Have You Ever Wondered What Really Goes into KYC/AML?
For anyone who’s ever created an account on Coinbase, Gemini, or any other large cryptocurrency exchange, you’ll have carried out basic KYC/AML practices. In fact, anyone who has a bank account (unless it’s an offshore one) has complied with Know Your Customer and Anti-Money Laundering protocols to some degree or another.
Just because your bank didn’t ask you to upload a selfie with your ID card doesn’t mean they haven’t checked your background. But what really goes into KYC/AML? What’s the point of it and–more importantly–how many cryptocurrency exchanges are actually playing by the rules?
What Is KYC/AML For?
As the FinTech and cryptocurrency sectors continue to grow, so does the need for fighting financial crime. This means preventing money laundering and other illicit activities such as financing terrorism. Cryptocurrency exchanges and blockchain companies holding legally compliant token offerings must hold their customers to test.
The association of cryptocurrency with criminal activity is still very real. And in fact, it’s much more than an association. Cryptocurrencies like Dash and Monero still allow for customer anonymity, which obscures the origins of the funds. This means that if the funds come from a money heist, drug deal, or other criminal operation, no one would know.
Moreover, money launderers can transfer an unlimited amount of funds using cryptocurrency. Transferring more than $10,000 through US banks gets reported. This naturally makes cryptocurrency alluring to criminals looking to bypass traditional financial rails and shield themselves from regulators.
Know Your Customer and Anti-Money Laundering is used to avoid exactly this type of criminal activity. Companies have a moral, and increasingly legal, responsibility to ensure that their customers are not involved in criminal activity. In fact, when the EU voted on stricter KYC/AML practices for cryptocurrency exchanges in April of this year, it was to end the anonymity associated with them.
According to the new laws, cryptocurrency exchanges and wallet providers must introduce due diligence controls on their customers. This includes more than just a cursory identity verification check. In the future, all types of crypto businesses will have to register to be able to offer a regulated exchange and payment services within the EU.
Cryptocurrency Exchanges Are Failing at Compliance
According to research by P.A.ID Strategies commissioned by Mitek, a massive 68 percent of wallet providers and cryptocurrency exchanges in the US and EU fail to conduct a formal identification on their customers. This means that over two-thirds of all these businesses do not meet the requirements of the new regulations under the updated EU anti-money laundering directive.
The main goal of the study was to assess the existing KYC/AML procedures for onboarding new users. Of the 25 companies examined by the digital identity verification solutions provider, the majority failed to meet regulatory requirements. In many cases, they aren’t performing the necessary identity verification checks against official documents or persons listed with political exposure.
No audit trail or sanctions screening is carried out to trace criminal activity, either. In many cases, a verified email address and mobile phone number were enough to sign up for the exchanges and wallets.
What Really Goes Into KYC/AML Then?
It’s not enough to know that the people using your services are humans and not bots. Or that their mobile phone and email actually belong to them. Cryptocurrency exchanges need to know whether the customers they are onboarding have a criminal background or not. Have the been sanctioned? Are they on some kind of watch-list? Do they have any levels of political exposure?
The amount of data that all these questions generate is almost incomprehensible. And, back in the dark days, traditional KYC/AML involved extremely lengthy manual processes.
These were entirely subject to human error and speed limitations making them entirely inefficient. They also involved lengthy delays. No customer wants to wait for two weeks or more to get verified and start trading while some desk clerk sifts through newspaper clippings.
Since the new directives in the EU and in light of research showing that companies are falling behind (and will soon be against the law), they need to find a better way to comply. An efficient and compliant way of analyzing masses of data on millions of people fast.
KYC/AML Using Automation
Big Data has been around for a while now. Not just for marketers targeting smarter offers to their clients, but for making KYC/AML more efficient. But even large financial institutions don’t handle their own KYC/AML. They’re specialized in financial services, after all, not in detective work. The same applies to cryptocurrency exchanges.
Companies like P.A.ID Strategies, ComplyAdvantage, and Ativio make use of machine learning and AI to provide their clients (exchanges, custodian wallet companies, banks) with the info they need in real time. By using machine learning, they can quickly identify trends and patterns, uncover issues that could be a red flag, and deliver a reliable customer profile to allow fast onboarding.
Identifying Different Levels of Risk
There is such a thing as too much information, especially when it comes to a cryptocurrency exchange or a bank. For example, knowing that your customers are not gang mobsters, terrorists, or tax evaders is probably sufficient enough. You don’t need to know that they have a DUI from their college days against their name.
That might not be the case for a political campaign, however. After all, if a candidate is applying to hold office, they need the most extensive screening available. This is where KYC/AML using AI gets really smart, by categorizing levels of risk. There shouldn’t be anything stopping you from investing in an ICO if you got drunk and danced on a tabletop, making page 12 of the local press. But it might put off Republican voters in the Southern States.
KYC/AML using AI can also reduce the amount of false red flags involved in customer screening that stop onboarding unnecessarily by identifying levels of risk correctly.
As regulation steps up around the world, in the US and EU in particular, cryptocurrency exchanges, wallet providers, and other blockchain companies are going to have to play ball. Soon it won’t be a case of failing to meet the standard, it will mean they’re operating illegally.
On June 21, the FATF, a global banking organization will release updated guidelines...
On June 21, the FATF, a global banking organization will release updated guidelines regarding crypto, and it could potentially wipe out some companies.
ABOUT THE AUTHOR
ABOUT THE AUTHOR
Christina is a B2B writer and MBA, specializing in fintech, cybersecurity, blockchain, and other geeky areas. When she’s not at her computer, you’ll find her surfing, traveling, or relaxing with a glass of wine.