KYC
What is KYC?
KYC stands for “Know Your Customer.” The term refers to the practices that financial institutions—like banks and payment services—use to make sure they know the true identities of the people and organizations they serve, and to assess the risks of serving them. The term can also refer to the government regulations that require these practices. Financial regulators require institutions to have robust KYC, as part of their effort to fight financial crime.
You’ll commonly encounter KYC practices when using a payments service like Venmo or PayPal. If you send or receive more than a certain amount of money, you may also need to upload a photo of a government-issued ID like a passport or driver’s license, and possibly additional documents as well. You won’t be able to use the service without going through this process. Although it’s all done with the ultimate purpose of preventing financial crime, it can create a privacy risk for you.
Why does KYC exist?
The intent of KYC regulations and practices is to identify criminals using the financial system for illegal activity. This has the effect of making it easier to investigate illegal activity, since many types of illegal activity either require or produce money.
One specific target of KYC is to prevent financing of illegal activity. This includes making sure that payments aren’t going to people or businesses that are under sanctions. It also includes a set of practices called counter terrorism financing (CTF), which aims to prevent the flow of funds to terrorists and terrorist organizations.
A related set of practices is anti-money laundering (AML), which aims to prevent criminals from using the financial system to handle the proceeds of illegal activity.
What are KYC practices?
KYC practices generally involve financial institutions gathering information about the identities and financial activity of their clients. For individual clients, they’ll verify identities using government-issued IDs like passports or driver’s licenses. For business clients, they’ll gather information about the business and its owners, to ensure there’s a low risk of illegal activity.
When clients send or receive money, the institution will gather information about the counterparty, to make sure they’re known and trustworthy. If an institution becomes suspicious of a client or their activities, they may report the client to authorities, or stop providing services.
Financial institutions make sure that any other institutions they work with have robust KYC practices of their own, to ensure that working with them won’t create legal risk. This is what makes KYC universal in the financial system. For example, if a bank doesn’t have good KYC practices, other banks will refuse to interact with it, so its usefulness as a bank will be severely limited.
KYC practices in cryptocurrency
Cryptocurrency companies may or may not have robust KYC practices. However, companies that interact with the traditional financial system will need to do good KYC. One example is cryptocurrency exchanges, where users can exchange cryptocurrencies for traditional (or “fiat”) currencies like US dollars. Providing that service requires the exchange to work with banks, and banks will refuse to do so unless the exchange has satisfactory KYC practices.
Companies that deal purely with cryptocurrencies may have no KYC at all, and this may be a selling point for them, since it means users can access their services without divulging their real-world identities. Such companies are often said to make up “decentralized finance,” or DeFi.
Privacy concerns
Financial regulators generally take the position that their interest in detecting and preventing financial crime takes precedence over individual privacy. Carrying out effective KYC requires financial institutions, like banks and payment services, to collect a lot of information about clients and their financial activity. Clients generally have little control over what data the institutions collect, how they use it, who else they share it with, or how long they keep it.
This reduced privacy is unavoidable in the modern financial system; any bank or payment service must have a KYC program in order to be allowed to operate, and to do business with other financial institutions.