What is KYC (Know Your Customer) in Crypto

Data protection in crypto exchange: what is verification?

As the cryptocurrency sector develops, it will not get far without close cooperation with regulators. Supporters of the primary ideology of cryptocurrencies related to decentralization and anonymity may not like this, but nothing can be done. The authorities do not want to tolerate a free tool at their side for potential money laundering and other criminal operations.

Almost all major exchanges are forced to implement a user identity verification procedure known as KYC, or verification. Getting to know the cryptocurrency exchange begins with account registration. Next, the user makes a deposit to start trading. At this stage, he learns that his account has reduced functionality - deposits and withdrawals are limited by strict limits. The exchange service offers to share personal data in order to identify the user. After this procedure, the limits will be increased, or other preferences will be provided, and the available functionality will also be expanded.

The KYC term came to the cryptocurrency world from classical stock trading and banking. KYC concept was used even before the crypt, for example, it is followed by absolutely all banks, as well as brokers, many payment systems and other companies focused on financial transactions. This is one of the stages of AML (anti-money laundering, anti-money laundering).

When a new client contacts a financial institution, the procedure for identifying his identity is launched. This gives the company the opportunity to assess the user's risk profile and the likelihood of committing financial crimes.

Various studies show that the verification process does not have to be complicated. The large volume of documents provided, lengthy verification and a huge questionnaire — all this will repel the average user.

The reasons why verification is important:

Helps to comply with anti-money laundering (AML) and bribery measures at the global level.
It serves to prevent the use of financial institutions (including unintentionally) for financing terrorism and other illegal purposes.
Companies can refuse to cooperate with a potential client who has a dubious past or present and thus avoid risks for themselves and for other users.

What is KYC and why is it needed?

So, KYC is a process that allows companies to make sure that their customers are really who they say they are, and they can be provided with financial services. This is a mandatory verification of the client's personal data by a financial institution or other company working with clients' funds.

Initially, the KYC requirements were developed by the Financial Crimes Enforcement Network (FinCEN) of the US Treasury Department.

KYC procedure assumes that customer identification is required for any transaction. Documents confirming the client's identity, such as a passport or other identification card, are used for verification. The set of data used in the verification procedure is set directly by the exchange platform.

In the current regulated environment, cryptocurrency exchanges must launch KYC procedures and develop internal policies regarding the risks they may face. The verification requirements may vary from platform to platform, but only slightly, and the essence remains the same. For example, different types of documents may be requested to confirm your identity.

Cryptocurrency in its meaning is a new means of financial exchange, even if it is not officially recognized as such. And therefore, it must meet the requirements of AML in order to achieve mass adoption.

Stages of the KYC

Before registering on any crypto exchange, you should find out about its KYC requirements, if it matters to you. Firstly, many crypto exchanges do not require mandatory verification, some actions can be performed without it. Secondly, certain documents may be required, the list of which varies depending on the site.

Currently, users of cryptocurrency exchanges usually undergo the KYC procedure at the registration stage. The number of required documents is significantly less than in the bank, and the procedure itself is simpler.

The main stages of the KYC procedure are data collection and verification. This also includes comprehensive verification and continuous monitoring of users.

However, most crypto exchanges adhere to the following procedure:

First name, last name.
Residential address – country, region, street, house, apartment. At the first stage, the address is simply indicated, without confirmation.
Identification card. This can be an internal passport of the country, a foreign passport, a driver's license or an ID card. It is necessary to provide in the format of a scan or a high-quality photo.
Contact information – phone number, email.
Photo. A selfie or a "live" facial check for compliance with the photo in the passport.

This is the first level of verification. But often there is also a second one where you need to confirm the address. For this purpose, utility bills are used, for example.

After downloading all the necessary documents, you need to wait for the administration to check them. This usually takes a couple of days. You will be notified of the results by email. If the verification is rejected, the errors that caused the verification to fail will be indicated, and you can try again. The number of attempts is unlimited, although there are daily request limits.

On crypto exchanges, this process serves three main purposes:

1. Customer Identification Program (CIP)

This is the first part of the KYC process, which consists of the collection and verification of customer data. Banks perform it during registration. The same thing happens when registering on a licensed cryptocurrency exchange.

