Crypto KYC Guide: How Virtual Assets Are Regulated

Crypto companies, or virtual asset service providers (VASPs), have become a visible part of the financial system over the last decade, with words like ‘Bitcoin’, ‘Ethereum’, as well as crypto exchanges and crypto wallets becoming household phrases all over the world.

Yet, as businesses come up with new ways to use virtual assets, money-launderers, terrorists, and other criminals have also turned to crypto. This has prompted governments to bring crypto service providers under the scope of Anti-Money Laundering (AML) regulations. In line with such regulations, governments now require crypto businesses to implement Know Your Customer (KYC) procedures for their clients.

The highlights

1. What is KYC in crypto?
2. Why do crypto companies need KYC?
3. Is KYC mandatory for crypto companies?
4. KYC and crypto: what’s next?
5. Manual and automated KYC checks
6. Automated KYC solutions
7. Conclusion
8. FAQ

What is KYC in crypto?

KYC in crypto stands for the actions VASPs take during onboarding, or occasional transactions, to verify client identities as part of the due diligence process and compliance with regulations.

In many countries, crypto businesses need to comply with AML regulations. This means applying Customer Due Diligence (CDD) procedures which, among other things, include Know Your Customer (KYC) checks. 

KYC checks aim to identify and verify clients before allowing them access to services, or conduct occasional transactions. The minimum information required during the onboarding process is:

• the client’s full name;
• residential address;
• date of birth.

The above information then gets compared to government-issued documents submitted by the client.

Since crypto regulations vary drastically by jurisdiction, clients may have to submit other types of personal data (such as the place of birth, nationality, tax code, etc). For example, in the Guidance for the UK Financial Sector, the UK Joint Money-Laundering Steering Group indicates that the information collected as part of the KYC processes may also include wallet addresses and transaction hashes.

During the onboarding process, crypto KYC checks usually consist of the following steps:

• identification—the process of acquiring the client’s personal data;
• liveness check—the process of determining whether the client is a real person;
• verification—the process of cross-comparing personal data to government-issued documents;
• address verification—the process of determining whether the client comes from the claimed region. The purpose is to determine if the client is from a high-risk country or not;
• risk scoring—determining the risk category of the client based on the steps above.

To conduct KYC quickly and properly, crypto services often delegate the process to specialized third-party solutions.

An example of automated KYC that’s completed in three stages within approximately 50 seconds.

Why do crypto companies need KYC?

KYC in crypto is a legal obligation in most jurisdictions. Therefore, most crypto service providers do not allow their customers to buy cryptocurrency or withdraw funds until they pass a KYC check. However, there are still some crypto services that allow clients to trade without passing KYC. These are usually decentralized, unregulated exchanges, or exchanges from countries where AML regulation is weak. Some exchanges can set withdrawal limits, where KYC is only needed when such limits are exceeded.

Using a non-KYC crypto service can bring the following risks: 

• Increased vulnerability to criminals due to weaker protection
• Non-compliance with AML regulations
• Close attention from regulators
• Mistrust from partners

KYC in crypto companies can help by

• Preventing money laundering and terrorist financing
• Fighting fraud and identity theft
• Providing transparency
• Ensuring customer trust
• Ensuring trust from partners

Case study: Cake DeFi Boosts Approval Rate by 80% and Detects 20x More Fraudsters

Is KYC mandatory for crypto?

In most jurisdictions, yes. However, the KYC obligations of crypto businesses depend on existing AML laws and how countries implement them. 

Over the past several years, AML laws have made crypto KYC checks mandatory for a wider scope of operations. For example, in 2018, the European Union included crypto-fiat exchanges and wallet providers into the scope of its AML regulations (AMLD5), meaning they must comply with the same rules as financial institutions.

