Traditional KYC Systems
The identity of a person can be easily identified through documents issued by the State, such as passports, birth certificates, social security cards or driving licences. However, this method is only good when face-to-face. If you need to confirm a person’s identity at a distance, it is easy to bypass him by getting the original or a copy of the desired document.
To reduce the risks of such fraud the «Know your client» procedure was invented. This has greatly improved the reliability of identity checks, but has rendered the verification process ineffective, lengthy and opaque in terms of the use of users’ personal and business data.
The traditional KYC procedure mostly involves three elements:
IDV (ID check). Verification of identity (paper or digital document) by providing the original document, scanned copy or photograph. Usually this is a superficial check, sometimes documents are compared with databases (for example, credit history databases).
Application of the Client Identification Program (CIP). Verification of documents on various state and corporate blacklists. There is no single standard for this procedure. Organizations choose the means of control according to their capabilities and the requirements of the necessary jurisdiction. It could be the same documents or fingerprints or facial scans.
Identification via video. Identification through videos such as Skype, Viber or Google Hangouts.
In traditional KYCs, each individual organization or government agency independently verifies the user. For example, if you plan to take an online loan (or use another service) in several banks, then each bank will carry out its own identity check.
This is the main drawback of traditional KYC systems – every inspection requires time and money. In addition, this approach poses a security risk as personal data is transferred from client to server at each check and can be intercepted. And bank servers can be hacked.
KYC-systems developed on blockchain
Distribution Book Technology (DLT) and Blockchain architecture allows the collection of information from different service providers into a single cryptographically secure and permanent database that does not require third-party authentication. This allows you to create a system where the user only needs to undergo the KYC procedure once and then use this platform to confirm their identity.
The identity confirmation algorithm in the bank example above will look like this:
- The user submits the documents for the KYC procedure to one of the banks, where he wants to take out a loan or use another service.
- The bank checks and, if all is normal, confirms the passing of KYC.
- The bank enters user data into a blockchain platform that other banks, organizations and government entities have access to.
- When a user wants to use the services of another bank, this second bank turns to the system and thus confirms the identity of the user.
- In such an ecosystem, access to user data will be based solely on the consent of the user. To give this consent, the user must log in and, as with cryptocurrency transactions, use the private key to initialize the information exchange operation. With the user’s consent, access to the data may also be provided by a third party (in this case by the bank), but ownership of the data remains with the user.
A similar concept of the KYC platform based on blockchain has already found practical implementation. The best known example is the joint project of IBM, Deutsche Bank, HSBC, Mitsubishi UFJ Financial Group (MUFG) and Treasuries of Cargill, which provides an efficient, secure and decentralized mechanism for verifying, collecting, storing, updating and sharing KYC data.
How Blockchain improves KYC
KYC’s blockchain-based utilities will help save money and improve personal data security in any industry where identity checks are needed. Let’s look at the benefits of such systems.
User data collection
As it is now. Currently, in the financial, banking, public and other sectors, users’ personal data are collected and stored in centralized systems (repositories). Every time someone requires access to this data, it is sent from the KYC provider’s repository to the company’s devices requesting access to the data.
What’s going on with the blockchain. Personal data will be collected by individual participants (banks, government agencies, companies or users themselves) and stored in a decentralized network. Access to the data will be provided directly by authorized users or third parties.
In this case it will be possible to provide access not to the user’s personal data, but to a special identification card, which certifies the successful completion of the procedure. In this way, personal data will be protected and third parties will be able to verify the identity of their client.
Advantages of using blockchain
- Increases the security of personal data
- Gives people more control over their data
- Excludes unauthorized access to data
- Complies with new data protection laws such as the new EU General Data Protection Regulation (GDPR)
Automation and standardization
As at present. KYCs collect and exchange data on a daily basis between different organizations, enterprises and other agencies. Typically, data is transmitted through multiple intermediaries that use different communication protocols, APIs, and management systems. This also applies to people who verify and certify information, as well as give permission for some operations. As a result, this architecture inevitably creates many errors, inconsistencies and critical vulnerabilities for unauthorized access.
