What is KYC (Know Your Customer)?

How it works

Banks, exchanges, and other regulated financial entities are required to verify customer identities to prevent money laundering, terrorism financing, and tax evasion. The standard KYC stack:

1. Personal info — legal name, date of birth, government ID number (SSN in US)
2. Government ID — photo of driver's license or passport
3. Liveness selfie — selfie or short video to match against the ID
4. Proof of address — recent utility bill or bank statement (sometimes)
5. Source of funds — for large deposits, banks sometimes ask where the money came from

The data goes to the platform's compliance team and to third-party KYC vendors (Persona, Jumio, Sumsub) for verification. Approved customers can transact at the platform's standard limits; declined customers can't open the account.

KYC is tier-based at most exchanges. Basic verification might unlock $10k/day in trading; full KYC unlocks 6-figure withdrawals. Enhanced Due Diligence (EDD) — for high-net-worth individuals or politically exposed persons (PEPs) — involves deeper questions about source of wealth.

Example

A typical Coinbase signup in 2024:

1. Email + password
2. Phone number verified via SMS
3. Upload driver's license (front + back)
4. Selfie video looking left, right, blink
5. Last 4 of SSN
6. ~5 minutes later: account approved

The same data flows to FinCEN (Financial Crimes Enforcement Network) in suspicious-activity reports if the exchange spots unusual patterns. KYC isn't just about the customer onboarding — it's the legal basis for ongoing monitoring of activity.

Why it matters

KYC is the bridge between traditional finance and crypto. Practical implications:

• Centralized exchanges require KYC. Coinbase, Kraken, Binance.US, Gemini — all of them. There's no path to fiat on-ramp without it in the US.
• DEXs don't require KYC. Uniswap, Jupiter, GMX — connect a wallet, swap. Permissionless by design.
• Self-custody doesn't require KYC. Once funds are in a wallet you control, no one's verifying who you are for transfers between addresses.
• Tax authorities receive KYC data. Form 1099 from US exchanges reports activity directly to the IRS. Self-custody activity isn't reported to the IRS but you're still legally required to report it on your return.
• Privacy trade-off. Every KYC submission is a copy of your government ID with a regulated entity. Data breaches at exchanges (Coinbase had one in 2023, Bitfinex in 2016, etc.) put that data at risk.

Most US-resident crypto activity touches a KYC'd venue at some point — either to convert fiat to crypto, or to convert back at exit. "Pure DeFi" workflows that never touch a CEX exist but are uncommon for retail users. Mixed approach is normal: KYC'd exchange for buying/selling, self-custody + DEXs for everything in between.