The 2023 Guide to KYC/AML for Crypto Exchanges & Wallets
17 Jan 2022
Money laundering is a huge problem worldwide. Unfortunately, while cryptocurrency means cheaper, faster international transactions, it also makes the crypto sector ripe for criminal activity, such as money laundering and terrorist funding.
To stay ahead of this, regulatory bodies are installing staunch anti-money laundering (AML) legislation. This helps to prevent money laundering through cryptocurrency exchanges and custodian services.
Strong AML programs include foolproof KYC processes to identify and verify users. With this, authorities hope to root out suspicious activity in the crypto sector.
However, for crypto exchanges and wallets, this also means more expensive onboarding, peppered with friction, and can be vulnerable to data breaches. Unscalable manual KYC processes simply aren’t going to cut it in a world where regulation is increasing at an alarming rate.
Thankfully, GetID has designed the ideal KYC tool. GetID’s omnichannel identity verification solution automates KYC, for more cost-effective, fully compliant, faster onboarding. Cut out the friction with GetID now.
What Do AML and KYC Mean to Crypto Exchanges?
As the structure of the financial industry evolves, cryptocurrency is reenvisioning the way that transactions take place. At the same time, virtual currency has swooped in to offer new solutions for international monetary exchange.
But this comes with its own set of challenges. A central issue is that criminals launder their money through anonymous cryptocurrency exchanges.
Regulations aimed at halting the global wave of money laundering are tightening. The Fifth and Sixth Money Laundering Directives (AMLD 5, AMLD 6) in Europe and FinCEN’s Final Rule in the USA make it clear that virtual currencies and the exchanges on which they trade are subject to anti-money laundering legislation.
This means a solid AML program that helps identify and protect against suspicious activity needs to be in place to protect against financial crime and money laundering.
At this time, crypto exchanges are not up to scratch with their AML policies. A recent study by Coinfirm showed that 69% of the 216 crypto exchanges do not have “complete and transparent ” know-your-customer (KYC) procedures in place — An integral part of a robust AML program.
Another report by CipherTrace showed that a third of the top 120 exchanges have weak KYC crypto processes. And further found that two-thirds “lack strong KYC policies.”
But, What is AML, Anyway?
The term ‘Anti-Money Laundering’ or AML refers to a set of procedures and legal regulations that are in place to identify and prevent profit from illegal activities. This covers such pursuits as trading illegal goods, evading tax, manipulating markets, and laundering ill-gotten funds.
To prevent the global spread of these activities, regulatory bodies force financial institutions to conduct due diligence on their customers and flag and report suspicious customers and transactions.
As the crypto industry evolves, it is clear that virtual currencies give rise to a new dawn of financial crime—one where criminals harness technology to launder money and cover their tracks virtually.
This is especially present on cryptocurrency gambling websites, money laundering crypto ‘mixer’ platforms (such as Coinmixer, DarkLaunder, and Chipmixer), and exchanges.
By the end of July 2021, major crypto thefts, hacks, and frauds totaled $681 million. This makes a case for stronger preventative methods to stem financial crime in the growing crypto sector. Anti-money laundering cryptocurrency regulations are the first step in this.
So, What is KYC?
KYC stands for Know Your Customer and is the initial customer due diligence stage in AML processes. When a financial institution onboards a new customer, KYC procedures are in place to identify and verify that a customer is who they say they are. This enables financial institutions to assign a risk value to this customer based on their propensity for financial crime.
Now, as crypto exchanges and wallets become more like financial institutions, KYC needs to be added into the cryptocurrency AML programs for these entities.
The process involves collecting a customer’s Personal Identifiable Information (PII): full name, date of birth, and address. This is verified against their official government-issued documentation, such as a passport or driver’s license, and their proof of address, something like a utility bill.
Following this, a customer needs to be verified against official databases that highlight Politically Exposed Persons (PEP) and anyone with Sanctions against them. This enables financial institutions to better understand each client’s risk of virtual currency money laundering and financial crime.
And Where Does CFT Fit In?
CFT stands for Combating the Financing of Terrorism. While AML procedures deal with the general movement of money related to illegal activities, CFT concentrates on preventing the movement of money related to terrorism. This involves blocking transactions aimed at furthering religious, ideological, or political radical goals achieved through violence.