Case study: Mining Platform NiceHash Lowers Security Incidents by 80% with Sumsub

Over time, more services related to virtual assets have been regulated in order to effectively combat money laundering. Therefore, countries, including some of EU members, have begun implementing services specified in the FATF Guidance 2019 and its updated Guidance 2021. These include:

• exchanging between virtual assets and fiat currencies;
• exchanging between one or more forms of virtual assets;
• transfers of virtual assets;
• safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets;
• participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

KYC and crypto: what’s next?

The updated FATF Recommendations require VASPs and financial institutions engaged in virtual asset transfers to follow the Travel Rule. This means collecting personal data of senders and recipients in a crypto transaction and sharing them with VASPs or financial institutions.

The FATF’s proposed threshold amounts to 1000$/€ for virtual asset transfers. If a transaction amount is lower than the threshold, VASPs can enjoy less stringent requirements. However, countries can establish their own thresholds. 

Since the Travel Rule requires VASPs to collect and verify certain information about the client, including checks against sanctions lists, the compliance process partially falls within the KYC procedure. However, Travel Rule obligations require collecting information outside the scope of KYC. Therefore, it should be noted that, despite their overlaps, KYC and the Travel Rule are separate requirements under AML regulations.

Members of FATF and FATF-style regional bodies are already beginning to implement the Travel Rule into their respective anti-money laundering (AML) laws. According to the FATF’s Targeted Update on Implementation of FATF Standards on Virtual Assets-VASPs, 29 out of 98 responding jurisdictions reported having passed Travel Rule legislation as of March 2022, while only 11 jurisdictions have begun incorporating enforcement and supervisory measures. 

Another common trend in crypto is the expansion of decentralized services regulation. In some jurisdictions, under certain circumstances, regulators already require implementation of KYC and other AML measures.

The approach to KYC may also change in the future. With the development of Web 3.0, where decentralization is one of the main components, the idea of SSI (self-sovereign identity) has emerged. So it can be assumed that regulators will be potentially implementing this approach to KYC.

Manual and automated KYC checks

Crypto businesses that conduct KYC checks have a choice of manual and automated procedures. Both options are useful for companies, however manual checks come with more risks.

The cons of manual KYC checks for crypto

The implementation of manual KYC checks creates challenges both for businesses and clients.

Costly and slow. If businesses employ manual KYC procedures, onboarding times likely take longer, resulting in a lower customer conversion rate.

Security risks. The manual approach leads to a higher error rate due to human involvement (a person verifying documents may not always differentiate a forged document from an authentic one).

Automated KYC solutions

One possible solution for bringing down costs and speeding up onboarding is KYC automation. Unlike the manual approach, automation allows businesses to:

• bring down associated costs by up to 43% (in Sumsub’s experience);
• speed up the onboarding process (50 sec. median verification time);
• ensure that the user has provided an authentic document;
• reduction of human error;
• simplify the onboarding process.

Automated KYC is performed by extracting data from provided documents, ensuring that all security features are present, and comparing the document itself to templates. Such an approach not only reduces errors, but also leads to a higher conversion rate thanks to a quick and simple onboarding process.

Case study: Oobit: Boosting User Verification from 48 hrs to 1m 40s with Sumsub

Conclusion

Countries will continue implementing new regulations for crypto assets and tightening existing ones. By ensuring AML compliance, crypto businesses can secure the trust of major players. Getting fully compliant might take crypto businesses some time, but it most certainly will benefit them in the future.

FAQ

• Is KYC necessary in crypto?

  In most jurisdictions, KYC in crypto is necessary under AML/CFT law.

• What is the benefit of KYC in crypto?

  KYC in crypto:

  • Prevents money laundering and terrorist financing

  • Fights fraud and identity theft

  • Provides transparency

  • Ensures customer and partner trust

• Can you buy crypto without KYC?

  Most crypto exchanges do not allow the purchase of cryptocurrency without client verification. However, some do by limiting the amount of money a client can buy or sell without KYC (i.e. a withdrawal limit of 1BTC can be set). 

• What does KYC mean in NFT marketplaces?

  KYC is the process of customer verification in an NFT marketplace. Read this article to learn more about AML compliance in NFT marketplaces.