It’s surprising to note that more than half of the world’s crypto exchanges have weak KYC identification protocols — with exchanges in Europe, America, and United Kingdom among the worst offenders, according to a new study by blockchain analysis firm, Cipher Trace.
Despite existing crypto AML regulations, many countries continue to host virtual asset service providers (VASPs) with deficient KYC.
CipherTrace research discovered that just this year alone, 56% of VASPs globally have weak or porous KYC processes, meaning money launderers can use these virtual asset service providers to withdraw or deposit their ill-gotten funds with very minimal to no KYC.
The importance of strong KYC processes:
- Financial Institutions employ Know Your Customer (KYC) processes to confirm the identity of their customer.
- These processes typically involve the collection and verification of a customer’s personally identifiable information (PII)—including, but not limited to, government-issued ID, phone number, email address, physical address, and more.
- Exact KYC requirements vary by jurisdiction, meaning criminals can use jurisdictional arbitrage to choose to go with poor KYC procedures to further obfuscate their flow of funds.
- Strong KYC procedures can mitigate money laundering. A VASP with strong KYC will know the real identities of users complicit in transactions involving stolen or nefariously gained cryptocurrency.
- Strong KYC procedures should also prevent bad actors from registering with fake credentials, such as synthetic IDs or stolen identities, making the laundering of cryptocurrency much harder.
- Weak KYC procedures, on the other hand, can easily lead to a VASP becoming a go-to location for criminals either to convert ill-gotten cryptocurrencies into fiat or to use the VASP as a mixing service, allowing criminals to convert coins and sever ties to previous flows of funds.
In September 2020, FATF released its Virtual Assets Red Flag Indicators of Money Laundering and Terrorist Financing Report.
The report warns that criminals when moving their illicit funds, “have taken advantage of the varying stages of implementation by jurisdictions on the revised FATF Standards on VAs and VASPs.” This action is known as jurisdictional arbitrage.
When looking at the weakest KYC countries in the world, CipherTrace analysts discovered that 60% of the top 10 worst KYC countries in the world are in Europe, 20% are in Latin American and Caribbean countries, and the final 20% is in APAC countries.
Criminals reportedly exploit the gaps in AML/CFT regimes by moving illicit funds to VASPs domiciled in jurisdictions with non-existent or minimal AML/CFT regulations on VAs and VASPs.
According to the FATF, VASPs should be wary of the following red flags involving KYC:
- Customers utilizing VASPs in a high-risk jurisdiction lacking, or known to have inadequate, AML/CFT regulations for VA entities, “including inadequate CDD or KYC measures”
- Customers receiving funds from or sending funds to VASPs “whose CDD processes are demonstrably weak or non-existent”