Closely linked to money laundering, terrorism is able to flourish when radical organizations fund decentralized cells around the world. By identifying and halting these transactions, authorities have a better chance of preventing terrorist acts from taking place.
Unfortunately, cryptocurrency poses a new way of funding terrorism, spurred on by its capacity for simple cross-border transactions. Where the propensity for cheap international transactions is the blessing of cryptocurrency, it’s also the curse that enables virtual money laundering and terror funding. Because of this, in late 2018, the US House of Representatives released a bill that established a crypto task force to combat terrorism groups using crypto.
So How Does KYC/AML Affect Crypto Exchanges?
For cryptocurrency exchanges, AML programs are a must, both for protection against financial crime and to stay compliant with heightening regulations.
This means the implementation of an effective AML program that includes a Customer Acceptance Policy (CAP), a Customer Identification Program (CIP), ongoing monitoring of transactions, and risk management procedures.
CAP refers to the identification process of new customers using official documentation. CIP is the process of verifying a customer from this documentation and against official databases.
Ongoing monitoring means that crypto exchanges should have systems in place to identify suspicious transactions and ensure customer details are up-to-date.
In the EU, legislation differs for fiat-to-crypto exchanges and crypto-to-crypto exchanges. Any cryptocurrency service that enables a customer to exchange from fiat currency to crypto needs to implement KYC. Exchanges that strictly deal with crypto do not.
However, in the USA, FinCEN classes all cryptocurrency the same way. This means that all cryptocurrency exchanges must carry out KYC and install effective AML programs, regardless of the currencies they support.
What Does AML Legislation Mean for Crypto Exchanges?
As virtual currencies increase in use, AML legislation has started to update its standards to include cryptocurrency entities, such as exchanges and wallets.
In the EU, AMLD5 covers the processes that institutions should follow to help prevent cryptocurrency money laundering. The latest update includes cryptocurrency exchanges and custodial services, such as virtual currency wallets.
This directive states that exchanges and wallets must register with their regional supervising regulator, such as the Financial Conduct Authority (FCA) in the UK. Exchanges and wallets must demonstrate that they have appropriate KYC and AML compliance programs in place.
In the USA, crypto exchanges and custodial services are governed by FinCEN’s 2011 Money Service Business Final Rule. This amends the Banking Secrecy Act.
This rule applies to any crypto entity which could be classed as a money service business, which is defined as, “a person wherever located doing business, whether or not on a regular basis or as an organized or licensed business concern, wholly or in substantial part within the United States,” operating directly, or through an agent, agency, branch, or office, who functions as, among other things, a “money transmitter.” FinCEN has extended the term ‘money’ to cover any “value that substitutes for currency,” which includes virtual currencies and cryptocurrencies.
As with all money service businesses, cryptocurrency exchanges and custodian services must register with FinCEN. AML programs need to stipulate what KYC information will be collected, as well as appoint a compliance officer to monitor and oversee transactions. To stay compliant, AML programs must be able to identify and report suspicious activity and file Currency Transaction Reports (CTR) for transactions in excess of $10,000.
Unlike the AMLD5, FinCEN’s Final Rule covers both crypto-to-crypto services and fiat-to-crypto services. It is also far more extensive, covering a whole remit of crypto businesses, such as crypto ATMs, mixers, dApps that sell coins, ICO issuers, mining pool operators, custodial wallets, and crypto payment processors. It is also important to note that this rule also includes peer-to-peer trading platforms like Localbitcoins, as well as stablecoins.
Standards for anti-money laundering policies for cryptocurrencies are also forming internationally. The Financial Action Task Force (FATF) was established in 1989 to help combat international money laundering and terror funding. While technically not legally-binding, The FATF Guidance sets out rules for its 37 members.
FATF Guidance refers to exchanges and wallets as ‘Virtual Asset Providers’ or VASPS. According to the guide, VASPS must collect, store, and report all data on transactions that exceed $1000 by one entity in one day.
How Are Major Crypto Exchanges Performing KYC?
One of the major components of an effective AML policy is KYC. While KYC may not be compulsory for all crypto-only exchanges, these processes should be implemented to manage the risk of money laundering and terrorist financing. While most popular exchanges are now implementing KYC procedures, some exchanges and wallets are still dragging their heels.
