Quite informative, thanks.
Would be very nice to extend this to some mayor altcoins sites, like BTER, i.e. It would be very good to have a community index of exchanges trustfulness.
Topic: AML/KYC Explained - page 25. (Read 395582 times)
if possible, can you please post sites that help with verification process? Would a website like: http://authenticid.co/pro-valid.html will help?
Isn't it a time to add Circle.com to the lists?
As far as I saw they request customer information and refer to KYC during registration.I wonder, whether this makes them compliant.
As far as I saw they request customer information and refer to KYC during registration.I wonder, whether this makes them compliant.
It's not just cash deposits/withdrawals. Any combination of transactions reaching or exceeding 10.000 USD within 48 hours can/will be reported. This includes the EURO zone (SEPA) where a copy of each bank transaction is send to the US for analyses. So details of a bank transfer from Italy to Spain, or even within the same city between your family members is send over to the US. It depends on your risk profile if you get into trouble or not.
Also single person business owners (non-limited companies) also fall under that rule.
Also single person business owners (non-limited companies) also fall under that rule.
I'd like to propose some changes to KYC/AML rules. Criminals have been known to use their ill gotten gains to eat at restaurants and shop in grocery stores. I guess criminal activity can work up an appetite. It is incumbent upon restaurants to ensure that the money their customers are paying has come from legitimate sources. All restaurants should ask for ID and a utility bill before serving customers. They also need to ask their customers for their employer information and annual income. Self employed customers can produce a business license or other such documentation to prove the legitimacy of their income. Grocery stores also need to comply with these rules but in addition, grocery stores should ask for social security numbers as well. Maybe then we can protect children and fight Al Qaeda ISIS.
Government AML regulations put the burden on financial institutions, not regular businesses. Many banks are choosing not to accept anonymous cash deposits into bank accounts... such as JP Morgan Chase, which now only allows people to deposit cash into their own account.
Any cash deposit or cash withdrawal of more than $10,000 is required to be reported to the Federal government.
I'd like to propose some changes to KYC/AML rules. Criminals have been known to use their ill gotten gains to eat at restaurants and shop in grocery stores. I guess criminal activity can work up an appetite. It is incumbent upon restaurants to ensure that the money their customers are paying has come from legitimate sources. All restaurants should ask for ID and a utility bill before serving customers. They also need to ask their customers for their employer information and annual income. Self employed customers can produce a business license or other such documentation to prove the legitimacy of their income. Grocery stores also need to comply with these rules but in addition, grocery stores should ask for social security numbers as well. Maybe then we can protect children and fight Al Qaeda ISIS.
Why some trading companies ask for more documents than others?
Some KYC are very annoying.
Some KYC are very annoying.
Important aspects. But i think MTGOX should be removed from this nice article. When i see it's name i become different, furry.
Valid point. They are in compliance with bankruptcy atm.
Where does purse.io fit?
AML/KYC does NOT protect anyone from being scammed. MtGox was the biggest fraud in the history of Bitcoin and it complied with AML/KYC laws.
All AML/KYC does is force small Bitcoin startups out of business because they can't afford to register with FinCEN. It's just another monopoly trick and it does NOT protect ANYONE from getting ripped off.
All AML/KYC does is force small Bitcoin startups out of business because they can't afford to register with FinCEN. It's just another monopoly trick and it does NOT protect ANYONE from getting ripped off.
AML/KYC is a barrier to entry for small Bitcoin startups and effectively hinders Bitcoin innovation .. it should be IGNORED
Important aspects. But i think MTGOX should be removed from this nice article. When i see it's name i become different, furry.
At what point does supposed KYC/AML compliance requirement blocking access to amounts worth below the reporting trigger limits become a deliberate scam?
