How do AML and KYC regulations work? When do you need to complete AML/KYC verification? Do you really have to upload a selfie of you holding your passport just to trade crypto? Today, we’re explaining everything you need to know about AML, KYC, and identity verification in crypto.
What is Know Your Customer (KYC)?
Know Your Customer (KYC) is the process of verifying a customer’s identity. In the financial world, banks have a responsibility to “know their customers”. Banks are expected to take steps to verify the identity of their customers.
To verify their identity and complete KYC verification, customers might have to upload identification documents. You might have to send your full name, address, and Social Security Number (SSN) to your bank to complete KYC verification, for example.
KYC, in other words, is the basic identity verification process used by banks, exchanges, and financial institutions. In most jurisdictions, you cannot sign up for a bank account anonymously. You must give the institution your name and other personal information. This is KYC in a nutshell.
Regulations vary between states and countries. Generally, however, companies that provide financial services must follow KYC or AML regulations.
What is Anti-Money Laundering (AML)?
Anti-Money Laundering (AML) is similar to KYC but with a broader scope: AML refers to measures used by financial institutions and governments to prevent and combat financial crimes, especially crimes involving money laundering, criminal financing, or terrorist activity.
Money laundering is the practice of taking money obtained through illegal means and ‘cleaning’ the money by running it through some type of system. Someone who just sold $10 million worth of illegal drugs, for example, might buy $10 million of BTC in cash through LocalBitcoins, then sell those bitcoins on an exchange for US Dollars before withdrawing it.
What is Combatting the Financing of Terrorism (CFT)?
Sometimes, you’ll see a third acronym mentioned when talking about KYC and AML. You might see banks or crypto exchanges talk about Combatting the Financing of Terrorism (CFT).
As you can guess from the name, CFT verification is designed with similar goals to KYC and AML verification. With CFT verification, the bank wants to make sure that you’re not laundering money for terrorist purposes.
Generally, CFT is mentioned as a part of a financial institution’s broader AML program. Many financial institutions refer to their identity verification system as “AML/CTF verification”, for example.
CFT became a crucial part of financial verification starting in late 2001. After the September 11, 2001 attacks, countries realized they needed to take action to combat the financing of terrorism.
What’s the Difference Between AML and KYC?
KYC is the basic identity verification process used by banks and other financial institutions. When you give a bank your name and other personal information, you’re completing that bank’s KYC process.
AML, meanwhile, is much broader than KYC. AML refers to the measures used by banks and other financial institutions to combat illegal activity – like money laundering or terrorist financing.
It’s easy to blur the lines between KYC and AML. However, banks that lump KYC and AML together often face regulatory fines.
Here’s a clearer explanation of the difference between AML and KYC:
KYC is the identity verification process financial institutions use to identify their clients
AML is a program or set of procedures implemented by a financial institution that consists of components like Customer Due Diligence (CDD), Enhanced Due Diligence (EDD), and other policies
What’s Involved in an AML Program?
While KYC is straightforward identity verification, AML can consist of multiple components. An Anti-Money Laundering program can consist of all of the following:
Customer Due Diligence (CDD): CDD is a basic type of KYC procedure where a customer’s data – like proof of identity and address – is collected and used to evaluate the customer’s risk profile.
Enhanced Due Diligence (EDD): EDD is a more advanced type of KYC procedure for high-risk customers. CDD may have identified a handful of customers perceived to have a higher risk, for example. These customers are required to complete EDD. These individuals are perceived to have a higher risk because they are more likely to launder money or finance terrorism using the financial institution. Thus, individuals identified through EDD will be regulated and monitored to a higher standard.
Ultimate Beneficial Ownership Information (UBO): EDD can include verifying the Ultimate Beneficial Ownership information. The ultimate beneficial owner is the person who ultimately owns or controls a customer and/or the person on whose behalf a transaction is being conducted. Let’s say your brother-in-law is a high-risk individual but you are not. You make transactions on behalf of your brother-in-law to avoid triggering AML procedures, although your brother-in-law is the ultimate beneficial owner.
Politically Exposed Persons (PEPs): Politically exposed persons (PEP) verification can identify individuals who are at risk of being bribed or coerced into making certain transactions. These individuals might be identified as high-risk simply because they could be coerced into making problematic transactions – even if the individual is otherwise trustworthy.
