Posted on

Customer ID Now Required for Crypto Exchange Purchases in Malaysia

New policies for cryptocurrency exchanges developed by Malaysia’s central bank have gone into effect.

Bank Negara Malaysia announced Tuesday that its “Anti-Money Laundering and Counter Financing of Terrorism Policy for Digital Currencies” is now the law of the land. As outlined in the published policy documentation, the rules will apply to all activities performed by cryptocurrency exchanges that offer both fiat-to-crypto and crypto-to-crypto trading services.

The move follows months of public consultation on the issue. In December, officials from the central bank published draft rules which were then opened up for input to industry stakeholders. Officials began speaking publicly about the framework as far back as November, as reported at the time.

At its heart, the policy requires that exchanges be more diligent about checking and collecting information about the customers who are using their trading platforms, according to the text released Tuesday.

“Reporting institutions are required to conduct customer due diligence on all customers and the persons conducting the transaction when the reporting institution establishes business relationship with customer and when the reporting institutions have any suspicion of money laundering or terrorism financing,” the policy document states.

Specific pieces of data required include the customer’s full name, their address and date of birth, as well as information about the purpose of their transactions.

Still, the central bank stressed that Tuesday’s release doesn’t represent any kind of endorsement from them – nor does it mean that officials are moving to consider cryptocurrencies a form of legal tender in Malaysia.

“Members of the public are advised to carefully evaluate the risks associated with dealings in digital currencies,” the central bank said.

Central Bank of Malaysia image via Shutterstock

The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. Have breaking news or a story tip to send to our journalists? Contact us at

Posted on

Austria Planning New Regulations for Cryptocurrency, ICOs

Austria has joined the list of countries planning to regulate cryptocurrencies and will use as a model existing rules for the trading of gold and derivatives.

The government’s central concern is curbing the use of cryptocurrencies for money laundering, Bloomberg reports. Likewise, it wishes to extend oversight measures for traditional financial products to crypto assets.

“Cryptocurrencies are significantly gaining importance in the fight against money laundering and terrorism financing,” Finance Minister Hartwig Loeger was quoted as saying. As a result, he went on to say, “We need more trust and security.”

Loeger outlined several measures the government plans to implement, including requiring cryptocurrency market participants to identify all trading parties and to disclose trades of €10,000 ($12,300) or more to the government’s financial intelligence unit.

The regulation will also cover initial coin offerings (ICOs), Loeger said. The government will apply existing rules regarding market manipulation, insider trading and front-running, and organizers will be required to submit “digital prospectuses” to the country’s Financial Market Authority (FMA).

The finance minister’s statements come on the heels of a report that the Austrian government is seeking suspects in an alleged bitcoin scam by a company called Optioment, which may have resulted in investor losses of up to $115 million.

Loeger also suggested that the European Union should implement cryptocurrency regulation. This may well come to fruition as the European Commission announced Thursday that top central bank and market supervision figures in addition to unidentified “market players” will meet next week to discuss the matter.

Austrian parliament image via Shutterstock

The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. Have breaking news or a story tip to send to our journalists? Contact us at

Posted on

AML vs. Privacy: Crypto's Compliance Conundrum

Marc Hochstein is the managing editor of CoinDesk and a former editor in chief of American Banker.

The following article originally appeared in CoinDesk Weekly, a custom-curated newsletter delivered every Sunday exclusively to our subscribers.

Each of these three stories out of Southeast Asia is significant on its own, but when you read them side by side they tell a much bigger, global story.

First, on Jan. 23 South Korea’s financial regulator set a date for the introduction of a new rule barring anonymous cryptocurrency trading accounts. (Or, as some sensitive snowflakes out there prefer we’d put it, “requiring customer identification for crypto trading accounts” – we never imagined anyone in this space would want to sugarcoat unwelcome news with euphemisms, yet here we are. But I digress…)

The very next day, a different South Korean agency fined several cryptocurrency exchanges for failing to secure customer data. “While the security threats such as virtual currency speculation and hacking of handling sites are increasing, the actual situation of personal information protection of major virtual currency exchanges is very weak,” warned the chairman of the Korea Communications Commission in announcing the fines.

Topping it all off, on Jan. 26, Coincheck, a crypto exchange in Japan, admitted it had been hacked in what appears to be the largest single theft in cryptocurrency history. Some $533 million worth of a mid-tier crypto known as XEM were pilfered.

So let’s step back here. Taken together, these events remind us that:

1. Concerned about money laundering and financial crime, international regulators want to make sure crypto exchanges, like most financial intermediaries, know who their customers are. Depending on how much crypto a user trades, this entails the exchanges collecting all sorts of personally identifiable information: real name, address, a copy of your passport, even a selfie.

