More than half of all exchanges worldwide have weak KYC identification protocols — with exchanges in Europe, the U.S. and U.K. among the worst offenders, according to a new study by blockchain analysis firm CipherTrace
CipherTrace analyzed more than 800 decentralized, centralized, and automated market maker exchanges and found 56% of them did not follow KYC guidelines at all despite anti-money laundering (AML) regulations. The highest number of such exchanges are in Europe — a region renowned for stricter regulations. However, 60% of European Virtual Asset Service Providers have deficient KYC practices.
The U.S. U.K and Russia are the three countries with the highest numbers of exchanges with weak KYC. Singapore is also at the top of the pack when it comes to counts of combined weak and porous VASPs.
The study found that many exchanges do not bother to mention the country of origin on their website or terms and conditions. This appears to be deliberate — of these exchanges, 85% had a frail KYC framework. This implies some exchanges are hiding their jurisdictions to avoid having to register or comply with AML regulation.
The report notes that 70% of exchanges registered in the Seychelles have poor KYC norms, making the small island country a breeding ground for potential money launderers.
The study also examined 21 DEXs and found that a whopping 81% had weak, or no, know-your-customer (KYC) practices. However, DEXs aren’t necessarily good venues for money laundering. CipherTrace noted that even though $7.9 million of crypto stolen in the KuCoin hack was sold on decentralized exchange Uniswap, it wasn’t laundered there.
“The hacker isn’t using DEXs to hide their tracks, they’re doing it so they can sell their stolen tokens,” said Elliptic co-founder Tom Robinson.
DeFi projects offer traditional financial activities like lending, borrowing, and earning interest which means they could fall under the same regulatory framework as the banks and other regulated financial institutions.
“These are all financial activities and they are likely subject to various laws already, including securities law, potentially banking and lending laws—definitely AML/CTF laws,” said SEC Crypto Czar Valerie Szczepanik earlier this month.
Dave Jevans, CipherTrace’s chief executive officer, said he didn’t believe DeFi protocols would accept regulations easily.
“From what we have experienced over the last couple of months is that they don’t want to have anything to do with KYC,” Jevans said.
“They just say they are writing software and, while they get beneficial funds from it, they are not ‘operating’ it. But it’s interesting to see what the governance of the platforms is, which often happens to be from venture capital-backed companies.”
Jevans added he didn't think DeFi would escape regulations for long.