This blog post is part of a series looking at how verification techniques and practice collectively referred to as Know Your Customer (KYC) may help the domain name industry comply with new EU legal obligations. Find the overview here

Cryptocurrencies have offered a new frontier for the financial landscape, providing decentralisation, speed and global accessibility to those who want to circumvent big banks. With this innovation comes risk, and despite efforts to bring Know Your Customer processes to cryptocurrency, criminals still exploit the system.

From money laundering to terrorism financing, cryptocurrency remains a double-edged sword in the fight against financial crime.

This blog explores the procedures and challenges of Know Your Customer, focusing on KYC in the cryptocurrency world, including international regulatory efforts, challenges to enforcement, and lessons for other sectors like the domain name industry.

KYC in Cryptocurrencies: What is being implemented?

Cryptocurrency platforms, including exchanges and wallets, implement varying degrees of KYC to enhance transparency and comply with anti-money laundering (AML) regulations.

In previous blogs, we have referenced basic KYC checks (that include an email address or phone number) , intermediate (that may require a government-issued ID card) and advanced KYC (which incorporates biometric or video verification on top of government-issued IDs).  

For Virtual Asset Service Providers (VASPs), such as custodial wallets, KYC compliance is mandatory in many jurisdictions. These systems rely on blockchain intelligence to monitor transactions and flag high-risk behaviour.

However, not everyone is on board with such regulations. Decentralised exchanges (DEXs) and crypto ATMs often operate without strict KYC, providing loopholes for criminals and bad actors to exploit. 

When setting up a cryptocurrency wallet, a user must normally include their passport as part of the process. This ensures compliance with international regulations. However, the details are kept anonymous, and criminals still opt to use cryptocurrency for their operations.

Despite KYC protocols, cryptocurrency continues to be attractive to criminals due to its pseudonymity and global reach.

Money Laundering: The United Nations Office on Drugs and Crime estimates that 2-5% of global GDP, equating to $800 billion to $2 trillion, is laundered annually, with cryptocurrencies increasingly used to obscure transactions.

Cybercrime Payments: Ransomware payments in cryptocurrency surged to $590 million in 2021 alone, according to the U.S. Treasury Department​.

KYC plays a vital role in combating these crimes, but its inconsistent application limits its effectiveness.  

How KYC in cryptocurrency has supported counter-terrorist finance efforts

In 2023, Binance, a major crypto exchange, collaborated with TRM Labs and law enforcement to identify wallets linked to the ISIS-affiliated Islamic State Khorasan Province (IKSP). The investigation led to arrests in Tajikistan and Turkey, demonstrating the effectiveness of KYC when paired with blockchain intelligence. Wallet addresses tied to a terrorist commander were flagged, allowing authorities to disrupt a critical funding network​.

The infamous Silk Road marketplace, which operated on the dark web, facilitated billions of dollars in illegal transactions using Bitcoin. While the marketplace itself lacked KYC, the FBI leveraged blockchain analysis and collaborations with exchanges to track illicit funds. This eventually led to the arrest of its founder, Ross Ulbricht, and the seizure of $1 billion in Bitcoin.

International Regulatory Efforts

Global cryptocurrency regulation is a patchwork, with each jurisdiction interpreting KYC and AML requirements differently: 

United States: Exchanges must comply with the Bank Secrecy Act (BSA), reporting suspicious activities to FinCEN.

European Union: The EU’s 6th Anti-Money Laundering Directive (6AMLD) requires crypto platforms to verify customer identities and report suspicious transactions.

Asia: Singapore leads with stringent AML measures, while jurisdictions like Hong Kong are tightening their frameworks to align with FATF standards.

Decentralised Finance (DeFi) platforms often operate beyond regulatory oversight, making enforcement more difficult.

The Financial Action Task Force (FATF) Travel Rule mandates information sharing for transactions over $1,000 between crypto entities, but implementation varies widely.

Challenges with KYC in Cryptocurrency

Criminals increasingly use AI-generated deepfakes and counterfeit documents to bypass KYC checks. Binance has flagged cases where fraudsters exploited deepfake technology to evade verification.

Inconsistent standards across jurisdictions weaken the global fight against financial crime.

