When a custodian, exchange, or fiat off-ramp asks for your name, address, and document, that is KYC (Know-Your-Customer). It is the bedrock of how regulated finance accepts crypto into the mainstream.
KYC is not theatre — it is a legal duty placed on the intermediary, not on you. Your information is then used in two distinct workflows:
- Identity verification — the intermediary confirms you are who you say you are (document scan, liveness check, address proof).
- Ongoing monitoring — your transactions are screened against sanctions lists, PEP (politically exposed person) registers, and adverse-media databases for the lifetime of the relationship.
What you should actually care about
- Data minimisation. Provide only the data the provider's licence requires. A regulated EU exchange typically needs name, DOB, address, document — not your salary or marital status.
- Data retention. EU MiCA requires KYC records be kept for 5 years after the relationship ends. Older retention periods (10+ years) belong to legacy AML rules and are often over-collection.
- Travel Rule. When you send crypto to another regulated venue, the originator sends your KYC fields to the beneficiary venue. This happens automatically — you should know it's happening.
When KYC is not required
Self-custody transfers between your own wallets are not KYC events. Hardware-wallet-to-DEX swaps below threshold values are typically exempt. Knowing where the line is keeps your privacy where it belongs.