Lately, a lot of ink has been spilled over the KYC (“Know Your Customer”), AML (“Anti-Money Laundering”) and CTF (“Counter-Terrorist Financing”) regulation, policies, procedures and other similar matters related to cryptocurrencies and token crowdsales. The KYC procedure is a mandatory procedure in the financial sector and is becoming a common standard for cryptocurrency exchanges as well as token crowdsales. Despite all the positive change that cryptocurrencies introduced in the past years, there is no doubt that they have been used for money laundering purposes[1]. Nevertheless, there are many heated discussions on online channels and forums[2], as well as many differing expert opinions about the (un)necessity and (il)legitimacy of KYC procedures. I will try to break it all down in this article.

Regulatory demands

As mentioned previously, the KYC procedure has been mandatory in the financial world for decades. Parties involved in financial transactions strictly adhere to the KYC and AML/CTF regulations, and also develop their own compliance standards and policies. Moreover, some are taking the KYC procedure further and investigating their customer’s customers (“Know Your Customer’s Customer” or “KYCC”[3]). The purpose of all this is to prevent illegal money laundering and terrorism financing.

As it stands now, more and more regulators in different countries have started indicating that the KYC and AML/CTF rules apply not only to cryptocurrency exchanges but also to token crowdsales.[4] They have even proposed strict rules for such entities in the area of KYC and AML/CTF regulation, e.g. the recent amendments to the 4th AML irective[5] in the European Union.

Therefore, certain crypto-related entities are obliged to introduce the KYC procedure with clearly stated AML/CTF rules if they have not done so already. Although this can mean substantially more work and costs for these entities (and an additional burden for their clients), the alternative is far worse — fines, losses and reputational damage due to permitting the channelling of illegal funds and causing indirect losses to their clients.

Market demands

Certain cryptocurrency exchanges are already starting to exclude tokens that did not implement a KYC procedure before or during their token crowdsale[6]. That means that holders who purchased tokens in such crowdsales without providing their personal information in a proper KYC procedure will not be able to exchange such tokens for other tokens or cryptocurrencies through exchange platforms.

Additionally, banks refuse to work with companies conducting token crowdsales without an appropriate KYC procedure. By doing so, these companies cause serious risks to their daily and long‑term operations, endangering themselves and the holders of their tokens.

This market behaviour encourages companies conducting token crowdsales to voluntarily comply with the KYC and AML/CTF rules to mitigate the risks for token holders.

Mindset adjustment

Six months ago, nobody in the token crowdsale world performed KYC / AML / CTF checks; now everyone (relevant) is doing some kind of KYC / AML / CTF checks, and in six months from now, KYC procedures will be an entirely accepted and customary practice in the token crowdsale community. Furthermore, these checks will probably be much more thorough than what we can see today.

As an example of that, one of the leading exchange platforms, Bitstamp, started using a new KYC form asking for their clients’ occupation, annual income, net worth, source of funds, etc[7]. Additionally, a prominent token crowdsale Legolas, asked the token purchasers to “provide as much detail as possible about the origin of the BTC”. I believe that these practices will spread throughout the industry.

We can notice that many token purchasers strongly support well-structured and comprehensive KYC procedures that protect their interests and make the associated transactions more secure.

Security concerns

Security (or lack thereof) and data leaks are pressing issues with KYC procedures. There have been a few alarming data leaks during very prominent token crowdsales, such as the Bee Token and Sentinel[8], where very sensitive personal information was stolen. Such information can easily be used for identity abuse and other illegal activities, including further unlawful token purchases.

Tens of thousands of personal information sets must also be properly structured and analysed in order to obtain only relevant information and to prevent money laundering and terrorist financing. A good example is the structure of the “selfie” picture in Eligma’s KYC procedure, which is primarily intended for preventing the abuse of a person’s identity. That is how Eligma makes sure that Ether is transferred by the person in question and not by somebody else who is recycling previous KYC information that have might leaked somewhere.

It is extremely important for a company conducting the KYC procedure to secure all received customer information and keep it safe and in the way permitted by the applicable legislation. Such personal information obtained in the KYC procedure should be used only for preventing money laundering and terrorist financing. Any record of the purchaser’s information should not be kept longer than necessary for the purpose of preventing, detecting and investigating money laundering and terrorist financing.

At the end of the day, it is up to the token purchasers if they trust the token crowdsale regarding the processing and keeping their data secure and in compliance with the applicable legislation. (Tim Polach, Eligma’s Chief Security Officer, is preparing an interesting article on token sale security.)

Conclusion

The KYC procedure is the only way companies can check the source of the funds received during a token sale. This is something that is not only required by governments and regulators but also by the exchange platforms, banks, large corporations and other relevant entities.

There has been a race to build a KYC global registry in the banking industry for years[9], but it has not been won yet. Sometime in the very near future, there will be a race for a KYC global registry in the cryptocurrency world as well. Until somebody wins that race, I suppose we will have to deal with different KYC procedures for every single cryptocurrency exchange or new promising token crowdsale.

We would like you to trust in our competence and professionalism from the very beginning. That is why the Eligma token crowdsale follows the appropriate legal standards and safety procedures. You should therefore not be surprised if you receive a call from Eligma’s KYC team after your KYC application has been successfully approved. It is all for the benefit of the Eligma project and you as a future ELI token holder.

Disclaimer: the information available in this article is intended for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain legal advice with respect to any particular issue or problem contained herein.

[1] In July 2017, a Russian national was arrested in Greece on suspicion of laundering $4bn through his crypto exchange (http://www.bbc.com/news/world-europe-40731200).

[2] https://bitcointalk.org/index.php?topic=2242505.0;all

[3] The European Union initiated a similar effort with its 4th AML Directive with regards to beneficial ownership (https://medium.com/the-regtech-hub/kycc-know-your-customers-customer-fd6c4929d0e3)

[4] Financial Crime Enforcement Network (FinCEN) stated in its letter to the US Senator Ron Wyden: “[…] a developer that sells convertible virtual currency, including in the form of ICO coins or tokens, in exchange for another type of value that substitutes for currency or a money transmitter and must comply with AML/CFT requirements that apply […]” (https://coincenter.org/files/2018-03/fincen-ico-letter-march-2018-coin-center.pdf)

[5] http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52016PC0450&from=EN

[6] https://www.ccn.com/five-reasons-kyc-crucial-ico-investment/

[7] https://www.bitstamp.net/account/kyc/

[8] https://news.bitcoin.com/kyc-requirements-are-making-icos-riskier-not-safer/

[9] https://www.americanbanker.com/news/the-race-to-build-a-know-your-customer-registry

Join our community:

Web page|Facebook|Telegram|LinkedIn|Twitter|GitHub