Provided you draw a clear line between individual businesses implementing their own KYC procedures and nothing whatsoever being implemented at the protocol level, then that's fine.

Businesses have laws they have to adhere to.  Even if those laws are a direct cause of identity theft, by mandating that companies store a vast trove of customers' personally identifiable and financially sensitive information for hackers to then steal.  Yay for dumb laws!