October 11, 2022, U.S. Treasury Department Financial Crimes Enforcement Network (FinCEN) and Office of Foreign Assets Control (OFAC) announced $29 Million Civil Fine Against Leading U.S. Cryptocurrency Exchange Bittrex settlement With FinCEN and OFAC in connection with Bittrex’s alleged historical violations of the Bank Secrecy Act (BSA), FinCEN Anti-Money Laundering (AML) Regulations, and “clear violations of multiple sanctions programs.”Simultaneously with the announcement, FinCEN will consent order OFAC is Cancellation of enforcement Describe the alleged violations and the terms of the settlement.
- According to the Consent Order, from approximately February 13, 2014 to approximately December 7, 2018 (the relevant period), Bittrex violated the FinCEN AML Regulations. It is reasonably designed to prevent the trading platform and hosted wallet services from being used to facilitate money laundering and the financing of terrorist activities. (2) failing to report suspicious transactions accurately and in a timely manner;
- According to the Consent Order and Enforcement Release, Bittrex has been valued at more than $260 million with entities and individuals located in OFAC-sanctioned jurisdictions such as Iran, Cuba, Sudan, Syria, and the Crimea region of Ukraine. Processed over 116,000 cryptocurrency-related transactions. .
- Bittrex purportedly grew from a start-up to a major U.S. cryptocurrency exchange in its early stages without taking the proper steps to properly implement and expand its BSA and OFAC compliance programs.
Overview of BSA requirements
Pursuant to FinCEN regulations implementing BSA, cryptocurrency exchanges such as Bittrex are considered convertible virtual currency (CVC) exchanges. As such, it must meet the definition of a money service business (MSB), meet certain AML, and combat terrorist financing (CFT) obligations. Bittrex was therefore required to develop, implement and maintain an effective written AML/CFT program that at least:
(a) incorporate policies, procedures and internal controls reasonably designed to ensure continued compliance with the BSA and FinCEN regulations;
(b) Appoint individuals responsible for ensuring day-to-day compliance with MSB’s AML program and all FinCEN regulations;
(c) provide education and/or training to appropriate personnel, including training on suspicious transaction detection;When
(d) provide independent reviews to monitor and maintain appropriate programs;
Suspected BSA and OFAC Violations
Among other things, the consent order cited the following BSA and OFAC violations:
Inadequate transaction monitoring
The Consent Order stated, “In 2016, Bittrex made an average of 11,000 transactions (deposits and withdrawals) per day on its platform, with a daily value of approximately $1.54 million.” trading volume and value increased to an average of 23,800 trades.” The daily value is approximately $97.9 million. However, during the relevant period, Bittrex relied on just two of his employees, “with minimal his AML training and experience,” to manually review all transactions for suspicious activity and “clearly resulting in an “ineffective” transaction monitoring process.
Do not submit suspicious activity reports
The Consent Order states that “Bittrex did not file one Suspicious Activity Report (SAR) from its inception in 2014 to May 2017,” and “From May 2017 to November 2017, It has only filed one SAR during that time.” The Consent Order filed SARs related to Bittrex’s inability to detect suspicious activity and “direct transactions with online darknet marketplaces such as AlphaBay, Agora, and Silk Road 2” and “transactions related to ransomware attacks.” I emphasize that I did not.
Facilitation of OFAC prohibited transactions
According to the consent order, “[f]Between February 2014 and February 2016, Bittrex knew it needed to avoid processing transactions that violated OFAC sanctions, but failed to do so. The Consent Order and Enforcement Release show that Bittrex hired a software vendor for OFAC screening in February 2016, but did not comply with OFAC’s Specially Designated National and Blocked Persons List (SDN List). ) and others, however, did not “scrutinize customers or transactions for their relationship with licensed jurisdictions” until October 2017. The enforcement release states that Bittrex learned of the vendor’s inadequate scrutiny only through her OFAC subpoena issued in October 2017.
The consent order further states that “Bittrex has processed transactions with parties located in licensed jurisdictions that are hundreds of times larger than the typical transactions of certain customers.” Through accounts opened on behalf of individuals located in Bittrex, more than 200 transactions involving a CVC valued at $140,000 (nearly 100 times the average withdrawal or deposit on the Bittrex platform) and 1 million We have processed 22 transactions, including dollar worth CVCs.” in a licensed jurisdiction;
Use of high-risk CVC
According to the consent order, Bittrex was aware of the risks posed by certain anonymity-enhanced cryptocurrencies (AECs) exchanged on its platform, such as monero, zcash, pivx, and dash, but “actually Failure to fully address the risks, or the company’s documented AML compliance program,” and “appropriate policies, procedures, and internal controls to effectively mitigate risks associated with particularly challenging AECs such as monero.” could not be implemented.”
Enforcement Factors and Civil Penalties
According to the consent order, FinCEN “considered all the factors outlined in the Bank Secrecy Act Enforcement Statement issued on August 18, 2020.” And I found the following factors “particularly relevant” in determining Bittrex penalties:
- the nature and severity of the violation; This includes the degree of potential harm to the public and the systemic nature of the violation.
- Prevalence of fraud within financial institutions.
- History of common similar violations or misconduct;
- any financial or other benefit resulting from any breach;
- Availability of prompt and effective action to end violations upon discovery, including self-initiated corrective actions;
- Timely and Voluntary Disclosure of Violations to FinCEN.
- Quality and scope of cooperation with FinCEN and other relevant agencies.When
- Whether enforcement action has been taken by another agency against the relevant activity.
The OFAC Enforcement Release lists the following exacerbating and mitigating factors:
- Aggravating factor: Bittrex: (1) Operated without a sanctions compliance program for almost two years, screened only against the SDN list, and implemented a program to allow people in sanctioned jurisdictions to use the exchange. (2) had reason to know that the user was in a licensed jurisdiction based on IP address and physical address data; (3) brought economic benefits to thousands of people in OFAC-sanctioned jurisdictions;
- Mitigating factors: Bittrex: (1) has not been penalized or found in violation by OFAC for five years from the date of the first trade that caused the apparent violation; (2) It was a small, new company at the time when most of the apparent violations occurred. (3) provided substantial cooperation in connection with OFAC investigations; (4) Clear violations were found based on transactions that were relatively small and represented a small percentage of the total annual transactions. (5) in response to apparent violations, promptly took a series of corrective actions, including hiring an experienced Chief Compliance Officer to oversee and implement an effective AML and OFAC compliance program;
The statutory maximum for an OFAC violation is $35,773,364,108.57 and the basic civil penalty under OFAC’s Economic Sanctions Enforcement Guidelines is $485,616,584.00. However, based on the aforementioned factors and “non-egregious” violations, the final settlement amount was $24,280,829.20.
FinCEN has imposed a civil fine of $29,280,829.20. FinCEN credited her $24,280,829.20 which Bittrex agreed to pay for his OFAC violations. Among other things, Bittrex has also agreed to cooperate fully with FinCEN on all matters within the scope of or related to FinCEN. [Consent Order], including investigations of current or former directors, officers, employees, agents, consultants or other parties. ”
Digital asset businesses should take great care to ensure that their BSA and OFAC compliance programs scale with revenue growth and not try to reduce costs by minimizing compliance staff and procedures. Those that risk facing large fines and penalties. Digital asset businesses should also heed this consent order and its claims. It provides insight into what FinCEN considers to be best practices for mature AML and OFAC programs. (ii) disable privacy-enhancing features of the AEC; and (iii) use blockchain analytics as part of customer due diligence, transaction monitoring, and reporting obligations. As U.S. regulators increase their focus on the digital asset market, companies must take proactive steps to ensure they are compliant with BSA, FinCEN regulations, and OFAC. Sanctions Compliance Guidance for the Crypto Industry.
 look FIN-2013-G001, “Application of FinCEN Regulations to Persons Who Manage, Exchange, or Use Virtual Currencies,” March 18, 2013. It is an alternative to currency and is a kind of “value alternative to currency”. FIN-2019-G001, “Guidance, Application of His FinCEN Regulations to Certain Business Models Involving Convertible Virtual Currencies,” §1.3, May 9, 2019.
 31 USC § 5318(h); 31 CFR § 1022.210(a).
 31 USC § 5318(h)(1); 31 CFR § 1022.210(d) and (e).
 FinCEN, Bank Secrecy Act Enforcement Statement (18 August 2020), https://www.fincen.gov/sites/default/files/shared/FinCEN%20Enforcement%20Statement_FINAL%20508.pdf.