KYC Laws - Reading Assignment

1. Financial Action Task Force (FATF) to prevent money laundering
2. Personal information
3. Exchanges
4. With all the personal information being stored on an exchanger it removes anonymity

1. Who writes KYC/AML laws, and what is their “official” purpose?
   The Financial Action Task Force (FATF) issued strict new global standards for crypto assets. In 2020, the guidance came into force, while in January the EU’s Fifth Anti-Money Laundering Directive (AMLD5) kicks in. The purpose is to prevent money laundering, counter-terrorism and tax evasion.

2. What type of information is usually collected for KYC compliance?
   Personal information such as name, address, date of birth, drivers’ license, passport etc.

3. Who is responsible for enforcing KYC compliance? (Hint: it’s not the government)
   Exchanges or private companies.

4. How is KYC a threat to privacy? Who might get access to what ?
   Personal information can get compromised and hackers can leak this information to the public which can then be used and by criminals.

KYC, or “know your customer,” refers to the process of verifying the identity of a customer or client in the context of financial transactions. AML, or “anti-money laundering,” refers to laws, regulations, and procedures that aim to prevent, detect, and report money laundering activities.

KYC/AML laws are typically written by governments and regulatory bodies in an effort to combat financial crime and protect the integrity of the financial system. The official purpose of these laws is to prevent the abuse of the financial system for illicit purposes, such as money laundering and financing terrorism.

During the KYC process, financial institutions and other regulated entities collect various types of information about their customers to verify their identity and assess their risk profile. This may include personal information such as name, address, date of birth, government-issued identification documents, and financial information such as employment and income.

KYC compliance is typically enforced by regulatory bodies and financial institutions themselves. For example, in the United States, the Financial Crimes Enforcement Network (FinCEN) is responsible for enforcing AML laws and regulations.

KYC can be a threat to privacy because it involves the collection and sharing of personal information. Financial institutions may collect sensitive information about customers and share it with regulatory bodies and other parties for the purpose of verifying identity and assessing risk. This information may be accessed by government agencies, law enforcement, and other third parties, potentially leading to a loss of privacy

Who writes KYC/AML laws, and what is their “official” purpose?

The KYC/AML laws are written by the Financial Action Task Force (FATF). Their official purpose is to issue global standards and guidance for crypto assets.

What type of information is usually collected for KYC compliance?

Personal information is usually collected for KYC compliance, such as picture of passport, selfie, information on where someone works or lives.

Who is responsible for enforcing KYC compliance? (Hint: it’s not the government)

Exchanges are responsible for enforcing KYC compliance in order to appease regulators.

How is KYC a threat to privacy? Who might get access to what?

KYC is a threat to privacy because it remove the anonymity from the transaction and allows your financial activities to be tracked. A hacker could gain access to you information as it is most likely stored in an unsafe manner.

1. Who writes KYC/AML laws, and what is their “official” purpose?
To prevent money laundering and financing of illegal activities.
2. What type of information is usually collected for KYC compliance?
personal information such as name, address, date of birth, identification documents and more.
3. Who is responsible for enforcing KYC compliance? (Hint: it’s not the government)
The company conducting the transaction, for example a bank or broker
4. How is KYC a threat to privacy? Who might get access to what ?
It removes any anonimity and makes it possible to link transactions to a single person. this can either happen by the body which holds your data, for example by selling information, a third party like state actors and criminals.

• Who writes KYC/AML laws, and what is their “official” purpose?

These laws are written by governmental agencies. Their goal is to prevent crimes associated with money laundering.

• What type of information is usually collected for KYC compliance?

Personal data, including name, date of birth, address, financial institution accounts, etc.

• Who is responsible for enforcing KYC compliance? (Hint: it’s not the government)

The Crypto exchanges

• How is KYC a threat to privacy? Who might get access to what ?

KYC allows the government to know all your financial transactions (who you sent crypto to or received crypto from - essentially, with whom you transact, amounts, etc).
Anyone can use your leaked personal documents to open any fake account using your name and launder millions of dollars through fake crypto exchange accounts.

1. Regulators in the form of governments and the EU.
2. Information regarding address, name, SSN, DOB, standard PII.
3. Exchanges are the main party responsible for enforcing KYC compliance.
4. KYC gathers lots of information about the buyers of crypto and provides one with a tracing mechanism for the crypto you purchase. They could gain access to PII and connect you to the wallets you send to.

• KYC/AML laws are written by regulatory bodies and lawmakers. Their official purpose is to prevent illegal activities such as money laundering, terrorist financing, and fraud.
• For KYC compliance, information such as a person’s full name, date of birth, address, and identification number (like a Social Security number in the U.S.) is usually collected. In some cases, additional information related to a person’s financial activities may also be collected.
• Financial institutions, such as banks and cryptocurrency exchanges, are responsible for enforcing KYC compliance. They must ensure that they collect the necessary information from their customers and verify their identities.
• KYC can be seen as a threat to privacy because it requires individuals to share personal information with financial institutions. This information could potentially be accessed by third parties, including government agencies and hackers, which could lead to privacy breaches or identity theft.

1. Governments and supergovernments like EU write KYC/AML Laws. Their official purpose is to prevent money laundering and illegal use of money
2. Address, identify like passport and work details.
3. The companies holding the funds like exchanges or banks are responsible for enforcing KYC compliance.
4. The vital details of the customer lie with the financial institution. Any hacker could gain access to name date of birth address and possibly SSN.

Who Writes KYC/AML Laws, and What is Their Official Purpose?

KYC (Know Your Customer) and AML (Anti-Money Laundering) laws are written by government or state agencies like the Financial Action Task Force (FATF). Their official purpose is to prevent financial crimes like money laundering, terrorism financing, and fraud by ensuring that financial institutions verify the identity of their clients. but they just want to have some sort of control over the crypto market

What Type of Information is Usually Collected for KYC Compliance?

• Full name

• Date of birth

• Address

• Identification numbers (e.g., Social Security Number)

• Government-issued ID (e.g., passport, driver’s license)

• Proof of address (e.g., utility bill)

Who is Responsible for Enforcing KYC Compliance?

cryptocurrency exchanges,

How is KYC a Threat to Privacy? Who Might Get Access to What?
they can track your transactions and also know everything about your holdings.
KYC requirements can threaten privacy because they involve collecting and storing sensitive personal information. If this data is mishandled or inadequately protected, it could be accessed by unauthorized parties, leading to identity theft, financial fraud, or surveillance by malicious actors. Additionally, excessive data collection can make individuals vulnerable to breaches and misuse by both insiders and hackers.