The Department of Justice (DOJ) and the Commodity Futures Trading Commission (CFTC) actions against BitMEX in October are the federal government’s latest warning to the crypto sector that brazen flouting of anti-money laundering (AML) laws and regulations will have dire consequences. They demonstrate that U.S. government support for financial innovation and ingenuity will never eclipse its imperative to ensure compliance with AML requirements.
BitMEX—derived from Bitcoin Mercantile Exchange—is a cryptocurrency and crypto-derivatives trading platform that has facilitated $1 trillion in cryptocurrency derivatives transactions, earning more than $1 billion in fees, since its inception in 2014. Owned and operated by HDR Global Trading Limited, a Seychelles corporation, BitMEX became one of the largest crypto trading platforms by volume. Its co-founder and CEO Arthur Hayes has been a prominent figure in the crypto sector.
Controversy has surrounded BitMEX in recent years. Cryptocurrency critic Nouriel Roubini accused BitMEX of a variety of illegal activities in July 2019. Soon afterward, media reports indicated that the CFTC was investigating BitMEX, which was not registered with the agency, for allowing U.S. residents to trade on its platform despite a formal ban noted in the exchange’s terms of service.
CFTC and DOJ Actions Against BitMEX
On Oct. 1, the CFTC announced the filing of a civil enforcement action against five entities and three individuals that own and operate BitMEX. The DOJ simultaneously announced criminal indictments against four BitMEX founders and executives. The CFTC and the DOJ each based its enforcement action primarily on violations of the Bank Secrecy Act (BSA).
The CFTC charged BitMEX with illegally offering commodity derivatives, and for failing to register in any capacity with the agency as required under the Commodity Exchange Act (CEA). The CFTC also charged BitMEX with violations of the CEA and related CFTC regulations in part for failing to implement “the most basic compliance procedures” required by the BSA.
The indictment filed by the U.S. Attorney for the Southern District of New York charged Hayes and three other BitMEX executives with criminal violations of the BSA and conspiring to violate the BSA. The DOJ alleged that these executives caused BitMEX’s willful failure to comply with the BSA by failing to establish and maintain an adequate AML program, including failing to implement adequate customer identification program/know your customer (KYC) procedures.
BitMEX’s executives were aware that the BSA applied to the exchange and took steps to circumvent compliance.
In 2015, after a CFTC enforcement order clarified that cryptocurrencies are commodities for purposes of the CEA, BitMEX executives withdrew the exchange from the U.S. market, implementing an internet protocol (IP) address check purportedly to identify and block customers located in the U.S. and then formally incorporating in the Seychelles.
According to the indictment, the IP address check included numerous design features that intentionally made it ineffective at blocking U.S. customers.
Incorporating in the Seychelles appeared to be another attempt to evade laws and regulations in the U.S. and other jurisdictions. According to the DOJ’s statement, Hayes bragged that they incorporated in the Seychelles rather than the U.S. because bribing regulators cost just “a coconut.”
The indictment lists specific examples of how BitMEX made itself an easy vehicle for money laundering and sanctions violations as a result of its failure to implement AML and KYC programs:
- BitMEX did not implement a formal AML policy after notice in May 2018 of claims that it was being used to launder the proceeds of a cryptocurrency hack.
- BitMEX did not implement a formal AML policy to address Iranian customers, even after multiple instances when management was made aware of Iranian customer activity. Executives personally communicated with customers who identified themselves as Iranian. Separately, internal reports identified Iranian customers subject to U.S. sanctions who traded on the platform from at least Nov. 2017 through April 2018.
- Executives knew that specific customers residing in the U.S. continued to access BitMEX’s platform in 2018 and failed to take steps to deactivate these accounts.
- Executives had access to internal reports that showed U.S. customers trading on BitMEX’s platform despite its ban.
- BitMEX engaged in marketing activities in the U.S. with the effect and intent of attracting U.S. customers despite the exchange’s ban. They included the famous stunt of renting several Lamborghinis and parking them outside of the Consensus 2018 conference in New York.
The Evolution of Crypto Regulation
Since 2013, U.S. authorities have gradually addressed various aspects of how federal laws apply to crypto-assets:
- FinCEN’s guidance on how the BSA applies to virtual currencies in 2013;
- the CFTC’s enforcement order finding Bitcoin to be a commodity in 2015;
- the SEC’s report of examination analyzing when a crypto-asset is considered a security in 2017; and
- the DOJ’s Cryptocurrency Enforcement Framework released in 2020 clarifying that federal law enforcement is focusing on the criminal uses of cryptocurrencies, leaving non-criminal regulatory issues to the regulators.
The CFTC’s BitMEX enforcement action shows that although the agency has a reputation as a crypto-friendly regulator, it will still punish violators just as any other federal regulator would. Even SEC Commissioner Hester Peirce—renowned as “CryptoMom”—has stated in an interview (see 24:30) that the actions against BitMEX follow AML enforcement policies that should have been already evident. Don’t be surprised if U.S. authorities bring more actions to enforce AML compliance in the cryptocurrency industry. A recent study of more than 800 exchanges found that 56% had weak KYC identification procedures, giving regulators many potential targets to choose from.
Avoiding Compulsory Compliance
The CFTC and DOJ BitMEX actions are another reminder of the harsh penalties for willful violations of the BSA and other federal laws and regulations. They also serve as valuable “lessons learned” to prompt any firm operating in the crypto sector to proactively assess its AML compliance now and take affirmative steps to cure any compliance deficiencies.
BitMEX is contesting the government’s charges, but behind the scenes is attempting to cure its compliance deficiencies. BitMEX’s company blog has announced efforts to strengthen its AML compliance, including:
- New CCO—On Oct. 12, the exchange hired a new chief compliance officer.
- KYC Verification Program—On Oct. 21, the exchange introduced a new KYC verification program, which required users to be fully verified by Nov. 5. Those who did not complete the KYC program will not be able to open new positions and, beginning Dec. 4, will not be able to withdraw funds from their BitMEX account without completing verification.
- Enhanced Trade Surveillance—On Nov. 12, BitMEX engaged a third-party software and compliance vendor to improve its trade surveillance and AML transactions. The new application will be integrated into BitMEX’s existing trade surveillance and AML processes to more efficiently screen out “bad actors and increase proactive monitoring for unauthorized trading activity on the BitMEX platform.”
The exchange could have avoided costly legal and reputational liabilities, had it taken its compliance obligations seriously. Implemented earlier as part of a good faith effort to comply with BSA/AML requirements, corrective actions could have helped BitMEX mitigate its potential civil and criminal liabilities. Following the initiation of government actions, such measures may be too late to do so.
The federal government’s late 2020 actions addressing crypto-assets should provide regulatory clarity that will help to further the development of the crypto sector. Whether actors in the crypto sector will understand these actions and adapt accordingly remains to be seen.
Bloomberg Law subscribers can find related content in our AML Compliance resources.
If you’re reading this on the Bloomberg Terminal, please run BLAW OUT <GO> in order to access the hyperlinked content.