Topic: AML & KYC (Read 1610 times)
What personal information is being leaked left and right?
I have some serious questions in regards to AML (Anti Money Laundering) & KYC (Know Your Customer).
I understand that the alleged motivation for implementing AML/KYC is to prevent money laundering and to know who you're dealing with.
It is also my understanding that businesses implementing these do it because they're required to do so by governmental rules governing the regulation of the financial industry or any other relevant industry such schemes applies to.
Also it is my understanding that KYC is to prevent known terroists/criminals/blacklisted entities from using said services. Afaik, there are lists maintained by Us Govt agencies and various other lists around the world I would imagine.
Truth is that the resourceful criminal will have alternate identities and even infiltrate or start his own financial institution, as such AML/KYC is insufficient to catch the real bad guys.
It seems to me that AML/KYC is nothing but a smokescreen and a tool to inconvenience normal people.
Also, the more places you give copies of your passport and other documents, the larger is the chance it will be misused in identity theft.
To me it looks like that in terms of bitcoin exchanges doing AML/KYC it's a complete waste. If someone has a bank account in the same name as they use with the exchange, that should be enough for the exchange, as it must be assumed that the customer has proven his identity to the bank. Why do the exchange need to reverify that?
To me it seems that AML/KYC to a large extent is preventing free trade and slowing down business and does not benefit the average customer.
I understand that exchanges needs to be 'compliant', but in my opinion this does not guarantee for much if anything. Mark Karpeles repeated that MtGox needed to be compliant a number of times, but apparently all ID docs leaked (not proved afaik) and I question how much compliance there really was at all.
At the same time we see that personal information is being leaked left and right, also at very traditional businesses - so afaik - AML/KYC is a liability for most customers.
Would there be a better solution? A centralized entity that checks the id of a person, and then vouch for that person? So instead of giving your info up to many exchanges, you give it up to just one entity?
It seems like that the only way forward to stay 'safe' is to either only trade p2p, and not on an exchange, or to use a fake identity with an exchange, and only deal in bitcoin withdrawal and deposits. Using a fake identity would of course be against the law, and not advised - but people who're already criminals - what would prevent them from doing illegal things?
My main point is that I look at AML/KYC being a liability instead of being a protection for the customer. It seems like it only protects the regulators and not the customers.
Viewpoints here?
I understand that the alleged motivation for implementing AML/KYC is to prevent money laundering and to know who you're dealing with.
It is also my understanding that businesses implementing these do it because they're required to do so by governmental rules governing the regulation of the financial industry or any other relevant industry such schemes applies to.
Also it is my understanding that KYC is to prevent known terroists/criminals/blacklisted entities from using said services. Afaik, there are lists maintained by Us Govt agencies and various other lists around the world I would imagine.
Truth is that the resourceful criminal will have alternate identities and even infiltrate or start his own financial institution, as such AML/KYC is insufficient to catch the real bad guys.
It seems to me that AML/KYC is nothing but a smokescreen and a tool to inconvenience normal people.
Also, the more places you give copies of your passport and other documents, the larger is the chance it will be misused in identity theft.
To me it looks like that in terms of bitcoin exchanges doing AML/KYC it's a complete waste. If someone has a bank account in the same name as they use with the exchange, that should be enough for the exchange, as it must be assumed that the customer has proven his identity to the bank. Why do the exchange need to reverify that?
To me it seems that AML/KYC to a large extent is preventing free trade and slowing down business and does not benefit the average customer.
I understand that exchanges needs to be 'compliant', but in my opinion this does not guarantee for much if anything. Mark Karpeles repeated that MtGox needed to be compliant a number of times, but apparently all ID docs leaked (not proved afaik) and I question how much compliance there really was at all.
At the same time we see that personal information is being leaked left and right, also at very traditional businesses - so afaik - AML/KYC is a liability for most customers.
Would there be a better solution? A centralized entity that checks the id of a person, and then vouch for that person? So instead of giving your info up to many exchanges, you give it up to just one entity?
It seems like that the only way forward to stay 'safe' is to either only trade p2p, and not on an exchange, or to use a fake identity with an exchange, and only deal in bitcoin withdrawal and deposits. Using a fake identity would of course be against the law, and not advised - but people who're already criminals - what would prevent them from doing illegal things?
My main point is that I look at AML/KYC being a liability instead of being a protection for the customer. It seems like it only protects the regulators and not the customers.
Viewpoints here?
AML/KYC protects the client / customer.
KYC is vital.
Otherwise potentially anyone could masquerade as you and try to steal your money. This protects you.
