I think that the KYC can be checked by exchanges and exchangers, which will be registered and checked for the ability to keep confidential data of citizens safe. Such a test can not be handled by ICO teams, which themselves do not pass due verification and are very likely to be potential fraudsters themselves. In general, KYC should ideally be tested by state bodies that must ensure the safety and security of confidential information of citizens and bear direct responsibility for its leakage.