2. The exchanges aren’t very good at securing this data. Which isn’t a surprise, because…

3. They aren’t very good at securing users’ funds, either.

Experienced crypto users will tell you that the answer to No. 3 is to keep most of your coins in cold storage and use the exchanges only for assets you’re actively trading. But the first two observations present a much knottier problem.

In short, the juxtaposition lays bare the fundamental tension between compliance with anti-money-laundering and know-your-customer laws, on the one hand, and data privacy on the other.

No easy fix

There are a number of ways to potentially resolve this conflict:

Revisit AML laws. Ha. Fat chance.

Not that these don’t deserve greater scrutiny. Libertarian early adopters of bitcoin may overstate their case (and invite ridicule from smug, soy-eating bluechecks) when they declare “money laundering is not a crime.” A better way to put it is this: It stands to reason that covering up a crime is itself a crime, but should it be a crime to obscure activity that is not itself illegal or harmful, simply because doing so inconveniences law enforcement?

Some would say the answer is yes. There is a lot of nasty activity going on out there, even if you exclude victimless crimes (those involving only consenting adults). But the question needs to be asked of policymakers more than it has been. Still, don’t hold your breath for much in the way of change in a political climate shaped by 9/11, Charlie Hebdo, San Bernardino, etc.

Exempt crypto businesses from AML laws. LOL, JK. See above.

Require exchanges to tighten up cybersecurity. Say what you will about Benjamin Lawsky, but the former New York State regulator and architect of the BitLicense recognized the importance of diligent security practices for digital asset custodians. In fact, the strict cybersecurity standards he wrote for cryptocurrency firms in that controversial regulation were later imposed on traditional financial institutions on the NYS Department of Financial Services’ watch (over their objections).

Granted, the BitLicense hasn’t exactly been a roaring success, with a grand total of four licenses granted since the regulation took effect in 2015 (unless you count the two trust charters given to applicants). Most startups in the crypto space have simply avoided doing business with Empire State residents or performed contortions to get around the regulations, viewed as onerous for a number of reasons. But the cybersecurity requirements aren’t usually cited among them.

More to the point, though, this approach still amounts to saying “thou shalt collect and store nuclear waste – oh, and you better secure it, too.” More creative solutions might be in order.

Thread the needle. In other words, find a way to satisfy the objective of fighting crime without making businesses hold all this data in the first place.

For example, there is an adjacent ecosystem of digital identity startups and open-source projects aiming to create personal data vaults and reusable IDs. Although models vary, a common thread is that instead of giving the keys to your identity to every stranger you do business with, you could just present them with proof that you are entitled to access a given resource.

For example, a bouncer at a club needs to know you’re old enough to drink, but not your exact birthday; similarly, if you can prove to a bitcoin exchange that you’re not on the U.S. Treasury Department Office of Foreign Assets Control’s sanctions list, maybe they wouldn’t need that copy of your passport.

The big idea is that not everyone you trade with needs to know who you are as long as someone knows who you are. Law enforcement could still trace transactions through the blockchain, to an exchange, and ultimately to an identity provider that could identify the user under court order.

Generally this concept, articulated in the 2014 Windhover Principles and elsewhere, sounds like an improvement on the status quo. But real-world applications have been rare.

Also, you could argue that even if put into wider practice, these ID solutions might amount to a mere rearrangement of deck chairs, at best. If we no longer have lots of nuclear waste facilities, but instead have a few big nuclear waste facilities (with back doors for law enforcement to boot), won’t that make identity thieves’ job even easier?

And finally, even if these ID providers are secure, who’s to say they’d insist on seeing a warrant before giving up your data to the government? The Snowden revelations showed how the odious “third-party doctrine,” which states that citizens have no reasonable expectation of privacy when they give information to a business, has undermined Fourth Amendment protections in the U.S. It’s hard to trust governments to respect constitutional limits on their power in this day and age, and Donald Trump occupying the Oval Office is really the least of it.

One sincerely hopes that the development of decentralized exchange will eventually make the issue moot, at least as it relates to trading of digital assets. Until then, stay vigilant about protecting your money, your personal information, and your civil liberties.

Chalkboard image via Shutterstock

The leader in blockchain news, CoinDesk strives to offer an open platform for dialogue and discussion on all things blockchain by encouraging contributed articles. As such, the opinions expressed in this article are the author’s own and do not necessarily reflect the view of CoinDesk.

For more details on how you can submit an opinion or analysis article, view our Editorial Collaboration Guide or email