Crypto Basics

What is AML and KYC for Crypto?

In just thirteen years, cryptocurrencies have redefined money. It’s little wonder, then, that they’ve also redefined money laundering.

Over the past decade, there have been hundreds of high-profile cryptocurrency-based financial crimes, from the PlusToken Ponzi scheme to the laundering operations of Suex. Regulators, financial institutions, and law enforcement agencies combat these activities with anti-money laundering (AML) and know your customer (KYC) policies.

In this article, we define these terms, how they work, and why they matter for cryptocurrency.

What is anti-money laundering (AML) for crypto?

Cryptocurrency anti-money laundering (AML) encompasses the laws, regulations, and practices designed to stop criminals from converting illegally obtained cryptocurrencies into fiat currencies.

How does crypto AML work?

The Financial Action Task Force (FATF) sets the standards for AML laws globally. FATF began publishing guidance on cryptocurrency AML in 2014, and policymakers in FATF’s member jurisdictions quickly took action; today, FinCEN, the European Commission, and dozens of other regulatory bodies have codified most of FATF’s cryptocurrency AML recommendations into law. 

From there, the baton gets passed on to virtual asset service providers (VASPs)—a group that FATF defines to include crypto exchanges, stablecoin issuers, and, on a case-by-case basis, some DeFi protocols and NFT marketplaces. These businesses do the heavy lifting to stop money laundering by employing AML compliance officers, requiring know-your-customer checks, and continuously monitoring cryptocurrency transactions for suspicious activity.

When suspicious activity is observed, VASPs report this information to relevant regulators and agencies, which then use blockchain analysis tools like Chainalysis Reactor to investigate the flow of funds and link illicit activity to real-world identifiers.

Why is crypto AML important?

Cryptocurrency remains appealing for criminals due to its pseudonymous nature and the ease with which it allows users to send funds anywhere, even despite its transparent and traceable design. In 2020 alone, funds laundered through cryptocurrency exchanges topped $2.3 billion. Effective AML regulations have two important consequences: first, they make money laundering less profitable and more risky; second, they create new avenues through which investigators can prosecute financial crime. 

Effective AML processes within cryptocurrency businesses are just as essential. With continuous transaction monitoring, compliance officers can stop many of these schemes before they even start.

The crypto travel rule and AML

The crypto travel rule is an AML-focused regulation mandating that VASPs send, receive, and screen personal/business information when they facilitate crypto transactions over a certain monetary threshold. In the U.S., this threshold is $3,000; in the EU, policymakers have agreed to implement a €0 threshold. In other words, cryptocurrency businesses operating under an EU license must capture information relating to the identity of the sender and recipient of every crypto transaction, regardless of its size.

What is know-your-customer (KYC) for crypto?

Cryptocurrency KYC refers to the set of identity verification procedures required by law for virtual asset service providers (VASPs). KYC processes are important because they enable criminal investigators to connect pseudonymous cryptocurrency addresses to real-world entities in the event that the addresses are connected to crime.

In traditional finance, valid credentials include ID card validation, face verification, and biometric authentication. Additionally, many banks require proof of address, such as a copy of a recent utility bill.

In the crypto industry, KYC requirements are less standardized. Most crypto exchanges require that new customers share their full legal name, government-issued ID, and up-to-date address information during onboarding, but this varies according to where the exchange operates and what services it provides. 

In October FATF clarified that NFT marketplaces, DeFi protocols, and stablecoin providers, depending on what activities they engage in, may also be obligated to implement KYC procedures.

How does crypto KYC work?

KYC programs generally have three components: customer identification, due diligence, and continuous monitoring.

Customer Identification Program (CIP)

A customer identification program or ‘CIP’ uses reliable and independent data to ensure that the customer is who they claim to be. For individuals, this could include the client’s legal name, date of birth, address, and verifying documentation like a driver’s license or passport. For enterprise customers, business licenses and articles of incorporation are common requirements.

Customer Due Diligence (CDD)

Customer Due Diligence or ‘CDD’ is an assessment of the risks presented by a new client or business relationship. Financial service providers make use of background checks, customer surveys, and reviews of client transaction history to assign risk ratings determining how closely an account will be monitored.

Continuous Monitoring

Continuous monitoring is the ongoing review of transactions for criminal activity. When suspicious activities are detected, VASPs are obligated to submit Suspicious Activities Reports (SARs) to FinCEN or other relevant law enforcement agencies. Chainalysis Know Your Transaction helps businesses comply with these obligations by automatically detecting patterns of suspicious activity, sending real-time alerts, enabling in-depth investigations, and integrating into compliance team workflows.


Why is crypto KYC important?

With cryptocurrency adoption growing exponentially, cryptocurrency businesses need processes to comply with KYC regulations and stop illicit activity. Identity verification, risk assessment, and continuous monitoring are the best means to that end. 

Moreover, by adopting new KYC measures, cryptocurrency businesses can build trust with users and regulators without sacrificing their bottom line. When Binance, a crypto exchange, made KYC mandatory for all of its customers, it found that “most people — 96%, 97% of users — go through KYC” during onboarding. This minor reduction in registrations is a small price to pay for the ability to operate in hundreds of regulatory environments, serve millions of customers, and stop illicit activities of every type. 

What are potential criminal activities in crypto?

Bitcoin, Ethereum, and other digital currencies are used for a number of criminal activities, including:

All of which we cover in our annual Crypto Crime Report.

Cryptocurrency, meet AML and KYC

As cryptocurrencies have expanded and reshaped the global financial network, AML and KYC have become a basic need. That’s why Chainalysis helps cryptocurrency businesses stay compliant and government agencies stop crime: because AML and KYC policies minimize business risk, protect users from illicit activity, and build trust in cryptocurrency.