The CFTC and DOJ actions against BitMEX suggest that the crypto industry still has a lot of work ahead to meet KYC/AML standards.
Recent years have seen the crypto industry mature across the global economic landscape, but it still runs into high-profile snags. On Oct. 1, the United States Department of Justice filed criminal charges against four executives of the BitMEX trading platform — including its founder, Arthur Hayes — for violating the Bank Secrecy Act. One of the executives in question has been arrested, according to a DOJ statement.
Furthermore, the Commodity Futures Trading Commission also filed a civil enforcement action against BitMEX and three of its executives for violating Anti-Money Laundering regulations.
The regulatory body claimed that BitMEX and its top brass have been engaging in shady activities for years, such as using weak Anti-Money Laundering and Know Your Customer policies that bad actors can exploit using various methods such as VPNs to mask their virtual identities, among others.
Additionally, BitMEX makes use of a complex international corporate structure that includes a number of separate individual entities, and as a result, it’s not entirely clear where exactly the firm is based. Also, it’s worth noting that BitMEX openly promotes on its website that it’s registered in the Seychelles and has offices in premier destinations such as Hong Kong and New York.
BitMEX customers appear to have no limits on their Bitcoin (BTC) withdrawals but have to go through an ID check, although the checks will only become mandatory for traders in February 2021. Throughout 2019, multiple reports claimed that the CFTC was investigating the exchange because U.S. residents were able to trade crypto derivatives on the platform even though it was neither registered as a derivatives exchange with the CFTC nor as a money services provider with any state in the U.S — which is illegal.
John Jefferies, chief financial analyst at CipherTrace — a blockchain intelligence firm — told Cointelegraph that between November 2014 and September 2020, BitMEX failed to file even a single suspicious activity report, a means of reporting possibly illicit transactions to the U.S. government, adding:
“BitMEX has been under investigation by the CFTC since early 2019 for allowing Americans to trade on the platform, and they were given time to improve their Customer Identification Program to effectively exclude US persons. It’s not that law enforcement hasn’t been following and warning BitMEX, but that BitMEX’s ongoing negligence and lack of compliance led to the hammer finally coming down on them.”
BitMEX executives under fire
The red flags were there for everyone to see. For starters, BitMEX’s website expressly advertised the fact that “No real-name or other advanced verification is required” to make use of the platform.
As part of its complaint, the CFTC has claimed that Hayes, Ben Delo and Sam Reed — BitMEX’s executive team — were in contact with multiple compliance consultants, one of them even telling Reed that the company needed to implement stricter KYC standards to comply with international sanctions.
In other words, reports point to the fact that BitMEX had ample warnings to make corrections but chose not to heed them, resulting in the executives now facing severe charges. The Department of Justice’s indictment has each of the defendants facing up to 10 years in jail. Not only that, but according to Jefferies, the CFTC’s action could potentially result in the most expensive AML penalty ever paid out by a financial institution.
However, it is worth noting that the CFTC’s complaint isn’t solely focused on BitMEX’s AML procedures but rather on its failure to register with the relevant authorities. In fact, it’s the DOJ’s indictment that looks more closely at the AML side. Maddie Kennedy, senior director of communications at Chainalysis — a cryptocurrency analytics firm — told Cointelegraph:
“Transaction monitoring is a core component of a compliance program, as is KYC. Some of the criminal activity cited in the indictment is from several years ago, which demonstrates the need for proper compliance procedures to be in place from day one. For cryptocurrency exchanges and financial institutions in jurisdictions that have not yet put regulations in place, today’s news illustrates the importance of getting ahead of the compliance curve.”
No silver lining?
Despite the CFTC’s takedown of BitMEX, legal experts such as John Wagster, co-chair of Frost Brown Todd’s blockchain and digital currency unit, believe that despite American regulators alleging that BitMEX was being operated through a “maze of corporate entities,” there are many legitimate reasons as to why a company may choose to use such a business model that spans across multiple jurisdictions:
“We will need to see the details of the CFTC’s case before we can determine if the structure was intended to achieve nefarious purposes. It is common for enforcement agencies to pursue every possible remedy to increase their negotiating leverage, so I would not read too much into that portion of the allegations.”
That being said, options for BitMEX and its executive team remain relatively limited because in addition to the civil charges, the U.S. attorney for the Southern District of New York has also indicted Hayes, Delo, Reed and Gregory Dwyer — BitMEX’s head of business development — on criminal charges of violating and conspiring to violate the Bank Secrecy Act, or BSA.
The BSA is the primary law governing America’s AML/KYC regulations that banks and financial companies are required to follow. The BSA also contains rules as to whether or not entities must register as money services businesses. The guidelines put forth by the BSA serve as the American government’s primary method of preventing money laundering and activities related to terrorist financing.
What’s next for BitMEX?
Expanding on BitMEX’s future, Dean Steinbeck, chief operating officer of Horizen Labs — a privacy-oriented blockchain firm — told Cointelegraph that U.S. regulators often take a long time before enforcing any major actions, especially in relation to businesses that rely on novel technologies, adding:
“If BitMEX is found to have been operating unlawfully, in addition to the fines and penalties, the CTFC will also seek to ‘disgorge’ or recoup all of the profits generated by the exchange. This is consistent with the general idea that ‘wrongdoers’ should not profit from their unlawful activity.”
He further added that even though BitMEX’s website clearly states it cannot be used by U.S. persons, regulators require that businesses take active steps to ensure that residents don’t actually use the site. He added: “Even for gambling websites and ICOs, it is not enough for the business to simply state ‘No US Persons Allowed.’”
Regulatory action could be a game-changer for crypto industry
The allegations against BitMEX are serious and make a compelling case for decentralization. For its proponents, one of the more favorable attributes of decentralization is that no single entity or individual is in charge of the protocol because it’s run by its users through decentralized governance.
If governance is decentralized, there is no controlling authority that regulators can target for enforcement. Any regulatory action against BitMEX will likely cause existing protocols to decentralize more quickly — and future protocols to decentralize immediately.
That being said, even though decentralized exchanges are known for their minimal AML and KYC checks, this latest development has raised the question of whether or not DEXs are also obliged to comply with the BSA. If they do, many crypto exchanges will have to rethink their existing buy/sell frameworks.