How will the blockchain. The routing of KYC workflows can be coded into smart contracts and standardized across all industries. In such an ecosystem, data exchange will be as reliable as monetary transactions in bitcoin or ethereum cryptocurrency payment systems.
Advantages of using blockchain
- No need for manual surveillance.
- Reduce errors, inaccuracies and data loss.
- Ability to implement multilingual solutions through smart contracts, standardization and online translation tools.
- Reduction of KYC Processes.
As now. The traditional KYC procedure is almost always performed either by a particular company or by the KYC service provider. In both cases, this means that the process is fully centralized. That is, one structure decides what verification should be, conducts it itself, stores collected user data and chooses how to use it.
This approach increases risks:
- Unethical and illegal use of data.
- Hacker attacks (one server is easier to hack).
- Phishing and DDoS Attacks.
- Human Error.
How is blockchain. A system based on a decentralized distribution register eliminates the risk of monopolizing control. The immutability of the data recorded in the blockchain and in the open source code allows you to make sure that the rules of the game for all participants are the same and there are no «black entries» in the program.
Automation and standardization of basic processes limits and controls the degree of human involvement (blockchain records who did what and this information cannot be deleted).
Advantages of using blockchain
- Protection against human error and fraud.
- Automation of key regulatory issues, such as risk assessment processes by banks and insurers.
- Reducing the risk of infringement of the law by CSPs.
- Reducing the likelihood of industrial monopolization.
- Data Quality of KYC.
As it is now. In the current client-server storage system, based on centralized repositories, where all ecosystem participants are forced to continuously share user personal information, there is a strong tendency to obtain poor quality data (errors, inaccuracies, inconsistencies, false data, etc.). And this trend increases with the number of participants.
This is a direct consequence of the lack of uniform industry standards, as well as the fact that banks, companies, emerging companies, government agencies and KYC service providers use different approaches to data storage and transmission, different communication protocols, API, platform and data management systems.
What’s going on with the blockchain. The CMC solution based on a decentralized distribution register will create a system in which data will be stored on a single medium accessible to all platforms. This will automatically standardize the industry and make most interactions between participants unnecessary – there is no point in sharing information if it is all written on the blockchain that everyone has access to.
Advantages of using blockchain
- Improved data quality (no errors, inaccuracies, inconsistencies, false data, etc.).
- Data security will be improved (it will no longer be transmitted from one participant to another several times a day).
- Will increase standardization in industry.
- Communication and transparency.
As now. In the traditional KUS-system, the ordinary person (user) does not control anything. This does not affect what documents he must submit to the KYC procedures, and he does not really know anything about how his personal data will be processed. In addition, banks, companies, and CACs also lose control of the process once the data is shared with other participants. The current system was opaque and beyond any control.
What’s going on with the blockchain. Combining an open source platform, which is itself the source of truth, with smart contracts allows you to build a relationship where all participants know the rules of the game and all participants are confident that no one can break or circumvent those rules.
Advantages of using blockchain
- Increasing the level of confidence of participants in each other, as well as in the industry as a whole.
- Elimination of secondary verification or cross-checking.
- Reducing fraud (if everyone knows what you are doing, it is difficult to hide fraud and/or avoid responsibility).
- Improved reporting and communication processes (time and money savings).
Warning of suspicious activity
As it is now. Despite the fact that business and the state are constantly increasing the cost of KYC processes, they still do not have an effective tool to monitor violations of legislation in this industry. Participants can falsify data, manage it however they choose, and circumvent the law in various ways. As a result, money laundering and terrorist financing are on the rise in the world (despite the tightening of the CFA and AML regulations)
What’s going on with the blockchain. With distributed ledgers and smart contracts, the KYC process is easily regulated and controlled by all parties. Any change or update to client data will be tracked by the system, and if anyone breaks the rules, it will be known to all parties.
Advantages of using blockchain
- Speeding up the process of detection of fraud (the system can independently notify all interested persons about violations of rules, attacks on the platform and the like).
- Applying KYC systems to blockchain.
- KYC on blockchain can be useful for many industries besides banks and other financial institutions. Many companies, organizations and government entities have a vital interest in knowing who they are interacting with.
The most promising examples of KYC on blockchain are:
- Identity identification in various plebiscites: local, regional, state, corporate and public.
