KYC, AML & what it means for crypto

While the terms AML and KYC are sometimes thrown around interchangeably, they differ in meaning and in practice and are far less established when it comes to the crypto space. Currently, there is no cryptocurrency-specific federal mandate in the United States, which has left it up to the states to enact their own regulations. However, lax and inconsistent AML regulations across varying jurisdictions can result in money laundering and crypto scams as the exploitation of cryptocurrency and individual consumers grows. This is where AML and KYC policies will be key as protective measures against illicit activity and financial crime.

The benefits of AML compliance

Anti-Money Laundering (AML) is a broad category of compliance actions that financial institutions must observe to ensure that they don’t facilitate illegal financial activities through their services or platforms.

Apart from the moral imperative of AML activities for healthy global finance, adherence to AML compliance has many tangible benefits for organizations, including:

• Keeping customer data secure across numerous physical and digital channels
• Using global customer databases to check backgrounds of new customers and compare against lists of sanctioned individuals
• Monitoring transactions closely and reporting illegal or suspicious activity
• Creating automated fraud detection services that can stand in the way of identity theft or block account access
• Preserving and enhancing an organization’s reputation and maintaining value for shareholders by avoiding association with criminal activity
• Reducing fines or costs associated with noncompliance of AML regulations by building AML compliance systems around regulations

Preventing crime with KYC

Know Your Customer (KYC) is a subset of AML compliance focused on specific preventive actions to verify the identity of clients. One of the core activities involved in KYC is customer due diligence (CDD), which can include activities like:

• Collecting personal information to verify a customer’s identity and prevent fraud before engaging in financial activity with an organization, and checking customer information against global watch lists or sanctions against individuals
• Collecting business information to analyze a customer’s business structure, strategy, funding sources, stakeholders and other critical business details
• Creating risk profiles or conducting risk assessments – at this point, enhanced due diligence (EDD) may be done for customers identified as high-risk
• Monitoring customers regularly for any suspicious activity or signs of illegal financial activities and updating customer risk profiles as needed

In EDD, additional steps are taken to assess and monitor customers who may be at especially a high risk for money laundering, including:

• Collecting further evidence or customer information to meet much more “rigorous and robust” EDD standards for customer data sources
• Documenting detailed customer information and findings as well as providing easy access for regulators to review EDD reports
• Providing “reasonable assurance” in risk assessments to reflect the extensive research and processes followed for EDD
• Closely monitoring politically exposed persons (PEPs) who can be exploited for illegal or unethical financial gain

Anti-Money Laundering & cryptocurrency

Due to the relative lack of regulation on the exchange of cryptocurrency in comparison to fiat currencies, KYC/AML laws specifically relating to crypto are less mature and consistent. However, such regulations specifically relating to crypto are increasing in complexity in the face of wider digital currency adoption by both private corporations and government agencies—including state and federal legislatures, as is the case in the US.

The Financial Action Task Force (FATF) established the first worldwide AML laws for crypto in 2014, and these laws have since been adopted by other global agencies like FinCEN and the European Commission. These organizations also lean on virtual asset service providers (VASPs) for most frontline KYC/AML activity. Examples of VASPs include NFT and cryptocurrency exchanges who act as a first line of defense by establishing specific KYC protocols, transaction monitoring and compliance personnel who enact and enforce AML laws.

When VASPs detect money laundering activities or financial crimes related to cryptocurrency, they report this activity to FATF, FinCEN or others for use in global KYC/AML databases to tie illicit activities to bad actors. These global organizations also often use blockchain regulation tools that can further assess patterns of money laundering on the blockchain’s public ledger.

KYC procedures for crypto

KYC procedures can look a little different for crypto in comparison to controls typically used in finance. In general, there aren’t any standardized tools, but each type of institution—stablecoin providers, exchanges for cryptocurrencies or NFTs, and the like—are often urged to use a variety of existing tools, such as biometrics (think Touch ID and Face ID), document authentication, transaction monitoring, sanctions screening and a host of identifying information like official IDs or place or residence, to name a few.

This means that there is a wide gamut of KYC protocols that a crypto organization can leverage to align with existing AML standards, and many crypto platforms may even be in a position to pioneer combinations of protocols that herald successful models to be replicated in the crypto regulatory space. As the crypto industry and its corresponding regulations continue to evolve, cryptocurrency exchanges and other businesses in the industry will need to have the proper AML and KYC technologies in place to ensure regulatory compliance, detect fraud and prevent financial crime.

Learn how IDology Compliance can help meet cryptocurrency challenges and comply with regulations.