Reshaping KYC/AML in the Age of Web3 with Self-Sovereign Compliance

KYC (Know Your Customer) and AML (Anti-Money Laundering) are critical regulatory frameworks in the financial industry designed to prevent identity theft, financial fraud, money laundering, and terrorist financing. These processes help financial institutions verify the identity of their clients and assess potential risks of illegal activities within the business relationship. While KYC procedures focus on verifying client identity, understanding their activities, and evaluating potential risks, AML regulations require financial institutions to monitor transactions and report suspicious activities indicative of money laundering or other financial crimes.

The rules and regulations concerning KYC/AML for traditional finance were created a long time ago and have not been updated to leverage the efficiency of modern systems and cryptographic tools or to thwart modern threats.  The Know Your Customer (KYC) process has become a treasure trove for hackers, with sensitive personal data being compromised in numerous recent breaches. Companies like Coinbase, Gemini, and Okta, which require customers to provide identification documents, have all fallen victim to data breaches.  As further evidence of rising concerns around the dissemination of personal data, the SEC amended Reg S-P in 2024 to enhance customers' data protection. Furthermore, current practices around KYC/AML create a lot of friction by requiring customers to go through a lengthy process to get on board with each financial institution. 

Upgrade? The Time is Now

Broad Shifts in Customer Behavior

In recent years, customer behavior has dramatically shifted towards increased smartphone usage, fundamentally transforming how consumers interact with services and make purchasing decisions. As of 2023, 79% of smartphone users in the U.S. have made purchases via their devices, a trend underscored by the projected growth of the mobile commerce market to over $145 billion by 2025. This surge is driven by the convenience of mobile apps, which offer a seamless and efficient shopping experience. For instance, mobile wallets like Apple Pay and Google Pay have streamlined transactions, making them faster and more secure. Additionally, the integration of augmented reality (AR) technology in shopping apps allows consumers to visualize products in real-world settings, enhancing engagement and reducing return rates.  

As consumers increasingly rely on their smartphones for a wide range of activities, from banking to shopping, the need to minimize friction points in these processes has become paramount. Streamlining KYC/AML procedures is essential to meet the fast-paced, on-demand expectations of modern consumers, thereby ensuring a seamless and efficient user experience.

To be sure, top KYC/AML vendors have made significant strides in embracing automation and migrating workflows closer to the user on their mobile devices. However, fundamentally, the workflow has remained the same, inconveniently requiring users to repeat the same steps to onboard across multiple services, thereby putting their personal, sensitive data at risk every time.  

The State of Legislation: the Bigger Picture 

Aside from the landmark legislative win with the Senate vote on the GENIUS Act on June 17th, a few other discussions are taking place and will be crucial to safely drive innovation.

Indeed, the US government's efforts to regulate financial transactions have sometimes had unintended consequences. Existing laws, such as 18 USC 1960, aimed at curbing illicit activity, can inadvertently criminalize developers of privacy-focused technologies. This can stifle innovation and undermine the very security measures that protect individuals' financial information. The Blockchain Regulatory Certainty Act, introduced to the House in 2023, aims to exempt non-custodial participants, including developers; debate over the bill has been reinvigorated recently, pointing to potential breakthroughs in the field.  

Meanwhile, the FIT21 bill, which aims to introduce a clear regulatory framework for digital assets, passed the House on May 22, 2024, with a bipartisan vote of 279-136. Its path toward Senate approval has been muddied in part by concerns around customer protection.

What Ligero’s Solution Can Do for You

While legislators legislate, builders are building. We have seen the perils of relying on inefficient and inadequate sharing of personal information combined with centralized management. We need a solution that delivers on the Web3 ethos of censorship resistance and decentralization.  

Enter modern cryptography and the magic of zero-knowledge proofs: with these, we at Ligero believe that within the next two years, technology will allow you to gather personal data on your smartphone and have it run almost all KYC/AML processes required by vendors - with the data staying safe on the device. Ligetron generates a proof that runs the process with integrity and proves there have been no deviations in any step.  From then on, you can simply present this proof to any new service provider for onboarding purposes. In turn, these providers will be able to independently verify that the proof is valid and then proceed with the same level of security as they do now, but with a greatly streamlined, cost-effective process that eliminates data liability.

Ligero’s ZK solution is the only zero-knowledge system specifically engineered to scale on any device, including directly from a mobile browser, due to its uniquely memory-efficient prover architecture. Traditional ZK systems often require gigabytes of RAM or custom hardware, making them impractical for user devices. In contrast, Ligero’s zkVM supports the authoring of applications in familiar high-level languages, such as C++ and Rust, enabling execution within a browser with under 100MB of memory usage. This enables the generation of zero-knowledge proofs locally, directly from a smartphone, without relying on third-party servers or compromising user privacy. More importantly, Ligero abstracts away the cryptographic complexity—developers don’t need deep knowledge of zero-knowledge proofs to build compliant, privacy-preserving applications. By lowering adoption barriers, Ligero makes ZK truly accessible, empowering a new wave of developers and users to adopt privacy technology at scale.

On-Ramping Circle’s USDC with self-KYC - A Pilot

Today, fiat-to-stablecoin on-ramping remains the most heavily regulated segment of the blockchain ecosystem, facing some of the highest compliance hurdles in the financial services industry. On-ramp providers must navigate licensing requirements and implement rigorous KYC and AML programs while maintaining seamless user experiences. These demands create significant operational complexity, raise costs, and limit scalability. 

At Ligero, we have developed a prototype that can be seamlessly deployed by On-Ramp Providers, offering a game-changing onboarding experience. Ligero’s self-sovereign KYC solution offers a transformative alternative to the status quo: by shifting the burden of identity verification and compliance onto the user, on-ramps can dramatically reduce regulatory risk, lower costs associated with KYC infrastructure, and streamline onboarding flows. This approach ensures users arrive already compliant, enabling faster, cheaper, and more user-friendly fiat-to-crypto transactions without compromising regulatory integrity. Furthermore, the implementation of the KYC/AML logic can be made available to the developers' community through the Ligetron ZK Platform (platform.ligetron.com), laying the foundation for a vibrant and competitive ecosystem and a platform that can truly scale globally while meeting the specific requirements of local regulators.  

• On-Ramping in Seconds on your Smartphone

• Generate One Proof You Qualify, One Time - Enable Multiple Services, Multiple Times

• Your Data Stays Safe on Your Device

We have deployed our solution on the Sepolia testnet as a POC to on-ramp USDC, one of the premier stablecoins. Here is a short video with a walkthrough of how our system can be deployed/integrated. 

The Road to Total Self-Sovereign Compliance

At Ligeron, we have already started building the tech to make this happen using our Ligetron ZKP engine.  Ligetron is already capable of handling many of the current KYC/AML requirements, and additional ones will be incorporated in the coming months. For more advanced and complex compliance, tools like zkTLS and zkEmail will unlock richer forms of verification. With Ligero’s in-browser ZK proving, users will be able to generate compliance proofs in 1–2 seconds directly from their device, enabling seamless, instant onboarding with a frictionless user experience.

Here's an indicative delivery road-map of future features:

The colors highlight the complexity of the specific KYC/AML process, based on the amounts being on-ramped (from <$100 for retail use, to over $5,000 for institutional grade KYC).