Certified / Notarized ID should always be used.
Where can i read more about AML (Anti Money Laundering)?
Regarding MtGox, I similarly doubt the sincerity of their 'compliance'. While I don't know much about Japanese law, some of the things that MtGox did would be clearly improper in the United States. For example, customer identification under section 326 is required when someone opens a new account. Once the account has been opened, you can't just add arbitrary identification requirements as an excuse to limit withdrawals to hide insolvency.
I don't have the link right now, but I remember reading in rolling stone magazine that HSBC set up an '
anti-money laundering unit' in the US that was supposed to deal specifically with suspicious events. However, in reality all reports from this division was ignored, and eventually a whistle blower revealed it all. It was all an elaborate scheme from HSBC's side telling politicians that 'look, we have designed this unit that will deal with all the mischief, and we've hired a bunch of people to deal with it. And it was all a smoke screen.
It appears to me that fooling the rules is something that's done on a regular basis.
AML and KYC are terms used to describe various rules imposed on financial institutions. Sometimes the term CTF (countering terrorism financing) is also used, although in reality, preventing terrorism financing rarely happens because most terrorist plots do not involve large amounts of money.
Some of the things described as AML or KYC include:
Patriot Act section 326 - Requires financial institutions to verify the name, address, and other information of any person seeking to open a new account
Currency transaction reports - Requirements for reporting of cash transactions over $10000
Suspicious activity reports (31 USC § 5318(g)) - Requirement for a financial institution to report any suspicious transaction relevant to a possible violation of law or regulation
Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) - The list of suspected terrorists that are prohibited from having accounts with US financial institutions
Regarding MtGox, I similarly doubt the sincerity of their 'compliance'. While I don't know much about Japanese law, some of the things that MtGox did would be clearly improper in the United States. For example, customer identification under section 326 is required when someone opens a new account. Once the account has been opened, you can't just add arbitrary identification requirements as an excuse to limit withdrawals to hide insolvency.
Some of the things described as AML or KYC include:
Patriot Act section 326 - Requires financial institutions to verify the name, address, and other information of any person seeking to open a new account
Currency transaction reports - Requirements for reporting of cash transactions over $10000
Suspicious activity reports (31 USC § 5318(g)) - Requirement for a financial institution to report any suspicious transaction relevant to a possible violation of law or regulation
Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) - The list of suspected terrorists that are prohibited from having accounts with US financial institutions
Regarding MtGox, I similarly doubt the sincerity of their 'compliance'. While I don't know much about Japanese law, some of the things that MtGox did would be clearly improper in the United States. For example, customer identification under section 326 is required when someone opens a new account. Once the account has been opened, you can't just add arbitrary identification requirements as an excuse to limit withdrawals to hide insolvency.
FWIW, AML/KYC regulations have some non-obvious applications and even a service which doesn't accept conventional currency in exchange for BTC can run afoul of "money transmission" regulations.
http://www.wired.com/wiredenterprise/2013/12/casascius/
http://www.wired.com/wiredenterprise/2013/12/casascius/
Thanks for the elaborate explanation and insight.
Would there be a better solution? A centralized entity that checks the id of a person, and then vouch for that person? So instead of giving your info up to many exchanges, you give it up to just one entity?
These already exist and are often used by large organisations for basic identity verification. They're not cheap, though, and most Bitcoin start-ups are strapped for cash. There are also legitimate concerns about a central entity collecting such information and how it may be used in the future.
AML/KYC often needs to go beyond basic identity verification. Once a "high risk" or suspicious transaction occurs on an account, another set of obligations are imposed on the institution concerned (enhanced KYC, suspicious activity reports) and those can't really be farmed out to a third party service.
An exchange - for instance - which can't provide adequate information about its customers when requested to do so by its bank will very often find limitations placed on its account or the account closed altogether. The bank is risking fines ranging from tens of millions of dollars to billions of dollars if it ignores suspicious or high risk activity. Few customers make them enough profit to justify taking that risk.
Quote
Also it is my understanding that KYC is to prevent known terroists/criminals/blacklisted entities from using said services. Afaik, there are lists maintained by Us Govt agencies and various other lists around the world I would imagine.
And there are hundreds of ways to funnel funds to such organisations using intermediaries, which is why the algorithms are designed to look for certain patterns of activity in addition to known relationships.
All the messageboard discussions in the world aren't going to change the AML/CTF/KYC framework. It exists at both regional and an international level, so even lobbying your local regulators will have little impact on the agreed international standards.
