On July 26, 2017, the Financial Crimes Enforcement Network (“FinCEN”) of the U.S. Department of the Treasury announced the assessment of a $110-million civil money penalty (the “Assessment”) against BTC-e, or Canton Business Corporation (“BTC-e”), one of the largest virtual currency internet-based exchanges by volume in the world, for its willful violations of federal anti-money laundering (“AML”) laws, as well as a $12-million civil money penalty against BTC-e operator and Russian national Alexander Vinnik.  This is the first time FinCEN has assessed a civil money penalty against a foreign-located money services business (“MSB”) and virtual currency exchange. 
BTC-e and Vinnik were also indicted in the Northern District of California for violations of 18 U.S.C. §§ 1956, 1957 and 1960 relating to money laundering, conspiracy to commit money laundering, engaging in unlawful monetary transactions, and the operation of an unlicensed money transmitting business. FinCEN worked in coordination with the U.S. Attorney’s Office for the Northern District of California and several other government agencies, including the Internal Revenue Service-Criminal Investigation Division, the Federal Bureau of Investigation, the United States Secret Service and Homeland Security Investigations. According to FinCEN, BTC-e, which was established in 2011, processed transactions involving stolen Mt. Gox funds, over 300,000 bitcoin transactions traceable to theft, and transactions tied to ransomware attacks such as “Cryptolocker” and “Locky” and the now-defunct virtual currency exchange Liberty Reserve.
FinCEN determined that BTC-e and Vinnik failed to: (1) register as a foreign-located MSB with FinCEN; (2) implement an effective AML program; (3) detect suspicious transactions and file suspicious activity reports; and (4) obtain and retain records relating to transmittals of funds in amounts of $3,000 USD or more. The Assessment noted that “BTC-e lacked adequate procedures for conducting due diligence, monitoring transactions, and refusing to consummate transactions that facilitated money laundering or other illicit activity.”
In 2013, FinCEN issued guidance providing that any virtual currency “exchanger” (i.e., a person engaged as a business in the exchange of virtual currency for real currency, funds, or other virtual currency) is a money transmitter (i.e., a person engaged in the business of accepting and transmitting currency, funds or other value that substitutes for currency) under the Bank Secrecy Act (BSA) and its implementing regulations (31 C.F.R. § 1010.100(ff)(5)) and, therefore, required to register with FinCEN as an MSB within 180 days of beginning operations.
In 2011, FinCEN issued regulations clarifying that a foreign-located business qualifies as an MSB if it does business as an MSB “wholly or in substantial part within the United States.” According to FinCEN, “[w]hether or not a foreign-located person’s MSB activities occur within the United States depends on all of the facts and circumstances of each case, including whether persons in the United States are obtaining MSB services from the foreign-located person, such as sending money to or receiving money from third parties through the foreign-located person.” A foreign-located MSB will have the same requirements as an MSB with a physical presence in the United States, with respect to its U.S. activities.
FinCEN determined that enough of BTC-e’s internet-based business activities were conducted within the United States to categorize BTC-e as a foreign-located MSB and that BTC-e never registered as an MSB with FinCEN. According to the Assessment,
Customers located within the United States used BTC-e to conduct at least 21,000 bitcoin transactions worth over $296,000,000 and tens of thousands of transactions in other convertible virtual currencies. The transactions included funds sent from customers located within the United States to recipients who were also located within the United States. In addition, these transactions were processed through servers located in the United States. BTC-e attempted to conceal the fact that it provided services to customers located within the United States. BTC-e instructed customers to make use of correspondent accounts held by foreign financial institutions or services provided by affiliates of BTC-e located abroad. (Emphasis added.)
The BSA and its implementing regulations require an MSB to develop, implement and maintain an effective written AML program that is reasonably designed to prevent the MSB from being used to facilitate money laundering and the financing of terrorist activities. FinCEN determined that “BTC-e lacked basic controls to prevent the use of its services for illicit purposes” and it “attracted and maintained a customer base that consisted largely of criminals who desired to conceal proceeds from crimes such as ransomware, fraud, identity theft, tax refund fraud schemes, public corruption, and drug trafficking.” The Assessment highlight’s BTC-e’s lack of controls to mitigate the risks presented by bitcoin mixers and virtual currencies with anonymizing features, and its failure to “collect and verify even the most basic customer information needed to comply with the BSA.” According to the Assessment,
BTC-e allowed its customers to open accounts and conduct transactions with only a username, password, and an email address. The minimal information collected was the same regardless of how many transactions were processed for a customer or the amount involved. BTC-e implemented policies to verify customer identification in May 2017 but stated that compliance with those policies was ‘optional.’
FinCEN also found that BTC-e willfully violated the BSA through its failure to file SARs for transactions conducted by customers “who were widely reported as associated with criminal or civil violations of U.S. law.” Lastly, FinCEN found that BTC-e violated the recordkeeping rules related to transmittals of funds in amounts of $3,000 or more by maintaining transactional records that “lacked critical information such as name, address, and account numbers.”
According to Jamal El-Hindi, FinCEN’s Acting Director, FinCEN “will hold accountable foreign-located money transmitters, including virtual currency exchangers, that do business in the United States when they willfully violate U.S. anti-money laundering laws.” Acting Director El-Hindi also stated that “[t]his action should be a strong deterrent to anyone who thinks that they can facilitate ransomware, dark net drug sales, or conduct other illicit activity using encrypted virtual currency.”
If you have any questions concerning this Alert, please contact your attorney at Schulte Roth & Zabel or one of the authors.
This information has been prepared by Schulte Roth & Zabel LLP (“SRZ”) for general informational purposes only. It does not constitute legal advice, and is presented without any representation or warranty as to its accuracy, completeness or timeliness. Transmission or receipt of this information does not create an attorney-client relationship with SRZ. Electronic mail or other communications with SRZ cannot be guaranteed to be confidential and will not (without SRZ agreement) create an attorney-client relationship with SRZ. Parties seeking advice should consult with legal counsel familiar with their particular circumstances.
The contents of these materials may constitute attorney advertising under the regulations of various jurisdictions.
MSBs are a type of financial institution under the Bank Secrecy Act (“BSA”) and its implementing regulations. See 31 U.S.C. § 5312(2) and 31 C.F.R. § 1010.100(t)(3).
United States v. BTC-e a/k/a Canton Business Corporation and Alexander Vinnik, CR-16-00227 SI (N.D. CA. Jan. 17, 2017).
In 2013, FinCEN took Section 311 special measures against Liberty Reserve. See Notice of Proposed Rulemaking Imposition of Special Measure against Liberty Reserve S.A. as a Financial Institution of Primary Money Laundering Concern, 78 Fed. Reg. 34008 (June 6, 2013), available at www.fincen.gov/sites/default/files/shared/311–LR-NPRM-Final.pdf; Withdrawal of finding and notice of proposed rulemaking, 81 Fed. Reg. 9139 (Feb. 24, 2016), available at www.fincen.gov/sites/default/files/shared/Withdrawal_LR.pdf.
FIN-2013-G001, Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies (Mar. 18, 2013), available at www.fincen.gov/sites/default/files/shared/FIN-2013-G001.pdf.
Final Rule, Definitions and Other Regulations Relating to Money Services Businesses, 76 Fed. Reg. 43585, 43588 (July 21, 2011), available at www.gpo.gov/fdsys/pkg/FR-2011-07-21/pdf/2011-18309.pdf.