Know Your Customer(KYC) Regulations for STOsby@asaf
1,233 reads
1,233 reads

Know Your Customer(KYC) Regulations for STOs

by Asaf FybishDecember 24th, 2018
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Know your customer, also commonly referred to as “<strong>know your client</strong>” or<strong> KYC </strong>for short, is the name given to the process of a company confirming their customer’s identity and making an assessment as to whether the business relationship has a potential risk of illegal activities. The term is also used in relation to anti-money laundering regulations (AML).

Coin Mentioned

Mention Thumbnail
featured image - Know Your Customer(KYC) Regulations for STOs
Asaf Fybish HackerNoon profile picture

Know your customer, also commonly referred to as “know your client” or KYC for short, is the name given to the process of a company confirming their customer’s identity and making an assessment as to whether the business relationship has a potential risk of illegal activities. The term is also used in relation to anti-money laundering regulations (AML).

Typical examples of businesses that have to place a lot of emphasis on KYC regulations are banks, other financial institutions, companies that are issuing stock and also, more recently, companies who are offering their shares through Security Token Offerings (STO).

Why do STOs apply to KYC Regulations?

Unlike ICOs, which issue Utility Tokens to the customer, STOs provide what is called a Security Token. Under the law in the United States, Security Tokens are classed as securities by the Securities and Exchange Commission.

The reason for this is that they fall under the scope of the Howey Test, which was established in the case SEC vs Howey (1946). The test set out the following and if a token meets the following criteria, it will be classed as a security and therefore a Security Token.

  • It involves an investment of money or other financially valuable assets.
  • There is more than one investor and the business is a common enterprise.
  • There is an expectation of profit from the investment.
  • Any of the profits are gained from a third-party or the promotor of the token.

Because Security Tokens are classed as securities by the SEC, they fall under the scope of KYC regulations, where the SEC demands that businesses that are offering Security Tokens know and ensure that they can verify the identity of their customers, so they can prevent any fraudulent activity that may be carried out as a result of the STO.

The Law Surrounding KYC Regulations

Of course, each country has its own set of regulations surrounding KYC practices, however, for simplicity, we will be focusing on the Rules in the US.

Initially, KYC Regulations in the United States took a proper form as a result of the USA Patriot Act of 2001. This was initially to ensure that there was a barrier to money being laundered to criminal and terrorist groups. It essentially tied together elements of the already enacted Bank Secrecy Act of 1970 and the Money Laundering Control Act of 1986.

As a result of all of these laws, as a distributor of securities, there are certain expectations of you.

Firstly, you have a responsibility to your other investors and to the law, to accurately screen any prospective investors, before they are allowed to invest in your STO. Firstly, because STOs have to be registered with the SEC, you will need to jump through their regulatory hoops too. The majority of Security Tokens are limited in the United States, in the sense that they can only be sold to accredited investors.

Accredited Investors are mainly defined as the following:

  1. A person who has earned income that exceeded $200,000 (or $300,000 together with a spouse) in each of the prior two years, and reasonably expects the same for the current year,


2. A person who has a net worth over $1 million, either alone or together with a spouse (excluding the value of the person’s primary residence).

Accredited investors are not limited to these two descriptions. However, they are the most common group of accredited investors. Other categories can be viewed on our guide on Launching an STO.

As well as this, KYC regulations mean that massive importance is placed on identifying and verifying the identity of any potential investors in an STO. This means that you will have to gather certain pieces of information on interested individuals. Some examples of which are included below.

  • Financial Circumstances.
  • Age of the Investor.
  • Date of Birth.
  • Current Residence Address.
  • Employment Status
  • Annual Income (Could be for previous years too.)
  • Why are they Investing?

Ways in which you can get this information will be explained a bit later on when we touch on how to get your processes up and running. While you are preparing your KYC procedures, it is best that you enlist support from outside legal help.

It seems evident that if you don’t know the answer to a legal question, then you ask a lawyer. However, some people like to try and do things on their own, which should be avoided in this situation. If you are unsure of anything relating to KYC Regulations, then you should approach a qualified legal professional who can help to guide you through the process.

