The Sumsuber

Best practices for KYC/AML

5 min read

Building AML Compliance for NFT Marketplaces

My name is Tony and I’m the Chief Legal Officer at Sumsub. Our legal team has a wide range of duties, ranging from internal compliance to offering consultancy services to our customers. As user verification is ultimately a legal task, Sumsub cannot function without our legal and compliance experts.

NFT technology is quite a fascinating topic. In a recent webinar, we talked about the nature of NFTs, their future, and how they’re regulated. Today, I want to get into how NFT marketplaces can achieve AML compliance to prepare for future legislation.

The highlights

  1. What are NFTs
  2. Why NFT marketplaces need to comply with AML requirements
  3. How to bring AML compliance to an NFT business
  4. Wrapping it up

What are NFTs

NFT stands for Non-Fungible Token. “Non-Fungible” means that the token cannot be exchanged, since it’s unique. In essence, an NFT is a certificate of ownership recorded on the blockchain. Examples of NFTs include tokens made for digital art, collectibles, event tickets, and even property.

NFTs are not yet expressly mentioned in any laws or regulations. Nevertheless, they can be indirectly regulated as art, virtual assets, or investment tools.

As there are similar AML requirements for these three spheres, marketplaces should not wait for NFT-specific regulations to start building their AML compliance. Let’s go over why they should start preparing now.

Get in touch with our team to see how Sumsub’s solution can help you build a legally-equipped NFT platform.

Why NFT marketplaces need to comply with AML requirements

Currently, NFT businesses can claim that they don’t bear any AML or data protection responsibilities. However, there are several reasons why they should start introducing AML measures anyway.

#1. To prepare for future regulations

AML compliance requires significant effort. Even if a business outsources to a KYC solution, it must still construct a baseline AML infrastructure. This includes implementing an AML compliance program, hiring a money laundering reporting officer, and so on.

If NFT marketplaces don’t start preparing in advance, they won’t have the time and resources to be compliant once AML regulations come into effect, leaving them open to penalties.

#2. To cash out proceeds

NFT marketplaces need a bank that will exchange their crypto earnings into fiat. However, it is likely that banks won’t be interested in these earnings, unless clear AML procedures are put into place. This is because financial institutions face sanctions for providing services to companies facilitating money laundering and other crimes.

#3. To earn trust

Being AML-compliant can build trust between a business and its users and investors. For instance, when Nifty Gateway, a well-known NFT marketplace, started to build up their compliance, they landed a partnership with auction houses Christie’s and Sotheby’s.

#4. To prevent money laundering

The art sector has recently become subject to AML legislation in Europe, the UK, and the US. As a result, criminals who previously laundered money through art have moved into NFTs.

The most exploitable vulnerability of NFT marketplaces is that users’ identities are not checked. Criminals can create an NFT, register two separate accounts (one for selling and one for buying), and purchase the NFT from themselves. This is a classic money laundering method applied to the novel world of NFTs.

#5. To mitigate fraud

The absence of verification procedures lets in the fraudsters that sell fake NFTs. When users realize they’ve purchased fraudulent goods, their trust in the platforms fades. This cycle negatively impacts artists no less, as nothing is done to prevent their work from being illegally traded and exhibited.

Source: Derek Laufman/Twitter

How to bring AML compliance to an NFT business

Here are some recommendations for NFT marketplaces based on more than five years experience working with ICOs, crypto wallets, and other blockchain businesses.

#1. Establishing a centralized marketplace

If a business has enough financial resources, I recommend opening a centralized marketplace—one controlled by a legal entity and not by users. Although operating without a legal entity would allow businesses not to comply with various laws, they won’t be able to attract investment and earn trust of the users.

#2. Choosing respectable jurisdiction with a comfortable AML regime

I recommend setting up a legal entity either in the US or the UK. I do not advise establishing a marketplace in the EU due to high taxes and strict requirements for remote identification. For instance, in Germany, you have to conduct video KYC to onboard users—a very costly process that significantly decreases conversion rates.

#3. Avoiding investment regulation

Businesses that operate on the blockchain—and NFT marketplaces are among them—are worried that they may fall under the American Securities Act of 1933.

Under the Act, if you sell any investment tool to American citizens, regardless of where your company is located, you must comply with a whole set of obligations, including preventing money laundering and guaranteeing investor rights. In Europe, there are similar regulations, such as MiFID and MiFIR.

As the majority of NFT sellers and buyers come from the US and Europe, NFT marketplaces can fall under these investment regulations. To avoid that, businesses need to prevent NFTs sold on their platform from being considered an investment. Marketplaces can do this by:

  1. Positioning the business as an “art gallery” rather than an investment broker. It’s best to present your business as a “showcase”, where individuals sell and buy artworks, collectibles, etc. Businesses should clearly state in their documentation that their platform is for art-loving and gaming fans, and not for investors who want to make a profit.
  2. Prohibiting fractioning and reselling of NFTs. Businesses can state in their policies that they do not allow reselling NFTs and selling fractionalized NFTs—those split into equal tokens that can be traded as cryptocurrencies—since this can be considered an investment activity.

If NFT marketplaces do not adopt these measures, they may not be able to comply with the complex regulations that face them.

#4. Introducing AML measures

It’s hard to establish AML practices from scratch. To support you, we’ve gathered a list of measures required by regulators around the globe.

  • Risk-based approach. An NFT marketplace must evaluate the money laundering risks that their specific business is exposed to.
  • Necessary documentation. Marketplaces need to prepare several documents that are fundamental for a regulated business, such as a risk assessment, AML policies, AML compliance program, customer acceptance policy, etc.
  • AML team. Businesses must appoint an AML compliance officer who is responsible for overall compliance and reporting.
  • AML training. All employees must be acquainted with money laundering schemes and understand how to deal with them.
  • Reporting. In the future, NFT marketplaces will likely be required to report suspicious activity, so it’s worth starting to build a reporting process now.
  • Recording data. NFT businesses must establish a record-keeping system that allows storing user data in a way that’s compliant with data protection regulations.

Building such infrastructure requires a lot of time and effort, so I recommend starting to prepare in advance. Our legal team is always happy to lend a helping hand, so don’t hesitate to contact us.

#5. Setting up remote verification

NFT marketplaces only need to identify their users at the onboarding stage. KYC for transactions between sellers and buyers performed by payment providers.

Businesses can break up the onboarding journey into several steps. For instance, they can perform a simplified verification procedure during the sign-up process, and a more complex one for deposits.

If I were the owner of an NFT marketplace, I would reach out to a KYC provider, since it makes no sense to build the whole process from scratch when a provider can set it up for you in a quick and efficient manner.

Also, NFT businesses can have a joint KYC process with payment providers. They can introduce reusable KYC that allows customers not to repeat the verification multiple times.

We have compiled a downloadable checklist with all our recommendations so you can track your progress easily. Feel free to save it to your device.

Wrapping it up

It will be increasingly important for NFT marketplaces to build AML infrastructure with their legal entity at the center, surrounded by necessary counterparties like KYC and payments providers. Here’s what this can look like:

 Setting up an AML compliant business takes time and a lot of work. But the reward is avoiding regulatory sanctions and building trust between your platform and its users and investors. So I think it’s worth the effort.  

Want to have all information on AML compliance for NFTs in one place? Enter your email address to download Sumsub’s NFT Handbook 📖

By clicking the button you agree with our Privacy Notice

Download Sumsub’s NFT Handbook