KYC and AML for Crypto Banks

Documents required, EDD thresholds, source-of-funds, ongoing monitoring.

Reviewed by Stephan Kulik · Last updated: 2026-04-21 · How we rank

Short answer

All regulated crypto banks require KYC under their jurisdiction\'s AML framework (FinCEN BSA / EU 6AMLD + MiCA / UK MLRs / etc.). Standard CDD needs: government ID + proof of address + selfie/liveness check. For larger or higher-risk accounts, EDD adds source-of-funds documentation. Platforms marketed as "no-KYC" are either unregulated (elevated risk) or DeFi (valid but different model).

The regulatory framework

Regulated crypto banks are Virtual Asset Service Providers (VASPs) under FATF terminology, and are bound by:

US: FinCEN BSA (Bank Secrecy Act), state-level money-transmitter rules
EU: 6AMLD + MiCA + upcoming AMLR (Anti-Money Laundering Regulation)
UK: Money Laundering Regulations (MLRs), FCA Handbook
Singapore: MAS Payment Services Act
Hong Kong: HKMA + SFC VASP regime
Japan: FSA VASP registration

All require, at minimum: customer identification, verification, risk assessment, ongoing monitoring, and Suspicious Activity Reporting. The specifics vary; the general shape is common.

Standard Customer Due Diligence (CDD)

What to expect for a standard retail account:

Photo ID: passport, national ID card, driver\'s license. Must be in-date.
Proof of address: utility bill, bank statement, tax document, government letter. Typically under 3 months old. Must match the address you declared.
Liveness check or selfie-with-ID: automated or human review, verifies ID photo matches you and confirms you are a real person (not deepfake or photo-of-photo).
Tax residency declaration: for CRS/FATCA reporting.
Questions about intended use: expected transaction volume, source of funds (high-level), purpose.

Automated tools (Onfido, Sumsub, Jumio, Persona) typically process standard CDD in minutes to hours. Manual review for edge cases adds 1-3 days.

Enhanced Due Diligence (EDD)

Higher-risk customers or higher-value accounts trigger EDD:

Politically Exposed Persons (PEPs) — government officials, their families, close associates
High-net-worth individuals (account value above a platform-specific threshold)
Customers from higher-risk jurisdictions on FATF grey-list or platform-specific lists
Customers with unusual source-of-funds patterns

EDD adds:

Extended source-of-funds documentation (tax returns, employment records, business statements, sale contracts for property or business)
Senior-management approval to open or continue the relationship
Enhanced ongoing monitoring
More frequent re-verification (annual or more)
Sometimes: in-person or video-call verification

Source of funds

The most common friction point. When depositing significant amounts, expect to provide:

Pay-stubs (last 3-6 months)
Tax returns (last 1-3 years)
Bank statements showing the source of the funds you\'re depositing
If from a business: business tax returns, audited financials
If from sale of assets (property, business): sale contract
If from inheritance: estate documents
If from crypto (not fiat): documentation of your crypto acquisition, historical exchange records

Platforms prefer paper trails that show a continuous history, not sudden unexplained wealth.

Sanctions and PEP screening

At onboarding and ongoing, platforms screen customers against:

OFAC (US) sanctions lists
EU consolidated sanctions list
UK HM Treasury consolidated list
UN Security Council sanctions
Country-specific lists
PEP databases (often commercially sourced — Dow Jones Risk, Refinitiv World-Check, LexisNexis)

False positives on name matching are common (shared name with a sanctioned individual). Provide full name, date of birth, and passport data to speed resolution.

Ongoing monitoring

After onboarding, platforms continuously monitor:

Transaction size and frequency vs declared patterns
Counterparty risk (addresses associated with mixers, sanctioned entities, darknet markets)
On-chain analysis via Chainalysis, TRM Labs, Elliptic
Cross-checks against new sanctions designations
PEP-status changes

Flags trigger either customer outreach, temporary account restriction pending review, or in severe cases a SAR filing.

