The process of ‘Know Your Customer’ (KYC) is simple. Say you want to invest in an ICO, you may be particularly anxious that no organizations or individuals connected with or funding criminals and terrorists share the platform with you. KYC also refers to parties involved in other anti-government activities like money-laundering, smuggling, or coming from countries under sanctions. Even if you don’t care, the government does.
There have been stories where funds have been frozen or confiscated while the government inspected the company’s transactions. In 2014 for instance, more than 3,000 customers lost some, or all, of their investments in Mt. Gox, the largest Bitcoin exchange, after the US Department of Homeland Security (DHS) seized money from its U.S. subsidiary account.
I assure you, most token buyers would rather go through the quasi-onerous motions of KYC than have their crypto booty confiscated!
In a similar way, if you’re thinking of running a cryptocurrency exchange, a cryptocurrency ATM, or an ICO, you’d like people who participate in your token sales and incoming funds to be “clean”. Either way, FinCen, a bureau of the U.S. Department of the Treasury, requires ICOs to adopt KYC regulations. Finally, if you’re a money service business (MSB), you’d certainly want KYC to be your rule since banks, large corporations, and public bodies are all KYC-crazy.
As a client, this is what KYC means
Most credible bitcoin exchanges like Bitstamp, Coinbase, or Kraken will ask you to do the following:
- Confirm your phone number – You’ll enter a code the company sends to your mobile phone.
- Provide personal ID – You’ll likely need to attach one or more of the following: a scan of your ID or driver’s license, a recent utility bill, and/ or a copy of your birth certificate or passport. The types of required ID documents depend on the bitcoin exchange and on the amount you want to trade, with larger amounts requiring stricter verification.
Expect a growing number of ICOs, particularly those that are MSBs, to ask you for some of those documents, too.
Most major platforms verify your identification within one to three hours. Slower businesses may take up to a week.
As a business owner, here’s what KYC means
The process is simple:
- Establish customer identity – Collect basic identity documents or data like the following: IP address, name and address validation, citizenship, birth date, a photo of government issued ID (Driver’s License, passport, ID card), Social Security number or Tax Identification, bank statement, recent utility bill.
- Understand the nature of the customer’s activities (to satisfy yourself that the source of their funds is legitimate) – Check that they’re allowed to take part in a token sale (e.g., they are not on a sanctions list). IdentityMind Global, a service that offers risk management and anti-fraud services for e-commerce platforms, deals with this problem by comparing a selfie of the individual to the picture in the government issued ID.
- Monitor the customer’s activities – As of January 1, 2017, The New York Department of Financial Services (NYDFS) required an ongoing monitoring program that includes checking that the client’s financial transactions and accounts match their risk profile.
Some concerns are that individuals from sanctioned countries could hide their location and buy tokens from US companies. IdentityMind prevents this by looking at the IP address and determining, first, if the prospective clients uses a proxy (and if so, which kind), and, second, if it employs the Tor network or a VPN. If either is used, the application is denied. When it comes to money laundering, IdentityMind imposes EDD for contributors over a certain dollar amount.
EDD: Advanced KYC
There are three tiers of due diligence:
- Simplified Due Diligence (“SDD”) – Situations where the risk for money laundering or terrorist funding is low, and you only need a partial KYC.
- Basic Customer Due Diligence (“CDD”) – Information obtained for all customers to verify the identity of a customer and assess the risks associated with that customer. Here’s where you’ll need the complete KYC.
- Enhanced Due Diligence (“EDD”) – Additional information collected for higher-risk customers to avoid possible risks.
Since this sounds like a lot of work and you have enough on your plate, some ICOs, or blockchain companies, dispatch identifications to third-party KYC providers, who, in turn, send documents to call centers around the world where clerks review information. Other blockchain companies, like data marketplace Datum, seek more confidentiality for their clients and review the data themselves.
Dealing with upset customers
Admittedly, KYC frazzles some people’s moods. Crypto enthusiasts, for instance, tend to disagree with the government’s “interference” ideologically, on the grounds that cryptocurrency should be anonymous, or at least, pseudo-anonymous. Others find the KYC requirements irksome and intrusive.
To modify such customers, you may want to make your requirements clear ahead of time, show how KYC protects investors, and that even if they disagree – “Sorry, guy, but we need this information to comply with FinCen’s Know your Customer requirements.”
After all, know thy client saves you and your customers oodles of stress and money.