When a team requires KYC, I think it should be both ways, if IEO/bounty participants need to submit their private data, team members need to do the same, participants need to know the identity of team members, even in video. That way there wouldn't be a lot of scams and everything could be a little safer. But sadly most teams wouldn't want to adopt that idea.