Table of Contents
- 1 Key Takeaways:
- 2 What Is KYC (Know Your Customer)?
- 3 3 Components of KYC
- 4 Overall Goals of KYC
- 5 Benefits of KYC Compliance
- 6 What Is eKYC?
- 7 Who Needs To Be KYC Compliant
- 8 The Cryptocurrency Industry and KYC
- 9 Why Does The Crypto Industry Dislike KYC?
- 10 Impact of Increasing Regulations
- 11 Decentralized Identity as the Solution
- 12 Identity.com
Key Takeaways:
- Know Your Customer (KYC) is a set of processes used by financial institutions and other regulated businesses to verify customer identities and assess potential risks, helping them understand who they’re doing business with.
- The KYC process has three main components: Customer Identification Program (CIP), Customer Due Diligence (CDD), and Ongoing Monitoring.
- Electronic Know Your Customer (eKYC) digitizes the KYC process, allowing for more efficient, secure, and faster identity verification.
- KYC compliance is mandatory across various industries. This includes banking, finance, insurance, telecommunications, and increasingly, the cryptocurrency sector.
As businesses increasingly engage with individuals in the digital world, they actively find it easier to transact millions of dollars within seconds. However, not all transactions are legal or intended for their claimed purpose. Some involve stolen funds or illegal activities like terrorism, while others may be connected to identity theft, fraud, bribery, and more.
To address these concerns, governments, and regulatory bodies have implemented policies to make financial transactions safer. One such policy is KYC, or Know Your Customer, which requires businesses to verify the identity of their customers before engaging in financial transactions
What Is KYC (Know Your Customer)?
KYC (Know Your Customer) is a legal requirement, especially for businesses in the financial sector, that verifies customer identities and assesses potential risks to combat financial crime. It goes beyond simple name checks. A comprehensive KYC approach, often called “Effective KYC,” is crucial for safeguarding organizations from fraud, money laundering, and terrorist financing. Failing to comply with KYC regulations can lead to hefty fines, sanctions, and reputational damage. Effective KYC also promotes a secure financial ecosystem for all participants.
3 Components of KYC
Know Your Customer (KYC) compliance consists of three key pillars:
1. Customer Identification Program (CIP)
Established by the USA Patriot Act of 2001, CIP mandates that financial institutions collect basic identifying information from customers. This typically includes:
- Name
- Date of birth
- Address
- Identification Number
While these are the minimum requirements, institutions may collect additional details like phone numbers, emails, and selfies for verification purposes. High-risk customers might require further data such as IP addresses. The specific information collected can vary depending on the company and its location.
2. Customer Due Diligence (CDD)
CDD delves deeper into a customer’s background to assess their risk profile for suspicious activity. This process, enforced by the Financial Crimes Enforcement Network (FinCEN), involves:
- Verifying customer identities (matching with CIP data)
- Identifying and verifying ownership structures (for companies)
- Understanding customer relationships to create risk profiles
- Ongoing monitoring for suspicious transactions and reporting (explained further in #3)
Levels of Customer Due Diligence (CDD)
The intensity of CDD applied depends on a customer’s risk score, calculated during onboarding. Here’s a breakdown of CDD levels:
- Simplified Due Diligence (SDD): A basic level for low-risk scenarios, where customer identity verification might not be mandatory. The focus is on monitoring the business relationship.
- Basic Due Diligence (BDD): Standard CDD involves collecting and verifying customer data during onboarding.
- Enhanced Due Diligence (EDD): A more comprehensive process for high-risk customers, including politically exposed persons (PEPs) and high-net-worth individuals (HNWIs). It requires additional data collection, continuous monitoring, and scrutiny of transactions with third parties.
3. Continuous Monitoring (CM)
This is a continuous process of monitoring customer activity and transactions over time. If suspicious activity is detected, a Suspicious Activity Report (SAR) must be filed with FinCEN within 30 days. The SAR should detail the suspicious activity and any identified suspects. If no suspect is identified initially, institutions can monitor for an additional 30 days before filing. However, the SAR filing cannot be delayed beyond 60 days from initial detection.
Overall Goals of KYC
KYC compliance has three primary objectives:
- Verify customer identities
- Confirm the legitimacy of customer funds
- Mitigate the risk of money laundering or terrorist financing, aligning with Anti-Money Laundering (AML) protocols
Benefits of KYC Compliance
KYC provides several benefits for companies, including:
- Understanding customers: KYC helps companies to understand their customers better, including their identity, risk profile, and needs. This information can be used to develop more targeted and effective products and services, and to build stronger customer relationships.
- Protecting customers and the organization: KYC helps companies to protect their customers from fraud and financial crime. It also helps to protect the company itself from reputational damage and financial losses.
- Compliance: KYC is a regulatory requirement for many businesses, particularly those in the financial sector. By complying with KYC requirements, companies can avoid fines and other penalties.
What Is eKYC?
eKYC, also known as Remote KYC, provides a digital alternative to the traditional in-person KYC procedure that has been in use for decades. Although people often use eKYC and KYC interchangeably, eKYC specifically refers to digital KYC processes. The acronym “eKYC” stands for “Electronic Know Your Customer,” representing an online process that actively reduces the costs and bureaucratic hurdles that associate with in-person KYC procedures.
