Mt.Gox AML/KYC Process Explained

[MtGox_Dylan]

Hi Everyone,

My name is Dylan, and I work in Mt.Gox's Compliance Division. Our division is responsible for handling the Anti-Money Laundering (AML) and Know Your Customer (KYC) activities for Mt.Gox, and we thought some of our users and the wider community might be interested in having an insight into how the whole process works. For those who may not be aware, AML/KYC checks involve us collecting from our users one piece of photographic identification, and one proof of residence document to help us identify you. Once you've read through it all, feel free to post any questions you might have about the process, as I'd be more than willing to answer any you may have.

Why do AML/KYC?

We are often asked both by email and on the forum why Mt.Gox does these checks. To give a very basic explanation of this issue, Mt.Gox handles both Bitcoin and fiat currency (Dollars, Euros, etc.) As a result, we are bound by the laws of Japan and America, along with various international regulations which cover the fiat side of our business. Very similar to how a bank in most countries must be regulated to ensure they are not facilitating money laundering, terrorist financing or the like, we are obliged to follow the same rules.

Whilst we could simply ignore our legal obligations, as a number of smaller, successful exchanges have done in the past, we have found that this invariably causes problems for both us and our customers. By not performing adequate AML/KYC checks, the banks that we must operate through can and have shut down bank accounts, trapping customer funds and causing us a lot of headache. Therefore, we try to follow this process as best as we are able with as little impact to our users as possible.

What does the process involve?

First, we ask you to provide one piece of government issued photographic identification, which is usually either:

• A driver's license,
• A passport, or;
• A military identification card (surprisingly, we have a large number of customers in the armed forces of various countries.)

We then ask you provide some form of proof of residence document, which is an official document issued within the last three months bearing both your name and full street address. For obvious reasons, we cannot accept addresses with PO Boxes. Usually, we receive one of the following:

• A utility bill,
• An internet bill,
• A cell phone or mobile phone bill,
• A tax return,
• A residency certificate issued by your local government,
• A voting registration form, or;
• A medical insurance bill

Whilst many of our users submit bank statements as their proof of residence, we unfortunately cannot accept bank statements from our customers. This is because it is relatively easy for fraudsters to open an account at a less reputable banking service which does not check the accuracy of a person's stated address. It is then possible to use this bank's statement as a seed to open accounts at increasingly trustworthy establishments without ever having provided proof of residence in the first place.

What does your division do?

The main job of the Compliance Division is to check documents we receive from our customers, and make sure that all of the necessary documents have been submitted, and more importantly, that none of the submitted documents are forgeries. We check submitted documents against our database of received documents, against publicly available sources of information and also put them through advanced image analysis to identify forgeries. This is done to protect both Mt.Gox and our users from fraudulent activity.

What happens if my application is rejected?

If we reject your documents, we will always explain by email what went wrong in the verification process. The top 5 most common causes for rejection are:

• Not submitting all the documents. Many people only give us a driver's license or passport on their first attempt, without providing any proof of residence. This is the most common reason for rejection, and costs our customers the greatest amount of time in having their accounts verified.
• Submitting documents which are too dark or low-resolution to read. The second most common cause for rejection, illegible documents cannot be accepted. Usually this is the result of trying to take photos of documents using a webcam or camera phone, where poor low-light performance and grainy / low resolution images are the norm.
• Providing files in the wrong format. We have a specialised interface for reviewing documents and putting them through image analysis. At the moment, it can only handle files which are either JPEGs, PNGs or PDFs.
• Submitting a proof of residence document which has a different name on it to the photographic identification. This often happens when a user is still living with their parents, or if a spouse or room mate pays the utility bills. In these cases, a signed, notarised statement that you reside with whoever's name is on the proof of residence will be enough for us to verify you.
• Submitting documents in non-latin script. Unfortunately, the Compliance Division doesn't have any staff who can read Cyrillic, Korean, Arabic or Hebrew. As a result, when we receive documents in these languages we must ask our customers to provide English translations of them.

Please note that even if you are rejected the first time around, there is nothing wrong with this - we will keep working with you until we are able to get you verified.

Myths and rumours

I'd like to address some myths and rumours that have sprung up surrounding our AML/KYC process, just to allay any fears people might have about our mysterious need to harvest everyone's identity.

Mt.Gox sells personal information to the DEA

If we were going to sell your personal information to a law enforcement agency, it probably wouldn't be to the American Drug Enforcement Administration. We would make much more money selling it to our local Tokyo Metropolitan Police, since we wouldn't be losing any money on the currency conversion. This rumour probably sprung up because of an interview our CEO (MagicalTux for those on the forums) gave some time ago, where he mentioned sending a letter to the DEA explaining what Bitcoin was. This was back when a certain American Senator was investigating Bitcoin over the growing popularity of Silk Road.

