Why Binance Is Facing the Largest Fine in Crypto Industry History
Context
On November 21, 2023, the largest cryptocurrency exchange, Binance, reached an unprecedented global agreement with two U.S. regulators – the Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC), both under the U.S. Department of the Treasury.
As part of the agreement, Binance's founder and CEO, Changpeng Zhao, admitted guilt for violating U.S. laws. He posted a $175 million bail for release from custody and paid an additional $50 million to settle claims with the U.S. Department of Justice. Binance itself will also pay a $4.3 billion fine to U.S. authorities.
Former Binance Chief Compliance Officer Samuel Lim agreed to pay a $1.5 million fine.
As part of the deal, Binance will undergo a five-year monitoring period by U.S. authorities. The exchange will also review its compliance procedures and completely cease operations within the United States.
These measures against the cryptocurrency exchange were both shocking and anticipated on a global scale. While the scale of upcoming changes was surprising to the international community, there has been ongoing international pressure on Binance for several years. Investigations against the exchange have been initiated not only in the U.S. but also in Canada, Germany, Japan, and other countries.
Specifically, Binance is accused of:
Former Binance Chief Compliance Officer Samuel Lim agreed to pay a $1.5 million fine.
As part of the deal, Binance will undergo a five-year monitoring period by U.S. authorities. The exchange will also review its compliance procedures and completely cease operations within the United States.
These measures against the cryptocurrency exchange were both shocking and anticipated on a global scale. While the scale of upcoming changes was surprising to the international community, there has been ongoing international pressure on Binance for several years. Investigations against the exchange have been initiated not only in the U.S. but also in Canada, Germany, Japan, and other countries.
Specifically, Binance is accused of:
- Providing financial services without regulation;
- Violating anti-money laundering and counter-terrorism financing laws (AML/CTF);
- Breaching sanctions and committing other crimes.
List of violations
Here are the key violations that all participants in the crypto market should be aware of to avoid becoming the next "target" of regulators.
I. Lack of registration as a financial provider in the U.S.
Companies offering financial services in the U.S. are required to have regulatory approval to provide such services. Without dealing with the authorities, legal entry into the American market is impossible.
The benefits of providing services in the U.S. are evident, with a significant portion of liquidity concentrated in the hands of American institutional investors.
Binance Holdings Limited (hereinafter referred to as Binance), in an effort to retain a substantial share of client assets and commissions, tried to conceal the fact that it was providing services in the U.S. for several years.
Initially, the company created the appearance of restrictions for U.S. individuals, requiring clients to undergo "self-verification" and confirm that they were not U.S. citizens. However, the company accepted such verification even if the client's documents indicated otherwise.
In some cases, Binance employees advised American clients to provide identification information/documents from third parties, such as a non-U.S. passport or documents from subsidiaries registered in offshore jurisdictions.
Later on, the company had to restrict access for clients with U.S. IP addresses. Nevertheless, this restriction could easily be circumvented using proxy connections, as the company openly communicated to its VIP clients.
Constantly under scrutiny, the company sought new ways to retain American clients. Despite assuring U.S. authorities in 2018-2019 that it had no ties to the American market, the company took no action to sever those ties.
At some point, mention of U.S. clients disappeared from Binance's database, but users with a registration address of "UNKNOWN" appeared.
To divert regulators' attention, Binance established a separate legal entity in the U.S. – Binance.US. It was intended to formally comply with all U.S. regulatory requirements, while, in reality, a significant portion of operational activities and control remained concentrated in Binance.
The benefits of providing services in the U.S. are evident, with a significant portion of liquidity concentrated in the hands of American institutional investors.
Binance Holdings Limited (hereinafter referred to as Binance), in an effort to retain a substantial share of client assets and commissions, tried to conceal the fact that it was providing services in the U.S. for several years.
Initially, the company created the appearance of restrictions for U.S. individuals, requiring clients to undergo "self-verification" and confirm that they were not U.S. citizens. However, the company accepted such verification even if the client's documents indicated otherwise.
