Data is the lifeblood of nearly every business. Information about habits, preferences, likes and dislikes have fuelled a highly profitable social media industry and caused no little controversy (just search Cambridge Analytica in your favorite search engine). But apart from user data, in today’s world, practically all digital data is at risk, and protecting that data should be a top priority for any venture that thrives on relationships of trust.
For regulators, the insistence that the financial industry undertakes comprehensive Know Your Client (KYC) procedures is commonplace, and the lack of a consistent approach to this by crypto firms is often seen as the reason why there are concerns about the industry.
But as crypto exchanges begin to implement KYC protocols, protecting personal and sensitive information about clients is as important as protecting their funds.
The Sanctity of Client Data
Unlike funds, information cannot be reimbursed. Once your personal files are out in the open – even if the culprit were to be caught – they can be used by nefarious actors to gain access to your other accounts, facilitate scams in your name, or carry out other criminal activities, including the creation of fake passports for sale on the dark web.
Identity theft is nothing new, of course, but up until recently it has been less of a concern in the crypto community than, for example, wallet security. The reason is that, so far, anonymity has been among the defining elements of cryptocurrency and blockchain in general.
In fact, what’s unique about blockchain technology is that it makes it possible to record transactions on a publicly auditable ledger, accessible to everyone, while at the same time allowing for a high degree of privacy.
This feature is important, and to some degree worth protecting. Just as not knowing the exact transactional history of a wad of cash, the anonymity of crypto adds to fungibility and facilitates financial freedom, crucial to a healthy economy.
But this aspect has raised concerns among regulators over money-laundering and the financing of illegal activities, and now – in part spurred on by the proposal of Libra – we are beginning to see a strong push for the implementation of KYC procedures to which anti-money laundering (AML) and counter-financing of terrorism (CFT) requirements are integral.
The end of anonymity?
The Financial Action Task Force, for example, recently introduced its ‘Travel Rule’ which requires virtual asset service providers, such as crypto exchanges, to ramp up their due diligence procedures. Similarly, with its 5th Anti-Money Laundering Directive (AMLD5) the European Union’s regulatory framework has set out to “unveil the anonymity associated with cryptocurrency” to combat tax evasion and terrorist financing.
And so from a world of nameless addresses on the blockchain, we seem to be heading towards a system not so distinct from traditional financial systems where client onboarding requires the submission of identity documents, and where names are screened against government records and global watch lists.
Is this the end of crypto’s anonymity? According to a crypto tax calculation platform, it may be, but it is more likely that we are going to see the industry split up into white and black markets – with some crypto owners choosing to resort exclusively to peer-to-peer transactions and decentralized platforms.
From an exchange’s perspective, we must ask what it is exactly that would hold some traders from submitting themselves to KYC procedures. If it is to evade tax or facilitate criminal activities, then their disengagement from the general crypto market would clearly not be a bad thing. If, however, such reluctance is born from anxiety over security-breaches and data leaks, then this must be addressed.
When it comes to safeguarding the security of client funds, AAX is working to comply with the cryptocurrency security standard (CCSS), a widely recognized standard for securing cryptocurrency systems. It is broken into three levels of increasing security, covering wallets, policies, procedures, and multi-sig authentication mechanisms to take all-critical actions.
A similarly rigorous approach is taken to the protection of client data. In addition to leveraging techniques across encryption, invisible watermarking, access controls, and maker-checker authorization systems – which segregate duties, create dependencies and effectively limit individuals’ powers – AAX also implements a stringent multi-level employee verification system in compliance with CCSS as well as relevant data protection and privacy ordinances.
While fully confident in the effectiveness of these measures, we are keen to keep driving innovation in this space – in close collaboration with our partners – to further optimize the security of verification mechanisms, and give added credence to our commitment to providing our clients with a trusted and secure crypto exchange.