As use of digital assets accelerates, the U.S. Treasury is seeking better identity solutions to close the compliance gaps created by paper-era verification. Here’s a summary of Indicio’s response to its RFI on detecting illicit activity in digital assets.
By Helen Garneau
With rapid expansion in the digital asset market, driven by institutional adoption, regulatory clarity, advancements in decentralized finance (DeFi), and other related factors, one massive obstacle to the digitalization of finance remains: legacy KYC processes from a paper document-based world.
KYC is the anchor keeping the possibility of instant cross-border payments and streamlined user experiences stuck to the age of waiting, oftentimes for days. But the result isn’t just inefficiency, cost, and missed opportunities, it’s also an increased risk in the age of AI, where documents and biometrics can be easily faked.
Indeed, the mix of digital finance and analogue KYC and AML is highly combustible, leading the U.S. Treasury to issue a Request for Information on practical ways financial institutions can spot illicit activity in this new environment.
Indicio’s submission argues that digitalized finance needs digitalized identity and the simplest and most secure way of doing this is through decentralized identity using verifiable credentials. We explain how verifiable digital identity, rooted in authenticated documents, biometrics, and cryptographic proofs, removes the security vulnerabilities inherent to analogue KYC and delivers the assurance needed by regulators, banks and financial institutions.
Verifiable Credentials limit the amount of sensitive data institutions need to hold, improve auditability, and allow identity to be instantly confirmed at the moment it is needed. They also align with FATF, NIST, and ICAO standards, which gives Treasury a clear starting point for future guidance.
Many banks and financial institutions still run KYC through document scans and photo uploads, which keeps the process rooted in a paper-based model. These steps are slow, repetitive, and frustrating for customers; they also create an error-prone system that exposes institutions to deepfakes, synthetic identity fraud, and account takeover attempts — all while adding friction for users and increased risk for all parties involved.
Verifiable Credentials offer a cleaner, simpler, seamless path. A credential can be created from authenticated documents, tied to a user’s biometrics, and held in a digital wallet that they biometrically control. The data in the credential is digitally signed in a way that is resistant to AI, can only be shared with the user’s explicit consent (simplifying GDPR), while being instantly verifiable anywhere, and at any time.
It’s also possible for users to share data selectively, meaning that a user can just share specific data relevant to a transaction, simplifying data privacy compliance. Users stay in control of their information and institutions work with cryptographic proofs instead of raw data. This makes onboarding easier, while improving quality of identity assurance.
Verifiable Credentials for KYC leverage the exact same decentralized identity technology used to create “government-grade” digital identity for international travel and border crossing, following global specifications published by the International Civil Aviation Organization (ICAO DTC). This makes Verifiable Credentials with authenticated biometrics the strongest possible digital identity assurance available — and one that is being used for country-scale deployments.
The biggest challenge we’re helping the Treasury tackle is regulatory clarity. Many rules still assume institutions need to store full identity documents, and there is uncertainty about whether selective disclosure or cryptographic proofs meet exam expectations across different jurisdictions.
In our recommendations, we encouraged the Treasury to define how Verifiable Credentials satisfy AML and sanctions rules, ask for clear technical standards to be set that follow NIST and FATF guidance, request support for supervised pilots, and to provide consistent examiner playbooks. Steps like these would give institutions the confidence to adopt verifiable digital identity at scale.
Indicio’s overall message is simple: portable, verifiable digital identity gives financial institutions a fast, safe and privacy-preserving way to understand who they are dealing with while reducing fraud, improving security, and simplifying compliance.
With clear direction from regulators, this approach can give the digital asset ecosystem the digital KYC it needs to move at a digital speed.Want to learn more? Speak with one of our experts about Verifiable Credentials and KYC or read Indicio’s full response.
