What is KYC and AML? Compliance Explained

Bitcoin was designed to work without identity. Wallets are pseudonymous — just alphanumeric strings with no inherent connection to a real person. But the moment crypto touches the traditional financial system — fiat on-ramps, bank accounts, regulated exchanges — governments require identity verification. That's KYC.

Know Your Customer (KYC) is the process by which financial institutions verify their clients' identities. Name, address, government ID, sometimes a selfie holding your passport. Every regulated exchange — Coinbase, Binance, Kraken — requires KYC before you can deposit fiat or withdraw above certain thresholds.

Anti-Money Laundering (AML) is the broader regulatory framework that KYC sits within. AML rules require institutions to monitor transactions for suspicious activity, file Suspicious Activity Reports (SARs) with authorities, and maintain records that allow law enforcement to trace illicit funds. The penalties for non-compliance are severe: Binance paid a $4.3 billion fine in November 2023 — the largest AML penalty in U.S. history — and its CEO pled guilty to violations.

Tier 1 (basic) typically requires: full name, email address, phone number. This might allow limited trading with withdrawal caps — often $10,000-$50,000 per day.

Tier 2 (full) adds: government-issued photo ID (passport, driver's license), proof of address (utility bill, bank statement), and sometimes a liveness check — a selfie or video where you turn your head to prove you're a real person, not a photo printout.

Tier 3 (institutional/high-value) may require: source-of-funds documentation, corporate registration documents, beneficial ownership disclosure, and enhanced due diligence interviews. Moving seven figures through a regulated exchange means explaining where the money came from.

The process has gotten faster. What used to take days now often completes in minutes through automated identity verification providers (Jumio, Onfido, Sumsub) that match your selfie against your ID photo using facial recognition and verify document authenticity with optical character recognition.

The crypto community is philosophically divided on KYC. Privacy advocates argue that financial surveillance is incompatible with the permissionless, pseudonymous values that crypto was built on. The Tornado Cash sanctions in August 2022 — where the U.S. Treasury blacklisted an open-source smart contract and its developer was arrested — crystallized this tension. Writing privacy software became, arguably, a criminal act.

The pragmatic counter: without some level of identity verification, crypto becomes a tool for sanctions evasion, ransomware payments, and money laundering at scale. North Korea's Lazarus Group stole over $1.7 billion in crypto in 2022 alone. The Bybit hack in 2025 netted $1.5 billion. Without KYC/AML infrastructure, there's no way to freeze stolen funds at off-ramp points.

The middle ground — imperfect and evolving — involves zero-knowledge proofs that verify identity attributes (age, citizenship, accredited investor status) without revealing the underlying data. Projects like Worldcoin, Polygon ID, and Sismo are building these primitives. Whether regulators will accept cryptographic proofs instead of photocopied passports remains to be seen.

GaiaEx operates as a decentralized exchange with a non-custodial architecture — your funds remain in your wallet, not in an exchange-controlled account. The KYC requirements depend on the jurisdiction and the specific services accessed. The platform aims to balance regulatory compliance with the non-custodial, user-controlled ethos that defines its architecture.

For traders, the practical consideration is this: understand your jurisdiction's reporting requirements regardless of which platform you use. Tax authorities in the U.S. (IRS), UK (HMRC), and EU (DAC8) are increasingly requiring crypto exchanges — including DEXs — to report user activity. Keeping your own records (transaction history, cost basis, disposal dates) is the safest approach regardless of KYC status.