Know Your Customer (KYC) and Customer Due Diligence (CDD) are mission-critical components of successful bitcoin compliance. But like most things, their value is dependent on their efficacy.
How do cryptocurrency businesses stay ahead of rapidly evolving and increasingly sophisticated financial crime in the space?
Simple. By keeping up with best practices and evolving their own protocols to respond to trends in crypto AML compliance.
In this post, we’ll share some new KYC cryptocurrency insider tips to help your business stay competitive and stay compliant.
But first…
Revisiting KYC/CDD for cryptocurrency
KYC and CDD refer to the identity verification protocols of financial institutions put in place to comply with Bank Secrecy Act (BSA) regulations.
We covered the topic and what it means in regulatory compliance more in-depth for our cryptocompliance 101 series, but in short, cryptocurrency money services businesses (MSBs)/money transmitters (as defined by FinCEN) are required by law to put policies in place to identify and collect certain data on all customers, and to report potentially suspicious activity if such activity occurs.
KYC/CDD are essential to preventing and reducing crime in the financial sector, including the cryptocurrency space.
However, given the decentralization of crypto and the potential anonymity it offers, KYC can be difficult to implement and enforce.
Don’t be taken in by skeptics of AML compliance and crypto KYC, though. As 2019 has shown and as we have documented relentlessly, more regulations are coming to crypto, not fewer.
Here’s the bottom line.
Cryptocurrency businesses that prioritize and apply AML compliance protocols now will grow and thrive. Those that resist will flounder and flop, or worse, be pushed into illicit activity and the dark web.
With all that being said, crypto KYC isn’t a set-it-and-forget-it thing. Good KYC/CDD practices are constantly evolving, especially as new cryptocurrency regulations are introduced and enforced and as scams, bitcoin money laundering, and other financial crime becomes more sophisticated.
Remember — criminals are working to be one step ahead of the curve all the time just like you.
5 new KYC tips based on AML compliance best practices
We’re here to help aboveboard cryptocurrency businesses keep pace. That’s why we’ve put together these 5 tips to enhance KYC protocols.
The following tips are based on the latest best practices in compliance and can be used to update existing KYC protocols or to jumpstart a discussion about implementing KYC for your business.
If you need help with the latter, you can fill out a form at the end of this post for a free consultation.
But first, let’s dive in with Tip #1.
KYC Tip #1: Implement a “cooling off” period
Depending on the size of a transaction, cryptocurrency MSBs (BTMs, exchanges, and traders alike) should enforce “cooling off” periods with customers.
Say a customer purchases a sum of cryptocurrency that would place said customer either in a higher tier than usual, or at the top of your transaction limit (but still below a limit for suspicious activity).
Internally mark that customer for a “cooling off” period or a week, or 72 hours, or some period of time before they can transact with you again.
How does this help?
A cooling-off period control can cut down on potential scam activity or money laundering. Typically, unexpectedly large transactions should trigger a KYC review and, in some cases, suspicious activity reporting.
Of course, it’s always possible that the customer simply wants to invest more into cryptocurrency than usual for honest reasons. But repeated unusual transaction activity could be a sign of suspicious activity. A cooling-off period is one way to potentially mitigate or stymie bad-faith actors.
KYC Tip #2: Promoting customers to higher tiers
Trusted customers may, over time, increase the amount they transact with you. Whenever a customer, whether new or long-time, transacts at a higher level, your business should be sure to review the transaction and ensure they have been placed in the tier appropriate to the transaction size.
This might mean that you will need to collect more information to verify the identity of the customer, and the purpose of the transaction.
A longtime customer might find this odd, given that they have established a relationship with your company.
But the truth is, regulators don’t care if your customer is your best friend. Anyone and any relationship can be exploited by financial criminals. Even your best friend could be an unwitting victim of a scam. This could actually be your only opportunity to protect them and their money.
If customers qualify for a higher KYC tier, promote them to it, regardless of the relationship established with that customer. Period.
KYC Tip #3: First-time customer touchpoints
KYC isn’t just an AML concept; it’s good business.
Incorporate some kind of touchpoint for first-time customers, whether a short survey or an interview of some kind. This helps you get to know them a little better, and gives them an opportunity to provide you with valuable feedback about their experience with your financial institution.
Ask them how they liked using your service, or if there’s anything you can do better. Think of this as a customer service step.
It’s also a good opportunity to spot scam activity among customers you don’t know so well yet. If a first-time customer tells you they’re converting money to bitcoin to purchase a car online, for instance, you can counsel them to the potential for fraud, potentially saving them from a scammer.
Remember too that fraud isn’t just a cryptocurrency issue. It’s a societal problem. But we know when we’re looking at scam activity in our space. As we’ve covered before, we’re often the only defense.
KYC Tip #4: PEP/SDN protocols
If there is any KYC protocol we find most lacking in the crypto space, it’s the inconsistent enforcement (or complete absence) of a policy for preventing transactions with Politically Exposed Persons (PEPs) or Specially Designated Nationals (SDNs).
This refers to the screening and reporting of individuals placed on governmental blocklists that prevent banks and other financial institutions from transacting with them. These figures are often wanted for investigations and are potentially suspected criminals. Regardless of their status, transacting with them is absolutely prohibited and carries steep fines.
An international bank is typically better suited and resourced to detect PEP/SDNs than a crypto kiosk, but that’s all the more reason to enforce this protocol. Cryptocurrency MSBs are sometimes lacking in this area because the potential for identifying a PEP/SDN is rare.
But because banks have stricter protocols and cryptocurrency businesses typically have less-stringent enforcement, crypto is an appealing alternative financial system for these individuals.
Don’t allow them safe haven, even if it’s rare you’ll come across them. What’s more, there are API configurations out there for BTMs to make the process automatic. Failing that, real-time searches of OFAC for PEP/SDN status can be done in seconds.
KYC Tip #5: No exceptions. None.
This tip is deceptively simple, but recall some of the language from Tips #2 and #3.
It can be tempting to let certain customers “slide” on KYC. Maybe you have a personal relationship with them. Maybe they’re a good, long-time customer. Or, maybe they’re a new customer, but you want to cut them a break hoping they’ll return.
Simply put, if you let any customer slide on KYC for any reason, you’re not only doing them a disservice if they are unwitting participants in a scam, you’re breaking the law.
Do not allow any exceptions to your KYC protocols. Enforce them consistently and ruthlessly.
Furthermore, any request for a transaction by a customer, whether your best friend or a new walk-up, is in itself a red flag for potentially suspicious activity.
Please note that cryptocurrency AML red flags are highly customized to each business model and the best way to determine which cryptocurrency red flags will catch the most suspicious activity is to work with an AML consulting firm.
Key takeaways for bitcoin compliance
These tips were developed based on some of the common concerns and recent best practices in crypto transaction monitoring, and we hope they are useful to you.
That said, as we mentioned before, KYC/CDD are constantly evolving to keep up with financial crime, so it is imperative that your cryptocurrency business prioritize AML compliance and update your protocols regularly.
If you are an entrepreneur in the space and have questions about compliance requirements, BitAML offers free consultations. Reach out to us here.
You can also try a demo of our AML software ComplyFit.