The cryptocurrency industry has historically dealt with regulation reactively rather than proactively, with crypto exchanges and marketplaces often opting for the bare minimum when it comes to Know-Your-Customer (KYC) and Anti-Money-Laundering (AML) implementation. While this approach has allowed the industry to flourish outside of the frameworks offered by “standard” banking practices and financial regulations, there have been dire consequences for the industry, such as compromised legitimacy and limited consumer protection. In fact, the lack of real identity verification practices within the crypto exchange ecosystem is probably the number one reason why hacks, thefts, and fraud are so commonplace. If you examine the large-scale hacks like the one that stole ~7000 BTC from Binance in early 2019 or the infamous Coincheck hack that happened the previous year, you will see that the perpetrators were never caught, and the funds were never returned. The idea that a thief can remain anonymous while creating an account and using an exchange service enables would-be hackers far beyond the scope of reasonable consumer protection.
On top of the ever-growing need for consumer protection from hacks and fraud, the industry is now facing another reason to implement KYC/AML measures. As the industry gains momentum, there is development coming from both big banks and big corporations looking to enter the cryptocurrency space, and they are fostering a more mature industry than ever before. These well-seasoned veterans of the financial world demand legitimacy at every turn and they seem almost eager to meet or exceed regulatory expectations. Their “regulation-friendly” approach to crypto and the precedents they set to put pressure on any crypto firms who wish to stay competitive in a rapidly changing market.
With large institutions setting the bar for KYC and AML compliance, and nefarious entities trying their best to find holes in the security protecting exchange wallets, the case for KYC/AML regulations is greater than ever before, but does the industry really need it?
Why Are Exchanges Facing AML/KYC Regulations?
Over the years, crypto and the industry built around it has gained a bad rap. Thanks to the early days of the Silk Road and the Dark Web, cryptocurrencies are often looked at as the perfect financial tools for criminal activity, and in some regards, they are.
Until recently, cryptocurrencies were not subjected to the same rules as “real” money, and because of this, the technology was easily adapted for use on the black market. Most importantly, crypto’s ability to be used anonymously (or pseudo-anonymously) meant that anyone could exchange value for anything without having to worry about being associated with the transaction. While this type of “privacy” holds a certain appeal for those who believe that financial transaction data should belong only to those who partake in the deal, it is easy to see how complete anonymity could also allow for criminal activity to go unchecked, putting anyone wanting to use cryptocurrency at risk.
Regulators have seen the risks posed by unregulated crypto exchanges, and have begun a global campaign to push KYC/AML requirements onto the industry. While this level of identity verification and transaction monitoring cuts deeply into the bottom lines of exchange services, it appears now that most developed nations will not allow exchange services to operate unless they can provide the same level of KYC/AML compliance as any other financial institution.
Financial Rules For Financial Industry
Consumer protection isn’t a new idea in the financial world, and by all rights, it shouldn’t be. In 1970, the U.S. passed the Bank Secrecy Act, which for the first time required banks and financial institutions to monitor the identities and transactions of the individuals using a bank’s services, and to report any suspicious activity to the relevant authorities. Banks were also required to record the information of transactions over a certain dollar value, in case authorities ever needed to call on the information should it turn out that the transaction was used to fund illegal activity. Since the implementation of the Bank Secrecy Act, almost all western countries have come to follow suit and implement similar rules for their own countries, refining the rules over the course of the last three or four decades. One of the spinoffs from the Bank Secrecy Act was the formation of the Financial Action Task Force (FATF), a global monetary authority consisting of 38 member states representing the world’s largest economies.
The FATF’s stated mission is to protect the global financial system from money laundering, terrorist financing, and other related threats, and as part of this mission, the FATF has implemented a rule in June 2019 for the crypto industry that requires every exchange operating within the FATF jurisdictions to record the information of any transaction over $1000 USD.
Countries should ensure that originating Virtual Asset Service Providers (VASPs) obtain and hold required and accurate originator information and required beneficiary information on virtual asset transfers, submit the above information to beneficiary VASPs and counterparts (if any), and make it available on request to appropriate authorities. / FATF Public Statement – Mitigating Risks from Virtual Assets
While this concept might seem simple, the new “Funds Travel Rule” is the biggest step the crypto world has seen toward a legitimate financial framework, and it is not without its problems. As exemplified in this Wall Street Journal article, crypto firms are struggling to develop an approach for sending and receiving customer data across all platforms in an industry that is decentralized by nature. The firms that suffer the most are the small start-ups that entered the space before the Travel Rule was implemented, and are now inundated with a seemingly impossible task and limited resources to try and become compliant. Additionally, any jurisdiction outside of the FATFs oversight is still free to govern crypto exchanges any way they want, making the rules even more convoluted for both consumers and service providers looking to use a globalized service. Time will tell if this traditionally minded approach to KYC and AML can work in the ultra-segmented world of crypto-finance, but for the time being, tried and tested financial regulations are all regulators have to help protect consumers.
How are crypto’s adapting to the need for AML and KYC rules?
As a general rule, any established U.S. based crypto exchange already meets the requirements for KYC/AML compliance because they are required to as registered Money Service Businesses with FinCEN. Large exchanges based outside the U.S., such as Binance, are rolling out new U.S. based exchange services that are KYC/AML compliant in a bid to hold onto their market share in the wake of the FATFs new Travel Rule. It would seem that the big players in the industry are already getting a handle on the new KYC/AML requirements, and they are recognizing that it is important to become compliant.
Unfortunately, it is the smaller exchanges that lack the infrastructure and capital to meet the requirements, and are therefore struggling to adapt. These small exchanges and service providers could be forced to shut down, or to move outside of AML/KYC regulated jurisdictions, greatly reducing their access to the wealthiest market segments. In early September, headlines speculated that the Netherlands was considering banning any crypto exchange based outside the European Economic Zone, and while this is a small example of where these new regulations are taking the industry, the risk to small exchanges is obvious. A crypto industry that only has room for large, KYC/AML compliant exchanges is an industry that could be missing out on tons of development potential from grass-roots innovators, and reserving the industry for only big-time players is one step too close to centralization for many crypto-purists.
The bottom line is there is no way to make the entire industry KYC/AML compliant overnight, and there is no way to demand compliance without compromising the smaller startups looking to innovate in the space on a limited budget. These days, crypto tech is enticing big institutions like J.P. Morgan and Facebook to enter the space, and there is no doubt that these firms have more than enough resources to comply with regulations while pumping some serious effort into solid tech development. The industry is maturing and ultimately heading toward a bright future full of further development, and further adoption. In order to stay competitive and relevant in this new world of sophisticated financial technologies, crypto exchanges and service providers need to bolster their efforts and meet the KYC/AML requirements for the sake of not only consumers but for their own survival as well.