KYC AML and CFT for Exchanges


Leading Crypto Exchanges and Their Respective Strategies in Complying with KYC, CFT and AML Regulations

These days, over-the-counter markets make it possible for investors and traders to buy top-performing cryptocurrencies such as BTC and ETH. However, clients who want to purchase other altcoins have no choice but to use an exchange. To put it simply, crypto exchanges are a necessity to the budding markets. With their crucial roles in the system, it is not surprising that regulators have their keen eyes on them, particularly to the leading ones. Lawmakers are doing everything they can to ensure that these crypto exchanges are complying with the industry’s best security measures and practices. Currently, there are three regulations that are established to enhance the customers’ privacy and security, as well as to eliminate the occurrence of illegal activities. In this article, we will take a look at the efforts and strategies of leading crypto exchanges in complying with KYC (Know-Your-Customer, CFT (Combating the Financing of Terrorism, and AML (Anti-Money Laundering).

Interestingly, some crypto exchanges have exhibited a deep commitment to the industry’s regulations. Take what happened to Binance, for instance. In May, the Malta-based crypto exchange lost $40 million worth of Bitcoin to hackers. Right away, Changpeng Zhao, the CEO of Binance, announced that the company will conduct an extensive security update. Particularly, the exchange stated that it will improve its risk management system as well as its KYC measures. 

So, let’s find out if the other crypto exchanges also exhibit the same level of commitment to the industry’s standards and regulations, and how their level of compliance impacts the markets and their players.

An Overview of KYC, CFT, and AML

While each country has its respective laws that govern KYC, CFT, and AML practices, these laws often lack specific standards. According to regulators, if financial institutions will be given with clear guidelines, it will just set the bar and there’s a likelihood that they will settle on minimum requirements. Veridium’s CTO, John Callahan, explained in a Forbes interview that the regulators want financial institutions to do everything they can to reduce the occurrence of fraud and other illegal activities.

Know Your Customer

Know Your Customer or popularly coined as KYC, is a set of process that is used for customer identification. As the name implies, the robust procedures of KYC involves data collection from customers, however, they vary across jurisdictions and companies. The collection and verification often involves the customer’s physical address, contact numbers, email addresses, government-issued IDs, and utility bills, among others.

Fighting the Financing of Terrorism

Combating the Financing of Terrorism or CFT is a group of procedures being used by law enforcement organizations and agencies to protect the interest of the civilians. This set of process enables authorized bodies to investigate, discourage and ultimately block proven sources of funds that are intended to be used on sparking ideological, religious or political chaos through violence.

Last September, the US Foundation for Defense of Democracies Center’s Director of Analysis, Yaya Fanusie, testified before the US Congress and told them that cryptocurrencies are not being used by terrorist organizations as their funding vehicle for illicit activities. Despite the statement of the director, the US House of Representatives still drafted and proposed a bill that aims to erect a task force that will track and prevent terrorist groups from using cryptocurrencies.

Anti-Money Laundering

Anti-Money Laundering or AML refers to a set of laws, regulations and procedures established to eliminate the existing practices of generating income through illicit activities. Financial institutions are required to orchestrate due-diligence practices from time to time to find out signs of malicious activities. Among the top cases that AML aims to eradicate are market manipulation, tax evasion, illegal goods trading, and misappropriate usage of public fund, just to name a few.

CipherTrace, a Blockchain research industry, had revealed that there are existing crypto gambling sites. This controversial remark had led the regulators to suspecting that the crypto industry is the new space wherein high-tech virtual money laundering activities take place. The Financial Crimes Enforcement Commission’s former director, Jamal El-Hindi, stressed that in the future, AML compliance would be a crucial factor that would determine whether a crypto exchange is stable or not. He also added foreign-based money transfer service providers and crypto traders that will be caught violating the United States Anti-Money Laundering law would be held accountable.


Crypto Exchanges’ Attitude and Strategies towards KYC, CFT and AML Compliance

When it comes to regulatory compliance, it’s worth noting that the set of procedures of AML and CFT comprise KYC, and that it’s a crucial part of the transaction cycles. Generally, the KYC measures come in four phases:

Customer Acceptance Policy – It is the initial stage where a business identify its target customers’ demographics and eventually documents them.

Customer Identification Program – It is also known as the confirmation period. A business verifies whether the presented identification details match the information stored in the company’s CAP database.

Transaction monitoring – A business is required to orchestrate continuous monitoring to ensure that they are not violating regulations, as well as to identify signs of potential illicit activities.

Risk management

Based on the details provided, we can find out how each exchange approaches the standard guidelines and regulations. We will divide the leading exchanges into two sets. The first group of will be “fiat to crypto”, which represents the gateway for new fiat currencies that will enter the crypto market. The second one will be called “crypto to crypto”. It represents how exchanges are being used in trading one cryptocurrency over another.

