Hefty Monetary Penalties – Accompanied by the Possibility of No Prison Time

The legal saga involving the civil and criminal cases against the entity and former individual owners of the Bitcoin Mercantile Exchange, or BitMEX—a large and well-known online trading platform dealing in futures contracts and other derivative products tied to the value of cryptocurrencies (see here, here, and here)—continues unabated. 

Most recently, BitMEX co-founder and former CEO, Arthur Hayes, a high-profile leader in the cryptocurrency industry, settled his civil charges with the CFTC and pleaded guilty to criminal charges brought by the DOJ.  He now faces sentencing in the criminal case, currently scheduled for the end of this week.  As we will discuss, Hayes and the government take very different views regarding his appropriate sentence.

These cases emerged publicly in October 2020 when: (1) the Commodity Futures Trading Commission (“CFTC”) filed a civil complaint against the entities operating the BitMEX trading platform and its three individual owners for allegedly failing to register with the CFTC and violating various laws and regulations under the Commodity Exchange Act (“CEA”); and (2) the Department of Justice obtained an indictment against the three individual owners and another individual, including Hayes, charging each with violating, and conspiring to violate, the Bank Secrecy Act (“BSA”) by failing to maintain an adequate anti-money laundering (“AML”) program.

The cases have raised novel legal questions concerning which, if any regulatory regimes, apply to participants in the cryptocurrency market.  Moreover, Hayes’ upcoming sentencing raises the question of whether an offense is so novel that it can merit probation, despite the high dollar value of the alleged scheme at issue.

Continue Reading  BitMEX Co-Founder and Owner Settles with CFTC and Now Faces Criminal Sentencing

Enforcement Trends, Crypto, the AML Act — and More

We are very pleased to be moderating, once again, the Practising Law Institute’s 2022 Anti-Money Laundering Conference on May 17, 2022, starting at 9 a.m. This year’s conference will be both live and virtual — and it will be as informative, interesting and timely as always. 

On April 28, 2022 the New York Department of Financial Services (“NYDFS”) issued its Guidance on Use of Blockchain Analytics, a document directed to all virtual currency business entities that either have a NYDFS Bitlicense or are chartered as a limited purpose trust company under the New York Banking Law.  The Guidance emphasizes “the importance of blockchain analytics to effective policies, processes, and procedures, including, for example, those relating to customer due diligence, transaction monitoring, and sanctions screening.”

The NYDFS is stressing the role of blockchain analytics in anti-money laundering (“AML”) compliance because “virtual currencies such as Bitcoin and Ether can be transferred peer-to-peer directly from one individual or entity to another pseudonymously, absent the use of a regulated third party (e.g., between non-custodial wallets, or self-hosted wallets that allow users to maintain control of their private keys). . . . [T]hese wallet addresses are typically pseudonymous, with nothing on the face of the transfer tying back to the originator, beneficiary, or underlying beneficial owners.”

Given the potential compliance challenges presented by such characteristics, the NYDFS wants virtual currency entities to leverage the fact that virtual currencies also enable provenance tracing because “the blockchain ledger’s immutability typically allows a historical view of a virtual currency transmission between wallet addresses, providing the opportunity for greater visibility into transaction lineage than is typically found with traditional, fiat funds transfers.”

The Guidance provides that, ultimately, all risk mitigation strategies must account for an entity’s business profile to assess risk across types of virtual currencies and effectively address the specific characteristics of any particular virtual currency involved.  If a virtual currency entity chooses to outsource its control functions to third-party service providers rather than use only internally developed blockchain analytics, it must have “clearly documented policies, processes, and procedures with regard to how the [third-party] blockchain analytics activity integrates into the [entity’s] overall control framework consistent with the [entity’s] risk profile.”
Continue Reading  NYDFS Stresses Use of Blockchain Analytics for AML Compliance by Virtual Currency Businesses

The Office of the Comptroller of the Currency (“OCC”) entered into a Consent Order (available here) with Anchorage Digital Bank (“Anchorage”), which requires Anchorage to create a compliance committee and take steps to remediate alleged shortcomings with respect to the implementation and effectiveness of Anchorage’s Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) program.  Notably, Anchorage will pay no civil penalty.

