Binance, Rubles, The FCA & Failed KYC

Here we cover a few points:

• Binance’s Russian Rouble banking provider has links to a wide range of questionable payment services. This is pretty well known.
• Authorities in the Baltics have taken some action against these providers. This is slightly known.
• The UK FCA seems not to care even going so far as to actively approve sales other governments have blocked, sometimes with on-the-record aggressively-negative comments. This is pretty new.
• A Baltic law firm has accepted crypto payments from known Russian scams and banks at interesting places. Wholly new.
• The best known Ukrainian crypto exchange, who’s founder testified before the US Senate about transparency and AML, has processed terrorist payments. Wholly new.

This starts to connect a lot of dots and explain both what has been going on for a while now— and how.

Advcash / Mercuryo

Binance has openly advertised their association with Advcash for years. Fine. Advcash is a licensed money transmitter (or equivalent depending on the jurisdiction).

Some discussion of those issues is available at Dirty Bubble Media.

Advcash works with a company called Mercuryo:

Meet Mercuryo`s Banking-as-a-Service Payment Solution With The New Partner - Advcash

And Mercuryo also works with Binance:

Mercuryo has partnered with Binance

While we are at it they also work with Consensys:

Consensys partners with Mercuryo to offer seamless crypto purchases within MetaMask | Consensys

One of the examples on their own website is providing an off-ramp from Binance:

Suffice it to say this conglomeration of payment processors “might” have a Russian connection that “might” prove problematic. Maybe some other problematic interactions too.

Let’s prove that.

Binance Ruble Fiat Volumes

Binance still trades USDT/RUB. Yes RUB deposits were halted — but trading continues and withdrawals are still available. They explain it quite clearly.

Here, for a few recent hours, is a chart of the USDT/RUB price on Binance and CommEX (the exchange that bought their Russian business):

The price is lower on Binance — presumably because you can only withdraw RUB and not deposit. So nobody can send in RUB, buy USDT/RUB, send the USDT to CommEX and sell for more RUB. This is as expected and is at least consistent with the market still functioning properly. If, for example, the prices were identical we’d think these were either really the same exchange or the feeds were fake. This is not proof the trades are real — but Binance is reporting the trades so if they are fake it is because they are lying.

Fair enough let’s assume they are telling the truth. That means, consistent with the post above, that they still have functioning RUB banking. Interesting.

Mercuryo

They were funded originally by an investment group called Target Global. And they have invested in a lot of payments-related businesses. The portfolio lists many well-known names.

One of Target Global’s founders is the son of a sanctioned Russian businessman. This does not, of course, mean much in and of itself. But as we are going to see there is significantly more information available which raises further questions.

The UK

Mercuryo operates in the west through a number of legal entities:

• Moneymaple Tech Ltd (Canada)
• Monetley Ltd (UK)
• MoneyTea Ltd (UK)
• MoneyAmber UAB (Lithuania)

The UK FCA tells us they are also connected to Cauri Ltd (UK). And the UK imposed a few conditions on Cauri recently:

That basically shut them down. And the Estonian authorities cancelled the license of an affiliate there called MoneySwap for (Google translated):

We can summarize that paragraph as “lying about the real owners.”

As regards Monetley there is an FCA restriction since 2019:

Fair enough. Except the company was sold to the same Cyprus holding vehicle MRCR the Estonian government did not like in late 2022/early 2023 and:

The FCA approved it. Nice work FCA. Of course the required forms were filed with Companies House:

There is ample documentation many of these parties are related in a wide range of ways. The FCA should have all of this information as it is required for them to approve a change in control per their own rules.

OK, So?

Maybe you are wondering what is really wrong here. Some Russians own some UK entities out of Cyprus and have restricted payments licenses. Depending on context that might be fine.

First there are myriad services out there fronting for these entities, including the now-licenseless MoneySwap. A few examples:

• Coinramp which also references a NY-based-but-not-licensed thing called TrusExpense
• BMP Poris Bank
• WalletOKX

Some of these claim tie-ups with the US-licensed Zero Hash which, one imagines, is not going to be happy about where this is going.