We invite our users to read our privacy policy and repeated posts on the forums where we state that we will only provide your personal documents when legally required to do so. This will usually involve law enforcement agencies issuing us a court order compelling us to release an individual's information and is a very rare event even in the fiat banking world.

Mt.Gox makes money from personal identification some other way, like selling it to advertisers

While it would be a great income stream for us, sadly we are not legally allowed to sell your personal information. This is both because of our privacy policy, and because we are based in Japan, a country with some of the strictest privacy laws in the world. In fact, hiring staff to fill our Compliance Division, hosting and securing an extremely large amount of image data and carrying out the AML/KYC process is one of our more significant company expenses.

So while we'd love to be able to offset the costs a little, if we were ever caught doing this as a company, we would face serious fines and even jail time. We hope that knowing that this threat to us exists gives you confidence that we're being kept honest.

Mt.Gox has stricter AML/KYC requirements than other companies

This is actually true, in some cases. For example, before Dwolla changed their terms of service they allowed some users to become verified with only a driver's license, or only a proof of residence document. While we truly regret that we must ask for as much documentation as we do at Mt.Gox, we are providing services to users internationally in Europe, America, Russia, South-East Asia and elsewhere, and as such have to meet the harshest requirements of all of the countries we operate in.

Many of our German and Polish users have probably experienced a great deal of frustration getting verified with Mt.Gox, as Germany and Poland both issue an identity card which includes a person's current address. Unfortunately, because we must also follow American and Japanese rules, we also have to ask for separate proof of residence documents.

Conclusion

I hope you found my post interesting, or at least informative. If you have any questions about our process, please feel free to either PM me or post here and I'll be sure to answer! If you have a question about your specific application to become verified, please email our AML email address so we can maintain the confidentiality of your application.

[repentance]

I suggest getting the mods to sticky this at the top of the forum.  The issue comes up repeatedly and this thread will quickly drop off the page if it's not stickied.

[MtGox_Dylan]

Good point, I'll contact them now.

[Polvos]

Taking huge damage from the complaining posts lately, Gox?
When are you going to understand that we, the informed customers, demand a fair and professional service?

You taint coins? We leave your exchange. Is that simple.
You delay withdrawals? We continue using intersango. It's not so hard to understand.
You freeze customers money? We contact other users in Bitcoin-OTC

Action-reaction.

[MtGox_Dylan]

Hello Polvos,

As I work in the Compliance Division, I can really only comment on your last point - freezing money.

Unfortunately, we are legally obliged to occasionally hold customer funds pending the outcome of an investigation by the banks we work with. We don't have any control over this, it's simply one of the consequences of carrying out a large number of large bank transfers. Of course, transferring funds person to person carries much lower risk of needing to provide AML documents, as the size of the transfer is usually much smaller, and is usually either a once off or done only occasionally.

If you only need once off or occasional conversion of Bitcoins into currency in small amounts, and can find someone you trust on Bitcoin-OTC, you are probably better off going through them if you don't want to risk one day having to provide personal information.

I do apologise that you are not satisfied with our service.

[MtGox_Dylan]

Hi Goat,

For point 1 - We don't give, sell, offer or in any other way make available our documents to law enforcement agencies unless we are legally compelled to do so  ... With the following exception:

For point 2 - We only report customers to the police relevant financial regulator when we have actual proof that they are actively involved in severe financial crimes such as money laundering or terrorist financing as we are legally obliged to do so. With regards to your particular case, I'll have to ask MagicalTux and get back to you. Would you prefer a public answer or for me to PM you?

Edit - oops, edited for clarity.

[the joint]

This AML/KYC "Process explained" is nice to see.  However, this explanation does absolutely nothing to address customer service issues.

There have been literally dozens and dozens of complaints related to customer service, particularly with regards to frozen funds.  Usually, these complaints are of the following nature:  They either 1) scrutinize Mt. Gox for their lack of clarity of specificity in responses to customer complaints,  2) scrutinize Mt. Gox for their failure to respond in a timely manner, or 3) scrutinize Mt. Gox for relaying false information, usually pertaining to the amount of time in which the issue is assumed to be resolved.

I have a few questions:

1)  What is the exact number of customer service representatives employed by Mt. Gox?  

2)  What are the exact minimum and exact maximum number of customer service representatives working and available for support at any given time?  

