ICO and KYC in Czech Legal Regulations
These ICOs (over the last months, there are dozens of public offers monthly), despite the widespread belief they are an unregulated activity, are obliged to follow valid legislation in all the countries where the offer happens, so this article is focused on the issue of identification of persons (the so-called KYC – know your client) who acquire these new digital currencies.
KYC is basically a process where the identification and verification of the customer´s identity happen as a part of measures in order to prevent misuse of the financial system to money laundering and terrorist financing (KYC is thus logically used by the so-called crypto exchange offices, as e.g. Kraken, Coinbase, Binance, Bitmex etc.).
There is no disputation over the need of KYC implementation at the crypto exchange offices (though it is controversial to what extent their KYC politics are in accordance with the valid legislation, at least in the territory of the European Union – more details in another article), nevertheless, is there the same duty when an investor within ICO exchanges his already owned cryptocurrency (typically Ether based on the so-called smart contract) for a token of this new digital currency?
The answer to this question may be found in the Act No. 253/2008 Coll., on Selected Measures against Legitimisation of Proceeds of Crime and Financing of Terrorism (hereinafter referred to as the “AML Act”). The AML Act defines persons who are obliged to the identification and verification of the customer´s identity. Under the provision of Section 2 (1)l) of the AML Act, the person obliged is also the person providing services connected with the virtual currency, when the virtual currency is understood, for the purposes of the AML Act, as an electronically stored unit regardless the fact it has or does not have an issuer and which is not pecuniary mean under the Act on Payments, but it is received as payment for goods and services also by a person different from its issuer. Beside operators of virtual (digital) currency exchange offices, also operators of e-shops whose payment gateways enable transfer of virtual currency from a buyer to a seller when they purchase goods, providers of account management in virtual currency or management of “electronic purse”, or operators of the so-called “bitcoin ATM” (cp. the following) fall under the mentioned category.
The AML Act further defines the person providing services connected with virtual currency. Under the provision of Section 4, paragraph 8 of the AML Act, the person providing services with virtual currency is a person whose subject of business activity is to purchase, sell and store, manage or intermediate purchase or sell of virtual currency for other person, eventually provide other services connected with virtual currency.
The result of the above mentioned is that the person obliged to perform KYC is not only a crypto exchange office, but also ICO token issuers who acquire financial resources from investors this way.
Certain duties are imposed by the legislators on the token issuers. The duties are e.g. the requirement of investor identification, the manner in which the identification is performed, further, examples when the control has to be performed etc., the AML Act is rather strict from the point of view of person identification, as it is required in most cases the persons are identified with physical presence (the so-called face-to-face). It is impossible to replace such expressed physical presence with remote transmission of images and sound (cp. Section 8 of the AML Act).
Other “alternative“ procedures without physical presence during the identification are possible only in accordance with the provision of Section 10 and Section 11 of the AML Act.
According to the provision of Section 10 of the AM Act, it is possible to intermediate the identification. The mediation is performed by request of a token issuer, or an investor. The identification in such case is performed by a public notary, or contact place of public service.
Other possibility of identifying the investor, it is necessary to mention the most practicable one from the point of view of ICO, is to take over the identification under the provision of Section 11 of the AML Act. This manner of identification is performed without physical presence of the investor.
During the takeover of the identification, token issuers are obliged to acquire personal data from investors, such as name and surname, personal identification number, and if it was not assigned, date of birth, place of birth, sex, permanent or other residence and citizenship [cp. Section 5(1)a) of the AML Act]. Regarding the fact it is an electronic identification of persons, i.e. without physical presence of the investor, it is obliged to get other data for identification, such as phone number, address for electronic post delivery, data on employment or the employer (Section 5, paragraph 2 of the AML Act).
At the same time, the token issuer has duty to verify the information acquired from the potential investor at the qualified service provider creating trust, under directly applicable regulation of the EU regulating electronic identification and services creating trust for electronic transactions in the internal market [cp. Section 11(8)b) of the AML Act] and last but not least the issuer, as a person obliged from the AML Act, must not doubt about the client´s identity [Section 11(8)c) of the AML Act].
In conclusion, in case of issuing own tokens and their subsequent sale it is necessary to deal with duties set by the AML Act, especially in the relation towards proper identification of persons interested in tokens.
 Cp. Eg. Tvrdý, J., Vavrušková, A. Zákon o některých opatřeních proti legalizaci výnosů z trestné činnosti a financování terorismu. (“Act on Selected Measures against Legitimisation of Proceeds of Crime and Financing of Terrorism“) 2. edition. Prague: C. H. Beck, 2018, page 11, Narg. No. 23.
 The regulation is Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, the so-called eIDAS Regulation.