Decentralized finance (DeFi) is currently one of the most dynamic trends in the financial space, with more than 5,000 different cryptocurrencies in circulation as of June and the market expected to hit $1.7 billion by 2027.
It is also notoriously volatile, however, with bitcoin dropping from $19,783 in December 2017 to $3,400 in 2018 and subsequently hitting $20,000 as of December 2020, for example. Ethereum experienced similar shifts, decreasing from $1,300 to $91 over the course of 2018 and rising to $450 by the end of last year. These dramatic fluctuations, paired with its propensity for confidentiality and lack of regulation, makes cryptocurrency attractive for thrill-seeking investors.
These same factors also make it an appealing target for money launderers, however. The year 2019 saw $2.8 billion laundered through cryptocurrency exchanges, up from $1 billion the year prior. These exchanges largely lack the anti-money laundering/know your customer (AML/KYC) procedures that keep money launderers away from more established financial institutions (FIs), with a study finding that 56 percent of all exchanges had weak or no KYC processes at all. Laundered funds can go toward any number of nefarious purposes, such as drug or human trafficking, tax evasion or even terrorist financing.
Governments are cracking down on these exchanges to curb cybercrime, and the exchanges themselves are taking a variety of measures to ensure AML/KYC compliance. The following Deep Dive explores how AML/KYC compliance and regulations have evolved in the cryptocurrency industry and how exchanges have reacted to these changes by either stepping up their KYC games or bowing out altogether.
How AML/KYC Has Changed Over the Course of Crypto History
AML efforts are as old as money laundering itself, with authorities constantly seeking ways to cut off funding for criminal organizations and limit the reach and effectiveness of their schemes.
Most modern efforts to combat money laundering in the U.S. stem from the Bank Secrecy Act of 1970, which required banks to actively cooperate with federal authorities in detecting and reporting money laundering. This was followed by the Money Laundering Control Act of 1986 and the Anti-Drug Abuse Act of 1988, but KYC did not fully enter the picture until the Patriot Act of 2001. Part of this controversial legislation aimed to stem the flow of funds to terrorist organizations by requiring FIs and other money handlers to thoroughly vet their customers and partners under penalty of law.
AML and KYC regulations have only started affecting the cryptocurrency industry in the past few years, and the space is still largely unregulated. It was not until 2019 that the Financial Crimes Enforcement Network (FinCEN), the Commodity Futures Trading Commission (CFTC) and the Securities and Exchange Commission (SEC) issued a joint statement that defined cryptocurrency exchanges as money service businesses (MSBs), thus making them subject to AML and KYC regulations under the Bank Secrecy Act. This was followed by new regulations for cryptocurrency wallets and cryptocurrency holdings at foreign exchanges. The U.S. cryptocurrency industry now faces a hard choice: start fresh with new KYC and AML regulations and potentially alienate customers used to an unregulated market or remove their business from the U.S. entirely and potentially lose customers.
How the Cryptocurrency Industry Reacted to Evolving Regulation Changes
KYC is quite new to the cryptocurrency world, and exchanges often deploy it differently compared to their traditional FI counterparts. Most KYC checks are done after the fact, for example, instead of during onboarding, as is the case for most traditional banks. This means that, while many require an uploaded ID document and a photograph, they are permitted to begin trading immediately and are only stopped if the KYC check brings up something suspicious. Other cryptocurrency exchanges allow users to open accounts without any KYC check at all, but they severely limit their transaction privileges in the meantime, such as by disallowing withdrawals.
Some cryptocurrency exchanges have decided to stop doing business with U.S. customers rather than institute even rudimentary KYC and AML procedures. One of the largest exchanges in the country, Poloniex, announced in 2019 that it would no longer accept American users on its platform following FinCEN’s placement of exchanges under the jurisdiction of the Bank Secrecy Act. Cryptocurrency enthusiasts worry that these new AML and KYC regulations will undermine the anonymous nature that made cryptocurrencies so enticing in the first place, but the government argues that regulations are necessary to keep terrorists and cybercriminals from funding their operations.
This ongoing debate will certainly not be settled anytime soon. What is certain, however, is that cryptocurrency exchanges that wish to remain in the U.S. will need to drastically improve their AML/KYC procedures or risk a knock on their virtual doors from Uncle Sam.