5 min read
KYC means “Know Your Customer” and CDD stands for “Customer Due Diligence”.
These terms usually go together and are fundamental for every entity to comply with its anti-money laundering (AML) regulations.
Financial Institutions, lawyers, accountants, real estate agents, casinos, and more recently crypto asset providers are among the sectors that need to comply with AML regulations and, as a result, implement KYC/CDD measures.
Although all these different types of entities are required to have in place KYC/CDD procedures, the method of application differs significantly within sectors. I.e. a lawyer applies KYC/CDD in a much different way than a casino, and a crypto asset provider, in a much different way than a traditional bank.
The reason for such a different implementation of KYC/CDD lies in the fact that regulated sectors have very different money laundering and terrorist financing (ML/TF) risks, and the AML measures they take must be proportionate to those risks.
For example, it may be sufficient for a small law firm to perform KYC/CDD manually, without the use of sophisticated KYC/CDD and transaction monitoring tools. But definitely, this would not be appropriate in the case of a large bank.
How about crypto asset providers?
Crypto asset providers were brought under AML obligations relatively recently. Now, these newly regulated entities need to implement KYC/CDD like traditional financial institutions (even though this is against the whole idea of crypto). Implementing KYC/CDD in the crypto industry is very challenging.
The Financial Action Task Force (FATF), in October 2021, issued an updated “Guidance for a risk-based approach to Virtual Assets (or “crypto-assets”) and Virtual Asset Service Providers” (or “crypto-asset service providers”). The guidance provides clarifications on what constitutes a “virtual asset” and a “virtual asset service provider” to enable countries and entities to identify which crypto-related activities fall under the scope of AML regulations.
The guidance shows how different are the activities of crypto asset providers compared to the activities of traditional financial institutions and how the FATF recommendations can apply to these crypto-related activities. These ML/TF risks related to crypto-related activities need to be considered by a crypto provider before deciding the level and implementation of KYC/CDD.
Differences between KYC in traditional banking and crypto asset providers
Crypto asset providers need to apply different KYC/CDD measures from those implemented in traditional banking. KYC/CDD measures have always the same goal: to identify, and verify the customer, understand the nature and transactions of the business relationsguo and effectively monitor transactions of the account.
There are of course some similarities in KYC/CDD measures implemented in traditional banking and crypto asset providers but also there are some differences which we will examine now.
Types of customers
Banks deal mostly with face-to-face clients, and, in this case, it is easier to match the verification documents with the actual client. Although some banks offer some limited products to non-face-to-face clients, for a person to obtain full access to banking services needs to go through traditional KYC, by visiting a branch of a bank.
Crypto providers however deliver the products and services to their customers in a non-face-to-face basis. All their clients can have full access to the crypto asset provider’s products and services completely online.
Generally, in the case of non-face-to-face clients, it is more difficult for an entity to match the verification documents provided with the actual client and, as a result, there is an increased risk for fraud. It is not difficult today for forged documents to be created or for someone to buy stolen information online and create a passport with the use of fake or a mixture of fake and real information.
Special verification tools must be employed by companies transacting with non-face-to-face clients, including crypto-asset providers to eliminate the associated risk. These tools check the authenticity of the photos of the documentation provided by the client. But, even in that case, there were cases where forged documents bypassed these KYC verification tools. As a result, additional measures must be implemented to eliminate this risk.
The onboarding procedure ae bank takes is not user-friendly since the customer needs to go and visit a branch to open an account to obtain full access to the banking services.
On the other hand, crypto-asset service providers place great emphasis on establishing quick and efficient KYC procedures and generally offer a better onboarding experience to their clients.
Crypto asset providers usually offer different levels of accounts that require different levels of verification. The higher the level of account chosen by the customer, the higher the level of information and documentation required. The higher the level of account, the lower the limitations imposed on the transactions of the client.
Verification of documents
In traditional banking, an employee of the bank must obtain the real identification document and proof of address from the client, or any other documentation requested, make photocopies, and mark them as “true copies of the original”. Hard copies are filed or scanned in accordance with the procedures of the bank.
In the crypto industry, the verification procedure is completed online. Crypto service providers are accepting photos of the customer’s identification and other documentation and pass these documents through special verification tools that analyze these photos and check the authenticity of these documents.
In many cases, entities additionally perform facial recognition by requiring a selfie picture of the client to complete the identification procedure. Following that, the client must be approved, but the whole procedure is performed without any use of paperwork.
A regulated entity’s job does not end with onboarding. All regulated entities, including banks and crypto asset providers, need to implement effective ongoing CDD and conduct continuous transaction monitoring in the customers’ accounts.
In traditional banking, when there is suspicions for money laundering, banks can block an account, and stop or reverse a transaction in the case funds are related to money laundering or fraud.
In the crypto industry things are different since clients are transacting on the blockchain which is:
Decentralized: is controlled by the network of users and not by a central authority
Immutable: transactions, once “approved” by the users of the network (nodes) cannot be reversed, canceled, or amended.
As a result, no central authority can stop, reverse, or cancel a transaction on the blockchain. Transaction monitoring becomes even more complex especially when clients receive funds from DeFi platforms, mixers or tumblers, etc, which are in many cases used to obscure the identity of the sender.
On the other side, a bank can only see what transactions the customer has executed within the institution. It is more difficult to understand the whole picture of a transaction because, when funds leave that bank, their movement cannot be specified.
In crypto, with the use of blockchain analytic tools, it is easy to see the whole of movement of funds - where they came from and where they ended. These tools allow investigators to identify criminals at the point where they were trying to convert illegally derived crypto to fiat currency.
All regulated sectors need to implement KYC/CDD measures to comply with AML regulations.
The crypto sector, since it is operating completely online, implements different systems to comply with the KYC/CDD requirements taking into consideration the non-face-to-face nature of their clients, and the different onboarding, document verification, and transaction monitoring procedures implemented.
Banks are usually using traditional methods for KYC/CDD whereas crypto entities are using more, advanced technological methods for the same purpose, which are proven to be very effective in applying effective measures for the identification, verification and monitoring of customers and their transactions.