Crypto Regulation
KYC and AML: a ball and chain for cryptocurrencies
By Dominik Stroukal, Economic Expert at SatoshiLabs and contributor to Trezor Blog
Did the magical world of cryptocurrencies draw you in with promises of freedom, security, and privacy? Then you tried to buy a few bits of bitcoin, and all of a sudden had to pull out your webcam, dig around for identity documents, electricity bills, or even proof of employment and other sources of income. Welcome to KYC and AML — doesn’t quite feel like the open, utopian currency we were promised, does it?
With all this regulation, what makes Bitcoin and other cryptocurrencies that different from boring old banks?
Cryptocurrencies do not need to verify their users and their income. Recently, politicians have come up with plenty of ways to tax and regulate it, by anchoring it to the old fiat system through clamping down on on-ramps and off-ramps (exchanges) and using fiat when assessing crypto-to-crypto trades. If you come across a verification step, it’s probably because you are trying to escape from fiat money in the first place, but even that has begun to change.
Unfortunately, we haven’t quite got rid of fiat money yet. And, due to a regulatory system struggling to impose policies that are not fit for this new technology, we’ll rid ourselves of it much more slowly.
In 2021, it is still unthinkable for an ordinary person to not use the current fiat money. But more and more are trying to secure their money using Bitcoin; that’s why it’s so important to know that if an exchange or app wants your personal data, then it has nothing to do with cryptocurrencies as such. The state wants to limit how you use them.
A lot of people are afraid that excessive regulation will kill cryptocurrencies. It will put people off the idea of buying in, certainly, but it will have no impact on the crimes that it is portrayed as preventing.
A fly through the abbreviations
KYC stands for know your customer and AML for anti-money laundering. Both terms are often used together because they have common goals and technically KYC are guidelines for AML. Their goals can be deduced from their names, but are even better explained with the full name of the second abbreviation: AML/CTF/CWMDF, or Anti-Money Laundering and Counter Terrorist Financing and Counter Weapon of Mass Destruction Financing.
In other words, identify your customers (KYC) and their cash flows properly to avoid money laundering and financing terrorists and weapons of mass destruction (AML). Or even better — investigate the client and his cash flow. KYC is one of the processes bundled into AML legislation.
Typically, countries have their own AML law, which talks about critical amounts, who the obliged entities are and what their obligations are. In the homeland of SatoshiLabs and Trezor, the Czech Republic, there are even two paragraphs in this law specific to cryptocurrencies. In principle, they are not controversial, they only make it clear that even cryptocurrency exchanges must identify clients and their sources of income.
Most exchanges had done so long before, because an exchange was still an obliged entity even without these two paragraphs and the explicit mention of cryptocurrencies. The exchanges worked with fiat money, which made them obliged, even though there were cryptocurrencies on the other side of the exchange. But now you need to be verified even if you want to just exchange Ethereum for Bitcoin.
The world after 2001
If a long history of money is ever written in the distant future, 2001 will be a turning point. During the popping dot-com bubble, came an attack on the World Trade Center and US Federal Funds rate fell below 1% for the first time since 1958. For the first time since Nixon and the decoupling of world money from gold. During the following years, cheap money inflated a bubble that brought, just a few years later, the worst crisis since the Great Depression. And central banks and governments have since responded by inflating another huge bubble.
Thanks to that, the world is looking for alternatives. We have seen with our own eyes how strange and impractical modern money is. From those roots grew Bitcoin and, later, other cryptocurrencies.
However, in 2001 the Patriot Act gave birth to KYC/AML. We are celebrating 20 years together, at least in the USA. As revealed by that crazy acronym AML/CTF/CWMDF, everything revolved around terrorism. Weapons of mass destruction? When was the last time you heard that term?
The response to terrorist attacks and the ensuing war on terror have permanently planted sets of rules in the financial world that we will probably never get rid of. We have to find a totally different approach — which may be cryptocurrencies.
Why does someone want so many documents from us when we buy bitcoins worth less than a paycheck? To make it clear that we are not laundering dirty money, that we’re not funding terrorism or weapons of mass destruction? It sounds absurd, and it is. The Patriot Act took the old Bank Secrecy Act to a whole new level.
Of course, your Trezor does not ask for any personal information. Your hardware wallet doesn’t need to know who you are and, quite frankly, doesn’t want to know. But for most people, the bottleneck into cryptocurrencies is still a bank account from which we buy cryptocurrencies or convert them back to fiat to pay for things that aren’t yet easily paid in crypto.
Unfortunately, the effects of KYC/AML on cryptocurrencies are much worse than just documenting papers and income. Yes, for many of us, this is in stark contrast to what free money should look like in a free world, under current circumstances, it could perhaps be reconciled as a transitional period.
