One of the key challenges ICOs are currently facing is the refusal by banks to open bank accounts because of KYC concerns. This article gives a high-level overview for ICOs based in Australia on how to undertake KYC. As most investors in ICOs are individuals, this article is limited in scope to KYC of individuals (not entities).
Why should ICOs undertake KYC? The main reason why ICOs should complete KYC before issuing tokens are:
- Comply with AML legislation
- Open a bank account
- List tokens on a crypto exchange that requires KYC to have been completed by the ICO
- Pass due diligence by institutional investors/ pools/ syndicates if you want them to invest in your ICO
Countries that are members of FATF (Financial Action Task Force) are required to have an AML framework in place and comply with the FATF Recommendations. The list of countries (over 30) can be found here.
What happens if I unintentionally accept laundered money? If you accept funds in Australia that happen to come from illegitimate/ laundered sources (from Australia or overseas) you could breach the AML/ CTF Act. Other legislation such as the Proceeds of Crime Act and the Criminal Code may also apply depending on the situation.
‘Countries that are members of FATF (Financial Action Task Force) are required to have an AML framework in place and comply with the FATF Recommendations.’
The AML regulator in Australia is AUSTRAC. Refer to the guidance AUSTRAC has provided on its website on Customer Due Diligence. Alternatively, you read the legislation referring to Chapter 4 of the AML Rules.
Are ICOs in Australia caught by the AML Act? The AML Act defines ‘designated services’ which need to comply with the AML Act. An ICO or the tokens issued by an ICO are not a ‘designated service’ and therefore not technically caught by the AML Act in Australia. ICOs therefore don’t need to – register with AUSTRAC, have an AML Program, lodge an annual compliance report with AUSTRAC. However, just because ICOs are not caught by the AML Act does not mean they can accept laundered money.
What is the minimum KYC due diligence that an ICO should consider completing before issuing tokens? ICOs should consider completing the following KYC due diligence as a minimum for every investor (individual):
- Identity verification (full name, date of birth, residential address)
- Sanctions screening (global)
- PEPs screening (global)
In Australia, electronic KYC (eKYC) is allowed. You can complete KYC without receiving hard copy documents from the investor. For a detailed list of customer due diligence checks that an ICO could carry out on every investor refer to the checklist at the end of this article.
How can I reduce the risk of laundered money being invested in the ICO? You should only issue tokens to investors who have paid in fiat from a reputed bank (which is not from a country on the sanctions list).
‘Do not issue tokens if you have received funds via crypto or a wallet or from pre-paid cards. If you cannot identify the name of the person who the source of funds belongs to, you should not issue tokens.’
Do not issue tokens if you have received funds via crypto or a wallet or from pre-paid cards. If you cannot identify the name of the person who the source of funds belongs to, you should not issue tokens. Do not issue tokens to investors from sanctioned countries, black/grey list or high-risk countries. These countries include – North Korea, Ethiopia, Iran, Pakistan, Serbia, Sri Lanka, Syria, Trinidad & Tobago, Tunisia and Yemen.
- Sanctioned countries
- Black list and Grey list counties
- High risk countries
How much does it cost to conduct KYC ? For Australian investors it costs approx. $3 per investor. For overseas investors it costs approx. $5 per investor depending on the country. Some ICOs avoid doing a public sale to keep KYC costs down. Prices will vary depending on the service provider selected. They normally charge a one-off setup fee of around $5,000 to grant access to their API/ SDK.
Who are the main KYC software service providers ?
- For Australian investors – GreenID, IDMatrix
- For overseas investors – GBG, Trulioo, Identitymind
How much time does it take to complete KYC? KYC can be done in real time (less than 2 mins) or by batch processing. Who does the actual KYC? KYC can be done in house by your KYC onboarding team or you can outsource it to a KYC service provider. Where can I find a subject matter expert on KYC? AML is complicated. You should seek advice from a qualified AML specialist.
‘The most popular AML qualification is CAMS (Certified Anti-Money Laundering Specialist). There are over 20,000 CAMS professionals globally.’
The most popular AML qualification is CAMS (Certified Anti-Money Laundering Specialist). There are over 20,000 CAMS professionals globally. You can find one in your city by going to the ACAMS website.
How much would it cost to hire a CAMS qualified AML specialist in Sydney? Annual salary of a CAMS qualified professional is over $80,000 pa depending on experience. A cheaper option may be hire someone part time or engage an AML consultant. Make sure the person you hire has AML qualifications and ask them to provide a copy of the AML qualification (CAMS) as evidence.
Please provide a KYC checklist for ICOs to send to software providers to compare pricing of different providers. The onus lies on the person receiving funds (ICO) to make sure the source of funds is from legitimate sources. The more due diligence you undertake the better it is to detect laundered funds.
Disclaimer: This article is for information purposes only. It is not legal advice and should not be considered as such. Please seek legal advice before making any decisions based on this article. The writer and publisher of this article accept no liability for the accuracy, completeness or decisions made by you based on the contents in this article.
Sumeer Pai is a qualified Chartered Secretary from the Governance Institute of Australia and a Certified AML Specialist from ACAMS. He has held senior roles in Governance, Compliance, Risk and AML at reputed financial institutions in Sydney and Melbourne. He runs a Chartered Secretary public practice which offers KYC services. He also acts as an Advisor to security token offerings. He can be reached at email@example.com. His LinkedIn is https://www.linkedin.com/in/sumeerpai/