Due Diligence, Supervisory Failures Preceded FTX’s Collapse

By Fred Williams, Benjamin Hardy and Koos Couvée

Losses from the collapse of FTX, the cryptocurrency exchange at the center of a sprawling network of sister companies, investment vehicles and other entities, may end up topping $10 billion, fueling criticism of allegedly lax oversight and calls for a criminal investigation.

News that at least half of the $20 billion of value on deposit with FTX—where customers bought and sold bitcoins and other digital assets—was used as collateral to obtain loans that were then transferred to a related platform, Alameda Research, to fund high-risk investments has sent tremors across the cryptocurrency sector and threatened to destabilize at least one bank.

The high-stakes shell game that Samuel Bankman-Fried, the company’s loquacious 30-year-old founder, allegedly played with other people’s money ended this month with the equivalent of a bank run on FTX, which filed for bankruptcy on Nov. 11.

Whether Bankman-Fried’s actions trace back to youthful naivete or calculated dishonesty—fraud, in other words—remains to be seen, but compliance personnel at banks have already taken notice.

“It’s hard to say at this point whether intentional fraud was carried out,” said Annemarie McAvoy, a former federal prosecutor now working as an anti-financial crime consultant in New York. “Certainly the customer assets weren’t being handled appropriately.”

Federal regulators, including Acting Comptroller Michael Hsu, have framed the demise of FTX as a vindication of their cautious approach towards the cryptocurrency sector, especially where it intersects with mainstream banking.

Hsu’s agency, the Office of the Comptroller of the Currency, codified that approach in a formal letter one year ago, directing federally supervised financial institutions to describe any plans they may have to serve cryptocurrency companies and obtain permission beforehand.

“Despite contagion across cryptocurrencies and several crypto-platforms, the federally regulated banking system has, for the most part, been largely unaffected,” Hsu told members of the Senate Banking Committee on Nov. 15.

Four days earlier, on Nov. 11, Silvergate Bank, which provided services to FTX, claimed in a statement that the collapse had no effect on any current investments or loans, including those collateralized with Bitcoin, and further explained that the institution merely served as a repository for the exchange’s dollar-denominated deposits.

But Silvergate’s highly publicized links to cryptocurrency still impacted the bottom line: The lender’s stock price has plunged more than 50 percent over the past month as investors increasingly distanced themselves from the volatile sector.

The full extent of FTX’s interactions with the U.S. banking system is not yet known. Bankruptcy filings reviewed by The New York Times show that a subsidiary of the exchange bought a $11.5 million stake in the parent company of Farmington State Bank, a one-branch lender in Washington state, this year.

“Right now, they don’t fully know where FTX has bank accounts,” said John Ashley, former head of compliance at Etana Custody, a cryptocurrency services provider in Denver. “They’re trying to figure that out.”

Court records suggest that prominent hedge funds, venture capital firms and other investors overlooked serious deficiencies before investing in FTX and Alameda, said William Callahan, a former special agent for the Drug Enforcement Administration.

“A number of large institutional investors who are caught up in this seemed to have had a failing of due diligence,” said Callahan, now a director at the Blockchain Intelligence Group in New York.

FTX’s banks in the U.S. may end up fielding questions from regulators as to whether they missed any irregular transactions, including those that underpinned the transfer of loan funds to Alameda. The acquisition of hundreds of millions of dollars’ worth of real estate in the Bahamas by FTX, Bankman-Fried, his parents and associates also warrant further investigation.

“I think we’ll see fallout from [FTX’s] bank partners,” said Sarah Beth Felix, chief executive of Palmera Consulting in Austin.

Red flags?

FTX US, the company’s U.S.-facing edifice, secured operating licenses in 31 U.S. states but not in New York, Texas or California, all of which carry a reputation for vigorous oversight of money services businesses, or MSBs.

“Many banks worth their salt would’ve said, ‘Wait a minute,'” said Felix.

FTX US claimed in a disclosure statement that it holds three licenses from the Commodity Futures Trading Commission, or CFTC. The licenses enable the company “to operate our exchange and clearinghouse in all 50 states in the U.S. (including its territories) with access to certain international jurisdictions.”

California and Texas require cryptocurrency exchanges to obtain licenses in some, if not most, cases, but how FTX US managed to operate in New York without some of form of licensing from the state remains unclear.

“New York is a very, very strict licensing regime,” said Ashley, now a consultant with the Bates Group. He said it was unclear how FTX US operated in New York without state licensing.

Banks evaluating cryptocurrency exchanges as potential clients typically take a hard look at their anti-money laundering and cybersecurity controls during the onboarding process.

FTX’s collapse and the steady drip of negative news that followed will drive a broad expansion of those reviews into corporate governance, accounting and other controls, Ashley told ACAMS

“I think for crypto-companies pursuing banking relationships, they’re going to find the due-diligence process a lot more in-depth than it is currently, and most banks [already] have very in-depth requirements,” he said. “[Banks] will also be less likely to onboard them, even for limited purposes such as corporate operating accounts.”

