KYC, AML and Crypto
Until 2019, the US government never specified how KYC and AML will apply to cryptocurrencies, but now there is and it's not good. According to a statement published in late November last year, all companies operating on the blockchain must apply the same regulations as brick and mortar institutions. Of course, in the cryptocurrency world, this is no easier said than done, but unfortunately quite dangerous in ways most consumers don't understand.
When it comes to KYC in a brick and mortar bank, they copy your identity and take some kind of proof of address to keep on file. The file is probably just a server for that bank branch and is updated every few years. If you close your account, some information will be kept on file for up to seven years, then destroyed by the bank. In the case of blockchain, if a company uploads your data to the blockchain then it will be there forever. It can never be removed or destroyed. In addition, CEFI is the only exchange that collects KYC data, and these applications often fall victim to data attacks that result in the disclosure of customer data. This can be extremely dangerous because remember that data is never deleted. So, if you had an account with an exchange in 2017, even if that exchange was hacked in 2035, if it stored your KYC information on the blockchain, it will still be there. This is especially a risk for those who choose to use smaller or less developed exchanges.
It is not easy to force KYC on the blockchain, besides all the issues mentioned above, people are used to the ability to create accounts in blockchain applications with aliases before. This is a problem because now all kinds of financial applications and exchanges have to go back and ask their customers for information. And most of the time, if the information collected does not match what is on file, an account will be closed, even if the customer has created it and was previously approved for the account with AML in mind. And AML has more problems than that. According to the regulations, transfers to offshore accounts should be monitored, but often CEFI exchanges do not ask for the customer's location while transactions are in progress. Also, there is an issue with the transfer amount limit (typically $ 10,000) due to large fluctuations in cryptocurrency prices. For example, in 2016, a Bitcoin transfer was a $ 1000 transfer. As of the time of writing this article, the same transfer would be over $ 17,000 today. This is a long time, but cryptocurrencies have been known to oscillate massively and rapidly - so how does a company need to know what and when to report?
Not only that, it was decided to apply KYC and AML to both CEFI and DEFI applications; this is easy for CEFI applications to edit, but not for DEFI. And the US government recognized this, so they decided to intervene and monitor DEFI operations. Of course, they can't collect any KYC information they want, but the U.S. government has begun marking Bitcoin addresses while they can't stop trading blacklisted accounts under AML policies and blacklisting accounts that they believe are involved in illegal activities, while they can track activity and try to track it up to one person. And if the person tries to send crypto to a CEFI account, they can try to stop the transfer from a blacklisted DEFI address. But this is very complicated due to the above pricing issue. How will the US government block all accounts with transfers of over ten thousand dollars?
Overall, applying KYC and AML to the cryptocurrency world is an absolute nightmare. Since CEFI exchanges had to be compliant, a number of people started switching to DEFI exchanges precisely for this reason. After all, the whole point of cryptocurrencies was decentralized funds, and any funds monitored by KYC or AML policies are no longer decentralized. The US government may not believe they currently transcend their own borders, but there is definitely a fine line between using KYC and AML to keep citizens safe and using KYC and AML to enact mass surveillance over a population.