With only seven months left for nations to pass laws and virtual asset service providers (VASPs) to comply with the guidelines, the majority of cryptocurrency exchanges are not equipped to handle basic KYC, let alone comply with the stringent new funds Travel Rule included in the updated Financial Action Task Force (FATF) guidance, according to CipherTrace.
The research results revealed that the lion’s share — more than two-thirds — of exchanges do not have good KYC. The breakdown of the ratings are as follows:
- Weak – These exchanges allowed researchers to withdraw at least .25 BTC daily with very little to no KYC.
- Porous – These exchanges require some sort of ID verification process.
- Good – These exchanges require a very strenuous KYC process, which takes several steps to complete before the researchers were able to make a deposit or withdrawal. They not only require the ID process but also proof of address. Some require a phone call or video chat to complete the KYC process.
The FATF funds Travel Rule requires VASPs to securely transmit (and store) sender and receiver personally identifiable information (PII) with any cryptocurrency transaction valued at or exceeding USD/EUR 1,000. Consequently, stringent KYC is necessary to meet the Travel Rule’s base requirements.
Nations that fail to enforce FATF guidelines are often subject to political ostracization, financial sanctions, and are added to a FATF blacklist, which documents countries that it judges “to be non-cooperative in the global fight against money laundering and terrorist financing.”
The U.S. has maintained a similar Travel Rule through the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) since 1996. Recently, Kenneth Blanco, FinCEN Director, explained that his organization “has been conducting examinations that include compliance with the funds’ Travel Rule since 2014.”
“(The Travel Rule) is the most commonly cited violation with regard to money service businesses engaged in virtual currencies,” said Blanco.
The Travel Rule has proven particularly problematic for ‘privacy coins,’ whose primary use case, to obfuscate money transmitter data, seemingly contrasts with the information sharing required for compliance.
In expectation of regulatory crackdown, many exchanges have pre-emptively removed privacy coin listings. However, 32 percent of exchanges, including those determined to have weak or porous KYC, still have privacy coins listed.
After two years of large, high-profile exchange hacks and exit scams, there has been a significant reduction in crypto crimes. Still, even with the lowest quarterly cryptocurrency thefts and scams in two years, 2019 still experienced a massive spate of crypto crimes—more than $4.4 billion to date.
While there’s no hard data to explain the Q3 dropoff — except for potentially the anomalous nature of the QuadrigaCX and PlusToken frauds skewing the numbers in previous quarters — one possible explanation is that government regulation of the industry is having a positive impact.
It has been previously speculated that the shift from outright thefts to exit scams and other frauds perpetrated by insiders indicated that crypto exchanges had begun to adequately invest in hardening their IT infrastructures. This is because criminals, as they are wont to do, follow the path of least resistance.
Maturing and sophisticated terrorist and criminal syndicates are partially responsible for the global regulatory clamp-down on cryptocurrency. Terrorists, other criminal organizations and their supporters and sympathizers are constantly looking for new ways to raise and transfer funds without detection or tracking by law enforcement.
As regulators continue to stifle resources for criminal cryptocurrency use, terrorists are using more sophisticated methods to secure funding and launder money for operations and attacks.