Crypto

KYC and AML Requirements for Exchanges and Crypto Marketplaces

With illicit addresses sending $22.2 billion worth of cryptocurrency to services and on-chain entities last year, AML (Anti-Money Laundering) and KYC (Know Your Customer) requirements are more in demand than ever for crypto exchanges and marketplaces to safeguard their assets.

As the industry continues to evolve and shake off a reputation as the transaction channel of choice for illegal activities, exchanges and marketplaces have an unprecedented opportunity to leverage AML and KYC procedures to safely grow their customer base, remove anonymity, increase transaction security, and garner public trust in the process.

What Is Anti-Money Laundering (AML)?

AML is a set of policies and procedures in place within a financial institution to identify and prevent fraud, financial crime, illicit activities, and money laundering. 

An AML compliance program involves ongoing monitoring of processes across multiple divisions and departments across an institution, including accounting, operations, legal, IT, and sales or relationship management.

What Is Know Your Customer (KYC)?

KYC is a subset of AML procedures and generally refers to verifying a customer’s identity to prevent illegal or suspicious activity from taking place. This initial portion is known as the customer identification program (CIP) of a KYC program.

Carried out during the onboarding or account opening process, KYC can also continue throughout the lifetime of an account, extending to include customer due diligence (CDD) and enhanced due diligence (EDD) as part of the KYC program.

Who Is Subject to AML and KYC Regulation?

Federal law requires all financial institutions in the U.S. to comply with AML regulations. These include banks, lenders, broker-dealers, insurance companies, payment providers, and even gambling service providers and art dealers.

Crypto exchanges and marketplaces have been subject to AML and KYC regulations for quite some time. Back in 2013, the Financial Crimes Enforcement Network (FinCEN) declared that “administrators or exchangers” of virtual currency qualify as money services businesses under the Bank Secrecy Act and FinCEN regulations. Virtual currency includes crypto assets.

Understanding AML Compliance for Crypto Marketplaces

While specific requirements can vary by jurisdiction, there are several common elements that crypto marketplaces worldwide are expected to adhere to. 

The absence of AML compliance was once seen as an advantage of buying and selling crypto: fewer rules, less friction, and faster transactions. However, as the industry seeks to grow and build trust among new potential customer audiences, AML compliance can be seen as an important element of the value chain for crypto marketplaces and the industry as a whole.

Risk Assessment Procedures

Money laundering is the act of hiding the origins of money or assets that were obtained illegally. A crypto marketplace, or any financial institution, needs to report any clients suspected of engaging in money laundering activities — or prevent that client from opening an account with the exchange in the first place. 

To evaluate the potential risk of money laundering, a marketplace can identify blockchain data, wallet addresses, transaction history, transaction volume, and other factors to spot anomalies in the account. The marketplace most likely has a risk model in place that can immediately detect suspicious activities when applied to the accounts. 

The exchange can then decide to take action: freezing the account until an investigation is complete or shutting the account down and returning the funds to the account holder (while reporting the process to the appropriate regulator).

Customer Due Diligence (CDD) and KYC

As a key component of risk assessment procedures mentioned above, CDD, which is a part of KYC, can be the first line of defense in helping marketplaces identify potentially dangerous accounts or fraud. 

KYC is first performed during onboarding, known as CIP cited above, and then continues with CDD and then EDD, or enhanced due diligence. This continuous due diligence is important because a new client might be able to pass account checks to gain entry to the marketplace, but then proceed to engage in money laundering or other illegal activities once inside.

Third parties can provide data that can integrate into the marketplace’s own data collection processes to evaluate a customer’s risk profile, both at account opening and throughout the account’s lifetime.

Transaction Monitoring Systems

Due to the volume of customers and transactions, 24/7 and globally, it’s impossible for a financial institution or marketplace to manually monitor all transactions for suspicious activity.

However, as with IT security programs, many organizations have adopted a hybrid strategy to incorporate automated systems into their transaction monitoring in order to identify patterns or anomalies that signal potentially unlawful behavior.

The system can leverage machine learning algorithms trained with data on a range of transaction sizes and types. Depending on the level of suspicious behavior, the system can take immediate action (e.g., stop activity) or create an alert for a human monitor, who can then decide the best plan of action.

Reporting Suspicious Activities

Financial institutions and crypto marketplaces must report suspected criminal behavior to regulatory authorities. Reporting should be built into the company’s regular AML and KYC processes. Rather than be a bottleneck or an expense, it can be streamlined, enhancing the relationship between the institution and the government agency.

The reporting of illicit activities will hopefully eventually lead to prosecution, which improves the safety and security of crypto for all investors and the industry as a whole. 

Compliance Officer Appointment

A compliance officer ensures that a crypto marketplace meets all AML standards. The officer might also have an entire team in place to ensure that all policies and procedures are followed, in addition to keeping up with any new or shifting industry standards. 

Compliance also has a role in customer experience, developing programs to communicate policy changes or even regular check-ins to re-verify the identity of customers, account preferences, and transaction limits.

