I talked to a lot of KYC/AML "providers" on BtcMiami conference. They are all pitching their cool solutions (some of them really cool - such as apps with face recognition, connected to driver licenses db in US, etc). $3-$10 per person.
Hardest questions noone of them could answer:
- what guarantee you have that your solution is compliant? There are none, because noone has these guidelines/policies to match. There are AML regulations for financial institutions, but they are totally different
- they store your data on their servers, no certification of security compliance and probably illegal in most countries due to collision with their privacy terms
- where and how they obtained blacklists / databases of private personal data? I bet there is no way DB for face recognition of US citizens can be given to a "blockchain" company
Hopefully it helps.
And to answer (2) - if your project passes Howey and has all ingredients of utility, such as immediate use in platform - you actually dont need KYC/Aml. But it's still a gray area, because it's not a black and white test, and all depends on wording and experience of your legal team.
Thanks for the contribution. Yes, it's becoming a big problem. One of the US exchanges I use goes through a third party to verify identities and I am pretty sure that it's a government sanctioned entity. What I am witnessing is that these ICO's are requesting KYC information in an attempt to appear more legitimate, but then they request that the information be sent to their cloudflare proxy so there's no way to verify their credentials. The problem is that non-assuming investors are aimlessly trusting these guys, and at times, aggressively vouching for their credibility due to the very fact that the ICO is requesting KYC documents. This guy on youtube is even helping them mine for identities:
https://www.youtube.com/watch?v=C-D1qSUZDoA It's not good and people need to be educated. I am hoping that this thread could become a source of reference for those who are searching for answers on this topic.