What is KYC and why is it important for crypto exchanges?

Despite recent volatility in the cryptocurrency market, 420 million people globally still access their services. As a result, governments worldwide are exploring how to regulate and integrate crypto exchanges into the financial system. This is creating new customer verification and monitoring requirements that are essential for firms to onboard customers and do business with other financial institutions, such as banking partners.

However, because cryptocurrencies are cryptographically secured on their blockchains, transactions between users are generally anonymous and take place in seconds. The speed and anonymity of cryptocurrency transactions creates an attractive opportunity for criminals seeking to evade conventional anti-money laundering and countering the financing of terrorism (AML/CFT) controls. Research shows that illicit cryptocurrency transactions totaled around $20.1 billion in 2022 – a rise from $18 billion in 2021.

With global regulators paying closer attention to cryptocurrency transactions, it is more important than ever for crypto exchanges to address their AML/CFT compliance responsibilities. In particular, crypto exchanges must address the anonymity concerns associated with cryptocurrency transactions by implementing suitable know your customer processes to understand who their customers are and how they use their services. 

What is KYC? 

The know your customer (KYC) process requires financial institutions to identify and verify their customers’ identity and work to understand the nature of the business in which they are involved.

The conventional KYC process consists of a range of due diligence measures, along with ongoing screening and monitoring as customers engage with the services that a particular firm offers. KYC is important in financial contexts because criminals employ various strategies to evade AML/CFT controls. By building a rich and accurate risk profile of each customer, financial service providers are much better equipped to detect customers misusing their services and prevent crimes like money laundering and terrorism financing. 

What does KYC look like in crypto exchanges?

KYC can be a complicated compliance challenge for crypto exchanges. This is because firms need to work harder to establish customer identities using their digital services and understand the details of the transactions they are facilitating. 

Risk-based compliance 

Following Financial Action Task Force (FATF) recommendations, crypto exchanges should adopt a risk-based approach to KYC compliance. Risk-based compliance requires firms to perform risk assessments of individual customers and then implement a proportionate AML/CFT response. If an assessment finds that a customer is high-risk, the crypto exchange should deploy more intensive compliance measures instead of simpler measures for low-risk customers. Risk-based compliance enables crypto exchanges to deploy their AML/CFT resources more efficiently while protecting customers from negative experiences as far as possible. 

What is the KYC verification process for crypto exchanges? 

Step one: Collect basic information

When onboarding a new customer, exchanges must first collect basic identifying information about the customer. Ideally, firms should use digital customer due diligence (CDD) tools to capture and record the relevant data efficiently and accurately – while minimizing the potential for human error. The basic customer data required for the KYC process includes: 

• Names
• Addresses
• Dates of birth
• Social security numbers

The information collected at this first stage of the KYC process will inform a subsequent risk assessment and define the exchange’s AML/CFT compliance response.

Step two: Verify customer data

Crypto exchanges must ensure the data they collect as part of their KYC process is accurate and up-to-date. To do this, firms should corroborate the data with official documents such as driving licenses, passports, and birth certificates. 

Similarly, once firms have obtained identifying data, they must screen it against official lists, which may affect the customer’s risk profile. These include: 

• High-risk jurisdictions
• Global sanctions and watch lists
• Politically exposed persons (PEP) lists
• Criminal registries, including lists of participants involved in bribery and corruption

Step three: Assign a customer risk rating

The information collected and verified represents the foundation of a customer’s KYC risk rating. The risk rating is a calculation considering various factors, including the likelihood that an individual customer is involved in financial crime and the wider operational compliance risk that a firm faces.

In countries that mandate a “risk-based approach” to AML, firms should assign a KYC risk rating by performing a risk assessment of each customer. When assessing a high-risk customer (such as a national politician or senior government official), firms should deploy more intensive AML/CFT measures, including enhanced due diligence (EDD), source of wealth inquiries, and negative news searches. By contrast, lower-risk customers (such as an individual who has been a customer of the exchange for many years conducting low-value transactions) may be subject to simpler AML/CFT measures. 

Step four: Ongoing risk review

If the exchange deems everything is in order, the new customer may begin participating in certain activities. However, KYC is not a one-and-done practice that is only performed at the beginning of a customer relationship. An ongoing risk review must occur to keep up with any changes to a customer’s risk profile. Ongoing transaction monitoring is one such way of checking whether customers’ financial behavior meets the expectations of their risk assessment.

A Guide to AML for Crypto Firms

Build a best practice AML program for your crypto firm and stay ahead of the latest regulatory trends with this guide.

Download Now

Benefits of using KYC for crypto exchanges

Like other regulated entities in the financial space, crypto firms must perform identity verification checks and KYC measures to establish and verify the identity of their customers. But in addition to meeting compliance requirements and avoiding noncompliance penalties, what are the benefits of implementing robust KYC measures in crypto exchanges?

Reduce the chance of legal disputes

Since the crypto regulatory landscape is far from settled, firms are experiencing continually evolving legal expectations. By raising the bar and demonstrating a high level of KYC compliance, crypto exchanges can mitigate the risk of legal challenges and show regulators they are engaged and committed to ensuring compliance as international laws change.

