Basic KYC checks may only require a copy of a government-issued ID to identify a customer. However, some relationships may require more in-depth due diligence if there is a large financial exposure or a higher risk that the customer may be associated with financial crime. Depending on the level of risk, the institutions may ask for additional information such as a tax identification number, ID picture, proof-of-address, or financial documentation.
Of note, KYC checks are required in many jurisdictions, including the USA, the EU, Canada, and the UK, though details vary by jurisdiction. Typically, crypto companies, such as crypto exchanges, are subject to the same KYC requirements as traditional financial institutions.
Why is KYC important?
KYC procedures are generally put in place to help prevent various financial crimes, such as identity theft, money laundering, financial fraud, and terrorism financing.
For example, money laundering is the process where criminals conceal the proceeds of their crimes, such as arms trafficking, illicit drug sales, and thefts, by making the funds appear to have a legitimate source. By even the most conservative estimates, money laundering is thought to account for over $1 trillion per year worldwide. Therefore, governments and regulators apply stringent anti-money laundering (AML) regulations and controls to help prevent criminals from using the legitimate financial system to process proceeds from illicit activity.
Part of these efforts includes the Financial Action Task Force (FATF), which was set up in 1989 as an international organization to combat money laundering and the financing of terrorism. The FATF has issued a framework of recommendations designed to help countries tackle illicit financial flows, including customer due diligence. These recommendations are then implemented by national regulators from various FATF member jurisdictions. Thanks to the work of the FATF, there is some degree of standardization in KYC requirements across different countries.
The role of the FATF has become increasingly important as the financial system moved to be more digital and global, which has created more complexity in tracing illicit funds. As a result, over the years, governments have steadily ramped up AML measures, such that compliance has become an increasingly high cost for firms. However, it’s a necessary investment – companies and financial institutions that fail to comply with AML laws face heavy fines, and enforcement actions may even result in jail time.
Levels of KYC
KYC requirements are generally divided into different levels of due diligence.
- Customer Due Diligence (CDD) – the process of collecting and analyzing information about the customer’s risk profile, such as a credit rating.
- Simplified Due Diligence (SDD) – used for low-risk customers, including employees with well-defined salary structure and government entities.
- Enhanced Due Diligence (EDD) – used for situations involving higher risk, which could include high-net-worth customers transacting large amounts or those in countries known for having high levels of corruption or criminal activity.
KYC is always carried out at the start of a new customer relationship. However, firms also conduct ongoing KYC and other compliance checks as part of their continuous monitoring processes. These may include using algorithms to spot unusual transactions or requiring periodic resubmissions of documents to keep them up to date.
KYC in the crypto sector
KYC obligations for crypto companies are very similar to those for traditional finance. However, crypto has some unique differences, including the ability to create a digital wallet and transfer funds without KYC.
For example, public blockchains such as Bitcoin are designed for pseudonymity, allowing people to transact without knowledge of the other party. However, as cryptocurrencies grew in popularity, regulators became more vocal in their concerns that digital assets could provide a haven for money launderers.
The historical lack of a comprehensive regulatory framework for crypto meant that, before 2019, no global standards were in place for applying KYC across the industry. In 2019, the FATF issued the Travel Rule, a guidance for a coordinated approach between member states to mitigate the risk of money laundering using digital assets.
As such, regulators have begun to target privacy protocols that make it easier for criminals to conceal the flows of online transactions. In 2022, the US Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash, an Ethereum-based currency mixer that OFAC alleges has been used by the Lazarus Group, a North Korean crime syndicate.
Some actions indicate an increasing likelihood that KYC-type controls will become more prevalent in decentralized finance (DeFi) in the future. However, it may not necessarily require a user to hand over a copy of a government-issued ID each time they sign up for a new service. On-chain identity solutions leveraging technologies such as zero-knowledge proofs could offer a solution that lends more privacy and sovereignty to users over their data while satisfying regulators that appropriate AML measures are in place.
- KYC stands for Know Your Customer or Know Your Client and refers to the responsibility of financial institutions to identify their clients and assess various risks.
- The Financial Action Task Force (FATF) helps to maintain standardization in anti-money laundering practices across 39 member states.
- Since 2019, FATF guidance has required that cryptocurrency service providers operate KYC procedures. National regulators are now also expanding their reach to require decentralized applications and services to implement anti-money laundering practices, which may include KYC.