With eKYC, customers submit their identifying documentation electronically through a computer or mobile phone user interface, just as they would with in-person KYC. However, eKYC is faster, cheaper, and more secure than traditional KYC processes. Additionally, electronic systems generally incorporate robust fraud detection algorithms. These algorithms analyze identifying documentation for special security features that humans may overlook.
Institutions such as banks, cryptocurrency exchanges, and online wagering sites typically utilize eKYC systems. Furthermore, eKYC systems have more recently found application in the creation of digital or even decentralized identities.
Who Needs To Be KYC Compliant
KYC compliance is a regulatory requirement for many industries, including:
- Banking Sector and other financial institutions, including payment companies, fintech, credit unions etc.
- Insurance Establishments/Organizations.
- Regulated Industries, such as gambling facilities.
- Digital Wallet Providers.
- Real Estate Agencies.
- Asset Management Firms.
- Dealers Of High-Value Goods
- Trust Formation Services
- Cryptocurrency Exchanges.
The Cryptocurrency Industry and KYC
The KYC regulation previously did not apply to crypto exchanges or cryptocurrency generally, but in 2019, SEC, FinCEN, and CFTC made a collective statement that classified crypto exchanges as money service businesses (MSBs). This subjects crypto exchanges to KYC and AML policies and requirements under the Bank Secrecy Act of 1970.
Why Does The Crypto Industry Dislike KYC?
The intention for KYC is to be positive because it seeks to protect the citizens, companies and prevent illegal activities like terrorism funding and money laundering. However, the crypto industry generally dislikes KYC due to two main reasons: privacy and decentralization.
Privacy Concerns
Privacy is one of the key selling points of cryptocurrency. The transparent nature of the blockchain simplifies the process of “following the money.” Furthermore, the anonymous nature of cryptocurrency wallets facilitates transactions between one anonymous wallet and another. The anonymous nature of crypto, similar to the early Internet, was perceived as a disruptive shift from the status quo. It provided countless individuals with the opportunity to participate in transactions without government oversight, which was a compelling aspect of cryptocurrency. Consequently, KYC processes were often viewed as conflicting with the fundamental principles of the crypto ethos.
Decentralization
Decentralization, another key selling point of cryptocurrency, ensures that there’s no one entity that can monitor, block or deplatform a user. On the other hand, KYC typically means that a single centralized entity will hold numerous identities in its database. These databases of personally identifiable information (PII) often serve as honeypots, actively attracting hackers just like a pot of honey lures bears, bees, and other creatures. These centralized honeypots are also the antithesis of the cryptocurrency industry.
Impact of Increasing Regulations
The existence of KYC in cryptocurrency transactions isn’t the only reason for the dislike. It is that KYC actually serves as a symbol of more regulations in the future. Many early adopters of cryptocurrency were drawn to it because of its promise of freedom from governmental oversight and regulation. Yet, the landscape is evolving, with new regulations emerging.
For example, the “Digital Financial Assets Bill” which sought to increase scrutiny over crypto companies in California, was recently vetoed by the state’s Governor in September 2022. This bill would have mandated crypto businesses and exchanges to obtain a special license from the California Department of Financial Protection and Innovation.
This proposed California legislation mirrors New York’s “BitLicense” requirement for virtual asset service providers, and these aren’t isolated instances. In December 2020, the Treasury Department proposed a rule requiring centralized exchange users transferring cryptocurrencies valued at $3,000 or more to a private wallet to disclose the wallet owner’s personal details.
Furthermore, for transactions exceeding $10,000 in a single day, exchanges would be obligated to gather and relay transaction details to FinCEN. The request from the government for KYC led the way for most of these other regulations. This, apart from other valid reasons, is why there is a dislike for KYC in the crypto community. KYC serves as a symbol indicating that many regulations are on the way.
The introduction of KYC and similar regulations threatens one of cryptocurrency’s defining features: transactional anonymity. With KYC in place, not only is this unique attribute at risk, but users also face potential threats to their personal data. There have been instances where centralized data repositories, containing user information, have been breached by hackers. Such breaches can lead to identity theft, further underscoring the community’s concerns.
Decentralized Identity as the Solution
The fear or dislike in the cryptocurrency industry for KYC can be justified if viewed from the user’s perspective. This is where decentralized identity comes in, as it is private, secure, and decentralized.
Decentralized Identity is an open-standards-based identity framework. It utilizes digital identifiers and verifiable credentials that are self-owned and independent, enabling trusted data exchange.
In simpler terms, decentralized identity is a growing technological solution that empowers users to control their online identity through the use of an identity wallet. Decentralized Identity also gives users complete control over the amount of information they choose to share with the requesting service. This way, the user can better manage their identity’s privacy online. For example, a user can prove to be a graduate of a UK University to a 3rd party service provider without disclosing his graduating grade (first class, second class, upper division (2.1) or second class, lower division (2.2) etc.). Another decentralized identity user can prove to a 3rd party service app or website that he is 30 years old without revealing his actual date of birth.
Identity.com
This decentralized identity solution is one of the leading issues Identity.com has been working to solve. As members of the W3C and the DIF, Identity.com is building toward a secure, permissionless, and pseudonymous ecosystem. We give developers the toolkits they need to provide users with easy-to-verify, reusable and contextual digital identification that remains in their control.