WASHINGTON—The Financial Crimes Enforcement Network (FinCEN) has assessed a civil money penalty of $100 million against BitMEX, one of the oldest and largest convertible virtual currency derivatives exchanges, for violations of the Bank Secrecy Act (BSA) and FinCEN’s implementing regulations.
BitMEX, which operated as an unregistered futures commission merchant (FCM) and provided money transmission services, willfully failed to comply with its obligations under the BSA. FinCEN’s action is part of a global settlement with the U.S. Commodity Futures Trading Commission (CFTC), according to FinCEN.
“BitMEX’s rapid growth into one of the largest futures commission merchants offering convertible virtual currency derivatives without a commensurate anti-money laundering program put the U.S. financial system at meaningful risk,” FinCEN’s Deputy Director AnnaLou Tirol said. “It is critical that platforms build in financial integrity from the start, so that financial innovation and opportunity are protected from vulnerabilities and exploitation.”
Violations Lasted More Than 6 Years
According to FinCEN, for more than six years, BitMEX failed to implement and maintain a compliant anti-money laundering program and a customer identification program, and it failed to report certain suspicious activity. These willful failures expose financial institutions to an increased risk of conducting transactions with money launderers and terrorist financiers, including noncompliant exchanges in high-risk jurisdictions, ransomware attackers, and darknet marketplaces. BitMEX conducted at least $209 million worth of transactions with known darknet markets or unregistered money services businesses providing mixing services. BitMEX also conducted transactions involving high-risk jurisdictions and alleged fraud schemes. BitMEX failed to file a Suspicious Activity Report (SAR) on at least 588 specific suspicious transactions.
From approximately 2014 through 2020, BitMEX allowed customers to access its platform and conduct derivative trading without appropriate customer due diligence – collecting only an email address and failing to verify customer identity. Despite BitMEX’s public representation that its platform was not conducting business with U.S. persons, FinCEN found that BitMEX failed to implement appropriate policies, procedures, and internal controls to screen for customers that use a virtual private network to access the trading platform and circumvent internet protocol monitoring.
In some instances, BitMEX senior leadership altered U.S. customer information to hide the customer’s true location, FinCEN said.
Additional Stipulations
In addition to paying a civil money penalty, BitMEX has agreed to engage an independent consultant to conduct a historical analysis of its transaction data, sometimes referred to as a “SAR lookback,” to determine whether BitMEX must file additional SARs on this activity, according to FinCEN.
The agency said BitMEX will also engage an independent consultant to conduct two reviews, including relevant testing, to ensure that appropriate policies, procedures, and controls are in place that are effective and reasonably designed and implemented to ensure that BitMEX is not operating wholly or in substantial part in the United States.
FinCEN said the move marks its first enforcement action against an FCM.