BitMEX confirmed last month that it has reached settlements with the Commodity Futures Trading Commission (CFTC) and the Financial Crimes Enforcement Network (FinCEN) regarding its charges related to violations of U.S. laws.
The controversial crypto trading platform agreed to pay fines of up to $100 million to the US Treasury’s FinCEN and the CFTC to settle charges of noncompliance with anti-money laundering (AML) legislation (which includes not maintaining a proper AML system, giving access to U.S. citizens and misleading U.S. authorities)and for failing to appropriately register with the CFTC.
Since charges were laid against the exchange, it has conducted a massive compliance transformation. The exchange subsequently hired Global Digital Finance (GDF) chair Malcolm Wright as its Chief Compliance Officer (CCO) to aid in its regulatory revision.
Response from BitMEX CEO
Alexander Höptner, the current CEO of BitMEX, stated:
“Today marks an important day in our company’s history, and we are very glad to put this behind us. As crypto matures and enters a new era, we too have evolved into the largest crypto derivatives platform with a fully verified user base. Comprehensive user verification, robust compliance, and anti-money laundering capabilities are not only hallmarks of our business – they are drivers of our long-term success”.
He further added that “[they] take [their] responsibilities extremely seriously, and will continue to actively engage with regulators around the world to ensure that [they] play a positive role in helping to shape the future of this extraordinary asset class”.
The Charges Against BitMEX
In October 2020, BitMEX was charged with failing to comply with state regulations in accordance with the US Bank Secrecy Act (BSA), which requires that it registers as a cryptocurrency derivatives exchange with the CFTC and as a money service business (MSB) with state regulators.
The exchange owes its meteoric rise in popularity to its controversial offering of cryptocurrency derivatives and leveraged trading, which allows users to “100x” their trades (and gave its holding company its name), something that regulators have since clamped down globally, forcing other exchanges like Binance and FTX to limit their leveraged trading services as well.
U.S. regulators accused BitMEX of money laundering and terrorist financing activities with claims that it is used as a playground for hackers, criminals and users from blacklisted countries to anonymously and easily buy and trade digital assets. Among the list of BitMEX’s compliance violations is its failure to monitor transactions and identify suspicious activity. These claims all came to a head last year when the notorious Twitter hacker disclosed that he traded on BitMEX.
In addition to this, the Hong Kong-headquartered exchange, with offices in New York and San Francisco, decided to officially register itself in the minimally-regulated Seychelles to avoid the strict regulatory scrutiny of China and the US. However, this didn’t bode well in the eyes of regulators who saw this move as yet another attempt to evade oversight. Group CEO Arthur Hayes, the public face of BitMEX, further poked the bear when he made a costly joke during a Taipei debate with Nouriel Roubini that all it took to bribe local authorities was a coconut.
Co-owners Benjamin Delo, Samuel Reed and Gregory Dwyer, and Hayes, who vehemently opposed crypto regulation, were indicted in respect to the above.
How BitMEX turned around their company and AML compliance
Following their arrests, Hayes and BitMEX’s CTO, Reed, tendered their resignations with immediate effect and since then BitMEX underwent a complete leadership overhaul with Delo promising not to hold any executive positions in the company and Vivien Khoo, a former MD at Goldman Sachs taking over as interim CEO.
BitMEX seems genuinely intent on righting the regulatory wrongs of their past, one indicator of this is the appointment of compliance heavyweight Malcolm Wright as the 100x Group’s first CCO just weeks after the indictment. Other steps in the right direction that the exchange has taken include the addition of compliance tools and partnerships with AML and trading surveillance firm Eventus Systems.
The exchange also appointed Alexander Höptner, who is a former CEO of Börse Stuttgart and pioneer for regulated digital asset trading, as CEO in December last year, as well as completed their user verification program and strengthened their customer due diligence and screening for sanctioned entities.
What can we learn from BitMEX’s settlement?
The crypto industry has much to digest from the compliance turnaround of BitMEX in terms of the kinds of transaction monitoring standards that regulators expect from exchanges.
