These days the crypto community is used to hearing bad news whether it’s about the downward heading market, regulation concerns or cybersecurity issues. With all these wash trading and faking trading volume, the crypto proves to be immature. Although the CER team strives to call for crypto exchanges’ consciousness organizing roundtables and writing researches, we still need a help from regulators. Increasing pressure from regulatory bodies has provoked a stream of KYC (know your customer) and AML (anti-money laundering) discussions causing them to become the most talked about issues to be solved in crypto space. We aim to use this article to look in detail at what KYC and AML are, how they work, the pros and cons and most importantly to answer the question
Does the crypto community need efficient KYC/AML procedures?
What are KYC and AML
Know Your Customer (KYC) is a policy implemented by banks, financial institutions, and other regulated companies to confirm a customer’s identity and ascertain relevant information needed when doing business with them. In short, KYC is a process by which banks obtain information about the identity and address of their customers and is one of the procedures used to help prevent money laundering.
Anti-Money Laundering (AML) is a set of procedures, laws and regulations designed to stop the practice of generating income through illegal actions and suspicious activity including terrorist financing, securities fraud, and market manipulation.
Implications of KYC/AML in classical finance
Because KYC conformity is important in ensuring that banking institutions are not defrauded or victims of other financial crimes such as money laundering or organized crime, KYC procedures are critical elements in the effective management of banking risks.
In 2016 Thomson Reuters surveyed nearly 800 financial institutions about the effects of KYC regulation on their respective institutions and concluded that they were spending, on average, $60 million per year on KYC compliance with some spending as much as $500 million per year.
Regulations are becoming increasingly stricter, meaning financial institutions have to spend more money than ever to comply with them or risk steep fines. These fines are also dramatically increasing with JP Morgan, for example, being fined $2 million for a failure to report suspicious activity.
Whilst speaking of criminal punishment it is worth noting that given the large corporate structure of many organizations, it is difficult to assign criminal responsibility to a specific individual or group of individuals. For this reason, regulators mostly levy fines against large banks, rather than pursuing criminal prosecutions, to make financial institutions follow the law and conduct strict compliance procedures.
The Patriot Act published in 2001 outlined the laws on KYC, specifying that a U.S. bank is required to file a suspicious activity report if it suspects, or has reason to suspect, criminal activity.
Despite this, the Patriot Act does not directly specify a customer due diligence requirement. However, the system is not perfect and despite significant fines and stricter regulations being put in place, terrorism, money laundering, and illegal financial activities are still prevalent. However, if no intergovernmental and international organizations such as the Financial Action Task Force, the National Credit Union Administration, the U.S. Securities, and Exchange Commission and FINTRAC existed the problem would be considerably greater. Government laws in different countries help to protect the financial system against manipulation, financing of terrorism, and money laundering and whilst the system is not perfect it works to some degree.
Nevertheless, regulations are continuously improved and got stricter. The 5th Anti-Money Laundering Directive (AMLD5) of the EU came into force on July 9, 2018 with effective application from January 10, 2020. This is an extension of AMLD4 (July 2016) which requires, among other things, that all member countries have a centralized register of national bank accounts and a centralized data retrieval system. The costs to financial institutions associated with compliance are normally funded by third-party solutions.
Current State of KYC/AML in Crypto
The current situation with regards to adhering to compliance rules and regulations within the crypto market is almost the opposite to that in classic financial markets. A recent study by PAID discovered that even in the US and EU, two-thirds of cryptocurrency exchanges fail to comply with requirements. They ask for nothing more than an email address and a phone number meaning they know virtually nothing about their customers.
This is the main reason why the vast majority of banks are hesitant to work with cryptocurrency exchanges, forcing them to relocate to less regulated jurisdictions.
We decided to undertake our own brief KYC investigation to get an overview of the current situation and below are our findings:The above table shows that currently the primary documents that exchanges require are a passport, photograph and a written certificate.
It is difficult to say whether this is enough to pass the KYC procedure and shockingly from this short list we found two exchanges that did not follow this procedure at all.
However, the finding that gave us the most concern was the low-level compliance requirements of the leading exchanges such as Binance, Huobi, and OKEx. For example, Binance has only recently requested potential customers provide a copy of their passport during their sign up process following a number of complaints about the exchanges lack of security which had made it a haven for criminals to divide their stolen coins into smaller undetectable portions by using multiple accounts. Huobi has added more stringent certification to its sign-up requirements but does not verify mobile phone details. At least, as opposed to Binance and Huobi, OKex requires a passport and utility bill but still shows a flippant attitude to KYC.
