On October 6, the Department of Justice (“DOJ”) announced the creation of a National Cryptocurrency Enforcement Team (“NCET”).  The DOJ press release is set forth in part below, without further commentary, other than to observe that the NCET’s stated goals are to address issues on which we repeatedly have blogged:  crypto exchangers and their AML

Government Alleges Systemic and Deliberate AML Failures

Filings Describe Tools for CVC Exchanges to Use for Customer Due Diligence and Transaction Monitoring

The Financial Crimes Enforcement Network (“FinCEN”) and the Commodity Futures Trading Commission (“CFTC”) announced on August 10 (here and here) settlements with the operators of the BitMEX cryptocurrency trading platform for alleged anti-money laundering (“AML”) violations under the Bank Secrecy Act (“BSA”), and for allegedly failing to register with the CFTC.  More specifically, FinCEN’s assessment of a civil monetary penalty and the CFTC’s consent order both involved the five companies operating the BitMEX platform: HDR Global Trading Limited, 100x Holding Limited, ABS Global Trading Limited, Shine Effort Inc Limited, and HDR Global Services (Bermuda) Limited (collectively, “BitMEX”).

BitMEX will pay regulators up to a combined $100 million civil monetary penalty; perform a “lookback” regarding the potential need to file additional Suspicious Activity Reports (“SARs”); and hire an independent consultant to conduct two reviews of BitMEX’s operations, policies, procedures, and controls, in order to confirm that BitMEX is not operating in the U.S., and that no U.S. customers are able to trade with the BitMEX platform.

According to the government filings, BitMEX is one of the oldest cryptocurrency derivative exchanges, with 1.3 million user accounts and a collection of annual fees in excess of $1 billion.  Combined, the government filings allege that for a period of six years between November 2014 and October 1, 2020, BitMEX offered trading of cryptocurrency derivatives to retail and institutional customers in the U.S. and worldwide through BitMEX’s website. Customers in the U.S. placed orders to buy or sell contracts directly through the website and BitMEX was aware that U.S. customers could access the BitMEX platform via virtual private network (“VPN”).

The civil penalty will be split between FinCEN and the CFTC.  However, the settlement involves an interesting “carrot” offered by the regulators:  $20 million of the penalty is suspended pending the successful completion of the SAR lookback and the two independent consultant reviews.

According to the government’s allegations, BitMEX deliberately ignored for years the most basic AML requirements, resulting in multitudinous violations and inviting – and even encouraging – its customers to launder illicit funds.  As we will describe, the government has alleged that BitMEX operated on the announced pretext that it was not subject to the BSA or U.S. commodities laws because it had no U.S. customers or operations, when senior management knew otherwise.
Continue Reading FinCEN and CFTC Reach Groundbreaking $100 Million AML Settlement with BitMEX

Treasury Offers Something for Everyone to Comply With: Trades and Businesses, Banks, Crypto Exchangers and Individuals

On May 21, 2021, the U.S. Department of Treasury (“Treasury”) released its American Families Plan Tax Compliance Agenda (“Agenda”), a comprehensive set of initiatives to increase tax compliance and close the “tax gap” between the amount taxpayers owe and the amount that is actually paid.  While part of the $80 billion plan calls for providing Treasury and specifically the Internal Revenue Service (“IRS”) with additional resources to combat tax evasion, the Agenda also proposes revisions to current regulations and leveraging existing infrastructure to “shed light on previously opaque income sources;” namely, cryptocurrency.  Although the sweeping Agenda obviously focuses on tax compliance, it also has related consequences for Bank Secrecy Act (“BSA”) compliance in areas where the BSA and the tax code overlap as to cryptocurrency.

The Agenda also represents the latest in a string of initiatives by the U.S. government regarding the increasing regulation of the use of cryptocurrency, whether by direct users, exchangers of cryptocurrency, or financial institutions with customers dealing in cryptocurrency.  The Agenda represents both an acknowledgement by the U.S. Treasury that cryptocurrency use has become “normalized,” coupled with a clear signal that its use will be highly scrutinized and regulated.
Continue Reading As Treasury Eyes Crypto in Tax Compliance Agenda, Reporting Obligations May Increase – Including a Crypto “Form 8300” for Transactions over $10K

In Related Case, Federal Court Holds that Bitcoin-to-Bitcoin “Tumbler” Can Represent “Money Transmission”

On April 27, IRS CI and FBI Special Agents arrested Roman Sterlingov, a dual citizen of Russia and Sweden, for his alleged role as the founder and operator of Bitcoin Fog, a cryptocurrency “tumbler” or “mixer” aimed at concealing the source of funds. The criminal complaint and accompanying Statement of Facts, filed in the District of Columbia, alleges that over the course of 10 years, Bitcoin Fog moved more than 1.2 million bitcoin, valued (at the time of the transactions) at about $335 million. According to the government’s press release, “[t]he bulk of this cryptocurrency came from darknet marketplaces and was tied to illegal narcotics, computer fraud and abuse activities, and identity theft.”

