Know Your Customer (KYC) is the process by which a financial service identifies and verifies its customers. Anti-Money Laundering (AML) is the broader regulatory framework requiring institutions to detect and report suspicious financial activity.
For Web3, KYC/AML applies to:
- Centralized exchanges (CEX), globally, with varying intensity by jurisdiction.
- Custodians and qualified custodians.
- On/off-ramps between fiat and crypto.
- Increasingly, certain DeFi front-ends and "regulated DeFi" wrappers, depending on jurisdiction.
The relevant regimes vary widely: MiCA in the EU, PSAN in France, VASP in many other jurisdictions, FinCEN rules in the US, the Travel Rule for transfers above thresholds. Operating across borders requires either a deliberate jurisdictional strategy or a compliance partner who has one.
For security purposes, KYC/AML obligations dictate documented controls, audit logs, suspicious-activity reporting workflows, and incident-response coordination with regulators, not just technical security.