Record-Keeping

As an additional compliance measure, financial institutions and marketplaces must also maintain detailed records of transactions and customer information. Though the blockchain is itself the ledger of all crypto transactions, marketplaces must also maintain “traditional” electronic records to remain compliant with regulators. 

While regulators might not request access to all transactions that take place on the marketplace or exchange, the company should have details ready in case there’s a request.

AML Training 

Despite the reliance on digital monitoring tools, AML training for employees is one of the more critical security measures for an organization in the fight against fraud. A joint study from Stanford University Professor Jeff Hancock and security firm Tessian revealed that 88% of data breaches are caused by employees’ mistakes

As such, regular training of employees on how to spot suspicious transactions or anomalous behavior could mean the halting of a tiny request before a bad actor could enter and take down an entire system. 

KYC Requirements for Crypto Exchanges

The KYC process for crypto exchanges can incorporate several important processes to protect the organization and its assets. 

KYC also ensures that the exchange’s “good” customers remain safe in the process. With fewer (or, potentially, none at all) instances of illicit activities, the exchange will not find itself with jeopardized funds or needing to undergo investigations by a regulatory authority. The business will maintain its reputation, attracting new customers and assets.

KYC procedures also strengthen the crypto industry at large, reducing the ability for bad actors to access legitimate services and thwarting malicious behavior from spreading.

Customer Identification Procedures

As with any other bank and other financial institution, a crypto exchange will take the mandatory initial steps to identify a new customer. This will include uploading images of a government-issued photo ID, taking a selfie, and verifying presence via two-factor (2FA) or multi-factor authentication (MFA).

Mobile banking, including account opening, is expected to increase as consumers feel more comfortable with banking on their devices. Last year, the American Banking Association found that for the fourth year in a row, U.S. consumers are conducting their banking via mobile apps more often than any other method, with 48% identifying mobile banking as their top option for managing their accounts.

Once seen as a handicap to customer experience, new customers have become familiar with these procedures, and some see it as a necessary step to feel that the institution is vigilant enough to include these important initial steps.

Verification of Customer Data

Crypto exchanges can verify the authenticity of the information provided by customers in several ways.

During account onboarding, a customer will usually upload an image of a government-issued ID and take a selfie. The digital onboarding software will use facial recognition algorithms to detect the “sameness” between the two submitted images.

The government-issued ID can also be run through third-party databases for new client identity verification. These databases can also match the address listed on that ID (if available) with the address used to open the account.

Misspellings, typos, and information that’s only partially correct can serve as red flags to the AML/KYC compliance team, who can then decide the best course of action.

Continuous Monitoring and Due Diligence

Past customer onboarding, ongoing scrutiny, and diligence in maintaining KYC compliance over time are critical. 

Once granted access to the crypto exchange or marketplace, malicious actors can carry out a series of criminal activities, jeopardizing the assets of other customers and putting the entire organization at risk.

Crypto marketplaces need to have the proper resources in place, both people and systems, to continuously monitor for suspicious behavior, evaluate that behavior to determine the best course of action, and communicate regularly with regulatory authorities.

Best Practices for KYC/AML Compliance 

There are several best practices for KYC/AML compliance. Some of these are not only for crypto exchanges and marketplaces but can apply to all types of financial services companies. 

Keep up to Date With Regulation

Rather than having to learn about a procedure that failed to meet a regulatory body rule — or worse, get hit with a fine — have your compliance team stay abreast of the constantly evolving regulatory landscape. This is tricky, given the pace of change and the differences by region.

Build Compliance into the Customer Experience

Beyond asking for documents during onboarding, communicate with customers about the need for regulatory compliance and ask for updated documents regularly. Rather than be seen as a frustration, customers will understand that this is necessary to maintain the integrity of all transactions.

Identify Industry Best Practices for Compliance Procedures

Newer, startup crypto exchanges and marketplaces may not be aware of what a successful AML/KYC compliance program looks like. Attend conferences and webinars and read publicly available documentation to observe the success of others and incorporate the winning processes into your organization.

Regularly Conduct Internal Audits and Report Them

Hire third-party auditors to regularly review the entire compliance, financial/accounting, and IT security programs — and report them. This will bring confidence and most importantly, trust, in your policies and procedures to regulators, current and potential customers, and the industry at large.

Manage Compliance With Digital Asset Exchange Software

Consider incorporating a platform like AlphaPoint to access risk management capabilities with real-time error checking and support for KYC, AML, and 2FA.

Streamline Your AML/KYC compliance With AlphaPoint

Regulatory compliance for crypto exchanges, marketplaces, and service providers can be a challenge, especially as requirements and rules are in a constant state of flux. Risk assessment procedures for AML/KYC are often carried out via a patchwork of disparate tools, databases, and services. 

AlphaPoint is a white-label software company powering crypto exchanges, brokerages, and wallets worldwide. AlphaPoint has enabled over 150 customers in 35 countries to launch and operate crypto markets through a secure, scalable, and customizable digital asset trading platform. 

Request a demo today to see how AlphaPoint can simplify your compliance.