Traditional KYC Systems
The identity of a person can easily be established by means of documents issued by the State, such as passports, birth certificates, social security cards or driving licences. However, this method is good only with personal contact. If you need to confirm the identity of a person at a distance, it is easy to bypass him by getting the original or a copy of the desired document.
In order to reduce the risks of such fraud, the «Know your client» procedure was invented. It significantly increased the reliability of identity verification, but made the verification process ineffective, long and opaque in terms of the use of users’ personal and business data.
The traditional KYC procedure usually includes three elements:
IDV (ID Verification). Verify the identity identifier (paper or digital document) by providing the original document, scanned copy or photograph. Usually it is a superficial check, sometimes documents are compared with databases (internal, state or general, for example, with databases of credit histories).
Application of the Client Identification Program (CIP). Verification of documents on various state and corporate blacklists. There is no single standard for this procedure. The organizations themselves choose the means of verification in accordance with their capabilities and the requirements of the necessary jurisdiction. It could be the same paperwork, or it could be a fingerprint or facial scan.
Identification via video. Identity check via video, such as Skype, Viber or Google Hangouts.
In traditional KYC systems, each individual organization or government entity checks the user independently. For example, if you plan to take an online loan (or use another service) in several banks, then each bank will carry out its own identity check.
This is the main disadvantage of traditional KYC systems – every inspection requires time and money. In addition, this approach poses security risks, as personal data is transmitted from client to server at each check and can be intercepted. And bank servers can be hacked.
KYC-systems developed on blockchain
Distribution Book Technology (DLT) and Blockchain architecture allows the collection of information from different service providers into a single cryptographically secure and permanent database that does not require third-party authentication. This allows you to create a system where the user only needs to undergo the KYC procedure once and then use this platform to confirm their identity.
The identity confirmation algorithm in the bank example above will look like this:
- The user submits the documents for the KYC procedure to one of the banks, where he wants to take out a loan or use another service.
- The bank checks and, if all is normal, confirms the passing of KYC.
- The bank enters user data into a blockchain platform that other banks, organizations and government entities have access to.
- When a user wants to use the services of another bank, this second bank turns to the system and thus confirms the identity of the user.
- In such an ecosystem, access to user data will be based solely on the consent of the user. To give this consent, the user must log in and, as with cryptocurrency transactions, use the private key to initialize the information exchange operation. With the user’s consent, access to the data may also be provided by a third party (in this case by the bank), but ownership of the data remains with the user.
A similar concept of the KYC platform based on blockchain has already found practical implementation. The best known example is the joint project of IBM, Deutsche Bank, HSBC, Mitsubishi UFJ Financial Group (MUFG) and Treasuries of Cargill, which provides an efficient, secure and decentralized mechanism for verifying, collecting, storing, updating and sharing KYC data.
How Blockchain improves KYC
KYC’s blockchain-based utilities will help save money and improve personal data security in any industry where identity checks are needed. Let’s take a closer look at what exactly are the advantages of such systems.
User data collection
As it is now. Currently, the financial, banking, public and other sectors collect and store users’ personal data in centralized systems (repositories). Every time someone needs access to this data, it is sent from the repository of the KYC service provider to the devices of the company that requested access to the data.
What happens with the blockchain. Personal data will be collected by individual participants (banks, government entities, companies or users themselves) and stored in a decentralized network. Access to the data will be provided directly by users or third parties who have the appropriate authorization.
In this case, it will be possible to provide access not to the personal data of the user, but to a special identification card, which certifies the successful completion of the procedure. In this way, personal data will be protected and third parties will be able to verify the identity of their client.
Advantages of using blockchain
- increases the security of personal data;
- gives people more control over their data;
- excludes unauthorized access to data;
- complies with new data protection laws, such as the new EU General Data Protection Regulation (GDPR).
Automation and standardization
As it is now. KYC-data collection and exchange takes place daily among various organizations, enterprises and other institutions. Typically, data passes through multiple intermediaries that use different communication protocols, APIs, and management systems. And this also involves people who verify and certify information, as well as give permits for some transactions. As a result, this architecture inevitably creates a lot of errors, inconsistencies and critical vulnerabilities for unauthorized access.
