After conducting a civil enforcement investigation, the United States Financial Crimes Enforcement Network (FinCEN) has imposed a monetary penalty against the cryptocurrency exchange Bittrex over violations of the Bank Secrecy Act (BSA).
In accordance with the measure, which is part of a global settlement with the Office of Foreign Assets Control (OFAC), Bittrex will be forced to pay $29,280,829.20 for violating the BSA and FinCEN’s implementing regulations, according to a press release shared with Finbold on October 11.
The agency investigated the crypto exchange’s activities and discovered that it had failed to develop and implement an efficient Anti-Money Laundering (AML) program between February 2014 and December 2018, thus being unable to mitigate the risks involved with its services and products properly.
Manually reviewing 20,000 transactions per day
Specifically, it failed to efficiently monitor transactions on its crypto trading platform, leaving it to only two employees with modest AML training to manually review all the transactions, which would sometimes surpass 20,000 a day.
Furthermore, over a three-year period, Bittrex also failed to file any Suspicious Activity Reports (SARs), including on a large number of transactions involving OFAC-sanctioned jurisdictions, including Iran, Syria, Cuba, Sudan, and the Crimea region of Ukraine.
As FinCEN’s Acting Director Himamauli Das explained, this oversight has had wide implications:
“For years, Bittrex’s AML program and SAR reporting failures unnecessarily exposed the U.S. financial system to threat actors. (…) Bittrex’s failures created exposure to high-risk counterparties, including sanctioned jurisdictions, darknet markets, and ransomware attackers.”
Bittrex admits its failures, agrees to pay the fine
According to the Consent Order, the crypto exchange has acknowledged the investigation’s conclusions (‘Statement of Facts’), admitted to the deliberate violation of the BSA and its implementing regulations, and agreed to pay the fine.
Considering that “virtual asset service providers are on notice that they must implement robust risk-based compliance programs and meet their BSA reporting requirements,” Das stressed that his agency “will not hesitate to act when it identifies willful violations of the BSA.”