KYC, AML, and SoF checks should work the following way, if applicable: The exchange asks you to provide the address that you will pay from. When you do, they do their background checks with their third-party blockchain analysis providers. You receive feedback that states that your coins are either ok or additional information will be needed from you.
Some exchange services (I won’t name them to keep them off the regulatory radar) actually do work this way.
I have used some exchanges this way too
The problem is that users simple do not care about this. Usually, people just send funds to exchanges (or swap services) and pray that everything will be ok.
Barely no user opens the support chat, share his address and volume he wants to swap prior to trading.