In both the USA and the EU, fiat-to-crypto exchanges need to effectuate solid AML programs. Most top exchanges are now attempting to put AML processes in place, but the effectiveness of these policies is questionable in some cases.
The popular exchange, Gemini, prides itself on being fully regulated. Stating in its user agreement that their exchange is compliant with 13+ regulations, and they insist on full KYC to withdraw any funds.
When a user first registers, full KYC isn’t necessary, however, the applicant must give a full legal name, date of birth, address, valid phone number, social security number, and their email. When it comes to withdrawals, users have to submit official government documents, such as a passport or driver’s license, to verify their identity.
One of the most well-established exchanges, Coinbase, allows users to send and store cryptocurrency without full KYC procedures being activated. Users simply have to submit a full name and email address to register. However, to buy and sell cryptocurrency, users must complete a full KYC procedure, submitting official documents and PII.
To speed up the process and ensure accuracy, Coinbase uses a digital ID solution, similar to GetID. This uses biometric facial recognition and liveness detection to authenticate users, just as GetID does.
Coinbase has also recently patented an automatic risk assessment system that scores users on their likelihood of using the platform for illegal activity. This helps weed out non-compliant users and eases long-term customer due diligence monitoring.
While Coinbase and Gemini have relatively stringent policies, Binance is laxer. Users can withdraw up to 2 BTC per day without verifying their accounts or performing KYC. That said, users have recently reported having to complete KYC for smaller amounts.
When it comes to Binance US, however, the KYC procedures are far stricter. Users must provide all PII, a valid government ID, and a social security number upon registration. The platform has also partnered with a digital ID solution similar to GetID.
Bitfinex addresses the KYC problem in a completely different way. While the platform supports various fiat currencies, users who are solely using crypto don’t need to complete KYC. Users can deposit, trade, and withdraw crypto without any identity verification procedures. To deposit and trade fiat, users must verify themselves with an address, phone number, proof of address, and two forms of government-issued ID.
While the AML legislation for crypto-to-crypto exchanges lacks in the EU, the USA is the opposite. Jamal El-Hindi, former Acting Director of FinCEN, stressed this by saying, “We will hold accountable foreign-located money transmitters, including virtual currency exchangers, that do business in the United States when they willfully violate U.S. anti-money laundering laws.”
This is why the majority of crypto-only exchanges block US citizens from accessing their services. It would mean that these exchanges would have to implement KYC.
Take HitBTC, for example. This popular exchange does not require users to submit to any identity verification processes. Users can deposit and trade crypto without having to perform any form of KYC. HitBTC gives users an option to verify themselves and advises them to do this to “avoid eventual verification procedure in the future.”
Huobi Global is another top crypto-only exchange that doesn’t require KYC. However, to withdraw higher amounts of cryptocurrency, users need to verify themselves.
What Users Need to Complete Crypto Exchange KYC
To complete KYC exchange processes, users need to submit PII, which usually includes their full name, date of birth, address, social security number, and a phone number or email address.
Users must also submit official supporting documents. The documents needed vary between platforms, with larger withdrawals often requiring users to submit more documentation. In general, photo government-issued identification, such as a passport, driver’s license, military ID, etc. is needed as well as proof of address.
In some cases, as with GetID, users may need to take a selfie for the biometric facial recognition system. This will match the user to their official documentation. With Digital ID systems like GetID, users may also be asked to complete Liveness Detection to prove they are there and live at the moment of application. The system will ask users to complete a previously undetermined action, such as blinking, raising eyebrows, smiling, or turning their head from left to right.
Why is KYC Important for Crypto Exchanges?
Money laundering has ballooned worldwide and accounts for around 5% of global GDP. Implementing processes like KYC helps financial institutions to get a handle on this international pandemic. But why is KYC especially useful for crypto exchanges?
KYC Builds Trust and Transparency with Customers
For cryptocurrencies to reach the level of mass adoption, disrupting the financial sector, there needs to be trust. As virtual currencies and exchanges have a history of hacks and scandals, new customers find it difficult to trust in cryptocurrency. For exchanges to work, people need to trade coins, and to trade coins, customers must trust that their money is safe.
