KYC.IO

Global Regulations and Requirements for KYC Onboarding
(powered by KYCC small icon KYC-Chain)

Contact us

Crypto Regulations for Fintech Companies

An overview of the varying rules and regulations governing cryptocurrency use for fintech companies around the world.

Keeping apace of the diverse and ever-changing sets of laws and regulations governing cryptocurrencies is no simple task. As regulatory bodies increasingly bring cryptocurrencies into the regulatory fold of their Anti-Money Laundering (AML) and Counter Terrorist Financing (CTF) policy frameworks, companies are having to adapt their behaviors in order to ensure their compliance.

This is especially the case for Fintech companies that deal directly with cryptos, or are indirectly associated with cryptos via their customers. This article is designed to provide fintech companies - and the individuals seeking to use their services - with a general overview of the different types of crypto-focused regulatory approaches found across the world’s many jurisdictions, and outlines some of the key considerations that these approaches imply.

What is Fintech?

Put (very) simply, fintech is a combination of the words ‘financial’ and ‘technology’. However, financial technology has existed for long before the concept of fintech emerged in its present form; a 1920s cash register can also be considered a piece of financial technology, but wouldn’t normally be considered part of the fintech industry.

Fintech, in its contemporary, conventional sense, is used to describe the ever-expanding range of new services, software and technologies that are created to expedite, improve, serve and facilitate financial services.

From relatively small Software as a Service (SaaS) companies such as Bento.com, which helps small businesses manage their expenses, to the $60 billion dollar giant that is Alibaba’s AliPay and new, app-based banks like Revolut, fintech companies are changing the way that financial transactions are executed and processed, and the way that digital currency is spent and stored.

Over the last decade, currencies are not only being used in new ways by individuals and businesses; many have emerged that are underpinned by new blockchain technology that makes them something new altogether: cryptocurrencies, which can exist independently of central banks and possess a technological capacity for anonymous use.

The first, most famous and largest cryptocurrency by market cap - Bitcoin - was created in 2009. Since then, many more cryptocurrencies have been created to serve as payment tools, as investable assets, or as a means of raising funds in Initial Coin Offerings (ICOs).

This technological evolution has created plenty of new opportunities, both for legitimate businesses and individuals - as well as criminals and their enterprises - which has in turn prompted many governments and regulatory agencies to create new laws governing their use.

Fintech, Cryptos and Innovation

By their nature, many cryptos themselves are fintech products. After all, one of the common threads tying together many of the hundreds of cryptos out there is the theoretical security of distributed ledger/blockchain technology, when compared to traditional types of centralized, digital bank accounts or ‘silos’.

That being said, most crypto assets are still stored on the centralized databases of exchanges, which have in turn witnessed severe hacks and losses of customer funds as a result. Software wallets held on crypto owners’ personal computers have also been infiltrated and emptied of their assets by hackers.

The combination of blockchain’s potential, and its yet-to-be-perfected utilization, has created new spaces for fintech companies to step in and attempt to improve the way individuals, companies and governments do business and undertake financial transactions. For example, some innovative fintech companies, such as Ledger, have sought to provide a solution to this vulnerability by providing physical wallets’ that store their crypto ‘keys’ offline, on a USB device.

Another approach has been taken by KYC-Chain’s sister foundation SelfKey, which uses blockchain technology to allow individuals to safely share KYC information, store their digital identities, and access financial services using its own crypto tokens (KEY) in the SelfKey marketplace.

The SelfKey Wallet is also compatible with physical keys such as Ledger and Trezor, and provides a highly automated, fast and secure means for financial companies to ensure the clients they onboard are complying with the regulatory standards they are subject to, all while protecting both parties’ data using blockchain technology.

However, for fintech companies onboarding or providing services to international customers that are not applying through advanced, automated KYC tools like KYC-Chain, being aware of varying regulatory climates is a must.

Crypto Regulations

The first issue any fintech company dealing with cryptocurrencies should consider, is whether cryptocurrencies are banned or heavily regulated in the jurisdictions in which they operate, or which their customers are based in.

This question should be asked by a wide range of companies, from SaaS startups considering an ICO as a means of raising funds, to banks that are seeking to provide dedicated crypto accounts or wallets to their users, all the way over to online retailers considering accepting crypto as a form of payment.

Many countries have yet to enact any laws regulating cryptocurrencies whatsoever. And while bitcoin may be legal in 111 countries around the world, legality does not mean the use of bitcoin and other cryptos is not regulated. Conversely, while the use of cryptocurrencies for commerce or as investment tools may be banned in some jurisdictions, that doesn’t necessarily mean they are illegal to hold or to be profited from.

