So, what's KYC all about?
Know Your Customer (KYC) is basically the process that banks and other financial institutions have to go through to collect important info from their clients before doing any business. This isn’t just some random thing; it’s part of government regulations that make sure these practices are followed. Companies of all sizes also use KYC to check that agents, consultants, or distributors they work with are following anti-bribery rules. Lately, banks, insurers, and export credit agencies are pushing customers for extensive info regarding anti-corruption to make sure they’re trustworthy.
Who’s responsible for KYC?
KYC is really the job of every financial institution or regulated company out there. These regulations make it clear that they have to set up KYC processes. This helps them know their customers and understand their financial activities, allowing them to keep an eye on transactions and spot anything suspicious.
KYC Best Practices
When it comes to KYC, here are some common controls:
- Collecting and reviewing basic identity details (often seen in the US as a "Customer Identification Program" or CIP)
- Checking names against lists of known individuals (like "politically exposed persons" or PEP)
- Figuring out the risk level of a customer in terms of things like money laundering, terrorist financing, or identity theft
- Setting expectations for how customers usually transact
- Keeping tabs on transaction activities.
Understanding AML and KYC
19 replies 204 views
Want to improve this sticky? Edits to the sticky may be paid! Please post a quote of this sticky with all of the changes you would like included in the thread linked below:
https://bitcointalk.org/index.php?topic=357590.0
Feel free to use this sticky as a general discussion of AML/KYC policies.
To expand a bit on what all this means at local level.
Services design their own AML/KYC policies and risk management processes with the over-arching guidelines and statutory requirements in mind. Conventional financial institutions tend to have extremely conservative risk assessment frameworks because they're at risk of fines in the hundreds of millions if they're found to be non-compliant.
The risk assessment/management procedures individual institutions use are developed by them. They get to decide which customers and what transactions are "high risk" and can and do choose to cease providing services to high risk accounts rather than apply enhanced AML/KYC compliance procedures to those accounts. They are under no legal obligation whatsoever to allow you to operate a high risk account and don't have to justify a refusal to do so (under some circumstances, they may even be prohibited from giving you a specific reason).
Compliance is a huge administrative burden for financial institutions and it's both cheaper and easier for them to dump accounts/customers who add to that burden. They not only don't care if you take your business elsewhere, they actively want you to do so - they want your accounts to be someone else's headache.
When your financial institution refuses to process a transaction or closes your account, they are not telling you what to do with your money. They don't actually give a fuck what you do with your money. What they're doing is refusing to act as the middleman in transactions which expose them to potential liability. Any fees they might have earned from that transaction pale into insignificance compared to the fines which allowing a single transaction which breaches AML/KYC requirements can attract (it's 11 million per breach here in Australia for a corporation and a single transaction can involve multiple breaches). It's not about your right to send funds to potentially flaky Bitcoin services or Nigerian "princes" - it's about their right (and, to a large extent, obligation) to not involve themselves in high risk transactions.
People in general greatly over-estimate their importance as customers to financial institutions. You may believe that you're giving them "a lot of business", but in the overall context of their operations you're not bringing them enough profit to justify the risks involved in servicing your account. They can always find low risk customers to replace you.
Can ANX get added to the list?
We are a Money Services Operator (MSO) in Hong Kong. This is the equivalent of a FINCEN/FINTRAC MSB in the USA. We are under stringent compliance controls where we go above and beyond the standard KYC/AML and SSR requirements set out for the license. Because we are in the crypto currency industry we heave to work much harder to keep abreast on the latest developments in KYC and AML than the typical MSO or banks to mitigate any risk in our business. ANX was one of the first exchanges to implement strong KYC/AML requirements on all our customers since Day 1 of our opening in July 2013. This proved to be painful and troublesome for some of our customers and even cost us some customers as they did not feel they needed to provide this information to us since many of the other exchanges did not have such policies and not an industry standard at the time.
We knew that KYC/AML will be one of the main reasons why the regulators and government will ban or accept crypto currencies. Hence we had been forward thinking and adequately pre-empted these requirements that have been the norm today. ANX is in this for the long term and will do what it takes to ensure we will stay in business to be able to provide our a customers a safe and compliant way to trade crypto currencies.
Add CoinMKT and VoS, please.
block_2021Full Member
Posts: 109 · Reputation: 444
#6Nov 18, 2018, 03:16 PM
There's also https://bitcoin-central.net/ operated by Paymium
And here is the problem. If you are a normal, 9-5, go home to the wife and kids guy, then you will probably fit the guidelines/expectations perfectly.
If you are (like me and many others), an expat in Asia, using bank accounts in very Third World countries, you are shit out of luck. Can I get verified at Coinbase, Bitstamp or other major exchange? Not likely. I get forced to BTC-e because I don't fit the normal profile.
If I could get a KYC support person to listen to my story, and make some allowance for it, it would be easy. Unfortunately, that would take 30 minutes which they don't want to give. The questions usually go like this:
Why don't you have a US bank account? Why do you have an account in Cambodia and Vietnam?
