Because KYC conformity is important in ensuring that banking institutions are not defrauded or victims of other financial crimes such as money laundering or organized crime, KYC procedures are critical elements in the effective management of banking risks.
In 2016 Thomson Reuters surveyed nearly 800 financial institutions about the effects of KYC regulation on their respective institutions and concluded that they were spending, on average, $60 million per year on KYC compliance with some spending as much as $500 million per year.
Regulations are becoming increasingly stricter, meaning financial institutions have to spend more money than ever to comply with them or risk steep fines. These fines are also dramatically increasing with JP Morgan, for example, being fined $2 million for a failure to report suspicious activity.
Whilst speaking of criminal punishment it is worth noting that given the large corporate structure of many organizations, it is difficult to assign criminal responsibility to a specific individual or group of individuals. For this reason, regulators mostly levy fines against large banks, rather than pursuing criminal prosecutions, to make financial institutions follow the law and conduct strict compliance procedures.
The Patriot Act published in 2001 outlined the laws on KYC, specifying that a U.S. bank is required to file a suspicious activity report if it suspects, or has reason to suspect, criminal activity.
Despite this, the Patriot Act does not directly specify a customer due diligence requirement. However, the system is not perfect and despite significant fines and stricter regulations being put in place, terrorism, money laundering, and illegal financial activities are still prevalent. However, if no intergovernmental and international organizations such as the Financial Action Task Force, the National Credit Union Administration, the U.S. Securities, and Exchange Commission and FINTRAC existed the problem would be considerably greater. Government laws in different countries help to protect the financial system against manipulation, financing of terrorism, and money laundering and whilst the system is not perfect it works to some degree.
Nevertheless, regulations are continuously improved and got stricter. The 5th Anti-Money Laundering Directive (AMLD5) of the EU came into force on July В 9, 2018 with effective application from January 10, 2020. This is an extension of AMLD4 (July 2016) which requires, among other things, that all member countries have a centralized register of national bank accounts and a centralized data retrieval system. The costs to financial institutions associated with compliance are normally funded by third-party solutions.
The current situation with regards to adhering to compliance rules and regulations within the crypto market is almost the opposite to that in classic financial markets. A recent study by PAID discovered that even in the US and EU, two-thirds of cryptocurrency exchanges fail to comply with requirements. They ask for nothing more than an email address and a phone number meaning they know virtually nothing about their customers.
This is the main reason why the vast majority of banks are hesitant to work with cryptocurrency exchanges, forcing them to relocate to less regulated jurisdictions.
We decided to undertake our own brief KYC investigation to get an overview of the current situation and below are our findings:
The above table shows that currently the primary documents that exchanges require are a passport, photograph and a written certificate.
It is difficult to say whether this is enough to pass the KYC procedure and shockingly from this short list we found two exchanges that did not follow this procedure at all.
However, the finding that gave us the most concern was the low-level compliance requirements of the leading exchanges such as Binance, Huobi, and OKEx. В В For example, Binance has only recently requested potential customers provide a copy of their passport during their sign up process following a number of complaints about the exchanges lack of security which had made it a haven for criminals to divide their stolen coins into smaller undetectable portions by using multiple accounts. Huobi has added more stringent certification to its sign-up requirements but does not verify mobile phone details. At least, as opposed to Binance and Huobi, OKex requires a passport and utility bill but still shows a flippant attitude to KYC.
We have explained below three main reasons why crypto exchanges do not take their compliance procedures seriously:
It seems that the crypto market has finally grown enough to gain the serious attention of regulators and provoke them into action.
Despite the unsatisfactory current compliance process situation, the cryptomarket has recently received welcome news in respect of the upcoming improvements and changes happening within the space. Binance, the world’s largest crypto exchange according to CoinMarketCap, has just announced their forthcoming partnership with Chainanalysis.
Chainanalysis is a software solution provider for forensic analysis that helps law enforcement agencies track the movement of bitcoin and other top cryptocurrencies. The platform uses statistical techniques to identify when given transactions are likely to be tied to criminal activity and generate a warning alert. Law enforcement agencies, banks and financial service companies are amongst their customers.
As agreed within the partnership framework, Chainanalysis will provide Binance with access to its Know Your Transactionќ compliance software enabling the exchange to monitor cryptocurrency transactions in real-time. В In particular, this tool will look for potentially criminal or otherwise illicit activity.
Binance executives also confirmed that the company had invested in know-your-customer and anti-money laundering measures and had hired compliance professionals. However, criminals would always be able to find loopholes in the system whatever precautions are taken and only a continuous improvement process can help to fight this ongoing issue.
Since its inception, Binance has undergone many changes. From initially hiding its jurisdiction,В it progressed to requiring passports from users and partnering with Chainanalysis to implement better KYC/AML protocols and subsequently freeze WEX accounts. No doubt, as a well-known exchange, Binance is acting as a trendsetter for the crypto community and other exchanges will no doubt follow its example soon.
The KYC/AML procedure in the crypto space is still far from desirable when compared to other mainstream financial markets. We can, of course, appeal to those in the early stages of forming the cryptocurrency market, but the crypto space develops at a much faster pace than classical markets and is always on the cutting edge of new technology and can perhaps lead by example in the future.
Exchanges just need the right motivation in order to address compliance implementation problems themselves. The high costs associated with proper compliance measures can be solved by outsourcing them to third-party solutions. Financial institutions work with services such as Thomson Reuters and Dimension platform from SimCorp in order to handle their KYC process. As Binance has already demonstrated, crypto exchanges could utilize these same third-party services. The competition problem will be solved by itself when a critical number of exchanges start to increase their compliance standards as otherwise, regulators will strive to be stricter to crypto exchanges, related brokers, ico-entrepreneurs and other market participants.
When trying to answer our original question: Does the crypto community need an efficient KYC/AML procedure? we need to think about criminal and cybersecurity issues and the benefit genuine participants will receive by having their coins and tokens securely protected from theft.
Regulation is necessary for crypto market integrity as it will dramatically decrease fraudulent schemes and increase the reputation of the crypto community which in turn will ensure market growth. Let’s be the leaders and visionaries, we do not need to wait until regulators implement their requirements but instead actively support those organizations which are the most progressive in their compliance procedures.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.