KYC requirements for Dala token sale
A few of the Dala backers that registered at the Newtown Partners Token Portal have asked us why we’re asking for proof of identity and home address for the Dala token sale. Some people perceive this as being an unusual and unnecessary amount of information and that “no other token sale has asked for this much personal information”. This post sets out our position on this requirement.
The Dala token is being issued by an exempt private company incorporated in the Cayman Islands (“Dala Cayman”) and is required to comply with regulations in that jurisdiction. This compliance function is being performed by Newtown Partners, on behalf of Dala.
As Dala Cayman will receive funds (cryptocurrency) from token sale backers, it is required to comply with the provisions of the Proceeds of Crime Law and the Money Laundering Regulations in the Cayman Islands, which requires, among other things, that Dala Cayman adopt written Know Your Customer (KYC) and Anti-Money Laundering (AML) policies and procedures, designate a person at managerial level to act as the Anti-Money Laundering Compliance Officer and perform customer due diligence measures when establishing a Business Relationship or One Off-Transaction.
We’re aware that previous token sales out of the Cayman Islands may not have complied with these requirements. We believe that this is likely due to the regulator being unaware of what token sales were at the time and offering no guidance to legal practitioners. This is no longer the case. The Cayman Islands are not a wild west devoid of regulation — it’s classified as a schedule 3 country which has equivalent KYC & AML legislation to many other developed countries, including the US, UK, Switzerland, Singapore, France, Germany and Australia. Token sales pose money laundering risks that must be properly managed. Adequate customer due diligence is a reality that all legitimate token sales will find themselves complying with in future, anywhere in the world.
We’ve recently had similar conversations about KYC and AML requirements with Swiss counsel, who indicated that as recently as the beginning of September 2017, it was not necessary for token sale companies to perform customer due diligence. By the end of September 2017, the Swiss financial services regulator FINMA made it mandatory to either register with them to perform this function yourself, or appoint a 3rd party vendor that has already been licensed by FINMA to perform KYC & AML.
Information and documents collected in terms of the customer due diligence procedure requirements in the Cayman Islands must be stored for 5 years. We understand that this poses a risk to token sale backers. Security is an extremely high priority for the team given the sensitive nature of the personal information that we’re collecting. The data collected is encrypted both in transit and at rest using industry standard algorithms. The data is stored in a PCI compliant database. Access to the data is highly restricted according to role-based access control mechanisms, which use multi-factor authentication. Master keys are stored using a FIPS 140 compliant HSM, ensuring that the physical device itself is tamper proof. Additionally, the system has been penetration tested by an independent third party. As a philosophy, Newtown Partners is invested in the decentralized future. As soon as Civic adds the required functionality, we will move from a centralized database structure to decentralized storage of personally identifiable information (PII) on Civic.
We’re unable to publish our KYC and AML Handbook as this would compromise the effectiveness of the processes.
If you’d like more information, you may also be interested to read the full Guidance Notes on KYC and AML from the Cayman Islands Monetary Authority.
