November 1, 2017

DOJ announces Civil Fines & Criminal Charges for Bitcoin Exchange and Operator

Why does it matter: On July 26, 2017, the Department of Justice (DOJ) announced that a grand jury in the Northern District of California had indicted the digital currency exchange BTC-e and the Russian national behind it for operating an unlicensed money service business and money laundering. That same day, the Financial Crimes Enforcement Network (FinCEN)—in its first action against a “foreign-located money services business”—announced that it had assessed civil fines in excess of $110 million against BTC-e and $12 million against the Russian national for violating U.S. anti-money laundering (AML) laws.

Detailed discussion: On July 26, 2017, the DOJ announced that a grand jury in the Northern District of California had indicted digital currency exchange BTC-e and Russian national Alexander Vinnik for “operating an unlicensed money service business, money laundering, and related crimes.” That same day, FinCEN—FinCEN —announced that it had assessed civil fines in excess of $110 million against BTC-e and $12 million against Vinnik for “willfully violating U.S. anti-money laundering (AML) laws.”

Criminal charges: The indictment handed down by the grand jury described BTC-e, founded in 2011, as “one of the world’s largest and most widely used digital currency exchanges,” receiving “more than $4 billion worth of bitcoin over the course of its operation.” Per the DOJ, BTC-e’s website indicates that the company is “situated” in Bulgaria but organized under the laws of Cyprus, and BTC-e also allegedly maintains a “base of operations” in the Seychelles islands. Furthermore, the DOJ said that BTC-e has web domains registered to shell companies in, among other places, Singapore, the British Virgin Islands, France and New Zealand.

The indictment further described Vinnik, who was arrested in Greece on July 25, 2017, as “the owner and operator of multiple BTC-e accounts, including administrator accounts, and also a primary beneficial owner of BTC-e’s managing shell company, Canton Business Corporation.” The indictment alleged that “numerous withdrawals from BTC-e administrator accounts went directly to Vinnik’s personal bank accounts … [and] proceeds from well-known hacks and thefts from bitcoin exchanges were funded through a BTC-e administrator account associated with Vinnik.” As one example, the indictment alleged that Vinnik received funds—which he later laundered through online exchanges (including BTC-e)—from the “infamous computer intrusion or ‘hack’ of Mt. Gox—an earlier digital currency exchange that eventually failed, in part due to losses attributable to hacking.”

The indictment alleged that BTC-e “allowed its users to trade in the digital currency ‘Bitcoin’ with high levels of anonymity” and that since BTC-e’s inception, (1) “Vinnik and others developed a customer base for BTC-e that was heavily reliant on criminals, including by not requiring users to validate their identity, obscuring and anonymizing transactions and source of funds, and by lacking any anti-money laundering processes”; (2) “BTC-e was operated to facilitate transactions for cybercriminals worldwide and received the criminal proceeds of numerous computer intrusions and hacking incidents, ransomware scams, identity theft schemes, corrupt public officials, and narcotics distribution rings”; and (3) “BTC-e was used to facilitate crimes ranging from computer hacking, to fraud, identity theft, tax refund fraud schemes, public corruption, and drug trafficking.”

Although BTC-e conducted “substantial” business in the United States, the indictment further alleged that the currency exchange was “not registered as a money services business with the U.S. Department of the Treasury, had no anti-money laundering process, no system for appropriate ‘know your customer’ or ‘KYC’ verification, and no anti-money laundering program as required by federal law.”

Under the indictment, BTC-e and Vinnik were charged with one count of operation of an unlicensed money service business (in violation of 18 U.S.C. § 1960) and one count of conspiracy to commit money laundering (in violation of 18 U.S.C. § 1956(h)). In addition, Vinnik was charged with 17 counts of money laundering (in violation of 18 U.S.C. § 1956(a)(1)) and two counts of engaging in unlawful monetary transactions (in violation of 18 U.S.C. § 1957).

Said Brian J. Stretch, U.S. attorney for the Northern District of California, “Cryptocurrencies such as Bitcoin provide people around the world new and innovative ways of engaging in legitimate commerce. As this case demonstrates, however, just as new computer technologies continue to change the way we engage each other and experience the world, so too will criminals subvert these new technologies to serve their own nefarious purposes.” Added Acting Assistant Attorney General Kenneth A. Blanco, “The Criminal Division will work tirelessly to identify those who use technology to conduct and obscure their criminal activity, as we ensure there are no safe havens from U.S. justice for those who seek to victimize Americans.”

FinCEN fines: In its press release, FinCEN said that the supervisory enforcement action against BTC-e and Vinnik (against which and whom it assessed $110 million and $12 million in civil fines, respectively) was “the first it has taken against a foreign-located MSB [money services business] doing business in the United States.”

FinCEN described BTC-e as “an internet-based, foreign-located money transmitter that exchanges fiat currency as well as the convertible virtual currencies Bitcoin, Litecoin, Namecoin, Novacoin, Peercoin, Ethereum, and Dash. It is one of the largest virtual currency exchanges by volume in the world.” FinCEN said that to date BTC-e had conducted “over $296 million in transactions of bitcoin alone and tens of thousands of transactions in other convertible virtual currencies.” FinCEN noted that while BTC-e had taken great pains to conceal its geographic location and ownership, it had conducted transactions within the United States and thus “was required to comply with U.S. AML laws and regulations as a foreign-located MSB including AML program, MSB registration, suspicious activity reporting, and recordkeeping requirements.”

Overall, FinCEN said that BTC-e “facilitated transactions involving ransomware, computer hacking, identity theft, tax refund fraud schemes, public corruption, and drug trafficking” and “embraced the pervasive criminal activity conducted at the exchange.” Among BTC-e’s specific AML violations cited by FinCEN were the following: (1) “BTC-e failed to obtain required information from customers beyond a username, a password, and an e-mail address”; (2) “Users openly and explicitly discussed criminal activity on BTC-e’s user chat [and] BTC-e’s customer service representatives offered advice on how to process and access money obtained from illegal drug sales on dark net markets like Silk Road, Hansa Market, and AlphaBay”; (3) BTC-e “processed [over 300,000 bitcoin] transactions involving funds stolen between 2011 and 2014 from one of the world’s largest bitcoin exchanges, Mt. Gox”; and (4) BTC-e facilitated “at least $3 million of … transactions tied to ransomware attacks such as ‘Cryptolocker’ and ‘Locky’ [and] shared customers and conducted transactions with the now-defunct money laundering website Liberty Reserve.”

Said Jamal El-Hindi, acting director of FinCEN, “We will hold accountable foreign-located money transmitters, including virtual currency exchangers, that do business in the United States when they willfully violate U.S. anti-money laundering laws … This action should be a strong deterrent to anyone who thinks that they can facilitate ransomware, dark net drug sales, or conduct other illicit activity using encrypted virtual currency.”

Story by Manatt Phelps & Phillips LLP – John F. LibbyKenneth B. Julian and Jacqueline C. Wolff Published  in Lexology