Many countries have simply warned their citizens and resident businesses that as cryptocurrencies and their vendors are not overseen, regulated or supervised, the authorities can offer no protection to crypto users with regards to the risks associated with their use, and that cryptocurrencies expose participants to violation of AML, CTF, Tax and Exchange control laws.

Absolut Bans

There are a handful of countries that have placed outright bans on crypto exchanges and the use of cryptocurrencies (primarily bitcoin) as a form of currency, as tradable assets and investments, or as a means of raising funds (ICOs). Some have even gone so far as to declare the possession of bitcoin as illegal, though it is unclear how this could be enforced in practice.

  • Algeria*
  • Bolivia
  • Egypt
  • Ecuador
  • Iraq
  • Morocco
  • Nepal
  • Pakistan
*illegal to hold bitcoin

Companies that are seeking to do business in these countries will need to ensure that their involvement with cryptocurrencies does not compromise their legal status within these jurisdictions.

Restricted Use or Partial Bans

Below is a list of the jurisdictions that have not fully banned cryptocurrencies, but have enacted a varying degree of measures and regulations designed to curb or limit their use by citizens and registered companies:

  • Bangladesh*
  • Cambodia*
  • China
  • Colombia
  • Dominican Republic
  • Indonesia
  • India*
  • Iran*
  • Jordan*
  • Kuwait
  • Lesotho
  • Oman
  • North Macedonia
  • Qatar
  • Saudi Arabia*
  • Taiwan*
  • Thailand*
  • Vietnam**
*only a banking ban
**only illegal as a payment tool

The degree to which cryptocurrencies are banned in the list above varies quite extensively. Most of the restrictions apply to trading in cryptos, and the acceptance of cryptos as forms of payment. For example, in China, all non-regulated cryptocurrencies (which is basically all of them), their use in ICOs and as traded assets, is forbidden. The government has also proposed a ban on all crypto mining. However, possession of crypto is not yet regulated.

Others, such as India and Saudi Arabia, have imposed banking bans on cryptocurrencies, ordering banks within their jurisdictions to not facilitate any payments involving cryptos or funds generated through their trade.

The Regulated Approach

As many of the regulatory financial actors across the world come to terms with the idea that cryptocurrencies are here to stay, regulation and acceptance is slowly but surely becoming the norm. The global nature of the world’s financial system and interconnectedness of its economy makes it almost impossible for any unitary actor to take fully-effective action, and outright bans by individual governments cannot comprehensively end the use of cryptocurrencies altogether.

As such, many countries and international regulatory bodies have taken a forward-thinking approach that attempts to regulate cryptocurrencies, without trying to prohibit their use by legitimate businesses and individuals.

Below is a selection of some of the key national and international regulatory frameworks governing the use of cryptocurrencies.

Financial Action Task Force (FATF)

The G7’s FATF made changes to its Recommendations on Combating Money Laundering in October 2018, to clarify how its recommendations should be applied to financial activities involving cryptocurrencies.

These changes include far-reaching and comprehensive regulatory recommendations and a broad definition of what types of business and/or activities fall under the category of “virtual assets” and “virtual asset providers”. Broadly speaking, these new measures assert that “virtual asset providers will be required to implement the same AML/CFT requirements as traditional financial institutions.”

It has been reported by Bitcoin.com that fifteen countries have set up a working group to develop a new global system “to collect and share personal data on individuals who conduct cryptocurrency transactions” in ways that comply with FATF regulations.

European Union

The European Fourth Anti-Money Laundering Directive (4MLD), which was introduced in 2015, sought to address some of the emerging issues with regards to the capacity for cryptocurrencies to be used as tools for money laundering. But following its release, it soon became apparent to policymakers that the measures and recommendations of that directive were insufficient in dealing with what the crypto space had evolved into.

Consequently, 4MLD’s ability to tackle the problem of cryptocurrencies being used as a means for terrorists and criminals to anonymously fund their activities was deemed inadequate.

The Fifth Anti-Money Laundering Directive (5MLD), to be issued officially in early 2020, is the first piece of pan-European legislation that will specifically characterize and regulate cryptocurrencies, and seeks to address many of the perceived insufficiencies in 4MLDs approach to Anti-Money Laundering.