By implementing KYC procedures, exchanges can demonstrate trustworthiness to new users. Identity verification systems not only help exchanges to know who is using their services, sorting the criminals from legitimate customers, it also breeds trusting customers.
For a new applicant, knowing that KYC measures are being taken helps the user to know that criminals are being kept off the exchange. This is especially important for peer-to-peer exchanges where users trade with each other.
Cryptocurrency exchanges and wallets offer an excellent viable alternative to regular banking services. For the nearly 2 billion people in the world without a bank, crypto exchanges provide access to previously inaccessible services. However, without effective AML and KYC, exchanges cannot access this large market, as these potential customers feel uneasy about their money’s safety.
KYC Lowers the Risk of Financial Crime
The financial crime label covers a wide range of illicit activities. Everything from tax fraud to bribery and corruption and terrorist funding to online banking hacks. Globally, financial crime costs the world from $1.4-3.5 trillion a year. Of this, around $2 trillion are being laundered.
In the crypto market alone, exchanges are subject to big financial crime. In 2019, $4.26 billion was stolen from cryptocurrency users and exchanges, demonstrating the bad apple theory. Once ill-intentioned users are registered with exchanges, this can open the doors for hacks, scams, and phishing.
Take the example of the BITpoint heist where hackers stole $32 million from the exchange’s hot wallets. Alternatively, consider the $40 million worth of bitcoin stolen in a hack on Binance’s system. In both cases, KYC processes could have identified these hackers before they were inside.
KYC procedures reduce the chances of financial crime as users are identified and verified. This weeds out known criminals and high-risk candidates, thus reducing the likelihood of illicit activity occurring through the exchange or wallet.
KYC Builds Trust and Confidence Between Customers
Peer-to-peer trading platforms work by enabling customers to trade cryptocurrencies between themselves. For customers to use these services, they need to have confidence and trust in the other users. If an exchange is riddled with scam artists, criminals, and fraudsters, users stop trading with each other.
Peer-to-peer platforms are an easy place to scam users. Unfortunate traders can fall victim to dots and commas scams, chargebacks, dirty money tricks, social engineering, and much more. In this sense, KYC becomes all the more important as it highlights high-risk users and roots out criminals.
KYC Will Help to Stabilize the Crypto Market
Former Acting Director of FinCEN, Jamal El-Hindi, stressed the importance of AML compliance for stabilizing crypto exchanges over the coming year. As many of the barriers to mass adoption revolve around mistrust, more staunch AML programs can only serve to show exchanges as legitimate entities.
For customers to truly trust in a system, they need to know that the system is assessing risks to protect its users. KYC programs demonstrate active risk assessment on the part of exchanges, helping to stabilize the market through increased trust and therefore use.
KYC Keeps Exchanges and Custodial Service Compliant
The price for non-compliance with AML crypto regulation is a hefty one. The last couple of years have seen sky-high fines being slapped on financial institutions that don’t fulfill AML stipulations.
In the US, the Treasury Department’s Office of Foreign Assets Control (OFAC) considers non-compliance to be a serious risk to national security, as it invites money laundering, which harms economies and strengthens criminal activity.
Due to this, non-compliance sanctions are grave. Non-compliant entities can face criminal fines of up to $20 million, prison sentences up to 30 years, as well as civil penalties up to $65,000 per violation.
Under the AMLD5, non-compliant fiat-to-crypto exchanges and custodian wallets face fines up to 200,000 EUR per violation.
With the correct KYC and AML procedures in place, entities protect themselves against these lofty on-compliance fines.
What KYC Challenges do Crypto Exchanges Face?
While KYC procedures and strong AML practices are recommended, they do come with their own set of challenges in terms of cost, onboarding friction, and data security.
Traditional KYC is Costly
Simply put, more regulation means more costs to cover compliance. Not only do exchanges now have to fork out money to register with regulatory bodies, but budgets also need to be put in place to pay for verification processes and larger compliance teams.
Following the release of AMLD5, exchanges have already started to relocate their businesses to less regulated areas. This was the case with Deribit, a bitcoin options and futures exchange that could not afford regulatory costs. In the UK, for example, registering with the FCA is proposed to cost a whopping $6500.