3)  What is the average salary/wage paid to each customer service representative employed by Mt. Gox?

4)  How many hours does a typical customer service representative employed by Mt. Gox work each week?

5)  In what manner does Mt. Gox hold itself accountable for relaying false information to its customers?  I'm thinking of Inaba's recent- and ongoing thread as I type this question.  It appears that it has been a theme for Mt. Gox to respond to such accusations indirectly, for example by citing AML/KYC regulations, and not directly by responding to the specific accusation.

6)  Is Mt. Gox willing to implement a 'guarantee' policy related to statements made to its customers (e.g. a time-frame wherein Mt. Gox has indicated that it will release frozen funds, wherein a transfer of funds will take place, etc.)?

[Maged]

I suggest getting the mods to sticky this at the top of the forum.  The issue comes up repeatedly and this thread will quickly drop off the page if it's not stickied.

I'll sticky it for now, but I'd much rather that there be a more general AML sticky that discusses the issue as well as this one does and then links to company-specific AML information, such as this thread.

[MtGox_Dylan]

@Goat, I'm having a hard time catching MagicalTux, if I can't catch him by COB today I'll have an answer for you on Monday. I'm very sorry for the delay.

@The Joint, I'm aware that there have been a lot of complaints recently about how customer service has been handled by us. I'm only authorised to talk about the activities of my division at the moment (AML/KYC), but I'll see if I can get an answer for you on each of your points. I should warn you ahead of time that I probably won't be allowed to discuss specific staff salaries for obvious reasons, but I'll see.

Sorry that I can't give better answers than this right now, but please be patient and I'll see what I can do.

Thanks Maged. Perhaps repentance would be willing to put together something more generalised? I'd be more than happy for this thread to be cannibalised for information.

[Inaba]

Thanks for the post MTGox_Dylan.  I think most everyone was already aware of these FAQ points, though.  That has never really been the issue, so I'm not sure what is hoped to have been accomplished by making this post, other than as a distracting measure (This would have been perhaps more effective: NSFW).

The real problem here is, as has already been at least partially mentioned:

1. The lack of transparency in the process.
2. The lack of communication.
3. The lies and false promises made by MTGox Support Staff with regards to AML/KYC.
4. Delay after delay, ostensibly under the guise of AML.
5. The just plain ludicrous decisions (Goat as an example).  Perhaps transparency would clear these up.
6. The fact that most decisions made by MTGox seem completely arbitrary, and nothing... NOTHING pisses off customers more than arbitrary decision making.  When your actions are not predictable in a given situation, you are wrong.  Period.

So while this post is nice and all, I'm not sure what you're hoping to accomplish other than to distract from the real issues surrounding MTGox.  My situation, that has been on going since April, is still unresolved.  I am not the only one in this situation and there are plenty of others in similar situations.  

Again, this does not seem to be an AML issue, it seems to be an insolvency issue.  MTGox is unable to fund even moderate sized fiat conversions, which leads many of us to believe you guys are basically bankrupt and a disaster waiting to happen.  The fact that no one has publicly denied this (not that we'd believe you at this point anyway, given MTGox track record of lies and falsehoods) certainly does not bolster confidence in MTGox at all.

Maybe this is the wrong thread to bring any of this up, but I don't want people to be distracted by this kind of thread from the real issue of MTGox being unable to meet their obligations to even moderate sized customers, especially when you are trying to gain new customers who will end up completely screwed when the Gox house of cards comes crashing down.  

[kokjo]

subbed.

EDIT: i failed there are two threads...

[paraipan]

Hi Everyone,

My name is Dylan...

Hi, nice to meet you, my name is Alex

...post any questions you might have about the process, as I'd be more than willing to answer any you may have...

I actually have a question regarding one of your statements, which i quote:

Whilst many of our users submit bank statements as their proof of residence, we unfortunately cannot accept bank statements from our customers. This is because it is relatively easy for fraudsters to open an account at a less reputable banking service which does not check the accuracy of a person's stated address. It is then possible to use this bank's statement as a seed to open accounts at increasingly trustworthy establishments without ever having provided proof of residence in the first place.

Do you have a list with such non-permitted services ? Please point me in the right direction so i can be able to find the regulations regarding this issue.

[phantitox]

so, now you accept outside USA resident as verified users? cause 1 week ago i got a funny answer on a claim ticket for gox telling me "WE SORRY BUT YOUR DWOLLA ACCOUNT CANNOT BE VERIFIED CAUSE DWOLLA DONT ACCEPT OUTSIDE USA VERIFIED USERS"  ... guess dwolla thinks im a world citizen cause i got verified months ago and I EVEN WITHDRAW money from gox to dwolla before they come up with all this bullshit. Agree the proccess of this guy on MTGOX are so shady, you dont even know if the personal data the you send them is ok until 3 days later when they came with a NO aswer. Get more staff to work on your request people.

