On October 11, 2022, the US Treasury Department announced that cryptocurrency exchange Bittrex Inc. had agreed to pay a total of $53 million in fines for allegations that it violated sanctions and laws. anti-money laundering. The fines come after the Office of Foreign Assets Control (OFAC) and the Financial Crimes Enforcement Network (FinCEN) conducted parallel investigations into Bittrex’s activities. Bittrex settled with OFAC and FinCEN, respectively.
These actions, the largest against a crypto firm by OFAC and the first parallel action taken by OFAC and FinCEN, come as the virtual currency industry faces increasing regulatory scrutiny. Both OFAC and FinCEN focus on risks in the virtual currency space in general, and in particular when companies do not implement adequate compliance programs and internal controls from the outset.
The Treasury Department noted that these actions underscore the importance for crypto firms to maintain risk-based sanctions and anti-money laundering compliance programs. FinCEN’s consent order imposing the sanctions stated that Bittrex’s failure to implement appropriate internal controls “leaves its platform open to abuse by malicious actors, including money launderers, terrorist financiers and sanctions evaders”.
Overview of OFAC settlement with Bittrex
Bittrex has agreed to pay approximately $24 million to OFAC to settle its potential civil liability for approximately 116,000 apparent violations of multiple sanctions programs.
The settlement notes that Bittrex did not prevent persons apparently located in sanctioned jurisdictions in the Crimea region of Ukraine, Cuba, Iran, Sudan, and Syria from using its platform to perform approximately $263 million in virtual currency-related transactions between March 2014 and December 2017. Based on the IP address information and physical address information collected from each client during onboarding, it was found that Bittrex had reason to know that these users were in sanctioned jurisdictions. Bittrex did not control this customer information for terms associated with sanctioned jurisdictions at the time of transactions.
FinCEN Settlement Overview with Bittrex
Bittrex has agreed to hand over approximately $29 million for its willful violations of the Bank Secrecy Act (BSA) Anti-Money Laundering (AML) program and Suspicious Activity Reporting (SAR) requirements. FinCEN will credit Bittrex’s $24 million payment as part of its agreement to settle its potential liability with OFAC against FinCEN-imposed sanctions.
FinCEN’s investigation found that, from February 2014 to December 2018, Bittrex, while aware of its obligations under the BSA, failed to develop, implement, and maintain an effective AML program. In particular, Bittrex has failed to maintain adequate controls reasonably designed to ensure compliance with SAR filing requirements. Instead of using transaction monitoring software tools to screen transactions for suspicious activity, Bittrex relied on a small number of employees with minimal AML training and experience to manually review all transactions. looking for suspicious activity. Additionally, Bittrex’s AML program failed to adequately address the risks associated with the products and services it offered, including anonymity-enhanced cryptocurrencies. Due to these shortcomings, Bittrex did not file any SARs between February 2014 and May 2017, and did not identify and block a significant number of transactions involving sanctioned jurisdictions. As is usually the case with FinCEN resolutions, Bittrex was required to admit the facts giving rise to the settlement.
Key points to remember
The Treasury Department continues to focus on the virtual currency space. Last month, it began seeking public comment on possible illicit finance and national security risks posed by the use of digital assets, as part of the agency’s mandate under the March Executive Order. of President Biden to study the development of cryptocurrency, further indicating that further scrutiny and review of this space is forthcoming.
The enforcement actions associated with OFAC’s guidance on compliance in the virtual currency space and for instant payment systems indicate that companies must take responsibility for their compliance with OFAC. This responsibility does not end even when the company uses a third-party provider for its OFAC compliance program, as Bittrex did. Businesses are responsible for monitoring and enforcing the services provided by their vendors and cannot rely solely on the vendor to ensure that the business is compliant.
Businesses should develop and implement risk-based compliance programs, especially when engaging in high-risk activities such as cross-border financial transactions in the virtual currency space. This also applies to startups in the virtual currency space because, as these enforcement actions indicate, startups will not receive leniency for not having compliance programs in place as they go. they become operational. Additionally, crypto businesses, and in particular exchanges and payment processors, should review their BSA/AML and sanctions programs to ensure that they have adequate controls in place to address the risks of ‘AML and penalties presented by their operations.
©2022 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XII, Number 292