KYC and AML in the crypto industry: a leap forward, or a step behind?
Know Your Customer (KYC) and Anti-Money Laundering (AML) policies have made the financial system what it is today, yet many are unaware that they even exist. You may be asking yourself, what is KYC? Or what is AML compliance? The reason these policies are not widely known is likely due to the fact that they were instituted so long ago.
In 1970, Congress passed the Currency and Foreign Transactions Reporting Act, also known as the Bank Secrecy Act (BSA), the first step toward modern-day Know Your Customer and Anti-Money Laundering policies. It requires banks and other institutions to collect and keep records of their customers’ identities and addresses, in order to prevent money laundering, and to easily identify customers who may be participating in illegal activities.
Due to the BSA, financial institutions are required to have at the minimum a customer’s name, date of birth, residential or business address, and their identification number. The United States government requires financial institutions to collect and store this information, despite the security measures they have in place to protect it. This information generally isn’t stored in an encrypted way, leaving it exposed for any hacker who happens to break through an institution’s security.
Most recently, 2018 has given us a troubling picture of the lack of security concerning customers’ personal information.
2018: The year of the hacker
In March 2018, the popular travel booking site Orbitz was hacked, potentially exposing the data and credit card information of more than 880,000 customers. Later in August of the same year, hackers were able to break into T-Mobile’s data systems and obtain personal information of 2 million T-Mobile customers. These are only two of the many data breaches that occurred over the course of 2018.
Two policies that were developed to decrease fraud are now being taken advantage of by hackers to discover the information of millions of people. The fault doesn’t necessarily lie on the policies but on the security of the financial entities forced to institute them. KYC compliance can cost companies an average of $48 million a year, and the KYC process can lengthen the time it takes to add new customers to a service.
Can KYC and AML reinvigorate the cryptocurrency market?
A significant reason cryptocurrencies have not been adopted on a wide scale is related to the number of scams and fraud that have run rampant in the industry since its inception in 2008. Many cryptocurrency organizations have begun adopting KYC and AML policies in an attempt to curb cryptocurrency use in illegal activities. However, cryptos like Monero, which were originally developed with anonymity in mind, make instituting KYC/AML much more difficult.
In these cases, self-regulation is the solution some exchanges are going for. For instance, in June 2018 Japanese crypto exchange Coincheck removed the option to use Monero, Zcash, Dash, and Augur’s Reputation in order to adhere to Japan’s Financial Services Agency policy concerning cryptocurrencies that provide complete anonymity.
Self-regulation is becoming the new norm in the crypto industry, as it is much easier to find solutions within the cryptocurrency community rather than relying on global regulations, which tend to lag behind the newest developments in cryptocurrency. KYC/AML instituted through self-regulation in the cryptocurrency community may increase security and therefore attract more investors in the process.
However, not all are convinced that these implementations are positive.
The potential problems with KYC and AML
Given the cost of instituting KYC/AML, startups and smaller companies are often the ones who suffer the most. A company that cannot afford to dedicate funds toward KYC/AML regulation, in many cases, will not receive licensing. Edan Yago, CEO of Epiphyte and writer for Coindesk, says that KYC/AML
“have created an all-pervasive, global surveillance apparatus. A system that keeps billions in poverty, kills innovation and provides an excuse for the banking system to lock out the competition.”
When Yago refers to keeping “billions in poverty,” he is referring to instances in which banks decide to prohibit transactions to certain regions. An example would be banks refusing to permit transactions to Somalia, a country that at the time of the article was living off of remittances.
KYC/AML has limited innovation due to its high cost. Startups cannot focus on innovation if a large portion of their funds are dedicated to KYC/AML. According to Yago,
“the greatest cost of KYC/AML is impossible to measure because it’s the things that never happened.”
KYC/AML has stifled innovation and caused the closure of startups that could have gone on to do wonderful things, not only for the cryptocurrency community but the entire financial sector.
Attract investors? Or increase innovation?
KYC/AML at the moment acts as a double-edged sword. Their implementation has the ability to attract investors who are sceptical of the security in the crypto industry. However, they also can limit innovation altogether by restricting licensing to companies which cannot afford the cost of KYC/AML upkeep.
There are aspects of KYC/AML that are severely flawed, but ultimately the real flaw lies in security. It isn’t the necessity of collecting customer information that is flawed, but the systems that are in place to keep that information safe.