Initial Coin Offering KYC and AML

Know-your-customer (KYC) and anti-money-laundering (AML) due diligence screening for initial coin offering is all about establishing a whitelisting system that achieves the optimal balance between two opposing goals; investor acquisition maximization and regulatory and internal risk minimisation.

A best-in-class ICO KYC/AML system will quickly and without error onboard investors that meet the token offering’s risk appetite parameters and compliance requirements. Such a semi-automated system will route the lowest risk prospects into a whitelist fast lane, unknown individuals needing additional checks (referred to as extended due diligence) into a graylist slow lane, and high-risk individuals such as PEPs or individuals on sanction lists onto the blacklist exit ramp.


Most regulatory jurisdictions across the world are only just now establishing rules for ICO KYC/AML auditing and reporting. However, token issuing companies are required to file KYC and AML audit reporting with an ever increasing number of jurisdictional regulators. If it were otherwise, ICOs and cryptocurrency markets would continue to be an easy target for criminals looking for a way to transfer funds from one corner of the world to another unnoticed.

Regardless of the location that an ICO claims as it home jurisdiction, it is incumbent upon the token issuing company to ensure that it is not acting as a conduit for money laundering or terrorism funding. ICOs in nearly every regulatory jurisdiction across the world will soon be required to apply KYC/AML screening due diligence to their pool of potential investors. Token issuers are advised to get ahead of the ball with the expectation that their jurisdictional KYC/AML requirements will soon match the requirements for securities issuance, and that those requirements, such as token sale restriction to accredited investors only, may well apply retroactively to tokens already issued.

ICO KYC/AML starts with collecting and verifying identity information, following which it is checked against a list of PEPs (“politically exposed persons”) and sanctioned individuals and entities. ICO Platforms  can handle the bifurcation of some or most of the prospective investors into an internal whitelist and blacklist. Risk mitigation for the rest of the prospective investors will require human-reviewed white/blacklisting.

A turnkey ICO launch platform provider can create a web-based KYC/AML interface with logo, favicon, and other brand alignment on an ultra-secure token sale subdomain that matches the ICO project’s main website. Legal requirements, disclaimers, and social media feeds can be carried over from the main website to the token sale subdomain.

An ICO KYC/AML API can enable real time risk-scoring. The presence of web-based prescreening may deter fraudsters from trying to onboard in the first place. The API with which the smart contracts interface will be an integrated set of software programs that work with facial recognition, ID verification, alterations and forgery screening, and GDPR (General Data Protection Regulation) compliance. Risk profile tolerance settings are calibrated from the admin dashboard, and smart filters quickly sort token sale buyers by reputation score.

An ICO project’s team should not view KYC/AML rules and regulations as an operational obstacle. KYC/AML may be integral to the health and longevity of the ICO or STO project and its raise. Keep in mind that a public relations issue arising from poorly executed KYC/AML will not only draw the attention of an otherwise sleepy regulator, it could drive off potential investors, partners, and advisors. KYC/AML doesn’t just help with compliance; it also allows the token issuer to better understand its investors and customers, thus informing good business practices and decisions.

Token issuers everywhere should reduce their operational risk and their risk of regulatory scrutiny with proactive implementation of KYC/AML protocols. Token issuers based in jurisdictions with lax ICO KYC/AML reporting requirements should be fully on board anyway because their jurisdictional regulatory body may decide to require compliance retroactively. There is a good chance that ICOs currently flying under their jurisdiction’s regulatory radar will find their token deemed a security at some point soon by that same regulator.