Building AML Compliance for NFT Marketplaces

My name is Tony and I’m the Chief Legal Officer at Sumsub. Our legal team has a wide range of duties, ranging from internal compliance to offering consultancy services to our customers. As user verification is ultimately a legal task, Sumsub cannot function without our legal and compliance experts.

The topic of NFT is quite fascinating. The NFT market is huge—​​it reached $25bn last year—yet it’s hardly regulated, which makes it luring for fraud and money laundering.

In a recent webinar, we talked about the nature of NFTs, their future, and how they’re regulated. Today, I want to get into how NFT marketplaces can achieve AML compliance to prepare for future legislation.

What are NFTs

NFT stands for Non-Fungible Token. “Non-Fungible” means that the token cannot be exchanged, since it’s unique. In essence, an NFT is a certificate of ownership recorded on the blockchain. Examples of NFTs include tokens made for digital art, collectibles, event tickets, and even property.

NFTs are not yet expressly mentioned in any laws or regulations. Nevertheless, they can be indirectly regulated as art, virtual assets, or investment tools.

As there are similar AML requirements for these three spheres, marketplaces should not wait for NFT-specific regulations to start building their AML compliance. Let’s go over why they should start preparing now.

Get in touch with our team to see how Sumsub’s solution can help you build a legally-equipped NFT platform.

Why NFT marketplaces need to comply with AML requirements

Currently, NFT businesses can claim that they don’t bear any AML or data protection responsibilities. However, there are several reasons why they should start introducing AML measures anyway.

#1. To prepare for future regulations

AML compliance requires significant effort. Even if a business outsources to a KYC solution, it must still construct a baseline AML infrastructure. This includes implementing an AML compliance program, hiring a money laundering reporting officer, and so on.

If NFT marketplaces don’t start preparing in advance, they won’t have the time and resources to be compliant once AML regulations come into effect, leaving them open to penalties.

NFT regulations might be implemented earlier than everybody expects. In June 2022, for example, EU lawmakers discussed a possibility to introduce regulations on the NFT industry to stop scam artists and money launderers from abusing the unregulated industry.

#2. To cash out proceeds

NFT marketplaces need a bank that will exchange their crypto earnings into fiat. However, it’s likely that banks won’t be interested in these earnings unless clear AML procedures are put into place. This is because financial institutions face sanctions for providing services to companies facilitating money laundering and other crimes.

#3. To earn trust

Being AML-compliant can build trust between a business and its users and investors. For instance, when Nifty Gateway, a well-known NFT marketplace, started to build up their compliance, they landed a partnership with auction houses Christie’s and Sotheby’s.

#4. To prevent NFT money laundering

The art sector has recently become subject to AML legislation in Europe, the UK, and the US. As a result, criminals who previously laundered money through art have moved into NFTs.

The most exploitable vulnerability of NFT marketplaces is that user identities are not checked. Criminals can create an NFT, register two separate accounts (one for selling and one for buying), and purchase the NFT from themselves. This is a classic money laundering method applied to the novel world of NFTs.

#5. To mitigate fraud

The absence of verification procedures lets in  fraudsters who sell fake NFTs. When users realize they’ve purchased fraudulent goods, their trust in the platform fades. This cycle negatively impacts artists no less, as nothing is done to prevent their work from being illegally traded and exhibited.

Source: Derek Laufman/Twitter

How to establish NFT compliance: best practices

Here are some recommendations for NFT marketplaces based on more than five years working with ICOs, crypto wallets, and other blockchain businesses.

#1. Establishing a centralized marketplace

If a business has enough financial resources, I recommend opening a centralized marketplace—one controlled by a legal entity and not by users. Although operating without a legal entity would allow businesses to avoid compliance with various laws, they won’t be able to attract investment and earn the trust of the users.

#2. Choosing a respectable jurisdiction with a comfortable AML regime

I recommend setting up a legal entity either in the US or the UK. I do not advise establishing a marketplace in the EU due to high taxes and strict requirements for remote identification. For instance, in Germany, you have to conduct video KYC to onboard users—a very costly process that significantly decreases conversion rates.