I am frustrated due to getting "KYC"ed for small scale investments, i.e. they already have my coin and are changing policy. Crypto financials have an absolutely abysmal security track record, and I am unwilling to spread my data around to every two satoshi operation, it's not a case of "if" ID theft will happen it's a case of WHEN. I am absolutely convinced that if I should give full ID to 10 such operations that it's absolutely guaranteed that my data would be stolen in a year. It's very highly likely even if I restrict myself to just 5... at the moment I am only providing ID to operations located in my home country who I can get restitution from easily if/when they screw up. I had deliberately limited size of investments for risk reasons and to "not have to deal" with any AML BS.
The problem is here, my credit could be abused into the tens of thousands of dollars range, so providing full ID is an additional tens of thousands worth of risk for things likely to realize a mere hundred or two in profit, if any.
I had expected crypto to fiat interfaces to require KYC, what has caught me off guard is the number of crypto<>crypto things now beginning to implement, often with no opportunity to withdraw investment.
I am frustrated due to getting "KYC"ed for small scale investments, i.e. they already have my coin and are changing policy. Crypto financials have an absolutely abysmal security track record, and I am unwilling to spread my data around to every two satoshi operation, it's not a case of "if" ID theft will happen it's a case of WHEN. I am absolutely convinced that if I should give full ID to 10 such operations that it's absolutely guaranteed that my data would be stolen in a year. It's very highly likely even if I restrict myself to just 5... at the moment I am only providing ID to operations located in my home country who I can get restitution from easily if/when they screw up. I had deliberately limited size of investments for risk reasons and to "not have to deal" with any AML BS.
The problem is here, my credit could be abused into the tens of thousands of dollars range, so providing full ID is an additional tens of thousands worth of risk for things likely to realize a mere hundred or two in profit, if any.
I had expected crypto to fiat interfaces to require KYC, what has caught me off guard is the number of crypto<>crypto things now beginning to implement, often with no opportunity to withdraw investment.
- Determination of the customer's risk in terms of propensity to commit money laundering, terrorist finance, or identity theft
- Creation of an expectation of a customer's transactional behavior
- Monitoring of a customer's transactions against their expected behaviour and recorded profile as well as that of the customer's peers
- Creation of an expectation of a customer's transactional behavior
- Monitoring of a customer's transactions against their expected behaviour and recorded profile as well as that of the customer's peers
And here is the problem. If you are a normal, 9-5, go home to the wife and kids guy, then you will probably fit the guidelines/expectations perfectly.
If you are (like me and many others), an expat in Asia, using bank accounts in very Third World countries, you are shit out of luck. Can I get verified at Coinbase, Bitstamp or other major exchange? Not likely. I get forced to BTC-e because I don't fit the normal profile.
If I could get a KYC support person to listen to my story, and make some allowance for it, it would be easy. Unfortunately, that would take 30 minutes which they don't want to give. The questions usually go like this:
Why don't you have a US bank account? Why do you have an account in Cambodia and Vietnam?
-- Because I haven't lived in the US in 8 years. I split time between those countries.
I need a utility bill and a copy of your passport.
-- Here is the passport. I don't have a utility bill in my name. It is normal here that utility bills stay in the landlord's name. Since mail is never actually delivered, I pick them up at the utility office anyway. What can i give you instead? A copy of my lease, notarized? A letter from the local police? Name it.
Sorry, sir. Our rules state that a utility bill is required. We will not be able to allow you to transfer your money back to your account from the exchange. Fuck off, money laundering scum.
Expected profiles and expected behavior suck.
There's also https://bitcoin-central.net/ operated by Paymium
Add CoinMKT and VoS, please.
Can ANX get added to the list?
We are a Money Services Operator (MSO) in Hong Kong. This is the equivalent of a FINCEN/FINTRAC MSB in the USA. We are under stringent compliance controls where we go above and beyond the standard KYC/AML and SSR requirements set out for the license. Because we are in the crypto currency industry we heave to work much harder to keep abreast on the latest developments in KYC and AML than the typical MSO or banks to mitigate any risk in our business. ANX was one of the first exchanges to implement strong KYC/AML requirements on all our customers since Day 1 of our opening in July 2013. This proved to be painful and troublesome for some of our customers and even cost us some customers as they did not feel they needed to provide this information to us since many of the other exchanges did not have such policies and not an industry standard at the time.