Risk-Based AML Policies: A company may have other risk-based policies outside of the CDD and EDD process to identify or monitor high-risk individuals.
Ongoing Risk Assessment and Ongoing Monitoring: After a customer is onboard, a financial institution will continue to monitor the individual and assess the individual’s risk over time. A customer may start as a no-risk individual, for example, before gradually progressing to a high-risk individual.
AML Compliance Training Programs for Staff: Good financial institutions implement AML policies at every level of the organization – from the automated onboarding system to every level of employee. Employees will receive training in how to spot, monitor, and report high-risk individuals.
Internal Controls and Internal Audits: To keep everyone in check, a good AML policy will have internal controls and internal audits. These systems will check to verify no high-risk individuals or high-risk transactions have slipped through the cracks.
How Automated KYC/AML Software Works
When you sign up to a cryptocurrency exchange, you may have to complete KYC/AML verification. Typically, the exchange itself isn’t doing the verification – they rely on a third party or automated software to verify your information.
Automated AML software is far more efficient for any financial institution. This software performs something called Electronic Identity Verification (eIDV).
eIDV systems typically have three steps involved in verifying a customer’s identity:
Step 1) Select the proof of identity document (passport, national ID card, or driver’s license)
Step 2) Upload a photo of the selected document
Step 3) Upload a photo of the individual holding the selected proof of identity document
eIDV systems have become more advanced over time. Some verification systems even use blockchain technology to enhance the process. Blockchain technology can help the financial institution avoid legal and reputational issues, combat criminal acts like money laundering, ensure the safety of investors’ assets, and establish credibility with banks.
Who Enforces AML Regulations?
In 1989, the world’s biggest countries by economic strength gathered at the G-7 Summit in Paris to establish the Financial Action Task Force on Money Laundering or FATF.
The Task Force was given the responsibility of examining money laundering techniques and trends, reviewing the procedures already in place at the world’s financial institutions, and setting procedures that would ultimately reduce money laundering across the international banking system.
Within less than a year of its creation, the FATF delivered a report containing 40 recommendations. These recommendations described a path towards ending money laundering.
As of 2019, a total of 39 countries or regional coalitions have joined the FATF. You can view the full list here. Member organizations include the European Commission and the Gulf Cooperation Council. Member countries include most of the world’s developed nations, including the United States, United Kingdom, Germany, France, Canada, Australia, Japan, South Korea, and others.
In 2001, the FATF’s mandate expanded to include terrorism financing. New Anti-Terrorism Financing (ATF) procedures were implemented in October 2001, one month after the September 11 terrorist attacks.
One of the most important areas in which you’ll hear about the FATF is when hearing about blacklisted countries. The FATF maintains the “FATF Blacklist”, for example, of high-risk countries for money laundering, and the FATF Greylist of medium-risk countries.
How Does Money Laundering Work?
Money laundering, as explained above, is the practice of “cleaning” dirty money. A criminal who has obtained money through illegal means may try to pass that money through a legal business – like any cash-based business. Ultimately, the money cannot be traced back to the criminal or illegal activity.
There are all sorts of ways to launder money. Some criminals use legal businesses to launder money. Other criminals pass money through foreign countries. The money is deposited into a foreign bank account, for example. Others invest the money. Today, a growing number of criminals simply buy crypto, taking advantage of exchanges with minimal KYC/AML procedures to clean their money.
It’s up to financial institutions to verify where this money came from and where the money is going. Financial institutions will rely on automated and manual AML procedures to identify large transactions. Cash transactions that exceed $10,000, for example, maybe double-checked to verify their origin and destination.
In cases of major crimes – like robbery, embezzlement, or larceny, the law enforcement agency may return the funds or property during the money-laundering investigation to the victims of the crime. If a criminal embezzled money, for example, and then laundered the money, then the victims may receive compensation.
Which Crypto Exchanges Use KYC/AML Verification?
KYC/AML procedures vary widely across the crypto industry.
Virtually every reputable crypto exchange uses some type of KYC/AML verification. However, some less reputable exchanges continue to allow traders to trade anonymously.
Limits also play a crucial role in KYC/AML verification. Changelly, for example, lets you exchange up to $300 in your first transaction without verifying anything more than an email address. Traditional cryptocurrency exchanges, meanwhile, may require you to verify your identity to trade more than $1,000 per month.
