Key Takeaways:

 

As businesses increasingly engage with individuals in the digital world, they actively find it easier to transact millions of dollars within seconds. However, not all transactions are legal or intended for their claimed purpose. Some involve stolen funds or illegal activities like terrorism, while others may be connected to identity theft, fraud, bribery, and more.

To address these concerns, governments, and regulatory bodies have implemented policies to make financial transactions safer. One such policy is KYC, or Know Your Customer, which requires businesses to verify the identity of their customers before engaging in financial transactions

What Is KYC (Know Your Customer)?

What Are the Three Components of KYC?

The three primary components of Know Your Customer (KYC) are: Customer Identification Program, Customer Due Diligence, and Ongoing Monitoring.

1. Customer Identification Program (CIP)

CIP, established by the USA Patriot Act of 2001, requires financial institutions to gather basic identifying information from customers to verify their identity. The information collected usually includes:

• Name
• Date of birth
• Address
• Identification Number

In addition to these, institutions may also collect additional data, such as phone numbers, emails, and selfies for verification purposes. High-risk customers may require further verification steps, including collecting IP addresses or more in-depth data based on the company and location.

2. Customer Due Diligence (CDD)

Customer Due Diligence goes beyond identification, assessing a customer’s risk profile to identify potential involvement in suspicious activity. Enforced by FinCEN (Financial Crimes Enforcement Network), CDD includes:

• Verifying customer identities (matching with CIP data)
• Identifying and verifying ownership structures (for companies)
• Understanding customer relationships to create risk profiles
• Ongoing monitoring for suspicious transactions and reporting (explained further in #3)

Levels of Customer Due Diligence (CDD)

The intensity of CDD applied depends on a customer’s risk score, calculated during onboarding. Here’s a breakdown of CDD levels:

• Simplified Due Diligence (SDD): A basic level for low-risk scenarios, where customer identity verification might not be mandatory. The focus is on monitoring the business relationship.
• Basic Due Diligence (BDD): Standard CDD involves collecting and verifying customer data during onboarding.
• Enhanced Due Diligence (EDD): A more comprehensive process for high-risk customers, including politically exposed persons (PEPs) and high-net-worth individuals (HNWIs). It requires additional data collection, continuous monitoring, and scrutiny of transactions with third parties.

3. Ongoing Monitoring (OM)

Ongoing Monitoring is crucial for tracking customer activity over time. If a financial institution detects suspicious activity, they are required to file a Suspicious Activity Report (SAR) with FinCEN within 30 days. Institutions have an additional 30 days for monitoring before filing, but the total delay cannot exceed 60 days. This process ensures any ongoing suspicious behavior is reported and handled appropriately.

What Are the Objectives of KYC?

Know Your Customer (KYC) has three primary objectives:

• Verify customer identities
• Confirm the legitimacy of customer funds
• Mitigate the risk of money laundering or terrorist financing, aligning with Anti-Money Laundering (AML) protocols

Benefits of KYC Compliance

KYC provides several benefits for companies, including:

• Enhanced customer understanding: KYC enables companies to gain deeper insights into their customers, encompassing identity, risk profile, and needs. This knowledge facilitates the development of more targeted products and services, fostering stronger customer relationships.
• Protection of customers and the organization: KYC safeguards customers from fraud and financial crimes while shielding the company from reputational damage and financial losses.
• Regulatory compliance: KYC is a mandatory requirement for numerous businesses, especially within the financial industry. Adherence to KYC regulations helps companies avoid fines and penalties.

What Is eKYC?

eKYC, also known as Remote KYC, provides a digital alternative to the traditional in-person KYC procedure that has been in use for decades. Although people often use eKYC and KYC interchangeably, eKYC specifically refers to digital KYC processes. The acronym “eKYC” stands for “Electronic Know Your Customer,” representing an online process that actively reduces the costs and bureaucratic hurdles that associate with in-person KYC procedures.

With eKYC, customers submit their identifying documentation electronically through a computer or mobile phone user interface, just as they would with in-person KYC. However, eKYC is faster, cheaper, and more secure than traditional KYC processes. For instance, a recent survey by Fenergo indicated that nearly half (48%) of banks globally reported losing clients due to slow or inefficient onboarding processes. This shows that traditional KYC is often cumbersome and slow, making eKYC a more efficient alternative. Additionally, electronic systems often incorporate sophisticated fraud detection algorithms, capable of analyzing identifying documents for security features that may escape human detection.

