The total fine of $29.3m levied on Bittrex is the largest ever levied on a crypto exchange by the US Office of Foreign Assets Control. Coming in the same year as the $140m fine imposed on USAA for persistent shortcomings in anti-money-laundering compliance, a clear signal is being sent that regulation needs to be taken more seriously.
The detail of the failings at Bittrex is staggering. The exchange began offering virtual currency services in March 2014, but did not put a sanctions compliance program in place until December 2015. It began screening customer names against the OFAC sanctions list in 2016, but did not check whether customers were in sanctioned countries for another 18 months when it was subpoenaed by the regulator.
In the three years in which Bittrex filed no Suspicious Activity Reports whatsoever, people in sanctioned countries carried out 116,000 transactions worth a total of $263m.
“A failure by management to give the compliance program the attention it needed.”
Matt Kelly, Radical Compliance
Seasoned compliance commentator Matt Kelly, writing on his Radical Compliance blog, said: “If Bittrex’ many shortcomings could trace back to one fundamental flaw, it would be this: a failure by management to give the compliance program the attention that it needed.
“We’ve seen this time and again, especially relating to how financial firms handle suspicious activity reporting. They don’t hire enough personnel and don’t give those employees the necessary technology to manage the workload in an efficient manner.”
Embrace the message
He picks out one crucial message from the USAA enforcement, and that is that “growth and compliance must be paired”. It’s a message many observers think the crypto sector in particular needs to embrace. And Kelly bluntly explains why, pointing out that some customers were using Bittrex to “conduct transactions on dark web markets… Those markets are used to buy and sell stolen identification data, illegal narcotics, and child pornography. That’s unsavory stuff. Rooting out and preventing it should have been a priority from the start.”
While Bittrex told Reuters it was “pleased to have fully resolved the matter” and appears to be implementing change, other players are pushing back on the approach being taken by government agencies. Most notably Coin Center, the self-styled “research and advocacy center” for crypto issues, which has filed a law suit against the US Treasury Department for the sanctions imposed on Tornado Cash.
“The US Treasury unilaterally and extralegally made it a crime for Americans to use Tornado Cash.”
Coin Center
OFAC found Tornado Cash, a coin mixing service, was being used by criminals including North Korean state-sponsored hackers. It sanctioned the service, but also blacklisted any Ethereum address that interacted with it. It’s the latter action’s impact on privacy that has exercised Coin Center, which says “the US Treasury unilaterally and extralegally made it a crime for Americans to use Tornado Cash”.
It goes on: “When we or our co-plaintiffs use the Tornado Cash tools, we do so as normal, privacy seeking Americans. We do not engage in any transactions with any foreign person or entity or their property.”
A separate lawsuit challenging the Tornado Cash ruling has been filed by the Coinbase exchange, and Coin Center has an ongoing case against the Treasury and IRS that takes issue with a digital asset tax reporting requirement.
Global regulation
But pressure for tighter regulation continued to be ramped up as EU financial services commissioner Mairead McGuinness called for other jurisdictions to follow the EU’s lead when she visited Washington DC to discuss the issue with legislators. “We need to look at global regulation of crypto,” she said.
Voicing encouragement that US legislators were “moving in the same direction” as those in the EU, McGuiness was reported in the Financial Times as saying that there was concern in Europe about what could happen “if crypto were not to be regulated. There could be — in time, if it grows — financial stability problems. There also are investor issues around a lack of certainty.”
“Where tech and innovation collides with the corporate, institutional and finance world there is always a mismatch in terms of risk, process and proportionality.”
Alex Viall, Director of Regulatory Intelligence, Global Relay
All of which indicates that while the technology at the heart of crypto may be new, the problems for regulators are not. That’s a view taken by Global Relay Director of Regulatory Intelligence Alex Viall, who describes the current situation as illustrating “an age-old problem. Where tech and innovation collides with the corporate, institutional and finance world there is always a mismatch in terms of risk, process and proportionality.
“The problem is that crypto and defi and its derivatives are not united on what they want to achieve and this fragmentation makes a formal global regulatory approach incredibly hard. The early signs are not good if they cannot get the basics such as anti money laundering and basic authentication right.”