Is KYC compulsory for secondary marketplaces such as OpenSea?
Pursuant to art. 3 Wwft institutions under the Wwft are obliged to conduct customer due
Under art. 1(1)(b) Wwft an ‘institution’ is defined as “a credit institution, other financial
institution, or natural person, legal person or company acting in the capacity of their professional
activities, to which this Act applies pursuant to art. 1a Wwft.” Art. 1a Wwft sets out the entities
that are designated as institutions. Pursuant to art. 1a(4)(l) and (m) Wwft providers of services
for the exchange between virtual and regular currencies and custodian wallet providers
(together: “crypto service providers”) are designated as institutions.
A provider offers exchange services when it effects transactions or enables customers to effect
transactions in which virtual currencies are exchanged for regular currencies or vice versa (not
defined under the Wwft). A custodian wallet provider is defined as “an entity that provides
services to safeguard private cryptographic keys on behalf of its customers, to hold, store and
transfer virtual currencies” (art. 1(1)(a) Wwft).
The purpose of CDD is that the institution knows who it is doing business with and for what
purpose the business relationship is used, and that it applies risk-based monitoring on an
Art. 3 Wwft sets out the requirements to perform CDD. The intensity of the due diligence is
determined in part by the risks associated with certain types of customers, products, services,
supply channels, transactions and countries or geographies. Institutions must implement
additional mitigating controls in cases that involve a heightened risk of money laundering or
terrorist financing. More information regarding CDD can be found on the here: DNB Guideline
on the Anti-Money Laundering and Anti-Terrorist Financing Act and the Sanctions Act).
If a secondary marketplace is a crypto service provider under the Wwft, it is obliged to conduct
customer due diligence. This may for example be the case if NFTs can be purchased with regular
currency, if the platform offers a service to exchange regular currency for virtual currency
(including NFTs), or if the platform offers the possibility to store NFTs.
However, regarding Opensea, the platform is currently not offering the service of exchange
between regular currencies and virtual currencies and is also not providing a custodian wallet.
Thus, Opensea is not falling under the qualification of crypto service provider and is not subject
to customer due diligence.
On the 28th of April 2022, the Indian Computer Emergency Response Team (an agency set up under the Ministry of Electronics and Information Technology), in its Direction No. 20(3)/2022-CERT-In, made it mandatory for the virtual asset service providers to maintain all information obtained as part of KYC for five years.
KYC procedures are required under anti-money laundering and anti-terrorist financing regulations. If an entity provides services that fall within the scope of these regulations, a KYC procedure may be mandatory from a certain threshold of transaction value expressed in euros.