Maybe I am just getting old, but it came as a shock that Bitcoin has now been around for a decade. Yes, it was launched in January 2009. Early in its existence, financial authorities became concerned that, due to its semi-anonymous and decentralized nature, Bitcoin would become the currency of choice for money laundering and illegal weapons trade, financing of terrorism and drugs trafficking.

Yet it is only lately that governments and regulators have put in place systems and regulations to ensure that AML and KYC are applied to cryptocurrency accounts.

Try to get an answer to the question, “How many cryptocurrency users are there?” and you soon see why they have a problem on their hands. According to Bitcoin there are 7.1 million active bitcoin users. But a staggering 32 million bitcoin wallets had been set up by December 2018. Coinbase, the cryptocurrency exchange, has 13 million users. Last year, Ethereum claimed to have overtaken Bitcoin in terms of active users. And there are literally hundreds of other cryptocurrencies, with widely divergent business models. Moreover, users in emerging markets barely figure in the statistics and could run into millions.

The legal status of these currencies varies enormously from one regulatory regime to another, further confusing the issue.

Back in 2017 the European Union took limited measures requiring exchanges and wallet providers to carry out KYC and AML checks on customers and any beneficial owners, i.e. requiring them to collect, process and record personal data and to share these with public authorities. But the  requirements only applied to exchanges that allow the exchange of cryptocurrencies against regular fiat currencies, effectively excluding many popular cryptocurrencies.

2018 then saw the release of the Fifth AML Directive in the EU, which created tougher regulatory obligations for crypto exchanges. The Financial Action Task Force (FATF) will also be releasing specific international AML standards for crypto companies later this year. Cryptocurrency companies will therefore need to become as serious about maintaining AML compliance as traditional banks.

Three camps

When it comes to regulatory compliance, the crypto world seems to fall into three camps.

It is inevitable that the more responsible crypto companies will welcome the regulatory embrace: they realize that regulations are necessary in order to keep expanding their market, and to protect reputation. These are the “must haves”.

At worst, criminal activity could bring the whole crypto market crashing down, so many other companies will understand that they cannot avoid regulations and will have to deal with them. This is the view of the “necessary evil” camp.

However, a significant number of crypto exchanges are doing everything in their power to avoid having to introduce KYC. Ethfinex’ Trustless DEX launched in September 2018 without KYC, insisting that it is impossible to obscure the source of a person’s funds: every transaction is visible and recorded forever on their blockchain. Hodl allows traders to swap cryptocurrencies without the need to undergo compliance.  These companies form the “violation of privacy” camp.

And there is still a long way to go. A recent study by PAID discovered that even in the US and EU, two-thirds of cryptocurrency exchanges fail to comply with even the most basic KYC requirements. They ask for nothing more than an email address and a phone number, which means they know virtually nothing about their customers.

According to the most in-depth report so far, carried out by the Cambridge Centre for Alternative Finance in 2017, there is a huge divergence between the different types of wallet providers: “All wallets providing centralized national-to-cryptocurrency exchange services perform KYC and AML checks.  The preferred KYC and AML methods are internal checks, which are in some cases complemented with traditional third-party KYC/AML service providers. Third-party blockchain analytics specialists are only used by 17% of wallets performing KYC/AML checks. All small wallets performing KYC/AML checks only do so internally.”

Cryptocurrencies will face similar challenges to banks

But for legal and regulatory reasons, crypto exchanges will be increasingly obliged to perform KYC, like it or not. In doing so they will soon run into the same problems and challenges faced by conventional financial institutions: long waits for clearance and an increasing number of time-consuming false positives.

Moving forward, if cryptocurrencies are to be adopted into the mainstream, both blockchain technology companies and crypto platforms will need to do a couple of things:

First, they must take a seat alongside the regulators in charge for a new solution.

Second, they need to get involved with multi-stakeholder use cases that examine the specific nature of anti-money laundering and other financial crime using cryptocurrencies. This will help build reputation and sideline the bad guys.

Third, they need to engage with consultants providing KYC/AML services and technology that meet their needs.

If they take these steps, the cryptocurrency exchanges can do a lot for their cause. The fact is, many traditional financial institutions use outdated technology to run their AML programmes, leading to high levels of false positives, which in turn causes friction during onboarding and payment processing and increases operational costs. The crypto exchanges can gain a competitive advantage by becoming early adopters of the latest automated technologies to transform their KYC and AML procedures.

Paul Hamilton

Go to the AML Knowledge Centre LinkedIn to read more articles on AML and financial crime. Also, we look forward to your input!