-- Because I haven't lived in the US in 8 years. I split time between those countries.
I need a utility bill and a copy of your passport.
-- Here is the passport. I don't have a utility bill in my name. It is normal here that utility bills stay in the landlord's name. Since mail is never actually delivered, I pick them up at the utility office anyway. What can i give you instead? A copy of my lease, notarized? A letter from the local police? Name it.
Sorry, sir. Our rules state that a utility bill is required. We will not be able to allow you to transfer your money back to your account from the exchange. Fuck off, money laundering scum.
Expected profiles and expected behavior suck.
coin_shardMember
Posts: 19 · Reputation: 203
#8Nov 20, 2018, 07:42 PM
At what point does supposed KYC/AML compliance requirement blocking access to amounts worth below the reporting trigger limits become a deliberate scam?
I am frustrated due to getting "KYC"ed for small scale investments, i.e. they already have my coin and are changing policy. Crypto financials have an absolutely abysmal security track record, and I am unwilling to spread my data around to every two satoshi operation, it's not a case of "if" ID theft will happen it's a case of WHEN. I am absolutely convinced that if I should give full ID to 10 such operations that it's absolutely guaranteed that my data would be stolen in a year. It's very highly likely even if I restrict myself to just 5... at the moment I am only providing ID to operations located in my home country who I can get restitution from easily if/when they screw up. I had deliberately limited size of investments for risk reasons and to "not have to deal" with any AML BS.
The problem is here, my credit could be abused into the tens of thousands of dollars range, so providing full ID is an additional tens of thousands worth of risk for things likely to realize a mere hundred or two in profit, if any.
I had expected crypto to fiat interfaces to require KYC, what has caught me off guard is the number of crypto<>crypto things now beginning to implement, often with no opportunity to withdraw investment.
Important aspects. But i think MTGOX should be removed from this nice article. When i see it's name i become different, furry.
AML/KYC is a barrier to entry for small Bitcoin startups and effectively hinders Bitcoin innovation .. it should be IGNORED
AML/KYC does NOT protect anyone from being scammed. MtGox was the biggest fraud in the history of Bitcoin and it complied with AML/KYC laws.
All AML/KYC does is force small Bitcoin startups out of business because they can't afford to register with FinCEN. It's just another monopoly trick and it does NOT protect ANYONE from getting ripped off.
AtomicVectorMember
Posts: 1 · Reputation: 89
#12Nov 21, 2018, 02:52 PM
Where does purse.io fit?
Valid point. They are in compliance with bankruptcy atm.
Why some trading companies ask for more documents than others?
Some KYC are very annoying.
I'd like to propose some changes to KYC/AML rules. Criminals have been known to use their ill gotten gains to eat at restaurants and shop in grocery stores. I guess criminal activity can work up an appetite. It is incumbent upon restaurants to ensure that the money their customers are paying has come from legitimate sources. All restaurants should ask for ID and a utility bill before serving customers. They also need to ask their customers for their employer information and annual income. Self employed customers can produce a business license or other such documentation to prove the legitimacy of their income. Grocery stores also need to comply with these rules but in addition, grocery stores should ask for social security numbers as well. Maybe then we can protect children and fight Al Qaeda ISIS.
Government AML regulations put the burden on financial institutions, not regular businesses. Many banks are choosing not to accept anonymous cash deposits into bank accounts... such as JP Morgan Chase, which now only allows people to deposit cash into their own account.
Any cash deposit or cash withdrawal of more than $10,000 is required to be reported to the Federal government.
paul.stakeHero Member
Posts: 651 · Reputation: 3798
#17Nov 23, 2018, 05:32 PM
It's not just cash deposits/withdrawals. Any combination of transactions reaching or exceeding 10.000 USD within 48 hours can/will be reported. This includes the EURO zone (SEPA) where a copy of each bank transaction is send to the US for analyses. So details of a bank transfer from Italy to Spain, or even within the same city between your family members is send over to the US. It depends on your risk profile if you get into trouble or not.
Also single person business owners (non-limited companies) also fall under that rule.
Isn't it a time to add Circle.com to the lists?
As far as I saw they request customer information and refer to KYC during registration.I wonder, whether this makes them compliant.
diamond_2021Member
Posts: 34 · Reputation: 220
#19Nov 27, 2018, 02:39 AM
if possible, can you please post sites that help with verification process? Would a website like: http://authenticid.co/pro-valid.html will help?
CyberFalconFull Member
Posts: 167 · Reputation: 738
#20Nov 27, 2018, 04:34 AM
Quite informative, thanks.
Would be very nice to extend this to some mayor altcoins sites, like BTER, i.e. It would be very good to have a community index of exchanges trustfulness.
Related topics
- discussing recent market trends 2
- Crypto firms ramp up political contributions in the US 0
- What's stopping governments from banning Bitcoin? 19
- Should we share losses after the hack? 19
- IRS Criminal Investigation Unit Increasing Focus on Crypto Tax Cases 19
- Warning about Crypto Money Services in the USA 5