WASHINGTON—The Financial Crimes Enforcement Network (FinCEN) has assessed a civil money penalty in the amount of $100 million against BitMEX, one of the oldest and largest convertible virtual currency derivatives exchanges, for violations of the Bank Secrecy Act (BSA) and FinCEN’s implementing regulations.
BitMEX, which operated as an unregistered futures commission merchant (FCM) and provided money transmission services, willfully failed to comply with its obligations under the BSA. FinCEN’s action is part of a global settlement with the U.S. Commodity Futures Trading Commission (CFTC).
“BitMEX’s rapid growth into one of the largest futures commission merchants offering convertible virtual currency derivatives without a commensurate anti-money laundering program put the U.S. financial system at meaningful risk,” FinCEN’s Deputy Director AnnaLou Tirol said. “It is critical that platforms build in financial integrity from the start, so that financial innovation and opportunity are protected from vulnerabilities and exploitation.”
For over 6 years, BitMEX failed to implement and maintain a compliant anti-money laundering program and a customer identification program, and it failed to report certain suspicious activity. These willful failures expose financial institutions to an increased risk of conducting transactions with money launderers and terrorist financiers, including noncompliant exchanges in high-risk jurisdictions, ransomware attackers, and darknet marketplaces. BitMEX conducted at least $209 million worth of transactions with known darknet markets or unregistered money services businesses providing mixing services. BitMEX also conducted transactions involving high-risk jurisdictions and alleged fraud schemes. BitMEX failed to file a Suspicious Activity Report (SAR) on at least 588 specific suspicious transactions.
From approximately 2014 through 2020, BitMEX allowed customers to access its platform and conduct derivative trading without appropriate customer due diligence – collecting only an email address and failing to verify customer identity. Despite BitMEX’s public representation that its platform was not conducting business with U.S. persons, FinCEN found that BitMEX failed to implement appropriate policies, procedures, and internal controls to screen for customers that use a virtual private network to access the trading platform and circumvent internet protocol monitoring. In some instances, BitMEX senior leadership altered U.S. customer information to hide the customer’s true location.
In addition to paying a civil money penalty, BitMEX has agreed to engage an independent consultant to conduct a historical analysis of its transaction data, sometimes referred to as a “SAR lookback,” to determine whether BitMEX must file additional SARs on this activity. BitMEX will also engage an independent consultant to conduct two reviews, including relevant testing, to ensure that appropriate policies, procedures, and controls are in place that are effective and reasonably designed and implemented to ensure that BitMEX is not operating wholly or in substantial part in the United States.
This is FinCEN’s first enforcement action against an FCM. FinCEN appreciates the close collaboration with its partners at the CFTC on this matter. The CFTC and BitMEX have separately agreed to a Consent Order requiring the payment of a civil money penalty with additional equitable relief. FinCEN’s $100 million assessment will be satisfied by immediate payments totaling $80 million to FinCEN and the CFTC, with $20 million suspended pending the successful completion of the SAR lookback and independent consultant reviews.