As will be the blockchain. Routing of KYC workflows can be encoded into smart contracts and standardized for all industries. In such an ecosystem, data exchange will be as reliable as cash transactions in Bitcoin or Ethereum cryptocurrency payment systems.
Advantages of using blockchain
- no need for manual monitoring;
- reduction of errors, inaccuracies and data losses;
- the ability to implement multilingual solutions through smart contracts, standardization and online translation tools;
- shortening of KYC processes.
As it is now. The traditional KYC procedure is almost always carried out either by a particular company or by a KYC-service provider. In both cases, this means that the process is completely centralized. That is, one structure decides what verification should be, conducts it itself, stores collected user data and chooses how to use it.
This approach increases risks:
- unethical and illegal use of data;
- hacker attacks (one server is easier to hack);
- phishing and DDoS-attacks;
- human error.
As will be the blockchain. A system based on a decentralized distribution register eliminates the risk of monopolization of control. The immutability of the data recorded in the blockchain and open source code make it possible to make sure that the rules of the game for all participants are the same and there are no «black entries» in the program.
Automation and standardization of basic processes limits and controls the degree of human involvement (blockchain records who did what, and this information cannot be deleted).
Advantages of using blockchain
- protection against human errors and fraud;
- the possibility of automation of key regulatory issues, such as risk assessment processes carried out by banks and insurers;
- reducing the risks of violation of the law by KYC service providers;
- reducing the likelihood of industry monopolization.
- KYC data quality
As it is now. In the existing client-server data storage system based on centralized repositories, where all ecosystem participants are forced to constantly exchange personal information of users, there is a strong tendency to generate poor quality data (errors, inaccuracies, inconsistencies, false data, etc.). And this trend increases with the number of participants.
This is a direct consequence of the lack of uniform standards in the industry, as well as the fact that banks, companies, start-ups, government agencies and KYC service providers use different approaches to data storage and transmission, different communication protocols, APIs, platforms and data management systems.
What happens to the blockchain. KYC-solution on the basis of a decentralized distribution register will allow the creation of a system where data would be stored on one, accessible to all platforms. This will automatically standardize the industry and make most interactions between participants unnecessary – there is no point in sharing information if all of it is written on a blockchain that everyone has access to.
Advantages of using blockchain
- improve data quality (no errors, inaccuracies, inconsistencies, false data, etc.);
- data security will be improved (they will no longer run from one participant to another several times a day);
- will increase industry standardization.
- Communication and transparency
As it is now. In the traditional KYC-system, the ordinary person (user) does not control anything. It does not affect what documents he needs to submit to the KYC procedure, and he does not really know anything about how his personal data will be handled. Moreover, banks, companies and KYC service providers also cease to control the process once the data is passed on to other participants. The existing system is opaque and beyond any control.
What happens to the blockchain. Combining an open source platform, which itself is the source of truth, with smart contracts allows you to build a relationship where all participants will know the rules of the game and all participants will be confident that no one can break or bypass these rules.
Advantages of using blockchain
- Increasing the level of confidence of participants in each other, as well as in the industry as a whole;
- Eliminating the need for secondary verification or cross-checking processes;
- Reduction of fraud (if everyone knows what you are doing, it is difficult to hide fraud and/or evade responsibility);
- Increasing the efficiency of reporting and communication processes (saving time and money).
Warning of suspicious activities
As it is now. Despite the fact that business and the state are constantly increasing the costs of KYC-processes, they still do not have an effective tool to monitor violations of the law in this industry. Participants can falsify data, manage it however they want and circumvent the law in various ways. As a result, the growth of money laundering and terrorist financing in the world (despite the tightening of the rules of KYC & AML)
What happens to the blockchain. Thanks to the general distributed ledger and smart contracts, the KYC process can be easily regulated and controlled by all parties. Any change or update of the client data will be tracked by the system, and if anyone violates the rules, it will be known to all parties.
Advantages of using blockchain
speeding up the process of detection of fraud (the system can independently notify all interested persons about infringements of rules, attacks on the platform and the like).
Applications of KYC systems on the blockchain
KYC on the blockchain can be useful for many industries besides banks and other financial institutions. Many companies, organizations and government entities have a vital interest in knowing with whom they interact.