We knew that KYC/AML will be one of the main reasons why the regulators and government will ban or accept crypto currencies. Hence we had been forward thinking and adequately pre-empted these requirements that have been the norm today. ANX is in this for the long term and will do what it takes to ensure we will stay in business to be able to provide our a customers a safe and compliant way to trade crypto currencies.
We are a Money Services Operator (MSO) in Hong Kong. This is the equivalent of a FINCEN/FINTRAC MSB in the USA. We are under stringent compliance controls where we go above and beyond the standard KYC/AML and SSR requirements set out for the license. Because we are in the crypto currency industry we heave to work much harder to keep abreast on the latest developments in KYC and AML than the typical MSO or banks to mitigate any risk in our business. ANX was one of the first exchanges to implement strong KYC/AML requirements on all our customers since Day 1 of our opening in July 2013. This proved to be painful and troublesome for some of our customers and even cost us some customers as they did not feel they needed to provide this information to us since many of the other exchanges did not have such policies and not an industry standard at the time.
We knew that KYC/AML will be one of the main reasons why the regulators and government will ban or accept crypto currencies. Hence we had been forward thinking and adequately pre-empted these requirements that have been the norm today. ANX is in this for the long term and will do what it takes to ensure we will stay in business to be able to provide our a customers a safe and compliant way to trade crypto currencies.
To expand a bit on what all this means at local level.
Services design their own AML/KYC policies and risk management processes with the over-arching guidelines and statutory requirements in mind. Conventional financial institutions tend to have extremely conservative risk assessment frameworks because they're at risk of fines in the hundreds of millions if they're found to be non-compliant.
The risk assessment/management procedures individual institutions use are developed by them. They get to decide which customers and what transactions are "high risk" and can and do choose to cease providing services to high risk accounts rather than apply enhanced AML/KYC compliance procedures to those accounts. They are under no legal obligation whatsoever to allow you to operate a high risk account and don't have to justify a refusal to do so (under some circumstances, they may even be prohibited from giving you a specific reason).
Compliance is a huge administrative burden for financial institutions and it's both cheaper and easier for them to dump accounts/customers who add to that burden. They not only don't care if you take your business elsewhere, they actively want you to do so - they want your accounts to be someone else's headache.
When your financial institution refuses to process a transaction or closes your account, they are not telling you what to do with your money. They don't actually give a fuck what you do with your money. What they're doing is refusing to act as the middleman in transactions which expose them to potential liability. Any fees they might have earned from that transaction pale into insignificance compared to the fines which allowing a single transaction which breaches AML/KYC requirements can attract (it's 11 million per breach here in Australia for a corporation and a single transaction can involve multiple breaches). It's not about your right to send funds to potentially flaky Bitcoin services or Nigerian "princes" - it's about their right (and, to a large extent, obligation) to not involve themselves in high risk transactions.
People in general greatly over-estimate their importance as customers to financial institutions. You may believe that you're giving them "a lot of business", but in the overall context of their operations you're not bringing them enough profit to justify the risks involved in servicing your account. They can always find low risk customers to replace you.
Services design their own AML/KYC policies and risk management processes with the over-arching guidelines and statutory requirements in mind. Conventional financial institutions tend to have extremely conservative risk assessment frameworks because they're at risk of fines in the hundreds of millions if they're found to be non-compliant.
The risk assessment/management procedures individual institutions use are developed by them. They get to decide which customers and what transactions are "high risk" and can and do choose to cease providing services to high risk accounts rather than apply enhanced AML/KYC compliance procedures to those accounts. They are under no legal obligation whatsoever to allow you to operate a high risk account and don't have to justify a refusal to do so (under some circumstances, they may even be prohibited from giving you a specific reason).
Compliance is a huge administrative burden for financial institutions and it's both cheaper and easier for them to dump accounts/customers who add to that burden. They not only don't care if you take your business elsewhere, they actively want you to do so - they want your accounts to be someone else's headache.
