BitMEX Exchange Derives Bitter Fruit From AML Non-Compliance

When the United States’ Department of Justice and Commodity Futures Trading Commission (CFTC) finally came knocking on BitMEX’s door on October 1st, 2020, it’s fair to say that the crypto industry was spooked, but not surprised. The collision course between crypto’s enfant terrible and U.S. authorities was set in public long ago years ago. 

The price of Bitcoin, which usually acts as an accurate barometer to reflect each exchange hack, scam, or prosecution in recent years, didn’t move much as a BitMEX co-founder was arrested and warrants were issued for the rest of the executive team, most notably CEO Arthur Hayes, the at-times controversial face of BitMEX and an unapologetic opponent of the States’ strict regulations for exchanges. 

Arthur Hayes BitMEX CEO
Arthur Hayes (source: NYTimes.com)

U.S. federal authorities accused BitMEX, its related entities and executive team of allowing U.S. customers on its platform and purposefully avoiding the U.S. regulatory obligations that come with this. According to the DoJ statement, not only avoiding, but actively boasting about it. 

The charges include failing to register as a crypto derivatives exchange with the CFTC and as a money service business (MSB) with state regulators in accordance with the States’ Bank Secrecy Act (BSA), and could result in a 10 year jail term for the founders as well as massive fines that could very well send the exchange into liquidation, which would be quite ironic for traders impacted by its recent flash crashes. 

The charges are extremely serious and come despite BitMEX recently making user identification requirements mandatory in August 2020 in response to closer regulatory scrutiny. 

So who’s in the wrong and what are the lessons to be learnt for crypto exchanges?

The AML Case Against BitMEX

Sources: Forkast.news

BitMEX and its related yet separate corporate entities weave a complex web around the globe. With offices in world capitals like New York, San Francisco and Hong Kong, from where its exchange operates, the group drew the collective ire of regulators when it chose to officially register its business in the minimally regulated Seychelles instead of the United States or Asia, who leads the world in crypto regulation reforms. 

The highly profitable exchange is owned and operated by the HDR Global Trading Limited, which is in turn controlled by its holding group, the 100x Group, founded by Hayes and partners. 

BitMEX’s rise in popularity since 2018 has been driven by its controversial offering of cryptocurrency derivatives and leveraged trading, which allows users to “100x” their trades. 

Founded in 2014, BitMEX has long been accused by its detractors of facilitating money laundering and terrorism financing. Its critics claim the crypto derivatives exchange serves as a largely unregulated platform where criminals, hackers and users from blacklisted countries like Iran can anonymously and illicitly buy and offload virtual assets with ease. These claims reached a crescendo in 2020 when the notorious “Twitter hacker” was revealed to trade on BitMEX. 

Twitter hacker Graham Ivan Clark
Twitter hacker Graham Ivan Clark

Where anti-money laundering (AML) and Know-Your-Customer (KYC) processes were implemented to verify users, they were usually woefully inadequate. U.S. customers could easily circumvent location restrictions with the help of masking technology such as virtual private networks (VPNs). 

This AML weakness was interpreted by many regulators as not so much a design flaw as a design feature by BitMEX, intended to cash in on the lucrative U.S market. 

BitMEX’s historically lax user identification policies, coupled with the exchange’s explosive crypto derivatives packages offered, such as its 100x leveraged trading and unlimited Bitcoin withdrawals which only required an ID check, quickly made it one of the top 3 most popular crypto exchanges in the world and a self-styled “crypto casino”, where the biggest risk-takers reaped the biggest crypto rewards when they got it right. 

Eventually BitMEX’s client base became impossible to ignore for exchanges, and was gradually chipped away at by other exchanges like Binance who started to offer similar crypto derivative products. 

BitMEX XRP flash crash
BitMEX XRP flash crash (Source: Yahoo Finance)

It didn’t help that BitMEX’s reputation also took a sustained beating at the hand of several scandals in recent years, including the BitMEX data hack and notorious “flash crashes” in 2019 and 2020 (February, March and May) that liquidated BTC and XRP long-short positions totalling hundreds of millions of USD. It alienated investors and made regulators and the industry cry foul in unison. An intervention seemed imminent.


The FCA vs BitMEX

With rumors of market manipulation flying around, BitMEX was increasingly criticized for a number of issues, most notably lax Know-Your-Customer (KYC) processes that allowed money laundering to flourish on its platform. 

In March 2020, the Financial Conduct Authority (FCA) blasted BitMEX for operating without proper authorization in the United Kingdom.

BitMEX was also heavily criticized for two major platform “outages” in March and May 2020, which caused a big market crash in which investors lost millions and resulted in more than $400 million in investor funds exiting the exchange’s books. 

The U.S. DoJ vs BitMEX

us crypto regulations

Therefore, it came as no real surprise when federal prosecutors from the Department of Justice finally indicted Arthur Hayes, and co-owners Benjamin Delo, Samuel Reed and Gregory Dwyer in New York.

