The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN) have reached settlements with Bittrex, a virtual currency exchange based in Bellevue, Wash.
The settlement amount with OFAC is $24 million, the largest it has reached to date in a virtual currency case. The settlement amount for FinCEN is $29 million. OFAC and FinCEN found apparent violations by Bittrex of multiple sanctions programs and willful violations of the Bank Secrecy Act’s (BSA’s) anti-money laundering (AML) and suspicious activity report (SAR) reporting requirements.
In this OFAC case, Bittrex failed to prevent persons located in the Crimea region of Ukraine, Cuba, Iran, Sudan, and Syria from using its platform to engage in approximately $263,451,600.13 worth of virtual currency-related transactions between March 2014 and December 2017. U.S. persons are prohibited from engaging in transactions with these jurisdictions. Yet, based on internet protocol (“IP”) address information and physical address information collected about each customer at onboarding, Bittrex had reason to know that these users were located in jurisdictions subject to sanctions. At the time of the transactions, Bittrex was not screening this customer information. OFAC pointed out that this information was not voluntarily self-disclosed.
“When virtual currency firms fail to implement effective sanctions compliance controls, including screening customers located in sanctioned jurisdictions, they can become a vehicle for illicit actors that threaten U.S national security,” OFAC Director Andrea Gacki said. “Virtual currency exchanges operating worldwide should understand both who—and where—their customers are. OFAC will continue to hold accountable firms, in the virtual currency industry and elsewhere, whose failure to implement appropriate controls leads to sanctions violations.”
In the FinCEN case, Bittrex failed to maintain an effective AML program from February 2014 through December 2018. Further, Bittrex’s AML program failed to appropriately address the risks associated with its products and services, including anonymity-enhanced cryptocurrencies. In addition, Bittrex failed to file any SARs between February 2014 and May 2017.
“For years, Bittrex’s AML program and SAR reporting failures unnecessarily exposed the U.S. financial system to threat actors,” FinCEN Acting Director Himamauli Das said. “Bittrex’s failures created exposure to high-risk counterparties, including sanctioned jurisdictions, darknet markets, and ransomware attackers. Virtual asset service providers are on notice that they must implement robust risk-based compliance programs and meet their BSA reporting requirements. FinCEN will not hesitate to act when it identifies willful violations of the BSA.”
These actions highlight to the virtual currency industry the importance of implementing appropriate risk-based sanctions compliance controls and meeting obligations under the BSA. Not doing so can result in violations, but it also exposes exchanges and others in the virtual currency industry to potential abuse by illicit actors.