What regulatory compliance measures apply to crypto businesses?
When Bitcoin launched in 2009, one of its most appealing characteristics was anonymity for its holders. More than a decade later, that appeal remains. But to a small number of seedier individuals and organizations, this anonymity became an exploit—and actually damaged cryptocurrency’s reputation with the public at large, creating a negative reputation that crypto is still working to push past even today.
Financial regulators around the world have since begun to scrutinize cryptocurrencies and virtual currency exchanges (VCEs). In an effort to curb and ideally stop the use of crypto as a means to launder money, fund terrorism, and bankroll other crimes, these regulatory agencies have been working to come up with rules for them.
But given how relatively new and rapidly evolving both the technology and the cryptocurrency industry are, these rules still only make up a loose framework to avoid illicit use of cryptos. When it comes to individuals and businesses attempting to be in compliance and to follow this loose framework, understanding how the guidelines work and which ones need to be followed can get complicated.
This complication is only further exacerbated by another key appeal of crypto: decentralization. The idea of any one body calling the shots in terms of crypto regulation is highly unfavorable to a huge segment of the community, which prohibits any single regulatory body from emerging as the policy leader.
That all is not to say that regulation and compliance can’t be developed to help protect the community, and you should not let the evolving regulatory landscape stop you from engaging with digital currency. There is a handful of important concepts you should know before you start buying cryptocurrencies. In addition, there are some useful tools you can use to vet VCEs ahead of giving them any of your information or otherwise transacting with them.
Anti-Money Laundering (AML)
For centuries, black marketeers have poked holes in banking and finance rules to turn dirty money into clean, spendable currency. Areas like real estate, stock trading, and international banking have had to comply with regulations built to stop money laundering; financial institutions handling fiat currency have worked hard with legislators, legal teams, and even law enforcement.
And in the beginning years of crypto, the anonymity of decentralized and then-unregulated currencies like Bitcoin appealed to shady groups like drug cartels, which led to the need for anti-money laundering (AML) rules in the crypto world. These guidelines help businesses monitor for, flag, and shut down any suspicious activity.
While virtual currencies are relatively new, AML standards and requirements became priority number one for governmental actors like the U.S. Treasury Department, the New York State Department of Financial Services, and the European Commission.
Some of the early AML rules handed down to financial service providers from these regulatory agencies include:
- Regular audits from tax agencies like the IRS
- Identification requirements for setting up cryptocurrency accounts
- Submitting to specific compliance officers’ requests for information
- VCE reporting of unusual transactions
While this list is a good first step to restrict illicit funds in the virtual currency world, there’s more that can be done on the customer side. Here’s what to look for to recognize compliance and avoid illicit transactions:
- Find out if a service uses AML software such as Elliptic before doing business.
- If possible, avoid areas of business where crypto money laundering is most prevalent, such as online gambling sites, cryptocurrency ATMs, and prepaid cards.
- When buying or selling virtual currencies, use only well-vetted exchanges that clearly detail their AML compliance on their websites.
- Stay off unregulated exchanges and peer-to-peer networks.
- Only trade cryptos you know and trust.
Obviously, if you are an active user of cryptocurrencies for regular or business transactions, you might not be able to follow each of these rules all of the time. But each time you make a virtual currency transaction, be sure you know each piece involved, from the person on the other side to the exchange being used. And be sure to keep careful track of each time you do make a transaction.
Know Your Customer (KYC)
Know Your Customer (KYC) is shorthand for independently confirming the identity of users you do business with. This involves identity verification using an official, government-issued document, such as a driver’s license or passport, and it usually occurs as part of the customer onboarding process. Some groups require multiple documents; usually there needs to be some corroboration between address and identity in order to prevent fraud.
If you own a business that accepts cryptocurrency, complying with KYC regulations is crucial to stay above the law. The best and easiest way for a business to stay KYC compliant is to use specialized software or a platform built around it, such as IdentityMind or Chainalysis, as well as to make sure you use preferred and safe exchanges that have their own KYC safeguards in place.
For customers, KYC can be a bit trickier. But as noted in the AML section above, dealing only with trusted individuals and organizations goes a long way. Make sure you are clear on what exchanges are used and if any KYC or AML software is used.
The final and most important piece to this KYC puzzle is to select which cryptocurrencies you deal with and through what platform. Whether you are a customer, trader, or business owner that deals with a virtual currency, you’ll likely have to fill out a KYC verification procedure to get started. If you don’t have to go through this process or submit any form like this to begin, that could indicate a red flag concerning that currency or exchange’s KYC compliance.
Combating the Financing of Terrorism (CFT)
This is probably the scariest idea for anyone on the fence about using or owning cryptocurrencies. Combating the Financing of Terrorism compliance, or CFT, is at the forefront politically when it comes to new regulations and rules regarding cryptocurrencies.
We should note that while CFT is most definitely a concern, as no one wants to indirectly have anything to do with illicit funds going to such organizations, it does not seem to be nearly as common of an occurrence as some public figures make it sound. In fact, experts like the director of analysis for the Foundation for Defense of Democracies Center told Congress in late 2018 that virtual currencies are a “poor form of money for jihadists” and “cold hard cash is still king.”
