Do custodial (lightning) wallets collect KYC data on their customers? Legally they do need to if they are based in either the US or EU!

The European Union has taken a significant step in bringing its Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) legislation in line with measures introduced in the United States regarding cryptocurrencies. Already introduced in the 5th AML Directive, cryptocurrency businesses in the EU are now classified as “obliged entities,” similar to traditional financial institutions such as banks.

One significant aspect of this new legislation is the requirement for “custodian wallet providers” to collect Know Your Customer (KYC) data on their customers. This type of cryptocurrency service holds its users’ private keys or part thereof, making it a crucial player in the cryptocurrency ecosystem. The purpose of collecting KYC data is to counter money laundering and terrorist financing. So custodian wallet providers i.e. cryptocurrency wallet services (e.g. custodial lightning wallets) are required to collect sensitive personal identifiable information (PII) from their users.

They must also maintain comprehensive records and report any suspicious transactions they may detect to the authorities. This increased level of scrutiny is expected to bring more transparency to the cryptocurrency industry and help to reduce the risks associated with money laundering and terrorist financing.


However, despite the introduction of the AML Directive in the EU and US legislation, it is worth noting that the majority of players in the cryptocurrency industry are yet to comply with the new regulations. This lack of compliance is expected to pose a significant obstacle for companies based in the EU and the US compared to their counterparts in other jurisdictions.

Many companies in the cryptocurrency industry operate in loosely regulated environments, think Bermudas, Bahamas, Dominican republic etc. making it easier for them to avoid complying with AML/CFT legislation. This lack of compliance not only poses a risk to the industry as a whole, but it also creates an uneven playing field for companies that are following the regulations. Also interesting to note is that many organisations are on paper in those jurisdictions but if you look at the payroll and where people are actually doing the work, it is more often than not in the EU or US. What those employees, who are also most of the time shareholders of those companies, don’t know is that this little construction has not a lot of value if prosecutors are knocking at their doors, but that needs some work on the part of government officials.

This non-compliance is expected to be a significant challenge for regulators in the EU and the US, as they work to bring the cryptocurrency industry in line with traditional financial institutions. The lack of a unified approach to regulation across jurisdictions creates a risk that companies will simply move their operations to countries with more favourable regulations, avoiding the new AML/CFT legislation altogether.

But who wants to follow a cumbersome KYC procedure and reveal all their personal information just to download a custodial mobile app to make some bitcoin or lightning payments or buy an NFT?

We at zkPortal want to bring fair and transparent compliance for AML and KYC regulation without harming the users privacy. This combined with an unprecedented safe and easy onboarding experience, allows us to make companies compliant but also protect their users.