- Identification of citizens by public authorities under various social services and taxes.
- Age verification of video game and media content providers to prevent access to materials in accordance with PEGI (European Union), ESRB (United States), RARS (Russia), USK (Germany), ACB (Australia).
- Identification of loyalty program participants.
- An identity check at the border.
- Online Purchase.
The most interesting thing about KYC on blockchain is that after initial user identification, subsequent checks can be reduced to a simple demonstration of a digital ID card. This card can be used by analogy with a passport or driver’s license: required, shown and continued. Only the reliability and security of such a card will be much higher.
5 KYC cases on the blockchain
#1: IBM Blockchain Trusted Identity. Decentralized platform for personality identification processes based on blockchain and artificial intelligence, created by the standards of the Decentralized Identity Foundation (DIF) and the World Wide Web (W3C). Like many other IBM blockchain products, it is not a final product, but a basis that can be used to create commercial solutions. https://www.ibm.com/blockchain/identity
#2: ASEAN Association Project. OCBC Bank, HSBC Singapore, and Mitsubishi UFJ Finance Group (MUFG), together with Infocomm Media Development Authority (IMDA), became the first consortium in Southeast Asia to successfully test the blockchain concept for the KYC procedure. It is a corporate solution for the banking sector, developed with and based on IBM technologies.
#3: uPort. An open identification infrastructure designed to be user-friendly. The platform allows anyone wishing to create an account, verify their own identity, request and send credentials, sign transactions, and securely manage keys and data. The system is designed on an Ethereum blockchain, and its main platform is mobile devices. https://www.uport.me/
#4: Cambridge Blockchain. The Digital Identity System, which is known for being the first blockchain startup that PayPal has invested in. At the core of the project is a blockchain, locked under KYC rules and laws such as the European “General Data Protection Regulation” (GDPR).
#5: KYC-Chain. White label B2B-based Ethereum solution. The platform assigns responsibilities to the «trusted custodians», who check, authorize and issue digital documents. There is built-in support for basic KYC templates, sanctions checking and support for various platforms. https://kyc-chain.com/
KYC – Know Your Customer
The KYC procedure (in “know your customer”) obliges all financial institutions, including cryptocurrency exchanges, to identify and verify the identity of each customer. And it is necessary to do this before it can carry out financial transactions. This protects companies from the risk of working with fraudsters and terrorists and ensures the security of clients’ assets. Once it was only the internal policies of each company, but for about 5 years KYC has established itself as a clear legal practice.
Crypto exchanges have the right to determine the stages of verification, but here is what data about the user are required:
- date of birth
- phone number
- country and residence address
- ID (passport, rights, etc.)
Simply stating the data would not be enough. The phone number must be confirmed with a one-time code from SMS, passport data – photos of documents and selfies with them, the address of accommodation – for example, a utility bill.
And the more money you want to put on the stock exchange, the more information may be required. As a rule, there is a basic level of KYC, which allows you to perform all major operations, as well as advanced levels that you need to pass if you want to stock very, very large sums. For example, we have 4 verification levels on FREE2EX. At the same time, for 90% of clients it is enough to pass all verification only until the second.
Unfortunately, some users believe that full verification is a violation of the anonymity principle in blockchain technology. But, in fact, KYC is an indicator that a crypto exchange provides a safe space for all to conduct transactions.
AML – Anti-Money Laundering
Now consider the following abbreviation;) From the name everyone has already understood that it is a fight against money laundering. The concept of anti-money laundering was formally developed after the establishment of the Financial Action Task Force, FATF, in 1989. The full title is entitled “Countering the laundering of proceeds of crime, the financing of terrorism and the financing of weapons of mass destruction”.
Blockchain network transparency is the ability for users to track the history of any cryptocurrency transaction. Although this information is publicly available, it does not identify the owners of cryptographic wallets and the reason for the transfer. But any transaction can be associated with such illegal activities as terrorism, phishing or ransom. Satoshi clearly developed Bitcoin exclusively for good purposes. But, like many other great developments, the crypt is not immune to criminal use. Therefore, buying the crypt “hand” we will never know whether these hands were “clean”.