Anchorage is not any regular entity overseen by the OCC:  it is a cryptocurrency custodian.  As we will discuss, the timing of the Consent Order indicates that even when regulators permit crypto activities by financial institutions, they remain cautious, particularly as to BSA/AML compliance.  The OCC’s actions send a clear message that regulated entities offering emerging technology financial services must adhere to the same BSA/AML monitoring and reporting requirements as more traditionally regulated entities.
Continue Reading  OCC Targets BSA/AML Compliance by Anchorage Digital Bank – Only 15 Months After Granting National Trust Bank Charter to the Crypto Custodian

On April 5, 2022 the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) announced sanctions against “the world’s largest and most prominent darknet market, Hydra Market” and Garantex, a virtual currency exchange registered in Estonia but operating in Moscow and St. Petersburg, Russia.  The sanctions are part of a larger initiative targeting Russian cybercrime that spans across multiple federal departments—including the U.S. Department of Justice, Federal Bureau of Investigations, Drug Enforcement Administration, Internal Revenue Service Criminal Investigation, and Homeland Security Investigations—and across the globe—including international partners like the German Federal Criminal Police and Estonia’s Financial Intelligence Unit.  The sanctions follow September and November sanctions of SUEX OTC, S.R.O. and CHATEX, two virtual currency exchanges operated out of Moscow that allegedly facilitated transactions for ransomware actors.  SUEX was the first virtual currency exchange subject to OFAC sanctions (and the subject of a previous post).

While ostensibly focused on closing another avenue for ransomware purveyors to profit off of their wares, the sanctions may also cut off all types of cybercriminals who allegedly find “a haven” in Russia and used Hydra or Garantex.
Continue Reading  OFAC Designates “Hydra” –  the Largest Darknet Market – and Third Russian Virtual Currency Exchange

On March 7, the Financial Crimes Enforcement Network (“FinCEN”) issued an alert “advising all financial institutions to be vigilant against potential efforts to evade the expansive sanctions and other U.S.-imposed restrictions implemented against potential efforts to evade the expansive sanctions and other U.S.-imposed restrictions implemented in connection with the Russian Federation’s further invasion of Ukraine.”  The press release is here.  The alert itself is here.
Continue Reading  Russian Sanctions:  FinCEN Provides Red Flags for Potential Evasion Attempts

President Biden has signed an Executive Order entitled “Ensuring Responsible Innovation in Digital Assets.”  The press release regarding the Order is here.

According to the press release, the Order outlines “the first ever, whole-of-government approach to addressing the risks and harnessing the potential benefits of digital assets and their underlying technology. The Order lays out a national policy for digital assets across six key priorities: consumer and investor protection; financial stability; illicit finance; U.S. leadership in the global financial system and economic competitiveness; financial inclusion; and responsible innovation.”  Not surprisingly, the section of the Order pertaining to illicit finance focuses on AML concerns, and refers to issues on which we have blogged repeatedly, including the use of digital assets to further ransomware schemes and the global patchwork quilt of crypto-related AML regulation.

The Order does not make any substantive conclusions.  Rather, it sets forth requirements for various government agencies to coordinate and submit reports and recommendations regarding many different issues.  We set forth below the bulk of the press release, which nicely summarizes the Order, and highlight in bold the six “key priorities.”
Continue Reading  President Biden Issues Executive Order on Digital Assets and “Whole-of-Government Approach” to Risks and Benefits

Questions of which, if any, regulatory regimes apply to the variety of participants in the cryptocurrency market continue to dog the industry.  On February 28, 2022, whether a cryptocurrency futures trading platform constitutes a “futures commission merchant” (“FCM”) under the Commodity Exchange Act (“CEA”) subject to Bank Secrecy Act (“BSA”) regulations took center stage in a U.S. District Court decision denying a motion to dismiss an indictment alleging violations of the BSA against the founders and chief executives of BitMEX.

