Crypto Suspicious Activity Report Enforcement Actions

Summary: DSA analyzed nine Crypto Suspicious Activity Report enforcement actions to identify common reasons for SAR compliance failures.

Lessons Learned from Crypto Suspicious Activity Report Enforcement Actions

There is a lack of insight into Suspicious Activity Reports (‘SARs’) filed by crypto exchanges and other VASPs. This leads to gaps in our understanding of financial crime and money laundering risks posed by both crypto and crypto exchanges.

I analyzed nine crypto-related criminal and regulatory actions to uncover trends in non-compliance with Suspicious Activity Reporting. The types of crypto businesses named in the actions includes crypto exchanges, P2P, bitcoin ATM operators, mixers, and individuals.

The nine cases involving crypto Suspicious Activity Report enforcement actions are:

  1. Binance
  2. Coinbase
  3. Robinhood Crypto, LLC
  4. Helix (Larry Harmon & Coin Ninja)
  5. BitMex
  6. Bittrex, Inc.
  7. Eric Powers
  8. BTC-e
  9. Kais Mohammed (owner of HeroCoin, a P2P and bitcoin ATM company)

I previously attempted to reverse-engineer SARs filed by crypto exchanges using geographic data from FinCEN’s SAR Stats. Read that analysis here.

Which Regulators Issue Crypto Suspicious Activity Enforcement Actions?

The nine cases were brought by five different regulators/agencies: FinCEN, OFAC, CFTC, DOJ, and the New York Department of Financial Services (‘NYDFS’).

Some cases involved multiple agencies such as FinCEN & OFAC in Bittrex, or FinCEN & CFTCDOJ in BitMEX.

Table of Regulators/Agencies Bringing Crypto Suspicious Activity Report Enforcement Actions
Crypto Suspicious Activity Report Enforcement Actions by Regulator / Agency

The enforcement and/or criminal actions are final for most of the cases. The CFTC’s case against Binance is in the complaint stage and the BTC-e criminal case against Alexander Vinnick has not yet gone to trial. Complaints are a recitation of allegations, and not evidence of wrongdoing. Even in the cases that are final, in many instances, the crypto companies agreed to a settlement but did not admit to wrongdoing.

What Suspicious Activity Was Allegedly Missed by Crypto Exchanges?

Regulators listed potential (and in some cases confirmed) suspicious activity missed by the crypto entities for eight of the nine cases. Transactions involving darknet markets was the Suspicious Activity most often mentioned and was alleged in seven of the nine cases.

Other sources of illicit funds flowing through the VASPs included: funds from sanctioned entities/regions, Child Sexual Assault Material (CSAM), money laundering, drug trafficking, ransomware, unregistered MSBs and/or crypto mixers, terror finance, and other fraud.

The quotes below highlight Suspicious Activity identified in the enforcement actions/complaints:

Alleged Suspicious Activity Missed

What Caused the Alleged Crypto SAR Failures?

I found several reoccurring themes in the crypto SAR enforcement actions and complaints. The broad themes are referred to in italics below.

The nine cases all have some type of alleged failure relating to Suspicious Activity Reporting by the crypto entity, many include an allegation that the entity Failed to File SARs. Upon closer review, the reasons for the SAR failures vary.

Not Registered/Licensed & Willfully Violated BSA/AML

In several of the cases, the crypto business was Not Registered and/or licensed with the regulator. Regulators alleged in Kais Mohammad, Helix and Eric Powers cases that the decision not to register was willful and/or a marketing tactic to attract customers.

“During the time of HeroCoin’s operation, Mohammad, a former bank employee, intentionally failed to register his company with the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN).” – DOJ Press Release

“Mr. Harmon, doing business as Helix, willfully violated the BSA’s registration, program, and reporting requirements. Mr. Harmon, doing business as Helix, willfully (a) failed to register as a money services business; (b) failed to implement and maintain an effective anti-money laundering (AML) program;  and (c) failed to report certain suspicious activity.” – FinCEN Assessment of Civil Money Penalty: Helix

In the Helix and Eric Powers cases, regulators alleged that these VASPs Failed to Monitor for Suspicious Activity. This was alleged to have been part of the sales pitch to potential customers.

“In fact, in March 2013 Mr. Powers publicly stated on the Internet he would assist customers that wanted to circumvent AML obligations.”- FinCEN Assessment of Civil Monetary Penalty: Eric Powers

Claiming No U.S. Customers

In the case of BitMEX, BTC-e, and Binance, the allegation of Not Registered was associated with the theme of Claiming No U.S. Customers. In these cases, the regulators allege that the VASPs did in fact have U.S. customers and therefore should have been registered in the U.S.

I delve deeper into “The Offshore Crypto Exchange Illusion” in a prior blog post.

The Offshore Crypto Exchange Illusion

FinCEN’s assessment of a civil money penalty against BTC-e states, “BTC-e attempted to conceal the fact that it provided services to customers located within the United States.”

Similarly, the U.S. Attorney General’s Report on The Role of Law Enforcement in Detecting, Investigating, and Prosecuting Criminal Activity Related to Digital Assets states “BitMex falsely claimed that it did not serve U.S customers, but in fact it had extensive U.S.-based operations and served thousands of U.S. customers.”

The CFTC cites an internal document from Binance, “approximately 16% of its accounts were held by customers Binance identified as being located in the United States.”

