How KYC May Unite the Developed World
They know me in Malta . . . and Hong Kong . . . and Estonia . . . .
(This is neither legal nor investment advice).
There are few things on which the majority of the developed world can agree. One point is that the prevention of money laundering and terrorism is a worthy goal. The G20’s recent pronouncement on aligning standards for Anti-Money Laundering underscores this point.
To that end, financial institutions in most countries have complied various KYC requirements for quite some time. KYC is not new. It is however, newly thrust into popular culture. At least if you trade cryptocurrency. If you are new to the concept of KYC, likely it is at best an inconvenient set of hoops to jump through, and at worst, a nightmarish cloud of uncertainty.
What is KYC anyways?
Briefly, “KYC” or “know your customer” laws require financial institutions, securities and commodity brokers and like participants in the transfer of assets to verify the identity of their customers and screen for suspicious transactions. In the United States, the principal regulatory scheme stems from the Bank Secrecy Act (“BSA”), but the concept is also included in other regulatory schemes. The effect is more or less that any facilitator of a transaction in fiat currency or any other thing of value that is convertible to fiat currencyneeds to verify (or verify that someone else verified) that the participants in the transaction have the proverbial clean bill of legal health.
Under the BSA, if a bank thinks that a transaction is suspect, it must file a suspicious activity report (a “SAR”) with the Department of Treasury. What makes a transaction suspect? There is not much guidance on that. An unsuspecting bank can find themselves on the wrong end of an action by the Financial Crimes Enforcement Network (“FinCEN”). Also, the penalties for failing to file a SAR are very stiff.
I bank, you bank, we all bank . . . unless we are a cryptocurrency project or a cannabis business.
In the face of the BSA, most banks don’t find deposits from sales of cryptocurrency or from cannabis businesses to provide sufficient reward to justify the risk of FinCEN’s attention. Think about it. You are a massive global (or even national) entity that makes money without really needing to do much beyond bringing in customers (depositing/borrowing) and taking a spread on the applicable interest rates. There is one big thing that you need to do to keep the money train rolling. COMPLY WITH GOVERNMANT DIRECTIVES.
So, in comes the principal of a cryptocurrency project that just sold enough tokens that they want to deposit $20 million into your account. For the largest of banks, that sum is not even material; for smaller banks, it is material, but likely not so much as to make a giant difference on their balance sheet. Now add in that you have no real way of knowing where that $20 million really came from. The crypto project took in investments of cryptocurrency BTC/ETH, etc. from all over the world. This is not a hard decision for the bank. There is no way that $20 million justifies drawing the attention of FinCEN.
. . . But that’s not all . . . depending on the project the BSA may apply even before a bank is involved.
After several years of speculation, on May 9, 2019, FinCEN published guidance with respect to FinCEN’s positions on how the BSA applies to cryptocurrency businesses, and specifically what types of activities trigger a requirement of compliance with the BSA. The short version is that most cryptocurrency exchanges, multi-signature hosted wallets, decentralized applications that facilitate moving tokens between parties or locations and other like services will qualify as money transmitters, with all the regulatory requirements that come with that designation. 
Here the nightmare begins
You have a well-meaning, non-scam cryptocurrency project that will make the world a better place and comes along with rainbows and unicorns. You want to sell tokens that will be a medium of exchange for your unicorn creation software. The unicorns in question will repatriate funds across borders. I hope FinCEN likes rainbows and unicorns because you are going to need to consider them twice. Once with respect to convincing a bank to accept your funds from your token offering; and again in connection with those repatriating unicorns. The unicorns are sad…
Not only that, but even your best efforts might not be good enough for the banks to accept your funds. In a move smacking of censorship, on June 6, 2019, national bank First Republic closed the accounts of Civil, a token project focused on ethical reporting (no fake news). True, that Civil could have done more to comply with legal requirements, but it is common for banks to close accounts of crypto projects the moment they learn of the nature of their client. No questions asked.
Beyond the USA
To the extent that a token touches the United States, the BSA applies regardless of where a money transmitter is located. That said, the USA is hardly alone. Most of the developed world has some form of equivalent law. A few examples:
• In a 4-year saga that ended in June 2019, Israel’s Bank Leumi halted Bits of Gold’s banking access because the bank claimed that the crypto company was in violation of money laundering (Israel’s Supreme Court Recently ruled otherwise).
• The National Australia Bank closed accounts on myCryptoWallet.
• in early 2019. On the other end of the ethics stick, The Canadian Imperial Bank froze accounts on QuadrigaCX in 2018.
Can’t we all just get along (the enemy of my enemy is my friend) — Cross-Border Collaboration for KYC in Big Banks and Beyond.