The most promising examples of KYC on the blockchain are:
- Identity identification in various plebiscites: local, regional, state, corporate and public.
- Identification of citizens by public authorities for various social services and taxes.
- Age verification by video game and media content providers to prevent access to materials according to the rules of PEGI (European Union), ESRB (United States), RARS (Russia), USK (Germany), ACB (Australia).
- Identification of loyalty program participants.
- Cross-border identity check.
- Online Shopping.
The most interesting thing about KYC on the blockchain is that after the initial identification of the user, subsequent checks can be reduced to a simple demonstration of a digital ID card. This card can be used by analogy with a passport or driver’s license: demanded, showed and went on. Only the reliability and security of such a card will be much higher.
5 KYC cases on the blockchain
#1: IBM Blockchain Trusted Identity. Decentralized platform for personality identification processes based on blockchain and artificial intelligence, created by the standards of the Decentralized Identity Foundation (DIF) and the World Wide Web (W3C). Like many other IBM blockchain products, it is not a final product, but a basis that can be used to create commercial solutions. https://www.ibm.com/blockchain/identity
#2: ASEAN Association Project. OCBC Bank, HSBC Singapore, and Mitsubishi UFJ Finance Group (MUFG), together with Infocomm Media Development Authority (IMDA), became the first consortium in Southeast Asia to successfully test the blockchain concept for the KYC procedure. It is a corporate solution for the banking sector, developed with and based on IBM technologies.
#3: uPort. An open identification infrastructure designed to be user-friendly. The platform allows anyone wishing to create an account, verify their own identity, request and send credentials, sign transactions, and securely manage keys and data. The system is designed on an Ethereum blockchain, and its main platform is mobile devices. https://www.uport.me/
#4: Cambridge Blockchain. The Digital Identity System, which is known for being the first blockchain startup that PayPal has invested in. At the core of the project is a blockchain, locked under KYC rules and laws such as the European “General Data Protection Regulation” (GDPR).
#5: KYC-Chain. White label B2B-based Ethereum solution. The platform assigns responsibilities to the «trusted custodians», who check, authorize and issue digital documents. There is built-in support for basic KYC templates, sanctions checking and support for various platforms. https://kyc-chain.com/
KYC – Know Your Customer
The KYC procedure (in “know your customer”) obliges all financial institutions, including cryptocurrency exchanges, to identify and verify the identity of each customer. And it is necessary to do this before it can carry out financial transactions. This protects companies from the risk of working with fraudsters and terrorists and ensures the security of clients’ assets. Once it was only the internal policies of each company, but for about 5 years KYC has established itself as a clear legal practice.
Crypto exchanges have the right to determine the stages of verification, but here is what data about the user are required:
- date of birth
- phone no
- country and residence address
- ID (passport, rights, etc.)
Simply stating the data would not be enough. The phone number must be confirmed with a one-time code from SMS, passport data – photos of documents and selfies with them, the address of accommodation – for example, a utility bill.
And the more money you want to put on the stock exchange, the more information may be required. As a rule, there is a basic level of KYC, which allows you to perform all major operations, as well as advanced levels that you need to pass if you want to stock very, very large sums. For example, we have 4 verification levels on FREE2EX. At the same time, for 90% of clients it is enough to pass all verification only until the second.
Unfortunately, some users believe that full verification is a violation of the anonymity principle in blockchain technology. But, in fact, KYC is an indicator that a crypto exchange provides a safe space for all to conduct transactions.
AML – Anti-Money Laundering
Now let’s deal with the following abbreviation;) From the title of the title everyone already understood that it is about the fight against money laundering. The AML concept was officially established after the establishment of the Financial Action Task Force – FATF – in 1989. The full version of the title stands for “Countering the laundering of proceeds of crime, countering the financing of terrorism and the financing of weapons of mass destruction”.
Blockchain network transparency is the ability for users to track the history of any cryptocurrency transaction. Although this information is publicly available, it does not identify the owners of crypto wallets and the reason for the transfer. But any transaction can be associated with such illegal activities as terrorism, phishing or ransom. Satoshi clearly developed Bitcoin solely for good purposes. But, like many other great developments, the crypt is not immune to criminal use. Therefore, buying a crypt “hand-held” we will never know if these hands were “clean”.