Much like what has been discussed in previous KYC blogs, striking a balance between customer privacy and compliance remains a challenge, especially in decentralised systems.

Lessons for the Domain Name sector:

Just as the cryptocurrency industry grapples with KYC challenges, the domain name sector faces similar risks from anonymous registrations. The lack of coherent regulations in cryptocurrency show the challenges that can arise from inconsistent standards across jurisdictions. 

One of the most valuable lessons from the cryptocurrency industry is the importance of collaboration between stakeholders. Platforms like Binance have demonstrated that partnerships with regulators, blockchain intelligence firms, and law enforcement agencies are pivotal in building a robust defense against illicit activities. By sharing data, expertise, and best practices, they create a unified front that strengthens the fight against crime while improving compliance and user trust.

In cryptocurrency, collaboration often starts with the sharing of critical data. Blockchain intelligence firms like TRM Labs and Chainalysis play a crucial role by providing platforms with tools to monitor suspicious activity, trace illicit transactions, and identify high-risk wallets. For instance, Binance’s partnership with TRM Labs helped disrupt an ISIS-affiliated terrorist financing network, proving the power of collective effort in addressing global threats.

For the domain name industry, adopting similar collaborative frameworks could mean working with cybersecurity firms and regulators to track abuse, share threat intelligence, and preempt fraudulent activities. For example, registrars and registries could establish joint databases to identify and block malicious domains, much like crypto platforms blacklist wallets linked to criminal activities.

The DNSRF have joined forces with the Global Anti-Scam Alliance and Google to create the Global Signal Exchange. This will provide a platform for sharing data for the industry to fight fraud together. 

The cryptocurrency sector has benefited from the guidance of the Financial Action Task Force (FATF), which sets global AML standards. While FATF’s Travel Rule requires crypto platforms to share transaction details for transfers above $1,000, its implementation has also encouraged platforms to work together to develop interoperable solutions. This cooperative approach has fostered industry-wide compliance while maintaining operational efficiency.

Similarly, the domain name industry could benefit from establishing shared protocols under frameworks like the NIS2 Directive. Collaborating on best practices for identity verification, abuse prevention, and compliance would not only ease the regulatory burden but also enhance trust across the sector.

Another significant aspect of collaboration in the crypto space is knowledge sharing. Companies like Binance invest in educating regulators and law enforcement agencies on blockchain technology, ensuring they can effectively monitor and investigate crimes involving cryptocurrencies. Training initiatives bridge the knowledge gap and make enforcement efforts more targeted and effective.

For the domain name sector, hosting workshops and training sessions with cybersecurity experts, law enforcement, and policymakers could similarly improve coordination and understanding. It would empower stakeholders to tackle abuse proactively, whether it involves phishing scams, ransomware, or other domain-related threats.

Given the global nature of cryptocurrencies, international collaboration is critical. Platforms often work across borders to tackle crimes that transcend jurisdictions. For example, Binance has coordinated with authorities in multiple countries to investigate and disrupt cross-border fraud schemes.

The domain name industry, inherently global, could emulate this approach. Establishing cross-border coalitions of registrars, governments, and industry groups could ensure more consistent enforcement of KYC and abuse mitigation practices worldwide.

Public-private partnerships are another hallmark of effective collaboration in cryptocurrency. Governments and crypto platforms often work together to improve compliance and security. For example, Singapore’s Monetary Authority collaborates closely with cryptocurrency exchanges to align them with AML standards, balancing innovation with oversight.

In the domain name sector, public-private partnerships could involve governments working with DNS operators to implement NIS2 requirements, creating a safer internet environment while fostering innovation.

By adopting the collaborative mindset seen in cryptocurrency, the domain name industry can build a unified, resilient framework to address abuse, ensure compliance, and foster trust among users.

Conclusion

Cryptocurrency shows that while KYC can disrupt criminal networks, challenges like fragmented regulations and privacy concerns persist. By addressing these gaps, the crypto industry and others can better protect users and foster trust. The sharing of data, collaboration and partnerships have made a difference in the crypto sector. This can also be a lesson for the domain name industry.

KYC isn’t a silver bullet, but with continued innovation and collaboration, it remains a cornerstone of the fight against financial crime in an increasingly digital world.