Who Needs To Be KYC Compliant

KYC compliance is a regulatory requirement for many industries, including:

1. Banking Sector and other financial institutions, including payment companies, fintech, credit unions etc.
2. Insurance Establishments/Organizations.
3. Regulated Industries, such as gambling facilities.
4. Digital Wallet Providers.
5. Real Estate Agencies.
6. Asset Management Firms.
7. Dealers Of High-Value Goods.
8. Trust Formation Services.
9. Cryptocurrency Exchanges.

The Cryptocurrency Industry and KYC

Until 2019, KYC regulations did not apply to crypto exchanges or the cryptocurrency industry in general. However, that year, the SEC, FinCEN, and CFTC issued a collective statement classifying crypto exchanges as money service businesses (MSBs). This reclassification brought crypto exchanges under the purview of KYC and Anti-Money Laundering (AML) requirements as outlined by the Bank Secrecy Act of 1970.

Why Does The Cryptocurrency Industry Dislike KYC?

Although KYC (Know Your Customer) regulations are intended to protect citizens and businesses by preventing illegal activities such as money laundering and terrorist financing, they are often met with resistance within the cryptocurrency community. The primary concerns revolve around privacy and the principle of decentralization.

Privacy Concerns

Privacy is a key selling point of cryptocurrency, with the transparent nature of blockchain allowing for easy tracking of transactions. However, the anonymity offered by cryptocurrency wallets enables transactions between untraceable accounts, which was a revolutionary shift from traditional financial systems. This anonymity allowed individuals to conduct transactions without government oversight, a feature that initially attracted many to cryptocurrency. As a result, KYC processes are often seen as conflicting with the core principles of the crypto ethos.

Decentralization

Decentralization is another key selling point of cryptocurrency, ensuring that no single entity can monitor, block, or deplatform a user. However, KYC requirements typically involve centralized entities maintaining large databases of personal information. These databases, often referred to as honeypots, become prime targets for hackers. The centralized nature of these data repositories directly opposes the decentralized philosophy that underpins the cryptocurrency industry.

The Impact of KYC Regulations on Cryptocurrency

The opposition to KYC within the crypto community extends beyond the procedure itself; it represents the broader concern of increased regulation. Many early cryptocurrency adopters were drawn to the promise of freedom from governmental oversight and regulation, but the landscape is rapidly changing.

For instance, the “Digital Financial Assets Bill” in California, which aimed to increase scrutiny over crypto companies, was vetoed by the state’s Governor in September 2022. The bill would have required crypto businesses and exchanges to obtain a special license from the California Department of Financial Protection and Innovation.

In the United States, the Treasury Department’s 2020 proposal requires centralized exchange users transferring cryptocurrencies valued at $3,000 or more to a private wallet to disclose the wallet owner’s personal details. Additionally, transactions exceeding $10,000 in a single day now require exchanges to report transaction details to FinCEN. These measures have amplified concerns within the crypto community about the erosion of transactional anonymity and the increasing regulatory burden.

As of 2024, global regulations on cryptocurrency continue to tighten. The European Union’s Sixth Anti-Money Laundering Directive (6AMLD) seeks to standardize AML regulations across member states, including those related to crypto assets, ensuring comprehensive regulatory oversight to prevent financial crimes. Similarly, the Markets in Crypto-Assets Regulation (MiCA) establishes a framework for crypto asset service providers in the EU, aligning them with existing AML/CTF requirements and enhancing regulatory consistency within the crypto sector.

Advantages of Decentralized Identity for KYC Processes

The resistance to KYC in the cryptocurrency industry is understandable, particularly from the user’s perspective, where concerns about privacy, security, and centralization are paramount. Decentralized identity offers a promising solution by addressing these concerns with a private, secure, and decentralized approach.

Decentralized identity is an open-standards-based identity framework that uses digital identifiers and verifiable credentials that are self-owned and independent, facilitating trusted data exchanges without relying on centralized entities.

In simpler terms, decentralized identity empowers users to control their online identities through an identity wallet. This technology gives users complete control over the information they share with requesting services, allowing them to manage their identity’s privacy more effectively. A key component of decentralized identity is verifiable credentials, which offer a more secure and efficient way to handle KYC processes by minimizing the need to repeatedly share sensitive identity information.

For example, a user can prove their status as a graduate of a UK university to a third-party service provider without disclosing their graduating grade. Similarly, a user can confirm they are 30 years old to an app or website without revealing their actual date of birth. This level of selective disclosure not only enhances privacy but also reduces the risk of fraud.

Identity.com 

This decentralized identity solution is one of the leading issues Identity.com has been working to solve. As members of the W3C and the DIF, Identity.com is building toward a secure, permissionless, and pseudonymous ecosystem. We give developers the toolkits they need to provide users with easy-to-verify, reusable and contextual digital identification that remains in their control.