More and more financial transactions will be brought under the AML/CTF/KYC umbrella. This document was produced by FATF last year and gives you some idea of the direction in which regulation is heading. It relates to pre-paid cards, mobile payments and internet-based payment services.
http://www.fatf-gafi.org/topics/fatfrecommendations/documents/rba-npps-2013.html
I have some serious questions in regards to AML (Anti Money Laundering) & KYC (Know Your Customer).
I understand that the alleged motivation for implementing AML/KYC is to prevent money laundering and to know who you're dealing with.
It is also my understanding that businesses implementing these do it because they're required to do so by governmental rules governing the regulation of the financial industry or any other relevant industry such schemes applies to.
Also it is my understanding that KYC is to prevent known terroists/criminals/blacklisted entities from using said services. Afaik, there are lists maintained by Us Govt agencies and various other lists around the world I would imagine.
Truth is that the resourceful criminal will have alternate identities and even infiltrate or start his own financial institution, as such AML/KYC is insufficient to catch the real bad guys.
It seems to me that AML/KYC is nothing but a smokescreen and a tool to inconvenience normal people.
Also, the more places you give copies of your passport and other documents, the larger is the chance it will be misused in identity theft.
To me it looks like that in terms of bitcoin exchanges doing AML/KYC it's a complete waste. If someone has a bank account in the same name as they use with the exchange, that should be enough for the exchange, as it must be assumed that the customer has proven his identity to the bank. Why do the exchange need to reverify that?
To me it seems that AML/KYC to a large extent is preventing free trade and slowing down business and does not benefit the average customer.
I understand that exchanges needs to be 'compliant', but in my opinion this does not guarantee for much if anything. Mark Karpeles repeated that MtGox needed to be compliant a number of times, but apparently all ID docs leaked (not proved afaik) and I question how much compliance there really was at all.
At the same time we see that personal information is being leaked left and right, also at very traditional businesses - so afaik - AML/KYC is a liability for most customers.
Would there be a better solution? A centralized entity that checks the id of a person, and then vouch for that person? So instead of giving your info up to many exchanges, you give it up to just one entity?
It seems like that the only way forward to stay 'safe' is to either only trade p2p, and not on an exchange, or to use a fake identity with an exchange, and only deal in bitcoin withdrawal and deposits. Using a fake identity would of course be against the law, and not advised - but people who're already criminals - what would prevent them from doing illegal things?
My main point is that I look at AML/KYC being a liability instead of being a protection for the customer. It seems like it only protects the regulators and not the customers.
Viewpoints here?
I understand that the alleged motivation for implementing AML/KYC is to prevent money laundering and to know who you're dealing with.
It is also my understanding that businesses implementing these do it because they're required to do so by governmental rules governing the regulation of the financial industry or any other relevant industry such schemes applies to.
Also it is my understanding that KYC is to prevent known terroists/criminals/blacklisted entities from using said services. Afaik, there are lists maintained by Us Govt agencies and various other lists around the world I would imagine.
Truth is that the resourceful criminal will have alternate identities and even infiltrate or start his own financial institution, as such AML/KYC is insufficient to catch the real bad guys.
It seems to me that AML/KYC is nothing but a smokescreen and a tool to inconvenience normal people.
Also, the more places you give copies of your passport and other documents, the larger is the chance it will be misused in identity theft.
To me it looks like that in terms of bitcoin exchanges doing AML/KYC it's a complete waste. If someone has a bank account in the same name as they use with the exchange, that should be enough for the exchange, as it must be assumed that the customer has proven his identity to the bank. Why do the exchange need to reverify that?
To me it seems that AML/KYC to a large extent is preventing free trade and slowing down business and does not benefit the average customer.
I understand that exchanges needs to be 'compliant', but in my opinion this does not guarantee for much if anything. Mark Karpeles repeated that MtGox needed to be compliant a number of times, but apparently all ID docs leaked (not proved afaik) and I question how much compliance there really was at all.
At the same time we see that personal information is being leaked left and right, also at very traditional businesses - so afaik - AML/KYC is a liability for most customers.
Would there be a better solution? A centralized entity that checks the id of a person, and then vouch for that person? So instead of giving your info up to many exchanges, you give it up to just one entity?
It seems like that the only way forward to stay 'safe' is to either only trade p2p, and not on an exchange, or to use a fake identity with an exchange, and only deal in bitcoin withdrawal and deposits. Using a fake identity would of course be against the law, and not advised - but people who're already criminals - what would prevent them from doing illegal things?
My main point is that I look at AML/KYC being a liability instead of being a protection for the customer. It seems like it only protects the regulators and not the customers.
Viewpoints here?
Jump to: