Complex Civil and Criminal Cases Converge

On August 17, 2023, Judge Robert Pitman of the federal district court for the Western District of Texas issued an Order granting summary judgment for the U.S. Treasury Department (“Treasury”) in a lawsuit brought by six individuals, and denying the cross-motion for summary judgment filed by the individuals. The lawsuit alleged that Treasury overstepped its authority by imposing sanctions on the coin mixing service Tornado Cash.  Deciding for the government, Judge Pitman determined that Tornado Cash is a “person” that may be designated by OFAC sanctions.  Specifically, the regulatory definition of “person” includes an “association,” and Tornado Cash is an “association” within its ordinary meaning.

Shortly thereafter, on August 23, 2023, the U.S. Department of Justice (“DOJ”) unsealed an indictment returned in the Southern District of New York against the alleged developers of Tornado Cash, Roman Storm (“Storm”), a naturalized citizen residing in the U.S., and Roman Semenov (“Semenov”), a Russian citizen.  The indictment charges them with conspiring to commit money laundering, operate an unlicensed money transmitting business, and commit sanctions violations involving the International Emergency Economic Powers Act, or IEEPA.  When the indictment was unsealed, Storm was arrested and then released pending trial.  Treasury simultaneously sanctioned Semenov, who remains outside of the U.S., adding him to OFAC’s Specially Designated Nationals and Blocked Persons (“SDN”) List.

These are very complicated cases raising complicated issues.  They are separate but obviously related.  As we will discuss, the factual and legal issues tend to blend together, and how a party characterizes an issue says a lot about their desired outcome:  has the government taken incoherent action against a technology, or has it pursued a group of people attempting to hide behind tech?

Continue Reading  All Roads Lead to Roman: Alleged Tornado Cash Co-Founders Roman Storm Arrested and Roman Semenov Sanctioned, Days After Treasury Defeats Lawsuit Challenging OFAC

Legislation Targets Unhosted Wallets, Validators and Digital Asset ATMs

On July 28th, Senators Elizabeth Warren (D-Mass), Roger Marshall (R-Kan.), Joe Manchin (D-W.Va.) and Lindsey Graham (R-S.C.), reintroduced the Digital Asset Anti-Money Laundering Act (the “Act”), legislation aimed at closing gaps in the existing anti-money laundering and countering of the financing of terrorism (AML/CFT) framework as it applies to digital assets. Senators Warren and Marshall previously had introduced the same piece of legislation in December 2022, but at that time it lacked widespread support and stalled in the Senate.

Now, potentially in response to crypto-friendly legislation that recently passed in the House, the Act gained momentum with a larger group of bipartisan legislators and may have a more promising future.  The Act also was reintroduced immediately on the heels of a successful amendment to the 2024 National Defense Authorization Act (NDAA) pertaining to AML compliance examinations for financial institutions under the Bank Secrecy Act (BSA) and the future regulation of anonymity-enhancing technologies, such as mixers or tumblers.  According to Senator Warren’s press release the Act currently enjoys the support of the Bank Policy Institute, the National District Attorneys Association, Major County Sheriffs of America, and the National Consumers League, among other groups.

As we discuss immediately below, the Act would make major changes to the current BSA/AML regulatory regime as it applies to digital assets.

Continue Reading  Bipartisan Group of Senators Re-Introduce the Digital Asset Money Laundering Act

We are pleased to offer the latest episode in Ballard Spahr’s Consumer Finance Monitor podcast series, A Look at the Treasury Department’s April 2023 Report on Decentralized Finance or “DeFi.” 

In this episode, we follow up and expand upon our blog post regarding the U.S. Department of the Treasury’s April 6, 2023 report examining vulnerabilities

On April 6, 2023, the U.S. Department of the Treasury released a report examining vulnerabilities in decentralized finance (“DeFi”), including potential gaps in the United States’ anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) regulatory, supervisory, and enforcement regimes for DeFi.  The report concludes by making a series of recommendations, including the closing of “gaps” in the application of the Bank Secrecy Act (“BSA”) to the extent that certain DeFi services currently fall outside the scope of the BSA’s definition of a “financial institution” covered by the BSA.  The report cautions that it does not alter any existing legal obligations, issue any new regulatory interpretations, or establish any new supervisory expectations.

Continue Reading  U.S. Treasury Releases Report and Recommendations Regarding Vulnerabilities in Decentralized Finance

The U.S. Department of Justice (“DOJ”) announced on March 15, 2023 that in a coordinated effort between U.S. Federal Bureau of Investigations, Europol, and German police, the darknet cryptocurrency mixing service ChipMixer has been shut down.  The operation involved the U.S. government’s court-authorized seizure of two domains that directed users to the ChipMixer service and one Github account.  In addition, German authorities seized $46 million in cryptocurrency, as well as ChipMixer’s back-end servers used to run the site. 

Further, the U.S. Attorney’s Office for the Eastern District of Pennsylvania filed a criminal complaint against ChipMixer’s suspected founder, Vietnamese national, Minh Quoc Nguyen (“Nguyen”), alleging that Nguyen openly flouted financial regulations and instructed users how to use ChipMixer to evade reporting requirements while obscuring his true name under a series of stolen and fictitious identities. The complaint also alleges that ChipMixer, described as a popular platform for laundering illicit funds gained from unlawful activities like drug trafficking, ransomware attacks (according to Europol, ransomware actors Zeppelin, SunCrypt, Mamba, Dharma, Lockbit have used ChipMixer), and payment card fraud, was used to launder more than $3 billion in cryptocurrency since 2017.  Nguyen has been charged with money laundering, operating an unlicensed money transmitting business, and identity theft in connection with the operation of ChipMixer. 

Continue Reading  Darkweb Cryptocurrency Mixer ChipMixer Shut Down for Allegedly Laundering $3 Billion Worth of Crypto

In its first use of Section 9714(a) of the Combating Russian Money Laundering Act, the Financial Crimes Enforcement Network (“FinCEN”) issued a notice of enforcement order (the “Order”) on January 18, 2023 against the cryptocurrency exchange Bitzlato Limited (“Bitzlato”), which has operated globally and is registered in Hong Kong.  The Order was issued in conjunction with the Department of Justice’s (“DOJ”) arrest of Bitzlato’s founder, Russian national Anatoly Legkodymov.  Bitzlato has processed over four billion dollars in cryptocurrency transactions since 2018.  According to the government, a substantial portion of those transactions involved criminal proceeds.

Legkodymov, who resided in China until his arrest in the United States, has been charged initially, via complaint and warrant, with conducting an unlicensed money-transmitting business under 18 U.S.C. § 1960, although the allegations against Bitzlato appear to extend far beyond mere unlicensed money transmission. Both the Order and the lengthy affidavit in support of the complaint stress that Bitzlato openly touted its intentional lack of any sort of real anti-money laundering (“AML”) program.  For example, “Bitzlato’s website advertised for years (and as recently as March 31, 2022) that the site offered ‘Simple Registration without KYC.  Neither selfies nor passports required.  Only your email needed.’  Similarly, a blog post on Bitzlato’s website stated:  ‘On Bitzlato no KYC is required for you to trade.’”

This post will focus on FinCEN’s Order, which identifies Bitzlato as a “primary money laundering concern,” and prohibits certain money transmission involving Bitzlato by covered financial institutions.  The Order also highlights the threats posed to U.S. national security and the integrity of the U.S. financial sector by Bitzlato’s active facilitation of laundering of Russian illicit finance. However, FinCEN’s press release makes clear that Bitzlato is just one part of a larger ecosystem of Russian cybercriminals, including ransomware attackers, operating with impunity in Russia.

Continue Reading  FinCEN Issues Enforcement Order Against Crypto Exchange Bitzlato in First-Time Use of Section 9714(a)

On October 19, 2022, the U.S. Attorney’s Office for D.C., on behalf of the Financial Crimes Enforcement Network (“FinCEN”), filed a civil complaint against Larry Dean Harmon (“Harmon”), seeking $60 million in civil penalties for alleged violations of the Bank Secrecy Act (“BSA”) in connection with Harmon’s involvement in now-defunct cryptocurrency services Helix and Coin Ninja LLC.  The complaint seeks to obtain a judgment on FinCEN’s 2020 Assessment of Civil Money Penalty against Harmon (“Assessment”), which is attached to the complaint and includes a detailed statement of facts.

As we have blogged, Harmon previously pled guilty to operating an unlicensed money transmitter business.  Harmon’s sentencing hearing in the criminal case has been continued, and he reportedly has been attempting to cooperate with the government.  It appears that the civil complaint may represent something of a formality:  it seeks to reduce the assessment against Harmon to an actual civil judgment, upon which the government can collect in theory, in anticipation of Harmon’s criminal sentencing and any potential additional matters in which he may attempt to cooperate.

According to the complaint, starting in 2014, Harmon operated Helix, a bitcoin “mixing” service, which Harmon allegedly advertised explicitly as a way for customers to conceal their identities from the government.  The statement of facts attached to the Assessment alleged that Harmon “publicly advertised Helix on Reddit forums dedicated to darknet marketplaces, actively seeking out and facilitating high-risk transactions directly through customer service and feedback.”  Such “mixing” services – designed to maximize anonymity – increasingly have drawn the ire of the government, as reflected by the recent and controversial action by the Office of Foreign Assets Control to sanction virtual currency “mixer” – or passive technology – Tornado Cash.  

Continue Reading  DOJ Files Lawsuit for $60 Million in Civil Penalties for Alleged BSA Violations by Crypto “Mixer”

Actions Highlight Risky Mix of Sanctions Law, Inadequate Transaction Monitoring and Dealing with Anonymity-Enhanced Cryptocurrencies

The Office of Foreign Assets Control (“OFAC”) and the Financial Crimes Enforcement Network (“FinCEN”) announced on October 11 simultaneous settlements with Bittrex, Inc. (“Bittrex”), a virtual currency exchange and hosted wallet provider. Under the OFAC settlement, Bittrex has agreed to pay $24,280,829.20 to settle its potential civil liability for 116,421 alleged violations of multiple sanctions programs. Under the FinCEN consent order, Bittrex agreed to pay a civil penalty of $29,280,829.20 for alleged anti-money laundering (“AML”) violations under the Bank Secrecy Act (“BSA”). FinCEN has agreed to credit Bittrex’s payment to OFAC against its penalty because it found that the alleged BSA violations “stem from some of the same underlying conduct”; thus, Bittrex’s total payments to the two regulators come to $29,280,829.20. 

According to the Department of the Treasury dual press release, the two settlements represent the first parallel enforcement actions by FinCEN and OFAC in the virtual currency and sanctions space. Also, it is OFAC’s largest virtual currency enforcement action to date. To further highlight the importance of the settlements, the press release quotes the OFAC Director Andrea Gacki and FinCEN Acting Director Himamauli Das, both sternly warning operators in the same environment as Bittrex to implement effective AML compliance and sanction screening programs.

It is conceivable that Bittrex, for years now, has been on notice that federal and state regulators are closely watching and expecting more comprehensive risk assessment programs and procedures from businesses transacting with virtual currency. As we previously blogged here, in 2019 the New York Department of Financial Services (“NYDFS”) denied Bittrex’s application for a Bitlicense, citing: “deficiencies in Bittrex’s BSA/AML/OFAC compliance program; a deficiency in meeting the Department’s capital requirement; and deficient due diligence and control over Bittrex’s token and product launches.”  In its letter denying Bittrex’s application, NYDFS set forth in detail the deficiencies it found in Bittrex’s BSA/AML/OFAC compliance program, noting that Bittrex’s compliance policies and procedures “are either non-existent or inadequate.”

As we will discuss, the FinCEN consent order highlights Bittrex’s alleged failure to address adequately the overall risk environment in which it operated, including transactions involving anonymity-enhanced cryptocurrencies, or AECs.  The consent order also highlights two repeated themes in enforcement actions: lack of adequate compliance staff, and a seemingly robust written compliance policy that was not matched by an effective day-to-day transaction monitoring system.

Continue Reading  OFAC and FinCEN Settle with Bittrex in Parallel Virtual Currency Enforcements

Indictment Focuses on “High Risk” Transactions Involving Mexico, Bulk Cash, and Zero SAR Filings

On September 13, the United States Attorney’s Office for the Eastern District of New York announced that defendant Hanan Ofer pleaded guilty to “failing to maintain an effective anti-money laundering program.”  Ofer and his co-defendant, Gyanendra Asre, were named in a March 2021 indictment (the “Indictment”) alleging they funneled “hundreds of millions of dollars from high-risk foreign jurisdictions” – primarily, Mexico – from 2014 to 2016, through “small, unsophisticated financial institutions” without implementing an anti-money laundering program as required by the Bank Secrecy Act (“BSA”).  Ofer and Asre were charged with failure to maintain an effective anti-money laundering (“AML”) program, failure to file (any) Suspicious Activity Reports (“SARs”), and the operation of an unlicensed money transmitting business.

As we discuss, it is a little difficult to draw clear lessons from the Indictment.  Although the DOJ press release emphasizes the eye-catching number of $1 billion, neither the press release nor the Indictment actually describe these transactions as “suspicious,” much less as involving specific illicit proceeds.  Rather, and as we discuss, the transactions are described merely as “high risk.” Thus, and although it is entirely possible that the government has access to evidence which it did not reference in the charges, the Indictment appears to rely heavily on a very process-oriented theory of prosecution:  the defendants failed to implement adequate processes to monitor and/or prevent transfers that were “high risk,” but not demonstrably related to illicit funds involving specific underlying criminality.

It is also important to acknowledge the Indictment’s allegations against both defendants for operating, apparently “on the side,” a separate unlicensed money transmitter business of their own.  Here, the allegations are more concretely severe:  the unlicensed money transmitter business “involved the transportation and transmission of funds that were known to the defendants to have been derived from a criminal offense or were intended to be used to promote and support unlawful activity.”  Although it is impossible to know, this charge presumably pressured in part Mr. Ofer to plead guilty to more process-oriented BSA charges involving the $1 billion in “high risk” transfers at other financial institutions.

Continue Reading  AML Compliance “Expert” Pleads Guilty to Failure to Maintain Effective AML Program for Over $1 Billion in High-Risk Transactions

Department Focuses on Transfers of Virtual Currency

On August 8, 2022, the District of Columbia Department of Insurance, Securities and Banking (the Department”) issued a Bulletin on money transmission (the “Bulletin”).  The Department issued the Bulletin to ensure that parties “engaging in or planning to engage in money transmission with Bitcoin or other virtual currency