The cryptocurrency exchange industry may be far less orthodox than it appears.
As revealed exclusively to CoinDesk, a global study of 216 exchange platforms by the regtech startup Coinfirm found 69 percent of exchanges did not have “complete and transparent” know-your-customer (KYC) procedures. The study also found that only 26 percent of exchanges had a “high” level of anti-money laundering (AML) procedures, such as ongoing transaction monitoring and in-house compliance staff with experience in AML processes.
While some people may seem anonymity as a feature of the cryptocurrency market, not a bug, it can also enable problematic business practices and criminal or terrorist activity.
For example, another recent study by Bitwise Asset Management, claimed that almost 95 percent of the widely reported bitcoin trading volume was actually an artifice, often involving automated bots or misreported statistics from unregulated exchanges. Coinfirm CEO Pawel Kuskowski told CoinDesk many such platforms require just a crypto wallet address to get started.
“You don’t put any identifier like an email address. That’s how low it can be,” Kuskowski said of certain industry practices. “On the other hand, we have a video conference as part of the onboarding where someone is checking whether the documents you’re providing are in line with what you are holding in your hand.”
Throughout the research process, Coinfirm’s team also found that some exchanges failed to fully implement the official policies on their websites. For example, Binance users from restricted countries have allegedly been able to use the platform simply by using a virtual private network (VPN) to obfuscate their location.
In the report, Coinfirm identified Binance as having a “high” regulatory risk based on “exposure to anonymous activity,” since deposits and withdrawals for values below two bitcoin (less than $8,000 as of press time) reportedly did not require KYC as of February 2019.
Binance’s Chief Compliance Officer, Samuel Lim, denied this assertion that users can deposit and withdraw thousands of dollars worth of crypto without any KYC, although he failed to specify what Binance’s KYC requirements are. Instead, Lim told CoinDesk:
“Where the industry currently stands, it is an ambitious, yet ongoing effort, to implement a unique KYC requirement to service all of our users and businesses. However, in every single jurisdiction that it operates in, Binance adheres to all local rules and regulations and has built trust among the public through its developments, services and values since its inception. For all of our regulated/licensed businesses, the standard followed is the model which is approved by the regulating body, including Jersey, Uganda, Malta and Singapore.”
A New York-based CoinDesk employee was able to do small crypto-to-crypto transactions without KYC or VPN using Binance, while purchasing bitcoin with a credit card did appear to require KYC. This harkens back to 2018, when Attorney General Barbara Underwood said Binance, Kraken, and Gate.io claimed they do not service customers in New York and as such her colleagues were unable to determine whether these platforms allowed “manipulative or abusive trading,” not to mention the the trading of unregistered securities.
Regardless of how the KYC policy is actually enforced, it’s clear that Binance is taking steps to beef up its compliance procedures. On Tuesday, Binance announced a partnership with analytics firm IdentityMind to “improve existing data protection and compliance measures for Binance’s global operations.”
Speaking to this IdentityMind partnership, Lim added:
“This partnership is one which enhances our compliance systems and processes, user privacy and asset integrity. While it will certainly facilitate the registration and onboarding process, we cannot comment on the specific measures and processes in relation to this partnership as they involve proprietary commercial arrangements.”
Overall, there were several exchanges – including Coinsquare, Coinbase, Gemini and the Circle-owned Poloniex – that Coinfirm’s Kuskowski identified as “low risk” due to official licenses and strict KYC/AML policies.
When asked to describe Poloniex’s compliance strategy, a spokesperson told CoinDesk:
“Circle takes pride in its longstanding relationship with U.S. and international regulators: just for a few examples, we are a registered money services business with FinCEN, we received the very first BitLicense from the State of New York, and we hold an eMoney license in the U.K.”
The broad spectrum of enforced compliance procedures wasn’t the most surprising part of this research for Kuskowski. It was the legal structure behind some platforms, including several of the industry’s most famous high-volume exchanges, which Kuskowski declined to name.
“It’s perceived as a UK entity, but it’s not really a UK entity,” he said as a hypothetical example. “In a lot of these situations you would have the entity that is transmitting money, especially fiat, that was actually an entity between the contracting party and the sender.”
Where in the world?
Kuskowski said that many exchanges have separate legal entities that handle deposits, money transmission or payment processing in a distant jurisdiction where the regulations are lax or generally unclear.
“The parent [company] is operating the exchange but the money is transmitted through this entity,” he said, adding:
“If, for example, you lose your money and think it is a U.K. company and that you can have recourse for this money, if this entity is some dodgy jurisdiction and you don’t know who is the owner, it’s very difficult to have recourse.”
This type of structure may have prolonged the lawsuit against Bitcoin Market, filed in November 2018, because it is unclear whether Oklahoma, where the exchange owners reside, is the correct jurisdiction for this case.
On the other hand, Kuskowski said the diversified legal structure could be “legitimate,” even if it leaves a bad taste in his mouth not to disclose such legal structures to users. Coinfirm’s report actually had a silver lining. In 2019, more companies appear to offer clear disclosures and traditional KYC/AML policies than researchers originally found in February 2018.
“Financial institutions are looking for legitimate partners,” Kuskowski said. “We’ve seen a trend of more exchanges implementing these procedures in order to partner with these entities.”
Mask and computer image via Shutterstock