The Evolution of AML/KYC Regulations in Crypto

7 mins
2 June 2020, 15:46 GMT+0000
2 September 2020, 17:23 GMT+0000
One of the primary goals of the cryptocurrency is to rehabilitate trust in the economy. However, the last couple of years have demonstrated the importance of regulation in cryptocurrency. While a plethora of exciting projects have emerged in the crypto space, the industry’s widespread adoption has been prevented by untrustworthy behavior, such as embezzlement of funds by some bad actors. The lack of regulation in the crypto space has led to numerous scams, driving institutional investors away from crypto. However, the introduction of new KYC and AML guidelines go a long way towards increased transparency and the removal of undesirable actors in the industry. 

What is KYC?

KYC stands for “Know Your Customer.” It is a regulatory policy mandated by law and employed by financial institutions such as banks, payment processors, and cryptocurrency exchanges all over the world. KYC regulations help institutions identify their clients and provide them with better service. More importantly, financial institutions can more easily monitor client transactions and assess clients’ risk factors in order to determine whether to accept their business. It is now standard for clients opening a new account with a bank, exchange, casino, etc. to be required to provide KYC verification. In addition, verification is requested for each money withdrawal, as well as over the duration of an investment. It is also standard for users to be required to submit a copy of their ID, proof of address, and source of income. Failure to comply with these procedures can result in account limitations and even account closure.

What is AML?  

AML stands for “Anti Money Laundering.” Laundering money involves converting money obtained from fraudulent activities into clean and legitimate funds. A money laundering process is comprised of 3 steps:
  1. Placement
  2. Layering
  3. Integration
Placing the money refers to depositing it in a financial institution. Layering involves transferring the funds between different accounts, exchanging it for other currencies, or using it to purchase physical assets. The final step is to integrate the new laundered money into the economy by investing it, or selling the previously purchased assets for profit. This is illegal, but it can be prevented easily with a regular process of verification. Money laundering harms the global economy, so financial institutions are generally required to abide by KYC standards and monitor and report suspicious transactions, as well as identify their clients.

The History of KYC  

KYC verification is used for several reasons. Some of these include:
  • Identity theft
  • Tax evasion
  • Financing of terrorism
  • Money laundering
The first recorded cases of money laundering in the modern era took place in the USA in the 1920s. Italian mafia boss Al Capone was literally using laundromats to turn his dirty money into legal funds. During the 1930s and 1940s, criminals began using different businesses, such as casinos or Swiss banks, for their illicit activities.  During the 1950s, Congress passed a set of regulations for US financial institutions and mandated compliance if an institution wished to remain insured. This was the first modern instantiation of KYC regulation, and it was known as The Federal Deposit Insurance Act. The following decade saw the AML system added to the mix in an effort to combat tax evasion and other criminal activities.  The 1970s brought the Bank Secrecy Act, which required banks to keep records of their clients’ cash transactions. Pablo Escobar’s cocaine smuggling endeavors during the 1980s prompted the US to pass The Money Laundering Control Act and The Anti-Drug Abuse Act to combat money laundering and drug trafficking, respectively. The attacks of 9/11 caused a restructuring of KYC regulations. As the examples above have shown, in the past KYC was mostly used as a method for fighting money laundering and tax evasion. The USA Patriot Act marked a departure from that trend, utilizing KYC regulations in the fight against terrorism.  Financial institutions are now obliged to:
  • Verify the identity of all customers who want to open an account.
  • Keep records for 5 years, even after account closures.
  • Run customer names through lists of known or suspected terrorists. 
Advancements in technology and powerful computers have contributed to a rise in fraudulent activities conducted online. On the flip side, the digital revolution of the 2010s has simplified KYC and AML verifications thanks to innovations in both Machine Learning and Artificial Intelligence. The last decade has also seen an increase in digital assets and crypto projects, which are now also subject to strict compliance with KYC regulations. 

