Crypto
4 min read

KYC (Know Your Customer)

Identity-verification procedures financial institutions use to confirm who their customers are. Most regulated crypto exchanges require KYC before allowing trading or withdrawals beyond small thresholds.

What KYC actually requires

A typical KYC process collects:

  • Government-issued ID — passport, driver's license, national ID.
  • Proof of address — utility bill, bank statement.
  • Date of birth.
  • Tax identification number (SSN in US, equivalent elsewhere).
  • Source of funds for larger transactions.

Some institutions also require:

  • Selfie/liveness verification.
  • Beneficial ownership for business accounts.
  • PEP (politically exposed person) screening.
  • Sanctions screening.

Documentation is verified manually or through specialized KYC providers (Jumio, Onfido, Persona).

Why KYC exists

Several regulatory drivers:

  • AML requirements. Bank Secrecy Act (US), AMLD (EU), similar laws in most jurisdictions require financial institutions to verify customer identities.
  • Counter-terrorism financing. Specific laws (Patriot Act in US) require monitoring for terrorist-related transactions.
  • Sanctions enforcement. Institutions must screen customers and transactions against sanctions lists.
  • Tax reporting. Various international agreements (FATCA, CRS) require institutions to report customer information.

The cumulative effect: any regulated financial activity in major jurisdictions involves KYC.

KYC in crypto

Most regulated crypto exchanges implement KYC similar to banks:

  • CEXes like Coinbase, Binance, Kraken require KYC for trading and withdrawals.
  • Non-KYC services exist (decentralized exchanges, peer-to-peer markets) but face increasing pressure.
  • DeFi protocols generally don't require KYC at the protocol level, though front-end interfaces sometimes do.

The "non-KYC" line in crypto is increasingly contested. The 2022-2023 enforcement actions against Tornado Cash and various non-KYC services signaled regulatory willingness to extend KYC frameworks deeper into crypto.

KYC tiers

Most exchanges have multiple verification levels:

  • Basic verification — name, email, phone. Limited deposit/withdrawal limits.
  • Identity verification — ID + selfie. Standard limits.
  • Enhanced verification — proof of address, source of funds. Higher limits.
  • Institutional KYC — comprehensive due diligence for large accounts.

Higher tiers unlock higher limits and more services.

KYC privacy concerns

Several legitimate concerns:

  • Data breaches. KYC data is highly sensitive; breaches expose IDs, addresses, financial information. Many crypto exchanges have been breached.
  • Surveillance creep. Combined KYC databases across institutions provide a comprehensive view of individuals' financial lives.
  • Honeypots. Exchange KYC databases are particularly attractive targets for criminals.
  • Cross-border data transfers. KYC data often flows across jurisdictions with weaker privacy protections.

These concerns drive interest in privacy-preserving KYC alternatives — proving identity attributes (over-18, citizen of specific country) without revealing underlying data. Several projects work on this with zero-knowledge proofs.

Non-KYC services and their risks

Many crypto users use non-KYC services for various reasons. Risks:

  • Regulatory exposure. Using non-KYC services in regulated jurisdictions can carry legal risk.
  • Service quality. Non-KYC services often have weaker security, customer support, and operational reliability.
  • Liquidity issues. Non-KYC venues often have less liquidity and worse execution.
  • Withdrawal restrictions. Some non-KYC services freeze funds when authorities demand it.

KYC in regulated jurisdictions

The general direction in major jurisdictions:

  • US — comprehensive KYC requirements; FinCEN guidance has expanded over time. Most crypto activity at scale requires KYC.
  • EU — MiCA framework requires KYC for crypto-asset service providers.
  • UK — similar to EU under FCA framework.
  • Singapore, Hong Kong, Japan — KYC required for licensed crypto activity.

Few major economies allow regulated crypto trading without KYC.

KYC costs

For institutions, KYC is expensive:

  • Per-customer costs of $5-50 for typical retail; $500+ for complex institutional KYC.
  • Annual recurring costs for periodic re-verification, ongoing monitoring.
  • Compliance staff — large institutions employ hundreds of compliance professionals.
  • Technology systems — specialized KYC providers and case-management tools.

These costs are passed to customers in the form of fees, account minimums, or restricted services.

KYC reform proposals

Several ongoing discussions:

  • Reusable KYC — verify once with a trusted provider; reuse credentials across services. Reduces redundancy and data exposure.
  • Privacy-preserving KYC — using zero-knowledge proofs to verify attributes without exposing underlying data.
  • Risk-based KYC — applying lighter verification for low-risk transactions and customers.
  • Global KYC standards — reducing fragmentation across jurisdictions.

Most reforms remain in early stages. The basic framework — government ID + address verification + sanctions screening — remains the core of regulated financial KYC globally.

What individuals should know

For most crypto users:

  • Major regulated services require KYC. Plan to provide standard documentation.
  • Verify your identity completely. Higher verification tiers unlock more functionality.
  • Be aware of data risks. Use unique passwords; enable 2FA; understand the breach risks of holding accounts at multiple exchanges.
  • Don't fight the requirement. KYC is the price of operating in regulated financial systems; alternative approaches carry their own significant risks.

The honest framing: KYC creates real friction and privacy concerns, but it's the dominant model for regulated financial activity globally. Operating outside it has costs that often exceed the privacy gains for typical users.