Saving Money by Skipping/Skimping BSA

I noticed an interesting theme, Financial Gain by Avoiding BSA Costs, in three cases: Bittrex, Helix and Binance.

For instance, in the Bittrex Consent Order, FinCEN stated that Bittrex had “an unfair competitive advantage in the marketplace as compared to other companies offering similar products and services that were investing in appropriated technology and personnel to comply with BSA.” While in the Helix case, FinCEN notedHelix did not expend any resources on compliance with BSA.”

In the complaint against Binance, the CFTC alleges “In keeping with Binance and Zhao’s ethos of prioritizing profits over legal compliance, they knowingly allowed the two BTC-no KYC loophole to persist.”

Transaction Monitoring Issues

Some crypto companies that attempted to monitor for suspicious transactions were dinged for shortfalls. Regulators identified Manual Alert Review as an issue in the Bittrex and Robinhood enforcement actions.

“The lack of adequate staff or resources for RHC’s BSA/AML compliance program was compounded by RHC’s reliance throughout 2019 and 2020 on a manual system for its transaction monitoring program” – NYDFS Consent Order: Robinhood Crypto LLC

Regulators also alleged Inappropriate Staffing Levels in the Bittrex and Coinbase cases.

“The TMS [Transaction Monitoring System] alert backlog was caused, in substantial part, by Coinbase’s inability to predict or manage the growing alert volume and a lack of adequate compliance staff.”- NYDFS Consent Order: Coinbase

The NYDFS also alleged Arbitrary Alert Thresholds and Alert Processing Errors.

“For its two crypto-specific transaction monitoring rules, RHC employed an extremely high and arbitrary threshold amount to generate exception reports.” – NYDFS Consent Order: Robinhood

Coinbase provided insufficient oversight over the third-party contractors it hired, and a substantial portion of the alerts reviewed by third parties was rife with errors.” – NYDFS Consent Order: Coinbase

SARs Filed Had Issues

Even when the crypto exchanges filed SARs, regulators still found issues. First, the Untimely Filing of SARs was noted in Bittrex, Robinhood and Coinbase. It is likely that the Manual Review of Suspicious Activity and Inappropriate Staffing Levels contributed to the Untimely Filing of SARs.

FinCEN noted, “because of its inadequate manual review process, the majority of SARs filed by Bittrex were filed well after the transaction dates.” The NYDFS found “numerous examples of SARs filed months, some more than six months, after the suspicious activity was first known to Coinbase.”

Coinbase was also found to have SAR Record Keeping Issues, with the inability to pull underlying data for SARs.

Coinbase was unable to meaningfully respond to the Department’s request for data related to suspicious activity identification, tracking, and reporting that took place in 2018 and 2019 because it did not adequately track or retain that information.” – NYDFS Consent Order: Coinbase

How Many Suspicious Transactions Occurred?

The enforcement actions varied on whether they included the number of suspicious transactions or the number of backlogged of alerts.

  • DOJ alleged that BitMex failed to file suspicious activity reports on nearly 600 specific transactions.
  • NYDFS noted significant backlogs of transaction monitoring alerts in two cases: 4,378 alerts at Robinhood Crypto and over 100,000 unreviewed alerts at Coinbase.
  • FinCEN alleged that there were at least “245,817 instances in which suspicious transactions took place” at Helix.
  • FinCEN stated that “BTC-e processed thousands of suspicious transactions”.

How Many SARs Did the VASPs Actually File?

The crypto SAR enforcement actions make it clear that the VASPs failed to file a lot of SARs. But how many did they manage to file?

“Despite the rampant evidence of illegal activity on its platform, BTC-e did not file a single SAR, including for the specific activities identified in the Assessment.” – United States v. BTC-e and Alexander Vinnick

Bittrex did not file a single suspicious activity report (SAR) from its founding in 2014 through 2017.” – FinCEN Consent Order v Bittrex

“During the time period for the 2019 Examination, only two SARs were filed in response to RHC’s crypto specific transaction monitoring alerts.” – NYDFS Consent Order v Robinhood

“As of at least May 2022, Binance had not filed a single suspicious activity report (“SAR”) in the United States despite having filed such reports in other jurisdictions.” – CFTC Complaint v Binance

Helix failed to file a single SAR throughout the corresponding time period.” – FinCEN Assessment v. Helix

BitMex “filed no suspicious activity reports from September 2015 through September 2020”. – Attorney General Report

Classifying Crypto Entities with Suspicious Activity Report Enforcement Actions

Crypto entities with Suspicious Activity Reporting enforcement actions or complaints typically fall into the categories below:

  1. Never intended to comply, and may have even marketed their anti-Anti Money Laundering stance.
  2. Pretended that U.S. BSA/AML laws did not apply to their crypto exchange by falsely claiming that they did not to have U.S. customers.
  3. Attempted to comply with SAR filing requirements but had major failings often tied to lack of resources (tech, staffing, training, or funding).

We have also seen examples of crypto exchanges that fall into both category 1 and 2 (they never intended to comply, and they falsely claim to be offshore).

Want more DSA Cryptocurrency Insights?

The Offshore Crypto Exchange Illusion

Fraud within Crypto Companies: The Limits of Blockchain Transparency

Cryptocurrency SARS: What do we know?

Dynamic Securities Analytics, Inc. provides litigation consulting to help clients successfully navigate disputes involving securities, cryptocurrency, and money laundering.