KYC/AML — Must Read For Fintech Entrepreneurs (Crypto or non-crypto)

Users are used to convenience and speed; if you can deliver compliance and great user experience, you’re ready to beat the final boss of Fintech.

Beating the final boss in Fintech isn’t easy. But it must be done.

We recently announced our excitement in helping solve this puzzle for a lot of teams getting into the crypto ecosystem.

After working with a lot of different entrepreneurs, I felt there could be a huge amount of benefits from sharing what we’ve learned over the past 5 years working in Bitcoin. Going to just dive right into it for you!

“KYC/AML — What is the point?”

Know Your Customer (KYC) & Anti-Money Laundering (AML) are done so that the way money is used, and who’s using it can be monitored by government agencies who are trying to catch people doing things that they don’t want them to do. Regardless of whether you’re for or against that, if you’re operating in their geography, you’re forced to play by their rules. Different geographies are going to have different levels of what they want to see. Generally speaking, U.S. compliance is typically the toughest. That being said, at least in crypto, the U.S. has insanely lower numbers for money laundering through crypto when compared to Europe. (Heard that in this episode of the Unchained podcast; it’s a good listen, and Elliptic is a really solid team!)

“KYC/AML — They’re basically the same thing, yeah?”

Nope. KYC is when you’re entering in details on your address, uploading your passport, etc… Trying to verify as best as possible, that the person behind the keyboard is the same person in the photo on the uploaded documents. Simple software solutions exist that a lot of platforms use and are super easy for devs to bake into their sign-up flow! Things like OnFido/Jumio, if you see them it’ll probably ring a bell!

AML is the bigger punish of the two… So you know when you go to a platform and they show the pop-up where you choose your bank to login?

You know why that exists? Well there are two reasons… One is to make a slicker user experience for you as the end user. The second is that, the data on your account can be verified programmatically and then fed into an algorithm to determine if there’s further investigation required (manual review).

“What’s an example of that though, I don’t get it?”

Let’s say you sign-up to some Fintech service and connect your bank. You finish the on-boarding flow and it says that your account is sitting in Pending, but your friend got approved straight away… An ultra simple example could be something like looking for amount of money received, versus the amount of money sent.

If a user signs up who has: Received more than $10M into their bank account in the past 30 days. Sent more than [≥$9.9M & ≤ $10M] from their bank account in the past 30 days. Update account status to “Pending”.

If you’re receiving $10M and paying out $9.9999M then it looks a lot like you’re some sort of middleman. A middleman who charges $1 for their service. If you did not connect your bank account with a login, the alternative is usually uploading a bank statement. Same idea, just more time-consuming and usually a pain for the end user.

So what? That’s not a problem? I should be able to do what I want with my money… You don’t have to tell anyone, I won’t either! Sweet?

In crypto, for example, brokerages and exchanges are governed by FinCEN (Financial Crimes Enforcement Network). What that means is that the companies you’re signing up to will be obligated to detect and report what is deemed suspicious activity, or potentially unregistered money service businesses. So if things are flagged, then reviewed, and they’re still looking suspect, then usually you’ll have some sort of reporting obligation depending on the circumstances. If you’re not a registered MSB with FinCEN, then you don’t have to spend the time/money reporting things like that… But whether or not you would be classified as one, I’ve got no idea so don’t go using this as some weird legal opinion or advice, etc…

Now there are times where people might be doing something personally with small margins, e.g. arbitrage trading, and that’s not a problem… But usually that is what the manual check is there for. It helps in trying to give the end user the best chance of using the service etc…

“Makes sense — sort of… But all that aside, why can I send money on Venmo, but buying Bitcoin requires so much more information like selfies, video of authorization, signed/dated written note, blood sample, first born, etc…”

The main thing to know is that almost every single exchange, brokerage, payment startup in the space; wants to take the minimal amount of information permitted that would allow them to operate compliantly in their jurisdiction. I don’t know about you guys, but even browsing Reddit and having some random .gif take longer than 2 seconds to load, I immediately get agitated. End users are spoilt, so catering to the expectations already set by other services is obviously best for business. Although…

The main thing is that with Venmo, the only place money can go is either within Venmo (pay it to your friend), or into a personal bank account (withdraw from Venmo).

With credit cards and ACH (US local bank transfer network), they carry risk because Venmo takes the payment, but also the associated risk with it. Risk meaning that you are depositing money to the platform and you can initiate a chargeback/reversal if you had your card stolen and it wasn’t you.

“So? You still haven’t answered my question… Buying Bitcoin, why am I practically having to provide a blood sample? I’m only trying to buy $500”

Well the company on the other side has people like you that are just as hyped to buy the dip, and then they also get people with stolen credit cards, fake passports, etc… They’ll come and use some other person’s information that they got access to (passport/bank login/credit card number/social security) and then they’ll impersonate that person all the way up to buying Bitcoin and then, this is the clutch part… They can send Bitcoin to wherever they want, and nobody can reverse the payment. With Venmo, Venmo can call up the bank and tell them to roll the payment back if they’ve got enough supporting information, or contact the credit card company, etc…

Ahhhh, ok. I get it. So Bitcoin is not reversible, but others can be?

