On August 10, 2021, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) announced the assessment of a civil monetary penalty against several BitMEX entities for violations of the Bank Secrecy Act (BSA) and its implementing regulations.
FinCEN found that BitMEX willfully failed to comply with its obligations under the BSA, including the requirements to adopt and implement an AML compliance program, implement and maintain a customer identification program (CIP), and report suspicious activity.
Of note, FinCEN asserted jurisdiction over BitMEX, an offshore exchange, because BitMEX was a “financial institution” under the BSA since it operated as a futures commission merchant (FCM) required to register with the Commodity Futures Trading Commission (CFTC) and because BitMEX engaged in significant business activities within the U.S. and solicited and accepted orders from U.S. customers. Additionally, FinCEN found that BitMEX provided money transmission services within the U.S., transmitting funds for U.S. customers, thereby providing another hook for jurisdiction.
The CFTC separately announced that it had entered into a consent order with BitMEX in the U.S. District Court for the Southern District of New York. The CFTC’s order found that BitMEX violated the Commodity Exchange Act (CEA) by operating as an FCM without CFTC registration, and that BitMEX violated the CEA by operating a facility to trade or process swaps without being approved as a designated contract market or a swap execution facility. The CFTC order further found that BitMEX violated CFTC regulations regarding CIP and know your customer (KYC) procedures and failed to implement an adequate AML program.
In total, BitMEX paid a $100m penalty to FinCEN, with $50m credited for payment to the CFTC, and $10m suspended pending BitMEX’s compliance with a SAR transaction lookback, and $10m suspended pending BitMEX’s compliance with a comprehensive review of its internal controls. The CFTC’s litigation against BitMEX’s founders continues, as do the criminal cases.
FinCEN and the CFTC’s actions against BitMEX further demonstrate the long arm of the U.S. government’s enforcement jurisdiction with respect to offshore exchanges. The short answer is that if you are doing business in the U.S. and accessing U.S. customers, then there is a good chance that you may be subject to U.S. laws, particularly as it relates to AML. That is not unexpected and BitMEX now has to deal with the consequences of its business decisions. But what U.S. customers of BitMEX’s may not have expected is that, as part of the consent order, BitMEX certified that all users identified as U.S. Persons by BitMEX’s user-verification procedures, or unverified users, have been blocked from trading on the platform or making withdrawals. These customers may have had their trading restricted at an inopportune time and could have limited access to their capital going forward. Will U.S. customers be able to hold BitMEX liable for any loses? That remains to be seen, particularly with respect to any U.S. customers that used a VPN to open accounts in violation of BitMEX’s terms of use.