KYC and AML in crypto: the differing perspectives of Facebook’s Diem and Pontem Network
Join the official Telegram chat.
Some view KYC checks as a necessary evil; others, as the best way to protect end users. In any case, crypto platforms often have no choice but to introduce KYC — or shut down. The upcoming Diem by Facebook will be the most compliant of them all, featuring a strict KYC process for all parties. Here at Pontem, we certainly value compliance and will provide KYC/AML integration tools. At the sametime, we’ll give the developers freedom to test the product-market fit of their dApps in the open crypto space as a stepping stone to launching on Diem.
KYC vs. AML: it’s not the same thing
As you probably know, KYC stands for Know-Your-Customer, while AML is the acronym for Anti-Money Laundering. The two are so often used together (as in ‘KYC/AML checks’) that many people think they are more or less the same.
In fact, AML is a much wider notion than KYC. AML comprises all the measures, rules, laws, and regulations aimed at fighting money laundering. The three AML regulations and bodies that are most relevant to cryptocurrencies worldwide are three:
1) The 1970 US Bank Secrecy Act;
2) The FATF (Financial Action Task Force) — an association of 39 members founded at the G7 summit in 1989. It is the FATF that supplies the definition of a VASP (Virtual Asset Service Provider), which is important for crypto regulation in many countries;
3) AMLD5 (the 5th EU Anti-Money Laundering Directive) — came into effect on January 10, 2020.
By contrast, KYC is the process of authenticating a customer’s identity and checking if they feature on any sanctions lists, reside in a restricted jurisdiction, or if they’ve been involved in suspicious activities.
In traditional finance, KYC checks are still usually done in person: the customer simply produces their physical ID, and the financial institution’s employee first visually verifies that the customer is indeed who they say they are, then runs the necessary software checks. In the crypto industry, where services are rendered exclusively online, users need to upload scans or photos of the relevant documents, as well as selfies.
Contrary to what some users think, respectable crypto sites don’t conduct KYC checks themselves. If they did, they’d have a massive privacy issue on their hands: storing and protecting all that sensitive data requires advanced security protocols, compliance measures, and so on.
Luckily, there are many reliable third-party solutions on the market. Many use machine learning and computer vision algorithms to ‘read’ the documents issued in different countries and can complete a check within a couple of minutes.
Why KYC isn’t a bad thing
Back in the fun times of ICOs, many investors shunned those token offerings that required a KYC. And for a good reason, actually, because in 2018 there were few safe third-party KYC solutions in place — after all, when you give someone your personal data, you want to be sure that it won’t end up in the wrong hands, and most ICO teams couldn’t guarantee that.
There are still people who oppose KYC for ideological reasons, believing that it goes against the principles of decentralization and privacy that are so central to cryptocurrencies. Here are a couple of Reddit examples:
However, most dislike KYC because it’s an inconvenience. Making a photo or scan of an ID, then a selfie with that ID, looking up a utility bill or bank statement with your address on it — all this takes time. Besides, many KYC solutions have annoying restrictions on file size and format, and users often have to go through the process several times to get the selfie or scan right.
Still, in spite of the practical hurdles, KYC can arguably benefit crypto users:
1. Lower risk that the platform will be shut down. A crypto exchange that operates legally needs to comply with the AML laws of the country where it’s registered. These normally require that each customer be verified. If the platform forgoes this requirement, there’s a risk that the authorities might simply order it to cease operations — in which case users may lose access to their funds.
A good example is South Korea, where the head of the financial regulatory body recently said that by September all of the 200 crypto exchanges in the country could be closed down, because none of them had applied for the license that is required under the new AML law.
2. Cashing out. Converting crypto in a wallet or exchange into fiat in your credit card account requires the services of an intermediary bank. Banks simply won’t perform this service if the customer isn’t verified. That’s why on many platforms you don’t need to pass a KYC check to be able to withdraw limited amounts of crypto to a blockchain wallet, but you have to get verified to use a bank card. For instance, on Binance one can only withdraw 2 BTC a day without KYC.
