The crypto exchange industry may be far less compliant than it appears.
As revealed exclusively to CoinDesk, a global study of 216 exchanges by the reg-tech startup Coinfirm found 69 percent of these businesses do not have âcomplete and transparentâ know-your-customer (KYC) procedures. The study also found that only 26 percent of exchanges had a âhighâ level of anti-money laundering (AML) procedures, such as ongoing transaction monitoring and in-house compliance staff with experience in AML.
While some people may see anonymous trading as a feature of the cryptocurrency market, it can also enable problematic business practices and criminal or terrorist activity. Coinfirm CEO Pawel Kuskowski told CoinDesk many such platforms require just a crypto wallet address to get started.
In the report, Coinfirm identified Binance as having a âhighâ regulatory risk based on âexposure to anonymous activity,â since deposits and withdrawals for values below 2 bitcoin (less than $8,000 as of press time) reportedly did not require KYC as of February 2019.
Overall, there were several exchanges â including Coinsquare, Coinbase, Gemini and the Circle-owned Poloniex â that Coinfirmâs Kuskowski identified as âlow riskâ due to official licenses and strict KYC/AML policies.
The broad spectrum of enforced compliance procedures wasnât the most surprising part of this research for Kuskowski, however. It was the legal structure behind some platforms, including several of the industryâs most famous high-volume exchanges, which Kuskowski declined to name.
âItâs perceived as a UK entity, but itâs not really a UK entity,â he said as a hypothetical example. âIn a lot of these situations, you would have the entity that is transmitting money, especially fiat, that was actually an entity between the contracting party and the sender.â
The finding follows another recent study by Bitwise Asset Management, which claimed that almost 95 percent of the widely reported bitcoin trading volume was actually an artifice, often involving automated bots or misreported statistics from unregulated exchanges.Â
âYou donât put any identifier like an email address. Thatâs how low it can be,â Kuskowski said of certain industry practices. âOn the other hand, we have a video conference as part of the onboarding where someone is checking whether the documents youâre providing are in line with what you are holding in your hand.â
Throughout the research process, Coinfirmâs team also found that some exchanges failed to fully implement the official policies on their websites. For example, Binance users from restricted countries have allegedly been able to use the platform simply by using a virtual private network (VPN) to obfuscate their location.
A New York-based CoinDesk employee was able to do small crypto-to-crypto transactions without KYC or VPN using Binance, while purchasing bitcoin with a credit card did appear to require KYC.
This harkens back to 2018, when Attorney General Barbara Underwood said Binance, Kraken, and Gate.io claimed they do not service customers in New York and as such her colleagues were unable to determine whether these platforms allowed âmanipulative or abusive trading,â not to mention the trading of unregistered securities.
Regardless of how the KYC policy is actually enforced, itâs clear that Binance is taking steps to beef up its compliance procedures. On Tuesday, Binance announced a partnership with analytics firm IdentityMind to âimprove existing data protection and compliance measures for Binanceâs global operations.â
Binanceâs Chief Compliance Officer, Samuel Lim, denied this assertion that users can deposit and withdraw thousands of dollars worth of crypto without any KYC, although he failed to specify what Binanceâs KYC requirements are.
Instead, Lim told CoinDesk:
âWhere the industry currently stands, it is an ambitious, yet ongoing effort, to implement a unique KYC requirement to service all of our users and businesses. However, in every single jurisdiction that it operates in, Binance adheres to all local rules and regulations and has built trust among the public through its developments, services and values since its inception. For all of our regulated/licensed businesses, the standard followed is the model which is approved by the regulating body, including Jersey, Uganda, Malta and Singapore.â
Still, Kuskowshi admits this jurisdictional maneuvering can make conclusions difficult.
Kuskowski said that many exchanges have separate legal entities that handle deposits, money transmission or payment processing in a distant jurisdiction where the regulations are lax or generally unclear.
âThe parent [company] is operating the exchange but the money is transmitted through this entity,â he said, adding:
âIf, for example, you lose your money and think it is a U.K. company and that you can have recourse for this money, if this entity is some dodgy jurisdiction and you donât know who is the owner, itâs very difficult to have recourse.â
This type of structure may have prolonged the lawsuit against Bitcoin Market, filed in November 2018, because it is unclear whether Oklahoma, where the exchange owners reside, is the correct jurisdiction for this case.
On the other hand, Kuskowski said the diversified legal structure could be âlegitimate,â even if it leaves a bad taste in his mouth not to disclose such legal structures to users. Coinfirmâs report actually had a silver lining. In 2019, more companies appear to offer clear disclosures and traditional KYC/AML policies than researchers originally found in February 2018.
âFinancial institutions are looking for legitimate partners,â Kuskowski said. âWeâve seen a trend of more exchanges implementing these procedures in order to partner with these entities.â
Coinfirm Exchange Report Coindesk by CoinDesk on Scribd
Computer image via Shutterstock
