The popularity and pervasiveness of cryptocurrencies have recently skyrocketed. It seems everyone is getting involved with some form of crypto and if you’ve looked into it yourself you may have come across ICOs or Initial Coin Offerings. When you buy an Initial Coin Offering, the company or start-up provides you with a new cryptocurrency token. This token is either a part of the product or service that the company is providing, which is called a “utility token”, or it’s a symbol of having a stake in the company, which is a “security token”. When the token is a security token, Initial Coin Offerings are similar to stocks. The major difference is ICOs are largely unregulated. This can cause many fraud issues both for the companies selling the ICOs and for those buying the ICOs.
KYC, or Know Your Customer, is an important aspect of preventing fraud, but because of the lack of regulation in ICOs, there is not a federally set standard for KYC compliance like there is in banking. The required KYC Checks in ICO are determined by the kind of project or company and the kind of token they are offering. In 2017, the SEC announced that security tokens will be subject to the requirements of the federal securities law, which means that KYC checks apply to these kinds of tokens.
What is KYC?
In the U.S. KYC stands for “Know Your Customer” or “Know Your Client” and refers to the systems which a financial institution puts in place in order to protect itself from fraudulent activity. These systems are based on a set of laws enacted in 2001 as a part of the Patriot Act. The Patriot Act was passed in an effort to combat and prevent terrorism after the 9/11 attacks and contains many different laws to that effect; the KYC requirements that we are talking about here are just a slice of that pie. A big part of passing the Know Your Customer laws after 9/11 was to prevent criminals from committing identity theft and fabrication for the purpose of secretly funding terrorist groups, but there is more to it than that. The U.S. government had passed financial protection laws in the Bank Secrecy Act of 1970, but in 2001 these requirements were bulked up in order to prevent fraud, money laundering, and other financial crimes.
Because the KYC requirements are quite broad, each institution has its own way of approaching them, but there are elements that must be present for proper KYC compliance. There are two primary components: the Customer Identification Program (CIP) and Customer Due Diligence (CDD).
The CIP requirements usually include verifying personal identity documents. Documents may include government-issued ID, financial references, and/or information from a consumer reporting agency or public database.
CDD requirements are a way for financial institutions to collect information in an attempt to predict how the account will be used and give each customer a corresponding risk assessment. CDD is not explicitly outlined in the Patriot Act so the details are left to interpretation and what suits the institution best.
KYC Checks in ICO
Why would you need KYC checks in ICO? The CIP aspect of KYC is very important in ICOs to ensure that the person making the purchase of the token is who they say they are. It’s also important to see that he or she is not a criminal seeking to make money for nefarious purposes. Cryptos are well known and liked amongst purchasers and investors because of the anonymity they afford, but when ICOs are involved, the lack of regulation can mean that a bad actor could put the company or start-up in jeopardy. The fact of the matter is that most ICOs don’t make it to the trading phase and a criminal trying to get rich quickly can definitely add to the initial strain that ICOs are under.
Internal and External Solutions
IDScan.net offers 3rd party, or external, checks to verify identity, criminal background, and whether someone is a politically exposed person (or PEP). All information we process is automatically stored and simply accessed by your institution, but the record storage systems are also secure and up-to-date. This is often a compliance regulation, but it’s also important for your business’ security from personal data hackers.
We also offer mobile ID validation which is done internally. The customer simply takes 3 images with their smartphone:
- Front of the ID
- Back of the ID and
- A selfie
The automation performs identity verification by checking that the ID is formatted correctly. It also checks that the information in the barcode matches what is displayed on the front of the ID. It then queries the USPS database to confirm that the address on the ID exists. Lastly, it moves to the pictures, calculating a confidence percentage in facial match between the photo on the ID and the selfie supplied by the customer. The selfie is also run through anti-spoofing processes to assure it is legitimate.
More specifically, the customer’s picture is first compared to a database of known faces to ensure that a human face is indeed pictured. An algorithm then maps the customer’s face and compares the layout of the pictured face to the face on the ID provided. The identity verification automation can then see more definitively whether or not the faces match and provide a percentage to represent the confidence it has in the faces being the same.
ICO stands for Initial Coin Offering and it’s when a company or start-up provides either a utility token or a security token in exchange for investment in the project.
In the U.S. KYC stands for “Know Your Customer” or “Know Your Client” and refers to the systems which a financial institution puts in place in order to protect itself from fraudulent activity.
The CIP aspect of KYC is very important in ICOs to ensure that the person making the purchase of the token is who they say they are. It’s also important to see that he or she is not a criminal seeking to make money for nefarious purposes.