When your financial institution refuses to process a transaction or closes your account, they are not telling you what to do with your money. They don't actually give a fuck what you do with your money. What they're doing is refusing to act as the middleman in transactions which expose them to potential liability. Any fees they might have earned from that transaction pale into insignificance compared to the fines which allowing a single transaction which breaches AML/KYC requirements can attract (it's 11 million per breach here in Australia for a corporation and a single transaction can involve multiple breaches). It's not about your right to send funds to potentially flaky Bitcoin services or Nigerian "princes" - it's about their right (and, to a large extent, obligation) to not involve themselves in high risk transactions.
People in general greatly over-estimate their importance as customers to financial institutions. You may believe that you're giving them "a lot of business", but in the overall context of their operations you're not bringing them enough profit to justify the risks involved in servicing your account. They can always find low risk customers to replace you.
Want to improve this sticky? Edits to the sticky may be paid! Please post a quote of this sticky with all of the changes you would like included in the thread linked below:
https://bitcointalksearch.org/topic/completed-003-btc-bounty-write-a-general-amlkyc-process-sticky-357590
Feel free to use this sticky as a general discussion of AML/KYC policies.
https://bitcointalksearch.org/topic/completed-003-btc-bounty-write-a-general-amlkyc-process-sticky-357590
Feel free to use this sticky as a general discussion of AML/KYC policies.
What is KYC ?
Know your customer (KYC) refers to due diligence activities that financial institutions and other regulated companies must perform to ascertain relevant information from their clients for the purpose of doing business with them. The term is also used to refer to the bank regulation which governs these activities. Know Your Customer processes are also employed by companies of all sizes for the purpose of ensuring their proposed agents', consultants' or distributors' anti-bribery compliance. Banks, insurers and export credit agencies are increasingly demanding that customers provide detailed anti-corruption due diligence information, to verify their probity and integrity.
Who has to enforce KYC ?
Know your customer (KYC) falls under the responsability of each financial institution and/or regulated company.
The regulations require these entities to adopt KYC procedures. It assists them in knowing / understanding the customers and their financial dealings better to monitor their transactions for identification and prevention of suspicious transactions.
KYC Recommendations
KYC controls typically include the following:
- Collection and analysis of basic identity information (referred to in US regulations and practice a "Customer Identification Program" or CIP)
- Name matching against lists of known parties (such as "politically exposed person" or PEP)
- Determination of the customer's risk in terms of propensity to commit money laundering, terrorist finance, or identity theft
- Creation of an expectation of a customer's transactional behavior
- Monitoring of a customer's transactions against their expected behaviour and recorded profile as well as that of the customer's peers
KYC Jurisdiction and Locality
KYC regulations are local, and differ from country to country. Jurisdiction is also, on a coutry to country basis.
To know more about your specific country, visit: http://kycmap.com
KYC and Bitcoin Exchanges
Stricter KYC policies:
Bitstamp https://www.bitstamp.net/privacy-policy/
Bitfinex https://www.bitfinex.com/pages/tos or refer inquiries to [email protected]
BTCChina (only since new PBOC guidance, Dec 2013) (link?)
Cavirtex https://www.cavirtex.com/faq
Coinbase https://coinbase.com/legal/privacy
Kraken https://www.kraken.com/legal/verification (their General Counsel, Constance Choi is a well known specialist in the Regulatory and Compliance field)
Cryptonit https://cryptonit.net/regulations
Loose or non-existant KYC policies:
BTC-e (??)
Crypsty (??)
LocalBitcoin (p2p based, limited KYC?)
What is AML?
Standing for "Anti-money Laundering", it is a set of procedures, laws or regulations designed to stop the practice of generating income through illegal actions. In most cases money launderers hide their actions through a series of steps that make it look like money coming from illegal or unethical sources was earned legitimately.
Who has to enforce AML?
In response to mounting concern over money laundering, the Financial Action Task Force on Money Laundering (FATF) was established by the G-7 Summit that was held in Paris in 1989.
