I think that the rules are set by the development team itself. Bounty Manager cannot influence KYC requirements.
Absolutely I agree. It's not the Bounty Manager, it's the team. After all, the bounty manager is just doing his job. And I've never heard a bounty manager collect all the funds and run away. If the team is trustworthy and has AML registration, I think there is no need for KYC for the bounty manager.