The sheer scale of the collapse may also reenergize efforts in Congress to enact a stronger regulatory framework around cryptocurrency and thoroughly quiz regulators on their scrutiny of the industry.

Lawmakers already have an unlikely supporter in that endeavor: Samuel Bankman-Fried.

Bankman-Fried earlier this year called for stronger regulations to prevent cryptocurrency-related fraud schemes and heists. True to form, he sympathized with the plight of federal supervisors this month as his platform’s chaotic and highly publicized descent into bankruptcy accelerated.

“It’s *really* hard to be a regulator,” he tweeted Nov. 16, five days after resigning from FTX. “They have an impossible job: to regulate entire industries that grow faster than their mandate allows them to. And so often they end up mostly unable to police as well as they ideally would.”

That difficulty may arise in part from the various, often complex ways in which cryptocurrency platforms interact with their clients, each other, and other financial institutions.

Banks, for example, can provide operating accounts to cryptocurrency companies, handling basic services such as payroll and accounts payable.

“They can also offer custody services, obviously for fiat currency, or, depending on how the bank is structured, you have some of these crypto-forward banks that are set up as digital asset custodians,” Ashley said. “Usually we see this through those chartered in Wyoming, South Dakota, et cetera.”

Sen. Debbie Stabenow (D-MI) announced in a Nov. 10 hearing that she plans to reintroduce legislation next year that would assign primary oversight of the cryptocurrency sector to the Commodity Futures Trading Commission.

The CFTC’s oversight would not apply to cryptocurrency-denominated payments, which would still fall under the supervision of Treasury’s Financial Crimes Enforcement Network.

CFTC Chairman Rostin Behnam is scheduled to testify before the Senate Banking Committee on Dec. 1.


Some analysts have compared the debacle at FTX to the accounting scandal that sank Germany’s Wirecard. Still others have resurrected the ghosts of Kenneth Lay and Bernie Madoff when discussing Bankman-Fried.

European regulators, including Nikhil Rathi, head of the U.K. Financial Conduct Authority, have mostly cast the FTX downfall as a cautionary tale for investors.

The FCA has banned cryptocurrency derivatives and taken a broadly cautious approach to licensing exchanges and other platforms for anti-money laundering purposes, having granted such authorization to only 39 virtual asset service providers, or VASPs, to date.

“What we’re seeing here is very high-risk products … where consumers, and very often very vulnerable consumers … [are] thinking this is where they should place their money,” Rathi told lawmakers. “We stand behind decisions on prohibiting some of those platforms.”

The FCA warned U.K. consumers in September that any funds they invested on the platform did not fall under government-administered consumer-protection programs, 15 months after issuing a similar warning in relation to Binance, the world’s largest cryptocurrency exchange.

But warnings against investing in digital assets or placing funds on exchanges outside the scope of U.K. regulation have not deterred investors from pouring their money into them, said Mark Aruliah, a former financial-crime specialist for the FCA.

“Regulators say: ‘Look, we don’t want this reputational risk, because of the volatility or the illicit activity,’ but these people are still marketing into your jurisdiction and your consumers are still buying,” said Aruliah, now a policy advisor at Elliptic, a blockchain analytics firm in London.

The problem requires a global answer, he said.

“There has to be a discussion at the G-20 level about the kind of framework and principles that firms should adhere to, which would avoid this shopping around for lower standards of regulation.”

The EU, like Britain, only regulates cryptocurrency exchanges and wallet providers, and only for anti-money laundering purposes.

That is set to change in 2024, when the Markets in Crypto Assets framework, or MiCA, will enter into force and place the entire cryptocurrency sector under rules designed to prevent market abuse, enhance financial stability and protect investors.

MiCA will also require the European Banking Authority to maintain a public register of non-compliant VASPs.

FTX’s downfall stands to harden the broadly skeptical and risk-averse stance European banks have taken towards the cryptocurrency sector.

Such is the case in Germany, where only companies based in well-regulated EU nations and focused on developing “genuine, regulatory-compliant technological innovations” have a chance of securing bank accounts, said Josephine Vanek, a Frankfurt-based anti-financial crime advisor who specializes in capital market and cryptocurrency-related risk and regulation.

“The focus will be more on what makes sense and delivers value —where you have genuine innovation that brings a solution for problems—and not on highly speculative products which essentially have a gambling character,” Vanek said.

As for Bankman-Fried, his concern for regulators appears to have been only skin deep.

“Yeah just PR. fuck regulators. they make everything worse. they don’t protect customers,” he told Vox reporter Kelsey Piper in a private message on Nov. 13.

Contact Benjamin Hardy at, Fred Williams at and Koos Couvée at

Topics : Cryptocurrencies , Securities , Consumer Protection
Document Date: November 28, 2022