#3. Avoiding investment regulation

Businesses that operate on the blockchain—including NFT marketplaces—are worried that they may fall under the American Securities Act of 1933.

Under the Act, if you sell any investment tool to American citizens, regardless of where your company is located, you must comply with a whole set of obligations, including preventing money laundering and guaranteeing investor rights. In Europe, there are similar regulations, such as MiFID and MiFIR.

As the majority of NFT sellers and buyers come from the US and Europe, NFT marketplaces can fall under these investment regulations. To avoid this, businesses need to prevent NFTs sold on their platform from being considered investments. Marketplaces can do this by:

1. Positioning the business as an “art gallery” rather than an investment broker. It’s best to present your business as a “showcase”, where individuals sell and buy artworks, collectibles, etc. Businesses should clearly state in their documentation that their platform is for art-lovers and gaming fans, and not for investors who want to make a profit.
2. Prohibiting fractioning and reselling of NFTs. Businesses can state in their policies that they do not allow reselling NFTs or selling fractionalized NFTs—those split into equal tokens that can be traded as cryptocurrencies—since this can be considered an investment activity.

If NFT marketplaces do not adopt these measures, they may not be able to comply with the complex regulations that face them.

#4. Introducing AML measures

It’s hard to establish AML practices from scratch. To support you, we’ve gathered a list of measures required by regulators around the globe.

• Risk-based approach. An NFT marketplace must evaluate the money laundering risks that their specific business is exposed to.
• Necessary documentation. Marketplaces need to prepare several documents that are fundamental for a regulated business, such as a risk assessment, AML policies, AML compliance program, customer acceptance policy, etc.
• AML team. Businesses must appoint an AML compliance officer who is responsible for overall compliance and reporting.
• AML training. All employees must be acquainted with money-laundering schemes to understand how to deal with them.
• Reporting. In the future, NFT marketplaces will likely be required to report suspicious activity, so it’s worth building up reporting process now.
• Recording data. NFT businesses must establish a record-keeping system that allows storing user data in a way that’s compliant with data protection regulations.

Building such infrastructure requires a lot of time and effort, so I recommend starting to prepare in advance. Our legal team is always happy to lend a helping hand, so don’t hesitate to contact us.

#5. Setting up remote verification

NFT marketplaces only need to identify their users at the onboarding stage. KYC for transactions between sellers and buyers is performed by payment providers.

Businesses can break up the onboarding journey into several steps. For instance, they can perform a simplified verification procedure during the sign-up process, and a more complex one for deposits.

If I were the owner of an NFT marketplace, I would reach out to a KYC provider, since it makes no sense to build the whole process from scratch when it can be set up in a quick and efficient manner.

Also, NFT businesses can have a joint KYC/AML process with payment providers. They can introduce reusable KYC that allows customers not to repeat verification multiple times.

We have compiled a downloadable checklist with all our recommendations so you can track your progress easily. Feel free to save it to your device.

Wrapping it up

It will be increasingly important for NFT marketplaces to build AML infrastructure with their legal entity at the center, surrounded by necessary counterparties like KYC and payment providers. Here’s what this can look like:

Setting up an AML compliant business takes time and a lot of work. But the reward is avoiding regulatory sanctions and building trust between your platform and its users and investors. So I think it’s worth the effort. 

FAQ

• Can NFT be used for money laundering?

  Yes. Volatile prices make NFT attractive for money launderers. Criminals can create an NFT, register two separate accounts (one for selling and one for buying), and purchase the NFT from themselves.

• Is NFT wash trading illegal?

  Yes, NFT wash trading is illegal and is a form of NFT scamming. Wash trading is a market manipulation in which an investor simultaneously sells and buys the same financial instruments to create artificial activity in the marketplace. NFT wash trading aims to give market participants a misleading image of an asset’s value. In doing so, an NFT will be sold at a higher price to a new wallet, which is also controlled by the original owner.

• What is KYC in NFT?

  It is the process of customer verification in an NFT marketplace.

• Do you need KYC for NFT?

  Currently, KYC is not a regulatory requirement for NFT marketplaces. However, it is advisable to implement it. By using KYC technology, NFT marketplaces could reduce the chance of fraud and intellectual property theft for artists.