🇺🇦 Hacken was born in Ukraine, and we stand with all Ukrainians in our fight for freedom!

🇺🇦 Hacken stands with Ukraine!

Learn more
bg

KYC for Crypto: How KYC prevents money laundering

KYC for Crypto: How KYC prevents money laundering

Published: 20 Feb 2023 Updated: 8 Feb 2024

Cryptocurrency exchanges must follow KYC (Know Your Customer) to reduce the use of crypto for illicit activities.

What is KYC?

KYC is a process whereby centralized cryptocurrency exchanges verify user identity by linking every account to a real-world person. It involves collecting personal information and documents to prove legal name, residence, nationality, etc.

When signing up for a centralized crypto exchange, a customer must complete the identity verification process. KYC procedures are part of anti-money laundering and counter-terrorist financing laws. There is also a travel rule, a global standard by FATF requiring exchanges to share data upon interaction.

Binance, Kraken, KuCoin, and most crypto exchanges follow the rules. Let’s review Binance’s KYC policy. The largest crypto exchange in the world has a mandatory KYC applicable to all new users. Binance collects and processes the following personal information:

  • name, gender, date of birth, nationality, home address, and image;
  • email address, phone number, and device ID;
  • transactions and related data

Anti-money laundering (AML)

AML is a set of laws, regulations, and procedures that prevent criminals from hiding the proceeds of illegal activities as legitimate funds. In most cases, AML laws have similar KYC requirements across borders. In the United States, crypto exchanges classified as a money service business (MSB) have to register with FinCEN and develop Anti Money Laundering policy. Under the Federal Bank Secrecy Act (BSA), MSBs must register with the Financial Crimes Enforcement Network (FinCEN) and create an AML program and a cybersecurity policy.

Why do crypto exchanges need KYC?

Authorities have issued obligations on centralized and decentralized payment platforms that facilitate “money transmission” to have KYC as part of AML, GDPR, and relevant laws.

Crypto assets and related payment platforms store, secure, and transmit massive monetary value worldwide. Instantaneous cross-border transfers with hidden customer identities inadvertently attract criminals. The 2023 Crypto Crime Report (chart above) demonstrates that the total cryptocurrency value received by illicit addresses reached an all-time high in 2022 at $20.6 billion. Sanctions make up the highest share.

Sanctions. Strict adherence to KYC protocols is critical for tackling the circumvention of sanctions. The Office of Foreign Assets Control (OFAC) in the U.S. and similar bodies worldwide implement cryptocurrency-related sanctions. Notable entities sanctioned in 2022 include:

  • Lazarus Group for Hacking/crypto theft on behalf of the North Korean government;
  • Ahmad Khatibi Aghada for Ransomware;
  • Alex Adrianus Martinus Peijnenburg for Drug trafficking;
  • Hydra Marketplace for Darknet;
  • Tornado Cash and Garantex for Money laundering;
  • Task Force Rusich for financing Russian paramilitary group in Ukraine.

In the case of Hydra Marketplace, sanctioning was deemed vital as 3/4rds of all the trade involved illicit funds (i.e., dark market and money laundering). Lazarus Group was found responsible by the FBI for the Ronin bridge hack. Garantex, a Russian crypto exchange that handled the majority of sanctions-related transaction volume, was sanctioned due to money laundering in April 2022. However, Garantex has continued operating without facing any consequences. In this light, ensuring proper KYC procedures is crucial in preventing Russia-based businesses from circumventing sanctions, as transfers designed to bypass these sanctions account for a significant portion of illicit transactions.

Regulations. Regulators consider exchanges as financial institutions where blockchain technology enables illegal activities. Legislators issue AML and GDPR laws requiring crypto exchanges to ensure KYC compliance. Regulations are different throughout the world. For example, Binance has many legal entities operating under different licenses:

  • Digital Asset Service Provider (DASP) in France and Italy
  • Virtual Asset Service Provider (VASP) in Spain, Poland, Lithuania, and Dubai
  • Crypto Asset Service Provider (CASP) in Cyprus
  • Financial Services Permission in Abu Dhabi
  • Financial Service Provider in New Zealand
  • Digital Currency Exchange in Australia
  • Crypto Asset Exchange Service Provider in Japan
  • Money Service Business in Canada

Binnacle must comply with relevant AML laws of the nation states where they are licensed to operate. The same applies to any other centralized crypto exchange.

Data and funds security. Another reason for regulation relates to the safety of funds and consumer data. Media headlines chronicle major cybersecurity hacks which resulted in more than $6 billion stolen in crypto. Relevant laws also force licensed crypto entities to adopt security systems.

What are the advantages of KYC?

