Written by Dmitri Laush, CEO GetID, an omnichannel identity verification solution.

Global money laundering transactions are estimated by $1-2 Trl annually. Sadly, because of anonymity and fast and cheap transnational money transfers, cryptocurrencies became really attractive to fraudsters and terrorist funding.

To prevent this, regulative bodies have started to apply AML legislation to the cryptosphere. So proper lawful crypto exchanges and wallets should verify the identity of its users. However, the whole process is slowing down the onboarding of the new customers and causing a lot of expense to the exchange, especially if the verification process goes manually. In this article I will try to explain how crypto wallets and exchanges should comply with the regulations and not to lose new users in the process.


What Do AML and KYC Mean to Crypto Exchanges?

Regulations aimed toward halting the world wave of money wash have become more strict. The Fifth Anti-money wash Directive (AMLD5) in Europe and FinCEN's Final rule the USA made it clear that virtual currencies and also the exchanges are the subjects to anti-money laundering legislation.

As for now, crypto exchanges aren't up to scratch with their AML policies. A recent study by Coinfirm showed that 69% of the 216 crypto exchanges don't have "complete and clear '' know-your-customer (KYC) procedures, which is very important to comply with AML legislation.

Another report by CipherTrace showed that a third of the top 120 exchanges have weak KYC crypto processes. And further found that two-thirds "lack strong KYC policies." 

Proper KYC procedure involves aggregation of a customer's Personal placeable data (PII): full name, date of birth, and address. This is often verified against customer’s official government-issued documentation (e.g.passport or driver's license). The address can be proved by the lease contract or utility bill.

Following this, a client has to be verified against official databases that highlight Politically Exposed Persons (PEP) and anyone with Sanctions against them. 


And Where Does CFT Fit In?

CFT means Combating the Financing of Terrorism. While AML procedures deal the overall movement of illegal money operations, CFT concentrates on preventing the movement of cash for terrorism goals. This involves stopping the transactions made for non secular, ideologic, or political radical goals achieved through violence.

Unfortunately, cryptocurrency poses a replacement manner of funding terrorism, spurred on by its capability for easy cross-border transactions. Wherever the propensity for reasonable international transactions is the blessing of cryptocurrency, it's conjointly the curse that allows terror funding. As a result of this, in late 2018, the US House of Representatives discharged a bill that established a crypto task force to combat terrorists using crypto.


What Does AML Legislation Mean for Crypto Exchanges?

In the EU, AMLD5 states that financial services should follow this regulation. The newest update includes cryptocurrency exchanges and custodial services, such as online wallets.

This directive states that exchanges and wallets should register with their regional oversight regulator,like FCA in Great Britain. Exchanges and wallets should demonstrate that they need applicable KYC and AML compliance programs.


In the USA, crypto exchanges and protective services are ruled by FinCEN's 2011 cash Service Business Final Rule. This amends the Banking Secrecy Act.

Like any other financial service, cryptocurrency exchanges and wallets should register with Financial Crimes Enforcement Network. AML programs have to be compelled to stipulate what KYC information is going to be collected, and a compliance officer will watch and superintend transactions. To remain compliant, AML programs should be able to establish and report suspicious activity and file Currency dealing Reports (CTR) for transactions which exceed $10,000.


Unlike the AMLD5, FinCEN's Final Rule covers each crypto-to-crypto and fiat-to-crypto services. It’s covering a full remit of crypto businesses, for example, crypto ATMs, mixers, dApps that sell coins, ICO issuers, mining pool operators, tutelary wallets, and crypto payment processors. 

Standards for anti-money washing policies for cryptocurrencies also are forming internationally. The monetary Action Task Force (FATF) was established in 1989 to assist combat international hiding and terror funding. Whereas it is technically not legally-binding, The FATF still sets out rules for its thirty seven members.

FATF name exchanges and wallets as 'Virtual plus Providers' or VASPS. FATF requires VASPS to collect, store, and report all knowledge on transactions that exceed $1000 by one entity.


How Are Major Crypto Exchanges Performing KYC?


Fiat-to-Crypto Exchanges

In each the USA and therefore the EU, fiat-to-crypto exchanges ought to set up solid AML programs. The majority of the crypto exchanges are trying to implement KYC and comply with the regulations, however the effectiveness of those policies is questionable in some cases.