And just to identify the proceeds of crime, the crypto exchange implements the AML policy (prevention of money laundering). It includes a broader set of measures than KYC:
- transaction monitoring
- crypt cleanliness check (crypto-compliance)
- risk assessment
- bank card verification
KYC procedure in ICO
In general, the «Know your client» procedure is a concept that came from the banking and stock trading sphere, the world of finance. It means that any company dealing with the funds of private persons must identify the counterparty, establish his identity before carrying out the financial transaction.
The ICO, or initial token sale, is a relatively new phenomenon in the world of finance by which developers launch new cryptocurrency projects and raise funds for their creation and development. In 2021, for example, through ICO, various teams raised a total of more than 6 billion USD (according to ICOData – https://wwcoininsider.com/ico/). Such high turnover could not fail to attract the attention of state regulators around the world.
As we have already mentioned, financial institutions carry out verification of clients whose funds they manipulate: local laws on combating fraud and money laundering may require this, in the Russian Federation this law 115-FZ «On combating legalization (laundering) of proceeds of crime and financing of terrorism». In addition, the KYC procedure in the ICO opens a number of additional possibilities for the organization conducting it and makes it more reliable in the eyes of the regulators.
Identification answers the following questions:
- who brings money to the project;
- what the money’s for;
- where they came from.
For ICO, KYC is a verification procedure for token buyers and/or members of the development team, conducted by the platform that launched the ICO or using third-party services.
Who should implement KYC, AML and crypto sanctions in the sphere
All those who are interested in the crypto sphere should take part in this. First of all, cryptocurrency exchanges. They work with both fiat and tokens, ー ideal for fraudsters who want money.
You should introduce identity checks for companies that provide coin storage services (crypto wallets), those who conduct ICOs or participate in them. It is very important for a potential investor to invest in a project that inspires confidence. On the other hand, the creator of the idea benefits from a fully legal ICO. Then the founders of the blockchain project can legally withdraw money for the development and improvement of the product. KYC and AML inspections will raise the reputation of ICO in the market by creating the necessary legal framework. Remember: ICO may well become an instrument of money laundering if we do not take appropriate measures.
It is very important that these principles are followed by experts, advisors, lawyers who can influence the legislative sphere. If the system operates «dirty» money and shadow accounts, we will not be able to create a stable financial structure and a reliable business environment. Therefore, consultants need to identify customers with fraudulent intentions in advance.
And since the cryptosphere changes very quickly, all market participants must accept the rules of the game. This is the only way to create a secure environment for settlements and investments.
Why do the KYC procedure
There may be a reasonable question – why would a cryptocurrency token buyer identify himself and why does the project need this?
First, let’s look at what’s being sold during the ICO.
Two types of tokens can be sold out:
Protocol tokens (i.e.. utility tokens) The platforms generate them as «digital coupons», the purchase of which allows investors to access the functions of the project in the future. Such tokens have no attribute of ownership and are free to trade in the market for profit
Tokenized securities (Security Tokens) Unlike protocol tokens, these tokens are registered digital securities.
Many ICOs today do not offer such coins because operations with them require compliance with a number of laws. But other developers see a great future in working with tokenized assets. This means that the initial generation of tokens will already imply some form of investment income. T. e. will be sold, in fact, shares of business
Important: according to the U.S. SEC, tokens that fail the Howey test are considered Security, subject to the relevant laws.
Problem to be solved
The KYC procedure allows you to solve several problems:
Increased credit to the banking system.
The implementation of KYC during token generation and sale makes it easier for the project team to work with banks and comply with anti-money laundering legislation. Compliance with the laws in the ICO procedure gives the project a sign of «legality» and attracts investors who are ready to invest money in compliance with the requirements of KYC.
Spreading of the investment platform.
Cases should be handled transparently, especially in regions where there is a potential for compliance with local laws. As the power structures of major regional markets (Asia, the US, Europe) converge to classify ICOs as securities transactions, the ICOs themselves (and their authors) should be proactive in bringing projects into line with the laws of the respective countries and markets.
