Understanding KYC in Crypto

KYC Crypto refers to the verification process required before onboarding individual or corporate clients. The process ensures compliance with AML and Countering the Financing of Terrorism (CFT) regulations while assessing risk levels associated with each client.

This term is often mentioned alongside these related terms:

• AML – Anti Money Laundering actions meant to ensure the person you are onboarding and their activities are not part of a money laundering scheme.

• CFT – Countering the Funding of Terrorism, ensuring that the person you are onboarding is not involved in financing terrorist activities.

• KYB – Know Your Business, a process used to ascertain a corporate client's structure, financials, and ownership details.

KYC normally consists of three types of actions:

1. Regulatory Classification

   • Client Classification – Classifying your client into categories such as retail or professional investors to avoid mis-selling risks.

   • Suitability Assessment – Ensuring the provided service aligns with the client’s knowledge, experience, financial situation, and investment objectives.

   • Risk Profiling – Determining the client's risk appetite, whether they are conservative or aggressive investors.

2. AML/CFT Checks

   • Identification – Acquiring the client’s personal details such as name, date of birth, and address.

   • Identity Verification – Using methods such as:

     • Identity Document Verification (IDV) – Verifying passports, driver’s licenses, and other official documents.

     • Liveness (Active or Passive Liveness) – Ensuring the client is physically present via a live video or biometric scan.

     • Source Verification (eIDV) – Comparing client data against external databases.

   • Screening – Checking clients against international watchlists, including:

     • Politically Exposed Persons (PEP) – Identifying high-risk individuals in government positions.

     • Sanction Lists – Ensuring compliance with global sanctions.

     • Adverse Media Checks – Identifying negative news linked to the client.

   • Corporate Data Analysis – For business clients, identifying the Ultimate Beneficial Owner (UBO) and company structure.

3. Client Risk Assessment (CRA)

   • Jurisdiction Risk – Evaluating if the client comes from a high-risk country.

   • Industry Risk – Identifying businesses prone to money laundering (e.g., gambling, cash-intensive industries).

   • Delivery Channel Risk – Weighing the risks of remote onboarding versus in-person verification.

The CRA determines whether Simplified Due Diligence (SDD), Customer Due Diligence (CDD), or Enhanced Due Diligence (EDD) is required. Additionally, Perpetual KYC (pKYC) is essential for ongoing monitoring.

he Markets in Crypto-Assets Regulation (MiCA Crypto) establishes a framework for CASPs operating in the European Union. It introduces specific compliance requirements, including Regulatory Classification and Suitability Assessments.

Key MiCA Requirements for CASPs:

1. Client Classification: CASPs must differentiate between retail holders and qualified investors:

   • Retail Holders: Individuals using crypto for personal investments.

   • Qualified Investors: Entities such as financial institutions, pension funds, and government bodies.

2. Suitability Assessments: Ensuring that crypto investment services align with a client’s:

   • Knowledge and experience in crypto investments

   • Financial situation and risk tolerance

   • Investment objectives

The FATF Travel Rule mandates that CASPs and VASPs share sender and receiver details for transactions above €1,000/$1,000. Without effective KYC Crypto processes, compliance with the Travel Rule is impossible.

Beyond regulatory requirements, thorough KYC Crypto processes benefit crypto businesses by:

• Boosting customer trust

• Strengthening market reputation

• Reducing the company’s overall risk exposure