Financial Crimes Enforcement Network (FinCEN) has announced a penalty of ????29 million to the crypto exchange Bittrex. Bittrex is a virtual currency exchange and has a presence in many countries. But it failed to check if the flow of funds is coming from the sanctioned countries in spite of having a presence in the USA. This amounted to a violation of the sanctions regulations and OFAC penalized the firm for $25 Million and FinCEN fined them another $5 million for noncompliance with AML Laws.
Why did FinCEN Fined Bittrex?
Analysis of the Bittrex Consent order revealed that Bittrex
- Failed to maintain an effective Anti Money Laundering Compliance program, written policies, and procedures
- Failed to appropriately assess the risks associated with its products and services. It offered cryptocurrency services to global clients.
- Relied on only two employees with minimal AML training and experience to manually review over 20,000 transactions per day for suspicious activity in addition to other duties. AML Education is a key aspect of compliance.
- Failed to file Suspicious Activity Reports for more than three years and also failed to implement an effective transaction monitoring mechanism.
Why did OFAC Sanctioned Bittrex?
Only in 2016, Bittrex hired a third-party vendor to automatically screen transactions for compliance with OFAC sanctions.
The software, however, only screened transactions to identify potential matches with sanctioned persons but not with sanctioned jurisdictions.
As a result, Bittrex conducted more than 116,000 transactions for over $260 million with persons subject to OFAC sanctions. It became the conduit of dirty money and facilitated global laundering from sanctioned countries.
Lessons from Sanctions on Bittrex
- Risk assessment is an essential step to AML compliance
- If policies and procedures are not written down, they do not exist.
- A manual transaction monitoring system, in most cases, is deemed to fail.
- The AML officers should be sufficiently experienced.
- The AML department must have sufficient resources.
- Regulated entities should ensure that the third-party vendors’ screening tools check against all relevant sanctions lists.
- Penalties for AML failures can be huge.
- The question is: Do we learn from our lessons?