institutions looking into what can be done for AML/KYC in crypto contexts. But first, what are AML and KYC?

History of AML/KYC Regulations

In 1970, The United States passed the Banking Secrecy Act which requires institutions to report suspicious activity to the Department of the Treasury using a suspicious activity report. Then, in 1986, money laundering was finally officially made illegal. These laws, regulations, and procedures that were – and are continuing to be – established make up what we refer to as Anti-Money Laundering (AML). The fines for not following AML regulations and requirements can be massive (going up even into the billions depending on the situation), so staying compliant has its own incentive.

KYC, or Know Your Customer, is an important aspect of Anti-Money Laundering and refers to the systems which a financial institution puts in place in order to protect itself from fraudulent activity. These systems are based on a set of laws enacted in 2001 as a part of the Patriot Act. The Patriot Act was passed in an effort to combat and prevent terrorism after the 9/11 attacks and contains many different laws to that effect; the KYC requirements that we are talking about here are just a slice of that pie. A big part of passing the Know Your Customer laws after 9/11 was to prevent criminals from committing identity theft and fabrication for the purpose of secretly funding terrorist groups, but there is more to it than that- in 2001 these requirements were bulked up in order to prevent fraud, money laundering, and other financial crimes.

Really knowing your customer when they open an account with your institution is an important first step of AML that involves finding out what kind of business they do and what kind of clients they might, and do, have.

Anti-Money Laundering Specifics

Anti-Money Laundering involves identifying suspicious activity and the risk involved in working with certain kinds of clients so as to prevent money laundering before it occurs. Artificial Intelligence and computer learning, monitoring each transaction of every account for suspicious activity, and accurate customer checks are all important aspects of Anti-Money Laundering. Companies can look at potential clients and ask the questions: “Is this avenue too risky?” And if there is a lot of risk involved, “Can we set up more protections around this particular client or kind of client?

Setting up those protections can happen a couple of different ways. Artificial Intelligence and computer learning are heading the charge as two of the most innovative and increasingly effective ways to implement Anti-Money Laundering. For example, many companies are taking advantage of internal cloud storage to capture patterns in data input and then use computers to recognize and alert to those patterns. 

Monitoring each transaction is also an important aspect of Anti-Money Laundering as this is where patterns are found. For example, “smurfing” is when someone makes many small deposits in a few different accounts so as not to tip anyone off to the illegal activity. Computers and/or individuals checking in on the transactions would have a better idea of if this is a one- or two-time occurrence or if this behavior makes a pattern.

Know Your Customer Specifics

Because the KYC requirements are quite broad, each financial institution has its own way of approaching them, but there are elements that must be present for proper KYC compliance. There are two primary components: the Customer Identification Program (CIP) and Customer Due Diligence (CDD).

The CIP requirements usually include verifying personal identity documents for both business owners opening business accounts and individuals. For business owners, such documents might be a business license, partnership agreement, and/or trust instrument. For individuals, documents may include government-issued ID, financial references, and/or information from a consumer reporting agency or public database.

CDD requirements are a way for financial institutions to collect information in an attempt to predict how the account will be used and give each customer a corresponding risk assessment. CDD is not explicitly outlined in the Patriot Act so the details are left to interpretation and what suits the institution best. What is explicit is that banks are required to file a suspicious activity report if they have reason to suspect that suspicious activity is present. However, it’s difficult to know if the activity on an account is suspicious if the bank doesn’t know what a customer’s regular activity looks like. To find out what it looks like, the bank may ask questions like what the source of funds for the account will be, what the purpose of the account will be, and the person’s occupation, just to name a few examples. The bank then assesses the risk involved in conducting business with this person based on how well and how often their account is monitored and who they might do business with.

KYC compliance is important in protecting banks and customers from fraud, but because there is government regulation attached to it, non-compliance results in hefty fines. Know Your Customer also helps financial institutions from engaging with customers whose risk factors make them potentially bad clients. If they aren’t going to adequately monitor their account or if they aren’t financially aware enough to understand the risks of investment, they could lose the bank a substantial amount of money. Additionally, because of the increase in suspicious activity reports, the fines for not being KYC compliant have skyrocketed. Billions of dollars in KYC non-compliance fines are issued every year.

AML/KYC in Crypto 

To examine cryptocurrencies a bit more closely, we’ll start with this “technical definition” of what blockchain is from Finn Brunton, Historian at NYU and author of a book on cryptocurrency. 

