The cryptocurrency market has been met with years of pushback from various frameworks, including UK crypto regulation and the SEC crypto trials. This has made KYC crypto compliance an issue of top priority for numerous Web3 and blockchain-based businesses. As global legislation continues to find its feet in this dynamic industry, companies providing a KYC crypto service will become fundamental to the growth and success of cryptocurrency institutions.
This guide digests the dynamic regulations this notoriously volatile industry faces, including how crypto projects are adjusting to new regulations implemented by the UK, US, and EU in response to the rising adoption of cryptocurrencies.
What is KYC?
KYC (Know Your Customer) is the process that encompasses the strategies used to verify a user’s identity and give institutions a better understanding of who their clients really are. This involves performing the necessary vetting checks to ensure customers are who they say they are and do not threaten a business’s operations and reputation. KYC measures have been implemented to prevent bad actors from accessing financial platforms to perform illicit activity. However, KYC procedures are more commonly being implemented in industries beyond just finance.
KYC strategies are an evolving phenomenon, and as financial technologies have flourished, so have the adaptations of KYC and related solutions.
The Banking Secrecy Act, established in 1970, requires all US banks to assist the American Government in detecting, monitoring, and preventing financial crimes, such as money laundering and terrorist financing.
The USA Patriot Act and FINcen’s Final Rule require financial institutions to form a reasonable belief that they know who their customers are. This mandate implored financial services to introduce the strongest identity verification (IDV) measures to their operations.
The EU Council’s latest decree states that CASPs (Crypto Asset Service Providers) now hold a similar level of authority over the protection of the financial system to banks. This calls for enhanced regulatory requirements and stricter KYC strategies, including increased identity verification measures and enhanced CDD on individuals transacting over €1,000.
What Does Crypto KYC look like?
Cryptocurrencies are designed to be anonymous and permissionless, making customers’ identities hard to trace. The concept of Bitcoin, designed by Satoshi Nakamoto, was to deliver a framework to enable person-to-person transactions, where anyone can buy crypto without requiring an intermediary, such as a bank. This is very much the current status quo.
The reason behind it was to empower and give ownership to the user in the financial industry. This concept gave rise to the digital currency ecosystem we know today, one powered by decentralized mechanisms but whose anonymous transactions are abused for financial crimes such as money laundering.
KYC requirements for Web3 applications, such as a crypto trading platform, are extending under the pressure of global regulatory changes. To reach the required level of KYC compliance, crypto wallets, cryptocurrency exchanges, and other similar projects are integrating KYC measures including:
Document and Biometric Verification (Customer Identification)
Leveraging a state-of-the-art verification engine, eKYC services can authenticate a document in seconds. This process analyzes up to 25 data points in real-time, promoting an enhancement in scalability from manual verification.
Using a similar machine learning technology, biometric verification scans for liveness and any potential image spoofing in the KYC process. Utilizing Presentation Attack Detection (PAD) technology, this check builds 3D facial maps to analyze for liveness, pixel tampering, micro-expressions, and much more.
For more information on liveness detection, read ComplyCube Bolsters ID Verification with Liveness Layer.
Customer Due Diligence (CDD)
CDD ensures that crypto exchanges know what crypto transactions will likely be used for. This process goes beyond just establishing the customer’s identity but ratifies their profile against various vetting services including adverse media checks, AML monitoring, and watchlist and PEP screening. This is a vital step in assigning a customer a risk profile.
Ongoing Monitoring
Ongoing Monitoring of a client’s credentials is a further barrier to mitigating client risk. This process ensures that users are not likely to abuse financial transactions for malicious purposes by continually monitoring them against the same checklists as in the CDD process.
Crypto Assets Money Laundering Figures
Digital assets have become one of the leading contributors to laundering activities due to their anonymity. Net laundering volumes in 2022 were $31.5 billion, and in 2023 they were $22.2 billion. While this shows a reasonable response to the issue’s prevalence, these figures remain too high.
Net laundering volumes in 2022 were $31.5 billion, and in 2023 they were $22.2 billion.
Interestingly, the concentration of money laundered through the same 5 off-ramping services (platforms that facilitate monetizing crypto funds into fiat currency) has increased over the same time period, from 68.7% to 71.7%. This suggests that major crypto institutions require stricter KYC and AML processes to curb financial and related crimes.