2. Customer Due Diligence

The company performs verification after identification. Verification is carried out in order to confirm your identity. It involves additional verification of information about the client, so that the customer does not use obviously stolen credit card or identity document data.

At all licensed platforms, verification is carried out using special software that allows you to compare your photo on a document with your real photo, as well as prevent the use of someone else's or fake documents.

The more financial services the company provides to you, the larger the amount of your transactions, the more detailed the information about you will be studied. The company will seek to find out if you are an official, may request the sources of your income, and will also check your business reputation for compromising information, involvement in scam projects or financial fraud.

3. Risk assessment and monitoring

Constant monitoring ensures that customer data is up-to-date and allows the system to carefully analyze and track suspicious transactions that could potentially violate laws. In case of illegal actions, if your transactions are deemed suspicious, the exchange may suspend your account and report the transactions to regulatory and law enforcement authorities. Also, a reassessment of the client's risk may occur when changing or clarifying the personal data provided by the user during initial registration. The higher the client's risk, the more the user will be limited in functionality. For example, he cannot withdraw /deposit cryptocurrency funds above a certain limit.

What levels of KYC policy exist?

Different cryptocurrency exchange platforms have different customer verification policies. In terms of the level of depth of implementation of the KYC principles, they can be divided into three main groups.

Lack of KYC.
There are crypto exchanges that do not use any KYC procedures. Such platforms do not request identification documents, but may set other registration conditions.

Basic KYC procedure.
Such platforms require you to provide certain (limited) information about your identity. Such verification allows you to transfer real funds from a bank card to the account.

Complete KYC procedure.
Here, the cryptocurrency exchange usually requires you to provide a photo ID and/or a bank statement. In return, the user gets full access to all services related to cryptocurrency.

The basic KYC level allows you to perform all basic operations with cryptocurrency, and an advanced level is required when a client of the exchange wants to transfer a very large amount to an account.

International Regulation of Data Protection on Crypto Exchanges

There is no global regulation of the cryptocurrency industry. Different countries are developing their own rules and legislative norms. Nevertheless, many regulators, such as the G20 Financial Stability Board, the International Monetary Fund (IMF), and the U.S. Securities and Exchange Commission (SEC), are trying to develop common approaches.

In data protection of crypto industry, there are implemented General Data Protection Regulations (GDPR). They relate to data protection in the European Union (EU) states and have been in effect since May 25, 2018. The European Parliament and the Council of the EU have issued Directive (EU) 2018/843, known as the Fifth Money Laundering Directive ("5MLD").

In 2020, additional recommendations appeared, according to which crypto exchanges and custodial wallet service providers are required to comply with customer due diligence (KYC) obligations, risk assessment and tracking of suspicious activity.

The Directive entered into force on January 10, 2020. The European Union frequently updates legislation to combat the financing of terrorism and money laundering, and one of the latest major updates is AMLD5. It includes quite a few different changes, but let's focus only on those that are important for cryptocurrency exchanges:

Platforms must be registered with the financial supervisory authorities of the country to which they belong (for the UK–FCA, for Germany–BaFin, etc.).
All exchanges, crypto banks, wallets and other providers of cryptocurrency services must necessarily comply with the KYC/AML rules, since they are recognized by the same financial institutions, just like traditional banks.
Platforms should monitor every transaction and, if suspicious transactions are detected, report this to the authorities.
Platforms should keep a register of users and their cryptocurrency addresses so that the supervisory authorities can find out who owns the wallet at any time.

As you can see, the rules are maximally aimed at disclosing the confidentiality of cryptocurrency holders. According to the General Data Protection Regulations (GDPR), EU individuals and organizations are required to comply with the standards and techniques developed to ensure the security of customer data, in particular, KYC and AML (anti-money laundering). KYC and AML are used in the regulatory framework of a number of other countries, such as the United States and the United Kingdom.

What is the difference between KYC and AML

These two concepts from the world of cryptocurrencies are quite closely related and similar, but still have differences. Both terms were born in the United States of America - KYC in 2016, and AML back in 1989. First, let's again turn to the full KYC procedure, which is actually broader than just verification on the exchange.