“A technical definition of blockchain is that it is a persistent, transparent, public, append-only ledger. It’s a system you can add data to and not change previous data within it. It does this through a mechanism for creating consensus between scattered or distributed parties that do not need to trust each other. They just need to trust the mechanism by which their consensus is arrived at. In the case of blockchain, it relies on some form of challenge such that… in theory, ensures that no one can force the blockchain to accept a particular entry onto the ledger that others disagree with. One that relies on a mechanism for a peer-to-peer network that can maintain updates to the ledger and then verify those updates in such a way that it is impossible to defraud and impossible to alter after the fact.” 

In short, cryptocurrency works through blockchain technology that is maintained on any and every computer that is involved. Anyone can log a transaction from their computer anonymously with their public and private keys and anyone can view (but not alter) past transactions using the public key assigned to a particular actor. So, if you want to see a particular person or entity’s transactions on the ledger, you enter their public key.

Private and public exchanges operate slightly differently, but the very nature and initial intention of cryptocurrencies is for them to be anonymous and decentralized. More and more private companies are beginning to create their own privately-accessed cryptos for which more identity verification will become necessary (and/or required). 

Currently, there is, in some cases, compliance with AML/KYC regulations in both public and private exchanges, but it looks different than it does for financial institutions and each crypto does things differently. For example, there is usually no onboarding process that requires KYC in crypto before signing up and logging transactions. After someone has signed up and received their keys there may be verification of some of their credentials or personal information that makes trading with them more trustworthy. Additionally, there may be limits to how much can be deposited or withdrawn before the actor has been a user long enough or before they have provided some form of KYC verification such as a picture of their ID.

The problem here for Know Your Customer and Anti-Money Laundering is that knowing who someone is and the risk that they may be involved in criminal activity is essential for compliance before signing them up and taking them on as a client. An even larger problem, of course, would be that most cryptocurrencies don’t have any AML/KYC compliance at all. In fact, some cryptos have chosen to leave the U.S. and disallow Americans from participating just to avoid having to make themselves AML/KYC compliant.

The Future of AML/KYC in Crypto

The debate between lawmakers and crypto users over-regulating cryptocurrencies is quite fierce and not likely to end soon. However, if the U.S. government gets its way, cryptos will have to institute AML/KYC procedures into their processes. 

A method that could be instituted is a universal KYC system where providers could access external records to cross-reference new users for previous flags. Also, if KYC information could be encrypted so that it could be shared with law enforcement when necessary (but not easily accessed), that might help to ease some of the privacy worries crypto managers and users have.

IDScan.net has a mobile ID validation solution that is perfect for anyone conducting online business where identity verification is a necessity. Our automation enhances the customer experience, improves the validation process, and speeds up the onboarding process while helping to maintain Anti-Money Laundering and Know Your Customer (AML/KYC) compliance. Our mobile ID validation technology confirms the ID, reduces fraud, and collects the information from the ID all by snapping a few images.

Customers simply open your app or click on a link sent via SMS and are prompted to take 3 images – the front of their ID, the back of their ID, and a selfie. The selfie is run through spoofing algorithms and all of the information on the ID is verified with the post office and our robust database of different forms of ID. Then they are told instantly whether their identity has been validated. This process is quick and easy.

Our solution will help to validate even your crypto-using customers’ identities so that, when the time comes, your business or financial institution will be prepared for the more widespread use of cryptocurrencies. For more information on IDScan.net’s instant mobile ID validation, please do not hesitate to reach out to our team who can get you going in the right direction for your business or institution.

What is a cryptocurrency?

Cryptocurrencies are blockchain-based currencies that are anonymous, decentralized, not issued by governments, and have little to no barrier to entry. They can be used to make purchases and exchanges between individuals all over the world who don’t necessarily need to know – or even trust – each other. This is because the system has built-in checks and is unalterable so no one person can cheat the system.
Some famous and popular examples include Bitcoin, Dogecoin, and Ethereum.

What is the current state of AML/KYC in crypto?

There are little to no regulations on crypto at the moment and that includes AML/KYC. As time goes on, more cryptos will either choose or be required to enforce heavier AML/KYC compliance.

What is the future of AML/KYC in crypto?

Of course, we can’t know for sure, but the U.S. government is trying its best to regulate cryptos in general, so we can expect to see more AML and KYC requirements placed on crypto in the future. We have already seen some cryptos leave the U.S. and bar Americans from participating altogether rather than comply with regulations that interfere with the original intent of cryptocurrencies.