KYC and AML are mandatory when it comes to STO. If the project is based on the idea of anonymity and confidentiality, such a project is not viable. Sending an ETH from your wallet in exchange for tokens is simple, but going through a long KYC process is another thing. The KYC check allows issuers to ascertain whether the US citizens are participating in the Security Token Offering. Selling unregistered securities in the United States constitutes a gross violation of obligations. At the same time, the issuer’s responsibility arises regardless of whether the issuer knew about the acquisition of tokens by US citizens. The only way to avoid this risk is to carry out a KYC check. However, the main idea behind KYC procedures is to comply with AML/CTF requirements. This rule applies both to the US and the EU. === While public token offerings, the KYC process should be taken in place for verification of the investor. KYC ensures that no fraudulent entity facilitates through STOs. Regulations shape aiming to protect investors from fraudulent ICOs. KYC process verifies each onboarding customer against personal information. The data is verified to authenticate the identity. For qualified investor status and accredited verification, KYC is mandatory. It deters the risks bad actors can open ways to. Especially to combat money laundering and terrorist financing activities through STO services, KYC is considered compulsory. === Not like ICOs (provides utility token), STOs offer security tokens. They are classed as securities by the Security and exchange commission (SEC) because they fall under the scope of the Howey Test. According to the test if token matches with the mentioned criteria only then it can be classified as a security token Involves an investment of money or other financial valuable asserts. More than one investor and the business are local enterprises. Expected profit from an investment. Any of the profit gained by the third party or the promoter of the token. Because the security token falls under the securities by SEC, so its scope demands KYC regulations, to prevent any illegal or illicit transactions or fraudulent alerts a reliable third-party service provider is necessary, to prevent the threat of money laundering and terror financing through this channel. By ensuring the identities of customers. I hope this will help. Cheers!