On October 11, 2022, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) and Office of Foreign Assets Control (OFAC) announced settlements with Bittrex Inc. (Bittrex). The settlements arise from violations of the Bank Secrecy Act—the federal law that imposes anti-money laundering (AML) requirements on financial institutions—and violations of OFAC’s sanctions regimes.
This matter represents the first time that FinCEN and OFAC jointly have penalized a money services business (MSB) for inadequately monitoring virtual currency transactions for suspicious and illegal activity. As part of the settlement, Bittrex agreed to pay FinCEN and OFAC over $29 million and $24 million, respectively. In light of the U.S. government’s concerns about the illicit use of virtual currency, there likely will be similar enforcement actions brought against MSBs in the future.
Bittrex operates a convertible virtual currency (CVC) trading platform that includes digital wallet custody services for storing, transferring, and exchanging CVCs. Bittrex registered with FinCEN as an MSB in February 2021, but the violations took place between 2014 and 2018. According to the FinCEN consent order, Bittrex failed to “develop, implement, and maintain an effective AML program,” which MSBs are required to maintain. Bittrex allegedly failed to identify suspicious transactions initiated through its platform and failed to block thousands of transactions prohibited by OFAC sanctions. According to the FinCEN press release, “Bittrex’s failures created exposure to high-risk counterparties including sanctioned jurisdictions, darknet markets, and ransomware attackers.”
Based on the FinCEN consent order, Bittrex’s core failure was its lack of transaction monitoring. Allegedly, Bittrex initially relied on two individuals with minimal training and expertise to screen tens of thousands of transactions daily, which resulted in failures to file suspicious activity reports (SARs). According to the FinCEN consent order, the Internal Revenue Service (IRS) notified Bittrex in 2017 that it would be examined for Bank Secrecy Act compliance, at which point Bittrex began to improve its AML program, but it remained deficient in FinCEN’s view.
Bittrex allegedly failed to prevent persons located in sanctioned jurisdictions from using the Bittrex platform to engage in over $200 million worth of virtual currency transactions. While Bittrex used third-party software to screen transactions for sanctioned parties, Bittrex allegedly did not have compliance controls in place to stop transactions involving comprehensively sanctioned jurisdictions. As a result, Bittrex allowed more than 116,000 transactions with entities and individuals in those jurisdictions (e.g., Iran and Cuba). OFAC alleged that based on the IP address and physical address information collected by Bittrex at onboarding, Bittrex had reason to know that the parties to the transactions were located in sanctioned jurisdictions. According to FinCEN, Bittrex’s compliance issues were exacerbated by the fact that Bittrex had few controls in place to address built-in anonymity features of certain virtual currencies.
In October 2021, OFAC issued its Sanctions Compliance Guidance for the Virtual Currency Industry to assist the industry in mitigating the risk that sanctioned persons will exploit virtual currencies “to evade sanctions and undermine U.S. foreign policy and national security interests.” That guidance explained that the virtual currency industry is playing “an increasingly critical role in preventing sanctioned persons from exploiting virtual currencies to evade sanctions and undermine U.S. foreign policy and national security interests.” (See our prior alert on the OFAC guidance for additional information.)
The Bittrex settlements serve as a reminder that both FinCEN and OFAC will scrutinize compliance programs and penalize MSBs that fail to address sanctions and money laundering risks, even if the failures are attributable to the privacy features of virtual currencies. MSBs engaged in a virtual currency business must create and maintain a robust AML and sanctions compliance program tailored to its size, risks, and scope of operation. The fact that virtual currency transactions might make MSBs’ compliance obligations more challenging will not excuse the MSB from its obligations to comply with applicable AML and sanctions laws. As OFAC noted in its press release, “this action highlights that virtual currency companies—like all financial service providers—are responsible for ensuring that they do not engage in unauthorized transactions.”
See more »
DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Wilson Sonsini Goodrich & Rosati var today = new Date(); var yyyy = today.getFullYear();document.write(yyyy + ” “); | Attorney Advertising
Refine your interests »
This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.
Back to Top
Explore 2022 Readers’ Choice Awards
Copyright © var today = new Date(); var yyyy = today.getFullYear();document.write(yyyy + ” “); JD Supra, LLC
Author
Administraroot