KYC and AML are different but related concepts. KYC (Know Your Customer) is the identity verification process: who are you, where do you live, and what is your source of funds. Standard KYC typically requires: government-issued identity document (passport, national ID), recent proof of residential address (utility bill or bank statement within 3 months), sometimes a tax identification number, and source of funds declaration for high-value investors. AML (Anti-Money Laundering) is a monitoring mechanism designed to identify and block illegal fund laundering through financial systems. KYC is the foundation of AML — you cannot monitor transactions from parties you cannot identify. On RWA platforms, KYC/AML is typically executed through third-party service providers (Jumio, Onfido, Synaps), which offer automated identity verification systems completing review within minutes to days. Once KYC-approved, your wallet address is added to the platform's compliance whitelist — smart contracts only allow whitelisted addresses to hold and receive the corresponding tokens.
Taiwan investors completing KYC on RWA platforms typically encounter several specific issues. Address verification documents: Taiwan utility bills are typically in Traditional Chinese; some platform KYC systems don't accept non-English documents, potentially requiring notarized English translations or English-language bank statements (some international banks provide these). Tax identification number: Taiwan national ID numbers (e.g., A123456789) are valid tax identifiers, but some platforms may not directly recognize the Taiwan national ID format — explaining in a notes field may be needed. Source of funds documentation: for large investments (typically above $10,000), some platforms require source of funds explanation (salary, investment returns, inheritance, etc.). High-risk region issues: Taiwan is not on the FATF high-risk list, so geographic rejection is unlikely. However, some platforms may restrict Taiwan users from certain specific features due to regulatory requirements (especially products involving US securities).
In tokenized equity and tokenized Treasury whitelist mechanisms, KYC is deeply integrated with token standards like ERC-3643. ERC-3643 mechanics: before any token transfer (purchase, sale, or DeFi protocol deposit), the smart contract automatically queries the Identity Registry contract, confirming both sender and receiver addresses are on the compliance whitelist. If either party is not whitelisted, the transfer is automatically rejected. This has an important implication: DeFi protocols wanting to accept ERC-3643 tokens (like OUSG) must have their own contract address added to OUSG's whitelist. Not any arbitrary DeFi protocol can integrate OUSG — only protocols explicitly approved and whitelisted by the issuer. Currently, Flux Finance (Ondo's official lending protocol), some Morpho Blue vaults, and a few other protocols are on OUSG's whitelist. If you want to deposit OUSG into a DeFi protocol, first confirm whether that protocol is on OUSG's official whitelist — otherwise the transaction will fail.
KYC/AML in RWA faces a fundamental contradiction: it's a necessary tool for investor protection and financial system integrity, but also the core obstacle to RWA achieving the goal of 'anyone can invest.' This contradiction has different solutions across products. Full KYC-gating (OUSG): all operations require KYC — safest but lowest accessibility. Lowering KYC financial threshold (USDY's $500 minimum): reduces financial barrier but KYC process itself remains friction. Yield-bearing stablecoin model (USDM): pushes KYC to the underlying layer (Mountain Protocol's compliance framework), letting users hold a stablecoin that superficially doesn't require KYC, while underlying mechanisms still have compliance controls. Semi-open public tokens (some agricultural credit tokens): some tokens accept broader on-chain holders while restricting transfer recipients, compromising between openness and compliance. Future direction: portable on-chain identity credentials (Verifiable Credentials / DID) may be the long-term solution — users complete KYC once, generating an on-chain identity credential verifiable by multiple platforms, dramatically reducing repeat-KYC friction.
A Taiwan-based investor wants to purchase USDY (yield-bearing stablecoin) on Ondo Finance. Here is her complete KYC process record. Step 1: Enter Ondo Finance website, click 'Invest,' select 'I am not a US person' (she's a Taiwan resident), agree to terms of service. Step 2: Fill basic information (name, date of birth, residential address, nationality), select 'Taiwan' as residence. Step 3: Upload Republic of China passport (front + data page). Onfido system auto-scans; 'Approved' notification appears within ~2 minutes. Step 4: Take a selfie; system performs facial comparison (confirming she matches the passport photo). Step 5: Address verification — she uploads a Taiwan electricity bill from within 3 months (Traditional Chinese); system accepts it (Ondo's KYC system supports Chinese-language documents). Step 6: Fill source of funds (she selects 'Employment income') and approximate investment amount range. Step 7: Submit; receives approval email within 24 hours. Her Metamask address is added to Ondo's compliance whitelist. She can then use USDC to purchase USDY, with USDY deposited directly to her wallet. The process was smoother than expected. The main friction points were uncertainty about whether Traditional Chinese electricity bills would be accepted (they were) and the 24-hour review wait.
KYC/AML advantages: gives RWA tokens clear legal standing (only compliant holders can hold), protects investors from non-compliant platforms and illegal uses, makes institutional adoption easier (institutions already have KYC processes). Key disadvantages: adds user friction, making DeFi's 'anyone can use immediately' ideal impossible. Platform-specific KYC creates repetitive work. Some regional users (countries on FATF high-risk lists) may be entirely excluded. KYC data privacy and security risks (third-party KYC providers hold copies of your passport). Cross-border legal applicability complexity (which country's legal framework protects your KYC data?). Ultimate trade-off: RWA legal protection and KYC requirements are inseparable — either accept KYC for legal claim capability, or choose no-KYC DeFi but forfeit legal claims on underlying assets. No perfect solution simultaneously achieving both currently exists.