October 13, 2020
Prosecutors and regulators are signaling an intent to expand accountability amongst cryptocurrency platforms under U.S. laws and regulations, including the Bank Secrecy Act (BSA). On October 8, 2020, the United States Department of Justice (DOJ) released a report on enforcement challenges and areas of focus related to entities dealing in cryptocurrency. The report came shortly after the DOJ and the Commodity Futures Trading Commission (CFTC) announced an indictment and civil charges against directors and entities related to BitMEX, a platform for trading in futures contracts and other derivatives tied to cryptocurrencies, for failing to register with the CFTC as a Futures Commission Merchant (FCM) and to implement proper anti-money laundering (AML) measures.
The DOJ report and related enforcement actions are aligned with an international focus to increase AML accountability and broaden jurisdiction over cryptocurrency trading platforms. Shortly before the DOJ’s report was released, the European Commission published several proposals for new EU regulations on crypto-assets and digital operational resilience for the financial sector, further signaling a global interest in clarifying the laws and regulations that govern cryptocurrency. Shearman’s reporting on these regulations can be found here.
On October 8, 2020, the DOJ Attorney General’s Cyber-Digital Task Force released “Cryptocurrency: An Enforcement Framework.” The report outlines the emerging threats and enforcement challenges related to the use of cryptocurrency and the Department’s response strategies. The report shows that authorities are continuing to grapple with the “breathtaking possibilities” of cryptocurrencies and the “emerging threats posed by [the] rapidly developing technology.”
The report begins by outlining the legal and “illicit” uses of cryptocurrency. Illicit uses fall into three categories: (1) financial transactions associated with the commission of crimes; (2) money laundering and the shielding of legitimate activity from legal requirements; and (3) crimes, such as theft, directly implicating the cryptocurrency marketplace. The report appears to be particularly concerned with criminals (including foreign terrorist organizations) using cryptocurrency to carry out illegal activities.
For example, the report emphasizes the risk that cryptocurrency can be used as a tool for money laundering: “[u]nlicensed or unregistered exchanges or money transmitting businesses can provide an avenue of laundering for those who use digital currency for illicit purposes.” The report warns of cryptocurrency exchanges that avoid compliance with AML and know-your-customer (KYC) regulations, allowing criminals and terrorists “to hide their illicit financial activity from regulators and investigators.”
Next, the report outlines the laws and regulations that govern the use of cryptocurrency. The report notes that “[m]uch of the regulatory activity conducted by the agencies [overseeing the use of cryptocurrency] focuses on money services businesses (MSBs) and virtual asset service providers (VAPs).” In the United States, individuals and entities that offer money transmitting services involving virtual assets (such as cryptocurrency exchanges, issuers and brokers) are considered MSBs that are subject to the BSA and its AML regulations. Authorities with regulatory control over the use of cryptocurrency include the DOJ, the Department of the Treasury, the Securities and Exchange Commission and the CFTC.
In particular, under the Commodity Exchange Act (CEA), the CFTC has oversight over derivatives contracts, including futures, swaps and options that involve a commodity. The CFTC (and multiple federal courts) have held that virtual currencies fall within the CEA’s definition of “commodity.” Further, “[t]he CFTC’s jurisdiction is implicated when a virtual currency is the underlying asset in a derivatives contract, or there is fraud or manipulation involving a virtual currency traded in interstate commerce.” For example, the report notes that the CFTC has taken action against unregistered bitcoin futures exchanges illegally offering margined or financed retail virtual currency transactions in violation of the retail commodity transaction provision of the CEA. However, the report further notes that the CFTC’s jurisdiction does not cover ‘spot’ or cash market exchanges and transactions involving virtual currencies that do not utilize margin, leverage or financing.
Finally, the report warns that many entities dealing in cryptocurrency (including exchanges and brokers) “often fail to comply, in whole or in part, with the BSA and other legal requirements, thereby threatening the Department’s investigative abilities and undermining public safety.” Specifically, the report appears concerned with cryptocurrency exchanges, peer-to-peer exchangers and platforms, and cryptocurrency kiosks, which are considered MSBs and are subject to the BSA and must register with the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) and follow AML and KYC protocols.
The report also warns that “the global and cross-border nature of transactions involving virtual assets [and] the lack of consistent AML [protocols] . . . is detrimental to the safety and stability of the international financial system.” Importantly, the report notes that companies using cryptocurrency physically located outside of the United States may still be subject to U.S. law, including the BSA, if, for example, entities or individuals engage in money transmission as a business and operate in part in the United States.