KYC in the Crypto Niche

During 2019, regulatory bodies introduced procedures that companies engaged in the cryptocurrency market are obliged to follow. A new Fifth Directive was added to existing AML regulations in the EU. This became known as AMLD5. The goal of the regulations is to de-anonymize cryptocurrency users as a means of fighting money laundering.  Customers of crypto-related services are sometimes required to undergo KYC verification as an additional security step – usually, in case large sums of suspicious money are transferred. If the exchanges encounter such activity, they are supposed to label it ‘suspicious.’ The 5th Directive allows government bodies to obtain information regarding the identity of users suspected of fraud. All service providers in the crypto industry need to be registered with their local financial authorities. Failure to comply with the new requirements can result in closures of their business ventures. Apps such as Bottle Pay have already been forced to cease providing services due to their inability to follow the new directives.  The crypto exchange ChangeNOW uses an automated system to monitor and detect suspicious transactions. If a transaction attempt is tagged as suspicious, the client will be asked to undergo KYC verification. This automation is incredibly useful in combating all types of scams. To finalize the transaction, the user will have to provide a copy of his ID and a selfie. Additionally, the user is required to send a low-value transaction from his crypto address to prove that the money belongs to him. Once these documents have been verified, the transaction will be completed. If the client refuses to engage in the requisite KYC procedures, the transaction will be aborted and the crypto will be refunded.     AMLD5 has made running a crypto service more expensive because risk assessment and transaction monitoring must be carried out. Understandably, users are unhappy. The anonymity they have gotten used to is now gone, and the new ways of onboarding clients are counterproductive because crypto enthusiasts prefer their privacy.   

How Does an Exchange Execute KYC? 

The process is pretty standard and similar for all exchanges and involves a few mandatory steps:
  1. Confirming your email
  2. Confirming your phone number
  3. Submitting a copy of a valid identity document
  4. Proof of address
A verification email with a code or a link that the user needs to click on is usually sent to the registered email address of the user. This step is necessary to ensure that the user has access to the registered email. Some exchanges perform the same procedures using phone verification, where a unique access code is sent via SMS to the user.  A valid ID in combination with a selfie where the user is holding a piece of paper with the exchange’s name and the date must be uploaded to verify the user’s identity. A utility bill (bank statement, electricity bill, etc.) in the user’s name, with a clearly visible address, is used to verify where the customer lives. Once these documents have been submitted, the relevant departments will inspect them. If they pass this background check, users will then be marked as verified. The entire process can take anywhere from one day to several weeks, depending on how backlogged the service is.    

Why is KYC Needed in the Crypto Industry?

An Initial Coin Offering (ICO) is a method of financing for startups that has become very popular in recent years, especially during the crypto boom of 2017. A hypothetical case below demonstrates the importance of proper KYC, and what can happen if the regulations are not followed. A team of crypto enthusiasts creates an ICO campaign and a token sale. They don’t subject their clients to KYC, because they believe in everyone’s right to privacy. Everything is going according to plan until they start getting chargebacks, which increases daily. After some investigation, they find out that a group of criminals used stolen credit cards to purchase tokens from their ICO. The rightful owners of the cards are now asking for reimbursement for the illegal transactions. The campaign operators are now in trouble. They kept no transaction records of their clients, they didn’t identify who the people were, and stolen funds have been used to launder money through their company. The funds have been charged-back resulting in loss of profit, and the small startup is now being investigated for failing to comply with strict KYC procedures. The fraudulent actions by a group of investors have put the entire project in jeopardy. Everyone involved is now a suspect and will be subject to investigation.  This debacle could have been prevented by simply following established KYC guidelines. Had the provider collected identity information and investigated the source of income, the ending of this story might have ended with a successful crypto project and more clean money in everybody’s pockets.   

Is KYC/AML the Solution to Prevent Fraud?

At ChangeNOW, the leading instant cryptocurrency exchange service, we believe that KYC and AML are the best solution to hamper fraudulent activities. KYC and AML increase transparency by identifying individuals and their business ventures. By following the guidelines, companies can prevent illegal activity from occurring on their platforms. They can discover, stop, and report illegal transaction attempts. Strict guidelines will help uncover clients who are using their accounts as fronts for money laundering or the financing of terrorism. The regulations are put in place to help financial entities serve only trustworthy clients. The users also benefit from KYC/AML because they will be provided with products and services that they really need. 


Any third-party hyperlinks and banners don’t constitute an endorsement, guarantee, endorsement, warranty, or recommendation by BeInCrypto. Cryptocurrencies are highly volatile. Do Your Own Research before using any third-party services or considering any financial action.