Cryptocurrency: the risks of not applying the AML and KYC requirements

23 May 2022

AML, Blockchain & Cryptocurrency

Cryptocurrency and crypto assets generally are  assumed to be attractive to criminals because of the possibilities for preserving anonymity and the ease of transmitting funds despite the transparent and traceable design of the blockchain. 

There have been hundreds of high-profile cryptocurrency-based suspected crimes ranging from ponzi schemes such as the PlusToken scheme, which mainly targeted investors in China and South Korea or the OneCoin promoted by the Bulgaria-based operator Ruja Ignatova, the subject of a BBC podcast and recently reported included on the Interpol list of most-wanted persons. The variety and creativity of such schemes has of course been great.

Effective AML regulations are intended to make laundering schemes riskier and less profitable for their organisers and to create new opportunities for asset tracing.

Cryptocurrency AML regulations

Regulators, financial institutions, and law enforcement agencies combat these activities with a mix of policies which include anti-money laundering (AML) and know your customer (KYC) among others. Cryptocurrency AML encompasses the laws, regulations, and practices designed to minimise the risk that criminals would successfully be able to convert illegally obtained cryptocurrencies into fiat money and off-ramp it, layer it, obscure it, or prevent the use of judicial or legal methods of private, civil law, to ensure its return to its defrauded owners.

The Financial Action Task Force (FATF) sets out the standards for AML laws globally. FATF began publishing some guidance on cryptocurrency AML back in 2014, and policymakers in FATF’s member jurisdictions followed suit. The Financial Crimes Enforcement Network (FinCEN), a bureau of the United States Department of the Treasury, the European Commission, and dozens of other regulatory bodies have codified many of FATF’s cryptocurrency AML recommendations.

KYC in the context of crypto assets

The burden of enforcing the regulatory requirements for AML and KYC falls primarily on the virtual asset service providers (VASPs). FATF defines this group to include cryptocurrency exchanges, stablecoin issuers, and, on a case-by-case basis, some DeFi protocols and NFT marketplaces. 

These businesses apply the regulations by employing compliance officers, requiring KYC checks, and continuously monitoring transactions for suspicious activity.

When suspicious activity is detected, VASPs are required to report it to the relevant agencies, which then use blockchain analysis tools to investigate the flow of funds and link potentially illicit activity to individuals and entities.

Cryptocurrency KYC refers to the set of identity verification procedures required by law for VASPs which enables criminal investigators to connect pseudonymous cryptocurrency addresses to real-world entities, individuals and addresses.

In traditional fiat finance, KYC includes ID card validation, face verification and other methods. Additionally, many banks require proof of address, such as a copy of a recent utility bill.

In the cryptocurrency industry, KYC requirements are less standardised. Most exchanges require new customers to share their legal name, government-issued ID, and up-to-date address information, but this varies according to where the exchange operates and what services they provide.

New AML and KYC developments in 2020-2021

On 24 September 2020, the European Commision (EC) published the Digital Finance Package. The package includes Digital Finance and Retail Payments Strategies, and legislative proposals on crypto-assets and digital resilience. The aim of the Digital Finance Strategy is to make Europe’s financial services more digital-friendly and to stimulate responsible innovation and competition among financial service providers in the EU.

The rules set out by the EC will additionally allow operators authorised in one Member State to provide their services across the whole EU, i.e. so-called “passporting”.

On 28 October 2021, the FATF released its updated guidance for how member jurisdictions should regulate cryptocurrency businesses. FATF clarified that NFT marketplaces, DeFi protocols, and stablecoin providers, depending on what activities they engage in, may be obligated to implement KYC procedures.


As cryptocurrencies have expanded and reshaped the global financial network, AML and KYC have become a basic necessity. AML and KYC policies minimise business risk, protect users from illicit activity, and build trust in cryptocurrency.

For more information on cryptocurrency AML and KYC, please contact our team at [email protected].

© New Balkans Law Office 2022

The Bulgarian and dual-qualified lawyers of New Balkans Law Office are regulated by the respective Bar of their registration. New Balkans Law Office is a brand name of Legal Services EOOD, a company registered under Bulgarian law. Reg’d No. 202331677. Further details are available here.

© New Balkans Law Office 2022