3. Restoring access. This one is simple: if a verified user loses their password, they’ll still be able to access the platform after passing a few checks. And, just as importantly, there’s less risk that someone will gain access to your crypto platform account after hacking your email.
4. Reduced risk of getting ‘dirty’ crypto. Let’s be fair: the role of crypto in illegal activities is smaller than portrayed by the media — and getting lower. According to a report by Chainalysis, criminal transactions accounted for just 0.34% of the crypto transaction volume in 2020, as opposed to 2.1% in 2019. Part of the reason could be that criminals are switching from the highly traceable Bitcoin and Ethereum to privacy coins like Monero.
Still, ‘dirty’ coins — those that have been used in illegal transactions — can be a problem for crypto users. You won’t even know that a coin you bought is dirty — until you try to cash out or sell it on a large platform. Such a transaction will get blocked, perhaps even together with your whole account. Through KYC, exchanges can prevent dubious individuals from selling their illegally earned crypto — and protect you from accidentally buying it.
The role of KYC in the future Facebook backed Diem ecosystem
Ethereum, Binance Smart Chain, Polkadot, EOS, and other popular permissionless blockchains don’t require any user, dApp project, or team to pass a KYC. They simply provide a framework, and it’s up to you what you do with it.
The upcoming Facebook-backed Diem network — one of the most talked-about projects in the blockchain industry — will be very different. After its many unfortunate run-ins with the US and EU authorities (when it was still called Libra), Diem won’t take any chances this time around: it will be meticulously compliant.
First of all, Diem is a permissioned blockchain. Initially, it was planned that Libra would transition to a permissionless framework, but this idea was later ditched:
Only carefully selected and vetted nodes will be allowed to confirm transactions and add new blocks. There will be no way for users to freely launch their own nodes the way you can do with Eth 2.0. Most of the nodes will probably be controlled by the Core Team, and the remaining ones will have to pass a strict due diligence.
The second aspect of Diem’s compliance are the requirements for the dApp creators. Diem’s Chief Economist Christian Catalini explained that virtual asset service providers (VASPs) will only be able to access the network through a bank. In turn, VASPs themselves will have to be registered in the local jurisdictions where they operate.In other words, dApp teams will have to buy and sell Diem coins through a regulated bank. The consumers, too, will have to access Diem through a licensed exchange or wallet.
Finally, the end users themselves will have to pass a strict KYC check to use a Diem wallet or pay for goods and services with DIEM stablecoins. All things considered, Diem will probably be the most strictly controlled blockchain out there. Still, it will be extremely attractive to dApp entrepreneurs, considering how huge Facebook’s audience is.
How KYC will be used in the Pontem Network
Pontem is an experimental network for Diem that allows developers to build and deploy Diem-compatible apps within the Polkadot ecosystem. Even before Diem is launched, product teams can test out the product-market fit, gain traction, and attract liquidity from various Polkadot-based protocols. In a sense, we position ourselves as the connecting link between Diem’s heavily-regulated world and the much freer, decentralized world of Substrate dApps.
How do KYC checks fit into this model? On the one hand, as an experimental network, we don’t want to limit the developers’ creativity. Pontem will provide a permissionless network and tools for developers to integrate with KYC / AML providers and software services like node infrastructure that is compliant with Diem’s guidelines.
So far the ecosystem of Polkadot is a relatively KYC-free space, but things may change in the future. For example, the popular launchpad Polkastarter requires all potential investors to pass a KYC to get whitelisted for IDOs.
On the other hand, Pontem Network itself adheres to the principles of compliance and transparency, so all our investors and partners pass a KYC check before they can work with us. This way we can ensure that Pontem can work safely and sustainably in the years to come, without facing any complications from the authorities or from the Diem Association.
Pontem Network carefully balances creative freedom with the necessary security and compliance measures. If you’d like to learn more about how you can build Diem-compatible apps on Polkadot that are interoperable with the Diem blockchain, visit our website and join the official Telegram group.