Following Anti-Money Laundering Regulation is Required, Everywhere
Last Tuesday, Alexander Vinnik was arrested and charged with 21 counts of Money Laundering for his alleged role in running BTC-e, a virtual currency exchange, and laundering proceeds stolen from the Mt Gox exchange. BTC-e was well known for not having sufficient AML requirements, requiring customers to only provide an email address and likely failing all 5 pillars of AML.
The 21 counts and what they relate to:
- Operating an Unlicensed Money Service Business (Count One)
- Conspiracy to Commit Money Laundering (Count Two)
- Money Laundering (Counts Three - Nineteen)
- Engaging in Unlawful Monetary Transactions (Counts Twenty - Twenty One)
The investigation was carried out by a cavalcade of US Government agencies (FinCEN, The Internal Revenue Service-Criminal Investigation Division, Federal Bureau of Investigation, United States Secret Service, and Homeland Security Investigations) and how they gained jurisdiction is fascinating. In 2012, when Vinnik transferred a small portion of his Bitcoin to an account he had on Tradehill, a (now defunct) bitcoin exchange in California, the Assistant US Attorney’s gained jurisdiction to press charges, even though Mt. Gox was located in Japan and BTC-e in Eastern Europe.
To be honest, these charges were not surprising, it was just a matter of time. Listed below are the reasons this arrest, and the subsequent shuttering of BTC-e, were expected. But more importantly, how this impacts all the other exchanges.
Why this was inevitable
BTC-e was founded in July of 2011 when the price rose to a then high of $31 per bitcoin. There was no explicit regulation then and no one knew that bitcoin would grow so large so quickly. However, in March 2013, FinCEN stipulated that virtual currency exchanges were "money transmitters" and therefore responsible for complying with existing BSA regulation, specifically the same laws and regulations as other Money Service Businesses (MSBs). BTC-e needed to begin complying with US AML regulation then, and did not.
Bitcoin’s market cap is currently just north of $46B, slightly higher than the GDP of Slovenia. Last month, $18B were transferred, this is more than PayPal and ⅓ of American Express’s volume. Likewise, BTC-e’s volume grew, in the previous year $2.4 billion went through the exchange, the previous month over $436 million, the day before nearly $11 million. Bitcoin is no longer a niche market, it has reached the scale where significant money laundering is possible. Moreover, the attention paid to bitcoin has, and continues to, far outpace its usage. As such, law enforcement, regulators, and intelligence agencies are following it closely. In short, the anonymity that went along with bitcoin’s formerly small size is gone, never to return.
Blockchain Mapping Technology
Mapping bitcoin's blockchain is easy in the sense that it's a public ledger that anyone can see and that never gets erased. Publically available Blockchain mapping tools began coming to the fold in late 2013 and 2014, in addition Law Enforcement agencies, including the F.B.I. began building their own.
For several years now various provider have been working on solving this problem, sothat in a few short years, organizations that had never heard of a blockchain now had tools to make risk analysis routine. At this point in time, multiple providers can help anyone track the flow of coins. Only this month it was announced to the world that the Mt. Gox coins had been found, although it wasn't announced where they were being stored, we now know they’ve been at BTC-e.
What this means for Every Other Exchange
1. Dealing with US customers is a major decision. See below for the steps required:
- Register as a MSB with FinCEN
- Begin applying for state licenses
- Have a written play for complying with BSA requirements
- 5 Pillars of AML
- Policies & Procedures
- Designated Compliance Officer
- Regular Training on Compliance
- Independent Audit
- KYC of potential customers
- File SARs and CTRs
- Maintain records
No, we don’t want to work with US customers
- Not be located in the US
- Not accept US customers
- Actively block US users
- Review IP Address
- Review VPN or Proxies
- Review Physical Addresses
IdentityMind helps exchanges who work with US customers, follow US regulations, and exchanges that block US customers so they don’t have to follow US regulations.
2. Not complying with AML regulations is no longer an option:
BTC-e was known for not being compliant. Many exchanges rightly complained they were forced to perform AML, which actually cost them money and customers, while others such as BTC-e could run free. With this indictment we see this is no longer the case. The government likely hopes that other exchanges who don’t comply with BSA regulation will clean-up their act, and target those who do not.
3. Certain Exchanges should use this as an opportunity to review their compliance posture, specifically:
- Exchanges that have US customers and don’t comply with AML regulations. This is not a strong long term strategy
- Exchanges that don't know if they have US customers, but don't try and find out. Liberty Reserve is a great example of a MSB that didn’t perform KYC, had US customers, and fell under US law, even though they were headquartered in Costa Rica
- Crypto to crypto exchanges: FinCEN’s 2013 regulation applies to all exchanges whether they accepted Fiat currency or not "a person is an exchanger and a money transmitter if the person accepts such de-centralized convertible virtual currency from one person and transmits it to another person as part of the acceptance and transfer of currency, funds, or other value that substitutes for currency."
- Exchanges that just connect users, but claim they are not a MSB. The ‘Uber’ defense does not when it comes to financial services. We’re already starting to see this with three cases in the last three months.
- Exchanges that don’t know their customers. If it’s true that 95% of ransomware payments were cashed out using the BTC-e platform , and ransomware is a $1billion industry , it means that $950m in bitcoin will be looking for a home. IdentityMind, via its electronicDNA shares reputational metadata, providing exchanges with reputational information on customers that cannot be found anywhere else.
We have repeatedly seen that the US Government has no problem targeting firms outside the US and bringing the individuals to justice. Whether the Liberty Reserve or BTC-e, these cases took years to build, but they did build them, even if there connection was limited.
Going forward, as bitcoin continues to grow, the cases will continue as often bitcoin firms don’t have the years of experience that traditional money remitters have. BTC-e was fined $110m, this is going to be the least of the operators concerns, to make an example they have the ability to and likely will ask for a 20+ year prison sentence.