Gemini, for example, prides itself on being totally regulated. Stating in its user agreement that their exchange is compliant with 13+ laws, and that they impose full KYC to withdraw any funds.

When a user completes the onboarding process, full KYC isn't necessary, however, the customer should provide a full legal name, date of birth, address, valid telephone number, Social Security number, and their email. But if a user wants to withdraw money, official government documents have to be submitted,e.g. a passport or driver's license.

One of the most famous exchanges, Coinbase, permits users to send and store cryptocurrency without full verification of the identity. Users merely have to be compelled to submit a full name and email address to register. However, to trade cryptocurrency, users should complete a full KYC procedure, submitting official documents and PII.

To speed up the method and guarantee accuracy, Coinbase uses a digital ID solution, including biometric authentication, liveness detection and etc.

Bitfinex requires KYC procedure only for those users who trade fiat currencies, those who are dealing only with crypto do not need to go through long identity verification.


Crypto-to-Crypto Exchanges

Those exchanges are much less strict when it comes to AML compliance. HitBTC for example, does not require any KYC. On the other hand, Huobi, one of the biggest global crypto exchanges, only requires users to verify themselves only when it comes to withdrawing a big amount of cryptocurrencies.


What KYC Challenges do Crypto Exchanges Face?

While KYC procedures and strong AML practices are recommended, they do come with their own set of challenges in terms of cost, onboarding friction, and data security.


Traditional KYC is Costly

Simply put, more regulation means more costs to cover compliance. Not only do exchanges now have to fork out money to register with regulatory bodies, but budgets also need to be put in place to pay for verification processes and larger compliance teams.

Following the release of AMLD5, exchanges have already started to relocate their businesses to less regulated areas. This was the case with Deribit, a bitcoin options and futures exchange that could not afford regulatory costs. In the UK, for example, registering with the FCA is proposed to cost a whopping $6500.

Traditional KYC procedures, themselves, can be extremely expensive. As KYC involves sending customer documentation to third-party verifiers, exchanges will have to cover the costs of these verification organizations.

Beyond this, crypto entities will need to pay for more compliance staff to ensure ongoing monitoring. As the demand for compliance staff has boomed, the shortage of candidates has led to a steep rise in compliance salaries. This is just another price tag to add to the piling costs.


Manual KYC Causes Friction in Onboarding

As KYC verification is not transferable between organizations, users need to complete KYC for every different exchange they use. Not only is the process time-consuming, but the wait-times for manual verification can also be lengthy — In some cases, up to 30 days. This causes customer drop-out rates to soar.

Conventional KYC Has Data Security Issues

Traditional KYC processes involve collecting, storing, and sharing lots of sensitive data. Without strong data security procedures in place, there is a risk from hackers.

Consider the breach of Binance. This global exchange had been using third-party verifiers to complete KYC processes. However, one of these third-party KYC data management companies stole 10,000+ personal photographs and demanded a 300 bitcoin ransom from Binance. 

With more KYC applications being processed, sensitive information is being passed around a myriad of outsourced KYC companies. This increases the chances of this type of attack happening again.

Moreover, with strong data protection regulations emerging regarding the collection and storage of personal data, such as the GDPR, it seems that there will be a conflict of interest between KYC methods and data regulations.


Current KYC Practices Can't Scale for Increasing Regulation

With several nations looking to build their own central bank digital currencies (CBDCs), it is clear that regulation will only increase. 

Contemplate the regulatory pushback against Facebook's cryptocurrency, Libra, with both the US and the EU fighting hard against the social network's proposals. If nations are planning their own CBDCs, there is a strong argument to suggest that increased regulation imposed by governments would prevent private coins from outcompeting these central currencies.

Simultaneously, global money laundering has reached epic proportions. Tighter regulations are the primary way in which authorities are attempting to get a handle on the problem.

All things considered, increased regulation will mean more frequent and in-depth KYC cryptocurrency procedures. Already, financial institutions are struggling to find the money, the staff, and the time to cover current KYC demands. In this respect, the way that KYC is being undertaken today cannot be sustained and will certainly not scale up further.

In Conclusion

KYC is a necessary procedure to be lawful and comply with existing AML regulations. KYC should protect exchange users from fraudsters. The best in use are automated KYC solution, because they are fast and human-error free.