KYC vs. KYT: Debate or Collaboration?

Key insights

• Crypto fraudsters’ schemes are becoming more sophisticated, highlighting the dark side of cryptocurrencies as a means for illicit activities, such as money laundering.
• Both KYC and KYT serve as critical frameworks in securing the crypto space. KYC focuses on identity verification, originating from traditional financial regulations, while KYT offers a modern, real-time approach to monitoring transaction patterns and behaviors.
• A synergy between KYC and KYT addresses the challenges of pseudonymity, real-time monitoring, and regulatory compliance in the crypto industry, creating a more secure digital financial environment.

Cryptocurrencies have moved from the fringe to center stage. Once considered a novelty, they are becoming more integrated into global commerce, investment strategies, and governance systems. 

However, this surge in acceptance and adoption has also cast a spotlight on a concerning issue: the growing sophistication of crypto fraudsters. A striking example is the Tron case, where criminals exploited mining to engage in money laundering. Incidents like this demonstrate the dark side of crypto, which provides new avenues for illicit activity.

Image illustrating the Tron phishing scheme researched by Global Ledger

Does it mean the Know Your Transaction (KYT) and Know Your Customer (KYC) procedures are ineffective? The question is more complex than it sounds. But let’s start from the very beginning.  

KYC and KYT: shared goal, different approaches 

Both frameworks are vital for securing the crypto space. What is the purpose of each?

KYC is the cornerstone of identity verification     

KYC protocols serve as tools for maintaining financial security and integrity. They are not inherently crypto-related. The concept has its roots in financial regulations aimed at identifying individuals tied to criminal activities. The U.S. Bank Secrecy Act of 1970 was among the first essential steps toward what would eventually become KYC. It required financial institutions to keep certain records that could be helpful to detect and prevent money laundering and fraud.

Among the latest documents, we should mention the Financial Action Task Force on Money Laundering (FATF) recommendations for supervising crypto asset activities and their service providers. These guidelines are recognized as the global anti-money laundering and counter-terrorist financing standard. 

Cryptocurrencies’ anonymous and decentralized nature makes them an attractive medium for illicit activities. Here, KYC serves as a bulwark, enabling virtual asset service providers (VASPs) to ascertain the identity of their users, thus helping to preserve the system’s credibility.

Usually, it takes about five steps to complete KYC 

Here is a short breakdown:

1. VASP asks for the user’s full name, address, date of birth, and ID.
2. It checks the provided ID, like a driver’s license or passport.
3. The identity is verified using official records.
4. VASP evaluates if the user might be involved in financial crimes.
5. If all checks are clear, the user can use the service; otherwise, access is denied*.

* In fact, it is possible to register on an exchange without KYC, but a user won’t have access to all its services. Also, the requirement applies to centralized services so far. Decentralized ones still need to put in place proper regulations. However, some are on their way, like Uniswap, which added a tool allowing developers to implement KYC in its DeFi protocol.    

How it works IRL

We can take one of the exchanges as an example. For instance, Biteeu – a licensed and compliant exchange developed by the IdeaSoft team. For KYC check, it requires users to provide the following:

• First and last name
• Date of birth
• Email
• Address
• Citizenship
• Country of residence
• Driver’s license, ID card, or passport
• Selfie.

With this data, VASPs can profile their users and categorize them based on the risk they pose. It also acts as a barrier to potential fraudsters. The need to provide verifiable personal information deters many from attempting malicious activities, as it creates a clear trace back to the individual. In case of any investigations or regulatory checks, having comprehensive KYC data allows VASPs to cooperate fully and promptly with law enforcement agencies. 

For example, Binance cooperated with Israeli authorities to share data regarding Hamas-related accounts and block them. Earlier, Blockchain.com and Crypto.com announced they stopped providing services to Russian nationals. Without KYC data, this would have been a daunting task. 

KYT: a modern approach to transaction monitoring

At some point, it became clear that concentrating solely on the identity of the parties involved was not enough.

• KYC primarily focuses on verifying the identity of customers at the onset of a business relationship. However, once this verification is done, KYC offers limited insights into ongoing processes.
• While KYC ensures that you know who you are doing business with, it doesn’t provide continuous oversight of what those customers are doing over time. Transactions that deviate from typical patterns might go unnoticed.
• Traditional KYC systems, which might not be updated frequently, may struggle to keep pace with innovations.
• For businesses that handle numerous daily transactions, manually reviewing each one is not feasible. KYC can’t provide automated, real-time surveillance of these transactions. 

