KYC AML checklist for crypto fundraising in 2023

Introduction

In recent years, the field of crypto fundraising has experienced tremendous growth as businesses and financial institutions increasingly adopt blockchain technology and digital currencies.

As the crypto fundraising landscape continues to evolve, it is crucial for fundraisers to enforce strong onboarding measures that align with Anti-Money Laundering (AML) regulations and Know Your Customer (KYC) requirements.

Such measures safeguard the integrity of the project because they aim to prevent financial crimes, money laundering, and misconduct.

This guide outlines a step-by-step checklist for crypto fundraisers to help them understand and perform AML and KYC checks so that they can fundraise in a compliant way.

Understanding what AML and KYC mean

The crypto industry, with its huge growth and development, needs businesses to take anti-money laundering regulations and Know Your Customer requirements seriously.

Regulators are keeping a close eye on the financial sector and on the advancements in blockchain technology and digital currencies. As a result, they are implementing strict rules for Anti-Money Laundering (AML). AML Compliance during investor onboarding is therefore crucial to prevent potential financial crimes.

By having an AML compliance program in place, crypto fundraisers can protect themselves from exposure to money laundering risks, terrorist financing, and other types of financial crime. Excluding individuals linked to money laundering, terrorist financing, and illegal financial activity also increases trustworthiness in the crypto market.

Money laundering

Money laundering refers to the illicit practice of making 'dirty' money, which is generated through criminal activities, appear 'clean' or legitimate.

This process typically involves three steps: placement, where the money is introduced into the financial system; layering, where the money is concealed through complex transactions and bookkeeping tricks; and integration, where the now 'clean' money is withdrawn from the legitimate account to be used freely.

AML laws are put in place to prevent such practices, requiring financial institutions to implement AML programs to monitor their clients and report any suspicious activities that could indicate money laundering.

Money laundering in the cryptocurrency realm can occur when illicitly acquired funds are converted into cryptocurrencies, effectively disguising their origin. Criminals may use anonymous online transactions and utilize digital currencies to obscure the money trail. They often exploit the decentralized nature and the degree of anonymity some cryptocurrencies offer to move funds across borders quickly and stealthily.

These transactions are then often split into smaller amounts to avoid detection - a process known as 'smurfing'. Once these steps are completed, the 'cleaned' cryptocurrency can be converted back into traditional money, making the illicit funds appear legitimate.

Other types of financial crime

Apart from money laundering, there are other types of financial crime that may occur in the crypto space. These include fraud, such as Ponzi schemes, where returns are paid to old investors from the funds of new ones, and pump and dump schemes, where prices are artificially inflated for quick profits.

Cyber theft is another significant risk, where hackers infiltrate digital wallets or exchanges to steal cryptocurrencies. Additionally, insider trading, where confidential information is used to trade, is also a potential crime in the crypto sector.

Regulatory evasion, where entities circumvent laws and restrictions by operating in gray areas or exploiting legal loopholes, is another common issue. The anonymous and decentralized nature of cryptocurrencies can make these crimes more challenging to detect and prevent, thereby underscoring the importance of robust AML and KYC measures.

Anti-money laundering in Crypto Fundraising

"AML" refers to anti-money laundering, and the term "AML compliance" refers to the practice of abiding by the laws and any applicable AML regulation.

Similar to other financial institutions, crypto fundraisers must ensure AML compliance by following AML laws and AML regulations in the country they are based, as well as international guidelines and best practices such as those set forth by the Financial Action Task Force (FATF).

AML practices involve carrying out risk assessments, enacting appropriate anti-money laundering policies, conducting customer due diligence, monitoring transactions, and reporting suspicious activity to authorities.

The purpose of such AML measures is to combat money laundering, terrorism financing, and other financial crimes. By implementing appropriate AML controls, crypto businesses can prevent money laundering and terrorism financing, and deter other types of malicious activity.

Know-your-customer in Crypto Fundraising

"Know Your Customer" (KYC) is a fundamental part of AML compliance and preventing money laundering and other illegal activities.

The KYC process is particularly important in the crypto sphere due to the anonymous nature of cryptocurrencies. For crypto fundraisers, the KYC process is a method to verify the identity of investors and to assess potential red flags and risks relating to these individuals.

