If you cannot outline these details (and subsequently record them in your terms of service if they are not already) then how do we know you are not selectively enforcing it in order to fill your pockets?
Some useful information and links https://www.hkma.gov.hk/eng/key-functions/banking-stability/aml-cft.shtml
If I understand this https://www.hkma.gov.hk/media/eng/doc/key-functions/finanical-infrastructure/infrastructure/svf/Guideline_on_AMLCFT_for_SVF_eng_final.pdf correctly, they have to conduct KYC procedure if amount is equal or above HK$8,000, which is cca $1,000 at the moment. I couldn't find information for cryptocurrency but I believe it should be the same procedure.
That's the main reason why this procedure is in place.
marlboroza pointed that out and some other stuff here:
https://bitcointalksearch.org/topic/m.51801073
Sleazy AF. Not to mention that the 15 BTC case did not involve fiat (Tether is not fiat) and their AML/KYC shit is supposed to apply to direct fiat-crypto purchases.
They replied this:
If they locked funds because of suspicious activity (which they claim they did) they have to report it to authorities, they can't just say - "hey, we suspect that these funds came from criminal activity, send us your selfie and you can have your funds".
Normal answer would be "we need your personal information because under the AML regulation and law we have to enforce KYC if amount is equal or above (insert currency)x,xxx which in your case was."
Everything should be correctly stated in ToS.