The First Group

The fiat-to-crypto group is comprised of Bitfinex, Gemini, Bitstamp, Bittrex, Kraken, Coinbase and Coinbase Pro. Typically, these exchanges employ some KYC practices to some extent, since they are dealing with fiat currencies. They have no choice but to collaborate with the outmoded financial institutions. It’s worth noting that majority of these institutions, particularly banks, and observes KYC measures before conducting business with any customers.

Below is a more detailed comparison:


This U.S.-based crypto exchange is licensed. (see the full list here) To be able to create an account, one would only need a name and an associated email address with password. As easy as anyone could send, receive, and store cryptocurrencies through a Coinbase account, they would still have to present an I.D. verification. It would then allow them to trade cryptocurrency to 33 supported countries.

Coinbase’s KYC indicated Netverify, the digital identity of Jumio, with the aims to comply with the regulations alongside the delivery of efficient customer experience. The company’s proposition of appeasing the regulators took form when they employed Peter Elkins, the former executive of the New York Stock Exchange. His role is to develop the Coinbase Trade Surveillance Program as a lead in the monitoring of the markets, fueled by the goal of tidying bad actors out.


Though also a license-holder from the U.S. government, the Gemini exchange is still different from Coinbase. Aside from operating KYC before granting anyone access to its platform, Gemini also stated 13 regulations to which their platform users must comply, as declared in the user-agreement page. Some of these regulations are CTF, FinCEN, and AML. Cameron and Tyler, the Winklevoss brothers, launched the exchange in 2014.

Gemini began the Q2 of the year 2018 with a partnership with Nasdaq, another stock exchange based in the U.S. In those few months prior the surfacing of reports on the Coinbase trade surveillance, one of two of the world’s largest exchanges geared towards the implementation of the operation of the Nasdaq SMARTS Market Surveillance technology. Their objective is to trace down manipulations in the market and frauds in the trades, while the cycle of the surveillance shifts from Coinbase and Gemini. Subsequently, this puts them on the third phase in the whole process of KYC.


Before allowing users to trade on the program, Bitstamp obliges them to have verifications of their I.D. and address. Following the Bitcoin rush last February 2018, this exchange associated with Onfido. The digital identity verification provider would then handle Bitstamp’s KYC for a smooth process of customer onboarding. It originally initiated in Slovenia last 2011. In 2013, it relocated to the United Kingdom, and by 2016, it’s in Luxembourg.

Later on November 5, Bitstamp opted to employ a crypto trading system from Cinnober with regards to its exchange. Claiming that regulatory compliance is the trading solution’s design, Cinnober also made the solution to utilize Irisium’s market surveillance technology towards risk management. Among the customers that Cinnober proudly serves are the London Stock Exchange, the Johannesburg Stock Exchange, Euronext, and the NYSE.


Bitfinex is developed by the iFinex, a fintech company. It lets crypto users create an account to be able to trade, deposit, and withdraw crypto, but not requiring I.D. verification. Nonetheless, details such as phone numbers, two kinds of identification cards issued by the government, a residential location, and bank statement must be verified to be able to trade and deposit fiat currencies.

In the earlier quarters of the year, Bitfiniex hired Irisium’s market surveillance technology. It would discern any deceptive behavior on its system. Bitfinex is located in Hong Kong.


Bittrex is another crypto exchange that values privacy. It requires verification of I.D. for every transaction, including trading, depositing, and withdrawing cryptocurrencies. However, although Bittrex provides a user user-agreement page which states that its operations abide with AML, KYC, and CTF standards – similar to how other exchanges work- it is not sure if Bittrex provides market surveillance program and measures to implement the same operations.


After two years with such development and product beta testing, Kraken was launched and became one of the oldest crypto exchanges. It is composed of five tiers verification (within tier 0-4) requirements. The tier verifications are based on the users’ intent to utilize their account. Jesse Powell, the Kraken founder, created this crypto exchange after discovering the struggles of Mt. Gox which has been one of the largest crypto exchanges in the field. Unfortunately, Mt. Gox is no longer functioning today.

Levels of Kraken Exchange’s User Verification

Kraken differs from Coinbase and Gemini by means of non-appearance in any of the publicized surveillance programs. The only intel on the exchange came from a blog post where they answered a questionnaire from the attorney general of New York. Their statement declared their employment of approximately 200 people, which is above 25% of the company. It was in compliance with a certain regulation. In Q1 of 2018, though, they are on the course of at least 1 request of law enforcement per day in a 7-day week basis.

However, towards the closing of Q2 of the year, a report from Bloomberg claims that there were some anomalies surrounding specific Kraken tether trades. University of Texas finance professor John Griffin notified Bloomberg how evocative regards to wash trading these anomalies are. Sometimes, traders acting as buyer/seller engage in this technique to present a deceptive notion involving demand and supply. While the act is illegal in itself, Kraken successfully discredited the story in the said blog post. There, they wrote that there is no apparent harm from the wash trading concerning an attached asset opposed to its peg.


Crypto-to-Crypto Exchanges

Inclusions of the crypto-to-crypto exchanges are the Binance, OKEx, HitBTC, Huobi, Bibox, LBank, Coinbene and, as stated by CoinMarketCap data.


