In April of 2020 there were between 5 and 11 million active crypto wallets (or crypto users if we may). Less than a year later one report estimates that there were more than 100 million bitcoin wallets. The growth in crypto trading has also stimulated Initial Coin Offerings (ICOs).
At the same time, Anti Money Laundering (AML) regulations and Know Your Customer (KYC) requirements are also evolving. Less than four months ago the Financial Crimes Enforcement Network (FinCEN) proposed legislation to make it easier for the U.S. government to track bitcoin transactions with a daily total of $10,000 or above. In the same month, France has unveiled tougher KYC requirements for crypto and peer-to-peer transactions.
If you’re in a company that is about to hold an ICO or generally in crypto and thinking about incorporating identity verification into a seamless user experience, here are initial AML regulatory considerations to understand. Understanding the principles behind AML regulations and why they affect businesses across industries will help product teams incorporate thoughtful identity verification that meets customer due diligence requirements.
Although regulations vary from country to country, the USA and EU are two major markets that have pushed for regulating virtual currencies and wallets. This means that in addition to the SEC requirements for ICOs as securities mentioned previously, transactions with virtual currencies, such as with bitcoin, will increasingly be enforced in 2021.
In the EU, the European Commission required member states to implement the 5th Anti-Money Laundering Directive (5th AMLD) into national law by January, 2020. The 5th AMLD adds virtual currencies and wallets, tax related advisories, and art dealers into "eligible entities" legally required to comply with the directive.
In December 2020, FinCEN proposed regulation extending these principles to bitcoin transactions over $10,000. Crypto wallets, exchanges, and ICOs will need to implement customer due diligence and KYC in the coming years in major markets.
Performing identity verification helps companies in two ways. First, it reduces fraud and adds a layer of security; and second, it fulfills compliance requirements while future-proofing the business against regulatory measures.
Using identity verification, as one step of customer due diligence, already has a precedence in regulations such as the European Payment Services Directive (PSD2) for online purchases to protect individuals from identity theft and businesses from fraud and money laundering. Multi-factor authentication methods, although popular for authorizing transactions, do not actually prove a person’s identity. Passwords and devices, things people know or have, can be shared or stolen. However, multi-factor authentication that uses what someone is, biometric data, is difficult to steal or counterfeit. As such, your business can have a high degree of confidence that the person with the verified identity is the person performing the transaction.
Using identity verification to perform KYC during a token sale also covers customer due diligence regulatory requirements. Performing identity verification with an official document verification and biometric scan lets businesses know who is performing a transaction. Having this information protects a business from fines for failing to to have sufficient customer due diligence. By doing this, a business protects themselves from selling tokens, for example, that used the stolen credentials of customers in the Ledger hack.
While there are different forms of user verification, the cryptocurrency industry can approach identity verification for KYC by considering two fundamental factors for digital services:
Robust AML checks for security
In addition to doing customer due diligence to future-proof against reporting needs, identity verification can double as an AML check. While KYC verification is done by verifying a user’s ID document and matching that to their biometrics, AML checks take the added step of matching submitted documents against global databases and watchlists. Identity verification gives businesses the chance to flag anyone on a watchlist and prevent them from unwittingly doing business with politically exposed persons (PEPs), individuals associated with sanctioned organizations such as arms dealers, or individuals with adverse media. If you have a specific database that you need to run an AML compliance check for, you can ask a potential provider has access.
Performance to improve user experiences
Although AML and KYC measures are guided by regulatory measures, security does not have to come at the expense of user experience. Common wisdom used to assume that added friction for customers, such as adding security questions and uploading document scans, were a necessary security precaution. However, more layers of the same types of security (most commonly, text-based passwords) adds frustration for humans and does not deter bots.
Crypto as a digital-native industry can lead regulatory compliance best practices with an identity verification procedure that is both seamless and secure for end users. To perform document verification, facial matching, and liveness detection, crypto services only require two data points that users can submit instantly: a scan of an official photo ID document and a video selfie. Using machine learning, face matching can be performed between images and videos to complete a verification in a matter of seconds, giving end users a frictionless experience that does not require recalling complex passwords (that are often forgotten). Contrary to popular belief, images are stored as code and not in their raw format, meaning that certain data points are checked each time a biometric authentication is performed. Communicating why identity verification data is collected, as well as how it is handled and stored is key to having user buy-in and adoption.
The crypto companies that will succeed in 2021 and beyond are the ones that can anticipate regulatory requirements and protect their users and themselves with secure identity verification and authentication.
In addition to this, success depends on shortening the time to market and staying agile. Businesses need to invest in secure identity verification, but that should not be the focus of their activity if it is not central to their business. As such, sourcing an identity verification solution that can integrate into your existing tech stack and ideally be scalable with your operations is key to building security and compliance into your product or service.
Passbase helps you verify users securely and perform all the necessary checks in a matter of seconds, we also help you get up and running very quickly with our suite of mobile and web friendly SDKs and an API. You can also start testing identity verification today via our free trial.
Create your free account to unlock your custom reading experience.