Today, the Financial Crimes Enforcement Network (“FinCEN”) issued a Notice regarding online child sexual exploitation.  Given its brevity, its text is set forth below in its entirety, without the footnotes.  There is a final section to the Notice, not included below, which provides filing instructions regarding related Suspicious Activity Reports, or SARs.  We offer no

Government Alleges Systemic and Deliberate AML Failures

Filings Describe Tools for CVC Exchanges to Use for Customer Due Diligence and Transaction Monitoring

The Financial Crimes Enforcement Network (“FinCEN”) and the Commodity Futures Trading Commission (“CFTC”) announced on August 10 (here and here) settlements with the operators of the BitMEX cryptocurrency trading platform for alleged anti-money laundering (“AML”) violations under the Bank Secrecy Act (“BSA”), and for allegedly failing to register with the CFTC.  More specifically, FinCEN’s assessment of a civil monetary penalty and the CFTC’s consent order both involved the five companies operating the BitMEX platform: HDR Global Trading Limited, 100x Holding Limited, ABS Global Trading Limited, Shine Effort Inc Limited, and HDR Global Services (Bermuda) Limited (collectively, “BitMEX”).

BitMEX will pay regulators up to a combined $100 million civil monetary penalty; perform a “lookback” regarding the potential need to file additional Suspicious Activity Reports (“SARs”); and hire an independent consultant to conduct two reviews of BitMEX’s operations, policies, procedures, and controls, in order to confirm that BitMEX is not operating in the U.S., and that no U.S. customers are able to trade with the BitMEX platform.

According to the government filings, BitMEX is one of the oldest cryptocurrency derivative exchanges, with 1.3 million user accounts and a collection of annual fees in excess of $1 billion.  Combined, the government filings allege that for a period of six years between November 2014 and October 1, 2020, BitMEX offered trading of cryptocurrency derivatives to retail and institutional customers in the U.S. and worldwide through BitMEX’s website. Customers in the U.S. placed orders to buy or sell contracts directly through the website and BitMEX was aware that U.S. customers could access the BitMEX platform via virtual private network (“VPN”).

The civil penalty will be split between FinCEN and the CFTC.  However, the settlement involves an interesting “carrot” offered by the regulators:  $20 million of the penalty is suspended pending the successful completion of the SAR lookback and the two independent consultant reviews.

According to the government’s allegations, BitMEX deliberately ignored for years the most basic AML requirements, resulting in multitudinous violations and inviting – and even encouraging – its customers to launder illicit funds.  As we will describe, the government has alleged that BitMEX operated on the announced pretext that it was not subject to the BSA or U.S. commodities laws because it had no U.S. customers or operations, when senior management knew otherwise.
Continue Reading FinCEN and CFTC Reach Groundbreaking $100 Million AML Settlement with BitMEX

European Commission Proposes EU-Level Supervisory Authority and Cryptocurrency Travel Rule

European Banking Authority Offers New Guidelines on AML Compliance Officers

Just as the United States has expanded significantly its anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) regulatory and enforcement regime through recent passage of the AML Act of 2020, the European Union (“EU”) has taken significant steps this summer towards implementing a rigorous new transnational AML enforcement framework.  Recent legislative proposals by the European Commission (the EU’s executive branch) aim to combat cross-border crime by ensuring uniform implementation and enforcement of AML/CFT principles, rules, and regulations, and by creating new recordkeeping requirement for certain cryptocurrency transactions.  Following the announcement of these legislative proposals, the European Banking Authority proposed in late July new EU-wide guidelines for AML/CFT compliance officers.  We examine each of these in turn.
Continue Reading European Union Round-Up:  A Summer of AML Enforcement and Compliance Proposals

Fourth and Final Post in a Series on the FATF Plenary Outcomes

As we have previously blogged (here, here and here), the Financial Action Task Force (“FATF”) held its fourth Plenary on June 21-25, inviting delegates from around the world to meet (virtually) and discuss a wide range of global financial crimes and ongoing risk areas. Following the Plenary, FATF issued reports to detail their findings on specific topics. This post highlights three takeaways from the report entitled Second 12-Month Review of the Revised FATF Standards on Virtual Assets (“Report”).

