American Bar Association’s Business Law Today October Month-In-Brief: Business Regulation & Regulated Industries – October 2022
On October 11, 2022, the Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC) acted in parallel to issue the first joint action in the cryptocurrency market against Bittrex. Bittrex was a convertible virtual currency (CVC) platform with offices primarily in Washington State and was licensed as a money services business (MSB) with FinCEN. As a licensed MSB, Bittrex was required to develop, implement, and maintain an effective anti-money laundering (AML) program that was reasonably designed to prevent money laundering and the potential financing of terrorist activities.
OFAC entered into the largest settlement in its history ($24 million) claiming that Bittrex processed transactions that violated OFAC sanctions. OFAC identified that Bittrex conducted more than 116,000 transactions, valued at over $260 million, with entities and individuals located in jurisdictions subject to comprehensive OFAC sanctions, including transactions with entities and individuals operating from OFAC-sanctioned jurisdictions such as Iran, Cuba, Sudan, Syria, and the Crimea region of Ukraine.
In addition, FinCEN assessed a $29 million civil money penalty against Bittrex for alleged violations of the Bank Secrecy Act and FinCEN’s implementing regulations between February 2014 and December 2018. FinCEN found that Bittrex failed to maintain an effective AML program to appropriately address the risks associated with the products, geographies, and services it offered, including anonymity-enhanced cryptocurrencies. It also failed to implement effective transaction monitoring, with Bittrex relying on as few as two employees, with minimal AML training and experience, to review all transactions on the platform for suspicious activity. This was despite transactions sometimes totaling more than 20,000 per day. Bittrex also failed to develop and implement sufficient risk-based controls for high-risk CVCs, such as anonymity-enhanced cryptocurrencies, and failed to file suspicious activity reports where required.
Ensuring your Bank Secrecy Act and OFAC Programs contain the proper level of staffing, monitoring, training, and reporting necessary based on the risk profile of your business operations and products remains critical to ensure compliance with these foundational federal laws and regulations. Failure to do so can result in significant fines as evidenced by the joint action against Bittrex.
Reprinted with permission from the American Bar Association’s Business Law Today October Month-In-Brief: Business Regulation & Regulated Industries.