In the context of crypto fundraising, robust KYC procedures ensure that fundraisers deal with legitimate individuals, protecting them and their investors from potential financial crimes and regulatory violations. Following KYC requirements and implementing KYC processes ensure compliance with KYC regulations.

The C in KYC refers to "customers", but in the crypto fundraising context "customers" refers to investors of the fundraise.

KYC involves certain procedures, including:

• Collecting personal information from investors like their name, date of birth, and address.
• Cross-checking this data against official documents like passports or driver’s licenses.
• Screening the individual against databases that detect whether they are sanctioned, have been involved in illegal or illicit activities, and whether they are a politically exposed person (PEP).

Adopting a robust KYC process provides numerous benefits:

• it allows for a thorough and deeper understanding of customers’ backgrounds,
• meets the demands of your own shareholders/business partners,
• reduces the likelihood of financial crime by accurately identifying users and rejecting known criminals and high-risk individuals,
• and protects your company against illegal activities that could lead to regulatory action.

Simply put, you should do KYC because you need to know who you are doing business with; who you are giving access to; and who you are receiving investments from.

Navigating Regulatory Complexity

Navigating the labyrinth of regulations surrounding crypto fundraising can prove a trying task, as legal requirements differ between countries and are subject to frequent changes. To remain compliant with current laws and avoid any associated fines or penalties, businesses must stay up to date on changes in compliance rules.

Crypto fundraisers can do this by closely monitoring news from regulatory bodies, taking part in pertinent industry events plus consulting legal and compliance advisors. By proactively staying informed about changes in the regulatory landscape and having agile procedures and systems that can quickly adapt to such changes, fundraisers will be better equipped to handle the tricky terrain of crypto regulations.

The Investor Onboarding Process for Crypto Fundraising

It's important to initiate KYC procedures for potential investors even before the fundraising begins. During the investor onboarding phase, KYC checks should be conducted and investment opportunities should only be granted to those who successfully pass these checks.

• The first step in the investor onboarding process involves registration and identity verification. This process helps identify the key information about the investor's identity, uncover potential risks relating to identity fraud, and ensure that individuals who aren't transparent about their identities are unable to move forward.
• The second step entails conducting customer due diligence (CDD), where comprehensive checks and screenings are carried out to evaluate the level of risk associated with the investor and to determine if this risk level is unacceptable.
• The concluding step revolves around disqualifying investors who present an intolerable level of risk and assigning risk levels to those who are approved to invest.

Collecting and Verifying Investor Information

Verifying and collecting data from investors entails obtaining personal information such as identification documents, proof of address, and proof of source of funds and wealth, which are then checked with authoritative sources or databases.

It is important to possess the necessary skills and techniques for examining and authenticating IDs. Without the correct knowledge and capabilities, the credibility and quality of this vital process could be at risk. Without thorough and accurate ID verification, there's a risk of accepting individuals using fake, altered, or invalid IDs, which can seriously jeopardize the fundraising process.

Digital solutions can speed up the ID collection and verification process by automating authentication processes utilizing high-tech features like biometric facial identification methods, liveness detection, and optical character recognition. Utilizing cutting-edge technology can help authenticate identities swiftly without manual errors during onboarding processes.

Risk Assessment and Customer Due Diligence of Investors

The next important step in the onboarding process is to evaluate the risk associated with each investor. This involves examining the possible risks tied to the investor's financial activities and their potential risk for the fundraising project.

A rigorous risk assessment allows crypto fundraisers to identify investors who pose a high risk for financial crimes and enables them to take appropriate preventive measures to ensure AML compliance. These actions not only ensure compliance but also contribute to maintaining the reliability and integrity of crypto fundraising operations.

In order to assess risks relating to investors, crypto fundraisers must have procedures for risk assessment and customer due diligence. Such procedures define the screenings and checks that must be performed, the customer risks and red flags that must be reviewed, and clear red lines for what constitutes an unacceptable level of risk.

AML customer due diligence methodology typically entails an evaluation of potential risks such as the background of the investor, their source of funds, investment track record, and country-specific risks, particularly focusing on countries with weak or inadequate legislation and systems to combat money laundering.