The Task Force was given the responsibility of examining money laundering techniques and trends, reviewing the action which had already been taken at a national or international level, and setting out the measures that still needed to be taken to combat money laundering. In April 1990, less than one year after its creation, the FATF issued a report containing a set of Forty Recommendations, which provide a comprehensive plan of action needed to fight against money laundering.
The FATF calls upon all countries to take the necessary steps to bring their national systems for combating money laundering and terrorism financing into compliance with the new FATF Recommendations, and to effectively implement these measures.
Again, as in the case of KYC, financial institutions and/or regulated companies are responsible for the implementation of internal AML policies.
AML Jurisdiction and Locality
AML regulations are also local, and differ from country to country. Some countries choose a top-down approach, inheriting much of their AML policies from the FATF, while others go for a bottom-up approach and then have to reconcile both policies. Extreme countries where such reconciliation is impossible (generally due to Government unwillingness) are excluded from the FATF membership, with the corollary of increased complications to access the international markets and financing.
For a full list of FATF members, visit: http://en.wikipedia.org/wiki/Financial_Action_Task_Force_on_Money_Laundering
AML and Bitcoin Exchanges
Currently in compliance:
Bitstamp https://www.bitstamp.net/aml-policy/
Bitfinex https://www.bitfinex.com/pages/tos or refer inquiries to [email protected]
Cavirtex https://www.cavirtex.com/why_virtex#proactively_working
Coinbase https://coinbase.com/legal/privacy
Kraken https://www.kraken.com/legal/aml (their General Counsel, Constance Choi is a well known specialist in the Regulatory and Compliance field)
Cryptonit https://cryptonit.net/regulations
Unknown status:
BTCChina (unclear since new PBOC guidance, Dec 2013) (are they financial institutions?)
BTC-e https://btc-e.com/page/1
LocalBitcoin (p2p based, limited or no AML?)
WARNING:
Assume that restrictions for any Bitcoin to National Currency exchange may become more restrictive at any time in the future. Many exchanges in the past have restricted currency deposits or withdrawals proactively as BitStamp has, without any explicit order from a government agency to do so at the time. Others like BTCChina have in response to concerns made even the ability to continue to login to their platform contingent on supplying further identifying information. In the past surprise changes to AML/KYC requirements have lead users of exchanges to have their access to deposited funds substantially delayed while complying with new requirements or even lost access to their deposited funds completely if they could not comply with the new requirements. Changing AML/KYC exchange enacted AML/KYC requirements have affected users of all major exchanges that handle both Bitcoin and National currency. People who continue using such exchanges should prepare for the contingency that their exchange of choice will change their AML/KYC requirements in the future.
Know your customer (KYC) refers to due diligence activities that financial institutions and other regulated companies must perform to ascertain relevant information from their clients for the purpose of doing business with them. The term is also used to refer to the bank regulation which governs these activities. Know Your Customer processes are also employed by companies of all sizes for the purpose of ensuring their proposed agents', consultants' or distributors' anti-bribery compliance. Banks, insurers and export credit agencies are increasingly demanding that customers provide detailed anti-corruption due diligence information, to verify their probity and integrity.
Who has to enforce KYC ?
Know your customer (KYC) falls under the responsability of each financial institution and/or regulated company.
The regulations require these entities to adopt KYC procedures. It assists them in knowing / understanding the customers and their financial dealings better to monitor their transactions for identification and prevention of suspicious transactions.
KYC Recommendations
KYC controls typically include the following:
- Collection and analysis of basic identity information (referred to in US regulations and practice a "Customer Identification Program" or CIP)
- Name matching against lists of known parties (such as "politically exposed person" or PEP)
- Determination of the customer's risk in terms of propensity to commit money laundering, terrorist finance, or identity theft
- Creation of an expectation of a customer's transactional behavior
- Monitoring of a customer's transactions against their expected behaviour and recorded profile as well as that of the customer's peers
KYC Jurisdiction and Locality
KYC regulations are local, and differ from country to country. Jurisdiction is also, on a coutry to country basis.
