What Is KYC?
KYC is the process by which a financial service provider confirms the identity of its customers and understands their risk profiles. It helps prevent fraud, money laundering, and terror financing activities from going through the financial system.
KYC typically occurs when a user opens an account with a financial institution and is required to share their personal information. Depending on the financial institution, this information may then go on to a centralized global database or packaged and sold to third parties.
Based on that information, the KYC process can flag someone as a potential money launderer or terrorist financier, and the financial institution can take action based on that flag (report them to authorities, ban them from using their service, etc). In essence, KYC also helps financial institutions minimize their exposure to counterparty risk and working with bad actors.
At a high level, KYC involves 3 things:
- Customer identification: the company collects and verifies personal information from the customer. This information may include a user’s name, address, and government-issued ID. The goal is to confirm the customer’s identity.
- Due diligence: the company examines the customer’s background, including their source of funds and business activities. It also checks for potential connections to sanctioned individuals, companies, or countries. The goal is to ensure that they are not on any watchlists or sanctions lists.
- Ongoing KYC monitoring: the company periodically reviews and updates the customer’s information. Continuous monitoring updates the customer’s information to check for suspicious activity and to keep risk profiles accurate.
The “Contradiction” of DeFi KYC
As you can imagine, the typical KYC process is centralized and invasive. Users hand sensitive personal information to companies that then use that information to determine whether the individual can, in fact, use the product. Sometimes the KYC process is outsourced to firms like Kompli-Global and Amlexa, further centralizing a honeypot of user information. Because KYC is so centralized, implementing it in DeFi can be seen as antithetical to DeFi itself.
Part of the appeal of DeFi is that users can participate anonymously, they can use products frictionlessly, and no entity can prevent an individual from accessing the protocol. KYC removes that anonymity, introduces friction, and ultimately will prevent some users from being able to use certain DeFi products. That’s the contradiction of DeFi KYC.
Another challenge with it is simply the logistics in implementing KYC. DeFi apps are permissionless by default and available to users all over the world. Different countries and regions have different regulations, and you may have a hard time implementing the appropriate level of KYC for each user.
Despite the challenges with DeFi KYC, you may still be able to implement a KYC process without making your app centralized. For instance, decentralized identity solutions like Fractal and Polygon ID can help verify user identity while ensuring privacy. A decentralized oracle like Clique provides on-chain ID and reputation management, and zero-knowledge proof projects like Photochromic can help users prove their identity without revealing their identity details. DeFi KYC solutions can also be designed to support data portability, such that users need to pass KYC once and then use that verified ID across other Web3 apps and DeFi protocols.
Why DeFi KYC Benefits Both Founders and Users
While KYC sounds like a drag (no one gets excited about verification), it can be more than just another regulation to follow—it can be a positive for the DeFi industry. Here are two benefits from DeFi KYC:
Reducing Reputational Risk for DeFi
An estimated $800B to $2T, between 2% and 5% of the global GDP, is laundered annually, and $9B of that total occurred in crypto. 99% of money laundering happens in fiat (!), but nevertheless it’s important to take actions that prevent laundering because part of that money goes into terror and arms proliferation financing. KYC will force criminals to rethink using your dApp because their transactions might be flagged and reported to law enforcement agencies. By making it difficult for bad actors to use your DeFi app, you can help reduce the reputational risk for DeFi projects overall and make a safer space for your users.
Complying With Regulations
KYC is a regulatory requirement for financial service providers, including DeFi platforms. Many countries—including the United States, United Kingdom, and France—require crypto businesses to implement KYC processes. This requirement may become more standard as other countries formalize their crypto regulations. By creating systems to verify the identity of your users and comply with KYC/AML, you can avoid possibly paying hefty fines for not being compliant with the corresponding regulations. No hefty fines means you can have an easier time keeping the lights on.
5 Things to Keep in Mind When Implementing KYC Solutions
Implementing KYC generally involves collecting user information, verifying it, and authenticating those users. The following tips may help you implement a KYC process in Web3 projects while staying true to the core principles of decentralization—privacy and user autonomy. However—and this should go without saying—you should consult a lawyer before implementing any form of KYC.
Use Trusted Third-Party KYC Providers
The easiest way to manage KYC in Web3 projects is to use the services of existing KYC providers. Third-party solutions make it easier for you to focus on your core business instead of deploying resources to build KYC processes from scratch. Services such as Argos and Sumsub (DYOR) enable you to set up plug-and-play verification flows that align with your user onboarding process.
Enhance Security With Multi-Factor Authentication
Whether using a third-party service or managing KYC in-house, requiring multiple forms of identity verification can help reduce the use of fake documents or outright identity fraud. For instance, you can ask users to upload a government-issued ID and a selfie of them holding it.
Use Decentralized Identity Solutions
Decentralized identity solutions, such as self-sovereign identity (SSI) protocols, allow users to control and manage their identity information. With SSI, users hold the keys to their identity and can share information selectively. This level of control ensures their privacy as they can choose who they share the ID data with. Decentralized ID solutions can help you implement KYC while staying true to the principle of open access.
Use Decentralized Web3 Oracles
Web3 oracles are trusted third-party solutions that enable Web3 apps to access off-chain information. Research projects like DECO and CanDID are already exploring how oracles can use zero-knowledge proofs to verify the identities of users without requiring them to share their personal information with a central entity. Chainlink is working on a DECO proof of concept for DeFi applications. When fully developed, decentralized oracles can enhance the security and privacy of users’ information while still allowing for KYC verification.
Know Your Tradeoffs
Some people will only use completely anonymous platforms. When considering whether to implement KYC (in consultation with a lawyer), know who you are building a product for and make sure that the decision you ultimately make is true to your brand and values.
Get Started With Your First Web3 App
If you’re still in the early stages of building your Web3 app, consult a lawyer to determine what KYC requirements you may be subject to, if any. It’s better to be proactive about the issue than deal with KYC retroactively and face the risk of regulatory fines.
If you’re new to Web3 apps, you may also benefit from our Comprehensive Guide to Web3 App Development. In the ebook, we run through the process of developing Web3 apps. We also provide some pointers to help you get comfortable with Web3 developer tools, connect your app to the blockchain, and ship your app.