Lots of bad takes on KYC on here today.

Nobody wants to force KYC on their users, but you have to do it to stay compliant. Seriously, who in their right mind wants to build an onboarding flow where you ask your user to pull up an ID and verify the face? The churn on that step is massive.

I once talked with a lawyer about the risks, and how they enforce it is scary, even if you had no intent to transact with a sanctioned individual.

Unless the policymakers change this, if you want to run a legitimate business, you must comply, even at the expense of additional customer friction or security concerns about data.

Many products today perform 'silent KYCs' to minimize onboarding dropoffs and trigger a full KYC as transaction values and risks increase (they know who you are with the limited data you give them, like phone numbers).

TLDR: you're barking at the wrong tree on KYC. The correct tree is the regulators.