The report emphasizes that the DOJ will continue to work with its regulatory partners, including the CFTC, to prosecute “those who use cryptocurrencies to commit, facilitate, or conceal crimes.” The DOJ will also work with federal, state and foreign regulatory and law enforcement groups to increase awareness about the threats posed by cryptocurrency platforms.
On October 1, 2020, the DOJ filed criminal charges against four founders and executives of BitMEX, a platform for trading in futures contracts and other derivatives tied to cryptocurrencies, for violating and conspiring to violate the BSA. Prosecutors allege that defendants willfully caused BitMEX to fail to establish, implement and maintain an adequate BSA-compliant anti-money laundering AML program. The indictment, along with a concurrent civil action brought by the CFTC, further show that U.S. prosecutors and regulators may consider certain cryptocurrency trading platforms that serve U.S. customers to be FCMs subject to the BSA, regardless of where the platforms are incorporated. The charges also indicate a push to hold directors and executives of such platforms accountable under AML rules and requirements.
Jurisdiction over defendants appears to be predicated on BitMEX’s offering to U.S. customers trades in futures contracts, options, swaps and other derivatives products tied to the value of cryptocurrencies. For example, as noted in the indictment, “BitMEX accepts Bitcoin to margin and guarantee its derivative products, and . . . has offered its customers up to 100 times leverage on certain of its products.” According to the indictment, these activities caused BitMEX to have been operating as an FCM required to comply with the BSA. In addition to alleging that BitMEX is an unregistered FCM, the CFTC complaint charges defendants with operating a facility for the trading of swaps without being registered as a swap execution facility or as a designated contract market, in violation of the Commodity Exchange Act and CFTC regulations.
According to the indictment, defendants took affirmative steps to exempt BitMEX from having to comply with the BSA, including by incorporating BitMEX in the Seychelles, where defendants believed that they could serve U.S. customers without having to comply with U.S. laws (the indictment alleges that one defendant even bragged that it would cost less—“just ‘a coconut’”—to bribe regulators in the Seychelles than it would in the United States). However, as defendants “intended for BitMEX to solicit and accept customers in the United States,” and, in fact, operated within the United States and served thousands of customers located in the United States, the indictment alleges that BitMEX “has at all relevant times been a [FCM] required to comply with the [BSA].”
Accordingly, BitMEX was required to register with the CFTC and to maintain an adequate AML program that included a KYC component—which BitMEX failed to do. The cumulative effects of defendants’ actions, according to the indictment, made BitMEX “available as a vehicle for money laundering and sanctions violations.”
The CFTC’s civil enforcement action, which was filed in the United States District Court for the Southern District of New York against three of the defendants (the founders of BitMEX) and five related entities, alleges that defendants failed to register with the CFTC and failed to implement AML and KYC procedures and a customer information program. In a press release accompanying the filing of the action, CFTC Chairman Heath P. Tarbert noted that “[d]igital assets hold great promise for our derivatives markets and for our economy. For the United States to be a global leader in this space, it is imperative that we root out illegal activity like that alleged in this case.”
On October 8, 2020, BitMEX announced that each of the four individuals charged in the DOJ indictment have stepped back from their respective roles with the company.
The report and charges show that prosecutors and regulators are concerned with the harm that can be caused by cryptocurrency platforms that operate unchecked—particularly with regards to AML accountably. As the DOJ noted in its press release announcing the BitMEX indictment, the charges “represent another push . . . to bring platforms for money laundering into the light.” As noted throughout the DOJ report, several regulatory bodies have oversight over companies dealing in cryptocurrency, and the DOJ will continue to work with those bodies to ensure that such companies comply with the pertinent laws and regulations (e.g., the BSA or CEA). Accordingly, directors and executives of such companies—even those incorporated in foreign jurisdictions—should be aware of their company’s potential classifications as MSBs or VAPs, and potential liability under U.S. laws like the BSA. Directors and executives should develop compliance programs that strictly adhere to proper AML and KYC practices.
Cryptocurrency trading companies must also continuously monitor transactions and collect data analytics, be mindful of key risk indicators when onboarding new customers, and promptly report suspicious trading activities. While the DOJ report suggests that there are several open jurisdictional issues related to cryptocurrency platforms (e.g., the extent to which prosecutors can reach to enforce U.S. laws against foreign actors), these statements and actions collectively indicate that authorities may be expanding their reach into cryptocurrency platforms.