After assessing risks and conducting due diligence, crypto fundraisers can categorize investors' risk levels. Low-risk investors require less monitoring due to their lower likelihood of involvement in financial crimes. High-risk investors, however, require rigorous surveillance to prevent potential illicit activities. This helps maintain the fundraising process's integrity and ensures AML and KYC compliance.

Adopting a Risk-Based Approach

A helpful way for crypto fundraisers to become more efficient in their customer due diligence process is to implement a risk-based approach. In the context of risk assessment and due diligence of investors, a "risk-based approach" means prioritization and allocation of resources based on the level of risk associated with each investor.

In essence, taking a risk-based approach means that one conducts more intensive checks and monitoring for high-risk investors while streamlining the process for low-risk investors.

Such an approach allows organizations to use their resources wisely by giving extra attention and scrutiny to investors that are deemed most risky, and dedicating less time and focus on low-risk investors.

Balancing Compliance and User Experience

Maintaining integrity and preventing money laundering requires compliance with AML regulations and KYC requirements. This must be achieved while offering an easy-to-navigate investor onboarding experience, as this will both encourage people to participate in a project and also help keep them invested for longer periods of time.

Digital solutions can automate various aspects of the customer's identity verification process, and adopting a risk-based approach can concentrate resources where they're most needed – primarily on high-risk investors.

A rule of thumb while finding the perfect balance between these two goals is to identify what is nice-to-have versus need-to-have. While ensuring a seamless investment journey for investors is important, compliance requirements should not be ignored or omitted as this could have severe consequences for your business as a whole.

Ensuring Data Security and Privacy

Secure investor data and compliance with privacy regulations are key components in crypto fundraising onboarding. To achieve this, organizations can use encryption technologies, employ secure storage systems, audit processes regularly, and monitor networks constantly to protect confidential customer information from unauthorized access while adhering to legal requirements.

Not only is protecting the security of investor details important for avoiding breaches or exposure but also it creates a trusting environment that helps build confidence in project backers as well as increasing the number of investments.

By following good practices related to data protection crypto fundraisers establish trust with investors, which in turn can contribute to investor retainment and attraction of new investors.

Implementing Monitoring and Reporting Mechanisms

Continuous monitoring

For crypto fundraisers, it's essential to recognize that customer due diligence isn't a one-time task confined to the onboarding stage. Instead, it's a continuous process that should be carried out regularly, with the frequency dependent on the risk level associated with the investor.

For low-risk customers, simplified due diligence, which includes periodic basic checks like identity verification and sanction list checks, is typically sufficient.

On the other hand, high-risk customers require enhanced due diligence. This is a more comprehensive investigation that extends beyond standard identification and verification procedures. It delves into the customer's financial transactions, business relationships, and overall risk profile, and includes an assessment of the customer's geographical location, political ties, and involvement in sectors prone to financial crimes.

By continuously monitoring their investors, crypto fundraisers can identify potential changes in their profiles and risk levels, and detect suspicious activities that might otherwise have been missed.

Ongoing monitoring is a crucial step in ensuring transparency, accountability, and compliance with applicable regulations. It requires crypto fundraisers to keep a close eye on investor activities, looking out for any suspicious transactions that might indicate money laundering or other illicit activities. This helps protect the project from risk exposure.

Customer due diligence is a dynamic, ongoing process that involves regular monitoring and reporting, based on the risk level associated with each investor.

Implementing this process effectively throughout the crypto fundraising cycle helps detect and report any investors associated with financial crime or money laundering activities to relevant authorities. This not only ensures regulatory compliance but also contributes to the overall integrity and success of the fundraising process.

Reporting

In the context of crypto fundraising, reporting refers to the process of documenting and communicating vital information about investor activities and transactions to relevant authorities. This includes reporting suspicious activities that might indicate money laundering or other illicit activities.

Reporting is a crucial part of AML and KYC compliance and is necessary for maintaining transparency and accountability in crypto fundraising. By diligently reporting, crypto fundraisers can contribute to the integrity and trustworthiness of the crypto market.

Record Keeping and Audit Trails

Record keeping and audit trails are vital for AML, KYC, and customer due diligence. They involve recording all investor data, transactions, and checks. Audit trails provide a transparent sequence of activities, useful for reviewing transactions, detecting discrepancies, and proving compliance during audits. Proper management of these records contributes to regulatory compliance and fundraising success.