Let’s go back and check an old Mercuryo-Advcash press release:

Mercuryo believes IBANs are key to securing frictionless cross-border payments for fiat settlement and fiat-crypto transactions.

That kind of makes you laugh right? Removing frictions like, for example, not being permitted to outsource KYC. The UK FCA specifically said Monteley “must not outsource any aspect of its Risk & Compliance function.” One of many partners that is involved in precisely such outsourcing is the Croatian-Estonian Revuto:

Recognize those names? It is all the same people. And those entities are all interesting. Payrnet was shut down for massive sanctions violations as part of the Railsbank collapse. Railsbank, of course, bought the old Wirecard operations. Lithuania’s announcement does a great job describing the business model:

The business model of UAB PAYRNET was exclusively focused on activities through intermediaries. During the inspection period, the institution provided financial services through 90 intermediaries, distributors or other legal entities distributing the institution’s financial services. In most cases, the institution would establish a business relationship with them without due diligence and without assessing their suitability, reputation and risk; in cases where the assessment was conducted, it was inadequate. The institution did not control how and to whom intermediaries provided the services of the institution, how they performed the money laundering and terrorist financing functions delegated to them, failed to comply with the requirement for periodic training of intermediaries, audits of their activities or other types of assessment.

There is a massive network of linked “service providers” here.

Not Good Right? It Gets Worse

None of these folks is actually a bank. The closest in the space is an institution called “Majestic Financial” which is roughly a Lithuanian money-changer.

In a manner all-too-reminiscent of Alameda Research taking in deposits via a Deltec account at Citibank UK and depending on a comment field Majestic and Advcash do the same thing:

Take a look at Majestic’s product offering:

It is the same product as Mercuryo: IBAN access without real bank KYC. We’ve seen this pattern before. Per their license this gives them access to the other 29 EEA members too.

UK Licenses Are A Pattern

This situation where the Baltic authorities shut someone down but the UK does nothing is fairly common. Transactive Systems experienced the same thing where Lithuania took their local license but the UK FCA seems to have no issues with them.

In fact we are going to find evidence that both the UK and US authorities seem pretty unaware of what is going on here. Coinramp issues Visa cards and still lists the Estonian company who’s license was cancelled for lying about their owner on their website. They are also yet another link between NY-licensed Zero Hash and Mercuryo who announced a partnership in 2021. If NYDFS had issues with Paxos’ oversight of their Binance relationship in regards to a stablecoin where Paxos had control over all the USD you gotta wonder how they’d feel about a relationship with Binance’s RUB bank account provider.

It gets worse.

How To Piss Everyone Off

So why does anybody care? Well let’s start by showing a Baltic law firm with payment instructions into either Majestic (for fiat) or Kuna (for crypto):

That TRC20 address is a deposit address for Kuna, a Ukranian crypto exchange both the US and Ukraine governments have publicly praised. Here, for example, is the exchange founder speaking to the US Senate Banking committee. Kuna, incidentally, also uses the Belize-domiciled Advcash too:

Here is a withdrawal of 500k USDT from Kuna to an Israel-flagged Hezbollah address:

TRONSCAN | TRON BlockChain Explorer

Here’s 350K:

TRONSCAN | TRON BlockChain Explorer

Oh, and the law firm? Here’s a transfer from a known Amir Capital (Russian scam — banned by the Russian government) address to the Baltic law firm:

TRONSCAN | TRON BlockChain Explorer

A good way to anger everyone is to:

• Launder Russian scam proceeds through a law firm in a Baltic NATO member.
• Talk about how great crypto is for Ukraine to the US Senate, even saying “AML technologies (e.g. Chainalysis, Crystal Blockchain) have been successfully implemented. All crypto that we received and converted was analyzed for illegal activity.” and then have Israel seize client funds because they are linked to Hezbollah.

These may well be service providers and they may even be doing the best they can. One of the Chainalysis founders testified in the same Senate hearing:

If there is one point we want to make to the Members of the Banking Committee, it is that the transparency of blockchains enhances the ability of policymakers and law enforcement to detect, disrupt and, ultimately, deter illicit activity.

But this is a political problem now. Who is going to believe you? You don’t get to tell the Senate you have top-notch KYC, process money Israel says belongs to Hezbollah, and then get invited back.