In a recent assessment, CFTC and FinCEN found the virtual currency exchange BitMEX lacked a number of licenses and had inadequate KYC, AML and CIP practices, among other infractions. The exchange incurred a $100 million penalty as a result.
with contributing authors Jessica Hillier and Amanda Bonello
On August 10, 2021, the Commodities Futures Trading Commission (CFTC) and Financial Crimes Enforcement Network (FinCEN) fined the virtual currency exchange BitMEX $100 million for a long list of compliance failures.
The two agencies announced the assessment specifically against HDR Global Trading Limited, 100x Holding Limited, ABS Global Trading Limited, Shine Effort Inc Limited and HDR Global Services (Bermuda) Limited (collectively, “BitMEX”).
This announcement follows an October 2020 complaint filed by the CFTC against BitMEX for illegally offering leveraged retail commodity transactions, futures, options and swaps on cryptocurrencies including Bitcoin, Ether and Litecoin, allowing traders to use leverage of up to 100 to 1 when entering into transactions on its platform.
Despite having earned fees of more than $1 billion since beginning operations in 2014, BitMEX was found to have categorical U.S. compliance failures, including:
- executing futures transactions on an unlicensed board of trade;
- failing to register as a futures commission merchant (FCM);
- failing to register as a designated contract market (DCM) or swap execution facility (SEF);
- and failing to supervise its employees.
In addition, the CFTC and FinCEN found that, as a “financial institution,” BitMEX failed to implement a required Bank Secrecy Act/anti-money laundering (BSA/AML) compliance program, including a customer information program (CIP), filing of suspicious activity reports (SAR) and compliance with know your customer (KYC) and AML policies and procedures.
BSA/AML Compliance Failures
As a “financial institution,” BitMEX was required to implement compulsory elements of a BSA/AML compliance program, namely CIP and KYC procedures that would enable the identification of U.S. persons using the BitMEX platform. By failing to do so, BitMEX was not able to identify the majority of its customers, whether from the U.S. or otherwise, and lacked the required compliance elements to detect and prevent terrorist financing and other criminal activity as required by U.S. law. In addition, the regulators found that BitMEX physically deleted records for various accounts specifically because a user was found to be in the U.S. or another “restricted jurisdiction.”
Increased Regulatory Scrutiny of Cryptocurrency Industry
With the recent explosion of the crypto industry and retail and institutional interest increasing, there is a heightened focus on regulatory and compliance practices around cryptocurrency. With a new infrastructure bill being passed by the U.S. Congress, there is an additional level of scrutiny around these CVCs. Even with the fragmented state of the crypto regulatory landscape, there are safeguards in place to ensure there is adequate transparency, safety and infrastructure at levels required for large mainstream investors to be protected. In fact, there is a current proposal to clarify the application of the Travel Rule and Recordkeeping Rule and apply such rules to cryptocurrency exchanges (see 85 FR 68005).
Additionally, FinCEN recently proposed a rule that would apply new reporting and recordkeeping mandates to money services businesses (MSBs) and banks whose customers use unhosted wallets (see 85 FR 83840).
There are new mandates, such as new reporting requirements, that will need to be followed by crypto exchanges in the U.S. For example, any “exchange” or “person who (for consideration) is responsible for regularly providing any service effectuating transfers of digital assets on behalf of another person,” will need to file an information return reporting the transaction. In addition, they need to supply a payee with a proper information statement, otherwise the IRS may levy a penalty. Crypto fund managers that invest in crypto futures must be licensed with the CFTC as a commodity trading advisor (CTA) and a commodity pool operator (CPO). These requirements will ensure that crypto exchanges are in compliance with applicable rules and regulations.
Staying on Top of the Regulatory Environment
The BitMEX situation highlights the need for financial institutions to stay on top of an ever-changing regulatory environment and to ensure they have robust financial crimes compliance programs. Continuously monitoring the regulatory landscape against existing business practices can help to ensure institutions remain compliant with regulatory expectations while minimizing impacts to growth. Additionally, third-party advisory and managed-services solutions can be used to support cryptocurrency compliance, including compliance program design, KYC and customer due diligence (CDD and EDD reviews), sanctions screening and investigation support. It is important to maintain continuous monitoring and real-time analysis of the legislative, regulatory and geopolitical landscape.