OFAC flexes its muscles with crypto

In November, Binance Holdings, Ltd. (“Binance”) – the largest cryptocurrency exchange in the world – paid the largest settlement in OFAC history for alleged sanctions violations.  Together with other agencies, the settlement totaled over $4 billion!  On top of that, the CEO also pled guilty, has relinquished his role, and must pay a personal fine of $50 million.  What happened?

A closer look at Binance’s problems

In a nutshell, Binance is accused of enabling U.S. customers to trade with sanctioned entities and countries, a direct violation of OFAC regulations.  By offering this service, the government estimates that Binance facilitated over 1.6 million illegal transactions – and facilitation of trade with sanctioned countries is a direct violation of OFAC sanctions.

Now, you might be thinking:  Crypto is so new and transactions are fast moving, they probably just did not understand or even know about the rules.  Based on the press release and information from the settlement, this could not be further from the truth.  In fact, not only did Binance have a compliance program in place, but top-level management encouraged and even joked about evading those laws.  As an example, the company used IP screening to capture those attempting to trade with U.S. entities from sanctioned countries, but then Binance encouraged users to use a VPN as a work around.  The CEO even joked that they should have a Google banner for a VPN service on the top of the page to sidestep their own geofencing service.

Compliance starts at the top

Most of us know that having a culture of compliance starts at the top.  This is where the case against Binance gets interesting.  From the outside, Binance appeared to have a strong compliance program … at least on paper.  But according to the government, their CEO and CCO intentionally and deliberately made unlawful choices and even instructed their employees not to follow their own compliance procedures.  Although evidence was presented that employees were part of the criminal behavior, it should be noted that when employees would escalate transactions to sanctioned countries and entities, the CEO and CCO would respond that “compliance is here to make Binance APPEAR compliant”, which furthered the case that they knowingly engaged in illegal activity.

The violations amassed by Binance are less than .0028% of their total volume.  Yet, the company still managed to receive the largest fine in history.  Why?  Turning a blind eye to ISIS, Hamas and al-Qaeda who were using the platform to raise money certainly isn’t going to win you any friends at OFAC.  Allowing these terrorists and sanction violators to move billions of U.S. dollars for years while continuously ignoring red flags and disregarding employee concerns ultimately led to this penalty.  Not to mention, over 1,000 transactions dealt in child pornography and videos showing violent assaults against women.

Ultimately, Binance’s pursuit of profit over the law resulted in the following:

• The Hamas miliary used Binance to raise money for the Palestinian resistance. Note that Hamas is a terrorist organization designated by the U.S. government.  The group murdered more than 1,200 Israelis in October.
• Binance allowed transactions with other known terrorist groups such as al-Qaeda and ISIS.
• Binance facilitated over 1 million transactions valued at $899 million to Iranians, which is a direct violation of OFAC sanctions. This does not include the transactions Binance facilitated with Cuba, Syria and Crimea, Donetsk and Luhansk regions of Ukraine – all sanctioned countries and locations.
• The company enabled its customers to transfer $106 million on the darknet where hacking software, fake ID’s, heroin, cocaine and LSD were sold.
• North Korean military hackers used the site to launder tens of millions of dollars involving 24 strains of ransomware.

You can read the full details of the case in OFAC’s press release.

Key takeaways from this case

What can we learn from the Binance penalty?  One of the main takeaways is that all companies – regardless of the business they’re in – must have compliance programs in place.  That includes cryptocurrencies and the platforms they are traded on.  With this settlement, OFAC has made it crystal clear to all sectors that there are existing rules in place that require due diligence for international transactions where U.S. persons, banks and/or U.S. dollars are involved.  Having new technology is not an excuse for non-compliance.

Another good reminder is the lack of commitment evident by Binance management.  As we said, compliance starts at the top.  But that only applies if companies have buy-in from senior executives who lead by example.  Having a compliance program in place, with employees who know how to comply, is irrelevant if management commitment is absent.

It’s a lesson that Binance learned the hard way.  But you don’t have to!  Need help understanding sanctions and developing a program for your company?  Schedule a no-charge consultation with one of our experts today.