Meanwhile, the CFTC charged five BitMEX-related entities and three individuals (Hayes, Dwyer and Reed) with “operating an unregistered trading platform and violating multiple CFTC regulations, including failing to implement required AML procedures.” The defendants face up to 10 years in prison and the charges may also result in the most expensive AML penalties ever issued to a financial institution. 

The entities are HDR Global Trading Ltd., 100x Holding Ltd., ABS Global Trading Ltd., Shine Effort Inc. Ltd., and HDR Global Services (Bermuda) Ltd. (Bitmex).

The DoJ maintains that the co-founders undoubtedly knew by September 2015 that BitMEX was required to implement an AML program that included a “know your customer” or “KYC” component because they served U.S. customers. However, BitMEX chose to ignore these regulatory requirements.

Furthermore the DoJ holds that : 

  • despite being registered in the Seychelles, BitMEX had subsidiaries and affiliates operating in the U.S. and elsewhere and employed staff involved in its operations
  • the defendants knew U.S. customers were continuing to access BitMEX until at least 2018
  • BitMEX’s policies to prevent U.S. customers trading were “toothless” and easily overridden
  • this was on purpose, as to help BitMEX gain revenue from the U.S. market without adhering to its regulations. 
  • the founders took affirmative actions to try and exempt BitMEX from their legal AML/KYC obligations in the U.S., such as incorporating the exchange in the less-regulated Seychelles
  • Hayes actually boasted that they decided to settle in the Seychelles as it was much easier to bribe Seychellois authorities (with “a coconut”)

The CFTC’s case against BitMEX

According to the CFTC, BitMEX has from November 2014 until now at their executive team’s behest ” illegally offered leveraged retail commodity transactions, futures, options, and swaps on cryptocurrencies including bitcoin, ether, and litecoin, allowing traders to use leverage of up to 100 to 1 when entering into transactions on its platform. “

This has resulted in BitMEX facilitating trillions of dollars in cryptocurrency derivatives transactions and collected over $1 billion since beginning operations in 2014. 

Yet despite this, BitMEX did not register with the CFTC and ” failed to implement the most basic compliance procedures and key safeguards designed to protect the U.S. derivatives markets and market participants and required of financial institutions that impact U.S. markets.”

The CFTC complaint charges BitMEX with: 

  • operating a facility for the trading or processing of swaps without having CFTC approval as a designated contract market or swap execution facility
  • operating as a futures commission merchant by soliciting orders for and accepting bitcoin to margin digital asset derivatives transactions
  •  acting as a counterparty to leveraged retail commodity transactions. 
  • violating CFTC rules by failing to implement know-your-customer procedures, a customer information program, and anti-money laundering procedures.

BitMEX response

Following the U.S. charges, BitMEX’s issued an initial response that did not dive into too much detail:

“We strongly disagree with the U.S. government’s heavy-handed decision to bring these charges, and intend to defend the allegations vigorously. From our early days as a start-up, we have always sought to comply with applicable U.S. laws, as those laws were understood at the time and based on available guidance.”

A week later, Hayes,the CEO of BitMEX’s holding company 100X Group, and Reed, the company’s CTO, tendered their resignations with immediate effect. Reed was subsequently released on bail of $5 million. 

Are the regulatory actions against BitMEX justified?

As a leading exchange with deep pockets and access to the best compliance resources, BitMEX and Hayes, its CEO and ex-Citigroup trader, were likely acutely aware of both the need to implement more stringent AML policies as well as the CFTC’s mounting investigation against them.

In fact, rumors already began circulating in media as early as July 2019. Looking back now, it’s clear that the regulatory actions taken against BitMEX were meticulously planned.

Yet, at the time Hayes remained openly defiant, making his ill-fated “coconut” remark at 2019’s Asia Blockchain Summit in Taipei, where he (partly in jest) said it only takes a coconut to bribe officials in the Seychelles. (see 10:00 mark). 

Attendees may recall the much-publicized “Tangle in Taipei” face-off between Hayes and crypto’s Dr. Doom, economist Professor Nouriel Roubini.

The BitMEX-sponsored and profanity-laden debate was entertaining, but failed to live up to expectations of a seminal discourse on crypto regulations as both Hayes and Roubini slung mud at each other and pandered to their audiences as crypto anti-hero and crypto naysayer respectively. 

However, Roubini did deliver an ominous warning to Hayes, which soon proved rather prescient as the FCA started investigating a proposed ban on crypto derivatives. He also articulated the core of most of the regulatory charges now leveled at BitMEX,

FBI Assistant Director William F. Sweeney Jr. couldn’t resist sharing that Hayes’ infamous “coconut bribe” remark has come back to bite him:

“Thanks to the diligent work of our agents, analysts, and partners with the CFTC, they will soon learn the price of their alleged crimes will not be paid with tropical fruit, but rather could result in fines, restitution, and federal prison time.”