Legalization in the long term.
Any business committed to success, aimed at long-term existence, should take into account existing laws and comply with them. The legitimacy of the project is based on how well-designed and protected crypto assets and management contracts are.
Improve public acceptance of the project.
Despite the general «hype» around cryptocurrencies and ICOs, the lack of regulations and methods of regulation, general information about these phenomena makes them potentially vulnerable to fraudsters. The more the team informs the public about their overall plans, financial structure, use of the raised funds, related risks and other aspects of the project, the better people can assess the value of the proposal for themselves.
Expansion of coverage.
Voluntary compliance with KYC procedures helps ICO projects reach a wider audience and increase the number of jurisdictions where a particular platform is eligible to operate. This helps to attract new investors, especially from Canada and the United States with their strict laws.
If the ICO is open to investors from the US, you should consider how to prevent them from selling their purchased tokens over the next 12 months. And if American investors are not allowed on the project, how do we prevent them from buying in the future? The synthesis of KYC procedures and anti-money laundering legislation will make it possible to better track the movement of money and communicate with investors.
Avoiding penalties and fines.
In many jurisdictions, authorities impose severe fines on ICO projects, if they are considered to be securities sales, in accordance with local finance laws. KYC allows you to fulfill legal requirements and avoid penalties.
Specifically for the ICO KYC platform means:
- Verification and confirmation of investor’s identity.
- Analyzing his personal, financial, and business activities.
- Assessment of risks of fraud, theft or money laundering.
The cryptocurrency sphere continues to develop at an active pace and this in turn leads to the emergence of new terms. So, as the current period of the cryptocurrency industry can be described as «cryptocurrency winter», I decided to devote this time to the study of new terms and new directions emerging in this sphere.
Recently, there has been a clear trend to introduce the KYC (Know Your Customer – Know Your Customer) rule on all known cryptocurrency sites that wish to cooperate with regulatory agencies. This principle is more the norm than a feature when registering crowdseils (ICOs) and verifying cryptocurrencies. However, at the moment few are familiar with the new rule that is being actively implemented – KYT (Know Your Transaction – Know your transaction). Although not as well known among the general public at the moment, the potential of the rule is enormous. At a minimum, it can cause serious damage to anyone whose cryptocurrency will be considered «smeared» in criminal schemes.
How clean are your cryptocurrencies?
I don’t think any users are asking how clean their coins are right now. Indeed, what difference does it make how digital assets were used before they reached the next owner? Also at an acute angle the question is posed: «Does not the discrimination of «black» coins contradict the concept of interchangeability?». However, whether or not the majority wants it, the KYT rule is actively gaining momentum. A similar trend can divide the Bitcoin network into two states: one for verified users, and the other for unveiled with their «gray money».
Against the background of the active development of KYT it is necessary to say about the company Chainalysis, which is closely connected with this process. The company specializes in tracking money in the blockchain. At the moment, her reputation in the crypto community is considered, let’s say, quite controversial. On the one hand, employees of the company managed to find stolen bitcoins from MtGox. On the other hand, however, users are not particularly pleased with the fact that all of their translations are recorded and linked to identification data. Given that Chainalysis has recently attracted $30 million in investment, it is likely that similar tracking tools will soon be available in all popular blockchains.
KYC for ICO team
There is also a Know Your Customer procedure for the ICO team. Many authorities in the cryptocurrency world consider it crucial to assess the reliability and success of the project, so identification is often carried out by the developers themselves. For example, information on KYC for the team is published by the portal ICOBench.
How the KYC procedure works
The process of investor verification takes place:
- all online;
- to confirm identity by meeting an authorized agent.
In any case, the person wishing to participate in the ICO and to be verified must register on the project website, where he or she will be asked to confirm his or her identity by sending a set of documents (usually series/numbers of such, as well as scanned copies). The service then processes this information and confirms or denies the identification of the citizen.
In some cases, the procedure may require an additional meeting with an authorized specialist – a service agent who conducts the final stage of authentication at a time convenient for the client.
ICO platforms use both proprietary KYC and third-party solutions – for example, Sum&Substance
Contact our legal department for more information on KYC for your chosen jurisdiction.