My name is Dylan, and I work in Mt.Gox's Compliance Division. Our division is responsible for handling the Anti-Money Laundering (AML) and Know Your Customer (KYC) activities for Mt.Gox, and we thought some of our users and the wider community might be interested in having an insight into how the whole process works. For those who may not be aware, AML/KYC checks involve us collecting from our users one piece of photographic identification, and one proof of residence document to help us identify you. Once you've read through it all, feel free to post any questions you might have about the process, as I'd be more than willing to answer any you may have.Why do AML/KYC?
We are often asked both by email and on the forum why Mt.Gox does these checks. To give a very basic explanation of this issue, Mt.Gox handles both Bitcoin and fiat currency (Dollars, Euros, etc.) As a result, we are bound by the laws of Japan and America, along with various international regulations which cover the fiat side of our business. Very similar to how a bank in most countries must be regulated to ensure they are not facilitating money laundering, terrorist financing or the like, we are obliged to follow the same rules.
Whilst we could simply ignore our legal obligations, as a number of smaller, successful exchanges have done in the past, we have found that this invariably causes problems for both us and our customers. By not performing adequate AML/KYC checks, the banks that we must operate through can and have shut down bank accounts, trapping customer funds and causing us a lot of headache. Therefore, we try to follow this process as best as we are able with as little impact to our users as possible.What does the process involve?
First, we ask you to provide one piece of government issued photographic identification, which is usually either:
- A driver's license,
- A passport, or;
- A military identification card (surprisingly, we have a large number of customers in the armed forces of various countries.)
We then ask you provide some form of proof of residence document, which is an official document issued within the last three months bearing both your name and full street address. For obvious reasons, we cannot accept addresses with PO Boxes. Usually, we receive one of the following:
- A utility bill,
- An internet bill,
- A cell phone or mobile phone bill,
- A tax return,
- A residency certificate issued by your local government,
- A voting registration form, or;
- A medical insurance bill
Whilst many of our users submit bank statements as their proof of residence, we unfortunately cannot accept bank statements from our customers. This is because it is relatively easy for fraudsters to open an account at a less reputable banking service which does not check the accuracy of a person's stated address. It is then possible to use this bank's statement as a seed to open accounts at increasingly trustworthy establishments without ever having provided proof of residence in the first place.What does your division do?
The main job of the Compliance Division is to check documents we receive from our customers, and make sure that all of the necessary documents have been submitted, and more importantly, that none of the submitted documents are forgeries. We check submitted documents against our database of received documents, against publicly available sources of information and also put them through advanced image analysis to identify forgeries. This is done to protect both Mt.Gox and our users from fraudulent activity.What happens if my application is rejected?
If we reject your documents, we will always explain by email what went wrong in the verification process. The top 5 most common causes for rejection are:
- Not submitting all the documents. Many people only give us a driver's license or passport on their first attempt, without providing any proof of residence. This is the most common reason for rejection, and costs our customers the greatest amount of time in having their accounts verified.
- Submitting documents which are too dark or low-resolution to read. The second most common cause for rejection, illegible documents cannot be accepted. Usually this is the result of trying to take photos of documents using a webcam or camera phone, where poor low-light performance and grainy / low resolution images are the norm.
- Providing files in the wrong format. We have a specialised interface for reviewing documents and putting them through image analysis. At the moment, it can only handle files which are either JPEGs, PNGs or PDFs.
- Submitting a proof of residence document which has a different name on it to the photographic identification. This often happens when a user is still living with their parents, or if a spouse or room mate pays the utility bills. In these cases, a signed, notarised statement that you reside with whoever's name is on the proof of residence will be enough for us to verify you.
- Submitting documents in non-latin script. Unfortunately, the Compliance Division doesn't have any staff who can read Cyrillic, Korean, Arabic or Hebrew. As a result, when we receive documents in these languages we must ask our customers to provide English translations of them.
Please note that even if you are rejected the first time around, there is nothing wrong with this - we will keep working with you until we are able to get you verified.Myths and rumours
I'd like to address some myths and rumours that have sprung up surrounding our AML/KYC process, just to allay any fears people might have about our mysterious need to harvest everyone's identity.Mt.Gox sells personal information to the DEA
If we were going to sell your personal information to a law enforcement agency, it probably wouldn't be to the American Drug Enforcement Administration. We would make much more money selling it to our local Tokyo Metropolitan Police, since we wouldn't be losing any money on the currency conversion. This rumour probably sprung up because of an interview our CEO (MagicalTux for those on the forums) gave some time ago, where he mentioned sending a letter to the DEA explaining what Bitcoin was. This was back when a certain American Senator was investigating Bitcoin over the growing popularity of Silk Road.
So while we'd love to be able to offset the costs a little, if we were ever caught doing this as a company, we would face serious fines and even jail time. We hope that knowing that this threat to us exists gives you confidence that we're being kept honest.Mt.Gox has stricter AML/KYC requirements than other companies
This is actually true, in some cases. For example, before Dwolla changed their terms of service they allowed some users to become verified with only a driver's license, or only a proof of residence document. While we truly regret that we must ask for as much documentation as we do at Mt.Gox, we are providing services to users internationally in Europe, America, Russia, South-East Asia and elsewhere, and as such have to meet the harshest requirements of all of the countries we operate in.
Many of our German and Polish users have probably experienced a great deal of frustration getting verified with Mt.Gox, as Germany and Poland both issue an identity card which includes a person's current address. Unfortunately, because we must also follow American and Japanese rules, we also have to ask for separate proof of residence documents.Conclusion
I hope you found my post interesting, or at least informative. If you have any questions about our process, please feel free to either PM me or post here and I'll be sure to answer! If you have a question about your specific application to become verified, please email our AML email address so we can maintain the confidentiality of your application.