Basically, yep. For the U.S., this is what you’re up against.

Credit Card Payment — Up to 90 days to reverse a charge on your card

ACH (Individuals) — Up to 60 days to reverse a charge on your account

ACH (Businesses) — Up to 5 business days to reverse a charge on your account

So if you’re a brokerage selling Bitcoin, you’re rolling the dice a lot more than if you’re Venmo. When someone buys Bitcoin, you want to really really REALLY be sure that the person behind the keyboard is the person uploading the documents and using the credit card.

Coming around full circle to your original question, this is why a lot of services demand so much information. Because not only are Bitcoin platforms huge targets for hackers, they’re also massive targets for fraud. When a payment is reversed, as the brokerage you get an opportunity to enter a dispute process (which costs like $15 per hit, plus time/effort/etc…) and call BS on the claim. So brokerages make sure they’ve got as much supporting evidence as possible, so they win against someone attempting to say they never bought it, or something like that…

Sadly, sometimes you can even provide all the information and STILL lose. Completely nonsensical system at times. #Hodl.

Ok not bad. I’ve got a more solid grasp on things now. Sucks to be you, pretty much… So all these experiences are expected of everyone operating in the Fintech space?

Basically, yeah. Depending on the geography, or the product you’re offering, but fair to say it’s a good rule of thumb if you’re touching customer funds or making/taking a lot of payments it’s par for the course. *Screams Internally*

Is there any advantages to this massive grind?

Well, there’s not really an “advantage” from the entrepreneur’s side. Suppose the closest thing to an “advantage” would be that if you are doing all this stuff, and have run the gauntlet and you’ve still got money in the bank to build your product… Then you will probably get approved for your company bank account, larger deal partners in your sales pipeline will be more receptive to working together, etc…

But that in itself IMO is a massive disadvantage generally speaking… It means that the speed of innovation is running on the dial of all of the above getting done. Which costs money, and even worse, time for entrepreneurs. What’s even funnier amongst all of this is, everyone is all doing the same thing. So when you sign up for 5 exchanges, that’s 5 blood sample processes you’re going to go through.

Yeah, we’re trying to close these big deals, and I swear they’re sooooo close to closing… What do we need to add? We’re already taking customers passports, drivers license, and verifying their phone number/email. They don’t need more than that, surely?

Here’s a snapshot of what people think needs to be done, compared to what is actually done as an MSB. Warning, this may hurt your eyes. Haha… Seriously though, it might.

Yep. That longgggg list on the right is what the banking partners, card processors, large deals you want to close, etc. are all expecting to see. If they want to work with you.

All this information, generally speaking, will help you hold your own in a conversation. When you’re working with partners that are regulated and you’re not really in tune, or somewhat naive, they’ll know that and that will usually give them concerns… If teams have endured this process and scaled a business in Fintech, odds are slim that they would want to risk losing all that by partnering with someone who’s new and/or not doing the right box checks.

We know this because we experienced it all firsthand. Even if we can save them x% on this, or increase profits by y%, the net outcome is that it’s a headache to think about. A headache that is likely not going to justify the risky opportunity of a marginal upside.

Ok, got it. Fintech related ideas are now crossed off my list of startup ideas.

This is the problem in general. It’s pretty exhausting to get started, and gets even more exhausting with every step you take…

We’re scarred and battle-tested, but we gained important perspective on things. We’re aware of the process, and like everything in our tech stack, we consume our own API’s and we want our partners to have access to as much of our stack as possible.

Btw, my bad if this has come off salty, it’s not really intended that way. Main reasons for the post are:

Help entrepreneurs understand what’s ahead if journeying into Fintech.

Realize that the risk/reward for potential partners is usually not there if you’re not up to scratch.

Be aware of information collection, and the motivators behind it.

Meet my content writing quota that I got handed from our growth meeting, who will be checking on me and I have to show them something.

We’re bringing out products that will essentially convert this war story, and potential headache you’re going to have, into 10 lines of code. So if you’re not asleep already, and that might be helpful to you, then we want to help you. Our team is on point with all this stuff, just message them on intercom.

Before I forget! One more thing.

This whole post only covers Fintech in relation to money. There are more categories of Fintech though (obviously), but just in case you thought you’d done all of the above and defeated the final boss, you have not.

For dealing with Money (E.g. Venmo). FinCEN is the governing body of that stuff. That’s all that I covered here.

For dealing with Securities (E.g. Robinhood). Finra & SEC cover this area. I’ll chew through that in another post! The terms “Broker/Dealer” or “ATS” (stands for Alternative Trading System) sit in this wheelhouse.

For dealing with Derivatives (E.g. LedgerX). CFTC cover this area. The term “SEF” (Swap Execution Facility). This is usually where people are touching different things like Options/Futures and other types of financial instruments. The CFTC you might hear about when the CBOE and CME launched their Bitcoin Futures last year.

**Waits for entrepreneurs’ enthusiasm to settle down**

And that’s all there is to it :)

Thanks guys!

Kind regards,

Michael.

P.s. I’m not close to an expert on this stuff, many have a lot more mileage on this stuff… I’m just someone who’s gone/going through most of the above and this is my experience. Take it or leave it, fwiw!