Remember when you opened your first bank account? We’re betting it wasn’t as simple as showing up with a bag of money and asking them to hold onto it for a little while.
Even opening a simple checking account requires multiple forms of identification, proof of residence and citizenship, even your social security number.
You might not think much of it, but your bank is actually protecting you and your money when they ask for information to verify your identity. They are also protecting themselves.
After all, banks want to safeguard their institutions from bad actors and financial criminals. Drug dealers can’t simply show up to banks with a truck full of money and no driver’s license and get a savings account with no questions asked.
Banks want to know who they’re in business with, and as a cryptocurrency money services business (MSB) money transmitter, the law requires you do as well. This is called KYC/CDD.
We’re continuing our series of crypto compliance 101 posts to help cryptocurrency business owners understand the regulatory landscape, its nuances, and what steps need to be taken to strengthen their compliance.
Today’s topic is Know Your Customer/Customer Due Diligence (KYC/CDD). KYC/CDD refers to standards set forth by the Financial Crimes Enforcement Network (FinCEN) for customer identification, and if you are running a cryptocurrency business, you need to develop policy and procedures to comply with these standards by law.
Let’s dive right in so you can get a clearer idea of what you’re going to need to think about when it comes to this essential feature of strong compliance.
What is KYC/CDD?
In the U.S., MSBs are considered financial institutions and must comply with AML regulations. KYC is a process by which financial institutions gather information about the identity of their customers. KYC procedures must be implemented by MSBs when opening accounts and periodically during their relationship with the customer.
KYC is aimed at preventing financial institutions from being used by criminals for money laundering activities. Further, KYC allows MSBs and other institutions to understand their customers and their financial transactions, and to better and manage their risks.
Likewise, CDD tries to improve financial transparency and keep criminals and terrorists from misusing companies to disguise their illicit activities and launder funds. In the United States, the CDD Rule amends Bank Secrecy Act regulations to do just that.
The CDD Rule has four basic requirements. The rule requires MSBs and other applicable financial institutions to create and maintain written policies and procedures that are reasonably designed to:
- Identify and verify the identity of customers;
- Identify and verify the identity of the beneficial owners of companies that open accounts;
- Understand the nature and purpose of customer relationships to develop customer risk profiles; and
- Conduct ongoing monitoring to identify and report suspicious transactions and to maintain and update customer information on a risk basis.
How Does KYC/CDD Work In Crypto Versus Traditional Finance?
In traditional finance, KYC/CDD procedures involve a thorough review of account applications, a comprehensive investigation to verify new customer information, and ongoing monitoring of the transactions of established customers.
Bank personnel constantly check to see if new applicants or their customers are on watchlists (like OFAC’s SDN list) to see if they have any links to known money launderers or terrorists.
With an approved application, the bank assigns a risk rating and profile to each customer. This is based on the information the applicant provided about their income sources and the results of the KYC/CDD investigation. The risk rating dictates how closely the bank will monitor the customer’s transactions.
If the risk raking is high, the account will be reviewed more frequently. The risk rating is part of the customer’s profile, and if the customer’s activity deviates from what is expected, or if there’s a pattern that’s inconsistent with the bank’s expectations, the account will be reviewed for suspicious activity.
Cryptocurrency’s peer-to-peer transaction authentication was designed to allow coin holders to avoid institutional intermediaries, which have traditionally taken on the role of gatekeepers in the global AML paradigm.
While the decentralized, anonymous nature of cryptocurrency has been at the center of its popularity, many governments want to examine these encrypted digital money trades.
Most token sales now require the provision of an identification document so investors can satisfy KYC requirements. In addition, many cryptocurrency exchanges use local banks. These banks rely on correspondent banks to handle the transactions into dollars and other traditional currencies. These banks risk fines and prosecution for financial crimes committed with transactions without documented KYC.
How Does This Apply To Cryptos?
The cryptocurrency industry continues to evolve, and so too do the regulating bodies of governments across the globe. Until there is a uniform framework for KYC/CDD and other cryptocurrency rules, regulators have attempted to fit cryptocurrency into existing structures. However, in the U.S., various agencies have treated cryptocurrency differently, with the SEC, the IRS, and FinCEN all finding varying interpretations for handling these coins.
Regulators are creating new rules to address the specific situation of cryptocurrencies. Until specific regulations are implemented, crypto MSBs must conduct appropriate due diligence and implement compliance procedures that apply to the existing AML and KYC regulations.
The tools and standards in the cryptocurrency environment for identification are still evolving; it is a much different operating space than traditional banking and finance.
Although identifiable information isn’t readily accessible on the blockchain, it’s possible to find the source of the code from the original wallet which had the token. To determine the owner of the wallet, cryptocurrency exchanges have begun applying AML and the KYC rule. Prior to opening a digital wallet, a customer must identify himself with his name and proof of address.
This type of self-regulation may be a viable practice where crypto exchanges can prohibit use by overly anonymous virtual currencies. We’ll say it again — in lieu of specific regulation, crypto MSBs are expected to adhere to existing AML compliance practices, including KYC/CDD.
Key Takeaways For Crypto MSBs
KYC/CDD practices are to be treated as the standard for stopping money laundering in the cryptocurrency ecosystem. New, creative solutions that address regulator demands without threatening the unique benefits of this technology will continue to evolve with the industry.
Many in the industry contend that distributed ledger technology can provide MSBs and cryptocurrency exchanges with the customer information they must collect, and at the same time protecting the identity and privacy of the individual.
If you are running a cryptocurrency business and need help setting up an AML program including KYC/CDD policies and practices, contact BitAML today.