[Phinnaeus Gage]

Whilst many of our users submit bank statements as their proof of residence, we unfortunately cannot accept bank statements from our customers. This is because it is relatively easy for fraudsters to open an account at a less reputable banking service which does not check the accuracy of a person's stated address. It is then possible to use this bank's statement as a seed to open accounts at increasingly trustworthy establishments without ever having provided proof of residence in the first place.

And this is exactly where I would start in creating a fake ID to satisfy the TOS of Mt. Gox.

~Bruno~

[Bitcoin Oz]

And this is exactly where I would start in creating a fake ID to satisfy the TOS of Mt. Gox.

~Bruno~

Now thats a good service you can setup for bitcoin 

[Phinnaeus Gage]

Whilst many of our users submit bank statements as their proof of residence, we unfortunately cannot accept bank statements from our customers. This is because it is relatively easy for fraudsters to open an account at a less reputable banking service which does not check the accuracy of a person's stated address. It is then possible to use this bank's statement as a seed to open accounts at increasingly trustworthy establishments without ever having provided proof of residence in the first place.

And this is exactly where I would start in creating a fake ID to satisfy the TOS of Mt. Gox.

~Bruno~

Now thats a good service you can setup for bitcoin  

I wrapped my text incorrectly. I was in the processing of fixing it while you were in the process of quoting.

~Bruno~

[556j]

Hello Polvos,

As I work in the Compliance Division, I can really only comment on your last point - freezing money.

Unfortunately, we are legally obliged to occasionally hold customer funds pending the outcome of an investigation by the banks we work with. We don't have any control over this, it's simply one of the consequences of carrying out a large number of large bank transfers. Of course, transferring funds person to person carries much lower risk of needing to provide AML documents, as the size of the transfer is usually much smaller, and is usually either a once off or done only occasionally.

You forgot to mention when you freeze accounts based on "tainted" coins (the definition of which is left entirely to your discretion) as seen here https://bitcointalk.org/index.php?topic=73385.0

Of course after I made a big fuss about it your "legal obligations" were magically lifted and you released funds.

[Phinnaeus Gage]

Hello Polvos,

As I work in the Compliance Division, I can really only comment on your last point - freezing money.

Unfortunately, we are legally obliged to occasionally hold customer funds pending the outcome of an investigation by the banks we work with. We don't have any control over this, it's simply one of the consequences of carrying out a large number of large bank transfers. Of course, transferring funds person to person carries much lower risk of needing to provide AML documents, as the size of the transfer is usually much smaller, and is usually either a once off or done only occasionally.

You forgot to mention when you freeze accounts based on "tainted" coins (the definition of which is left entirely to your discretion) as seen here https://bitcointalk.org/index.php?topic=73385.0

Of course after I made a big fuss about it your "legal obligations" were magically lifted and you released funds.

Notice that Dylan did not once comment on that thread of yours, 556j. In fact, the following was his first post (sans company hat) after getting out of Newbie on May 31, a place he asked to get whitelisted back in November of last year. https://bitcointalk.org/index.php?topic=80173.msg932321#msg932321 I'm beginning to believe that Mt. Gox is run by a bunch of turtles, and I'm not talking about the Ninja kind.

~Bruno~

[Phinnaeus Gage]

Hi Goat,

For point 1 - We don't give, sell, offer or in any other way make available our documents to law enforcement agencies unless we are legally compelled to do so  ... With the following exception:

For point 2 - We only report customers to the police relevant financial regulator when we have actual proof that they are actively involved in severe financial crimes such as money laundering or terrorist financing as we are legally obliged to do so. With regards to your particular case, I'll have to ask MagicalTux and get back to you. Would you prefer a public answer or for me to PM you?

Edit - oops, edited for clarity.

A client of mine gave me cash for a load of barn wood the other day. I now hold in my hands actual proof that he deals in cocaine, therefore I'm obligated to turn over the cash to my bank so that they can inform the proper authorities about this drug dealer. With that, I ask: At what point do you stop acting as an exchange and become policemen?

~Bruno~

[Phinnaeus Gage]

Link to main thread where some questions are being answered.

https://bitcointalk.org/index.php?topic=86224.0

This is so fucked up! I just now got to this post at the other thread.

~Bruno~