Sterlingov allegedly founded the site while promoting it under the pseudonym Akemashite Omedetou, a Japanese phrase that means “Happy New Year.” In a post on an online Bitcoin forum, Omedetou advertised that Bitcoin Fog “[mixes] up your bitcoins in our own pool with other users,” and “can eliminate any chance of finding your payments and making it impossible to prove any connection between a deposit and a withdraw inside our service.”

Ironically, Sterlingov was identified by investigators using the very same sort of tracing that Bitcoin Fog was meant to forestall. The Statement of Facts outlines in extensive detail how Sterlingov allegedly paid for Bitcoin Fog’s domain using a now-defunct digital currency; it goes on to show a series of transactions recorded to the blockchain that identifies Sterlingov’s purchase of that currency with bitcoin. Based on tracing those financial transactions, investigators were able to identify Sterlingov’s home address and phone number, together with a Google account that hosts a document that describes how to obscure bitcoin payments – that document mirrors closely the methods Sterlingov allegedly employed to purchase the Bitcoin Fog domain.

In addition to thanking various domestic law enforcement agencies, the government’s press release highlights the international nature of the investigation by also thanking Europol and Swedish and Romanian law enforcement agencies. The criminal complaint against Sterlingov is therefore another example of IRC-CI pursuing its simultaneous goals of fighting crypto-related crime and collaborating with foreign law enforcement officials in order to do so.

Notably, this is the second case brought by the Department of Justice, Criminal Division’s Computer Crime and Intellectual Property Section, targeting virtual currency mixer operations. In United States v. Harmon, a case also being prosecuted in the District of Columbia, the defendant has similarly been charged for his alleged role in operating Helix, a bitcoin mixer that sent more than $300 million in bitcoin to designated recipients.
Continue Reading DOJ Again Charges Crypto “Mixer” Under the BSA and District of Columbia’s Money Transmitters Act

Stated Concern is that Terrorism is Funded Primarily Through Small International Transfers

Proposed Change Would Expand BSA Definition of “Money” to Include Virtual Currency

The Financial Crimes Enforcement Network (“FinCEN”) and the Federal Reserve Board (“Board”) have requested comment on an important proposed new rule that would amend the “Recordkeeping Rule” and “Travel Rule” under the Bank Secrecy Act (“BSA”) and expand them significantly. The proposed regulation would reduce the current $3,000 threshold to only $250 for international transfers, thereby substantially expanding the scope of these rules.

Even by FinCEN’s own estimates, the effect would be broad. According to FinCEN, the new regulation would affect an estimated 5,306 banks, 5,236 credit unions, and 12,692 money transmitters – including exchangers of digital assets, who arguably would be most impacted by the new regulation. Further, FinCEN estimates – likely conservatively – that compliance would require no less than 3.3 million additional hours, annually. FinCEN and the Board strongly suggest that such compliance burdens are worth the effort, given the perceived value to law enforcement in combatting terrorism, which tends to be funded by small international transfers.
Continue Reading To Fight Terrorism, FinCEN and Federal Reserve Board Request Comment on Proposed Major Expansion of Recordkeeping and Travel Rules for International Transfers

In the past month, the Government Accountability Office (“GAO”), a non-partisan legislative agency that monitors and audits government spending and operations, has issued a series of reports urging banking regulators and certain executive branch agencies to adopt recommendations related to trade-based money laundering (“TBML”) and derisking. These reports underscore (1) the importance of TBML as a key, although still inadequately measured, component of money laundering worldwide, and (2) that the GAO remains interested in assessing how banks’ regulatory concerns may be influencing their willingness to provide services.

Taken together, the GAO’s recent activity signals that even in the face of unprecedented public health and regulatory challenges posed by COVID-19, the GAO still expects banking regulators and agencies alike to fulfill its prior commitments on other, unrelated topics.


Continue Reading Government Accountability Office Roundup: Recent Activity on Topics Related to Trade-Based Money Laundering and Derisking

Case Sheds Light on Latest Methods to Evade Detection: “Peeling” Chains

On March 2, the U.S. government sanctioned and indicted two Chinese nationals for helping North Korea launder nearly $100 million in stolen cryptocurrency. The indictment, filed in the District of Columbia, charges the defendants with conspiring to commit money laundering transactions designed to both “promote” and “conceal” the underlying crimes of wire fraud (the theft of the cryptocurrency via hacking) and operating as an unlicensed money transmitter — the latter of which is also charged in the indictment as an additional count.

