From hefty fines to prison time, regulatory penalties are on the rise for cryptocurrency exchanges. Law enforcement levied these penalties largely because the defendants failed to properly verify customer identities and “flouted” know your customer (KYC)/anti-money laundering (AML) rules.
As cryptocurrency continues to flow into the financial mainstream, regulators are sharpening their focus on digital assets. During her Senate confirmation hearing, the new U.S. Treasury Secretary Janet Yellen said that many cryptocurrencies are used “mainly for illicit financing, and I think we really need to examine ways in which we can curtail their use.”
Yellen later softened that comment in her written statement to the Senate, but the message remains clear to the crypto industry: “We need to look closely at how to encourage their use for legitimate activities while curtailing their use for malign and illegal activities.”
But whether regulators are “pro” or “anti” crypto – or somewhere in between – virtual asset service providers like exchanges need to strengthen their Know Your Customer (KYC), Anti-Money Laundering (AML) and sanctions compliance programs.
Ready to improve your KYC/AML and sanctions compliance programs? Download our white paper!
Compliance Is Impossible if You Don’t Know Your Users’ True Location
Rules for regulating cryptocurrency differ across jurisdictions. However, without knowing a user’s true location – mainly the jurisdiction in which they reside – an exchange cannot meet that jurisdiction’s compliance requirements.
Like many financial institutions, crypto exchanges typically rely on an IP address to verify the location of a user. But IP addresses are the easiest location data points to spoof, thanks to the frequent use of VPNs, DNS proxies and other anonymizers. Any exchange’s risk engine that still uses IP for geolocation is woefully missing the mark on compliance. In fact, over-reliance on IP creates significant compliance risks by making it easy for bad actors to access an exchange’s services.
When Unmasking Bad Actors, Advanced Geolocation Data Outsmarts IP Addresses
Fortunately, there’s a practical solution for location verification that increases the effectiveness of crypto exchanges’ KYC/AML and sanctions compliance programs: the use of accurate, authentic and unaltered geolocation data.
This data is essential to establishing a person’s true digital identity and includes two critical elements:
- Modern device-based geolocation technology to accurately identify users within a high degree of accuracy for both mobile and desktop devices.
- The ability to authenticate this data, to determine whether it is fraudulent or spoofed.
Key regulators have already noted the importance of geolocation data. The Financial Action Task Force (FATF), in its 2020 Guidance on Digital Identity, specifically identified multi-source geolocation data (Wi-Fi, GPS, GSM/cell tower triangulation, HTML5, etc.) as a necessary part of digital identity and KYC verification. And the UK’s Financial Conduct Authority (FCA) was one of the first financial regulators to distinguish between geolocation data and an IP address within identity verification expectations.
Are You Compliance-Ready?
As crypto comes under increasing regulatory scrutiny, legitimate exchanges are not looking for ways to exploit whatever loopholes they can find. Rather, they want greater clarity about the regulatory environment in which they operate and are searching for new solutions to help them stay in front of ever-increasing rules and requirements – and utilizing advanced and accurate geolocation data will help them do just that.
Let us help you get compliance-ready today. Start by downloading our white paper, “Geolocation Data: Crypto Exchanges’ Secret Weapon to Slash Regulatory Risk and Fight Financial Crime.”
