Historic Penalties For Cryptocurrency Exchange’s AML-Related Violations
12/13/2023
On November 21, 2023, the Cayman Islands registered cryptocurrency exchange, Binance Holdings Limited (the “Company”), pled guilty to criminal violations related to allegedly failing to register as a money transmitting business (“MTB”), failing to maintain an effective anti-money laundering program, and violations of the International Emergency Economic Powers Act (“IEEPA”). In connection with its plea agreement with the Department of Justice, the Company agreed to pay $4.3 billion in penalty, including $1.8 billion as a criminal fine and $2.5 billion in disgorgement. The Company’s founder also pled guilty to similar AML violations and agreed to resign as the Company’s Chief Executive Officer.
In its filings in the U.S. District Court for the Western District of Washington and its press release, the DOJ alleged that the Company operated as an unlicensed MTB starting as early as August 2017 and continuing to at least October 2022. During this period, the Company admitted that it and co-conspirators, including the CEO, willfully conspired to conduct an unlicensed MTB, failed to maintain an adequate AML program, and violated sanctions laws. The DOJ alleged that the Company’s lack of controls permitted U.S. users of the cryptocurrency trading platform to conduct transactions with users in Iran, the Crimea region of Ukraine, and other jurisdictions covered by U.S. sanctions.
The DOJ claims that the Company, including the CEO, launched Binance.US, a U.S.-based exchange, which was required to register with FinCEN and comply with the Bank Secrecy Act (“BSA”). While some users were then redirected to this U.S. platform, the Company allowed some of the largest U.S.-based users, who were responsible for much of the Company’s trading volume and revenue, to remain on the unregistered platform, which circumvented U.S. law and AML controls. As part of his guilty plea, the CEO admitted that he knew the Company was subject to U.S. registration and regulatory requirements due to the substantial number of U.S. users on the platform.
In particular, the DOJ alleged that the Company failed to implement an effective know your customer (“KYC”) protocol and did not systematically monitor transactions. The DOJ noted that, even with the Company’s high-trading volume, it never filed a single suspicious activity report with FinCEN. After supplying an email address, users allegedly had unfettered ability to open accounts and trade without providing additional KYC identifying information. The Company allegedly did not begin requiring KYC information from new users until August 2021, and it was not until sometime after May 2022 that existing users were required to provide identifying information to trade on the platform.
Accordingly, the DOJ charged the Company with violations related to (i) conspiracy to conduct an unlicensed MTB (in violation of 18 U.S.C. §§ 1960(a), 1960(b)(1)(B)) and failure to maintain an effective anti-money laundering program (in violation of 31 U.S.C. §§ 5318(h), 5322) in violation of 18 U.S.C. § 371; (ii) failure to register itself as a MTB in violation of 18 U.S.C. §§ 1960(a), 1960(b)(1)(B); and (iii) violation of the International Emergency Economic Powers Act (“IEEPA”) in violation of 50 U.S.C. § 1705 and 31 C.F.R. § 560 et seq. The CEO admitted to violating the BSA by willfully failing to maintain an effective AML program.
To resolve the DOJ’s investigation, the Company pled guilty and agreed to pay $1.8 billion as a criminal fine and forfeit $2.5 billion as disgorgement, resulting in a substantial penalty of $4.3 billion. In addition to the criminal fine, the Company must retain an independent compliance monitor for a three-year period and implement the monitor’s recommendations within a specified time. The DOJ did not provide the Company with any benefit for voluntarily disclosing its misconduct, noting that the Company did not make a disclosure in a timely manner. However, the Company did receive partial credit for its cooperation with the investigation. The DOJ also noted that the Company implemented remedial measures with respect to its AML and sanctions compliance programs, including remediating its KYC, EDD, and sanctions policies, and investing significant financial resources in its AML programs.
The DOJ’s plea agreement was announced at the same time as parallel resolutions with the Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”), Office of Foreign Assets Control (“OFAC”), and the U.S. Commodity Futures Trading Commission (“CFTC”).
The U.S. Department of Treasury, through its offices in OFAC, FinCEN, and IRS Criminal Investigation (“CI”), entered a parallel settlement with the Company for its violations of the BSA and multiple sanctions obligations and announced that this was the Treasury’s largest settlement in history. The U.S. Department of Treasury alleged that the Company failed to implement programs to prevent and report suspicious transactions with terrorists, money launderers, and other criminals, and failed to match trades between U.S. users and those in sanctioned jurisdictions. At least 1,667,153 virtual currency transactions allegedly were in violation of U.S. sanctions programs, totaling in a little over $700 million worth of transactions. Due to these actions, the Company agreed to pay $968,618,825 to OFAC and $3.4 billion to FinCEN. In addition to the penalty, the Company must retain a monitor overseen by FinCEN for a five-year period and abide by strict sanctions compliance obligations. The monitor will also oversee the Company’s complete offboarding of U.S. users and exit from the U.S.
The CFTC charged the Company, its CEO, and its Chief Operating Officer with violations related, inter alia, to the Company’s intentional design to evade CFTC regulation and failure to require identity-verifying information from users. The Company and individual defendants agreed to findings of liability, including the CFTC’s first ever charged violation of 17 C.F.R. § 1.6 for evasion. Once final, the proposed order will require the Company to disgorge $1.35 million and pay $1.35 billion as a civil penalty; the CEO will pay $150 million in penalty.
The SEC filed charges against the Company and the CEO in June 2023 for unregistered trading and fraud; the SEC’s investigation remains ongoing and was not part of the parallel resolutions.
Deputy Attorney General Lisa O. Monaco said, “Today’s charges and guilty pleas – combined with a more than $4 billion financial penalty – sends an unmistakable message to crypto and defi companies: if you serve U.S. customers, you must obey U.S. law.”
