How KYC May Unite the Developed World

They know me in Malta . . . and Hong Kong . . . and Estonia . . . .

Photo by Zoltan Tasi on Unsplash

(This is neither legal nor investment advice).

There are few things on which the majority of the developed world can agree. One point is that the prevention of money laundering and terrorism is a worthy goal. The G20’s recent pronouncement on aligning standards for Anti-Money Laundering underscores this point.

To that end, financial institutions in most countries have complied various KYC requirements for quite some time. KYC is not new. It is however, newly thrust into popular culture. At least if you trade cryptocurrency. If you are new to the concept of KYC, likely it is at best an inconvenient set of hoops to jump through, and at worst, a nightmarish cloud of uncertainty.

What is KYC anyways?

Briefly, “KYC” or “know your customer” laws require financial institutions, securities and commodity brokers and like participants in the transfer of assets to verify the identity of their customers and screen for suspicious transactions. In the United States, the principal regulatory scheme stems from the Bank Secrecy Act (“BSA”) [1] , but the concept is also included in other regulatory schemes. [2] The effect is more or less that any facilitator of a transaction in fiat currency or any other thing of value that is convertible to fiat currency [3] needs to verify (or verify that someone else verified) that the participants in the transaction have the proverbial clean bill of legal health.

Under the BSA, if a bank thinks that a transaction is suspect, it must file a suspicious activity report (a “SAR”) with the Department of Treasury. [4] What makes a transaction suspect? There is not much guidance on that. An unsuspecting bank can find themselves on the wrong end of an action by the Financial Crimes Enforcement Network (“FinCEN”). Also, the penalties for failing to file a SAR are very stiff. [5]

I bank, you bank, we all bank . . . unless we are a cryptocurrency project or a cannabis business.[6]

In the face of the BSA, most banks don’t find deposits from sales of cryptocurrency or from cannabis businesses to provide sufficient reward to justify the risk of FinCEN’s attention. Think about it. You are a massive global (or even national) entity that makes money without really needing to do much beyond bringing in customers (depositing/borrowing) and taking a spread on the applicable interest rates. [7] There is one big thing that you need to do to keep the money train rolling. COMPLY WITH GOVERNMANT DIRECTIVES.

So, in comes the principal of a cryptocurrency project that just sold enough tokens that they want to deposit $20 million into your account. For the largest of banks, that sum is not even material; for smaller banks, it is material, but likely not so much as to make a giant difference on their balance sheet. Now add in that you have no real way of knowing where that $20 million really came from. The crypto project took in investments of cryptocurrency BTC/ETH, etc. from all over the world. This is not a hard decision for the bank. There is no way that $20 million justifies drawing the attention of FinCEN.

. . . But that’s not all . . . depending on the project the BSA may apply even before a bank is involved.

After several years of speculation, on May 9, 2019, FinCEN published guidance with respect to FinCEN’s positions on how the BSA applies to cryptocurrency businesses, and specifically what types of activities trigger a requirement of compliance with the BSA. The short version is that most cryptocurrency exchanges, multi-signature hosted wallets, decentralized applications that facilitate moving tokens between parties or locations and other like services will qualify as money transmitters, with all the regulatory requirements that come with that designation. [8]

Here the nightmare begins

Photo by Monica Silva on Unsplash

You have a well-meaning, non-scam cryptocurrency project that will make the world a better place and comes along with rainbows and unicorns. [9] You want to sell tokens that will be a medium of exchange for your unicorn creation software. The unicorns in question will repatriate funds across borders. I hope FinCEN likes rainbows and unicorns because you are going to need to consider them twice. Once with respect to convincing a bank to accept your funds from your token offering; and again in connection with those repatriating unicorns. The unicorns are sad…

Not only that, but even your best efforts might not be good enough for the banks to accept your funds. In a move smacking of censorship, on June 6, 2019, national bank First Republic [10] closed the accounts of Civil, a token project focused on ethical reporting (no fake news). True, that Civil could have done more to comply with legal requirements, but it is common for banks to close accounts of crypto projects the moment they learn of the nature of their client. No questions asked.

Beyond the USA

Photo by Kyle Glenn on Unsplash

To the extent that a token touches the United States, the BSA applies regardless of where a money transmitter is located. That said, the USA is hardly alone. Most of the developed world has some form of equivalent law. A few examples:

• In a 4-year saga that ended in June 2019, Israel’s Bank Leumi halted Bits of Gold’s banking access because the bank claimed that the crypto company was in violation of money laundering (Israel’s Supreme Court Recently ruled otherwise).

• The National Australia Bank closed accounts on myCryptoWallet.

• in early 2019. On the other end of the ethics stick, The Canadian Imperial Bank froze accounts on QuadrigaCX in 2018.

Can’t we all just get along (the enemy of my enemy is my friend) — Cross-Border Collaboration for KYC in Big Banks and Beyond.[11]

Tokens do not respect borders. Regulatory arbitrage [12] is frequent and virtually impossible to prevent. I can’t see the world agreeing on regulation of transactions in securities, [13] but I can easily see a uniform standard for KYC and prevention of suspicious activities. Money-laundering is by its nature an international problem. Terrorism, economic sanctions . . . We are practically in the same boat already. There is already cooperation; last year, the US Department of Justice and Canadian authorities cooperated to arrest Canadian Nationals (see Payza.com and related companies) who were using US bank accounts for (among other things) violation of money transmitter laws. If the world is going to come to some kind of standard regulation for cryptocurrency, KYC would be a great place to start.

You can learn more about the Payza indictment and other crypto regulatory concepts on our firm’s Youtube channel. Be sure to subscribe!

Already in process . . . the technology solve.

The global financial institutions want to solve the global financial problem. Goldman Sachs, JP Morgan, and Barclays (among many others) are focusing resources. Goldman just pumped $250 million dollars into an office in Bengaluru, India, reducing KYC processing time by between 50% and 90%. JP Morgan released an open-source protocol earlier in 2019 that will help identify financial transactions. Barclays filed patents related to streamlining KYC processing as well. Beyond the enterprise-level, other institutions are expediting the KYC process, too. For example, leading crypto projects have many choices to outsource KYC services. [14]

Technology finds easy application in the KYC process. That’s where projects like Civic and Everynym [15] and foundations like the Sovrin Foundation come in. Proof of identity as a use case for distributed ledger technology is low hanging fruit. The zero-knowledge-proof, for instance, will verify that an identity is not restricted from transacting, but not disclose the actual identity of the applicant. Moreover, most KYC processes already use artificial intelligence with facial recognition capabilities as a strong first step. At the moment, these systems are backed up by human review; that requirement should not last long. It is not hard to picture biometric KYC. [16]

Conclusion

In short, the legal approach to prevention of the movement of money for nefarious purposes feels like a unifying issue with relatively simple global solutions. [17] To be sure, in the short term, it is an annoying, byzantine burden on cryptocurrency projects which are ill equipped to toe the proverbial line. But with continued efforts, available tools and third-party services should transform KYC into a seamless, global process, for the most part under the proverbial hood. [18]

For the moment, the best (only) approach is to spend the resources to be able to prove beyond any question that any funds you receive in exchange for tokens is from an identified and approved source. Your bank will thank you for it (or at least not close your accounts).