Traditional KYC procedures, themselves, can be extremely expensive. As KYC involves sending customer documentation to third-party verifiers, exchanges will have to cover the costs of these verification organizations.
Beyond this, crypto entities will need to pay for more compliance staff to ensure ongoing monitoring. As the demand for compliance staff has boomed, the shortage of candidates has led to a steep rise in compliance salaries. This is just another price tag to add to the piling costs.
Manual KYC Causes Friction in Onboarding
As KYC verification is not transferable between organizations, users need to complete KYC for every different exchange they use. Not only is the process time-consuming, but the wait-times for manual verification can also be lengthy — In some cases, up to 30 days. This causes customer drop-out rates to soar.
As Tom Maxon, Head of US Operations and Business Development at CoolBitX, puts it, “Does comprehensive KYC slow adoption due to friction of onboarding onto platforms? Most definitely.”
Conventional KYC Has Data Security Issues
Traditional KYC processes involve collecting, storing, and sharing lots of sensitive data. Without strong data security procedures in place, there is a risk from hackers.
Consider the breach of Binance. This global exchange had been using third-party verifiers to complete KYC processes. However, one of these third-party KYC data management companies stole 10,000+ personal photographs and demanded a 300 bitcoin ransom from Binance.
With more KYC applications being processed, sensitive information is being passed around a myriad of outsourced KYC companies. This increases the chances of this type of attack happening again.
Moreover, with strong data protection regulations emerging regarding the collection and storage of personal data, such as the GDPR, it seems that there will be a conflict of interest between KYC methods and data regulations.
Current KYC Practices Can’t Scale for Increasing Regulation
With several nations looking to build their own central bank digital currencies (CBDCs), it is clear that regulation will only increase.
Contemplate the regulatory pushback against Facebook’s cryptocurrency, Libra, with both the US and the EU fighting hard against the social network’s proposals. If nations are planning their own CBDCs, there is a strong argument to suggest that increased regulation imposed by governments would prevent private coins from outcompeting these central currencies.
Simultaneously, global money laundering has reached epic proportions. Tighter regulations are the primary way in which authorities are attempting to get a handle on the problem.
All things considered, increased regulation will mean more frequent and in-depth KYC cryptocurrency procedures. Already, financial institutions are struggling to find the money, the staff, and the time to cover current KYC demands. In this respect, the way that KYC is being undertaken today cannot be sustained and will certainly not scale up further.
How Does GetID Streamline KYC for Exchanges to Tackle These Challenges?
Instead of expensive, arduous processes, GetID solves the issues inherent in vulnerable manual KYC.
GetID’s next-generation identity verification platform automates KYC verification for faster, more cost-effective customer onboarding. Using Optical Character Recognition, Biometric Facial Recognition, and Liveness Detection, GetID automatically accurately verifies customers in minutes. By cutting out the need for manual authentication from third-party verifiers and costly compliance teams, this eases the friction and expense of onboarding without sacrificing accuracy.
GetID’s sleek omnichannel KYC solution automatically runs all applicants against PEP and Sanctions lists to identify high-risk customers and root out malicious actors. This helps to prevent hacks, fraud, money laundering, and other forms of financial crime by users within the platform.
What’s more is that automated onboarding benefits you and your customer, saving you time and money. Instead of manually approving each user, GetID does it for you. This not only makes it easier for your customers to sign-up, but adds a layer of security.
With slick, automated KYC procedures, users can trust that both the exchange and its verified users are legitimate, building consumer trust.
Not only that, but GetID’s state-of-the-art platform ensures compliance with all current and future AML legislation.
There’s no way of escaping it. AML compliance is becoming compulsory for cryptocurrency exchanges and custodian services. This means effective KYC procedures need to be in place.
While KYC can help protect your exchange from financial criminals, manual processes come littered with their own challenges, such as costly third-party services, long wait times, and data security breaches.
Luckily, GetID solves all these problems with one ready-made automated KYC solution. Cut out friction and unnecessary costs in your onboarding while ensuring you stay compliant with all AML regulations, now and into the future.
So what are you waiting for? The 2023 KYC solution for cryptocurrency exchanges and wallets is here. Visit GetID website to find out more!