KYC is a global customer database that allows to check the purity of transactions and transfer information about suspicious transactions to law enforcement agencies. Such activity is not just a form of KYC on the exchange's website for data collection. This is a comprehensive effort to protect the cryptocurrency community. KYC is only part of a global program to combat financial fraud.

AML is an anti-money laundering program conducted by one of the non-governmental international organizations. KYC and AML relate as part and whole. KYC can only be considered a process that was born during the implementation of the AML policy.

AML is a set of regulations that are developed by the FATF (Intergovernmental Commission on Financial Monitoring) and the IMF. The countries of the world are often linked by cooperation agreements, which allow the exchange of information about financial transactions. UML can be described as tracking suspicious activities of various companies. These include:

withdrawal of funds abroad and offshore;
work only for cash;
placement of money in several banks, financial transactions between different companies;
large purchases for cash and non-cash payments (for example, the purchase of shares or cryptocurrencies);
investing through affiliated companies (and other activities).

Counteraction is carried out by law enforcement agencies and various intergovernmental organizations. Today artificial intelligence is actively involved, showing the greatest effectiveness.

AML legislation is national in nature, and some countries do not comply with it at all. But usually, financial companies take into account the following requirements of the regulator:

customer identification process (KYC) — used in the banking sector, as well as in the work of crypto exchanges;
creation of reports on large financial transactions — the law requires notifying the regulator of significant transactions that exceed certain thresholds;
tracking suspicious activity and sending information to special authorities – if specialists of a financial institution or exchange notice strange transactions, the list of which is published by the supervisory authority, then they have an obligation to transfer information to law enforcement or the regulator;
compliance with sanctions requirements — various countries periodically impose financial sanctions, violation of which is considered unacceptable.

KYC and AML are primarily the responsibility of business to the state and customers. Compliance with the financial security policy allows you to minimize risks and save the funds of the principals.

AML is a wide range of measures. In fact, the KYC procedure, through which representatives of cryptocurrency platforms verify users, is part of the AML.
AML uses analytical tools: information on incoming and outgoing wallet transactions is analyzed, wallets are checked for involvement in phishing attacks or hacking of crypto exchanges, their presence on the blacklists of the Office of Foreign Assets Control (OFAC) of the US Treasury.
KYC is focused on verifying counterparties (cryptocurrency owners), whereas AML is primarily focused on verifying transactions.

Advantages and disadvantages of KYC and AML

There are both pros and cons to following KYC and AMD procedures.

The advantages include:

transparency of operations and compliance with legislation. Reducing the crime rate in money laundering and fraud;
improving the security of cryptocurrency transactions for users. The user is comforted by the knowledge that the platform is used by trusted customers like him;
simplification of the exchange of cryptocurrencies for fiat money.

The disadvantages include:

lack of anonymity of transactions;
risk of personal data leakage;
significant complication of the registration procedure.

In result of the AML procedure, an ordinary user may face blocking of an account on a crypto exchange if a crypto payment received by him legally (for example, purchased in an exchanger) was previously stolen by scammers. Verification deprives cryptocurrency of one of the key features — anonymity.

Despite the fact that KYC and AML reduce the number of illegal transactions, they can become an incentive for cryptocurrency owners to switch to anonymous decentralized trading platforms (DEX), which is a disadvantage for regulators and crypto exchanges.

The Impact of KYC on Cryptocurrencies

By requiring verification, the exchange strives to comply with the laws and other regulations of the jurisdiction in which it is registered and/or operates.

If law enforcement agencies independently notice illegal activity, the site may be held accountable for non-compliance with the rules of operation and even completely blocked.

On many platforms, it is possible not to undergo the verification procedure if the volume of trading or storage of cryptocurrencies does not exceed a certain level. This distinguishes crypto exchanges from the banking sector, where the KYC procedure is mandatory for all customers.

Bitcoin was created as an anonymous currency operating on the principles of decentralization. Transferring user data to a centralized exchange completely negates the ideas that were originally embedded in the crypt. Supporters of virtual coins believe that exchanges merge with law enforcement agencies into a single device that makes tokens look like a regular means of payment.

