From Binance’s alleged KYC data hack to FATF’s new AML guidelines, compliance can no longer take a backseat

[Earlier this month, the world’s largest cryptocurrency exchange by trading volume experienced an alleged customer KYC data leak, where a hacker threatened the release of some of Binance’s customer identity verification data. Binance states it is still investigating the case for legitimacy and relevancy and shared the following comment:

“On initial review of the images made public, they all appear to be dated from February of 2018, at which time Binance had contracted a third-party vendor for KYC verification in order to handle the high volume of requests at that time. Currently, we are investigating with the third-party vendor for more information.”

It’s a massive problem when companies trusted with protecting sensitive information decide to gamble data security for a quicker identity verification process.

And it isn’t just crypto exchanges who are taking risks when it comes to compliance.

Just as Know Your Customer (KYC) and Anti-Money Laundering (AML) processes are becoming more critical for crypto exchanges, they are becoming an increasingly necessary component for blockchain market participants and issuers who wish to conduct compliant digital securities offerings (DSOs) or security token offerings (STOs).

That said, many issuers are also attempting to find solutions which fully automate the KYC process or outsource the identity verification process to third parties (some of which are based in other countries) to save time and money. 

This could be detrimental to the protection of investors’ private information if a third-party gains access to this sensitive data and could even violate Regulation S-P data protection standards enforced by the SEC if a broker dealer was engaged in the offering.

Even more, both exchanges and issuers participating in the crypto world need to realize that they are ultimately responsible for making sure that all investors go through proper KYC/AML checks as much as they are responsible for keeping the data secure. Relying on a third-party who could further outsource the data to be verified puts the company and its users at risk.

Worth the risk?

To put it in to perspective, the blockchain community is working to streamline the timely and outdated processes financial institutions use to onboard users, which relies heavily on a manual and paper-based system when it comes to issuing securities. For example, after an issuer’s banker gathers materials and organizes them for KYC review and onward AML screening, it can take 5–10 days to complete. This is a long and inefficient process, and clashes strongly with the blockchain’s promise of speed and efficiency.

Further, the FATF, an inter-governmental body which provides guidance on regulatory reform to combat money laundering and terrorism financing came out with new rules which apply to businesses transacting on the blockchain and cryptocurrency exchanges. The AML policies expands beyond the standard information the majority of blockchain exchanges currently collect. 

Knowing all of this, the task of KYC/AML compliance seems daunting. It’s also easier to see how this could encourage the search of compliance shortcuts to fulfill the growing regulatory requirements without scaring away users with a complex and lengthy onboarding process.

A blockchain solution 

It’s no longer possible for blockchain companies dealing with financial transactions to brush aside compliance. The fact is that its here to stay and it looks like those who are going to stay in business are the ones that face the obstacles head on and integrate a viable, long-term solution.

These are some of the reasons we introduced our Ethereum-based onboarding app, KYCware, to the blockchain/ financial community. We wanted to demonstrate how both KYC and AML can be solved with blockchain technology and integrated into a simple investor onboarding process.

With KYCware, a user downloads an app and goes through the entire process right from their smartphone. After submitting the data, it typically only takes 1.5 minutes to verify an investors KYC submission and on the backend, user data is automatically verified against a database of global sanctions, Politically Exposed Persons (PEPs), and watchlists. 

One big difference between our solution and the use of third-party vendors is that we don’t perform KYC/AML verifications ourselves, rather we streamline the collection of data for a company. Investors’ information is stored in memory until an approved company representative, or banker in the case of a digital security or security token offering, can download and review the submissions on an S-P compliant medium. For example we recommend clients use a FIPS compliant external hard disk. This ensures sensitive data doesn’t leave the issuer’s control at any point in time.

We also incorporate advanced identity verification technology such as anti-gaming technologies, machine readable ‘MRZ’ scans, and security hologram checks for IDS. This, along with the above method creates checks and balances to block the Donald Ducks and Elvis Presleys of the world that made it into Bittrex.

With blockchain technology solutions like KYCware, our hope is that KYC and AML programs can mitigate risk, maintain compliance, and still protect user-experience, transparency and public consensus the community demands.

Visit us at to learn more.

Leave a comment