The Sumsuber

Best practices for KYC/AML

3 min read

Crypto KYC Guide: How Virtual Assets Are Regulated

Crypto assets have become the focus of policy makers, lawmakers, and financial regulators. To learn more about KYC in the crypto business, read this guide.

Everything you wanted to google about KYC in one article.

Virtual assets have become a visible part of the financial system over the last decade, with words like ‘Bitcoin’, ‘Ethereum’, and ‘crypto mining’ becoming household phrases among businesses and people all over the world.

Yet, as businesses come up with new ways to use virtual assets, money-launderers, terrorists, and other criminals have also turned to crypto. This has prompted governments to bring crypto service providers under the scope of Anti-Money Laundering (AML) regulations.

In line with such regulations, governments now require crypto businesses to implement Know Your Customer (KYC) procedures for their clients. This page summarizes all the details of this intricate process to help make sense of it all.

What is KYC in crypto?

In many countries, crypto businesses need to comply with AML regulations. This means applying Customer Due Diligence (CDD) procedures which, among other things, include Know Your Customer (KYC) checks.

KYC checks aim to identify and verify clients before allowing them to make any transactions. The minimum information required during the onboarding process is:

  • the client’s full name;
  • residential address;
  • date of birth.

The above information then gets compared to the government-issued documents submitted by the applicant.

Since crypto regulations vary drastically by jurisdiction, clients may have to submit other types of personal data. For instance, in the Guidance for the UK Financial Sector, the UK JMLSG indicates that the information collected as part of the KYC processes may include wallet addresses and transaction hashes.

During the onboarding process, KYC checks usually consist of the following steps:

  • identification—the process of acquiring the client’s personal data;
  • liveness check—the process of determining whether the client is a real person;
  • verification—the process of cross-comparing personal data to government-issued documents;
  • address verification—the process of determining whether the client comes from the claimed region. The purpose of the process is to define if the client is from a high-risk country or not;
  • risk scoring—determining the risk category of the client based on the steps above.

To conduct KYC quickly and properly, crypto services often delegate this to specialized third-party solutions.

onboarding flow
An example of automated KYC that’s completed in three stages within approximately 50 seconds.

Staying compliant with KYC regulations is easy with Sumsub’s complete KYC/AML solutions.

Is KYC mandatory for crypto?

The legal status of crypto businesses depends on existing AML guidelines and how countries implement them. Over the past several years, such guidelines have increasingly restricted crypto asset transactions, making KYC checks mandatory for a wider scope of operations. For example, in 2018, the European Union included crypto-fiat exchanges and wallet providers into the scope of its AML regulations (AMLD5), meaning they must comply with the same rules as financial institutions

Over time, it became clear that more services related to virtual assets needed to be regulated in order to effectively combat money laundering. Therefore, countries have begun implementing services specified in the FATF Guidance 2019 and its updated Guidance 2021. These include:

  • exchanging between virtual assets and fiat currencies;
  • exchanging between one or more forms of virtual assets;
  • transfers of virtual assets;
  • safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets;
  • participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

Sumsub has already written a series of detailed articles on national crypto regulations. Check out our guides to get an in-depth understanding of each jurisdiction:

Manual and automated KYC checks

Businesses that conduct KYC checks have a choice of manual and automated procedures. Both options are useful for companies, however manual checks come with more risks.

The cons of manual KYC checks for crypto

The implementation of manual KYC checks creates challenges both for businesses and clients.

Costly and slow process. If businesses employ manual KYC procedures, onboarding times likely take longer, resulting in a lower customer conversion rate.

Security risks. The manual approach leads to a higher error rate due to a human factor. In particular, a person verifying documents may not differentiate a forged document from an authentic one.

Automated KYC solutions

One possible solution for bringing down costs and speeding up onboarding is KYC automation. Unlike the manual approach, automation allows businesses to:

  • bring down associated costs by up to 43% (in Sumsub’s experience);
  • speed up the onboarding process (50 sec. median verification time);
  • ensure document authenticity;
  • simplify the onboarding process.

Automated KYC is performed by extracting data from provided documents, ensuring that all security features are present, and comparing the document itself to templates. Such an approach not only decreases the number of errors but also leads to a higher conversion rate thanks to a quick and simple onboarding process.

If you want to protect your business even more, read about cryptocurrency exchange hacks and how you can secure user funds from theft.


Countries will continue implementing new regulations and tightening existing ones. By ensuring AML compliance, crypto businesses can secure the trust of major players. Being fully compliant might take crypto businesses some time, but it most certainly will benefit them in the future.

See Sumsub in action