As we will discuss, the District Court for the Southern District of New York rejected a motion to dismiss the indictment, in which the defendants argued that they lacked notice under the Due Process Clause of the Fifth Amendment that they could face criminal charges based on two technical questions, the answers to which were “unknowable” at the relevant time: (1) whether Bitcoin is a “commodity;” and (2) was BitMEX an FCM brokering cryptocurrency futures.
Continue Reading  Cryptocurrencies as Commodities Plays Out in BitMEX Criminal Prosecution Under the BSA

Federal law enforcement and regulators continue to focus on technology-driven financial crime — specifically, cyber-enabled fraud and the laundering of illicit funds through cryptocurrency.  Last week, the Department of Justice (“DOJ”) announced that Eun Young Choi will serve as the first Director of the National Cryptocurrency Enforcement Team (“NCET”).  As we have blogged, the DOJ created in 2021 the NCET in order to address issues on which we repeatedly have blogged:  crypto exchangers and their AML obligations; the process of tracing digital asset transactions; ransomware; so-called “professional” money launderers; and the use of crypto to launder serious crimes such as drug trafficking and human trafficking.  This attempt at a coordinated government approach to crypto enforcement followed the announcement earlier in 2021 by the Financial Crimes Enforcement Network (“FinCEN”) of appointing its first-ever Chief Digital Currency Advisor.

Meanwhile, FinCEN has stressed the need for, and utility of, specific information to be submitted by the victims of cyber-enabled financial crime schemes, or the financial institutions of those victims, to FinCEN’s Rapid Response Program, or RRP.  The RRP seeks to share financial intelligence and recover the proceeds of crime.
Continue Reading  DOJ, FBI and FinCEN Continue to Focus on Crypto and Cyber Financial Crime

On February 8, 2022, the Department of Justice announced the seizure of a record $3.6 billion in stolen BTC it alleges was tied to the 2016 hack of Bitfinex, a virtual currency exchange.  A husband-wife duo, Ilya “Dutch” Lichtenstein and Heather Morgan of New York, New York were arrested the same day and charged via a criminal complaint with conspiracy to commit money laundering and conspiracy to defraud the United States.  Lichtenstein and Morgan are being held on $5 million and $3 million in bail, respectively, and will be on house arrest pending trial.

The Statement of Facts by the government in support of the criminal complaint filed against the defendants reveals a vast and complicated web of transactions that allegedly permitted Lichtenstein and Morgan to transfer approximately 25,000 of the 119,754 BTC stolen by hackers—valued at “only” $71 million at the time of the theft but now worth about $4.5 billion—to various virtual currency exchangers.  According to the Statement of Facts, the stolen BTC was shuttled to an unhosted wallet (i.e., a cryptocurrency wallet not controlled by a third-party but by the user) with over 2,000 BTC addresses, then to various accounts at the “darknet market AlphaBay,” later to a number of accounts at four different virtual currency exchangers, then to more unhosted BTC wallets, and finally to accounts at six more virtual currency exchangers where it was converted into fiat currency, gift cards, and precious metals.  The defendants further allegedly liquidated BTC through a BTC ATM and purchasing non-fungible tokens.

As if the sheer volume and layers of accounts was not enough, the duo allegedly:

  • Moved the funds in a “series of small amounts, totaling thousands of transactions”;
  • Used software to “automate transactions” which allowed for “many transactions to take place in a short period of time”;
  • “Layered” transactions by depositing and withdrawing the BTC through many accounts to obfuscate the trail, including through extensive layering activity that employed the “peel” chain technique; and
  • “Chain hopped” by converting BTC to anonymity-enhanced virtual currency to cut and disguise the blockchain trail.


Continue Reading  A Record $3.6 Billion Seizure and the Twisting Paths of Money Laundering in the Digital World