Know Your Customer / Anti-Money Laundering
An international regulatory regime requiring financial institutions and crypto-asset operators to verify customer identity (KYC) and interdict money-laundering and terrorism-financing pathways (AML).
Definition
KYC obliges institutions to confirm a customer's identity, existence, ultimate beneficial owner, and intended transactions. AML covers suspicious-activity monitoring, reporting, and freezing. FATF (Financial Action Task Force) recommendations are the international skeleton, transposed into national law (US BSA, EU AMLD, Japan APTC).
By 2026 the EU has refreshed the framework with AMLR (Anti-Money Laundering Regulation) + AMLD6 + AMLA (a new supervisor), and is extending the regime to crypto-asset operators. Non-compliance translates directly into business-stop orders and sizable fines.
The core tension is privacy. KYC/AML demands collection of sensitive personal data, while the same data carries breach, secondary-use, and marketing-misuse risks. Attribute-based minimal disclosure is the technical answer.
Lemma Oracle implementation
Lemma lets an issuer sign KYC attributes (nationality, age band, KYC-verified flag, not-on-sanctions list) as commitments. The customer then opens only the attributes a given bank needs, via selective disclosure.
The receiving institution satisfies identity-verification responsibility without taking custody of the raw data. GDPR's data-minimization mandate, cross-border data restrictions, and KYC/AML obligations all coexist on a single technical path.
Recording who verified which attribute when, in ZK-bound audit-trail form, withstands subsequent regulatory inquiry.