Non-Compliance Leads to Serious Fines
Financial institutions spend billions of dollars on KYC and AML verification every year. There’s a good reason for that: failing to comply with KYC and AML procedures can lead to serious fines.
One of the biggest KYC/AML-related fines occurred in September 2018 when Dutch bank ING was fined $900 million for failing to meet Dutch AML compliance requirements.
The investigation into ING was led by the Netherlands Public Prosecution Service, which discovered that the bank failed to execute policies meant to prevent financial economic crimes (like money laundering). Between 2010 and 2016, ING had failed to meet due diligence standards by neglecting to report suspicious transactions within its network.
The ING punishment sent shockwaves throughout the European financial system. Regulators from the European Central Bank, the European Banking Authority, and the European Commission took strong action against current KYC/AML regulations with the goal of avoiding a similar event in the future. A confidential paper was circulated to governments throughout Europe outlining gaps in current KYC/AML procedures.
Ultimately, KYC and AML verification is not a perfect process and it never will be. As KYC/AML procedures have improved over time, however, it has become harder and harder for criminals to launder money through existing banking systems.
Top Cryptocurrency Exchanges Without KYC/AML
We just spent 2,000 words explaining how KYC and AML procedures reduce criminal activity in the global financial system. Now, we’re going to tell you about cryptocurrency exchanges that have no KYC or AML procedures in place.
Binance is one of the world’s biggest cryptocurrency exchanges in terms of the trading volume. There’s a simple reason why Binance is so popular: it has strong liquidity, lots of cryptocurrency pairs, and virtually no KYC or AML requirements whatsoever.
Today, you can trade on Binance just by verifying your email address. The only real “restriction” for non-verified users is that you can only withdraw up to 2 BTC worth of crypto every day. If you complete KYC/AML verification, these limits disappear. For most traders seeking anonymous crypto trading, however, a 2 BTC withdrawal limit is more than enough.
Please note that these rules apply to all non-American users. Since September 2019, Binance has required all American users to complete KYC/AML verification to execute trades on the platform.
KuCoin is another high-volume cryptocurrency exchange popular among cryptocurrency traders seeking an anonymous platform. KuCoin is similar to Binance for more than just its lack of KYC/AML regulations: it also has its own digital currency called KuCoin Shares (KCS) that function similar to Binance’s native currency, Binance Coin (BNB).
Today, KuCoin accepts non-verified crypto users from all over the world – including the United States. If you want to make crypto trades with no KYC/AML verification required whatsoever, then KuCoin is a great option.
Bitfinex has always been one of the world’s most popular cryptocurrency exchanges despite having limited regulations and transparency. Bitfinex does not require KYC for users. The only restriction is that non-verified users can “only” withdraw up to 10 BTC in each 24 hour period.
Other Lesser-Known Exchanges
The exchanges listed above are the best-known crypto exchanges with no KYC/AML verification required. There are plenty of other lower-quality, less-liquid exchanges
Know Your Customer (KYC) is an identity verification system used by banks to identify their clients. Banks have a responsibility to ‘know their customers’, and a bank’s KYC procedures help them do that.
Anti-Money Laundering (AML), meanwhile, has a broader scope. AML procedures are built with the goal of managing risk. A customer’s risk will be checked upon signing up for a platform, for example, and the client’s risk will be monitored continuously over time. Clients with a high risk of making suspicious transactions – like transactions involving money laundering or terrorist activities – will be identified by the institution’s AML procedures.
Today, both KYC and AML procedures play a crucial role in the world of crypto. They prevent people from using bitcoin to launder money or finance criminal activity.
Of course, KYC and AML procedures also have their downsides: they introduce barriers into the crypto space, for example. They force you to verify your identity with a centralized organization prior to buying or selling crypto.
There are pros and cons of KYC/AML verification, but both Know Your Customer (KYC) and Anti-Money Laundering (AML) policies will continue to play a crucial role in the financial and crypto ecosystems for the near future.
I'm Aziz, a seasoned cryptocurrency trader who's really passionate about 2 things; #1) the awesome-revolutionary blockchain technology underlying crypto and #2) helping make bitcoin great ‘again'!