red 
A major enforcement measure in the US sheds light on regulatory expectations for monitoring crypto transactions.
On August 10, crypto derivatives exchange BitMEX agreed to pay up to $100 million to the US Treasury Financial Crimes Enforcement Network (FinCEN) itCommodity Futures Trading Commission (CFTC) to settle charges of willful non-compliance with anti-money laundering (AML) laws and failure to properly register with the CFTC.
According to the settlement documents, BitMEX failed to maintain a comprehensive AML transaction monitoring program, allowed US citizens to illegally access its platform and consistently misled US regulators about the nature of its business operations.
The accusationslaunched against BitMEX in October 2020, prompted BitMEX to take a major overhaul of its compliance programand place new emphasis on building a strong culture of compliance.
Among the compliance violations BitMEX admitted to in the settlement were failures to monitor transactions and identify suspicious activity — gaps they have since taken steps to fix.
The settlement documents address these issues in detail and shed light on the transaction monitoring standards and capabilities that regulators expect from crypto businesses. Understanding these regulatory expectations is critical for any crypto business that wants to successfully scale and ensure adequate compliance.
In this blog, we highlight three key lessons that crypto companies should keep in mind from the BitMEX settlement when it comes to tracking transactions.
1. Regulators expect businesses to implement blockchain analytics solutions supported by strong compliance policies and procedures
In its assessment of the BitMEX breach, FinCEN notes the widespread availability of block analysis solutions, which “can reveal the identity of parties to a transaction by linking . . . wallet addresses controlled by the same user based on information available from the blockchain.”
However, according to FinCEN, “Despite the availability of such tools, BitMEX failed to implement any policies, procedures and internal controls to review bitcoin transactions and identify potentially suspicious transactions occurring through their platform both at the time the transactions occurred and new information about past transactions, customers and counterparties became available to them.”
As we have noted beforean increasing number of regulators are requiring cryptoasset companies to have blockchain analytics solutions. U previous instructionFinCEN noted that one way crypto companies can comply with AML regulations is by “incorporating procedures into their AML programs that allow them to monitor and track transaction history [cryptocurrency] via publicly visible ledgers”: in other words, by incorporating blockchain analytics. Failure to implement a blockchain analytics solution in a meaningful way is a major red flag that will open the business to significant regulatory scrutiny.
And as FinCEN’s statement suggests, it’s not enough to just check the box that there is a solution. Blockchain analytics solutions must be supported by strong policies and procedures to track internal transactions as well as staffing needs training to understand how to apply monitoring solutions and identify crypto illicit financing typologies.
2. Regulators expect businesses to be able to reliably identify transactions with high-risk parties
The failure to adequately implement blockchain analytics comes with real consequences: the lack of a robust transaction monitoring program meant that BitMEX was directly exposed to illegal actors.
According to FinCEN’s assessment, BitMEX “permitted thousands of transactions with suspicious associates, including numerous transactions with darknet markets; high-risk jurisdictions; unregistered MSBs offer . . . Mixing services; and fraud schemes. Significantly, BitMEX did not proactively screen for suspicious activity to determine whether transactions involved possible terrorist financing.”
Because BitMEX did not effectively use transaction monitoring solutions, it was unable to identify transactions with these types of high-risk parties. According to FinCEN, BitMEX processed:
-
More than 4,000 transactions worth more than $5 million with other parties involved in the fraud and scams;
-
More than 2,300 transactions with darknet markets between 2015 and 2020;
-
Various transactions with sanctioned countries such as Iran, as well as countries designated as high-risk by the Financial Action Task Force (FATF);
-
More than 2,000 transactions with mixing servicesincluding the now defunct ones Helix mixer; and
-
3 million dollars worth of transactions with BTC-e, the high-risk crypto exchange that was the subject of the previous one FinCEN action.
3. There is no good excuse for not reporting suspicious activity.
Because it was unable to identify high-risk transactions, BitMEX did not file Suspicious Activity Reports (SARs) with FinCEN as required by AML regulations.
For example, more than two dozen transactions BitMEX processed with darknet markets were above the prescribed SAR reporting threshold, but were never reported due to the business’s inability to identify them.
Similarly, BitMEX failed to file SARs for 16 transactions with Iranian crypto exchanges223 transactions with blending services and 190 transactions with other counterparties involved in the fraud.
This meant that the company did not notify FinCEN of illegal transactions, preventing potentially valuable financial intelligence from reaching law enforcement agencies.
The importance of improving your business in the future with transaction tracking
Since these allegations were made last year, BitMEX has taken commendable and impressive steps to improve its compliance program and take an industry leadership role in promoting strong compliance practices.
But the case should serve as an important reminder to any crypto business: adopting a compliance mindset is essential to ensuring business growth and avoiding run-ins with regulators.
Central to that success is the incorporation of a strong transaction monitoring program that addresses key criteria that can satisfy regulators, as outlined in the FinCEN settlement:
-
Having a robust blockchain analytics solution in place and implement it effectively
-
Ensuring you are able to identify transactions with high-risk parties
-
Timely reporting of suspicious transactions.
At Elliptic, we offer the crypto asset industry best-in-class blockchain monitoring solutions that enable regulated businesses to meet these regulatory expectations.
Elliptic’s crypto asset wallet overview and transaction tracking solutions are backed by an industry-leading dataset that ensures your business can detect transactions with darknet markets, fraudsters, sanctioned actors, mismatched exchangesand other high-risk and illegal counterparties. Our solutions feature configurable risk rules that allow your business to set monitoring parameters aligned with your risk profile, ensuring you can detect the risks that matter, avoiding false positives and useless noise.
And our research software, Elliptic Forensicsit also allows businesses to conduct extensive investigations of financial flows on the blockchain—information you can use to file SARs and notify law enforcement of high-risk activity.
When it comes to your transaction monitoring program, it’s essential to leverage a block analysis solution you can trust.
Contact us for a demo and to learn more about how Elliptic can support your business in implementing a best-in-class transaction tracking solution.
America’s Regulatory Compliance