Still, for businesses and users of cryptocurrency alike, there are some straightforward steps to take to remain CFT compliant.
The most important of these is to follow the KYC procedures stated above. KYC rules are in place for this very reason: to get illicit funds out of the crypto markets. According to Cointelegraph, KYC compliance for AML and CFT is divided into four steps:
- Customer Acceptance Policy (CAP) – Businesses decide here what their desired documentation and demographics are before taking a single token.
- Customer Identification Program (CIP) – This is the confirmation stage, ensuring that each customer complies and matches with its acceptance policy.
- Continuous Monitoring – Here, software can help businesses keep track of regular reports and suspicious activities to remain compliant with regulators.
- Risk Management – Businesses need to keep track of any changes to regulations and policy, as well as perform regular reviews of their CAP and CIP.
For customers, CFT compliance follows the same guide as AML: know the safety of the exchange you use, know with whom you’re doing business, and avoid transaction types where illicit money is most often found, such as gambling sites and prepaid cryptocurrency cards. Unfortunately, these are some of the areas where cryptocurrency and blockchain technology are currently most prone to criminal abuse, although we wouldn’t be surprised to see new mechanisms emerging that can help combat this.
Virtual Cryptocurrency Exchange (VCE)
While virtual currencies might be on the newer side of finance, they aren’t brand new; the ways in which they can be bought, sold, and traded have grown more advanced and potentially more secure. In the years since the launch of Bitcoin and other cryptocurrencies, the use of virtual cryptocurrency exchanges has been on the rise, especially for smaller cryptocurrencies.
VCEs are a good idea if you want to remain compliant and avoid illicit dealings. You’ll still want to do your own vetting before you give your information or deposit any funds within a VCE. Keeping a critical eye can protect you, although you will likely be able to recognize fairly quickly if an exchange is legitimate or not.
Depending on where they operate, exchanges must obtain licenses. In the United States, the Securities and Exchange Commission (SEC) oversees this. In the European Union (EU), this is done under the EU Payment Services Directive along with the EU Electronic Money Directive.
But not all exchanges are created equal. It’s a good practice to vet exchanges, and to familiarize yourself with what to look for as you select your exchange. Here are some considerations to take into account when deciding on a VCE:
- Discover the Systems and Software Safeguards in Place – Every exchange should list, in clear detail, the measures they use to protect against malicious activity on their platform, as well as the compliance tools they use. Your first stop should be the company’s security page, where all of this should be detailed.
- Compare the Requirements to Open an Account or Use its Platform – As noted above, you’ll likely face KYC verification upon getting started with any major exchange. Some might let you open and deposit into an account before verification; others make you wait. The more information required before any money is exchanged, the better this bodes for the exchange. Even if you aren’t a fan of giving out your personal details, the fact that everyone participating in the change openly had to should bring you some relief.
- Check Licensing – VCEs can actually be licensed by the U.S. and other governments. This is one area of cryptocurrency security in which the United States has been a leader. Licensed exchanges like Coinbase and Gemini are strictly watched by government compliance officers, which adds another layer of protection for their users.
- Compare Brands – As noted, VCEs might seem relatively new, but they aren’t; several exchanges have been around for awhile. There is no shortage of data online for you to shop around before you settle on one VCE. Among the most trusted are Coinbase, Gemini, Kraken, Bitfinex, and Bitstamp. Each has been around since at least 2015, giving them some experience with compliance as well as with cryptocurrency volatility.
What’s next?
Cryptocurrency compliance is an evolving regulatory environment, with much more left to iron out at various governmental agencies and commissions around the world. But the tools above are important to remain compliant right now.
Going forward, you can expect many more specific rules to go in place, whether further elaborating on KYC, AML, and CFT, or addressing other concerns. And while new rules and regulations are sure to spring up in coming months and years, the enforcement of whatever policies are already in place will likely get clarified as well.
For example, in the wake of nearly too many small crypto startups to name, the U.S. Securities and Exchange Commission has already fined or settled with dozens in just the last year for operating unregistered ICOs or other similar violations. The SEC has also gone after exchange operators directly. In November 2018, it fined EtherDelta’s founder Zachary Coburn nearly $400,000 for “operating an unregistered exchange.”
Again, this is just the beginning. Compliance rules are still being established and will continue to evolve, while enforcement is ramping up. Knowing what the current regulations are, how to remain compliant, and what to avoid is crucial to cryptocurrency trading now and going forward. We’ve covered some of the baseline compliance that you should expect to see right now in the crypto companies with whom you work, but this will continue to develop and expand with time.
Not everyone is able to easily handle this regulatory landscape. In October 2019, Bittrex announced it would be shutting down operations in 31 countries because of “regulatory uncertainty.”
Critics of regulation are often purists who want to maintain crypto’s anonymity and decentralization. However, to actually approach the goal of mass adoption, the public must feel safe around crypto, which means they need to see accountability, rules, and enforcement in action. Having some regulatory oversight to protect crypto transactions from criminal activity like fraud and money laundering could help create the type of safe financial environment that individuals and businesses might be tempted to enter.