News

A Seychelles-registered Bitcoin exchange that for years boasted of handling billions of dollars in daily volume enabled sanctions violators and money launderers by collecting hardly any know-your-customer details until last month, according to the U.S. Justice Department.

In a 19-page indictment published Thursday, federal prosecutors in Manhattan charged four executives of the exchange, BitMEX, with failing to establish an anti-money laundering program despite being warned that their firm may have violated U.S. sanctions against Iran and possibly laundered bitcoins siphoned from a hack against a second company.

BitMEX began accepting trades in November 2014 and has since allowed customers, including thousands in the United States, to buy options and futures derived from Bitcoin’s value and speculate on the cryptocurrency’s fluctuations, prosecutors claimed in the indictment.

The company eventually came to represent itself as the world’s largest exchange for derivatives-based Bitcoin activity, one that handled “billions of dollars’ worth of trading each day” and collected more than $1 billion in total fees as a result, according to a parallel complaint by the Commodity Futures Trading Commission that was also published Thursday.

The high volume of securities activity, including at least $11 billion in U.S. deposits to date , triggered a requirement for BitMEX to register with the CFTC. The four executives knew of the requirement since at least September 2015, when the regulator clarified that expectation in an announcement, according to prosecutors.

But BitMEX responded to the CFTC’s announcement later that month by implementing a process that purported to block IP addresses from the U.S. when in fact the executives knew the measure would only work “on just a single occasion for each customer,” prosecutors claimed.

The company allegedly never registered with the CFTC despite serving at least 85,000 U.S. customers and managing a large portion of its trading infrastructure from within the United States, where half the firm’s employees worked from New York or San Francisco.

BitMEX had no formal compliance procedures, never filed a suspicious activity report in the U.S. and “could not and did not monitor its customer transactions for money laundering and sanctions violations,” prosecutors claimed. Until last month, clients only had to submit a valid email address to register and begin trading—a feature that the firm advertised on its website.

Despite substantial U.S. business, BitMEX’s CEO, Arthur Hayes, 34, of New York, chose to register in the Seychelles on the belief that doing so would exempt the firm from U.S. regulations even as he engaged in promotional activity at conferences in the U.S. and elsewhere, according to the indictment.

In May 2018, for example, “BitMEX rented three Lamborghinis and had them parked outside of the Consensus Bitcoin conference in Manhattan,” according to the complaint, while “Hayes, the defendant, bragged in or about July 2019 that the Seychelles was a more friendly jurisdiction for BitMEX because it cost less to bribe Seychellois authorities—just ‘a coconut’ … .”

Prosecutors have not charged Hayes or the other three executives with bribery or violations of the Foreign Corrupt Practices Act.

As a result of lax compliance protocols, Hayes failed to properly respond to news coverage about the laundering of bitcoins stolen from another hacked exchange in May 2018, according to the criminal complaint in Manhattan. The firm also failed to scrutinize transactions from Iran-based customers “who are subject to U.S. sanctions” from November 2017 to April 2018.

BitMEX’s chief technology officer, Samuel Reed, 31, of Massachusetts, allegedly claimed in a January 2019 deposition that he was not aware of any internal records showing that the company served U.S. clients despite he and others having reviewed reports of the firm’s top trading volume by country, which consistently showed a U.S. presence.

The company’s alleged failures are not isolated.

Almost three-quarters of the cryptocurrency businesses registered in the Seychelles have “bad or porous KYC [know-your-customer policies],” potentially allowing “the small island country [to be] a boon for potential money launderers,” according to a report also released Thursday by CipherTrace, a Bay Area-based blockchain analytics firm.

Thursday’s complaints, especially the charges against individual executives, will serve as a warning to similarly modeled offshore companies that do business with U.S. customers, said John Jefferies, CipherTrace’s chief financial analyst, told ACAMS moneylaundering.com.

“There’s clearly a flagrant choice not to comply, that’s to a degree indicative of the earlier days of the industry,” Jefferies said. “I think we’re going to start to see a certain harmonization [of KYC practices] across the globe.”

Contact Daniel Bethencourt at dbethencourt@acams.org