Over the last several years, global regulators have been taking turns to bring crypto exchanges, companies, and other entities broadly categorized as Virtual Asset Service Providers (VASPs) into the regulatory fold of the broader financial industry.
We’ve already written extensively on how the Financial Action Task Force (FATF)’s Travel Rule guidance expanded last year to include VASPs, and how the EU’s Fifth Anti Money Laundering Directive (5AMLD) and the US’ Banking Secrecy Act (BSA) have all been amended to include specific reporting requirements for VASPs.
The rising popularity of cryptocurrencies, both as a means of value exchange, as a tool for fundraising, and more recently for use in systems such as Decentralized Finance (DeFi), has resulted in a need for regulatory evolutions to existing AML laws.
The reasoning for this boils down to two basic factors:
1. The ability for cryptocurrencies to be used by criminals and terrorists for money laundering and other illicit activities, and
2. The need to regulate – and ultimately tax – the increasingly substantial volumes being exchanged through virtual assets.
Crypto Exchanges: The Logical (and Easy) Target for Regulators
Crypto Exchanges are one form of VASP that has been especially targeted by regulators armed with expanded AML legislation.
This is due to a number of reasons:
1. Crypto exchanges are a (usually) publicly-accessible conduit for the trading, purchasing and selling of cryptocurrencies and fiat currencies, and as such are the logical entities for regulators to obtain information on transactions from.
2. Exchanges can be easily compelled to adhere to regulations and tax reporting as they tend to require access to the broader financial system, in order to liquidate the cryptocurrencies they trade, and the fees that constitute their main revenue streams.
A cornerstone of AML regulation is KYC. KYC checks allow financial institutions, VASPs and many other companies to understand and corroborate the identity of the persons or entities they are doing business or transacting with.
KYC can be considered the first and most important step in establishing the risk level of the person or entity a VASP is dealing with, allowing them to make informed decisions on whether they want – or legally can – do business with them.
A KYC process normally begins by acquiring Personal Identifiable Information (PII) from a potential customer/user that includes personal data such as name, date of birth, country of residence, and address. This information can be verified through a number of different methods, including personal calls, submission of ID, and checks of government databases.
However, undertaking the KYC checks required in order to be compliant with new regulations has not been a simple – or easy – process for many crypto exchanges.
The KYC compliance challenges facing Crypto Exchanges are substantial. Many exchanges were established at a time when global AML regulations had not been adapted to include VASPs, and as such did not establish adequate KYC compliance infrastructure, both from a technical and a human resources perspective.
Establishing new or more robust KYC compliance departments can be costly and time consuming. And actually registering a VASP business with the required regulatory authorities can also be complicated.
The challenges facing crypto exchanges for implementing the required KYC checks can be especially heightened if and when they attempt to carry out their KYC checks through non-automated processes, which usually involves having KYC officers personally checking and verifying every onboarding application they receive.
As a result of these issues, the majority of crypto exchanges continue to lack adequate KYC infrastructure, falling behind the regulatory requirements they are legally bound to comply with.
Crypto Exchange Compliance: Widespread Deficiency
According to recent research from CipherTrace, the problems are deep and extensive: from 800 “decentralized, centralized, and automated market maker exchanges” surveyed, around 56% of them “did not follow KYC guidelines at all”.
The number rises to 60% for European crypto exchanges, despite the region having some of the toughest regulatory requirements of the world. When assessing overall KYC compliance, CipherTrace found that 85% had a “frail KYC framework” in place.
Beyond this posing a regulatory risk – that exchanges with inadequate KYC processes might face sanctions or fines – this situation also poses a very serious risk that exchanges will be exploited by criminals or terrorists, potentially implicating exchanges in criminal activity, and leaving them morally complicit in the destructive effects that activity might have.
Conversely, there are also significant competitive advantages to having robust KYC processes in place (beyond minimizing vulnerability to legal sanctions or exploitation by criminals). These include providing a front-line defense against hacking, to building more trust with customers and regulators.
The Solution: Automated KYC
By employing Automated KYC technology, crypto exchanges can optimize their KYC processes so that they only need to allocate a minimal amount of their human resources to the execution of KYC checks.
Automated KYC tech can realize important functions:
1. Implementing automatic verification of selfie images and biometric data.
2. Automated risk scoring based on a wide range of parameters, such as nationality, residency, age, sanctions lists and Politically Exposed Person (PEP) status
3. For Corporate KYC: automated searches of global corporate registries for UBOs, directors and shareholders of companies
4. Continually monitoring onboarded customers for any changes in risk status
By providing these functionalities, automated KYC tools such as KYC-Chain bring clear benefits to crypto exchanges seeking to improve their compliance credentials.
Added to that, these functionalities can all be realized in a way that does not require the actual transfer of personal data from an individual to an exchange, neutralizing the risks posed by data breaches. KYC checks can also be carried out instantaneously, allowing for customer onboarding in a matter of minutes, and not days.
And perhaps most importantly, automated KYC tools allows crypto exchanges to continue remaining compliant with AML regulations, as they evolve and change, without the need to upgrade their own compliance systems and protocols.