KYC and KYB are identity-verification checks that confirm who a participant is before they transact, satisfying anti-money-laundering obligations. In token design, where you enforce these checks is consequential: gating only creation and redemption preserves on-chain tradability and DeFi composability, while per-transfer checks restrict both.
Decide the enforcement model as part of the original architecture. Changing from transfer-level to gate-level after deployment requires a contract migration.
How it works
KYC applies to natural persons: name, date of birth, address, and a government ID, screened against sanctions and politically-exposed-person lists. KYB applies to legal entities: corporate registration, beneficial ownership, and equivalent screening. Both are required by anti-money-laundering rules in nearly every jurisdiction where token activity has regulatory reach.
In a token system the architecturally significant question is not whether to run these checks but where. The two models are gate-level and transfer-level. Gate-level enforces KYC and KYB only when a participant mints or burns through the issuer interface. Transfer-level has the smart contract validate sender and receiver against an allowlist before every transfer.
Design consequence
Gate-level enforcement preserves on-chain tradability and DeFi composability. The token behaves like a standard transferable asset, listable on DEXes, usable as collateral, holdable in custody without extra whitelisting.
Transfer-level enforcement is cleaner from a pure compliance standpoint, because the contract enforces the checks, but it confines the token to permissioned venues and breaks composability with most DeFi protocols. The choice maps directly to the target distribution model.
Common mistake
Teams default to transfer-level checks because they feel more controlled, then find during exchange listing or DeFi integration that the token is incompatible with every venue they need. A token built for broad on-chain liquidity should use gate-level checks with reactive enforcement, such as freeze or claw-back for addresses later flagged as problematic.
See Token Compliance Architecture Design for how this applies in practice.
More in Compliance and Classification
Know the terms but not sure how they apply to your project? That is what an engagement is for. We design, document, and stress-test the whole token economy inside the Tokenomics Data Room.
80+ projects advised. Complete tokenomics in 4 to 6 weeks.