Cryptocurrency exchange agrees to pay over $53 million for anti-money laundering and sanctions violations


On October 11, 2022, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC) regulations announced with Bittrex Inc. (Bittrex). The settlements stem from violations of the Bank Secrecy Act — the federal law that imposes anti-money laundering (AML) requirements on financial institutions — and violations of OFAC sanctions regimes.

This case represents the first time that FinCEN and OFAC have jointly penalized a Money Services Business (MSB) for improperly monitoring virtual currency transactions for suspicious and illegal activity. As part of the settlement, Bittrex agreed to pay FinCEN and OFAC over $29 million and $24 million, respectively. In light of US government concerns about the illicit use of virtual currency, similar enforcement actions will likely be taken against ESMs in the future.

Bittrex operates a convertible virtual currency (CVC) trading platform that includes digital wallet custodial services for CVC storage, transfer and exchange. Bittrex registered with FinCEN as an ESM in February 2021, but the breaches took place between 2014 and 2018. According to the FinCEN consent order, Bittrex has failed to “develop, implement and maintain an effective AML program,” which MSBs are required to maintain. Bittrex reportedly failed to identify suspicious transactions initiated through its platform and blocked thousands of transactions prohibited by OFAC sanctions. According to FinCEN press release, “Bittrex failures created exposure to high-risk counterparties including sanctioned jurisdictions, darknet markets and ransomware attackers.”

Based on the FinCEN Consent Order, Bittrex’s primary failure was its lack of transaction monitoring. Apparently, Bittrex initially relied on two people with minimal training and expertise to screen tens of thousands of transactions daily, resulting in Suspicious Activity Report (SAR) filing failures. According to the FinCEN Consent Order, the Internal Revenue Service (IRS) informed Bittrex in 2017 that it would be reviewed for compliance with the Bank Secrecy Act, at which point Bittrex began to improve its AML program, but it remained deficient in FinCEN’s view.

Bittrex reportedly failed to prevent people in sanctioned jurisdictions from using the Bittrex platform to transact over $200 million in virtual currency. While Bittrex used third-party software to screen transactions from sanctioned parties, Bittrex reportedly did not implement compliance checks to stop transactions involving sanctioned jurisdictions comprehensively. As a result, Bittrex has authorized over 116,000 transactions with entities and individuals in these jurisdictions (eg Iran and Cuba). OFAC alleged that based on the IP address and physical address information collected by Bittrex during the integration, Bittrex had reason to know that the parties to the transactions were located in sanctioned jurisdictions. According to FinCEN, Bittrex’s compliance issues were exacerbated by the fact that Bittrex had few controls in place to deal with the built-in anonymity features of certain virtual currencies.

In October 2021, OFAC published its Sanctions Compliance Tips for the Virtual Currency Industry to help the industry mitigate the risk of sanctioned individuals mining virtual currencies “to evade sanctions and undermine U.S. foreign policy and national security interests.” This guidance explained that the virtual currency industry plays “an increasingly critical role in preventing sanctioned individuals from exploiting virtual currencies to evade sanctions and undermine U.S. foreign policy and national security interests.” (See our advance warning on OFAC guidelines for more information.)

Bittrex regulations remind that FinCEN and OFAC will review compliance programs and penalize ESMs that fail to address sanctions and money laundering risks, even if the failures are attributable to the privacy features of virtual currencies . MSBs engaged in virtual currency business should create and maintain a robust AML compliance and sanctions program appropriate to its size, risk, and scope of business. The fact that virtual currency transactions may make compliance obligations for MSBs more difficult will not relieve the MSB of its obligations to comply with applicable anti-money laundering and sanctions laws. As OFAC noted in its press release, “This action underscores that virtual currency companies – like all financial service providers – are responsible for ensuring that they do not engage in unauthorized transactions. allowed”.

For more information on AML and Sanctions issues, please contact a member of Wilson Sonsini’s national security practice.


Comments are closed.