February 7, 2023
Does my Web3 project need to be KYC compliant?
Some Web3 projects are built to be KYC-compliant, others are not. So what's the difference? There are a few factors to consider, and we've broken them down for you.
If you’re building any kind of Web3 project involving digital assets or cryptocurrencies, you will need to figure out whether or not Know Your Customer (KYC) regulations apply to you. However, for most people, KYC compliance is a bit of a mystery, and finding an answer as to how it applies to your project can be a challenge. So let’s clear up some of the mystery and help you decide whether you need to take KYC into consideration for your project.
Disclaimer: This is a general brief that is not specific to any specific national regulations. As such, it is purely meant for orientation purposes, and cannot be considered a comprehensive and definitive resource for ALL KYC regulations. It is intended to give laypeople and project builders and idea of where they stand in the legal landscape, NOT as a binding legal opinion aimed at lawyers or law firms.
What is KYC?
KYC regulations are a set of guidelines requiring companies to verify the identity of their customers. They are a component of broader Anti Money Laundering (AML) regulations intended to thwart money laundering activities and any suspicious trades. The scope of KYC can vary from simple collecting of names, surnames, and emails, to more complex implementations involving ID scans and verification. The specific required scope varies depending on a variety of factors and nation-level regulatory differences, and this article generally addresses KYC as a broad principle.
Do I need to comply with KYC regulations?
Good question. This depends on quite a few factors, but we’ll break it down to a few core components.
If you answer “Yes” to any of the following questions, then you will probably need to make your project KYC-compliant. We’ll go into more detail about each question afterwards.
- Are you launching a Web3 project for an already established, well-known brand?
- Does your project involve money changing form at any point? (I.e. Fiat to virtual money and/or virtual money to crypto?)
- Does your company typically need to provide invoices for each sale for tax and accounting reasons?
- Does your project involve any currency OTHER than a cryptocurrency?
- Do you need to send the product you are selling to a physical address or blockchain address?
1. Established brands must be KYC compliant.
If you answered “Yes” to the first question, and you are launching a Web3 project for an established, well-known brand, then yes, you must comply with KYC regulations. The chances of regulatory authorities swooping in at any given moment and asking for documentation of what you sold, to whom, when, for what price, etc. are quite high if you’re already a visible brand.
Put simply, you can’t risk tarnishing your brand’s good name, and you need to do everything in your power to ensure that you have a record of every transaction of every asset involved in your project.
This is why for our projects with dm, one of Europe’s biggest drugstore chains, and for Lobkowicz Collections, a Web3 company founded by a European noble family, we implemented KYC gateways that customers were required to fill out in order to purchase NFTs. Both companies were very high profile and thus had to comply as strictly as possible to any regulations that could potentially apply to their business activities.
2. When money changes form, KYC is required.
If your project involves fiat onramps (i.e. customers can pay with credit cards, debit cards, other fiat payment platforms like PayPal, etc., and their fiat currency is converted into cryptocurrency) or involves exchanging fiat or virtual currencies for cryptocurrency, then yes, you must comply with KYC regulations.
Any time money changes form, the regulators can come knocking, and you have to be ready to show them in as much detail as possible what you’ve been up to.
3. If you need invoices, you need KYC.
If your company accountant is always asking for invoices for every single little transaction that occurs involving the company, then chances are, they need them for tax reasons. If they need them for everything else, then they are definitely going to need them for the sales of digital assets in your Web3 project.
In other words, if your company already pays close attention to complying with tax codes, they will also need to comply with KYC regulations for Web3 activities.
4. Crypto-only projects don’t necessarily need KYC.
If you answered “No” to question #4 (and “No” to the other questions), then you might be in luck. If you are running a project exclusively involving crypto, there’s a good chance that KYC regulations will not get in your way (at least for the time being).
(Note: This does NOT mean, however, that AML rules would not apply to your project. While related, KYC and AML are two separate sets of rules, and must be considered separately.)
If you create a Web3 project in which no part of the project relies on converting fiat to crypto and vice versa, and all of your users are crypto-natives, then you can maintain the anonymous, decentralized, benefits of blockchain. As of yet, regulations have not been created that would interfere with purely-blockchain based businesses, and so implementing KYC gateways is not yet necessary.
5. You also need to know where to send purchases…
While the final question isn’t directly made necessary by KYC regulations, it’s a logical reason to implement a KYC gateway:
If you need to send stuff to someone, you need to know where to send it, and usually what their name is. A KYC gateway requiring customers to fill out their name and address, whether it be a physical or blockchain address, will allow you to do so, and will have the benefit of giving you the information necessary for being KYC compliant.
How do I make my Web3 project KYC compliant?
The principle is simple:
As a high-level concept, you essentially need a mechanism for your customers to enter their name, address, and any other information required to verify their identity as per specific regulations, prior to being able to purchase what you are selling.
In addition, within KYC, there are two primary duties:
(i) Duty of identification
(ii) Duty of control
The applicability of each duty depends on the following factors:
- The value of a trade is more than EUR 1.000
- The trade is suspicious
- There is a long-term trade relationship being created by the transaction.
- The trading object has investment potential
The implementation is less simple. There is no single way to build KYC gateways into Web3 projects involving minting NFTs or otherwise selling and transferring digital assets. Each use case will have different technological requirements, so a good bit of custom development will always be necessary.
Artiffine can help.
Our Legal Team, headed by Dr. Jan Zibner, is specialized in Web3 compliance issues, including KYC. Our Development Team has senior smart contract, frontend, and backend developers with extensive experience in implementing KYC-compliance solutions for Web3 projects.
We can build KYC gateways for a wide range of use cases, and we adapt every solution to the specific requirements of each client. If you need help making your Web3 project KYC compliant, then feel free to reach out and we’ll be happy to discuss.
February 7, 2023