Increase customer trust and transparency

Customers and banking partners are more likely to trust a crypto exchange that is proactive and thorough in establishing and verifying customer identities, as it demonstrates the firm is serious about knowing who it’s doing business with. Without robust KYC measures, customers may not feel as safe or comfortable using that particular service, and other financial institutions such as banks will not want to put their own reputations at risk.

Strengthen the stability of the crypto market

The crypto market is more volatile than other markets due to factors such as anonymity, market voltatility, intensive media scrutiny, and supply and demand. Exchanges that include enhanced identity verification measures as part of their KYC checks help stabilize the market and instill confidence among investors. 

Mitigate the risk of money laundering scams

Vigorous KYC checks can mitigate the risk of money laundering and fraud as criminals are less likely to use that service to place or layer illicitly-obtained crypto. Essentially, the stronger the identification and verification controls, the bigger the deterrent for fraudsters. 

Crypto exchange KYC risks

KYC compliance in the cryptocurrency space is complicated by an evolving regulatory landscape and relatively novel criminal methodologies. Accordingly, cryptocurrency exchanges should be aware of the following vulnerabilities and risks when developing and implementing their KYC solution:

• Anonymous transactions: Cryptocurrency exchange transactions offer money launderers a degree of online anonymity. Accordingly, exchanges should seek to inform their identity verification process with digital controls, including obtaining biometric customer information such as face, voice, and fingerprint scans. 
• Transaction speed: Cryptocurrency funds can be moved between accounts in seconds, often outpacing AML/CFT controls. Exchanges should ensure their own AML/CFT checks and monitoring processes are completed before funds are transferred to user wallets. 
• Structured transactions: Money launderers may attempt to evade reporting thresholds by structuring their transactions in small amounts across multiple accounts. Crypto exchanges should ensure their controls prevent the creation of multiple accounts and share information with other financial service providers to detect and prevent structuring strategies. 
• Money muling: Money launderers may seek to further exploit the vulnerabilities of cryptocurrency transactions by coercing or incentivizing third parties – known as “money mules” – to engage with crypto exchange services on their behalf. Exchanges should work to detect money mules by performing suitable due diligence and identifying customers whose profiles do not match their wealth or expected financial behavior.

Negative customer experiences: Beyond the regulatory risks, crypto exchanges with inadequate or unsuitable KYC procedures also risk negatively affecting their customers’ experience of their services. Under a risk-based approach, KYC enables exchanges to build detailed risk profiles – and subsequently adjust their AML/CFT controls to suit individuals better. With that in mind, effective KYC is a way to optimize experiences for lower-risk customers, ensuring service speed and efficiency where onerous AML/CFT scrutiny is not required.

Crypto transactions without KYC

Can someone buy crypto without KYC?

While cryptocurrencies offer more privacy than fiat-based currencies, some users prefer to leave no digital footprint at all. In these cases, users may opt to buy and trade crypto on a no-KYC exchange. One popular way to buy crypto without KYC is through peer-to-peer (P2P) trading, which simply connects buyers and sellers to one another without interfering with their transactions. 

What are the risks of purchasing crypto without KYC?

Many money laundering risks come with purchasing crypto without KYC. In P2P trading, for example, due to its convenience and speed, criminals can more easily engage in structured transactions and deepen the legitimate appearance of illegal funds. The ease of cross-border transactions also poses a large threat, as fraudsters may exploit differences in regulatory standards. The logistical challenge of tracking illegal funds across jurisdictions may also make it more difficult for financial authorities to carry out money laundering investigations.

Because of the risks involved, no-KYC exchanges are viewed as illegal in some countries. For example, the US, South Korea, and Canada require all legitimate crypto exchanges to collect KYC data from their customers.

Do crypto wallets need KYC?

There are two types of crypto wallets: custodial and non-custodial. Custodial wallets are held by a third party, known as a virtual asset service provider (VASP), and contain the private keys to a customer’s wallet. Because VASPs are regulated as financial institutions, only custodial wallets must comply with KYC measures. Non-custodial wallets are self-hosted and therefore do not require KYC.

How can ComplyAdvantage help?

AML/CFT compliance regulations require crypto exchanges to collect, analyze, and store vast amounts of digital customer and transaction data. To manage that obligation, crypto exchanges should seek to integrate a suitable AML software solution. In addition to automated speed, efficiency, and accuracy, software solutions help firms add depth to their KYC procedures and build out richer, more detailed risk profiles for their customers. Some necessary solutions include:

• Transaction monitoring: Exchanges should monitor their customers’ transactions on an ongoing basis, paying special attention to signs of criminal activity – which may include unusual transaction patterns or transactions involving high-risk customers and locations. 
• Screening: Exchanges must screen their customers to ensure that they are not subject to international sanctions or that they are a PEP and, therefore, at higher risk of being involved in money laundering. 
• Adverse media: Customer risk profiles may be informed by adverse news stories before the same information appears in official sources. Exchanges should screen on an ongoing basis to detect customer involvement in adverse media. 

Utilizing automation

Automated KYC processes help crypto exchanges remain agile in a rapidly changing regulatory environment. As new criminal methodologies emerge and governments implement new cryptocurrency legislation, KYC software may help exchanges adapt to their regulatory environments and make important risk-based decisions quickly. Similarly, with the benefit of machine learning systems, exchanges may perform deeper levels of analysis on historical data to reveal unforeseen vulnerabilities or unexpected diversions from expected financial behavior.