The United States Department of Treasury impacted the crypto industry with its most significant enforcement action on October 11, 2022.
In a coordinated statement, the Treasury’s Office of Foreign Assets Control (OFAC) and the Financial Crimes Enforcement Network (FinCEN) announced civil monetary penalties totaling $24 million and $29 million, respectively, on the U.S. crypto asset exchange, Bittrex.
Where did Bittrex go wrong?
The OFAC and FinCEN settlements relate to ongoing sanctions and anti-money laundering (AML) violations between 2014 and 2018. In April 2019, The New York Department of Financial Services (NYDFS) also highlighted the same violations in a cease and desist issued to the Bittrex exchange platform.
Since some of the deficiencies identified were also related to the same underlying conduct that OFAC had identified, FinCEN agreed to credit the company $24 million. Consequently, Bittrex will pay a total of $29 million to settle the violations, despite the total value of the penalties having been assessed at $53 million.
This OFAC settlement represents the most significant U.S. enforcement action for sanctions violations related to crypto activity thus far. Although the FinCEN settlement with Bittrex is not its largest violation related to AML in the crypto industry, its settlement contains important takeaways for compliance professionals operating in this space.
“When virtual currency firms fail to implement effective sanctions compliance controls, including screening customers located in sanctioned jurisdictions, they can become a vehicle for illicit actors that threaten U.S. national security,” said OFAC Director Andrea Gacki. “Virtual currency exchanges operating worldwide should understand both who—and where—their customers are. OFAC will continue to hold accountable firms, in the virtual currency industry and elsewhere, whose failure to implement appropriate controls leads to sanctions violations.”
Key Takeaways for Compliance Professionals Operating in the Crypto Industry:
Comprehensive Sanctions Screening is Critical
OFAC noted in a previously issued guidance that it expects U.S. persons to avoid all dealings with crypto asset wallets controlled by sanctioned parties or associated with persons in sanctioned jurisdictions – even if their wallets are not included on the SDN List.
The agency notes that, “OFAC’s digital currency address listings are not likely to be exhaustive. Parties who identify digital currency identifiers or wallets that they believe are owned by, or otherwise associated with, an SDN and hold such property should take the necessary steps to block the relevant digital currency.”
The Bittrex settlement highlights the fundamental absence of a sanction’s compliance program and the deficiencies related to the company’s sanctions compliance procedures. Bittrex failed to prevent persons apparently located in the Crimea region of Ukraine, Cuba, Iran, Sudan, and Syria from using its platform to engage in approximately $263 million worth of virtual currency-related transactions between March 2014 and December 2017. The applicable sanctions programs generally prohibited U.S. persons from engaging in transactions with these jurisdictions. Based on internet protocol (“IP”) address information and physical address information collected about each customer at onboarding, Bittrex had reason to know that these users were located in jurisdictions subject to sanctions. At the time of the transactions, however, Bittrex was not screening this customer information for terms associated with sanctioned jurisdictions. This information was not voluntarily self-disclosed.
Implement an Effective Transaction Monitoring Program
In addition to sanctions screening, the U.S. Treasury actions also highlights the importance of having a well-tuned and effective transaction monitoring capability.
“For years, Bittrex’s AML program and SAR reporting failures unnecessarily exposed the U.S. financial system to threat actors,” said FinCEN Acting Director Himamauli Das. “Bittrex’s failures created exposure to high-risk counterparties including sanctioned jurisdictions, darknet markets, and ransomware attackers. Virtual asset service providers are on notice that they must implement robust risk-based compliance programs and meet their BSA reporting requirements. FinCEN will not hesitate to act when it identifies willful violations of the BSA.”
The FinCEN settlement indicates that in 2016 Bittrex had not implemented automated transaction monitoring capabilities despite processing more than 11,000 transactions per day. The company relied on a manual transaction review process, which proved ineffective, preventing Bittrex from identifying high-risk and suspicious activity related to transactions it facilitated, darknet markets, and ransomware. Furthermore, the company did not file any suspicious activity reports (SARs) with FinCEN between 2014 and May 2017 and filed only one SAR between May and November 2017.
Despite Bittrex’s implementation of company policies to identify certain risks in exchanges, its monitoring program remained deficient and continued to process virtual currency transactions with sanctioned and high-risk jurisdictions.
So that companies can readily identify suspicious activity and manage fewer false positives, the U.S. Treasury’s Bittrex Enforcement Settlement serves as an important reminder about the necessity for transaction monitoring capabilities that ensure efficient and effective screening.
About Bittrex
Bittrex is a digital asset and cryptocurrency exchange platform that is based out of Seattle, Washington. The company was founded in 2013 by Bill Shihara, Richie Lai, Rami Kawach, and Ryan Hentz. The Bittrex trading platform offers its users access to trade over 250 digital assets and cryptocurrencies. Bittrex supports algorithmic trading and third-party platforms through their APIs.
Learn More