How many times have you heard about hackers stealing someone's money? KYC helps to avoid such incidents. A conscientious user strives to protect his account and assets, therefore he chooses reliable exchanges with a solid security system. KYC and AML complicate criminal processes by protecting ordinary users. Therefore, KYC is designed to streamline exchange trading, excluding fraudsters from the process.

Centralized vs Decentralized exchanges

In a sense, the verification requirement contradicts the key principles underlying the functioning of the blockchain cryptocurrencies – decentralization and anonymity of transactions.

The collection of personal information goes against the ideology of the crypto market. Nevertheless, deanonymization on it is becoming the norm. Deanonymization reduces the decentralization of the crypto market.

There are centralized companies in the cryptocurrency market, such as crypto exchanges or wallet operators, which have a legal entity, and they must comply with the requirements of the jurisdiction in which they operate.

Most centralized exchanges (CEX) require KYC procedures. On large platforms, problems for unverified users will begin when withdrawing funds. A number of centralized cryptocurrency exchanges do not require mandatory KYC when conducting basic operations.

There are still exchanges in the cryptocurrency market that offer anonymous work to clients. These are, for example, decentralized trading platforms (DEX).

Supporters of anonymity and decentralization can use exchanges without the KYC. For example, decentralized exchanges do not request information about users. Dyor App also does not require KYC.

To work with decentralized exchanges, you need a crypto wallet that supports the functionality of connecting to web 3 protocols. Neither such wallets nor exchanges require registration, identity verification and operate based on blockchain and smart contracts.

Learn more about Decentralized Storage: The What, Why, and How of the Future of Cloud Storage here and find out about the Decentralized Oracles: Bridging the Gap Between Blockchain and Real-World Data here.

What are the risks of buying cryptocurrencies without KYC

Some users of crypto exchange do not want to undergo verification because of fears of attention from tax authorities and leakage of personal information. Nevertheless, buying cryptocurrency without KYC also has its risks. These include:

higher risk of account hacking threat;
higher risk of total loss of funds in case of hacking.

Some cryptocurrency exchanges do not serve customers from the United States. This is because the United States authorities can investigate crimes almost all over the world, and also can punish the owners of a service that, while serving Americans, does not fully comply with American requirements. So, for non-compliance with the requirements in countering money laundering, services such as Chatex and SUEX fell under American sanctions. Therefore, those services that communicate with US citizens and their money must comply with all international standards in compliance.

For the same reasons, attackers launder illegally obtained funds, both in fiat money and in cryptocurrency, using those services where KYC checks are not as serious or are not carried out at all.

There are quite a few exchanges and exchangers that directly state that they do not apply KYC procedures. These services do not particularly publish information about the company behind the exchange, are registered in an offshore jurisdiction, but, most often, do not perform any transactions with fiat money. Or similar services do not allow unverified users to commit them.

Also, scammers actively use platforms where KYC is not conducted. Reado more about common crypto scams and how to identify them here. The main ways to "overcome" the KYC barrier is to purchase already verified accounts with linked cards. Such accounts are offered on specialized forums and telegram channels, including on the darknet. Another way of verification is the forgery of documents, the data for which can also be obtained from databases downloaded on shadow forums about the leak. Licensed companies, in most cases, promptly identify the use of such information and block accounts registered with it.

Conclusion

Although cryptocurrency regulation is a controversial topic, many experts are inclined to believe that crypto investors should welcome it. Increased regulation can increase stability in a notoriously unpredictable crypto market.

On the one hand, this service violates the principles of anonymity and decentralization, which are so dear to crypto enthusiasts. On the other hand, KYC allows you to exclude scammers from the trading process and streamline it. Verification protects funds, which is much more important for honest cryptocurrency lovers who use them exclusively for legal purposes.

For cryptocurrency exchanges, reputation is of paramount importance, since investors and traders entrust their funds only to trusted counterparties. Although, as mentioned earlier, Dyor does not require KYC, we are a secure crypto app. The safety of our clients is our number one priority and we are working hard to make sure that we minimize risks.