If you want to trade Cryptocurrencies you are likely to have to have KYC and AML checks, WHY?

Three Monkeys source: http://www.ieyenews.com/wordpress/suspected-money-laundering-prevented-by-coordinated-efforts-of-cayman-islands-police-and-banks/money-laundering-story-image-three-monkeys/

Why do you need to have KYC and AML checks?

Know Your Client (KYC ) and Anti Money Laundering (AML) have been in place for years to ensure organisations know who they were dealing with and where their customers capital had come from.

Initially it was proposed that Blockchain technology would enable one to be able to transact i.e. buy or sell with a stranger and maintain anonymity. Therefore many of the early Initial Coin Offerings ( ICOs) did not bother with KYC or AML checks as organisations where able to typically receive Bitcoin or Ether and paid little regard to existing regulations.

However, firms that carry out ICOs and have not carried out KYC and AML checks are finding it difficult to even open a bank account.

In late December 2017 we have started to see even the exchanges that trade Cryptocurrencies insist that their clients have to be verified i.e. had KYC/AML checks carried out. Failure to comply is likely to mean that you can no longer use an exchange and in the short term the amount of capital that you are able to with draw is being significantly reduced to encourage clients to comply. For example, Poloniex have just announced that they will be asking all their clients to be verified.

It is not just that fact that you can no longer trade on a Crypto exchange, which is driving an increasing focus on KYC/AML, but the regulators have started to be much more active thus forcing organisations to take these checks far more seriously. In the UK we have seen a TEN-fold increase in KYC/AML fines in 2017 compared to 2016 with the FCA in 2017 fining companies over £229million, compared to £22million in 2016.

In the USA we have seen more attention being paid to KYC and AML, and not just in the financial services sector. The Trump Taj Mahal Casino Resort was fined $10m for “significant and long-standing anti-money laundering violations” and Caesars Palace was fined $8m for “lax anti-money laundering control on high rollers.”

In other countries apart from the UK and USA more attention is being given to this subject — in 2017 it is expected that globally there will be fines of over $4Billion due to poor AML records and standards by various organisations around the world. Indeed one of the largest fines of over £500 million was given to Deutsche Bank, being accused of “failing to maintain an adequate anti-money laundering control framework” from 2012 to 2015, source Daily Telegraph.

Money laundering image source: http://www.bankingtech.com/2017/01/u-k-slaps-deutsche-bank-with-200-million-penalty-over-money-laundering-case/

How did it begin?

There have been various requirements to carry out KYC and AML checks on clients in place for years for financial services companies i.e. banks, stockbrokers, fund managers and insurance companies to carry out checks on their clients and prospective clients. Indeed if you try going in to your local bank and asking for a relatively small amount of YOUR OWN cash e.g. £5,000 or more you may well be asked what are you going to use the money for!

The Europeans’ initially passed legislation in 1993 in an attempt to combat “Money laundering” which was designed, not to stop criminal behaviour, but to prevent wrong doers from enjoying the proceeds of their nefarious activities. Money laundering is where someone tries to hide the potential unlawful origins of their money which may have resulted from a criminal activity, i.e. not declaring income so avoiding taxes, extortion, drug dealing or even terrorism, to name just a few. Without comprehensive KYC and AML checks, companies may end up dealing with clients, and in the UK falling foul of the Proceeds of Crime Act 2002, therefore facing considerable financial penalties and/or prison sentences.

Following a G7 meeting, the Financial Action Task Force (FATF) published international standards to combat money laundering. After 9/11, these were reviewed further. Thirty-four countries, between them representing the major financial centres around the world, signed up to these standards. In the USA, as a result of 9/11 and political pressure , KYC/AML legislation was strengthened with the Patriots Act 2001, to ensure once again that companies could prove that they knew who their clients actually were and how they had acquired their capital.

Patriot Act Image source http://www.freedomworks.org/content/house-introduces-bill-repeal-patriot-act

However, such rules and regulations have not stopped organisations being fined — indeed the amount of money laundered by criminals is estimated to be as high as £100 billion a year. In the UK unlawful tax avoidance costs British taxpayers as much as £2.7 billion ($3.5 billion) in lost revenue, according to Transparency International.

Future outlook

These thoughts from a leading law firm are a good summary of the position from a UK perspective:

Law firms and other professional service providers are obliged to collect various forms of identification from new clients to satisfy KYC and AML requirements. Fraud is a particular concern especially in relation to corporate and property transactions where money typically passes through lawyers’ bank accounts. The typical proofs of ID are copies of passports and driving licences. These both clearly comprise and constitute personal data. Under GDPR as under the 7th principle of the current Data Protection Act, it is incumbent on data controllers to take “appropriate technical and organisational measures … against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data”. Whilst GDPR does not change the law in this regard, it certainly changes the consequences of failure to meet the required standard. Whereas under the Data Protection Act, the maximum fine for a data breach is £500,000. Under GDPR, it is E20m or 4% of worldwide turnover. Furthermore, under GDPR, almost all data breaches must be reported to the Information Commissioner’s Office within 72 hours. The higher fines, the reporting obligation and the severe risk of reputational damage that would all result from a data breach are the principal reasons why law firms like other data controllers are now conducting deep internal audits and gap analyses to determine and address any deficiencies in the standards they maintain relative to those required by GDPR.- Simon Halberstam Simons Muirhead & Burton LLP

The forthcoming GDPR regulation across Europe will place an extra burden on organisations to know what data they do and do not hold.