The Know Your Transaction method is sort of a new wave in financial oversight, focusing on understanding the nature and purpose of transactions. It can operate in real time, monitoring every transaction as it occurs to ensure that suspicious activities are detected and flagged immediately. Moreover, it assesses patterns and links between transactions, providing a comprehensive view of potential risks.

Here is how it typically works:

1. KYT begins with analyzing individual transactions. This involves studying the transaction amount, frequency, and pattern.
2. The tools gather contextual data about a transaction, such as timestamps, involved parties (addresses), and transaction paths. 
3. By continuously monitoring transactions, KYT platforms can develop behavioral profiles for users: identify and understand typical transaction patterns for each user or entity.
4. KYT systems assign risk levels to transactions based on predefined criteria. For instance, a sudden high-value transaction from a previously low-volume account might be flagged as high-risk.
5. KYT tools can trace the origin and destination of funds, establishing links between different entities to detect potential money laundering schemes or other illicit activities.
6. If a transaction deviates from established patterns or fits the criteria for suspicious behavior, KYT platforms can generate real-time alerts. 
7. For regulatory and internal review purposes, KYT systems can generate detailed reports on transactions, highlighting potential issues and providing insights into transaction patterns over time.

A real-life example

The Garantex case, researched by the Global Ledger team, might be a prime example. The exchange was sanctioned on April 5, 2022. However, it managed to survive and even flourish. And it was KYT that allowed researchers to detect the scheme Garantex used to circumvent sanctions. KYC would not have aided in identifying the patterns. 

In a nutshell: By directing crypto assets into “proxy” clusters, Garantex mixed them with clean assets. This led to a significant reduction in the perceived risk score. Such a change poses challenges as VASPs may not flag these funds as high risk, enabling the blacklisted exchange to operate. 

Screenshot from GL Vision showcasing the mechanism Garantex used to “obscure” the risk score. 22.04.2023

KYC and KYT: Pros and cons

Are these procedures complementary or conflicting?

FATF guidance for a risk-based approach to virtual assets and VASPs requires ongoing monitoring, i.e., checking if transactions “are consistent with the VASP’s (or other obliged entity’s) information about the customer and the nature and purpose of the business relationship, wherever appropriate.” What is important is that this recommendation is part of the section “Customer due diligence.” Thus, KYT can be seen as a progression of KYC, evolving from its principles. 

Of course, there are areas of potential conflict. For instance, while KYC might classify a customer as low-risk based on identity and financial history, KYT might flag their transactions as suspicious due to their pattern. But generally, a synergy of these two approaches is a golden mean. Let’s delve into why a combined KYC and KYT tactic is more efficient in addressing the challenges of the crypto space:

1. Pseudonymity. While every transaction is recorded on a public ledger, associating those transactions with real-world identities is not straightforward. KYC provides the initial layer by associating real-world identities with specific wallet addresses, adding a layer of accountability.
2. Real-time monitoring. Given the speed and volume of crypto transactions, real-time monitoring becomes imperative. KYT, with its ability to analyze transaction patterns without a significant delay, can instantly flag suspicious activities, making the system more resilient against potential threats.
3. Cross-border transactions. Cryptocurrencies are not bound by national borders or banking hours. This global reach makes them susceptible to a broader range of financial crimes. Having both KYC and KYT ensures that every transaction’s identity and nature are scrutinized, regardless of origin or destination.
4. Regulatory compliance. Adhering to KYC and KYT protocols not only ensures compliance but also fosters trust with regulatory agencies, potentially influencing positive regulatory frameworks in the future.
5. Integrative insights. Crypto offers a wealth of data. By combining the static data from KYC with the dynamic data from KYT, VASPs can better understand their users’ behavior, leading to better service offerings and improved risk management.
6. Protecting users. While privacy is a core tenet of crypto, ensuring that platforms are not misused for illicit activities is crucial for the broader adoption of cryptocurrencies. A KYC + KYT framework protects legitimate users from potential backlash due to the actions of a few.

KYC laid the groundwork, KYT takes it a step further

While KYC provides a robust framework to verify and understand the players in the market, KYT ensures real-time transaction monitoring, shedding light on suspicious financial movements. Together, they form the vanguard against illicit crypto activities.

Relying solely on one is akin to using a sieve instead of a net—too many unwanted elements slip through. An integrated approach using both KYC and KYT is not just beneficial—it is essential. A more secure and trustworthy digital financial environment can be created by ensuring both the legitimacy of participants and the transparency of their transactions.

The evolution of financial crimes will invariably match the pace of technological progress. As the crypto industry continues to mature, so will the mechanisms we employ to maintain its safety. KYC and KYT will remain paramount, ensuring that the crypto world remains a place of innovation, not exploitation.