A good portion of the cryptocurrency exchange industry is running the risk of falling afoul of the Financial Action Task Force’s (FATF) “Travel Rule” guidance announced in July, according to new research.

Blockchain compliance solutions provider CipherTrace says in its Q3 Cryptocurrency Anti-Money Laundering (AML) Report, published Wednesday, that around one third of the top 120 exchanges are “weak” when it comes to know-your-customer (KYC) verification, while fully two-thirds “lack strong KYC policies.”

The FATF guidance, which is more or less obligatory for its 39 member nations and jurisdictions to adopt in regulation, stipulates that exchanges, or virtual asset providers (VASPS), must obtain, store and be able to pass on data on their users when transactions worth $1,000 or over are made. This provides a digital paper trail that can be followed in order to prevent financial crimes such as money laundering or terrorism financing.

CipherTrace says there’s now just seven months left for the members to align legislation with the guidance, and VASPs to set up solutions in order to remain in compliance. However, it says, some 65 percent of exchanges are not yet able “to handle basic KYC, let alone comply with the stringent new funds ‘Travel Rule’.”

The firm’s researchers found that they were able to transact 0.25 bitcoin daily with little or no KYC at 35 percent of exchanges tested, described as “weak” AML protections in the report. Forty-one percent were “porous,” CipherTrace found, with “some sort of ID verification process,” while just 35 percent had “strong” KYC, with multiple levels of verification, including a proof-of-address requirement and perhaps video or telephone calls.

CipherTrace further says that the Travel Rule is “problematic” for so-called privacy coins, cryptocurrencies that offer features that can obfuscate a user’s personal data. Such features put these cryptos at odd with FATF’s guidance.

Already, some exchanges have been delisting such coins, including zcash, monero and dash, citing compliance with national regulators’ moves to align with FATF’s stipulations.

However, the report says that the researchers found 32 percent of exchanges, including some with less-then-strong KYC, still list privacy coins.

The firm states, though:

"Although the report does punctuate a concern for privacy coins that have no compliance strategy, CipherTrace affirms that recent reports of the death of privacy coins have been greatly exaggerated. In fact, many of the top privacy coin developers have already released statements ... on how they could comply with the Travel Rule.

Indeed, a planned suspension of zcash and dash trading support by OKEx Korea was put under review in October, partly thanks to efforts by the Electric Coin Company – the co-developer of zcash – to assuage the exchange’s fears.

Josh Swihart, the Electric Coin Company’s VP of marketing and business development told CoinDesk at the time, “Zcash is entirely compatible with all FATF recommendations including the travel rule.”