top of page

The State of KYC (Know Your Customer) in Bitcoin and Crypto

A client interested in learning more about the bitcoin and crypto world contacted me. They were interested in learning about the space, but more importantly, how their KYC product could fit the market. Of course, I will not share information about the company, but I can share results from my research:

First comes the state of KYC today. The initial steps in regulating the world of bitcoin and crypto, has been through the forced implementation of KYC processes, in order to be aligned with the traditional finance space.

Here are Coinbase's and Binance's processes:

In Coinbase's case it seems to me that it is an in-house solution. This would mean that they are keeping all your personal data used for the verification - this can open to extra risks. KYC is not one of their lines of business, users have to trust they will handle this up to industry standards.

One area where the bitcoin and crypto industry is trying to innovate, is in a blockchain-based equivalent of the KYC process. The most popular example is the Metamask wallet:

It’s used in order to connect to some of the blockchain apps in the crypto space.

The same exists in bitcoin of course, but is not as widely spread, and, as of today, is not as simple to use:

The reason it is more complex is because users need to run a node themselves and the node ID is used to confirm the user authentication. As it tends to go when we compare bitcoin to crypto, bitcoin is always the most secure way of running things. But it does come with a steeper learning curve for regular users. I don’t doubt that both the level of education in the space and the user experience will keep improving in the future.

In a world where bitcoin is fully adopted and the bitcoin blockchain is at the center of everything financial, this could easily replace the KYC process: the bitcoin blockchain shows every past transaction from every bitcoin address. This ledger of transactions can easily be audited to check the “financial integrity” of the addresses. Because this is what it’s supposed to be - these KYC client-onboarding processes help prevent and identify money laundering, terrorism financing, and other illegal corruption schemes. Personal information of the users is only gathered because this is the only solution financial institutions have had until now to assess an individual’s intentions.

The bitcoin blockchain offers us the opportunity of detaching the identity from the account, thereby making the assessment about the account used, not about who is using it. If transactions were made in the past from this bitcoin address to another that was considered fraudulent (or vice-versa), the whole blockchain would know that these addresses were associated at some point. And this information would be there, literally, forever.

We can imagine a future world where everyone has his/her own bitcoin node and uses it to connect to different applications:

  1. Users could connect to financial institutions by verifying their on-chain wallet. The financial audit can be done by reviewing the past transactions of this address. “What if they have multiple addresses?” you may ask. Well, even if the individual is a fraudulent one, if he were to make a new transaction to an address that is considered fraudulent (even his own), it would be flagged forever with the authorities in the geography enforcing these KYC rules. His other adresses could be registered (if he decides to) with other financial institutions that have different regulations somewhere else in the world.

  2. Any other app could be connected to through the lightning network. The reason for that is that you cannot perform the same financial audit from the lightning network as you can on bitcoin’s base layer. But it is still valid to verify the authenticity of a user.

We single-handedly have the opportunity to remove the connection between personal information and finance, as well as improve the control over fraud that currently exists in our financial system.

Think about this for a second: the institutions that have the most thorough KYC processes today are also the ones that are at the root of the biggest fraud scandals around the world - banks (1). These same scandals often involve government officials from every continent (2). The same people that push for KYC-enforcing policies. This points out a certain hypocrisy in the industry and the lack of willingness to actually bring a true solution - what matters most is controlling individual user’s personal information.

All of this is nice and beautiful in this future world we are imagining. Unfortunately, this is not where the KYC/AML regulations in the bitcoin and crypto space seem to be headed:

  1. The EU is the first region to have set clear regulations that should go live in 18 months. These regulations would include the FATF travel rule (4), forcing centralized financial institutions involved in the bitcoin and crypto industry to gather all the personal information of the originator and beneficiary of all transactions made using their wallets. One thing these regulators don’t realize (or prefer not to acknowledge), is how these rules are going to create an entirely new financial risk: centralized data is always the victim of hacks - countless examples we have all heard of or have been victims of illustrate this. If a bank gets hacked and an individual finds out that John Doe owns x amount in his bank account, the funds are still protected by two actors: John Doe and his bank. Now, if John Doe has a self-custody bitcoin wallet and his personal information gets leaked describing where he lives and how much bitcoin he owns, the funds are then only protected by a single actor: John Doe. The first financial innovation that allows users to safely protect their money rather than relying on banks and their sometimes questionable practices is being stripped of one of its most important features. Don’t get me wrong, this doesn’t mean that their approach at killing bitcoin and crypto will work, it just means that the EU is actively deciding to exclude itself from the industry, for now.

  2. For obvious reasons, everything that is DeFi is going to abide by the same rules and will have to setup KYC processes if they want to continue to operate. “But, but… it’s DeFi, it’s decentralised, they can’t force a KYC process on them”. Well, it’s not because they use a variant of blockchain technology and consider themselves decentralized that they really are. Take the example of Uniswap, the biggest DeFi platform of 2021, has been forced by regulators to de-list certain coins from their platform. According to US regulators, Uniswap should have registered as a securities exchange and should not sell unregistered securities (which is what most of crypto is - more on this in a future article). A certain form of KYC is the next step of regulation for such platforms. They should get ready and get ahead of the curve if they wish to survive as a business.

Bitcoin and crypto companies need to adapt, but so do the KYC process providers. Here is what we know about the people entering crypto:

  1. They care about the security of their data

  2. They care about anonymity/pseudonymity

These points are part of the reasons why the bitcoin blockchain was invented in the first place. Whichever KYC solution will be able to best serve with both of these points at the core of its technology, will be the winner. And the bitcoin and crypto platforms that adopt these KYC services first will be at an advantage.

Such KYC services exist already. This is the case of the client I was working with. They just couldn’t see this for themselves and didn’t know how to build a story around this. I helped them understand the industry in detail and build a marketing strategy that suits their product:

Reach out if you think your business could benefit of a similar kind of help!



51 views0 comments


bottom of page