As the expression goes, the weed of crime apparently still bears bitter fruit indeed. 

BitMEX’s clean sweep: A new beginning? 

Following the U.S. charges, several sweeping executive changes took place at the 100x Group. Hayes and Reed stepped down as CEO and CTO, and with Delo, vowed not to hold any executive positions within the organization, while Dwyer is taking a leave of absence as head of business development. Chief operating officer Vivien Khoo, formerly an MD at Goldman Sachs took over as interim CEO. 

More importantly though, despite their explicit denial of the DoJ’s accusations of regulatory transgressions, BitMEX and the 100x Group seem intent to now chart a new course that is more closely aligned with the expectations of regulators. 

In a blog post on October 12 2020, BitMEX announced that it had hired crypto compliance heavyweight Malcolm Wright as the 100x Group’s first chief compliance officer (CCO)

Malcolm Wright
Malcolm Wright, BitMEX’s new compliance chief

Wright currently chairs the Advisory Council and AML Working Group at the Global Digital Finance (GDF) blockchain industry body, and has been actively involved since 2019 in helping the crypto industry communicate with the Financial Action Task Force and craft suitable interoperability solutions to its Recommendation 16’s so-called FATF Travel Rule, such as the InterVASP Messaging Standard (IVMS101).

As CCO, Wright will assume a very hot seat and be tasked with making BitMEX globally compliant sooner rather than later. He will report directly to new CEO Khoo and presumably lay out a detailed compliance roadmap to follow, of which compliance with the BSA and Travel Rule will be high on the agenda.

The Travel Rule requires virtual asset service providers (VASPs) to share compliant user information with counterparties during transmittals. There are currently new technical solutions like Sygna Bridge being developed to help VASPs comply with its data-sharing demands. 

Whether Wright will have enough time to stave off further regulatory action against BitMEX remains to be seen. It is however an encouraging step in the right direction for the beleaguered crypto platform, and long overdue. 

Conclusion

The recent regulatory actions by the FCA and CFTC on both sides of the pond serve as a clear warning to exchanges that regulators globally will leave no stone unturned in their crusade to clean crypto exchanges up and close off illicit on-ramps and off-ramps that facilitate money laundering. 

By taking aim at BitMEX, an easy target for them partly due to the founders’ hubris, they’ve made it clear that no crypto exchange is too big to take down when violating international regulations. 

It’s no coincidence that the FCA’s banned crypto derivative platforms offering services to UK retail consumers only 5 days after federal authorities charged BitMEX. 

Whether BitMEX is given a pass or buried under fines, its founders eventually jailed or allowed to settle, the main takeaway to other crypto exchanges is the following:

BitMEX’s woes, caused by decisions and actions from years ago, drive home the fact that a crypto-asset service provider (CASP) which skirts regulations wantonly, is almost certainly using an outdated and unsustainable business model that will eventually be exposed, a year, two years, a decade from now, when regulators inevitably come knocking. 

Blockchain is after all immutable, and so is the trail that it provides authorities to play catchup with non-compliant exchanges at their leisure. 

More regulation is coming, both in the U.S. and elsewhere, and it’s coming faster than the industry could have anticipated at the start of 2020. Compliance will be difficult and painful at times, but it will also benefit investors in the long run and can act as a competitive advantage to exchanges in the interim.

At the very least, it will help the industry stamp out devastating events like the recent $280m KuCoin exchange hack

The BitMEX charges and the exchange’s reaction to them should send a clear message to cryptocurrency exchanges of all sizes and in all locations. It’s time to start checking AML compliance boxes. If not, authorities may soon start crossing them out in indelible red for you. 

Written by Werner Vermaak


Disclaimer: CoolBitX provides these blog posts for general educational purposes only. Information on this blog expresses the opinion of the author only. It does not constitute professional legal or financial advice and should not be considered as such. The author or company may update the information on this article at any time without prior notice and do not guarantee the work to be up to date and accurate. To the best of our knowledge, the information provided here is factual at the time of writing.

About CoolBitX and Sygna Bridge

CoolBitX’s Sygna Bridge is a first-to-market travel rule solution and alliance network that is live and being used by our VASP partners to share compliant originator and beneficiary transmittal information.

This image has an empty alt attribute; its file name is sygna-bridge-gif-1024x439.gif

Sygna Bridge completed a successful production test report (Big 4 audited) earlier this year, which was presented to the FATF Contact Group in May 2020. Sygna Bridge now also supports the IVMS101 messaging standard.

CoolBitX has signed MoUs with more than 20 VASPs worldwide and recently joined forces with Elliptic in a combined quest to help crypto companies comply with the FATF Standards.

For enquiries on the FATF Travel Rule and our Sygna Bridge solution for VASPs, please contact us at [email protected].


MiCA (Updated July 2022): A Guide to the EU's Proposed Markets in Crypto-Assets Regulation

ACCESS Singapore Publishes Travel Rule Assessment Report on Sygna Bridge