Subscribe to our blog
Get ahead with our award-winning insights on the latest developments in the fraud and compliance landscape. Enter your email below to receive our blog posts directly to your inbox.

Post Written by

Last week, the SEC asked to speak with us. The SEC has been very active recently, issuing numerous subpoenas. Interestingly, we are not conducting an ICO, presale or SAFT. Instead, we support companies who are, providing Know Your Customer (KYC) support, sometimes called AML/KYC. We began in September of last year and have since worked with over 70 companies conducting an ICO.

After initial concern about what the SEC wanted, we arranged a meeting to find out. We didn’t talk about securities vs utility tokens, instead, we spoke about the following:

1) What’s out there from a KYC perspective?

The SEC seems to want ICOs to perform KYC, and perform it well. That is, to see that the identity of customers is being established and then used to draw conclusions about the nature of their activities, the legitimacy of their funding, and that associated money-laundering risks are understood.

The level of KYC we’ve seen performed varies by ICO. Some companies who don’t work with us do none, while we’ve had clients go above and beyond, using a dual-source method in conjunction with document validation and face-match.

IdentityMind provides our clients with a risk-based KYC process that uses multiple tiers to ensure that:

  • An individual or entity is who they say they are
  • They are allowed to take part in a token sale (e.g. they are not on a sanctions list)
  • The risk posed to the token issuer is within the acceptable limits

2) How can companies ensure the individual is who they say they are?

The SEC seemed to like that there were solutions that were more than one tool. Document Validation is an example of a useful tool, but one that should be used with others.

IdentityMind looks at IP address, name and address validation, and government documents to check that everything is consistent. In addition, we offer face match services that compare a selfie of the individual to the picture in the government issued ID.

3) How can you prevent bad actors from trying to hide their location?

The concern is that individuals from sanctioned countries could be obfuscating their true location and buying tokens from US companies, in violation of OFAC or other sanctions lists.

IdentityMind prevents this by looking at the IP address and determining if it’s using:

  • A proxy and if so, what kind (corporate, known-good, known-bad)
  • The Tor network or a VPN

If either is true, the application is denied.

4) How do you prevent ICOs from being used by money launderers?

The worry here may have been that bad actors could launder large amounts of cryptocurrency via an ICO, thereby making it ‘clean’.

IdentityMind prevents this via

  • Velocity tests: preventing users from creating multiple accounts
  • Risk-based enhanced due diligence (EDD): clients can mandate EDD for contributors over a certain dollar amount
  • Blockchain explorer: we can see the risk of the currency coming in, specifically if it’s associated with bad actors or dark market sites

IdentityMind for Token Sales


5) Is anyone tracking tokens after the token sale to ensure they don’t end up in sanctioned countries?

No one is currently doing this for ICO tokens for the same reason that no one is doing this for bitcoin, which is that it’s impossible to know where the coins go after the initial sale. Much like cash, tokens can be sent or physically moved via paper wallet or hardware wallet.

IdentityMind provides transaction monitoring, but both sides of the equation must be known. This means the individual or entity who bought the token would have to sell to customers who had also been KYC’d by the company doing the ICO. To our knowledge, no one has monitored transactions after the initial coin sale because of the difficulty in doing so with ERC-20 tokens.

The SEC reaching out to us provided a rare opportunity to see what they were thinking about. We spent so long discussing the above that we didn’t get around to asking them questions on:

  • Utility tokens and if they even exist in their mind
  • Regulation S securities sold back into the US (these are securities which are originally issued outside of the US and do not need to be registered with the SEC)
  • Future actions they plan to take

We’ll be keeping our ears to the ground on these issues.

Our conversation went well and they seemed like knowledgeable individuals trying to learn more about a complex and new industry. Contrary to some opinions, especially after the spate of ICO shut-downs, they were not hell-bent on destroying the industry. Why? Likely because they’re just trying to understand the existing technology and see how regulations can be enforced to protect investors.