But these laws pose a risk to cryptocurrencies, more and more, because they are evolving. Where a single ID document used to be enough, today we fill out long questionnaires about exactly what interactions we have with cryptocurrencies, how we came to them, how much money we hold in them and what we intend to do with them. Sometimes you honestly don’t even know the answer.
Why should I care about crypto regulation?
Because central banks and finance ministries have a strange relationship with commercial banks and subtly suggest that they should not tolerate cryptocurrencies. And if they don’t listen, compliance can always be ordered. We are very close to seeing that happen.
Because a bank can close your account just for legally buying a piece of Bitcoin, from earned and taxed money.
Because, even if they don’t close your account, it will automatically lower your internal banking rating and you will fall into the category of inferior customers, which they follow more closely and sometimes refuse standard services to. You haven’t done anything wrong and you don’t intend to, but you can still be punished and live in the knowledge that someone is monitoring your accounts.
Because KYC/AML systematically supports fraudsters. If you don’t know much about cryptocurrencies and have a choice of two platforms to buy from, people will avoid the one that asks for intimate documents so as not to risk their personal data. That one will usually be fraudulent, but why would any decent service want your data? They don’t, but they have to ask anyway, to stay in line with the law.
Because it is almost impossible for exchanges to open bank accounts, which monopolizes the market unnecessarily. There are even absurd examples where exchanges do everything according to the law but no-one will open a bank account for them, even though the state requires it! Even doing everything according to the law, you can never fulfill its demands. Instead of the largest cryptocurrency exchanges being in rich western countries, where we would expect them, we find them set up in countries under regimes in which nothing is certain. Isn’t that a clear signal that something’s wrong?
Because your private data, given away here and there due to these regulations, will be stolen and misused. Criminal hackers are happy to sell your data to any bidder, and attackers will learn how to scam money from you. It won’t just be a random e-mail from the Prince of Nigeria, but an e-mail from a service that knows you well. The chance of a successful scam is much higher thanks to these laws.
Because it shut millions of people without a bank account from the crypto market. Cryptocurrencies have brought so much hope to the massive unbanked population, but regulation makes it the privilege of the rich who have access to bank accounts. Without an account it is much harder to get some satoshis, especially in developing countries, where cryptocurrency has shown so much promise.
Because it kills adoption. Many people like the idea of cryptocurrencies, but do not want or are unable to go through the complicated process of detaching them from their identity, or risking their data.
And so on... Of course, with all of the above, there are ways to avoid these inconveniences. Thanks to KYC/AML, however, those routes are mostly unnecessarily expensive and often dangerous.
It is of course possible that, thanks to KYC/AML, we might prevent terrorism and other crimes. It certainly makes the work of criminals a little less convenient, there is no doubt about that. But are we sure all these costs are worth it? Did we run the numbers? Or is it another long, losing battle, like the war on drugs, destined for few successes while nonetheless suffocating progress?
What’s next?
These regulations cannot kill cryptocurrencies, as such. Cryptocurrencies do not need KYC or AML or any of the rest. There are already voluntary blacklists of bad addresses which decent businesses do not want to have anything to do with. But that is voluntary self-regulation of the market, the exact opposite of the misguided laws coming from outside the industry.
We also voluntarily escape these processes by switching to decentralized exchanges, etc., but these are movements within the crypto world. Once you are in, it is a free world. Unfortunately, entering that world without fiat on-ramps monitored by financial institutions is, for most people difficult, risky and expensive.
Opinions on the future of regulation and cryptocurrencies differ significantly. One camp claims that cryptocurrencies do not need them, that they harm the sector, and may even kill it. The second thinks that this regulation is compatible with cryptocurrencies, and that the interconnection of the two worlds can unlock new potential of cryptocurrencies.
Whatever side of this dispute you stand with, the gap between them is widening. When ECB Governor Lagarde said that Bitcoin was “funny business” and needed “global regulation”, she meant deploying KYC/AML. No one wants, or is able to “regulate” Bitcoin’s monetary policy. But the entry- and exit-ramps to and from the cryptocurrencies can be regulated. These ramps may soon be entirely controlled and possibly taken down. Cryptocurrencies will surely survive, but it is up to us to ensure they will not only survive but flourish.
We are slowly embarking on a path with the second group. But it is a mistake. Adapting to an overgrown, over-regulated system that wants to know about everything we do is a clear miscalculation. It is not true that cryptocurrencies should adapt to the real world, it is not true that that’s just how it works. These regulations are celebrating 20 years of intruding on the US population, but in most countries of the world its principles have only been implemented recently. In some jurisdictions, KYC and AML are even younger than Bitcoin; it’s not too late to set things right.