Why the Crypto Industry Needs a KYC Process
As expressed above, the financial crime risks on crypto trading platforms and crypto exchanges are exceptional. This is one of the reasons the industry has received so much pushback in recent years. Proper KYC regulations, coupled with sufficient identity verification measures, will lead to reduced bad actors accessing crypto services.
However, further compliance regulations administered to the industry will require an equal response in AML, KYC, and IDV services. This is where KYC solutions provide a breath of fresh air to businesses’ crypto KYC efforts. Adhering to regulatory compliance in this industry is paramount to success for numerous reasons.
The fines surrounding AML breaches can be astronomical, as exemplified in 2023.
The competition is fierce, and there is always a competitor looking to take market share.
By its nature, crypto is leveraged for malicious activities. This means regulators always monitor businesses for shortcuts a business or project might have taken.
Even regulated exchanges are commonly abused for facilitating financial criminal activity and lead market reputation into disrepute. For this reason, most crypto exchanges are expected to significantly strengthen their KYC strategies over the coming years. This typically involves a mixture of document verification and biometric verification as a new client signs up and continuous monitoring of their risk profiles.
Regulations are Coming to Ensure Crypto Compliance
Cryptocurrency exchanges have had it easy, however. 2022 and 2023 witnessed an unfortunate plethora of scandals protruding primarily from supposed regulated centralized exchanges (CEXs). Certain CEXs were found to be contributing billions of dollars towards global money laundering efforts due to poor due diligence processes; these scandals put the industry in major doubt.
These scandals have led to a significant change in global attitudes towards crypto exchange KYC regulations. A PWC whitepaper suggests that all services relating to digital assets must be ready for harsher cryptocurrency regulations than the current ones.
However, it outlined that the timeframe for this would be hard to define. Crypto exchanges are hard to regulate; while they might be headquartered in one country, they will likely operate in multiple different regions, all of which take contradictory approaches to cryptocurrency regulation. This makes providing a suitable framework that can significantly reduce fraudulent activity and related criminal activity very difficult.
Furthermore, KYC processes can differ vastly from region to region, and even the most minute discrepancy in processes, such as ongoing monitoring logistics, can require different software workflows. This being said, as the industry evolves and matures, KYC compliance is likely to become more holistic across the world. However, like with any emerging industry, correct policies and regulations take time.
For example, a decentralized cryptocurrency exchange, such as Uniswap, acts as a P2P trading platform and requires smart contracts to facilitate trades. This makes it nearly impossible to analyze the user identities that leverage the platform from their crypto wallets. These non-custodial wallets, as well as their corresponding private keys, are a string of letters and numbers. This means it can be very difficult to prevent fraud and stop bad actors from endorsing scams.
The graph below demonstrates that while there was a significant reduction in cryptocurrency money laundering volume in 2023, the long-term trend from 2019 suggests that 2024 and 2025 could see another dramatic increase. This theory is supported by the expected wave of liquidity and users coming to the market over the next few years.
Why Crypto Exchanges Require KYC
Omitting KYC from cryptocurrency exchanges will dramatically increase the financial crime risk to which your platform is exposed. Crypto KYC strategies should not work against your business but should contribute towards the prevention of financial crimes. KYC processes should be a compliance enabler, ensuring businesses meet the required legal frameworks while creating a streamlined user experience with smooth customer acquisition solutions.
Failing to introduce KYC for crypto providers will:
Increase the risk of criminal activity: This will lead to reputational damage, offsetting numerous revenue streams that crypto exchanges typically enjoy, such as listing fees from new tokens.
Result in non-compliance with Anti Money Laundering (AML) regulations: Legal requirements must be adhered to. As seen in 2023, crypto non-compliance fees can be in the billions of dollars and hold the power to seriously threaten the ongoing operation of providers.
Generate unwanted attention from regulators: Exhibiting a weak KYC strategy will likely bring further attention from jurisdictional regulators. This is because it may seem a platform is purposefully not performing the required due diligence on users, facilitating the transfer of illicit funds, and leading to challenges in ensuring compliance.
Reduced trust: Now more than ever, crypto platforms require stringent KYC processes. Trust in the industry, or lack of it, has been the largest repellent of institutional investors. Platforms not adhering to AML regulations will likely get left behind in this fast-paced industry.