Some of the changes expected in 5MLD’s approach to cryptocurrencies include:

  • Providing a legal definition of cryptocurrencies
  • Identifying cryptocurrencies and cryptocurrency exchanges as “obliged entities” that will be subject to the same CFT/AML regulations applied to financial institutions under 4MLD. Under 5MLD, crypto exchanges and companies will need to undertake customer due diligence (CDD) and submit suspicious activity reports (SARs).
  • Financial Intelligence Units (FIU) will have the legal authority to obtain the addresses and identities of owners of virtual currency – intending to put a dent into the potential anonymity associated with cryptocurrencies.
  • Cryptocurrency exchanges and wallets will need to be registered with the relevant authorities in their domestic locations.

USA

Director of the Financial Crimes Enforcement Network (FinCEN) Kenneth A. Blanco outlined the expectations and obligations of fintech companies dealing with crypto in a speech in 2018. In the speech, he began by outlining the scope of FinCEN’s remit, stating:

“FinCEN’s rules apply to all transactions involving money transmission—including the acceptance and transmission of value that substitutes for currency, which includes virtual currency. Thus, our regulations cover both transactions where the parties are exchanging fiat and convertible virtual currency, but also to transactions from one virtual currency to another virtual currency.”

Blanco then went on to highlight that:

“Individuals and entities engaged in the business of accepting and transmitting physical currency or convertible virtual currency from one person to another or to another location are money transmitters subject to the AML/CFT requirements of the BSA (Bank Secrecy Act) and its implementing regulations.”

To comply with these obligations, virtual currency money transmitters are required to:

  1. Register with FinCEN as a money services business,
  2. Develop, implement, and maintain an AML program designed “to prevent the [MSB] from being used to facilitate money laundering and terrorist finance,” and
  3. Establish recordkeeping, and reporting measures, including filing Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs).

These requirements apply to both domestic and foreign-located convertible virtual currency money transmitters, “even if the foreign located entity has no physical presence in the United States, as long as it does business in whole or substantial part within the United States.”

UK

The European approach has been echoed by the UK’s Financial Conduct Authority (FCA), which recently stated in one of its ‘Dear CEO’ letters to firms offering banking services to clients that “derive significant business activities or revenue from crypto-related activities” that “it may be necessary to enhance the scrutiny of the client and their activities.”

Dear CEO letters are considered to be a strong indication of the direction of future, more detailed policy positions. It is expected that the UK government will be introducing stronger measures to bring the trade and use of cryptocurrencies under the same AML/CTA frameworks as the broader financial system.

Other Crypto-Friendly Jurisdictions and Authorities

Examples of the highly liberalized approaches of some of the most crypto-friendly countries.

Japan

Japan has emerged as one of the most crypto-friendly of the major global economies, due in large part to a concerted effort from its national government to bring the use of cryptocurrencies into the same regulatory fold as its broader tax and AML frameworks.

Cryptocurrency is accepted as a legal form of payment in Japan, and digital currency exchanges are legal in the country if they are registered with the Japanese Financial Services Agency.

New Zealand

New Zealand has taken an especially open approach to cryptocurrencies. Its tax office, the Inland Revenue Department (IRD) declared in August 2019 that salaries paid in cryptocurrencies are legitimate, as long as they meet a list of criteria and were pre-approved by the government. Under the criteria, most liquid, fiat-traded cryptocurrencies, including Bitcoin, would be acceptable forms of payment for salaries in the country.

Switzerland

Switzerland has emerged as a strong supporter of digital currencies. The region of Zug - which has been labeled ‘Crypto Valley’ - is home to many crypto-based fintech companies, and the Swiss government has been testing the use of bitcoin and other digital currencies forms of payment for city fees services.

Navigating the Regulatory Maze

As cryptocurrencies become more prevalent and their use more widespread, fintech companies, by their nature, will be coming into more frequent contact with customers that are involved or have funds generated through their possession and use.

As the regulatory regimes governing the ownership, trade, use and classification of cryptocurrencies is far from uniform across the world, fintech companies with international client bases need to be aware of the varying regulatory regimes governing cryptocurrencies in the jurisdictions that they are incorporated in.

Tools like KYC-Chain can effectively optimize and automate your KYC framework to integrate up-to-date crypto regulations into your onboarding processes. These can be customized according to highly specific parameters, and configured for the specific situations and jurisdictions of your customers.

Opting to use KYC-Chain as part of your onboarding process can effectively mitigate the risk of falling foul of regulatory standards in the jurisdictions that you are engaged with, allowing you to focus on what matters most: running your business.