(no title)

In defense of the person who wrote the HN title, I’ve seen KYC discussed in front-page articles roughly weekly for the past several years straight. I’ve learned about as much of it as I care to know (and more, honestly) from HN comments on 1st and 2nd page posts in that time. In just the past year, I can see that there have been about 1,000 comments mentioning KYC, and about 21 1st/2nd page posts that are explicitly about KYC (nearly 2 per month). Honestly I don't expect all of HN to know what KYC is, but I did expect most HN readers to have a general idea of what it is and why it's a huge pain for a small % of people (but very large number, 1% of the USA is still >3 million people).

Once you're familiar with it, your brain/eyes key onto "KYC" much more strongly than "know your customer". I might have missed the latter, but "KYC" in the title grabbed my attention instantly and reading the title made my heart jump a bit, because generally KYC means a pain in my ass, and even moreso for friends here on visa.

I have a Canadian friend visiting and staying with my girlfriend and I for a month or so. KYC causes actual headaches for her, to the point that she just decides not to get cellular service at all while she visits unless I get a pre-paid SIM under my name and hand it to her. When she pays for things like restaurants, I can't just Venmo/Paypal/Zelle/ApplePay her back on the spot, I have to withdraw cash at some point and coordinate giving it to her.

The general concept of "KYC" makes sense for some situations, but actual implementations really fucking suck for a lot of people. It's very scary to me to see it be required for more and more categories of services because of the way it's currently implemented.

Maybe less important than knowing what it stands for is knowing what the implications are for businesses.

KYC is essentially about knowing who you are doing business with.

For individuals that's relatively easy, just the name and identification is required but typically there is the need to verify that the identification actually belongs to the person signing up. In banking that's why you typically have some video call with a verification provider.

For businesses it gets a lot more complex because it's not enough to know what business your client is, you also have to look through its corporate structure to figure out who the "ultimate beneficial owner" is. Essentially, who is actually controlling the business.

Now it got a lot easier recently as many countries now require businesses to file who their ultimate beneficial owners (UBOs) are.

The painful part is that it introduces friction in customer journeys as now you have to request the documentation.

In the financial industry you also have to run checks on those UBO's so that they are not known terrorists or sanctioned individuals but it seems this regulation is just that IaaS providers need to know who actually operates a server. Presumably for forensic analysis after a cyber attack.

No definitely not, I fully agree with you and others there. Just was a bit surprised by how many of you were there. But that’s okay. Days where we learn are rich days. The richest of them all.