Reduced crime. The main advantage is the reduction of blockchain use for illicit activities. Removing illegal trade is vital from legal and ethical standpoints. Regulators, investors, and larger society don’t want to see the cryptocurrency market as an avenue for funding the dark market, corrupt officials, tax evasion, ransomware, sanctions escape, and hacker groups. Other than sanctions, Chainalysis (chart above) reports that all crime types have decreased in value, attesting to the importance of KYC for more transparent blockchain technology. The data proves that “Knowing Your Customer” works, and the secure identification process gradually brings more fairness and justice.

Trust. The KYC process has become increasingly important as the cryptocurrency market grows and attracts more mainstream investors. KYC helps build trust and legitimacy in the market – indispensable for attracting institutional investors and ensuring the industry’s long-term success.

Compliance. For crypto firms, implementing KYC measures helps ensure regulatory compliance and protect against crimes, which could result in hefty fines and reputation damage. KYC-safe procedures can also help crypto firms assess customer risk, implement better due diligence, and protect users from identity theft.

KYC for : no place for privacy?

Of course, getting to know your customer has its challenges and controversies. Some rightly argue it can be too invasive and infringe on customers’ privacy. They question whether the money laundering risks warrant such an intrusive measure. Additionally, the process can be time-consuming and expensive to implement.

Can you buy crypto without KYC?

Yes, buying crypto without KYC requirements is possible using decentralized exchanges or CEXs that lack rigid identity verification, at least for now. Some web3 startups are working towards eliminating anonymity altogether.

What are the risks of buying crypto without KYC?

In the worst-case scenario, crypto users bypassing KYC may have their user accounts frozen or seized by law enforcement. However, there’s a huge difference regarding the nature of the exchange.

A CEX will face higher consequences for violating KYC than a DEX. While they may offer a more convenient and anonymous way to buy and sell crypto, depositing your money comes with some risks. Suppose law enforcement decides to investigate a non-KYC exchange for suspected non-compliance with AML and CTF regulations. In that case, the custodian will likely suspend withdrawals, and you’ll probably say goodbye to your coins.

Non-KYC crypto exchanges

Non-KYC crypto exchanges don’t require identity verification. DEXs don’t require identity verification. Some believe that regulators will find a way to force DEXs to follow KYC because anonymous transactions make it easier for criminals to use crypto to facilitate crimes, including money laundering. However, the time is yet to come.

Is KYC safe in crypto?

To ensure that blockchain technology is not used to facilitate crimes, crypto exchanges must verify their customers’ identities and assess their risk levels. Crypto exchanges and other financial institutions must implement KYC measures and take proactive and preventive measures to ensure compliance while protecting customer privacy. At the same time, we must be aware of associated risks, such as data breaches. Penetration testing by Hacken is the best solution for securing customer information.

While there are personal data concerns, the benefits of KYC compliance outweigh the risks. By implementing risk assessments, transaction monitoring, and following evolving international guidelines, crypto firms can ensure that their platforms remain safe and secure for their customers. The procedures play an instrumental role in preventing Russia-linked businesses from circumventing international sanctions. Overall, KYC is essential for improving the broader reputation of crypto.


FAQ:

What is required for crypto KYC?

The process involves a customer identification program that requires users to provide personal information such as their name, address, and government-issued identity verification.

Why do people avoid KYC in crypto?

People wanting to have anonymous accounts prevent it because they are concerned about privacy and data security.

Can I trade in crypto without KYC?

Decentralized exchanges allow anonymous asset transfers and do not require KYC compliance. However, trading on these exchanges may come with higher risks.

What will happen if we don’t do KYC?

If a crypto exchange or financial institution does not comply with KYC regulations, it may face regulatory risks, such as legal penalties and fines for crime facilitation.

Do crypto wallets need KYC compliance?

Crypto wallets do not typically require KYC compliance, as they store and manage crypto assets rather than facilitate financial transactions. However, some wallet providers may require identity verification.

share via social

Subscribe to our research

Enter your email address to subscribe to Hacken Research and receive notifications of new posts by email

Interested in getting to know whether your systems are vulnerable to cyberattacks?

Tell us about your project

  • This field is required
  • This field is required
    • telegram icon Telegram
    • whatsapp icon WhatsApp
    • wechat icon WeChat
    • signal icon Signal
  • This field is required
  • This field is required
This field is required
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo

1,200+ Audited Projects

companies logos

Apply for partnership

  • This field is required
  • This field is required
  • This field is required
  • This field is required
    • Foundation
    • VC
    • Angel investments
    • IDO or IEO platform
    • Protocol
    • Blockchain
    • Legal
    • Insurance
    • Development
    • Marketing
    • Influencer
    • Other
This field is required
This field is required
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo

1,200+ Audited Projects

companies logos

Get in touch

  • This field is required
  • This field is required
  • This field is required
  • This field is required
This field is required
By submitting this form you agree to the Privacy Policy and information beeing used to contact you
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo