KYC: What It IS and Why It's Necessary - A Case Study
This article is not a review of the of KYC/AML laws. (Anti-Money Laundering Laws) It is a practical explanation of why we have them, how important they are to everyone and a view thru the lens of how one Blockchain ICO has used or abused the process and the possible meaning for the investors involved.
Google search KYC or AML so you might appreciate what follows and accept it is not histrionics or melodrama on our part. Read a few of the many available articles and gain some appreciation of how much your government fears funding terrorism, criminal funding, illegal political funding (Russia, China, N Korea), cartel/drug funding, criminal activities through Identity theft, the use of false identities, money laundering, unrestricted movement of money and drug trafficking. You will also gain some insight into the great fears surrounding cryptos. I highly recommend this article for everyone. https://cryptocoin.news/news/why-kyc-and-aml-is-coming-to-all-icos-and-crypto-exchanges-5410/
In the US AML and KYC laws are part of the Bank Secrecy Act (BSA), the Office of Foreign Assets Control (OFAC) and the Patriot Act. If you think for a moment about the agencies that oversee or promulgate these laws, you will see why we have them and how important our governments think they are. In the US we have the US Treasury's Financial Crimes Enforcement Network (FinCEN) to oversee enforcement. The FinCEN has immediate access to all BSA/AML/KYC data. Today many see CRYPTO as the world's greatest threat to security thanks to bad practices of compliance with these laws. The fines below you will give you some idea how seriously AML is taken.
Just a few AML FINES from 2017 and 2018
• January 2017 Deutsche bank fined $211,294,298 Anti Money laundering violations Great Britain
• May 2017 Deutsche Bank fined $41-million for Anti Money Laundering (AML) violations.
•January 4, 2018 Citibank fined $70-million for AML compliance shortcomings.
• Feb 15 Bancorp fined $613-million for AML/Bank Secrecy violations.
AML fines are predicted to exceed $400 Billion by 2020
Criminal penalties for individuals for a single violation can range from fines, life time bans on financial/investment involvement - to prison, or all of the above. Due to treaties, international borders are not protections against prosecution. Money makes this world go round. For this reason even countries who hate each other often agree on the importance of AML laws.
This is another article about the troubled TIM ICO, its practices and how a REAL WORLD example of questionable KYC practices can pose consequences for each of us, regardless of our affiliation with crypto or any particular ICO. What follows explains how KYC & AML have ramifications for us all. Regardless of whether you invested in TIM or in any or in no ICOs, what follows is both important for you and potentially dangerous for us all.
One aspect of ICO/crypto most are unaware of is that AML should be coded into the smart contracts that create tokens from day one. AML/KYC protocols should be implemented and followed as part of any ICO's business and token sale plan. If not you get a vehicle custom made for money laundering and criminal activity, regardless of the good intentions of the creators. Keep in mind that in the US it is illegal to move $10,000 in cash across borders. Think of how easy it is to send $1,000,000 in crypto into the US or any country. Consider how easy it is to send $10,000 to 100 wallets in the US. All it takes to convert that crypto back into cash is a bank account.
You should be thinking about what it takes to open a bank account. It takes your name, probably your social security number, your address, your date of birth, sex, email, phone, spouse's name, parents names, and depending on where and what the account is for, all kinds of other data unique to you.
If you invested in TIM you want to continue reading RIGHT THIS SECOND and if not you want to read this anyway:
Did you complete TIM's or any KYC by Email?
What if every TIM investor who completed KYC discovered their personal and financial information may be in the wind in one of the most dangerous and corrupt parts of the world, where even government officials and law enforcement are engaged with crypto scammers in every form of criminality. Customer data is worth billions: a recent CNN tech-piece said that seventeen (17) people a second are robbed remotely from improperly stored financial data. This data is sold for $.25-$10,000 PER PERSON. In 2018 where data breaches are everywhere, you would think that KYC and AML procedures would be strictly adhered to both due to the consequences and the security of customer data: But this may not be the case.
Remember as you read that the TIM foundation, until this week, claimed to be a US ICO selling a SEC registered TOKEN, but in reality is merely a foreign ICO owned by a Delaware shell Corp called IE Tech LLC. IE Tech’s entire business appears to be simply owning and pretending to run numerous fictional or paper companies. But its claim to fame seems to be running a perpetual ICO called TIM (talking.im) out of INDIA or Singapore, or wherever Prabhat Kumar Singh is resting his head. As a US company TIM falls under US Security and Criminal laws and is subject to SEC rules and regulations, regardless of where TIM operates or whatever changes Mr. Singh thinks he's made lately to protect himself and his scam he remains accountable to the US for his past acts.
If you are new to Crypto, or if you have gone thru KYC before you still may not fully understand what it is, or why you are being requested to do it. You may simply think the company, or in this case the ICO needs to know who you are. That is not the entire case at all. In order to keep you and us all safe, all financial entities (ICOs included) are required to be able to prove to governments just who's money they are accepting, moving or investing. These laws are collectively referred to as Anti Money Laundering Laws (AML). Firms that fail to abide by the AML data collection, processing and storage laws are subject to fines and their officers are subject to both fines and serious felony criminal charges and sentences. The violators may think hiding in a foreign country is protection, but KYC/AML/Security Fraud violations can be a one way ticket to extradition from most countries. I'm told KYC/AML violations can also get you a front row seat on the international "no fly" list. Violations of these laws by 2020 are expected to top $400 billion dollars in fines. These violations have already resulted in billions in fines, criminal convictions and prison sentences. AML and KYC are in place to protect your lives, and those of your children and neighbors.
As you read, keep in mind that after collection the secure storage of your KYC information must meet specific legally established and verified regulations and protocols. (Bank Secrecy Acts) These requirements apply to each and every place customer KYC information is stored. It applies to each and every country in which a company keeps such KYC data. The laws apply to every computer, storage device or server on which that data is held. This is not melodrama. Internationally, KYC is no joke.
Personal KYC financial and identity records existing on an email server DOES NOT meet these legal requirements. This is why legitimate companies regularly engage 3rd party KYC companies who use secured customer data entry portals, often with two or even three-part verification protocols to accept KYC submissions. KYC is serious and potentially deadly stuff. Any company that asks you to email this data should be considered very suspect. Even if such a company represents a legitimate project, the cost of KYC is only a few dollars per customer. Therefore, not doing this properly speaks volumes about a project’s management. You may end up with a legitimate token, but your emailed information may also be compromised without you ever knowing until your bank accounts are emptied, all your crypto stolen or even your house is lost. Worse, you may commit a terror attack in France without having left Iowa. Your information may be used to open bank accounts by criminals from their living room.
If a company is, banking, selling a security or is regulated by the SEC, it is highly unlikely that KYC data received by email meets any of its requirements. Even law firms are required to comply with AML laws. In addition to strict standards for the collection and storage of KYC information, the methodology and processes of verification must also be strictly followed to be legal. It is highly unlikely therefore, that any company that would not bear the small expense to collect or store KYC data legally (not by email collection) is then also likely meeting the strict verification requirements. Consider an ICO that accepts a minimum investments of $10.00 and ask yourself how they could be remotely legit. How could a company spend $2-$3 on a $10.00 investment? Would a legitimate company spend (30%) of your investment on KYC? It could not and would not. However, TIM's minimum investment was $10.00. So when you see these bargains, be suspicious. While it is very likely ICOs that allow ridiculous minimum investments are stealing small amounts of money from masses of people who will never complain, it is highly improbable those ICOs are doing legal KYC. Small investments are one of the red flags for questionable ICOs like TIM. The minimum amount which warrants KYC/AML compliance when purchased depends on the locality of the purchaser and the seller.
Any violation of AML/KYC laws is almost certainly a serious criminal offense. Additionally, these laws are considered so important to public safety and combating crime that the loss of even a single customer’s information carries severe civil and criminal penalties, including huge fines for each lost record and also prison sentences.
Anti-Money Laundering Laws (AML) and Know Your Customer (KYC) protocols exist to stop the movement and laundering of money by criminals, cartels, terrorists, or for any nefarious purpose by confirming from the very beginning of an investment or deposit or the opening of a bank account, that the owner is exactly who he or she claims to be and is not "blacklisted".
In America we have had an ongoing political battle over firearms background checks for decades, with both sides arguing the efficacy such checks would actually have on shootings and crime. What people and politicians have yet to realize, but unfortunately may well learn horribly, is that crypto KYC may eclipse that argument thru tragic consequences. The dangers posed by scam cryptos running incomplete or intentionally nefarious KYC programs cannot be overstated. The value of thousands of investor’s KYC data may be worth far more to the WRONG people than some ICO's total sales of a few million dollars.
When we get to the end of this article I will prove our worst fears are well founded. We have proof KYC data has already been leaked. Because of this we have informed the US State department, the FBI, the SEC, the DEA, The International Banking Commission and Interpol. As you read and consider the magnitude of the threat I am going to pose, ask yourselves this question: if 80% or more of all ICOs are scams, money grabs or just lemonade-stand operations run by 20-something neophytes from their mother’s garages or by people who may have no understanding or concern for laws or regulations, what is the likely percentage of these companies that are screwing up KYC?
Below is just the first page of KYC 3rd Party providers I found in a Google search. Hundreds of KYC companies are available to ICOs and other financial entities for a small per-person fee. These companies will perform legal KYC for any ICO, Bank, company or institution required to meet KYC regulations. While any KYC provider should be vetted thoroughly, there are plenty of professional KYC companies to choose from.
There are KYC laws in most countries today because of Identity Theft, Bank Fraud, and Money Laundering, but largely because of Organized Crime and Terrorism. The laws from country to country may vary, but they all demand that people investing or moving money thru banks or other financial institutions, renting or buying property, or where they create an ability to move money across borders, must prove they are who they claim to be and meet criteria for performing these actions. Governments fight daily to stop the money supply for terrorism and organized crime. Identity theft is perhaps the greatest tool criminals have to move money and fund illegal activities. Criminals and terrorists using false papers belonging to actual people, such as Passports and drivers licenses are among most government's greatest fears. All companies (Investment brokerages / Banks / ICOs / Blockchain Trading Sites) MUST keep customer KYC information current, secure and immediately available for government inspection. And they mean “immediately” available.
ICO’s are considered an investment in almost every country today. These laws are governed by international treaties and other agreements. As such virtually all ICOs are subject to international KYC regulations. In the US this is absolutely the case. Crypto presents a completely new and dangerous anonymous method for terrorists, drug cartels and criminals to safely move money into and out of countries, to fund attacks and facilitate other nefarious activities. For this reason, there are numerous KYC 3rd party independent companies that, in addition to the actual KYC verification will also provide safe and secure KYC collection and ongoing data storage services to institutions and companies that are just not equipped to meet or afford the strict KYC AML requirements. Think of KYC as a background check and ID verification that then includes the secure storage of your most valuable personal identification and financial information in perpetuity. This storage also allows for immediate retrieval upon request of a governmental agency, or the contracting company (ICO).
Rather than post a link you may not use, I am providing the Wikipedia KYC explanation. You may also go to the page and use the text links to see all the corresponding laws and regulations and understand why KYC exists. https://en.wikipedia.org/wiki/Know_your_customer
When ICOs request that investors provide KYC data, they will often host a secure 3rd party KYC portal on their ICO home page. That link is tied directly to the KYC provider’s secure site. Once there you enter your data. It may appear you remain on the ICO site but often you do not. If you’ve gone thru the process for an ICO or opened a crypto trading account you know that this is serious stuff, often requiring two or three part encrypted security and several days to complete. You may not realize that you go thru this exact process when you open a bank account, but as you enter your data manually on an analog form, you probably remain unaware of the whole series of events in the process.
Why should investors and everyday people be concerned by a fly by night, ICO email-based KYC process?
KYC can allow both your locked material (your wallet addresses) and also the key (all your personal data, driver’s license, passport, home address, etc.) to be found in one place if not carried out correctly. That is exactly what happened with TIM (Talking.im) when it began selling a US security to investors in January.
Virtually all cryptos are classified as securities by the SEC. TIM was selling, accepting money and in some cases transferring a Security to US citizens with no Accredited Investor Verifications, as required by law. For whatever reason, Prabhat Singh (TIM CEO) did not contract with any KYC company that we know of. If he did it was in a very suspicious way because TIM is the first so called “Legit” “Non-Scam” “History Altering” “Revolutionary Tech” ICO we are aware of that would not spend just a few of the millions of dollars it’s collected to ensure investor KYC compliance and security. Rather, after accepting investor funds from about Dec 2017 thru today, all the while claiming to be a SEC registered security, only in May did Prabhat Singh decide KYC was required. To meet this challenge, he required all past and new investors to provide their most secret personal KYC data by email directly to [email protected] Regardless of whether or not TIM actually did or intended to do legal verifications, they have compromised investor data in a manner no ICO should have, let alone on email servers. Unless that information was legally and securely obtained, processed and stored from the first second, no deletion, no lie, no act, nothing can fix the mess now. And we are reasonably certain that no legal KYC protocols were followed by TIM. As a matter of fact, this article was posted several weeks ago on a TIM investor channel. It was later commented on by TIM supporters and the company has not denied these claims. Perhaps the reason for their silence lies below.
Below is a TIM executive telling an investor to send his KYC docs thru email.
Below is the email verification from Meenu Aggarwal, who claims to be a TIM legal executive, who has also claimed to be a JP Morgan VP, as well as a yoga/health consultant. In this email, Meenu is acknowledging that the man in the photo at the beginning of this article did send his KYC docs by email as requested by Sri Herugu in the above chat. This proves that TIM was knowingly requesting and accepting KYC information from as many as 8400 investors by chat and by email. (8400 may not included thousands more air drop participants) It also proves that they represented or implied their KYC process was legal.
If you invested in TIM or any ICO and you emailed KYC information, your information resides in email file/s and on computers and servers. As for TIM, we cannot even guess where your information is, as TIM people do not work in a central TIM office, but retrieve their emails from around the world. For example, Sri Herugu, lives in the US.
TIM execs may claim they emailed investor data to a KYC company for verification, or did it correctly in house, but that is doubtful. No legitimate KYC Company would likely accept the legal liability and compliance responsibilities of KYC info sent by email due to compromised data and chain of possession issues. So if you did KYC with TIM or any other company by phone, mail or email, your info MAY BE IN THE WIND. The reality of TIM's KYC is the most private investor information for thousands of people may reside in dozens of unsecured servers located in several countries around the world. Wherever this information lives it seems highly unlikely it is secure according to the law? Flip a coin. The simple fact you emailed it is proof of the fact your info is at extremely HI-risk.
For investors who did KYC by email, you may have compromised your lives, or you have provided the very information that may ruin others. If the quality and past practices of TIM management is any metric of professionalism, your most private data likely resides in multiple unsecured server/s accessible by only God knows who. This data includes or may include your personal identity, a reasonable estimate of your financial status, photo ID, passport, address, driver's license, etc. This is exactly what United States Border Security, CIA, FBI, Homeland Security, the US State Department, Interpol and law enforcement agencies around the world fear most. Thousands of potential clean skins and usable legends (identities) may now or soon be in the possession of people who may use them. In TIM’s case we believe we have irrefutable proof in our possession that KYC information has already been compromised. Once bad actors have your info just think about how easy it is to fill in the blanks. They can friend you on Facebook, or twitter. Within minutes they could have enough factual data about your home, children, personal habits and hobbies, pets, extended family to recreate you.
Absent proof of all KYC and AML compliance by TIM, caution demands that we must assume that thousands of passports, Photo IDs, investor addresses, bank info, wallet addresses and other information is unsecured. Even with proof of compliance by TIM, the fact that KYC data was emailed un-encrypted over the internet and thru public servers, investors MUST assume their data has been compromised. And if you are an accredited investor, (high net worth) you probably also provided tax returns, proof of net worth, W-2s, bank statements and detailed financial records. At the very least, if you are rich, or a high net worth investor and your information falls into the wrong hands, they will know exactly where to find you and your family. They already know you have crypto they can use. You probably have cash. Imagine a couple criminals finding that you and your family live in the woods 5-miles out of town.
This information has been forwarded to the appropriate authorities. Until an investigation of TIM’s Anti Money Laundering and KYC compliance is undertaken, we must ask, why a US LLC was set up in Delaware? Why is I.E. Tech LLC merely a mail drop box address? Why did Prabhat Singh immediately run to INDIA or Singapore to manage the TIM ICO? Why has he, just this week, claimed TIM is no longer governed by US laws but is now a Singapore regulated ICO? Why has he continued to promote and leverage the security associated with being a US company to TIM investors at the same time?
As a precaution, if you invested in TIM you should probably demand they document/confirm their KYC process for you. They may claim they are no longer doing KYC because they are now governed by Singapore law, but they still have the data for thousands of investors in their possession.
It is only reasonable for all investors to notify their own governments of their concerns and perhaps even contact a credit protection/ID theft company immediately. The fact that you may be unaware that anything has happened to your information is not proof that nothing has happened to your information. Nor is no news proof that you are not the new owner of a condo in Paris or Istanbul with a Ferrari in the driveway. The information and identity data available in a KYC file can be the foundation for illegal activity or worse, it can allow someone to assume your identity, open bank accounts, transfer large sums of money, send crypto, buy cars, houses, apply for credit cards, steal your tax returns, pensions and also travel virtually anywhere under your name. They simply send you an innocuous email (email included in your data) asking for you to fill in a few pieces of the puzzle, or stalk you thru social media and shazam, your life changes. The absence of news is not surety that nothing will happen in the future, nor is it evidence that it has not already happened.
Merely consider this logic. The Tim Foundation accepted investor’s money, email addresses, and wallet addresses for 5 months before asking for KYC. During that time they did not have the trained personnel in place or the technology to meet these requirements. The announcement for KYC by Prabhat was spontaneous and admittedly unexpected. However, existing TIM personnel began in-taking investor data immediately with the announcement. It seems entirely impossible therefore, as they used existing personnel to run their KYC, that they had the time to hire KYC professionals, install hardware or implement compliant KYC procedures, policies or protocols before they began collecting investor data into email servers. Draw you own conclusions. If your information was not safe then, it cannot be safe now.
Most readers are aware we have had an ongoing months-long battle with Tim over our suspicions of fraud. We believe TIM/Singh owes previous investors as much as 100 million dollars or more. The tensions between TIM and investors like Jon and myself have escalated in the past few weeks. Last week the exact Driver’s License image that Jon Greenwood sent to TIM in May for his KYC submission was posted on a public social media site by an individual defending TIM and claiming Jon was a fraud. So do you think your info is safe?
KYC jeopardy is the dirty bomb your mother warned you about.
Posted from my blog with SteemPress : https://www.cryptocriterion.com/kyc-what-it-is-and-why-its-necessary-a-case-study/