David Carlisle, our strategic partner Elliptic‘s Director of Policy and Regulatory Affairs, published this excellent article that lists some key considerations that other exchanges can take heed of, to which we’ve also added some of our own insights:
Regulators expect CASPs to use blockchain analytics solutions backed by strong compliance measures
FinCEN noted that despite the availability of tools that aid exchanges in uncovering the identity of the sender and recipient of digital asset transactions, BitMEX willingly failed to implement any of these solutions to identify potential suspicious transactions or sanctioned individuals both with new transactions and retrospectively.
Most regulators require that crypto asset service providers (CASPs) have blockchain analytics solutions in place. FinCEN has stated that one way exchanges can comply with AML regulations is by implementing blockchain analytics.
But, it is not enough to just have these measures in place, crypto organizations also need to ensure that these solutions are being “supported by strong internal transaction monitoring policies and procedures” and that staff are adequately trained to deploy these solutions and to identify illicit activity.
Exchanges need to identify ML/TF activity accurately
According to FinCEN, BitMEX “allowed thousands of transactions with suspicious counterparties, including numerous transactions with darknet markets; high-risk jurisdictions; unregistered MSBs offering…mixing services; and fraud schemes. Significantly, BitMEX failed to conduct proactive suspicious activity screening to determine whether transactions involved possible terrorist financing”.
Because the exchange was not making use of transaction monitoring solutions, it was unable to identify transactions between nefarious counterparties and ultimately resulted in BitMEX being held responsible for the occurrence of these illicit transactions. This highlights the onus of CASPs in identifying suspicious activity on their platforms.
Some of these activities include thousands of transactions with darknet markets, sanctioned countries, mixing services, fraudulent counterparties and previously prosecuted exchange BTC-e.
CASPs will be held accountable for failing to file SARs
As a result of not being able to identify suspicious transactions due to the lack of transaction monitoring solutions in place, BitMEX did not file the suspicious activity reports (SARs) for transactions with FinCEN that AML regulations require. These include the aforementioned transactions that were above the mandated SAR-filing threshold of $10,000, transactions with Iranian crypto exchanges, Bitcoin mixing services like closed-down Helix Exchange, and counterparties involved in fraudulent and scam activity.
Although BitMEX has taken strides in rectifying its regulatory misdemeanours, other cryptocurrency firms will hopefully learn from the moral of this non-compliance tale in order to prevent themselves from being fated with the same hefty fines.
Exchanges can find common ground with regulators if they’re willing
After being all but dead and buried in the eyes of many, with their leadership under arrest and customers jumping ship, BitMEX wisely chose to take quick and decisive action to correct course by going all out on compliance reforms. This likely saved them from being permanently shut down, and provided a blueprint for other leading exchanges like Binance this year, who has been under immense pressure to clean house after several countries, most recently South Africa, said they were not welcome to do business there.
With new measures like the Travel Rule now in effect in more and more countries, or legislation being developed like in the UK, and new regulatory frameworks being developed from Korea to Europe, ignorance of the law is no longer a plausible excuse. VASPs that do not comply will inevitably be targeted and made examples of until they get their house in order or close shop. Regulators like FinCEN and FATF believe that there are now adequate AML solutions out there to help exchanges fulfil their compliance duties. And if compliance is taken seriously and done correctly, then favorable results will follow, as proven by our Travel Rule client Independent Reserve’s recent in-principle approval after a 15-month process by the Monetary Authority of Singapore (MAS) to conduct digital payment token services in Singapore.
Sygna remains at the forefront of the digital asset industry’s AML compliance transformation. With three interoperable compliance solutions, Bridge (a first-to-market Travel Rule protocol), Gate (SaaS browser gateway), and Hub (integrated AML platform, due October 2021), Sygna aims to deliver the highest information and data security standards to help VASPs meet their evolving compliance needs.
In April 2021 Sygna Bridge achieved ISO/IEC 27001 certification, the globally recognized Information Security Management System (ISMS) standard and also received a favorable independent assessment by leading Singaporean blockchain association ACCESS in 2020.
We’ve also recently launched Sygna Gate, the complete browser gateway for KYT, Travel Rule, and sanction screening compliance, and will release our automated platform Sygna Hub later this year. These AML products offer a streamlined integration of the best AML solutions from leading providers like Elliptic, Chainalysis and ComplyAdvantage.