In some cases, Binance employees advised American clients to provide identification information/documents from third parties, such as a non-U.S. passport or documents from subsidiaries registered in offshore jurisdictions.
Later on, the company had to restrict access for clients with U.S. IP addresses. Nevertheless, this restriction could easily be circumvented using proxy connections, as the company openly communicated to its VIP clients.
Constantly under scrutiny, the company sought new ways to retain American clients. Despite assuring U.S. authorities in 2018-2019 that it had no ties to the American market, the company took no action to sever those ties.
At some point, mention of U.S. clients disappeared from Binance's database, but users with a registration address of "UNKNOWN" appeared.
To divert regulators' attention, Binance established a separate legal entity in the U.S. – Binance.US. It was intended to formally comply with all U.S. regulatory requirements, while, in reality, a significant portion of operational activities and control remained concentrated in Binance.
II. Lack of a written AML/CTF policy
In 2018, Binance established an AML/CTF policy, but in practice, it was often not adhered to. One instance of non-compliance is associated with Binance's approach to servicing casinos and gambling entities. According to the policy, this segment is prohibited for exchange services. However, a U.S. investigation revealed that from 2017 to 2023, Binance conducted transactions totaling over $1 billion in favor of and from companies providing online gambling and betting services.
III. No independence of compliance from management
In the charges against the exchange, U.S. authorities described several instances where Binance's Chief Compliance Officer expressed concerns about the company's operational activities. For example, there were discussions about servicing high-risk clients.
These concerns raised by the compliance chief were not taken into consideration by the management to standardize processes and procedures, as such actions would have negatively impacted the exchange's business metrics.
These concerns raised by the compliance chief were not taken into consideration by the management to standardize processes and procedures, as such actions would have negatively impacted the exchange's business metrics.
IV. Weak AML/CTF procedure adherence
Apart from accepting forged documents for the verification of U.S. clients, Binance also conducted inadequate transaction monitoring. The platform failed to report suspicious transactions to regulatory authorities.
Moreover, up until 2021, Binance had clients who registered accounts with just an email, yet these clients were still allowed to perform transactions within high daily limits (around $130,000).
According to regulators, the exchange knew that some of its clients were fraudsters, hackers, and other wrongdoers. However, measures were not taken against these clients. For instance, Binance received a significant number of transactions directly from the world's largest darknet market, Hydra, which dealt in the sale of prohibited substances and services.
● According to U.S. authorities, Binance users made over 15,000 direct transactions to addresses associated with Hydra.
● Each transaction amounted to more than $2,000, and collectively, the exchange's clients sent over $250 million to the darknet marketplace.
● At least 25 Binance clients received over $1 million each directly from Hydra, with one Binance client receiving over $6 million.
Binance employees observed suspicious operations, but the company did not report them to authorities because the company had a separate informal policy of silence.
As part of the FinCEN investigation, more than 100,000 transactions with signs of suspicious activity were identified at Binance, linked to cyber extortion (e.g., WannaCry ransomware attack), terrorism financing, illegal trading, child abuse, and so on.
Moreover, up until 2021, Binance had clients who registered accounts with just an email, yet these clients were still allowed to perform transactions within high daily limits (around $130,000).
According to regulators, the exchange knew that some of its clients were fraudsters, hackers, and other wrongdoers. However, measures were not taken against these clients. For instance, Binance received a significant number of transactions directly from the world's largest darknet market, Hydra, which dealt in the sale of prohibited substances and services.
● According to U.S. authorities, Binance users made over 15,000 direct transactions to addresses associated with Hydra.
● Each transaction amounted to more than $2,000, and collectively, the exchange's clients sent over $250 million to the darknet marketplace.
● At least 25 Binance clients received over $1 million each directly from Hydra, with one Binance client receiving over $6 million.
Binance employees observed suspicious operations, but the company did not report them to authorities because the company had a separate informal policy of silence.