Meanwhile, mobile technology which is already in most consumers’ hands, like smartphones, means that the cameras they have in their pockets are now so high-spec that they can be used to scan documents and take photographs of the user. Advanced image processing can be used to verify the authenticity of the document. ‘Selfie’ photographs can even be combined with verified passport data to confirm that the individual using the mobile device corresponds to the identity document presented.

This approach has any number of benefits beyond what being readily available. It allows KYC to be tightly integrated into existing digital marketing and communication channels, rather insisting consumers send copies of original utility bills to their service provider. It removes the costs and errors associated with manual processes. By using advanced machine learning techniques, accuracy can be greatly improved and the risk of fraud (and therefore fines) dramatically reduced.

Several fintech firms, including Transfer Wise and Revolut, are using smartphones to help with AML/KYC checks , so leading to a danger that traditional institutions can be outmanoeuvred by more agile and forward-thinking organisations. For example, earlier this year I opened a new bank account for my firm TeamBlockchain. It took over eight weeks to open an account with one of the high street banks in the UK, even though my fellow director and I both already banked personally and professionally with the same bank. Compared to a matter of 24 hours to open an accounts with one of the new challenger banks.

Meanwhile in Europe we are beginning to see electronic identification to enable secure cross border electronic transfers which are seen as central building blocks of the Digital Single Market in Europe. This will help both consumers and organisations to do business faster and more efficiently in a more complainant manner as we replace manual paper checks with digital authorisation. This will result in KYC and AML checks being carried out in a different/digital manner compared to the old methods or paper and photocopies.

There have been a few companies that have carried out ICOs, like Pillar offering digital wallets , so that one’s personal data can be held securely so making the process of changing bank accounts or utility provider much easier. We have also seen firms launching ICOs to offer compliance services like Coinfirm, as organisations which want to offer an ICO realise they need to be able to verify who their token holders are i.e. carry out KYC and AML checks.

While cryptocurrencies have seen a huge growth in their demand and interest from the public, the exchanges that facilitate the buying and selling of cryptocurrencies are sub-par and inefficient. It is often difficult to get reliable prices. Indeed, this leads to one being able to buy Cryptos on one exchange at up to a 15% cheaper price than another exchange, so creating arbitrage opportunities for those who are nimble to do so. Often the exchanges have not carried out KYC/AML checks and so end up having “bad actors” traders that try and manipulate prices. One practice, known as “spoofing,” allows a trader to place, buy or sell orders above or below the market value in hope of manipulating a currency’s price in either direction. This manoeuvre is illegal, but without regulatory oversight, it is difficult to enforce and in the meantime leads to excessive unnecessary volatility.

In the same way, we are beginning to see exchanges like Poloniex asking their clients to undergo KYC and AML checks. I suspect we will see organisations which have carried out an ICO being forced to do the same types of checks. On possible outcome is, we may see some firms dividing their tokens into TWO. One will be able to fully participate with the firm i.e. they will have “Puppy Coins” — new verified token holders who have had checks carried on them. The second type of token will be “Dog Coins” i.e. token holders where the firm has not been able to verify or maybe even contact the holder of the firm’s token. If this is to happen it raises many legal questions as to whether indeed this is legally possible, and also why weren’t KYC/AML checks carried out in the first place…?

If an organisation that has carried out an ICO is unable to prove satisfactory where the proceeds have come from, many banks are refusing to offer bank accounts. Some founders and directors may find that they face legal challenges from token holders regarding their lack of fiduciary controls, and lax procedures for not having carried out KYC/AML checks. The directors may struggle to convert sufficient Bitcoins and Ether that were given in exchange for tokens, at the time of the ICO into cash. Cash is still often required to pay the rent, utility bills, HRMC taxes and buy equipment, and it is very difficult to meet these expenses without a bank account. Longer term, the value of the ICO funded business could be impaired as they will not be able to migrate to regulated exchanges i.e. NASDAQ. These organisations may find it a challenge to raise additional capital such as debt finance, or carry out merger and acquisitions, due to their advisors not being able to engage with them as they will struggle to prove that they have not been handling the proceeds of crime.

The impact on the ICO market

ICO Dawn of Cryptofinance image source https://coinsutra.com/what-are-icos-initial-coin-offering/

It is being cited that we will see global brands issue their own tokens as a type of digital loyalty program and governments issuing tokens as a digital currency, so they are able to control or possibly reduce the impact of their shadow economy. According to Forbes, the Russian shadow economy could be as large as 44% while in the USA it is still 5.4%. Many governments do not know who holds their cash and where it actually is. It was partially for these reasons we saw the Indian government in 2016 remove 500 and 1,000 rupee notes from circulation while many countries talking of banning cash entirely. While such action seems draconian just how digital your day has become in terms of paying for items using a card as opposed to cash!

If an ICO raises capital, and does not know where the investors have come from, as a founder/shareholder/director you may be liable personally for a fine and or face imprisonment for money laundering! It is one reason why some ICOs are now trying to raise capital entirely from accredited/professional investors, as there is less potential liability for the founders/directors in the future. This, however, goes against the trend earlier in 2017 when ICOs were being funded by 000s of small participants, and we seemed to be seeing a democratization of capitalism i.e. an asset class that was available for the masses — not the preserve of the HNW wealthy private banking elite. Never the less KYC and AML checks will still need to be carried out

However, if the ICO market is to thrive and prosper, I suspect we are going to see increasing pressure for it to become more professional, and so we will see an increasing need for professional advisors to help ensure the relevant rules and regulations are adhered to. This will result in White papers being verified, and those who wish to participate in ICO’s being asked to carry out KYC and AML checks — which in the long run are in everyone’s interests unless you have something to hide……