Practical tips for smooth KYC

Use high-quality, well-lit photos of documents (not photos of screens)
Name on all documents must match exactly — including middle names, accents, hyphens
Proof-of-address must show the address you declared; use the most recent bill available
Complete source-of-funds declaration truthfully — unexplained gaps are worse than a legitimate long story
Respond to EDD requests promptly — delays extend temporary restrictions
If your situation is complex (expat, multi-jurisdiction residency, business-owner), choose a platform familiar with your profile (Revolut for cross-border, Sygnum for HNWI, etc.)

Frequently asked questions

Why do crypto banks require KYC? +

Regulated crypto banks are subject to AML (Anti-Money Laundering) and CFT (Counter-Terrorist Financing) obligations under their jurisdiction's framework — FinCEN BSA (US), 6AMLD (EU, + MiCA-specific rules), MLRs (UK), equivalent elsewhere. These require Customer Due Diligence (CDD) before opening an account, Enhanced Due Diligence (EDD) for higher-risk customers, ongoing monitoring, and Suspicious Activity Reporting. A crypto bank operating without KYC is either unregulated (higher risk to customer) or breaking the law in its jurisdiction.

What documents do crypto banks typically ask for? +

Standard CDD: (1) government-issued photo ID (passport, national ID, driver's license) — for identity verification; (2) proof of address (utility bill, bank statement, tax document — usually under 3 months old); (3) selfie with ID or live liveness check — to prevent ID theft. Enhanced for larger accounts or higher-risk customers: (4) source of funds documentation (pay-stubs, tax returns, bank statements, share-disposal records); (5) occupation and employer details; (6) expected transaction patterns; (7) tax residency certification.

What is Enhanced Due Diligence (EDD)? +

EDD is a higher level of verification for customers deemed higher-risk: Politically Exposed Persons (PEPs), high-net-worth individuals, customers from higher-risk jurisdictions, customers with complex source-of-funds situations. EDD typically adds: more extensive source-of-funds verification, senior-management approval to open the account, enhanced ongoing monitoring, more frequent re-verification. Expect 2-6 weeks for EDD onboarding vs 1-2 days for standard CDD.

What triggers source-of-funds questions? +

Common triggers: first deposit over €10k (or local equivalent), deposit from an unexpected source, inconsistency between declared income/occupation and deposit patterns, withdrawal pattern that looks like cash-out-to-launder, deposits from mixer addresses or high-risk on-chain history. Expect to provide: pay-stubs, tax returns, sale contract (if funds came from property sale), brokerage statements, business bank statements. Respond promptly with real documentation — delays compound.

Are there "no-KYC" crypto banks? +

Legitimate regulated crypto banks all do KYC. Platforms marketing as "no-KYC" are typically: (a) unregulated offshore exchanges (elevated platform-risk; if something goes wrong, no recourse); (b) DeFi protocols accessed directly from a self-custody wallet (valid but different model — you're not opening an account); (c) peer-to-peer exchanges with user-level KYC but no platform-level (residual risk). The trade-off is direct: no-KYC = lower compliance friction + higher risk of fraud, freeze, and legal exposure; KYC = higher friction + regulatory protections.

Can I use someone else's account or a shared account? +

No. All regulated crypto bank accounts are personal or business (with identified beneficial owners). Using someone else's account is a violation of the terms of service, creates tax issues (who reports income?), and can be prosecuted as structuring or money laundering in some jurisdictions. Sharing an account with a spouse/family member typically requires joint-account opening with both parties' KYC.

What is ongoing monitoring? +

Regulated crypto banks continuously monitor transactions against normal patterns. Flags: sudden large inflows, unusual counterparties, rapid deposit-withdrawal (structuring indicators), transactions to sanctioned addresses, on-chain activity touching mixers, patterns inconsistent with declared occupation. When flagged, the platform may request additional information, temporarily freeze pending review, or file a Suspicious Activity Report (SAR) with the relevant Financial Intelligence Unit.