We have explained below three main reasons why crypto exchanges do not take their compliance procedures seriously:
- Competition — there is a large number of exchanges operating in the crypto market and their customers do not like the KYC procedure. For example, it takes about 24 days on average for a commercial bank customer to pass the entire compliance process. This pattern can be unacceptable for crypto traders and investors and they will likely choose another platform to trade on. This means implementing strict KYC can be fatal to exchanges’ ongoing business.
- Cost — banks are already spending around $500 million per year on KYC and it is pushing up the cost of adding new clients. If compliance costs are onerous for large banks they can become critical for crypto exchanges, especially for fledgling entrants.
- Regulation absence — The crypto market is a loosely regulated capital market and it is still not a requirement to enforce proper KYC and AML procedures, although this is going to change very soon. Just recently, the FATF has adopted changes to their own recommendations and glossary to clarify how these will apply in the case of financial activities involving virtual assets. These changes make clear that jurisdictions should ensure that virtual asset service providers are subject to AML/CFT regulations, for example conducting customer due diligence including ongoing monitoring, record-keeping, and reporting of suspicious transactions and should be licensed or registered and subject to monitoring to ensure compliance. The FATF will further elaborate on how these requirements should be applied in relation to virtual assets.
It seems that the crypto market has finally grown enough to gain the serious attention of regulators and provoke them into action.
The Emergence of New Trends
Despite the unsatisfactory current compliance process situation, the cryptomarket has recently received welcome news in respect of the upcoming improvements and changes happening within the space. Binance, the world’s largest crypto exchange according to CoinMarketCap, has just announced their forthcoming partnership with Chainanalysis.
Chainanalysis is a software solution provider for forensic analysis that helps law enforcement agencies track the movement of bitcoin and other top cryptocurrencies. The platform uses statistical techniques to identify when given transactions are likely to be tied to criminal activity and generate a warning alert. Law enforcement agencies, banks and financial service companies are amongst their customers
As agreed within the partnership framework, Chainanalysis will provide Binance with access to its “Know Your Transaction” compliance software enabling the exchange to monitor cryptocurrency transactions in real-time. In particular, this tool will look for potentially criminal or otherwise illicit activity.
Binance executives also confirmed that the company had invested in know-your-customer and anti-money laundering measures and had hired compliance professionals. However, criminals would always be able to find loopholes in the system whatever precautions are taken and only a continuous improvement process can help to fight this ongoing issue.
Since its inception, Binance has undergone many changes. From initially hiding its jurisdiction, it progressed to requiring passports from users and partnering with Chainanalysis to implement better KYC/AML protocols and subsequently freeze WEX accounts. No doubt, as a well-known exchange, Binance is acting as a trendsetter for the crypto community and other exchanges will no doubt follow its example soon.
The KYC/AML procedure in the crypto space is still far from desirable when compared to other mainstream financial markets. We can, of course, appeal to those in the early stages of forming the cryptocurrency market, but the crypto space develops at a much faster pace than classical markets and is always on the cutting edge of new technology and can perhaps lead by example in the future.
Exchanges just need the right motivation in order to address compliance implementation problems themselves. The high costs associated with proper compliance measures can be solved by outsourcing them to third-party solutions. Financial institutions work with services such as Thomson Reuters and Dimension platform from SimCorp in order to handle their KYC process. As Binance has already demonstrated, crypto exchanges could utilize these same third-party services. The competition problem will be solved by itself when a critical number of exchanges start to increase their compliance standards as otherwise, regulators will strive to be stricter to crypto exchanges, related brokers, ico-entrepreneurs and other market participants.
When trying to answer our original question: ‘Does the crypto community need an efficient KYC/AML procedure?’ we need to think about criminal and cybersecurity issues and the benefit genuine participants will receive by having their coins and tokens securely protected from theft.
Regulation is necessary for crypto market integrity as it will dramatically decrease fraudulent schemes and increase the reputation of the crypto community which in turn will ensure market growth. Let’s be the leaders and visionaries, we do not need to wait until regulators implement their requirements but instead actively support those organizations which are the most progressive in their compliance procedures.