According to the related and detailed civil forfeiture complaint, these funds were only a portion of those stolen in 2018 by state-sponsored hackers for North Korea from a South Korean exchange. These actions, notable in several respects, provide a glimpse at the latest methods of laundering cryptocurrency.

Anyone attempting to launder illicit cryptocurrency faces at least two big challenges. First, due to rigid know-your-customer rules, one cannot simply deposit large amounts of funds at an exchange without raising red flags. Second, because all cryptocurrency transactions are recorded on a blockchain, they can be traced.

To clear these hurdles, the complaint alleges that North Korean hackers used “peeling chains.” In a peeling chain, a single address begins with a relatively large amount of cryptocurrency. A smaller amount is then “peeled” off this larger amount, creating a transaction in which a small amount is transferred to one address, and the remainder is transferred to a one-time change address. This process is repeated – potentially hundreds or thousands of times – until the larger amount is pared down, at which point the amount remaining in the address might be aggregated with other such addresses to again yield a large amount in a single address, and the peeling process goes on.
Continue Reading Two Chinese Nationals Charged with Money Laundering Over $100 Million in Cryptocurrency for North Korea

Plaintiffs Failed to Sufficiently Allege Knowledge or Recklessness by Company Concerning AML Compliance Problems, Despite Admissions Made by Company When Responding to Major Government Enforcement Actions 

On February 25, 2020, the Tenth Circuit Court of Appeals upheld the dismissal of shareholders’ securities-fraud class action against the Western Union Company (“Western Union”) and several of its current and former executive officers based on the company’s alleged anti-money laundering (“AML”) compliance failings.

The suit was filed in February 2017 following the announcement of a deferred prosecution agreement (“DPA”) between Western Union and the U.S. Department of Justice. The DPA was based upon Western Union’s alleged willful failure to maintain an effective AML program and aiding and abetting of wire fraud between 2004 and 2012. The DPA, about which we have previously blogged, charged Western Union with filing Suspicious Activity Reports (“SARs”) regarding activity by its customers but failing to file SARs regarding the actions of its own agents who were likely complicit. The DPA and related civil enforcement actions from the Federal Trade Commission and FinCEN required Western Union to pay a combined penalty of $586 million.

As we also have blogged, shareholder derivative suits based on alleged AML failures are proliferating, for both U.S.-based and foreign-based financial institutions – as well as their executives. Primary examples include Danske Bank and some of its former executives, as well as Westpac, Australia’s second-largest retail bank, which currently face such lawsuits in the U.S. Such lawsuits now represent predictable collateral consequences flowing from AML-related scandals. Here, Western Union obtained dismissal because the plaintiffs failed to allege sufficient facts regarding the key issue of mental state – that is, facts that would support a strong inference of actual knowledge or reckless disregard that the public statements regarding Western Union’s actual state of AML compliance were false. The detailed Tenth Circuit opinion illuminates the practical contours of the scienter standard regarding AML compliance, or alleged lack thereof. Ultimately, plaintiffs’ arguments based upon a “fraud by hindsight” theory will fail.
Continue Reading Tenth Circuit Rejects Shareholders’ Fraud Claims Against Western Union Based on Alleged AML Failings

Government Suggests that Unusual Pleas are Just the Tip of an Iceberg

Chinese law generally prohibits its citizens from converting more than $50,000 in Chinese yuan into foreign currency in a year.  On Monday, two men living in Las Vegas pleaded guilty in federal district court in the Southern District of California to operating an unlicensed money transmitter business, in violation of 18 U.S.C. § 1960.  Allegedly, they ran a scheme in which they helped clients circumvent this Chinese law — as well as the anti-money laundering programs of U.S. financial institutions — by converting electronic funds in China into hard currency in the United States, which the clients then used to gamble at casinos.

The case reflects the continuing ingenuity employed by individuals to use expanding technologies to circumvent currency controls and money laundering laws.  The case is also interesting because the defendants allegedly ran their scheme with the help of insiders at the casinos, who provided assistance in exchange for a cut of the cash.
Continue Reading Guilty Pleas Highlight Illicit Funneling of Chinese Cash to Casinos

Leaders of FinCEN, CFTC and SEC Attempt an Intricate Dance of Competing Oversight of Virtual Currency

On October 11, the leaders of the Financial Crimes Enforcement Network (“FinCEN”), the Commodity Futures Trading Commission (“CFTC”), and the Securities and Exchange Commission (“SEC”) issued a “Joint Statement on Acitivites Involving Digital Assets” in order to “remind persons engaged in activities involving digital assets of their anti-money laundering and countering the financing of terrorism (AML/CFT) obligations under the Bank Secrecy Act (BSA).”  The regulation of cryptocurrency has been a constant topic of this blog.
Continue Reading Joint Statement on Digital Assets Highlights AML Regulatory Overlap