As part of the FinCEN investigation, more than 100,000 transactions with signs of suspicious activity were identified at Binance, linked to cyber extortion (e.g., WannaCry ransomware attack), terrorism financing, illegal trading, child abuse, and so on.
V. Inadequate procedures for sanctions compliance
All the aforementioned shortcomings at Binance contributed to violations of sanction requirements. An illustrative example is the incidents of sending and receiving funds on Binance from accounts with IP addresses in Iran.
In total, transactions violating sanctions amounted to over $500 million between U.S. residents and Iran. As stated in the case materials, from August 2017 to October 2022, Binance processed 1,667,153 cryptocurrency transactions totaling approximately $706 million that violated U.S. sanctions.
In total, transactions violating sanctions amounted to over $500 million between U.S. residents and Iran. As stated in the case materials, from August 2017 to October 2022, Binance processed 1,667,153 cryptocurrency transactions totaling approximately $706 million that violated U.S. sanctions.
VI. Appeasing VIP clients to bypass regulations
Binance employees received instructions from management on what to tell high-risk clients so that they could withdraw their assets before the exchange blocked them. Additionally, for clients whose transactions were flagged due to connections with the darknet, they were encouraged to create new accounts for the security of future transactions.
VII. Lack of compliance training
For the first few years of Binance's existence, there was no mandatory training on AML/CTF and sanction risks at all. Eventually, the company did develop and integrate a training program.
However, it was found that the program only applied to a limited group of employees and did not cover key industry risks, such as the absence of documents for KYC, the use of cryptocurrencies with an emphasis on anonymity, bypassing limits without proper identification, and so on.
However, it was found that the program only applied to a limited group of employees and did not cover key industry risks, such as the absence of documents for KYC, the use of cryptocurrencies with an emphasis on anonymity, bypassing limits without proper identification, and so on.
VIII. Lack of compliance system audit: policies and procedures
The first audit at Binance was only conducted in 2020. U.S. authorities found that the audit was narrow and selective, lacking testing of compliance procedures.
Starting in 2021, after significant personnel changes, including hiring employees with experience in U.S. government agencies, Binance did strengthen compliance efforts.
Starting in 2021, after significant personnel changes, including hiring employees with experience in U.S. government agencies, Binance did strengthen compliance efforts.
Opinion of Dmitry Machihin, CEO of BitOK
- Is Binance to blame?
- Binance boasts top-notch AML systems. They've always tried to adhere to regulatory rules wherever possible. However, many of the money laundering cases date back to 2018 when monitoring systems were not as advanced, and proper regulation was lacking.
- Who’s the next victim?
- The Binance case highlights that no company is too big to be brought down. If illicit transactions ever passed through a platform, consequences may still arise, even if not immediately evident. Anyone could be next, except perhaps Coinbase, which has temporary immunity due to its deal with BlackRock.
- What lessons can we learn?
- Regulation will continue to tighten; that's the trend. AML will now become the norm for both businesses and individuals. Those who still neglect transaction monitoring and the implementation of AML policies risk not only fines but also criminal liability.
- Binance boasts top-notch AML systems. They've always tried to adhere to regulatory rules wherever possible. However, many of the money laundering cases date back to 2018 when monitoring systems were not as advanced, and proper regulation was lacking.
- Who’s the next victim?
- The Binance case highlights that no company is too big to be brought down. If illicit transactions ever passed through a platform, consequences may still arise, even if not immediately evident. Anyone could be next, except perhaps Coinbase, which has temporary immunity due to its deal with BlackRock.
- What lessons can we learn?
- Regulation will continue to tighten; that's the trend. AML will now become the norm for both businesses and individuals. Those who still neglect transaction monitoring and the implementation of AML policies risk not only fines but also criminal liability.
What’s next?
Despite reaching an agreement, the company still faces a five-year collaboration with U.S. oversight. The outcome of this collaboration should involve identifying all risks for past and future periods, a significant overhaul of procedures, and the establishment of best practices for detecting and managing risks in the realm of financial crimes.