And just to identify the proceeds of crime, cryptocurrency implements the AML policy (prevention of money laundering). It includes a broader range of measures than the LCCs:
- Transaction monitoring
- Verification of encryption purity (encryption)
- Risk assessment
- Bank card verification
The KYC procedure in the ICO
In general, the procedure «Know your client» – is a concept that came from the banking and exchange sphere, the world of finance. This means that any company dealing with funds of private persons must establish the identity of the counterparty, establish his identity before the financial transaction.
The ICO, or initial sales token, is a relatively new phenomenon in the world of finance that developers are launching new cryptocurrency projects and raising funds for their creation and development. In 2021, for example, through the ICO, various teams raised a total of more than $6 billion (according to ICOData). Such high turnover could not fail to attract the attention of government regulators worldwide.
As we have already mentioned, financial institutions conduct checks on clients whose funds they manipulate: local laws on combating fraud and money laundering may require this, in the Russian Federation this law 115-FZ; «On combating legalization (laundering) of proceeds of crime and financing of terrorism». In addition, the CVS procedure in ISOC provides a number of additional opportunities for the organization conducting the CVS and makes it more reliable in the eyes of regulators.
Identification answers the following questions:
- Who brings the money to the project.
- That’s what the money’s for.
- Where they came from.
For ICO, KYC is a verification procedure for tokens buyers and/or members of the development team conducted by the platform that has launched ICO or using third-party services.
Who should implement KYC, AML and crypto sanctions in the sphere
All those who are interested in crypto should take part in this. First of all, crypto exchanges. They work both with fiat and tokens, ー ideal for crooks who want money.
You should enter an identity check for companies that provide coin storage services (cryptographic wallets), those who hold ICOs or participate in them. It is very important for a potential investor to invest in a project that inspires confidence. On the other hand, the creator of the idea benefits from fully legal ICOs. Then the project’s blockchain founders can legitimately withdraw money for product development and improvement. KUS and AML inspections will increase the reputation of ICO in the market by creating the necessary legal framework. Remember: ICO may well become a tool for money laundering if we do not take appropriate measures.
It is very important that these principles are followed by experts, advisers, lawyers who can influence the legislative sphere. If the system will work «dirty» money and shadow accounts, we will not be able to create a stable financial structure and a reliable business environment. Consultants should therefore identify clients with fraudulent intentions in advance.
And since the cryptosphere changes very quickly, all market participants must accept the rules of the game. This is the only way to create a safe environment for settlements and investments.
Why do the KYC procedure
There may be a reasonable question – why would a cryptocurrency token buyer identify themselves and why would the project need this?
First, let’s see what’s being sold during ICO.
Two types of tokens can be sold:
- Protocol tokens (i.e. useful tokens). The platforms generate them as «digital coupons», the acquisition of which allows investors to access project functions in the future. Such tokens have no property attribute and are free to trade on the market for profit
- Security Tokens (Tokens) Unlike protocol tokens, these tokens are registered digital securities.
Many ICOs today do not offer such coins because transactions with them require compliance with a number of laws. But other developers see a great future in working with tokenized assets. This means that the initial generation of tokens will already imply some form of investment income. T. e. will be sold, in fact, shares of the business
Important: According to the U.S. SEC, tokens that fail the Howey test are considered Security, subject to the relevant laws.
The problem to be solved
The KYC procedure solves several problems:
- Increased lending to the banking system.
- The implementation of the UGC in the generation and sale of tokens facilitates the work of the project team with banks and compliance with anti-money laundering legislation. Compliance with the laws in the ICO procedure gives the project a sign of «legality» and attracts investors willing to invest money in accordance with the requirements of the KUS.
Expansion of the investment platform.
Cases should be handled transparently, especially in regions where the capacity to enforce local laws exists. As the power structures of major regional markets (Asia, the US, Europe) converge to classify ICOs as securities transactions, ICOs themselves (and their authors) must be active in bringing projects into line with the laws of the respective countries and markets.
Legalization in the long term.
Any enterprise seeking success and having a long-term existence must take into account and comply with existing laws. The legitimacy of the project is based on how well cryptographic assets and management contracts are developed and protected.