To know more about your specific country, visit: http://kycmap.com
KYC and Bitcoin Exchanges
Stricter KYC policies:
Bitstamp https://www.bitstamp.net/privacy-policy/
Bitfinex https://www.bitfinex.com/pages/tos or refer inquiries to [email protected]
BTCChina (only since new PBOC guidance, Dec 2013) (link?)
Cavirtex https://www.cavirtex.com/faq
Coinbase https://coinbase.com/legal/privacy
Kraken https://www.kraken.com/legal/verification (their General Counsel, Constance Choi is a well known specialist in the Regulatory and Compliance field)
Cryptonit https://cryptonit.net/regulations
Loose or non-existant KYC policies:
BTC-e (??)
Crypsty (??)
LocalBitcoin (p2p based, limited KYC?)
What is AML?
Standing for "Anti-money Laundering", it is a set of procedures, laws or regulations designed to stop the practice of generating income through illegal actions. In most cases money launderers hide their actions through a series of steps that make it look like money coming from illegal or unethical sources was earned legitimately.
Who has to enforce AML?
In response to mounting concern over money laundering, the Financial Action Task Force on Money Laundering (FATF) was established by the G-7 Summit that was held in Paris in 1989.
The Task Force was given the responsibility of examining money laundering techniques and trends, reviewing the action which had already been taken at a national or international level, and setting out the measures that still needed to be taken to combat money laundering. In April 1990, less than one year after its creation, the FATF issued a report containing a set of Forty Recommendations, which provide a comprehensive plan of action needed to fight against money laundering.
The FATF calls upon all countries to take the necessary steps to bring their national systems for combating money laundering and terrorism financing into compliance with the new FATF Recommendations, and to effectively implement these measures.
Again, as in the case of KYC, financial institutions and/or regulated companies are responsible for the implementation of internal AML policies.
AML Jurisdiction and Locality
AML regulations are also local, and differ from country to country. Some countries choose a top-down approach, inheriting much of their AML policies from the FATF, while others go for a bottom-up approach and then have to reconcile both policies. Extreme countries where such reconciliation is impossible (generally due to Government unwillingness) are excluded from the FATF membership, with the corollary of increased complications to access the international markets and financing.
For a full list of FATF members, visit: http://en.wikipedia.org/wiki/Financial_Action_Task_Force_on_Money_Laundering
AML and Bitcoin Exchanges
Currently in compliance:
Bitstamp https://www.bitstamp.net/aml-policy/
Bitfinex https://www.bitfinex.com/pages/tos or refer inquiries to [email protected]
Cavirtex https://www.cavirtex.com/why_virtex#proactively_working
Coinbase https://coinbase.com/legal/privacy
Kraken https://www.kraken.com/legal/aml (their General Counsel, Constance Choi is a well known specialist in the Regulatory and Compliance field)
Cryptonit https://cryptonit.net/regulations
Unknown status:
BTCChina (unclear since new PBOC guidance, Dec 2013) (are they financial institutions?)
BTC-e https://btc-e.com/page/1
LocalBitcoin (p2p based, limited or no AML?)
WARNING:
Assume that restrictions for any Bitcoin to National Currency exchange may become more restrictive at any time in the future. Many exchanges in the past have restricted currency deposits or withdrawals proactively as BitStamp has, without any explicit order from a government agency to do so at the time. Others like BTCChina have in response to concerns made even the ability to continue to login to their platform contingent on supplying further identifying information. In the past surprise changes to AML/KYC requirements have lead users of exchanges to have their access to deposited funds substantially delayed while complying with new requirements or even lost access to their deposited funds completely if they could not comply with the new requirements. Changing AML/KYC exchange enacted AML/KYC requirements have affected users of all major exchanges that handle both Bitcoin and National currency. People who continue using such exchanges should prepare for the contingency that their exchange of choice will change their AML/KYC requirements in the future.
Jump to: