If you’ve ever used a cryptocurrency exchange or bought an NFT, it’s likely that you will have had to perform a know-your-customer (KYC) check to verify your identity. KYC checks are a key part of the global financial system’s infrastructure, and enable cryptocurrency businesses to remain compliant with anti-money laundering (AML) regulations.
For states and regulators, KYC requirements are a vital tool in preventing crypto being used for crimes such as human trafficking, money laundering and terrorist financing.
For many cryptocurrency advocates, however, the idea of centralized entities having oversight of crypto transactions goes against the founding principles of the space.
One thing’s clear: KYC and AML policies are a part of the global financial system that is not going away any time soon, and cryptocurrency exchanges are no exception.
What are KYC and AML, and why do they exist?
Know-your-customer (KYC) procedures identify and confirm that a customer is who they say they are. It's a multi-step process designed to prevent fraudulent account creation and use.
KYC aims to understand the nature of customers' activities, qualify that their source of funds is legitimate, and assess the money laundering risks associated with them.
Know-your-customer policies in the United States were first introduced in the 1990s to fight money laundering. KYC can range from requiring a name and email address, up to and including an address and photo identification.
Proponents of KYC policies emphasize the need to protect consumers from identity theft and combat money laundering and fraud.
Anti-money laundering (AML) policies are much older, dating back to the Bank Secrecy Act of 1970. AML policies are designed to deter and prevent criminals from using a bank or exchange's services to launder money or cryptocurrency.
When the U.S. Treasury Department added the Tornado Cash coin mixing service to its sanctions list in August 2022, the agency cited its use in money laundering and cybercrime.
The Bank Secrecy Act requires businesses to keep records and file reports that law enforcement agencies can use to identify, detect and prosecute money laundering by criminal organizations, terrorists, and people looking to avoid paying taxes.
Did you know?
Know-your-customer policies in the United States became mandatory under the USA Patriot Act of 2001. By October 2002, the Secretary of the Treasury finalized regulations making KYC compulsory for all U.S. banks.
KYC and Cryptocurrency
Cryptocurrency exchanges are a significant part of the crypto ecosystem. Like a bank or stock exchange, though not fully regulated yet, US-based exchanges like Coinbase, Binance.US, Gemini, and Kraken use "Identity Verification" to comply with KYC regulations.
"As a regulated financial services company, Coinbase is required to identify the users on our platform. Per the Coinbase user terms, we require all customers to verify their identity to continue using our service," the exchange's website says.
Any customer signing up for a U.S. exchange must provide basic information to get started. This information is typically a name, email address, and date of birth. To make full use of the exchange—for example, to buy, sell or trade more than a token amount of cryptocurrency—a customer must provide additional information, including government-issued identification and a face scan.
While the aims of KYC and AML may be to protect consumers and the financial system, many privacy and crypto advocates see know-your-customer (KYC) policies as an invasion of privacy that creates honeypots for cybercriminals and identity thieves.
Another issue is when a crypto company files for bankruptcy protection and its documents become public as court records.
When crypto-lending platform Celsius filed for Chapter 11 bankruptcy on July 11, 2022, its user and account information was given to bankruptcy court officials. When this data was publicly released, it became possible to tie individuals’ identities to their on-chain activity, and by extension, every transaction they’d made on the blockchain. A website, "Celsius Networth," even enabled visitors to enter names into a search bar and see where they ranked on a "leaderboard" of the biggest losers from the Celsius debacle.
KYC and Web3
For many, the threat of doxxing, revealing a person's identity and location, is a genuine concern. Some have proposed a newer, more Web3-friendly version of KYC built around reputation coupled with a limited identity verification process.
Launched in 2015, San Francisco-based Civic has made online identity its focus for Web3, offering enterprise and consumer solutions.
"Uniqueness verification is one part of the suite of products that we have for enterprise, which is called Civic Pass," JP Bedoya, chief product officer at Civic, told Decrypt.
Along with Civic Pass, the company has also released Civic.me, a platform that lets users manage their online identity, NFTs, wallet addresses, and reputation from one place on the blockchain.
Other projects looking to provide Web3 KYC services include Polygon with Polygon ID, Astra Protocol, and Parallel Markets, each of which aims to provide a seamless customer identification and compliance process.
KYC remains a touchy subject, especially in an industry built on the founding principles of privacy and permissionless transactions. But with governments increasingly taking an interest in crypto and Web3 activity, and the legacy financial system becoming ever more integrated with the crypto space; KYC is here to stay. At least developers can make it as painless as possible.