Increased public acceptance of the project.
Despite the general «hype» around cryptocurrencies and ICOs, the lack of rules and regulation, general information about these phenomena makes them potentially vulnerable to fraudsters. The more the group informs the public about their overall plans, financial structure, the use of leveraged funds, associated risks and other aspects of the project, the better people will be able to appreciate the value of the proposal for themselves.
Expansion of coverage.
Voluntary compliance with YCL procedures helps ICO projects reach a wider audience and increase the number of jurisdictions where a particular platform has the right to operate. This helps attract new investors, especially from Canada and the United States, with their strict laws.
If the ICO is open to US investors, you should consider how to prevent them from selling their purchased tokens within the next 12 months. And if American investors aren’t allowed on the project, how do we stop them from buying in the future? The synthesis of UGC procedures and anti-money laundering legislation will allow better monitoring of money flows and communication with investors.
To avoid fines.
In many jurisdictions, authorities impose severe fines on ICO projects if they are considered to be securities sales under local financial legislation. The KYC allows you to fulfill legal requirements and avoid penalties.
Specifically for the ICO KYC platform means:
- Verification and confirmation of investor’s identity.
- Analysis of his personal, financial and business activities.
- Assessment of risks of fraud, theft or money laundering.
The cryptocurrency sphere continues to develop at an active pace, which in turn leads to the emergence of new terms. So, since the current period of the cryptocurrency industry can be described as «cryptocurrency winter», I decided to devote this time to the study of new terms and new directions emerging in this field.
Recently, there has been a clear trend to introduce a KYC (know your client – know your client) rule on all known cryptocurrency sites that want to cooperate with regulators. This principle is more a rule than a function when registering crowdseils (icos) and verifying cryptocurrencies. However, at the moment, few are familiar with the new rule that is being actively implemented – BAT (Know your deal – Know your deal). Although the public was not well known at present, the potential of the rule was enormous. At a minimum, this can cause serious damage to anyone whose cryptocurrency will be considered «blurred» in criminal schemes.
How clean are your cryptocurrencies?
I don’t think any users are asking how clean their coins are right now. Indeed, what difference does it make how digital assets were used before they reached the next owner? Also at an acute angle the question is posed: «Does not the discrimination of «black» coins contradict the concept of interchangeability?». However, whether or not the majority wants it, the KYT rule is actively gaining momentum. A similar trend can divide the Bitcoin network into two states: one for verified users, and the other for unveiled with their «gray money».
Against the background of the active development of KYT it is necessary to say about the company Chainalysis, which is closely connected with this process. The company specializes in tracking money in the blockchain. At the moment, her reputation in the crypto community is considered, let’s say, quite controversial. On the one hand, employees of the company managed to find stolen bitcoins from MtGox. On the other hand, however, users are not particularly pleased with the fact that all of their translations are recorded and linked to identification data. Given that Chainalysis has recently attracted $30 million in investment, it is likely that similar tracking tools will soon be available in all popular blockchains.
KYC for ICO team
There is also a Know Your Customer procedure for the ICO team. Many authorities in the cryptocurrency world consider it crucial to assess the reliability and success of the project, so identification is often carried out by the developers themselves. For example, information on KYC for the team is published by the portal ICOBench.
How the KYC procedure works
The process of investor verification takes place:
- All online.
- To confirm identity by meeting an authorized agent.
In any case, the person wishing to participate in the ICO and to be verified must register on the project website, where he or she will be asked to confirm his or her identity by sending a set of documents (usually series/numbers of such, as well as scanned copies). The service then processes this information and confirms or denies the identification of the citizen.
In some cases, the procedure may require an additional meeting with an authorized specialist – a service agent who conducts the final stage of authentication at a time convenient for the client.
ICO platforms use both proprietary KYC and third-party solutions – for example, Sum&Substance
Contact our legal department for more information on KYC for your chosen jurisdiction. Contact us now to schedule a personalised consultation and set the stage for a successful crypto business.
At the moment, the main services of our company are legal and compliance solutions for FinTech projects. Our offices are located in Tallinn, Vilnius, Prague, and Warsaw. The legal team can assist with legal analysis, project structuring, and legal regulation.