The proper way is to establish this before the user deposits. If a user passes KYC, you know who the user is and you know funds deposited afterwards belong to that user. If anything comes up, you can always ask the same user to verify his identity again to prove ownership of the account/funds.
However, if you do this after depositing, you can't be certain the original user is the same as the person submitting KYC-documents.
Stop hiding behind obfuscation, you clearly don't follow established and common methods. Most exchange & custodial wallet have detailed information/procedure such as :
1. Limit deposit/withdraw (whether it's daily, weekly, monthly or all-time) without identity verification
2. If user deposit above limit, you should ask for identity verification after deposit is made, not when user attempt to withdraw.
Why don't you start by mention those information on your Customer Support page for sake of transparency and prevent your user getting confused/angry?
Let me answer to both statements made above:
Since we are not able to perform KYC to absolutely all users, we can't be certain that suspicious activity will not be manifested on the accounts that have avoided the verification.
Under the current model, a few users are requested to comply with KYC/AML requirements whereas the proposed option puts many more of them under stress.
Mind that the real practice of "other wallets" may vary and contradict to the "detailed terms".
Anyways, if only you hadn't advertised your service as a wallet, but rather a changelly-esque style exchange, a lot of these arguments mentioned above would've been avoided.
(Though i must note that asking for KYC after someone performs a transaction is still scummy behaviour, whether legal or not, and rather absurd if the transaction doesn't include fiat and or gateways to fiat.)
Again, Your TOS is still ridiculous though. I'm not sure where you're based, but i'm pretty sure you can't just claim funds of customers that you deem to be "Fraudulent".
Thanks for making these points.
We appreciate the feedback of the community expressed here and considering the modification of our present KYC policy with respect to reasonable concerns.