Summary

The crypto fundraising sector requires fundraisers to comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations to prevent financial crimes. Investor onboarding, a crucial stage of fundraising, involves registration, identity verification, customer due diligence (CDD), and the disqualification of high-risk investors. Digital solutions can aid in automating these processes. A risk-based approach to customer due diligence can optimize resource allocation, focusing more on high-risk investors. Balancing compliance and user experience is essential, as is ensuring data security and privacy. Lastly, continuous monitoring and reporting mechanisms are integral components of the investor onboarding process.

Investor Onboarding Checklist for Crypto Fundraising

1. Understanding AML and KYC: Understand the importance of Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations in the crypto fundraising landscape.
2. Registration and Identity Verification: Register potential investors and verify their identities to uncover potential risks related to identity fraud.
3. Customer Due Diligence (CDD): Conduct comprehensive checks and screenings to evaluate the level of risk associated with each investor.
4. Risk Assessment: Evaluate the potential risks associated with each investor's financial activities and their potential risk for the fundraising project.
5. Adopting a Risk-Based Approach: Prioritize and allocate resources based on the level of risk associated with each investor.
6. Balancing Compliance and User Experience: Ensure compliance with AML regulations and KYC requirements while offering a seamless investor onboarding experience.
7. Data Security and Privacy: Use encryption technologies, secure storage systems, and constant network monitoring to protect confidential investor information and comply with privacy regulations.
8. Continuous Monitoring: Conduct regular monitoring of investors based on their risk level to identify potential changes in their profiles and detect suspicious activities.
9. Reporting: Document and communicate vital information about investor activities and transactions to relevant authorities.
10. Record Keeping and Audit Trails: Keep systematic records of all investor-related data and due diligence checks. Use audit trails for transparency, accountability, and compliance verification during regulatory audits.

Case Studies: The Perils of Ignoring AML and KYC Compliance in the Crypto Sphere

Case Study 1: Cryptocurrency Exchange Lack of AML and KYC Controls

One of the most infamous cases involving a lack of AML and KYC controls in the crypto industry is the case of BTC-e, a cryptocurrency exchange that was seized by the U.S. government in 2017. The exchange was accused of facilitating transactions involving ransomware, computer hacking, identity theft, tax refund fraud schemes, public corruption, and drug trafficking.

The key reason behind this was the failure to follow KYC regulations and adopt proper AML controls. BTC-e did not require users to validate their identity, which allowed criminals to use the platform anonymously. The exchange also did not monitor transactions for suspicious activities, which enabled large amounts of money to be laundered through the platform. This case underscores the importance of having robust AML programs and KYC procedures in place to prevent such misuse.

Case Study 2: The Silk Road and the Absence of KYC and AML Regulations

The Silk Road, an online black market that operated on the dark web, is another classic case that demonstrates the importance of KYC and AML regulations in the crypto industry. The platform, which was shut down by the FBI in 2013, used Bitcoin as its primary form of currency, allowing users to buy and sell illegal goods anonymously.

The lack of KYC and AML procedures allowed the Silk Road to become a haven for money laundering and other illicit activities. In the absence of these controls, users could transact without revealing their identities, making it nearly impossible for authorities to trace illegal activities back to individuals. This case serves as a stark reminder of the risks associated with inadequate KYC procedures and AML controls in the crypto industry.

Case Study 3: The FTX Scandal and the Importance of AML and KYC Compliance

The FTX scandal is a recent example that underscores the necessity of robust AML and KYC processes in the crypto industry. FTX, a popular cryptocurrency exchange, was embroiled in controversy when it was discovered that its platform was being used for money laundering activities.

The criminals were able to exploit the lack of stringent AML and KYC processes on the platform to move their illicit funds without detection. They used sophisticated techniques to obscure the source of their funds and circumvent the exchange's existing security measures.

The lack of a strong and effective AML compliance program and KYC procedures allowed these criminals to use the platform for their illegal activities, leading to significant reputational damage for FTX. The scandal served as a wake-up call for the crypto industry, highlighting the importance of implementing robust and effective AML processes and KYC processes to prevent similar incidents in the future.

‍