Background

In June 2019, the FATF issued guidance instructing its 180 international member governments to demand that virtual asset service providers (“VASPs), such as cryptocurrency exchanges and digital wallet providers, collect “accurate originator information and required beneficiary information” on transactions totaling $1,000 or more (see here for our detailed blog post on this subject).

The FATF also agreed to undertake a yearlong review documenting the progress that its member countries have made towards implementing its guidance on regulation of VASPs. It released the findings of that review in July 2020 and committed to a second 12-month review by June 2021. The Report, based on the findings of a self-assessment questionnaire provided to 128 jurisdictions, sets out the findings of the second 12-month review.
Continue Reading FATF Continues to Stress AML Risks From Virtual Asset Service Providers

Today, the Financial Crimes Enforcement Network (“FinCEN”) issued a press release, announcing leadership additions to FinCEN.   This post merely repeats that press release, without further comment or analysis — other than to make the obvious observation that we wish both of these new appointees well, and that the appointment of Ms. Korver in particular

Treasury Offers Something for Everyone to Comply With: Trades and Businesses, Banks, Crypto Exchangers and Individuals

On May 21, 2021, the U.S. Department of Treasury (“Treasury”) released its American Families Plan Tax Compliance Agenda (“Agenda”), a comprehensive set of initiatives to increase tax compliance and close the “tax gap” between the amount taxpayers owe and the amount that is actually paid.  While part of the $80 billion plan calls for providing Treasury and specifically the Internal Revenue Service (“IRS”) with additional resources to combat tax evasion, the Agenda also proposes revisions to current regulations and leveraging existing infrastructure to “shed light on previously opaque income sources;” namely, cryptocurrency.  Although the sweeping Agenda obviously focuses on tax compliance, it also has related consequences for Bank Secrecy Act (“BSA”) compliance in areas where the BSA and the tax code overlap as to cryptocurrency.

The Agenda also represents the latest in a string of initiatives by the U.S. government regarding the increasing regulation of the use of cryptocurrency, whether by direct users, exchangers of cryptocurrency, or financial institutions with customers dealing in cryptocurrency.  The Agenda represents both an acknowledgement by the U.S. Treasury that cryptocurrency use has become “normalized,” coupled with a clear signal that its use will be highly scrutinized and regulated.
Continue Reading As Treasury Eyes Crypto in Tax Compliance Agenda, Reporting Obligations May Increase – Including a Crypto “Form 8300” for Transactions over $10K

In Related Case, Federal Court Holds that Bitcoin-to-Bitcoin “Tumbler” Can Represent “Money Transmission”

On April 27, IRS CI and FBI Special Agents arrested Roman Sterlingov, a dual citizen of Russia and Sweden, for his alleged role as the founder and operator of Bitcoin Fog, a cryptocurrency “tumbler” or “mixer” aimed at concealing the source of funds. The criminal complaint and accompanying Statement of Facts, filed in the District of Columbia, alleges that over the course of 10 years, Bitcoin Fog moved more than 1.2 million bitcoin, valued (at the time of the transactions) at about $335 million. According to the government’s press release, “[t]he bulk of this cryptocurrency came from darknet marketplaces and was tied to illegal narcotics, computer fraud and abuse activities, and identity theft.”

Sterlingov allegedly founded the site while promoting it under the pseudonym Akemashite Omedetou, a Japanese phrase that means “Happy New Year.” In a post on an online Bitcoin forum, Omedetou advertised that Bitcoin Fog “[mixes] up your bitcoins in our own pool with other users,” and “can eliminate any chance of finding your payments and making it impossible to prove any connection between a deposit and a withdraw inside our service.”

