How regulatory-challenging are US clients for cryptocurrency exchanges and what awaits the industry now?
Executives of BitMEX, one of the largest crypto-derivatives platforms, have been formally charged with running an unlicensed platform and violating the US Bank Secrecy Act (BSA). The exchange’s legal entity is not registered in the United States; it has blocked visitors with US IP-addresses, it runs an office in Asia and locates its trading infrastructure in Ireland. So, what did it violate and what should other exchanges do to avoid the same problems?
You may as well know that the US applies its financial regulation extraterritorially as it aims to protect the rights of US persons around the world. The US authorities are extremely methodical in their investigations against the structures that may be involved in money laundering, terrorist financing and tax evasion. If a financial institution (FI) including a crypto derivatives exchange is located within the US, it must meet very stringent requirements. Compliance with these requirements is quite expensive. Furthermore, such businesses may lose their competitive advantage to companies of similar focus that are not burdened with regulatory compliance.
US regulators believe that if a business wishes to target US customers, then it must meet the requirements of US regulators regardless of foreign domicile.
The BSA works, inter alia (among other things), to make sure the FI implements extensive anti-money laundering (AML) procedures on its clients. As such, the Act requires client identification through KYC procedures. It further imposes on the FI an obligation to apply a risk-based approach to client classification, run an external AML compliance audit, and train staff appropriately. The client identification procedure on BitMEX was not announced until 28 August 2020. It was required in exceptional cases and applied to some extent to legal entities. To block residents from prohibited jurisdictions, the geographic filter of IP-addresses was used. But one can easily bypass the filter through a Virtual Private Network (VPN) service.
US authorities claim that BitMEX knew about the clients from prohibited jurisdictions, but hid the knowledge or asked the clients to work through accounts set up for persons in other countries. Notably, marketing activities aimed in any way at US citizens are equally disallowed. However, historically many cryptocurrency events are held in the US. Take the famous Consensus, for example, the exhibition where BitMEX put three Lamborghinis right at the entrance of the venue. BitMEX has inevitably caught the attention of many in the US, which did not turn out well for the exchange as recent events show.
What should other FIs do to avoid similar problems with the US regulators? The reality is such that trading platforms may no longer avoid identifying clients properly. This includes, as a minimum, requesting the identity documents and proof of residential address. Clients should be extensively risk profiled.
In addition, crypto exchanges should opt for KYT (Know-Your-Transactions) processes to analyse all incoming and outgoing transfers of virtual assets and react if the wallet addresses used by the clients are associated with suspicious movements or linked to any illegal activity. To combat money laundering, reputable exchanges introduced the monitoring and reporting of suspicious trading activity. The scope of operations that should fall under AML scrutiny of virtual assets exchanges is growing. This was recently demonstrated by the Financial Action Task Force (FATF) issuing its report on Money Laundering and Terrorist Financing Red Flag Indicators Associated with Virtual Assets. For example, the report now suggests looking specifically into the virtual asset flows coming from or going to the platforms having demonstrably weak or non-existent KYC procedures.
Any rules tightening causes an asymmetric response. The KYC/KYT inconveniences at the exchanges may further increase the popularity of largely unregulated decentralised platforms. But it’s important to note that even website domains can be seized by authorities.
And there is a price to pay for the anonymity on such platforms. The recent hack of the KuCoin exchange showed that hackers are happy to use Decentralized Finance (DeF) projects to launder stolen goods. Bona fide users that become the counter-parties of hackers will inevitably suffer. Operators of Decentralized Exchanges (DEX) or DeFi projects cannot always fight money laundering. Due to the structure of the decentralized applications segment, this problem cannot be solved in principle. In the future, one may have to accept that the scoring of wallets dealing with decentralized platforms will be the same as for the wallets associated with mixers. That is a “Red Flag” scoring. Many exchanges will not accept cryptocurrency from these wallets.
So what do we witness as we reach the end of 2020? Crypto platforms outside the US will fear US persons even more than ever. Unregulated platforms may seek regional licenses navigating the introduction of KYC / AML policies or at least implement meaningful client identification procedures. Anonymous trading will largely shift to the decentralised exchanges, however, the SEC has already set some precedent going after project founders when it charged EtherDelta with a hefty fine for operating an unregulated exchange.