Open in app

Sign in

Write

Sign in

Knowing your KYC for Cryptocurrencies

Remy Wilders
CLEARS
Published in
6 min readJun 5, 2018

Ok, you own, or are part of, a cryptocurrency business and you know that you need to tackle the KYC hassle. You’ve looked up all you can on the net and spoken to the « knowledgeable ones » within your network so you know by now that it’ll be an inescapable and costly pain in the neck.

So how can you go about it?

Chances are that you would prefer use your time and talents to develop your business rather than to manage the KYC process. So what sort of help can you expect?

A few months back I was offered the opportunity to join the Regtech CLEARS to help them with all the compliance related matters. I was also asked to study the existing KYC solutions in order to better understand what the market had to offer to companies, end users and possibly even to CLEARS. Reading through all the sites, the whitepapers, the articles and viewing the promotional videos was quite fascinating and I learnt a lot. There are really great ideas out there and many great teams to work on them.

Even though I honestly believe that CLEARS has an intelligent value proposition, the point of this article is not to compare CLEARS to potential competitors but rather to share my understanding of the KYC tools and services and how they may fit your needs.

In fact there are three very different propositions, each one is powerful and answers very different needs :

  • The KYC tools
  • The decentralized KYC services
  • The KYC partners

1) The KYC tools

Managing KYC is tedious, costly and is risk ridden. So KYC tools have been developed and are provided to ease the pain. The idea with KYC tools is that any company which needs to perform KYC will benefit from an app and a platform to manage the KYC. The company provides the app to their end users who can use it for scanning and / or uploading their ID documents, their proofs of recent address and all the relevant KYC data. This data is then processed on the KYC platform to screen the user against a whole set of local and international AML (anti-money laundering), CFT (Combating the Financing of Terrorism) and other PEP (Politically Exposed Person) databases. All this information is then packaged together and sent to the company who will store it in case of a KYC audit.

This is a huge help for any company who needs to hold on to the KYC data or who already has a manual KYC process in place and wants to optimise it. Many banks and legacy Asset managers are studying these tools with a lot of interest.

To know whether your company should opt for this solution you need to ask yourself whether it is in your best interest to hold on to the KYC data. At this point you need to think GDPR (if any of your KYC related users are European or reside in Europe — which is systematic in the cryptocurrency business). If you manage yourself the KYC data you will need to organise the following GDPR obligations :

  • The right of access — This means that you need to be able to provide any user all the data which is related to him within a month
  • The right to be forgotten — This means that if a user wishes to « be forgotten » you need to have a system for pseudonymising his data (you can not delete it as you will need it for audit purposes)
  • The portability — This means that the user can require that you transfer all his data to another company
  • Your ability, in the case of a data breach (meaning unlawful access, accidental or malicious deletion, accidental or malicious corruption) to inform the relevant European supervisory authorities within 72 hours (three days).
  • A European based GDPR representative
  • A Data Protection Impact Assessment

The GDPR fines are potentially even more important than the KYC fines. There are also reputational risks and possible class actions.

Holding on to one’s KYC data should therefore be a real business driven choice.

2) The decentralized KYC services

For the companies who do not need / want to store and manage the end users’ KYC data they can opt for the decentralized KYC services.

The idea is to let the end user hold onto his own data. So how does it work ?

The decentralized KYC services provide the end user with an app where he can store all his data and ask a third party certifier to run a KYC due diligence on his information. If everything checks out the third party sends a certification and its hash.

In this scenario the end user keeps his data and simply, when necessary, sends a minimum information along with the certification and the hash.

This solution is very interesting for companies which do not want to hold on to their end-user’s data but need to make sure that the end user can use the company’s service. For instance if you have an online gaming website where the user needs to prove his age or place of residence to be allowed access, the decentralized KYC service can be what you need.

GDPR wise you are safe as you do not hold onto any personal data.

This solution is very similar to real life identity checking where the user holds on to his ID and presents it whenever necessary.

Even though I love the idea of being able to carry around certified digital ID and that I am presenting this service as a KYC solution, it would not really hold if your company was to have a KYC audit. For instance if you are launching an ICO and you decided to use this system it would seem great to speed up your whitelisting process and solve the GDPR issues but if six months down the road there is a KYC audit for your ICO, you are going to have a very hard time getting back to all your users to ask them to send you their real documents so that the audit can take place.

3) The KYC partners

For companies such as Cryptocurrency Exchanges or for ICOs KYC partners are great money, worry and pain savers because they take over the burden.

The KYC tools and the decentralized KYC services help companies remove the regulation pains but, by the end of the day, the companies need to solve their regulation issues (audits, information requests, counsel…) on their own. KYC Partners, on the other hand, act as KYC friends and walk the regulation road with the companies.

So how does it work ?

A KYC partner performs the KYC due diligence for each of his client’s users and confirms, or not, the right, for the user, to access the client’s services. Once an end user’s information has been verified it can be confirmed for other companies who work with the same KYC partner. It is therefore very cost effective. It is a “check once confirm many” situation.

In fact it is even a bit better than that because in many instances it is required that a company keep it’s users’ KYC data as fresh as possible, which can be next to impossible for a normal company, whereas for a KYC partner it is part of his mission to perform regular sanity (AML, CFT, PEP…) and address checks.

The GDPR issue is also solved as the KYC partner holds onto the personal data. Finally in the case of a KYC audit the KYC partner kicks in and takes care of all the hassle.

CLEARS is a KYC partner so I am probably a bit biased but I also love the idea that “Compliance” is the KYC partner’s business so the clients benefit from an up to date knowledge of the different compliance regulations as well as of a network of compliance professionals in the different countries where their end users reside. This is really precious because a company working with a KYC partner does not need to worry (as much) about knowing the local legislations and should hence be protected from getting weighed down or even losing business, along the road, for a KYC related issue.

The drawback for this solution depends on whether your company wants or needs to hold onto its users data. If that is required for your company then you may be better of with KYC tools as seen above. If you still want to work with a KYC partner then you will need to check how you can rapidly access the data and reconcile your own data with that of your KYC partner.

4) Know your KYC

So according to your business and your needs there are different solutions which can really help you out. You nevertheless really need to know what sort of KYC help each of these solutions provide and whether it is what your business will be needing today and on the long term…

Fintech
Regtech
Gdpr
Kyc
Clears

--

--

Remy Wilders
CLEARS

Written by Remy Wilders

6 Followers
Writer for

MS in Artificial Intelligence & MBA. Fascinated by New Technologies, Beliefs and Regulations

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams