On June 5, 2023, the SEC filed an extensive civil complaint against Binance Holdings Limited, its assorted affiliates and its beneficial owner and CEO, Changpeng Zhao, alleging multiple violations of the Securities Act of 1933 and the Securities Exchange Act of 1934. The Binance suit, as all of SEC’s enforcement efforts in the crypto space, arises from the hotly contested and frequently litigated predicate categorically asserted by the SEC that at least some cryptocurrencies are “securities” under, and therefore subject to, the federal securities laws. The Binance case demonstrates how, from that premise, the SEC takes a utilitarian approach to the crypto industry, essentially overlaying the functions and participants in the traditional securities industry against their counterparts in crypto.
Although the Binance enforcement action obviously focuses on securities law, it is relevant to anti-money laundering concepts because the action focuses on Know-Your-Customer (“KYC”) requirements, as a predicate to discussing the securities laws. The Binance enforcement action is similar to the enforcement action against Bitmex and other entities, which rested on the allegation that the entity attempted to pretend that it did not have U.S. customers — even though it in fact had such customers, as it allegedly well knew and despite efforts to obfuscate such U.S. contacts. This post therefore will focus on the KYC and customer identification issues presented by the Binance complaint.
The SEC and Crypto
For years, the SEC has made clear that crypto enforcement is among its highest priorities. In 2022, the SEC brought a total of 30 cryptocurrency-related enforcement actions, up 50% from 2021. And, through the first half of 2023, the SEC is on pace for an increase of more than 25% from last year’s numbers. This uptick in enforcement activity follows SEC’s significant expansion of its Crypto Assets and Cyber Unit in the Division of Enforcement last year, which nearly doubled its size. Gary Gensler, SEC Chair, bluntly stated his concern with the crypto industry in a recent Wall Street Journal interview: (linked article is paywall protected) “I’ve seen some non-compliance from time to time in traditional finance, but I’ve never seen a whole field so built upon non-compliance with law, and frankly speaking, that’s what a lot of the [cryptocurrency] business model is.”
The Binance lawsuit illustrates how SEC will litigate such alleged wholesale non-compliance. Binance Holdings Limited, the lead defendant, is a Cayman Islands-based limited liability company that operates the binance.com platform. Since its creation in 2017, it has operated as an international crypto asset-trading platform, marketing itself as serving customers in more than 100 countries. Binance operated through a web of subordinate or affiliated entities, in multiple jurisdictions, all tied to Zhao as their beneficial owner. As the Complaint sets forth, Zhao “has been dismissive of ‘traditional mentalities’ about corporate formalities and their attendant regulatory requirements,” stating: “Wherever I sit is the Binance office. Wherever I meet somebody is going to be the Binance office.”
Of course, being “dismissive” of corporate formalities and their attendant regulatory requirements is not the same as being oblivious to them. In the United States, professionals participating in the securities market are subject to significant regulatory oversight by the SEC. For instance, brokers (those who buy or sell securities on behalf of others) and dealers (those who buy or sell securities for their own account) must register with the SEC. Any organization or group of individuals who provide a marketplace for bringing together buyers and sellers of securities constitutes an “exchange” under the Exchange Act, required to register with the SEC. Any company offering its own securities for sale must file a registration statement with SEC making significant disclosures about the company and its securities. Furthermore, any person who acts as an intermediary in exchanging payment for a security constitutes a “clearing agency” also required to register with the SEC. Finally, “broker dealers” are “financial institutions” subject to the Bank Secrecy Act (“BSA”) and, as the Second Circuit recently upheld, the SEC statutorily is authorized under the Exchange Act to enforce the BSA against SEC registered entities.
As the Complaint alleges, Binance was aware of all of this. In a chat exchange with a Binance employee, its chief compliance officer (“CCO”) stated: “If US users get on .com [w]e become subjected to the following US regulators, fincen ofac and SEC.” That is, Binance was well aware that if it served US-based customers, it would become subject to United States regulations. Thus, it confronted a dilemma: (1) transact in the United States and comply with United States law; or (2) eliminate the entire United States market from its portfolio. Binance, according to the SEC, chose door number three: it engaged in an extensive scheme to conceal its United States customer base in order to evade United States regulatory oversight, thereby breaking numerous laws. In the words of the Binance CCO: “we are operating as a fking unlicensed securities exchange in the USA bro.”
The heart of Binance’s alleged efforts to evade US regulations was its manipulation of its KYC processes. Binance retained a consultant to help “insulate Binance from US enforcement.” Declining the consultant’s proffered “low risk” approach of “active outreach to regulators and resolve all potential issues,” Binance allegedly embarked on a strategy to achieve two goals: continue soliciting and serving United States-based customers and avoid United States regulatory scrutiny. As to the former, Binance’s alleged plan had several features. First, it formed and incorporated two United States-based entities to “become the target of all built-up enforcement tensions.” Next, it made numerous public statements disavowing any US-based activity and touting restrictions against U.S.-based activity “while privately encouraging U.S. customers to bypass these restrictions through the ‘strategic treatment’ of virtual private networks (“VPNs”) that would disguise their locations and thereby ‘minimize the economic impact’ of Binance’s public proclamations that it was prohibiting U.S. investors on the platform.”
To allegedly disguise its U.S. presence, Binance encouraged its customers to circumvent Binance’s geographic blocking of U.S.-based IP addresses by using a VPN service to conceal their location. It also encouraged certain “VIP” U.S.-based customers to circumvent Binance’s KYC restrictions by submitting updated KYC information that omitted any United States nexus. Additionally, through August 2021, Binance did not even require all of its customers to submit KYC documents.
Of its 62 million worldwide customers, only 25 million had submitted KYC documentation. During a meeting among senior Binance executives, its CCO stated that Binance had engaged in “the intentional circumvention of KYC.” At this same meeting, Zhou noted that his “goal” was “to reduce the losses to ourselves, and at the same time to make the U.S. regulatory authorities not trouble us.”
For its troubles, Binance is facing eleven claims for various violations of the Exchange Act. Those counts include engaging in the unlawful sale of securities; acting as an unregistered exchange, broker-dealer and clearing agency; control person liability against Zhou and securities fraud.
Interestingly, the SEC brings the securities fraud claim under Section 17(a)(2) of the Securities Act rather than Section 10(b) of the Exchange Act and Rule 10b-5 thereunder. Securities fraud is typically civilly enforced under Rule 10b-5, but in recent years the SEC has begun to assert more claims under 17(a)(2), a trend that has been discussed by experts in the field. The elements of Rule 10 b-5 and Section 17(a)(2) are similar in that they each require an untrue statement or omission of material fact. In this case, the claim centers on Binance’s statements concerning its KYC program and its avoidance of the United States markets.
The key distinction between Section 17(a)(2) and Rule 10(b), as held by the Supreme Court in Aaron v. SEC, 446 U.S. 680 (1980), is that Section 17(a)(2) does not require scienter and can be established if the defendant acted negligently, whereas a civil violation of Rule 10b-5 requires scienter, so the defendant must have acted recklessly. Further complexity is added to the mental state requirements of Rule 10b-5 and Section 17(a)(2) when it comes to criminalization of such violations. While Section 24, which criminalizes violations of Section 17(a)(2) requires defendants to have acted “willfully,” Section 32(a), which criminalizes violations of Rule 10b-5 requires defendants to have acted “willfully” and “knowingly” with respect to statements in mandatory SEC filings and registration statements and requires defendants to have acted only “willfully” with respect to other violations of Exchange Act. Proceeding under Section 17(a)(2) in SEC v. Binance action, particularly with such explicit evidence of potential willful violations, likely increases the SEC’s chances of prevailing. More broadly, this may indicate that in securities fraud cases predicated on compliance failures, the SEC may be more eager to pursue those cases under 17(a)(2) to take advantage of the lack of required scienter.
On the minds of many with an interest in SEC enforcement actions is the Supreme Court’s recent announcement that it will address the precedent set by the Court’s 1984 case Chevron U.S.A., Inc. v. NRDC, 467 U.S. 837 (1984) next term. The precedent set by Chevron, widely referenced to as Chevron deference, gives federal agencies the authority to interpret vague statutes and carry them out as they see reasonable. With the current composition of the Supreme Court,the elimination of Chevron deference is very much on the table.
Accordingly, the cryptocurrency industry is paying close attention, wondering if it could curb the SEC’s recent enforcement crackdown. While unlikely to undermine SEC’s classification of cryptocurrencies as securities, which is based on SEC interpretation of the Howie test – derived from Supreme Court precedent, not statute – elimination of the Chevron doctrine could certainly impact SEC’s rulemaking authority in the crypto space, setting the table for future litigation.