EU Crypto Regulations
The European Union has slowly introduced legislation regulating cryptocurrency exchanges and related industry platforms. In June 2023, it released a framework for Markets in Crypto Assets (MiCA), with a particular focus on the application of stablecoins. The policy will come into full effect in December 2024.
This regulatory framework has been established to ensure that regions inside the EU do not fall behind in the digital asset revolution. In January 2024, the EU Council issued new definitions around the types of institutions with a natural responsibility to safeguard the financial system against crime, money laundering, and terrorist financing.
“The new rules will cover most of the crypto sector, making all crypto-asset service providers (CASPs) conduct due diligence on their customers.”
Regarding KYC-specific regulations, the same ruling mandates that all transactions over the value of €1,000 must be subject to thorough due diligence measures. Crypto firms will only be able to adhere to these new regulations if they are partnered with an eKYC service that can perform these KYC checks at the scale demanded by users in the crypto space.
US and SEC Crypto Regulations
The SEC (Securities and Exchange Commission) has been the barrier to a thriving cryptocurrency ecosystem in America, rendering tough federal regulations on the industry. Chaired by Gary Gensler, the organization has been thwarting cryptocurrencies at every turn, labeling multiple key altcoins as US securities. However, while this has been the talk of the town for many years, the tide seems to have turned.
Today, the Commission approved the listing and trading of a number of spot bitcoin exchange-traded product (ETP) shares.
This exemplifies a major U-turn in federal American cryptocurrency policy and the attitude towards crypto compliance and regulations in the US. This suggests that further legislation will come into place as the year progresses.
UK Crypto Regulations
The Financial Conduct Authority (FCA) is currently limited to ensuring that crypto companies that operate in the UK are FCA-registered and adhere to the UK’s Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) legislation.
For years, the UK has been a hub of financial innovation, but the global cryptocurrency revolution threatens this status. The UK government has declared they are committed to making the UK a global hub for cryptocurrency innovation; developments in early February suggest they are sticking to this plan.
Staking and Stablecoins
The Secretary to the Treasury of the United Kingdom declared that legislation around staking and stablecoins should be expected within 6 months. This would put an expectation on August 2024 for conclusive policies around staking and stablecoins.
Global efforts in the cryptocurrency markets are only heading in one direction – towards a more regulated industry. Further regulation will serve to bolster the sector’s strength with fresh liquidity, fresh users, and increased revenues for services in the industry.
This, however, is a double-edged sword for crypto exchanges and related providers. Further regulation will necessitate more stringent compliance efforts, particularly in areas of AML, KYC, and IDV. These developments will make KYC solutions vital to the scalability of the industry.
Global Crypto Regulations
A Financial Action Task Force (FATF) report from 2023 found that global jurisdictions continue to be challenged with core regulatory requirements. These include enacting a risk assessment, and acting upon the legislation that regulates Crypto Asset Service Providers (CASPs). The report found that only 75% of jurisdictions only partially comply with FATF’s requirements.
This leaves a huge sector of the market whose regulatory compliance is not accounted for. The report also established that there had been a poor implementation, or none at all, of the Travel Rule in over half of the jurisdictions involved in the report.
All crypto companies must screen, record and communicate the information of both sender and recipient for crypto transactions that exceed $1,000.
The exact figure threshold varies from region to region. However, the FATF’s report suggests this policy is not being followed. This might stem from the complexity of the task, conducting enhanced due diligence on users, as well as monitoring their transactions, can be a laborious challenge.
KYC solutions, however, address this issue by automating the task in its entirety. Upon customer signup, a risk profile is created based on their KYC document information and background checks (CDD). This information is monitored in real time, meaning CASPs can investigate and perform timely due diligence on its users when there is a suspicious-looking transaction. For more information on the crypto travel rule, read The Crypto Travel Rule and the Need for AML Compliance Software.
Choosing KYC Crypto Programs
Crypto platforms now have a huge responsibility to safeguard the financial system. As crypto ecosystems grow year on year, more capital inflows are expected in 2024 and 2025 than ever before. Ensuring the customer acquisition process is optimized to help transition potential customers into active users and that the same process adheres to consumer protection standards is essential.
If your client acquisition process is proving a challenge to scale or if you are seeking solutions in AML, KYC, and IDV, get in touch with one of ComplyCube’s specialists today.
