On October 19, 2022, the U.S. Attorney’s Office for D.C., on behalf of the Financial Crimes Enforcement Network (“FinCEN”), filed a civil complaint against Larry Dean Harmon (“Harmon”), seeking $60 million in civil penalties for alleged violations of the Bank Secrecy Act (“BSA”) in connection with Harmon’s involvement in now-defunct cryptocurrency services Helix and Coin Ninja LLC. The complaint seeks to obtain a judgment on FinCEN’s 2020 Assessment of Civil Money Penalty against Harmon (“Assessment”), which is attached to the complaint and includes a detailed statement of facts.
As we have blogged, Harmon previously pled guilty to operating an unlicensed money transmitter business. Harmon’s sentencing hearing in the criminal case has been continued, and he reportedly has been attempting to cooperate with the government. It appears that the civil complaint may represent something of a formality: it seeks to reduce the assessment against Harmon to an actual civil judgment, upon which the government can collect in theory, in anticipation of Harmon’s criminal sentencing and any potential additional matters in which he may attempt to cooperate.
According to the complaint, starting in 2014, Harmon operated Helix, a bitcoin “mixing” service, which Harmon allegedly advertised explicitly as a way for customers to conceal their identities from the government. The statement of facts attached to the Assessment alleged that Harmon “publicly advertised Helix on Reddit forums dedicated to darknet marketplaces, actively seeking out and facilitating high-risk transactions directly through customer service and feedback.” Such “mixing” services – designed to maximize anonymity – increasingly have drawn the ire of the government, as reflected by the recent and controversial action by the Office of Foreign Assets Control to sanction virtual currency “mixer” – or passive technology – Tornado Cash.
Harmon became the CEO of Coin Ninja LLC after Helix ceased operations. According to the complaint, Harmon conducted over 1,225,000 transactions for customers between 2014 and 2017 “and is associated with virtual currency wallet addresses that have sent or received over $311 million.” Although the complaint alleges failures to establish appropriate internal controls under the BSA, the complaint is hardly focused on “technical” process and procedure. To the contrary, the complaint paints Harmon as a professional money launderer and his businesses as inherently criminal, designed to thwart law-abiding crypto exchanges: “Harmon actively aided cybercriminals and other threat actors in circumventing the policies, procedures, and internal controls in place at U.S.-based convertible currency exchanges. Through his services, Harmon promoted unlawful online activities by concealing the nature, the location, the source, the ownership, and the control of the proceeds of online drug sales, among other illegal online activities.”
While operating both Helix and Coin Ninja, Harmon committed several alleged violations of the BSA, including failing to register both entities as money service businesses; not having anti-money laundering (“AML”) programs and procedures to ensure compliance with BSA’s suspicious activity reporting (“SAR”) requirements; and failing to file SARs. Indeed, FinCEN identified at least 2,464 instances in which Harmon failed to file a required SAR for transactions involving Helix. The statement of facts attached to the Assessment provides a fascinating description of “39 darknet marketplaces and other illicit markets where individuals bought and sold illicit goods and services[,]” and with which Helix addresses interacted directly.
FinCEN has the authority to assess civil money penalties against financial institutions such as money services businesses, or MSBs, and their current and former employees, who willfully violate the BSA. However, as reflected by the complaint, FinCEN cannot institute litigation on its own behalf, but instead must rely upon the DOJ to do so. As noted by the complaint, FinCEN now can assess a penalty of up to $219,156 for each day of an ongoing willful AML program violation occurring after November 2, 2015. Regardless of the precise math, the potential penalties can add up very quickly, and Harmon faced a potential civil penalty of up to several hundred million dollars.
In determining the penalty, FinCEN considered several factors under its Statement on Enforcement of the Bank Secrecy Act, including: the nature and seriousness of the violations and harm to the public, the impact of the violation on FinCEN’s mission to safeguard the financial system, pervasiveness of wrongdoing, history and duration of the violation, cooperation, financial gain or other benefits, systemic nature of violations, and timely and voluntary disclosure of the violation. Based on all of the factors, including FinCEN’s determination that Harmon’s conduct was “serious and egregious,” FinCEN assessed a penalty in the amount of $60 million.