Two Thirds of the Top Cryptocurrency Exchanges Have Weak KYC

CipherTrace, the leading cryptocurrency and blockchain intelligence firm, today released its Q3 2019 Cryptocurrency Anti-Money Laundering (AML) Report. Highlights of the report address cryptocurrency regulation, nefarious actors within the ecosystem, impending legislation, international trends and prevailing sentiments. Of particular note, CipherTrace conducted a first-ever comprehensive investigation of cryptocurrency exchange Know Your Customer (KYC) procedures and found that two-thirds (roughly 65 percent) of the top 120 exchanges lack strong KYC policies.

The Financial Action Task Force (FATF), an intergovernmental organization that standardizes global legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats, released “Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers.” In this Q3 Crypto AML Report, CipherTrace reveals that, with only seven months left for nations to pass laws and virtual asset service providers (VASPs) to comply with the guidelines, the majority of exchanges are not equipped to handle basic KYC, let alone comply with the stringent new funds “Travel Rule” included in the updated FATF guidance.

The research results revealed that the lion’s share—more than two-thirds—of exchanges do not have good KYC. The FATF funds Travel Rule requires VASPs to securely transmit (and store) sender and receiver personally identifiable information (PII) with any cryptocurrency transaction valued at or exceeding USD/EUR 1,000. Consequently, stringent KYC is necessary to meet the Travel Rule’s base requirements.

Nations that fail to enforce FATF guidelines are often subject to political ostracization, financial sanctions, and are added to a FATF blacklist, which documents countries that it judges “to be non-cooperative in the global fight against money laundering and terrorist financing.” The U.S. has maintained a similar Travel Rule through the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) since 1996. Recently, Kenneth Blanco, FinCEN Director, explained that his organization “has been conducting examinations that include compliance with the funds’ Travel Rule since 2014.”

“(The Travel Rule) is the most commonly cited violation with regard to money service businesses engaged in virtual currencies,” said Blanco.

The Travel Rule has proven particularly problematic for ‘privacy coins,’ whose primary use case, to obfuscate money transmitter data, seemingly contrasts with the information sharing required for compliance. In expectation of regulatory crackdown, many exchanges have pre-emptively removed privacy coin listings. However, 32 percent of exchanges, including those determined to have weak or porous KYC, still have privacy coins listed.

In its report, CipherTrace explains how exchanges and cryptocurrency developers have grappled with the privacy dilemma. Although the report does punctuate a concern for privacy coins that have no compliance strategy, CipherTrace affirms that recent reports of the death of privacy coins have been greatly exaggerated. In fact, many of the top privacy coin developers have already released statements (outlined in the report) on how they could comply with the Travel Rule.