Across markets, legislators are tightening their regulations on the crypto industry. In June 2021, the US government agency FinCEN announced that crypto was an AML/CFT priority as part of its efforts to counter corruption, cybercrime, and terrorism, and fraud. By last month, FinCEN had issued a total of $2.5 billion fines on crypto companies since Bitcoin was introduced. That means that crypto platforms will need to need to implement Know Your Customer (KYC) processes to stay ahead of regulations and fines.
Implementing robust KYC procedures helps businesses become compliant and avoid fines, and can build trust with end users and investors who may be shaken by fraud. Companies that implement solid KYC processes in line with international standards can also can stay ahead of the pack and expand their market reach as crypto grows more mainstream. Passbase client AVA Labs, for example, performed KYC for their Avalanche blockchain protocol ICO and raised $42 million within 4.5 hours of their public sale, with participants in over 100 countries.
In this guide, we will walk you through what KYC is, how it is relevant for crypto businesses and what product teams need to know to implement it.
Do traditional banking regulations apply to crypto now?
Traditional banks and obliged entities, such as gambling and insurance, are governed by a comprehensive set of global financial regulations to prevent money laundering and fraud. The Financial Action Task Force (FATF) sets international recommendations for AML regulations that member countries can design regulations around.
Bitcoin and other digital currencies emerged outside of these institutions, and countries have responded in different ways, from a total ban to no regulations. Many countries, however, have passed at least some crypto regulations by now, and while crypto companies may not be subjected to the same set of rules as banks in many markets, they are increasingly required to trace money and demonstrate security for end users to prevent fraud and money laundering.
Which companies in crypto are regulated?
Early regulations in the crypto industry have revolved around cases, but now regulators are taking broader approaches. For example, companies performing ICOs in various countries are now treated as securities and must comply with related regulations. The EU’s AMLDs now subject crypto services to the same requirements as other “obliged entities” including banks. This has made it difficult for companies to keep up with regulatory changes in different markets. To add complications, countries can use different terms. Below are terms that the FATF and regulators in the US and EU have used that are related to the crypto industry:
- Virtual asset service providers (VASPs)
- Crypto-assets service providers
- Convertible virtual currencies (CVCs)
The above definitions could include everything from DeFi exchanges (where creators are liable) and centralized exchanges to NFTs and platforms with virtual currencies for creators. Crypto’s ability power business models at the intersection of different industries means that companies are faced with a complex set of regulations, such as digital to fiat transactions are seen as financial transactions or gambling regulations might affect companies involved in eSports betting, and many more.
The best way to navigate these complexities is to get a firm understanding of AML regulations and perform KYC checks that meet them while also factoring in customer relationships.
Why does Anti Money Laundering (AML) matter for crypto companies?
In order to meet AML regulations, businesses need to do CDD whenever they enter a business relationship with a person or entity. These regulatory measures are aimed to help protect both businesses and their customers from fraud, unwittingly financing terrorism, or facilitating money laundering. AML efforts usually include:
- Verifying the identity of your customers (KYC)
- Monitoring transactions
- Reporting suspicious activities
The scope of regulations has been continually expanding to include a larger number of industries, offenses and requirements to keep up with the increasing number of services available online. To find out more about how AML affects digital businesses, you can read our overview or download our AML Guide.
What are KYC requirements for crypto?
A company in crypto or handling virtual assets may now have to meet AML/KYC compliance requirements to the same standard as the traditional finance industry. KYC refers to knowing the true identity of a customer when a business performs the necessary customer due diligence to meet regulatory AML/CFT requirements. In the US, this is usually referred to as a customer identification program (CIP) and the following information has to be collected and verified:
- Date of birth
- Identification number, such as a social security or national ID number
In order to verify this information, a company needs to their customers go through an identity verification process. In it, an end user’s government-issued photo ID is verified for authenticity and then it is made sure that the person who submitted the data is actually the one requesting the transaction.
Getting started on KYC for crypto companies
Collecting the necessary information to meet KYC compliance requirements adds a step to user onboarding or transactions. However, this can now be done quickly (in some cases under a minute) when companies integrate identity verification service providers. In order to fulfill KYC requirements, your digital identity verification should include:
- ID document verification: A government-issued ID is vetted for authenticity and then cross-checked with watchlists and databases.
- Biometric authentication: The technology uses a selfie for facial matching with the ID document, thus verifying that the person sitting in front of the screen is who they say they are.
- Liveness detection: A test, such as solving a reCAPTCHA or submitting a video selfie that responds to real-time instructions, ensures that an actual person is present for the transaction.
By choosing an external provider instead of building an in-house solution, you can separate identity verification from other business processes and thus reassure your users that their information will be used for the sole purpose of completing the verification. A specialized provider will also be able to provide high security standards that are regulation compliant.
There is no single identity verification service that fits every business need. However, companies that are assessing providers should pay attention to the following factors:
- Speed and accuracy: With modern solutions, users can verify their identities in less than one minute and complete their onboarding or transaction. Solutions that combine artificial intelligence (AI) with manual checks are the most reliable. A reputable provider will likely not claim to be 100% accurate, but instead, be transparent about their verification methods or scoring.
- Ease of integration: Make sure the provider offers a variety of integration options (such as iOS and Android, web, server-side, API access or webhooks). This way, your developers can quickly test how a verification flow can work within your product and make an informed decision about what fits your tech stack.
- Usability: The service should be easy for an end user to follow with a quick document scan and selfie with a smartphone or webcam. Having a unified dashboard should make administration for your team as easy as possible.
- Customizations: Choose a provider that lets you easily create your own verification flow based on your needs. Options to look out for include choosing the types of additional documents, your own logo, colors, copywriting, and setting logic such as the acceptance threshold or whether to allow selfie logins and documents to be resubmitted.
- Market coverage: Check which documents, countries, and languages are supported. The total number of ID documents supported may not be as meaningful as the specific types of documents that your business requires in your specific markets.
Whether you are focusing on a single market or aiming to serve global customers from day one, building identity verification and KYC into your product that meets global regulatory standards will help you future-proof your business while also building convenient features for end users.
Passbase provides a convenient way for crypto businesses to perform KYC checks through identity verification. You can integrate Passbase into your platform via the Passbase API or with SDKs for iOS, Android, and web.