Ironically, Sterlingov was identified by investigators using the very same sort of tracing that Bitcoin Fog was meant to forestall. The Statement of Facts outlines in extensive detail how Sterlingov allegedly paid for Bitcoin Fog’s domain using a now-defunct digital currency; it goes on to show a series of transactions recorded to the blockchain that identifies Sterlingov’s purchase of that currency with bitcoin. Based on tracing those financial transactions, investigators were able to identify Sterlingov’s home address and phone number, together with a Google account that hosts a document that describes how to obscure bitcoin payments – that document mirrors closely the methods Sterlingov allegedly employed to purchase the Bitcoin Fog domain.

In addition to thanking various domestic law enforcement agencies, the government’s press release highlights the international nature of the investigation by also thanking Europol and Swedish and Romanian law enforcement agencies. The criminal complaint against Sterlingov is therefore another example of IRC-CI pursuing its simultaneous goals of fighting crypto-related crime and collaborating with foreign law enforcement officials in order to do so.

Notably, this is the second case brought by the Department of Justice, Criminal Division’s Computer Crime and Intellectual Property Section, targeting virtual currency mixer operations. In United States v. Harmon, a case also being prosecuted in the District of Columbia, the defendant has similarly been charged for his alleged role in operating Helix, a bitcoin mixer that sent more than $300 million in bitcoin to designated recipients.
Continue Reading DOJ Again Charges Crypto “Mixer” Under the BSA and District of Columbia’s Money Transmitters Act

Fifth Post in an Extended Series on Legislative Changes to BSA/AML Regulatory Regime

As we have blogged, the Anti-Money Laundering Act of 2020 (“AMLA”) makes major changes to the Bank Secrecy Act (“BSA”) and the U.S. approach to money laundering, anti-money laundering (“AML”), counter-terrorism financing (“CTF”) and protecting the U.S. financial system against illicit foreign actors.  For example, the AMLA requires covered businesses to report beneficial ownership information to a central federal database; broadens the stated purpose of the BSA; expands the options and protections for whistleblowers alleging AML violations; and expands the U.S. government’s authority to subpoena information from foreign financial institutions with U.S. correspondent bank account relationships.

In addition to these changes, Congress also has used the AMLA as a tool to gather information on complex issues involving money laundering risks and BSA/AML compliance by requiring many studies and reports.  In this post, we focus on two important issues for which Congress has required reports from the Government Accountability Office (“GAO”):  human trafficking and de-risking.

The willingness to address these problems through the AMLA shows that Congress is aware of the nexus between money laundering and human rights violations—and more importantly, appears ready to leverage the information gathered by the GAO in order to potentially address that nexus through future legislation.  Congress is not alone in its concern.  For example, the United Nations issued a report earlier this month on how transnational financial crime can impair sustainable development across the globe, worsen inequality, and fuel instability.
Continue Reading Congress Tasks GAO to Study the Intersection of Money Laundering and Humanitarian Issues:  Human Trafficking and De-Risking

Reunification of Korean Peninsula Memorial at the Entrance to Pyongyang

Related Money Laundering Case Relying on ATM Cash-Outs and BEC Schemes Also Unsealed

On February 17, the Department of Justice unsealed a sprawling indictment against three members of North Korea’s military intelligence agency – known as the Reconnaissance General Bureau –

The Comptroller of the Currency (the “OCC”) has been busy, and focused on technology.  We discuss two recent developments: proposed regulations that would allow the OCC to grant exemptions relating to Suspicious Acivity Reports (“SARs”), and the OCC’s announcement that national banks and federal savings associations may employ both independent node verification networks (“INVNs”) and stablecoins to perform banking functions.

SAR Filing Exemptions

In late December, the OCC proposed new regulations to amend the “Suspicious Activity Report regulations to allow the OCC to issue exemptions . . . for national banks or federal savings associations that develop innovative solutions intended to meet Bank Secrecy Act requirements more efficiently and effectively.” While the Financial Crimes Enforcement Network (“FinCEN”) has long held the power to grant exemptions, the OCC does not possess equivalent authority. “As financial technology and innovation” rapidly evolve in monitoring and reporting financial crime, the OCC has determined it must create a flexible regulatory mechanism to keep pace.
Continue Reading The OCC Embraces Technology, Proposes Exemption to SAR Requirements and Announces Acceptance of Distributed Ledgers and Stablecoins