Jump to

How Does AML and KYC Affect Crypto Exchanges?

As crypto ushers in a new era for the financial industry, the spreading adoption of crypto exchange platforms has created the need to set a new understanding in terms of financial regulations. The most obvious example of this is the AML and KYC practices that dominate traditional financial institutions that have become a critical process for crypto exchange platforms. This article aims to establish what is meant by AML/KYC, how KYC is a part of AML compliance, current KYC limitations, and how the crypto exchange industry is impacted.

  1. What is AML and KYC?

Anti-money laundering, also known as the ‘AML,’ is a framework of laws, regulations, and procedures aimed at detecting and reporting suspicious activity and relevant customers, including illicit transactions that appear to be legitimate, the predicate offenses of money laundering, and funding terrorism.

Know your customer, also known as the ‘KYC’, requires identification and authentication of financial institutions’ customers based on their perceived risk profile and is also a risk-based approach to combat money laundering like AML.

  1. How does KYC fit in AML compliance?

In a global sense, AML practices are heavily influenced by the United States’ approach to combating money laundering and terrorism funding. This approach has been shaped by two legislative acts: the Bank Secrecy Act (1970) and the Patriot Act (also known as the International Money Laundering Abatement and Financial Anti-Terrorism Act of 2001). While the Bank Secrecy Act requires financial institutions to keep track of transactions exceeding $ 10,000 that flow in and out of the U.S.; the Patriot Act requires financial institutions to perform due diligence on customers in terms of identifying and verifying by implementing the Customer Identification Program, also known as Know Your Customer (KYC). In this way, the Patriot Act embedded KYC into the Bank Secretary Act to eliminate terrorism financing as a part of the AML policy of the U.S.

Therefore, KYC becomes a part of AML compliance and aims to establish a system for effective risk management, transaction monitoring, customer acceptance, and screening policies. KYC has two main sets of procedures: identifying and profiling new customers and focusing on higher-risk or high-net-worth customers through extensive due diligence, including additional questions and profiling.

In the U.S., Financial Crimes Enforcement Network (FinCEN) has the legal authority for the actions mentioned above in the Bank Secrecy Act and the Patriot Act, which authorizes FinCEN to impose AML program requirements, including the KYC process on all financial institutions and to require financial institutions to maintain procedures to ensure compliance with the Bank Secrecy Act and its implementing regulations or to guard against money laundering. (1)

  1. How does AML/KYC impact the crypto exchange industry?

As cryptocurrencies or the digital tokens that represent them may be exchanged directly between blockchain users or via crypto exchange platforms that enable fiat and digital currencies transactions, financial regulators started to update their standards to include cryptocurrency entities, such as exchanges and wallets. With FinCEN’s recent definition of many crypto-related enterprises as “money service businesses (MSBs), “virtual currencies and the exchanges they trade are subject to anti-money laundering legislation.

Due to the cryptographically secure, anonymous, and fast nature of cryptocurrency transactions on the blockchain, crypto exchange platforms may come under various threats from criminals that harness technology to launder money and cover their tracks virtually. This inherent nature of crypto can also reduce trust in crypto exchange platforms and cause them to be undesirable in the long run. To stay compliant with enhancing regulations, combat fraud and money laundering, and prevent an insecure financial environment, AML and KYC practices have become a crucial process to adapt for businesses operating in the crypto exchange industry.

The way forward with AML compliance within the concept of crypto exchanges is to reduce risk by using a collated approach to data. The use of sanction data, e.g., politically exposed persons (PEPs) and adverse media data, should be part of this collated approach to data checks. Robust, compliant AML screening uses rules to meet global and local AML requirements.

Within the concept of crypto exchanges, KYC refers to a set of identity verification procedures for virtual asset service providers (VASPs). KYC procedures have not been standardized much in the crypto exchange industry, and every crypto exchange handles KYC differently. Still, most crypto exchanges require that prospective customers share their legal name, government-issued I.D., and up-to-date address information. However, the implementation of KYC and its procedures varies according to where the exchange operates and what services it provides, thus causing different effects on crypto exchange platforms.

Many decentralized spot and derivatives exchanges have recently been forced to comply with KYC/AML compliance orders. Several decentralized derivatives exchanges, such as dYdX, are geoblocking U.S. customers from accessing certain exchange functionalities. Terms of DEXes that are designed to allow customers to remain anonymous and keep their personal information private from any central authority appear to prefer implementing robust KYC processes even though KYC requirements do not apply to decentralized exchanges (DEXes) now. Those who organize trades through smart contracts instead of a central trading desk are not required to go through solid KYC processes. (2) The DEXes prefer implementing strong KYC processes either way because the lack of KYC limits the ability of DEXes to attract regulated institutions, and implementing KYC strengthens the reputation and stability of decentralized exchange, reduces tax fraud prevent the illegal use of digital currencies. While the decentralized and decentralized nature of DEXs presents a legal gray area with an uncertain regulatory future, regulations are predicted to come as the market expands.

Since most crypto exchange platforms perform manual KYC processes that require an uploaded I.D. document, photograph, and proof of address, they all bear the risk of friction, scalability problems, data security concerns, and administrative workload. Therefore, KYC processes need a more automated, standard, and decentralized approach that relieves administrative pressure on crypto exchanges and simplifies the onboarding procedure by cutting out friction for users who demand a more user-friendly experience when trading crypto.

To meet this need in the crypto exchange industry, many projects have started to emerge that offer automated KYC processes to eliminate centralization and enhance anonymity, two of the most valued features of cryptocurrencies and blockchain technology. One of the examples is Burrata, which issues “digital identity tokens” to attach to cryptocurrency wallets. Another example is Polkadex, which uses KILT Protocol that enables users to go through the KYC process once and then just use their wallets for automatic verification on multiple Web3 platforms that also use KILT Protocol, thus do not need to upload any documents to Polkadex itself. This approach can help other crypto exchange platforms avoid storing mass amounts of users’ data (including KYC details) themselves on centralized servers, keeping to their decentralized ethic, avoiding the compromission of personal data, and remaining agile in a rapidly evolving regulatory environment.

The cryptocurrency industry has been adapting to AML compliance by employing KYC processes to verify the real identities behind digital ones and the origins of transactions. While this adoption is crucial to build trust and transparency, reduce the risk of financial crime, and stabilize crypto exchanges for their continued emergence, it also requires an additional onboarding layer that can cause friction and security breaches in manual processes.

Since KYC may not be enough because of its static nature and inconsistency as applied by individual VASPs, there is still a real need for a standardized identification protocol to help facilitate compliant transmittals between all exchanges and investigate the origins of funds and suspicious transmittals. Harmonization should also be accomplished across global exchanges in KYC/AML regulations for the continued emergence of crypto exchange platforms in the finance industry.


  1. U.S. Department of the Treasury - Financial Crimes Enforcement Network, Final Rule at https://www.govinfo.gov/content/pkg/FR-2016-05-11/pdf/2016-10567.pdf
  2.  Benedict George, 2022 at https://www.coindesk.com/learn/what-is-kyc-and-why-does-it-matter-for-crypto/