In crypto’s earliest days, technologists had little concept of compliance or regulation, and most crypto businesses were unaware of their legal obligations. But as digital assets gained recognition – as cross-border payment solutions, as stable or even deflationary money, and as vehicles for capital-raising innovation and retail speculation – the risk calculus changed for regulators.
Today, many jurisdictions actively enforce a large and growing number of digital asset regulations, many of which are best known by their acronyms: AML, KYC, and MAR. In this article, we’ll go beyond these initials and dive into their compliance implications.
Know your customer (KYC)
Crypto KYC refers to the set of identity verification and due diligence procedures that many types of virtual asset service providers (VASPs) are required to perform. KYC processes enable criminal investigators to connect pseudonymous cryptocurrency addresses or anonymized account numbers to real-world entities in the event that they are connected to criminal activity.
In traditional finance, KYC processes typically involve ID card validation, facial recognition, or some form of biometric authentication. In the crypto industry, KYC processes are less standardized. Many crypto exchanges require that new customers share their legal name, government-issued ID, and address information, but this varies according to where the exchange operates, what services it provides, and where it falls on the decentralization spectrum. In the future, some crypto KYC processes could be replaced by decentralized identifiers and zero-knowledge proofs.
In October 2021, FATF clarified that NFT marketplaces, DeFi protocols, and stablecoin providers, depending on what activities they engage in, may also be obligated to implement KYC processes.
Anti-money laundering (AML)
Cryptocurrency anti-money laundering (AML) rules are laws and practices designed to prevent criminals from converting illegally obtained cryptocurrencies into fiat money. These rules mandate that virtual asset service providers (VASPs) – a group that FATF defines to include crypto exchanges, stablecoin issuers, and, in some cases, DeFi protocols and NFT marketplaces – employ:
- Know your customer checks
- Customer due diligence processes
- Cryptocurrency transaction monitoring solutions
- And in some jurisdictions, travel rule-related record-keeping and suspicious activity reporting
The Financial Action Task Force (FATF) sets the standards for anti-money laundering globally. FATF began to publish crypto-specific guidance in 2014, and in the years since, more than 90% of the jurisdictions in our Crypto Regulation Index have codified FATF’s recommendations into law.
Market abuse regulation (MAR)
Crypto market abuse regulations (MARs) are designed to protect investors by preventing crypto price and volume manipulation. These rules mandate that crypto businesses monitor for manipulative behaviors like insider trades, wash trades, and pump-and-dumps.
About 25% of the jurisdictions we analyzed in our Crypto Regulation Index have implemented market abuse regulations specific to digital assets – and in many others, such legislation is currently under consideration. The European Commission’s soon-to-be-finalized Markets in Crypto-assets (MiCA) Regulation, for example, includes provisions specifically tailored to the prevention of insider trading and market manipulation, and UAE’s Virtual Asset Regulatory Authority (VARA) recently published a rulebook requiring VASPs to implement controls to prevent price and volume manipulation.
In jurisdictions where no crypto-specific MARs currently exist, enforcement actions grounded in traditional securities and commodity law have stood in their place. The U.S. SEC and CFTC, for example, have both announced multiple enforcement actions related to crypto market manipulation, as have securities and commodity regulators in Thailand, South Korea, and several other nations.
The crypto travel rule
The crypto travel rule is an AML-focused regulation mandating that VASPs capture information relating to the identity of both the sender and the recipient whenever they facilitate transactions above a certain monetary threshold. These thresholds vary widely from jurisdiction to jurisdiction. In Hong Kong, the threshold is $8,000; in the US, $3,000; and in the EU, €0. More on the crypto travel rule.
What this means for crypto market participants
Navigating crypto’s regulatory landscape is challenging. To stay compliant, almost all cryptocurrency businesses must meet some combination of anti-money laundering, know-your-customer, anti-market abuse, and travel rule requirements. This compliance tech stack is not simple to build nor fast to get up and running; it requires extensive infrastructure, crypto expertise, and fine-tuning.
Solidus HALO was built to address this difficulty. Unlike compliance software providers that specialize in just one or two components of this tech stack, HALO merges onboarding verification (for KYC), transaction monitoring (for AML), trade surveillance (for MAR), and enhanced record keeping (for the Travel Rule) into a comprehensive case management suite. This allows crypto businesses to maintain a unified risk score for every client, safeguard against market manipulation, and comply with the latest crypto regulations.
Interested in learning more? Request a demo today.