April 19, 2018 Skalex

KYC & AML Best Practices for ICOs & Crypto Exchanges

Written by:
Published on:
April 19, 2018

In the early days of ICOs, startups operated like the wild west with each token sale making up its own rules as it went along. Over the past few years, however, token sales have standardized into a set structure that makes participation in an ICO more credible and predictable. One of these standardizations has been the introduction of know your customer (KYC) and anti-money laundering (AML) systems for verifying the identity of investors before allowing them to participate in a token sale.

As such, there are a couple key precautions any cryptocurrency exchange or ICO should consider regarding KYC and AML. However, the regulations and requirements vary for each country and scenario. We don’t claim to offer legal advice in this article, and if you’re considering starting an exchange or ICO, we recommend you hire a lawyer to help you navigate the global regulations. That said, we’ll look at what major recent ICOs have done to make sure their compliant.


No U.S. Investors


A major trend for ICOs has been banning U.S. citizens from joining their token sales in the wake of scrutiny from the U.S. Securities and Exchange Commission (SEC). Nearly every major token sale in the past 6 months has indicated that individuals from the United States are not allowed to participate. They enforce this regulation with KYC requirements. Often this includes phone number verification and sending a scan of an identifying document, like a passport.

Investors from the United States can only participate if they’re accredited investors that have received recognition from the SEC and have a minimum required net worth to invest. After a token sale, however, U.S. citizens can purchase tokens through an exchange.

Backlash from Investors


For an ICO, KYC regulations can be a good thing. They cut off access to U.S. citizens, but on the flip side they provide a lot of personal information about the other investors in your company. That investor data can go a long way toward future reselling, marketing, and advertising targeting. It gives companies control over a lot of investor data.

This is among the most important problems that blockchain was meant to address. Blockchain was supposed to create trust between strangers so that identity and private information doesn’t have to be shared. Implementing KYC practices seems to go against the decentralizing nature of the blockchain.

The fact of the matter is companies must follow these regulations if they want to survive. In order to protect the company’s assets from seizure and its founders from criminal allegations, blockchain startups have to comply with the letter of the law. KYC is the law in most major economies, including the E.U., U.S., U.K., Japan, and South Korea.

Private Data Security


Moreover, sharing private information isn’t a trivial matter, as we’ve seen in the wake of Facebook’s Cambridge Analytica debacle. Many of these ICOs that are gathering information on their investors don’t have experience handling and securing sensitive data. We’ve seen KYC information leak or get stolen from many companies, perhaps most famously Sentinel Chain.

For those planning on operating an exchange or ICO, simply acquiring KYC data isn’t enough. It’s also critical that companies invest in data security to protect leaks of sensitive information like passport scans and other identifying data.

Regulations on Exchanges


Operating a cryptocurrency exchange is even more regulated than an ICO. This is largely because ICOs are so new, and governments haven’t caught up to writing regulations for them. That’s not the case for exchanges where similar regulations for foreign currency trading, assets, securities, and banking have carried over.

They key step in exchange regulation is any exchange that accepts fiat currency will need to provide extensive reporting on their regulatory compliance. In contrast, an exchange that is only crypto to crypto will have fewer regulatory hurdles.

It gets tricky to make broad generalizations about the types of regulations that govern exchanges, because each country has its own rules. However, it’s nearly always true that KYC and AML laws will play heavily in any fiat exchange. It’s also true that most fiat exchanges need government approval before they can begin accepting deposits. The challenges of getting approved and reporting ongoing compliance are what make fiat exchanges a relatively rare breed.


KYC may not be popular with the digital freedom wing of the blockchain community. However, these laws exist to prevent fraud and criminal money transfers. They serve an important purpose, and governments can’t just turn a blind eye in the case of crypto.

So, any company that wants to participate in the crypto-economy would do well to follow the regulations in its home country and the countries of its investors. KYC and AML are the cornerstone of such regulatory compliance.