Tokens do not respect borders. Regulatory arbitrage is frequent and virtually impossible to prevent. I can’t see the world agreeing on regulation of transactions in securities, but I can easily see a uniform standard for KYC and prevention of suspicious activities. Money-laundering is by its nature an international problem. Terrorism, economic sanctions . . . We are practically in the same boat already. There is already cooperation; last year, the US Department of Justice and Canadian authorities cooperated to arrest Canadian Nationals (see Payza.com and related companies) who were using US bank accounts for (among other things) violation of money transmitter laws. If the world is going to come to some kind of standard regulation for cryptocurrency, KYC would be a great place to start.
You can learn more about the Payza indictment and other crypto regulatory concepts on our firm’s Youtube channel. Be sure to subscribe!
Already in process . . . the technology solve.
The global financial institutions want to solve the global financial problem. Goldman Sachs, JP Morgan, and Barclays (among many others) are focusing resources. Goldman just pumped $250 million dollars into an office in Bengaluru, India, reducing KYC processing time by between 50% and 90%. JP Morgan released an open-source protocol earlier in 2019 that will help identify financial transactions. Barclays filed patents related to streamlining KYC processing as well. Beyond the enterprise-level, other institutions are expediting the KYC process, too. For example, leading crypto projects have many choices to outsource KYC services.
Technology finds easy application in the KYC process. That’s where projects like Civic and Everynym and foundations like the Sovrin Foundation come in. Proof of identity as a use case for distributed ledger technology is low hanging fruit. The zero-knowledge-proof, for instance, will verify that an identity is not restricted from transacting, but not disclose the actual identity of the applicant. Moreover, most KYC processes already use artificial intelligence with facial recognition capabilities as a strong first step. At the moment, these systems are backed up by human review; that requirement should not last long. It is not hard to picture biometric KYC.
In short, the legal approach to prevention of the movement of money for nefarious purposes feels like a unifying issue with relatively simple global solutions. To be sure, in the short term, it is an annoying, byzantine burden on cryptocurrency projects which are ill equipped to toe the proverbial line. But with continued efforts, available tools and third-party services should transform KYC into a seamless, global process, for the most part under the proverbial hood.
For the moment, the best (only) approach is to spend the resources to be able to prove beyond any question that any funds you receive in exchange for tokens is from an identified and approved source. Your bank will thank you for it (or at least not close your accounts).
 In what the author believes to be one of the biggest travesties of US Federalism, roughly 45 states have their own money transmitter laws that more or less mirror the federal law. As near as I can tell, there is no useful purpose for the redundancy. (Other than generating legal fees, of course).
 Including the Securities Exchange Act of 1934, the Commodities Exchange Act (and in both cases the regulations promulgated thereunder) and the Patriot Act.
 There are a multitude of exceptions to this broad statement. All beyond the scope of this article; please don’t flame me.
 That the subject of a SAR never finds out that the bank filed one is one of the more Orwellian aspects of our rule of law. I’m really not sure who keeps track of these things, or whether they would influence a person’s future appointment as a judge or application for a government clearance. Topic for another blog.
 See https://www.fincen.gov/news-room/enforcement-actionsfor some examples of recent FinCEN actions.
 This somewhat facetious statement ignores that much of the world’s population does not have access to banking services, and that this is in fact one of the biggest problems that cryptocurrency may readily ameliorate (if not solve).
 This is obviously an oversimplification of the efforts that go into designing and administering various more complex bank products. The intent here is to address the problems with retail/commercial checking account access, which is much simpler fare.
 In addition to filing SARs, money transmitters are subject to cumbersome and expensive licensing, record keeping, audit and other requirements.
 My daughter added that while I was not looking, but it feels right.
 Coincidentally, a bank the author personally uses and has great respect for.
 PWC is nice enough to provide a fairly comprehensive “summary” of global KYC regulations: chrome-extension://oemmndcbldboiebfnladdacbdfmadadm/https://www.pwc.com/gx/en/financial-services/publications/assets/pwc-anti-money-laundering-2016.pdf.
 The selection of jurisdictions in which to transact business based upon ease of compliance with local regulations. The root of the concern that US regulations will push crypto-development outside of the US.
 Dreaming again of rainbows and unicorns on that
 Among them, Coinfirm (who also conducted their own ICO in order to prove their technology; Securrency, which is a client of our firm, and Harbor both perform similar identity services. Credit check company Onfido participates in the space, as do many others.
 Evernym is a client of our law firm.
 More Orwelian progress where the worlds banking institutions share a database of fingerprints, retinal scans, facial recognition and voice recognition (but then why bother keeping track of passports).
 One would hope that climate change would fall in the same category . . .
 I recognize the perils of government access to such precise identity data. That said, the right to anonymity does not actually exist in the developed world, GDPR and CCPA notwithstanding.
Josh Lawler, a partner at Zuber Lawler, is an experienced attorney with concentrations in M&A, finance, intellectual property, and general commercial transactions. His work has been featured in Decrypt Media and The Startup.