It may be quite expensive to get legal help, although, the legal help will be cheaper and less damaging to your reputation than getting in trouble with the SEC, or other government agencies would be.

Why are KYC Regulations Important?

KYC regulations are incredibly important. This is because, through the identification and verification process required through these regulations, companies offering Security Tokens can know who they are dealing with.

As a result of being able to identify every customer positively, the chances of the Security Token Offering being subject to identity fraud, money laundering or financing criminal or terrorist activities dramatically decreases.

Furthermore, being able to display a strong commitment to following KYC regulations will vastly improve the reputation of the firm offering the Security Tokens. Also, there is the additional positive for other investors, in that they know that their investment will be better protected if all other investors are being vetted and checked.

Rather fortunately, Security Tokens can be made to be compliant with KYC regulations by design. For example, Polymath’s own smart contract contains a constantly updated list of accredited investors. Due to SEC regulations on securities exemptions, it has been the case that all STOs are registered under a Regulation D exemption. This means that in the United States, only an accredited investor can invest in an STO if it is filed under Regulation D.

As a result of this, investors are easily identified, resulting in the above benefits from following KYC procedures. Nobody can hold Polymath Security Tokens unless they are verified first.

How to Implement KYC Procedures?


Because STOs are more legally similar to Initial Public Offerings (IPOs) than they are to ICOs, the regulations and procedures in regards to KYC are very similar.

Firstly, businesses that carry out STOs must make certain checks, to verify the identity of a person who wishes to invest in the STO. They are required to know potential investors’ financial circumstances, as previously mentioned, this means that creating a “whitelist” is critical to your STO.

As previously mentioned also, it is entirely possible to use the blockchain of your STO to make complying with these procedures a lot easier. If you are going to be registering with the SEC under a Regulation D exemption, then you will only be targeting accredited investors in the US. You can create a whitelist, much in the same way that Polymath has, which will only allow these accredited investors to buy into your STO. This means sanctioned individuals and potential scammers will not be able to take part.

Supporting Documentation

Something that you will need to get from your potential investors, is supporting documentation. There should be documentation to support all of the different pieces of information that are listed above. However, it is not limited to the above. This documentation will then be used to ensure the identity of the person trying to invest. Of course, it is likely that you will receive digital versions of these documents, so, you will need to take care that there are no alterations and all of the details on the documents match up correctly. For example, if there is a different date of birth on two different documents, you will need to ask serious questions.

Some examples of the documents you will need to receive are:

  • Proof of Address
  • Proof of Age
  • Photographic Identification (i.e. Passport)
  • Proof of Income
  • Proof of Employment

Tailoring to Location

As we know, some countries have incredibly strict regulations surrounding crypto tokens. This means that you will either have to research a lot of different countries legal situation or, it is more likely that you will have to find a way to ring-fence your offering. Ringfencing will mean that you will only select a few countries which your token will be issued to, avoiding the uncertainty of legal sectors which you may be unfamiliar with.

Doing this helps you to avoid stepping into unexpected, legal hot water.

Preparing for Audits

There may be points in the future where you are subject to an outside audit by a government institution. This may not happen, but, it’s better to be safe than sorry. As a result of this, you should look into documenting your KYC and AML processes in a way that would be easy for auditors to digest, this documentation should also show all of the steps that you have taken to remain compliant.

This will help to speed along the audit process because your co-operation will help to speed any investigations along. At the end of the day, an extended audit is the last bit of stress that you need and if you haven’t documented your procedures, this is exactly what you will get.


To conclude, the requirements for KYC in relation STOs are very similar to the way that they would be with IPOs. That is the case for now, at least. We can never be sure of how the regulatory field could change.

As a result of reading this guide, you should feel like you have learned about the importance of KYC and AML Regulations and also about some of their different aspects that need to be applied to your procedures.

This has been mentioned before, but, I want to stress the fact that if you are unsure about anything that hasn’t been answered in this guide, you should seek outside help from a qualified lawyer.