News

CORRECTION APPENDED:

A former cryptocurrency executive charged with violating the Bank Secrecy Act in the U.S. has petitioned a U.K. court to compel Wise, a local e-money provider, to give him access to three suspicious activity reports the company filed on him in Britain, and any personal data it collected.

Ben Delo, a mathematician who helped build the cryptocurrency derivatives trading platform BitMEX, accused Wise of a breach of contract and violating data-protection rules in a claim filed with the High Court in London roughly a year after the firm suddenly closed his account, then did not fully satisfy his requests to turn over his personal information.

Wise closed the account in November 2020, weeks after federal prosecutors in Manhattan charged Delo, BitMEX executive Greg Dwyer and the Seychelles-based platform’s other co-founders, Arthur Hayes and Sam Reed, with failing to implement an adequate anti-money laundering program and operating an unregistered trading platform.

According to Delo’s claim, which is dated Dec. 17 but only became public this month, the 37-year-old billionaire opened an electronic money account at Wise, formerly known as Transferwise, in August 2018 to conduct foreign exchange transactions and transfer funds to accounts he held overseas.

On Nov. 10, 2020, five weeks after he incurred criminal charges in the United States, Delo used his account at Wise to convert £30,000 from an account at HSBC into Hong Kong dollars, before transferring the sum to an account at Bank of China’s branch in Hong Kong.

He wired an additional £270,000 from his account at HSBC in Hong Kong to his account at Wise that same day, prompting compliance officers to email him for details on the source of the funds and his reason for moving them.

Delo, according to his lawsuit, replied that he was “exploring using TransferWise to move funds between [his] HK [Hong Kong] and U.K. bank accounts and also getting a better FX [foreign exchange] rate.”

A week later, on Nov. 19, the payments firm informed Delo that his account had been closed and asked him where he wanted his outstanding balance of £270,000 sent. The company did not provide reasons for terminating the relationship.

According to the lawsuit, Delo immediately submitted a “data subject access request” to Wise in which he asked the firm to turn over copies of any personal data collected on him. Days later, Wise filed a SAR on Delo to Britain’s financial intelligence unit, UKFIU.

In December 2020, Wise gave Delo “a number of documents,” but, according to Delo’s attorneys, failed to hand over all data related to him—including any internal communications regarding him and the SAR—and ignored four subsequent requests for the information.

Wise filed another SAR on Delo on Feb. 4, 2021 and a third on March 22, then refunded him the £270,000 remaining in the closed account four days later. Court records do not indicate where Delo received the funds.

Attorneys for Delo claimed that Wise’s decision to withhold the requested data constituted an “ongoing breach of its statutory obligations” under the EU’s General Data Protection Regulation. They also accused Wise of breaching its contract with Delo and causing him financial damage by closing his account without notice.

They asked the High Court to order Wise to pay the billionaire a paltry £950 in damages and hand over all internal records and communications related to him, including copies of the three SARs and any correspondence between Wise and U.K. law enforcement agencies.

“There is a strong public interest in ensuring that SARs are issued on a proper basis, and that can only be determined here by the disclosure of the SARs and other personal data of the claimant,” Delo’s attorneys said.

SAR trouble

The case resembles a lawsuit brought against NatWest by David Lonsdale, a U.K. attorney and pub landlord, in 2018.

After NatWest suddenly froze his accounts and informed him of its intention to close them, Lonsdale, a customer of the bank for 30 years, sued for access to his funds and learned that the lender had filed several SARs on him.

He then filed a data subject access request which the bank ignored.

Lonsdale subsequently petitioned the High Court in a separate claim to order NatWest to hand over all personal data related to him, including copies of the SARs, based on his argument that the bank could not have genuinely suspected him of laundering funds and that the content of those records could therefore defame him.

The court ruled that Lonsdale had reasonable grounds to review the documents and that the question of whether NatWest had a genuine suspicion should be tested at trial. The parties later settled out of court.

Samantha Sheen, former AML director for ACAMS in Europe, said that both cases demonstrate that compliance departments should prepare themselves for legal challenges against their decisions to shutter accounts, especially those held by wealthy individuals or corporate customers.

Such cases often involve requests for personal information, including SARs clients or former clients know or suspect a financial institution has filed on them.

In that scenario, firms should remember that the EU’s AML rulebook requires them to clearly “tag” information they have collected during normal due-diligence processes, and similarly identify data they obtain as part of an internal money-laundering investigation that forms the basis of a SAR, said Sheen, now an AML consultant in London.

Financial institutions in the U.K. can store confidential information that may be relevant to criminal investigations for up to 10 years after the end of a business relationship, five years longer than they can keep know-your-customer data.

However, while due-diligence files can be shared with clients, information related to internal investigations and SARs must remain secret to avoid tipping off suspects.

“You should know and have risk-managed the possibility of a client saying, ‘I want to see what you have on me,’ and at that point you need to be sure you’ve got all your ducks in a row,” Sheen said. “If you don’t, the risk is you’re going to have to pay a lot of money to a lawyer coming in and doing it for you.”

BitMEX agreed to pay U.S. authorities $100 million in August to settle systemic violations of the U.S. Bank Secrecy Act and failing to register as trading platform from 2014 to 2020.

The U.S. case against Delo, Hayes, Reed and Dwyer, who have denied all charges against them, is expected to go to trial in New York next month.

A spokesperson for Wise told ACAMS moneylaundering.com that the company “is confident” it complied with regulatory obligations and plans to defend itself against Delo’s lawsuit in London.

Contact Koos Couvée at kcouvee@acams.org

CORRECTION: Amends the first paragraph to reflect that Delo has been charged with violating the U.S. Bank Secrecy Act, not with money laundering.