Current interest in cryptocurrency is substantial; Bitcoin and other tokens have smashed through previous highs and many exchanges are scrambling to increase transaction capacity. However, all this industry buzz has drawn increasing scrutiny from regulators who want fair and safe markets, free from money laundering and other financial crimes. All exchanges and money service businesses in the sector must ensure their Know Your Customer (KYC) and crypto compliance procedures are secure, robust and defendable.
Compliance teams need to have systems that are adaptable to quickly changing laws and regulations and can scale to meet the growing demand from international investors. Below are some of the specific considerations that need attention.
EU — Regulation on Markets in Crypto Assets (MiCA)
The future of cryptocurrency regulation in the EU has become more transparent. On September 24, 2020, the European Commission adopted a Digital Finance Package, which includes proposals on regulating cryptocurrencies. While only a proposal at this point and a full licensing system isn’t expected until 2024, the Regulation on Markets in Crypto Assets (MiCA) proposal provides some insight into the direction of regulators.
MiCa states, “crypto-asset issuers and service providers cannot fully reap the benefits of the internal market, due to a lack of both legal certainty about the regulatory treatment of crypto-assets as well as the absence of a dedicated and coherent regulatory and supervisory regime at EU level.” The Commission believes that enabling full access to the internal market and providing legal certainty will promote innovation, provide consumers and investors with appropriate protection levels, and ensure financial stability and market integrity.
Interestingly, MiCa creates a new industry category, crypto-asset service providers, defined as “any person whose occupation or business is the provision of one or more crypto-asset services to third parties on a professional basis.” The definition covers areas such as trading, exchanges, custody and even providing advice.
In regards to money laundering, the goals of MiCa include ensuring that:
- Managers and principal shareholders are fit for purpose and have sufficient expertise in dealing with Anti-Money Laundering (AML) and Combating the Financing of Terrorism regulations
- Solid and effective internal control and risk assessment mechanisms, systems and procedures are in place to ensure the integrity and confidentiality of information
- Crypto-asset service providers keep records of all transactions, orders and services related to crypto-assets that they provide
- Systems are in place to detect potential market abuse committed by clients
The clarity in cryptocurrency laws across the EU is currently uneven. Consider Germany, where 40 banks are interested in providing crypto custody services resulting after new AML laws. With EU-wide rules and an open market, there are significant expansion opportunities; as Michael Offermann of Solarisbank states,
Digital assets will fundamentally change the financial market. As soon as it becomes easier to buy and store Bitcoin, we expect strong growth.
Comparatively, across the border, KYC rules in France have been hardened to include all crypto transactions, including crypto to crypto transfers. According to Simon Polrot, president of French crypto association ADAN, these rules are “harsher than other jurisdictions” and “political positioning.” As these rules were announced on December 9, 2020, there’s a lot of confusion in the industry; a previous requirement mandated licensing by December 18, 2020, with severe consequences for non-compliance.
Status of U.S. cryptocurrency regulation
While U.S. cryptocurrency regulation updates have not been as extensive as in Europe, there are still essential updates to consider.
The Bank Secrecy Act (BSA), the foundational U.S. AML law, was updated to include “value that substitutes for currency.” According to an article in Bloomberg Law, this means “virtual currency businesses that essentially serve as money transmitters must now register with FinCEN.”
Another significant development was the Office of the Comptroller of the Currency (OCC) Interpretation on National Bank and Federal Savings Association Authority to Hold Stablecoin Reserves. It states, “we conclude that a national bank may hold such stablecoin ‘reserves’ as a service to bank customers.” There are numerous disclaimers, including covering only stablecoins backed on a 1:1 basis by a single fiat currency.
This interpretation opens up opportunities for banks to use stablecoins for payment activities, speeding up payments and lowering costs. It also is a first step for banks to be directly involved with blockchains and perhaps even create their own stablecoins.
The Biden administration has made some initial moves that give the industry hope that a balanced approach to crypto regulation will be forthcoming. There might be the possibility that “Three crypto-savvy individuals are likely to take the three most powerful financial regulator positions in America,” as Tweeted out by Marco Santori, Chief Legal Officer at Kraken.
KYC for wallets
Additionally, a freeze on agency rulemaking was put in place, including the controversial Financial Crimes Enforcement Network (FinCEN) self-hosted wallet proposal. This proposal would require banks and money service businesses to track activities with private cryptocurrency wallets. Requiring KYC on self-hosted wallets poses technological problems and perhaps even constitutional issues and was initially only given a 15-day comment period right before the 2020 Christmas break. While the outcome of the review is uncertain, many in the industry are encouraged by the proposal’s reassessment.
Building trust and security with KYC
With numerous countries approaching cryptocurrencies differently, creating a global KYC program is challenging. However, some commonalities can simplify the process and ease the burden on compliance teams.
Of course, if there are prescribed regulations and laws in place, the bar has been set. However, as a new industry, being proactive and helping ensure that all transactions operate in a market that is as fair and clean as possible will help the industry thrive. The Financial Action Task Force (FATF), the inter-governmental body which sets international standards to prevent money laundering, points out that countries and financial institutions should investigate the risk of money laundering for any new technology, product or process — and manage and mitigate those risks before launching.
In that light, any new crypto technology will still fall under AML requirements.
To further assist regulators and industry participants in creating programs that deter money laundering and other financial crimes, the FATF published a report, Virtual Assets Red Flag Indicators of Money Laundering and Terrorist Financing. The focus is on creating a risk-based approach to Customer Due Diligence requirements.
Several of the red flags concern KYC factors:
- Creating separate accounts under different names
- Initiating transactions from non-trusted IP addresses
- Incomplete or insufficient KYC information
- Customers declining requests for KYC documents or inquiries regarding the source of funds
- Customers providing forged or falsified identity documents or photographs
- Customers who are on watch lists
- Customers who frequently change their identification information
Ensuring effective KYC procedures are in place at account opening helps deter money launderers and other financial criminals from becoming active on your services. The customer information obtained at onboarding also improves the monitoring process, as it provides insight into the account and the expected use of funds.
As crypto technology evolves and new financial opportunities arise, understanding the risks they pose and how to mitigate those risks are fundamental to gaining acceptance from regulators and investors. Implementing robust steps to know your customer will go far in building trust, deterring fraud and developing safe and secure new cryptocurrency products and services.
Download the Metal Pay Case Study
Learn how Metal Pay implements customer-centric digital identity verification workflows to minimize friction and increase security.