- The crypto exchange Bittrex agreed to pay more than $29 million to settle allegations that the company violated U.S. sanctions law by allowing customers in Syria, Sudan, Iran, Cuba and the Crimea to make transactions worth more than $263 million on its platform from 2014 to 2017, the Treasury Department said Tuesday.
- Bittrex had reason to know the locations of users based on internet protocol and physical address information collected during customer onboarding, but the company wasn’t screening for sanctions-related restrictions at the time, Treasury’s Office of Foreign Assets Control (OFAC) said.
- OFAC’s portion of the penalty accounted for more than $24 million, a record sum for that office. The Financial Crimes Enforcement Network (FinCEN) fined Bittrex another $5 million for failure to maintain an effective anti-money laundering (AML) program and failure to file any suspicious activity reports between February 2014 and May 2017.
Bittrex’s settlement encompasses more than 116,000 violations of U.S. sanctions, the Treasury Department said.
“When virtual currency firms fail to implement effective sanctions compliance controls, including screening customers located in sanctioned jurisdictions, they can become a vehicle for illicit actors that threaten U.S. national security,” OFAC Director Andrea Gacki said in Tuesday’s release. “Virtual currency exchanges operating worldwide should understand both who — and where — their customers are.”
Several of the transactions should have raised Bittrex’s suspicions of reasons other than just their location of origin, FinCEN added.
Bittrex’s AML program, through December 2018, failed to appropriately address the risks connected to its platform’s products, such as anonymity-enhanced cryptocurrencies, FinCEN said. The company also saw “significant exposure to illicit finance” because of inadequate monitoring of transactions, the regulator said.
“Bittrex’s failures created exposure to high-risk counterparties including sanctioned jurisdictions, darknet markets and ransomware attackers,” FinCEN Acting Director Himamauli Das said. “Virtual asset service providers are on notice that they must implement robust risk-based compliance programs and meet their [Bank Secrecy Act] reporting requirements. FinCEN will not hesitate to act when it identifies willful violations.”