Compliance with US anti-money laundering (AML) laws remains a top priority for US regulators. A combined criminal and civil enforcement action this summer has “huge significance,” according to the FT. It notably signals the willingness of US authorities to hold foreign parties accountable for AML compliance when they do business with US customers or access US computer servers, even with no physical presence in America.
In late July, US efforts led to an arrest in Europe of Russian national Alexander Vinnik, the head of global currency exchange BTC-e. He now faces extradition to the US to stand trial on criminal charges: a grand jury in California indicted BTC-e and Vinnik for operating an unlicensed money services business, money laundering, and related crimes. The US Financial Crimes Enforcement Network (FinCEN) also assessed a $110m fine for violation of US AML laws against BTC-e—FinCEN’s third largest fine and the first time it has taken action against a foreign-located money services business.
This followed other AML and fraud-related arrests in Romania, Spain, Latvia, and the Czech Republic in recent months that have resulted in proceedings for extradition to the US on money laundering and other charges.
FinCEN Acting Director Jamal El-Hindi commented, “[w]e will hold accountable foreign-located money transmitters, including virtual currency exchangers, that do business in the United States when they willfully violate US anti-money laundering laws. . . . [We] will work with foreign counterparts across the globe to appropriately oversee [financial institutions] who attempt to subvert US law and avoid complying with US AML safeguards.”
US jurisdiction over financial institutions and people outside the US
BTC-e operates one of the largest exchanges for bitcoin and other digital currency—handling more than $4bn in bitcoin alone. It is reportedly located in Bulgaria and organized under the laws of Cyprus with an operations center in the Seychelles and web domains registered in still other non-US countries.
FinCEN based its enforcement action on the distant contacts BTC-e had with the US. FinCEN’s investigation led to allegations that BTC-e had conducted at least 21,000 bitcoin transactions worth over $296m for US customers since its inception in 2011, and, for at least some transactions, BTC-e used US-located servers to carry out trades. This, in FinCEN’s view, constituted activity “wholly or in substantial part within the United States” and, as a result, required BTC-e to comply with US AML laws.
BTC-e’s alleged AML failures
BTC-e allegedly failed to have much of anything resembling a US compliance program, according to FinCEN. Specifically, BTC-e allegedly:
- failed to implement a written AML compliance program, including for “know your customer” (KYC) due diligence, monitoring transactions, and reporting suspicious activity;
- failed to have procedures in place to report suspicious transactions to FinCEN, did not file any suspicious activity reports, and did not comply with other record-keeping requirements;
- allowed customers to transact with merely a username, password, and email address, which created an essentially anonymous KYC process that allowed BTC-e to be used for criminal purposes; and
- did not register with FinCEN or appoint an agent in the US for service of process.
The BTC-e case is the first case by FinCen against a foreign money services business. It remains to be seen whether FinCEN will pursue other financial institutions that are located abroad for violations of US AML laws. One takeaway is clear. US AML laws have teeth. Financial institutions are well advised to maintain reasonably designed AML programs when they do sufficient business with US persons or use US-based servers.