Binance is not as susceptible to regulations since it is a real cryptocurrency exchange. For that reason, it enables withdrawals for a maximum of 2 BTC daily with no required verification of I.D.s. However, the exchange asks verification through I.D. photo when withdrawals of 100 BTC max. daily is to be made.


OKEx partly enables fiat exchanges and offers three verification levels. The first level users are given a transaction with $10,000 maximum per order. On the other hand, $2,000 is the maximum for fiat transactions, and entail to have an I.D. issued by the government upon verification. Level 2 verification accepts trades of more than $10,000 with the need to document verification. On the contrary, the Level 3 verification allows trades of more than $200,000, which also includes video verification.


HitBTC doesn’t require any kinds of Identification verification when opening an account. Its users can make trades and deposits cryptocurrencies with no required KYC processes. However, this exchange asks users to have their identities verified by sending the standard KYC files, such as bank documents, regarding the compliance department thru email. It is to “prevent succeeding verification processes” in the forthcoming. Users have referred to various social media platforms to complain about the issue that HitBTC is allegedly limiting their accounts. It is based on the procedure that the operator of the exchange is requesting their identities to be verified.


Huobi seems not to demand any KYC documents prior to allowing a user to trade. However, it has a section in its settings interface of the user account for I.D. verification. It seems only to administer KYC when its users hit a specific usage limit of the account. Besides, Huobi has various withdrawal limits concerning account users that are both unverified and verified.


Bibox enables users to make trades a maximum of 2 BTC each day without requiring any verification from KYC. For transactions reaching 20 BTC each day, it demands verification using the user’s passport. Bibox recommends users who aim for a higher reach limit by giving suggestions via email support. Other methods required to start trading and make deposits with Bibox include account security procedures, such as Google authentication and SMS SMS verification.


Between Crypto Exchanges and KYC

The top crypto-to-crypto exchanges, same with fiat-to-crypto exchanges, somewhat have a KYC policy which is implemented by stage. The 30-day volume they have on CoinMarketCap serves as the regulator, but there are still a lot who don’t comply.

Kryptos-X exchange initiator Tony Mackay shared the need for crypto exchanges to be hands-on with their compliance as it would earn them respect and understanding from the regulators.

McKay also claims that one should aim to be appropriate from the onboarding stage, despite the current under-regulation of the crypto market. Additionally, one must guarantee to utilize the proficiency of the finest providers of KYC/AML on the user registration system to accurately detect and prevent any criminal activities.

Furthermore, there hasn’t been any reports on crypto-to-crypto exchanges observing or trailing transactions meaning to uncover any manipulation of the market or frauds on behavior. This situation differentiates them from their counterparts in the fiat-to-crypto exchanges, and Binance is the only exception.

Binance started their partnership with Chainalysis in October. The investigation and compliance company accommodates cryptocurrency space. The collaboration compelled Chainalysis to perform a universal roll-out of the amenability solution that holds a Know Your Transaction (KYT) component. This attribute is a concurrent solution for transaction monitoring built for cryptocurrencies. Among the US agencies that utilize the solution from Chainalysis for tracing cryptocurrency transactions are the FBI and IRS.


Would It Be Worthwhile to Play According to The Rules?

A more significant portion of crypto exchanges runs short of adequate background checks, as found in P.A.ID Strategies’ new narrative. The payments and identity security consulting firm also declared that exchanges practice spontaneous compliance at best. Setting a system up to monitor behaviors is uncommon. Likewise, a few seem ready to transact with regulators, regardless if the industry is under-regulated.

Recently, crypto space witnessed a budding trend where exchanges shut down offices situated in locations with highly-regulated jurisdictions. Instead, they open shop in jurisdictions wherein local laws are responsive to crypto. OKEx and Binance in Malta are excellent examples.

A few crypto firms perceive compliance as a sword with two edges. One side is for firms who certify the nonexistence of illegal activity on their programs. The other end addresses the probable compromisation concerning transference, conversely.

An updated Financial Action Task Force (FATF) guidelines were implemented In June 2019, which govern CFT and AML processes. The statement from February announces that companies must guarantee the exposure of virtual asset service providers (VASPs) to ample management and administration or supervision for AML/CFT. They should also implement pertinent FATF Recommendations efficiently in order to alleviate cases of money laundering, as well as risks of terrorist financing that could arise from said virtual assets. Lastly, these VASPs are bound to open up for effective systems to monitor and confirm the observance of the national AML/CFT requirements.

Still, many oppose the constrictions as they deem having to inaugurate domestic regulatory bodies too challenging. Reporting would also overstrain the companies, causing them to suffer.

What’s more is that identifying the beneficiary won’t always be feasible, whether it is the destination of the wallet or what type the wallet is, as declared by Chainalysis. Additionally, hoarding wallet address associated with bad actors would have more benefits than having to gather user’s personal information.






Please enter your comment!
Please enter your name here