CFTC and DOJ Charge BitMEX and Executives With Illegally Trading in Digital Assets and Ignoring BSA/AML Requirements | JD Supra

Incorporating in the Seychelles but Allegedly Operating in the U.S. Spells Trouble for Company and its Founders

The Bitcoin Mercantile Exchange, or BitMEX, is a large and well-known online trading platform dealing in futures contracts and other derivative products tied to the value of cryptocurrencies. Recently, the Commodity Futures Trading Commission (“CFTC”) filed a civil complaint against the holding companies that own and operate BitMEX, incorporated in the Seychelles, and three individual co-founders and co-owners of BitMEX for allegedly failing to register with the CFTC and violating various laws and regulations under the Commodity Exchange Act (“CEA”). The 40-page complaint alleges in part that the defendants operated BitMEX as an unregistered future commission merchant and seeks monetary penalties and injunction relief.

In a one-two punch, the U.S. Attorney’s Office for the Southern District of New York on the same day unsealed an indictment against the same three individuals, as well as a fourth individual who allegedly served various roles at BitMEX, including as its Head of Business Development. The indictment charges the defendants with violating, and conspiring to violate, the requirement under 31 U.S.C. § 5318(h) of the Bank Secrecy Act (“BSA”) that certain financial institutions – including futures commissions merchants – maintain an adequate anti-money laundering (“AML”) program.

Both documents are detailed and unusual. This appears to be only the second contested civil complaint filed by the CFTC based on the failure to register under the CEA in connection with the alleged illegal trading of digital assets (other than those for which settlement orders were entered into with the CFTC). The first such complaint was filed only a week prior against Latino Group Limited (doing business as PaxForex), but the BitMEX complaint has garnered more attention in light of BitMEX’s reputation and size. Most of the CFTC’s prior actions against digital asset companies involved claims for fraud or misrepresentation in the solicitation of customers. This complaint, against a relatively mature and large digital asset company, demonstrates that the CFTC continues to actively pursue trading platforms and exchanges that solicit orders in the United States without proper registration. In addition to failing to register, the complaint alleges that the defendants failed to comply with the regulation under the CEA, 17 C.F.R. § 42.2, which incorporates BSA requirements such as an adequate AML program.

The indictment is unusual because it charges a rare criminal violation of Section 5318(h) – the general requirement to maintain an adequate AML program. Although indictments against defendants involved in digital assets are increasingly common, this also appears to be the first indictment combining allegations involving the BSA, digital assets, and alleged futures commissions merchants.

The complaint and the indictment share the common theme that the defendants attempted to avoid U.S. law and regulation by incorporating in the Seychelles but nonetheless operating in the United States. The opening lines of the CFTC complaint declare that “BitMEX touts itself as the world’s largest cryptocurrency derivatives platform in the world with billions of dollars’ worth of trading each day. Much of this trading volume and its profitability derives from its extensive access to United States markets and customers.” Meanwhile, the indictment alleges that defendant Arthur Hayes – a Fortune “40 Under 40” listee – “bragged . . . that the Seychelles was a more friendly jurisdiction for BitMEX because it cost less to bribe Seychellois authorities – just “a coconut” – than it would cost to bribe regulators in the United States and elsewhere.”

The CFTC Complaint

In its press release announcing the filing of its complaint, the CFTC reiterated that “registration requirements are the cornerstone of the regulatory framework that protects Americans and U.S. financial markets.” The CFTC’s complaint unsurprisingly focuses on this failure to register by BitMEX. The complaint alleges that since November 2014 BitMEX has offered commodity futures, options, and swaps on digital assets (such as Bitcoin, Ether, and Litecoin) to individuals in the United States without being registered as a futures commission merchant (“FCM”) or a designated contract market (“DCM”). It also alleges that BitMEX operated a facility for trading swaps without registering as a DCM or swap execution facility (“SEF”).

In addition to seeking to enjoin BitMEX and its operators from further violations of the CEA, the CFTC is seeking disgorgement, rescission, restitution, and the payment of a civil money penalty.

Failure to Register as a FCM

Under the CEA, an FCM includes (i) an individual, association, partnership, corporation, or trust that (ii) engages in soliciting or in accepting orders for futures, swaps, commodity options, or retail commodity transactions, and (iii) accepts money, securities, or property to margin, guarantee, or secure trades or contracts resulting from such orders and transactions. 7 U.S.C. § 1a(28)(A). The CEA makes it illegal for anyone to operate as an FCM without registering with the CFTC. 7 U.S.C. § 6d(a).   The complaint alleges that BitMEX’s platform offers the trading of cryptocurrency derivatives (e.g., Bitcoin, Ether, and Litecoin) to retail and institutional customers in the United States, specifically by soliciting orders from U.S.-based customers through BitMEX’s website, social media channels, and mobile app. By engaging in these activities, the CFTC’s complaint asserts that BitMEX violated the CEA by engaging in soliciting and accepting orders for the purchase or sale of commodities for future delivery, swaps, and retail commodity transactions without registering as an FCM.

Failure to Register as a DCM or SEF

The CFTC also claimed that BitMEX was required to register as a DCM or SWF. Under the CEA, it is “unlawful for any person to offer to enter into, enter into, or confirm the execution of, or to conduct any office or business anywhere in the United States . . . for the purpose of soliciting or accepting any order for . . . any transaction . . . a contract for the purchase or sale of a commodity for future delivery . . . unless such transaction is conducted on or subject to the rules of a board of trade which has been designated or registered by the CFTC as a contract market or derivatives transaction execution facility for such commodity . . . .” 7 U.S.C. § 6.

In order to operate its trading platform, the complaint alleges that BitMEX maintained significant U.S.-based operations, including at least half of its workforce and various critical operating functions such as information technology, software engineering, marketing, security, and accounting. The complaint therefore asserts that BitMEX violated the CEA by entering into contracts for the future delivery of Bitcoin, Ether, and Litecoin, or retail commodity transactions, in the United States without being designated or registered as a contract market, including a DCM or SEF.

Other Violations

In addition to the foregoing violations, the complaint alleges several related violations. First, it claims BitMEX violated the CEA by conducting futures transactions (entering into contractors for the purchaser or sale of digital assets for future delivery, or retail commodity transactions) other than on or subject to the rules of a CFTC registered or designated board of trade. Second, it asserts that FCMs must, among other stringent requirements, implement procedures to prevent conflicts of interest, segregate customer assets to mitigate risk from an FCM’s insolvency, and diligently supervise the activities of its personnel. The complaint claims that BitMEX failed to adequately and diligently supervise the activities of its operations and platform.

Finally, FCMs must also comply with the provisions of the BSA, which includes requirements to implement certain “know your customer” (“KYC”) procedures. The complaint alleges that BitMEX allowed customers to open accounts and deposit Bitcoin without verifying “the identity or location of the vast majority of its users” and that BitMEX failed to implement necessary “know your customer” and AML procedures. The complaint even goes further and highlights the defendants’ act of deleting records of customers’ located in the United States and other prohibited jurisdictions. Based on the foregoing, BitMEX is claimed in the complaint to have violated both the BSA and CEA. Of course, this allegation by the CFTC brings us directly to the allegations in the DOJ’s indictment.

The DOJ Indictment

The indictment charges four current and prior executives and owners of BitMEX with violating, and conspiring to violate, the requirement under 31 U.S.C. § 5318(h) of the BSA that certain financial institutions – including FCMs – maintain an adequate AML program, which of course includes filing Suspicious Activity Reports (“SARs”) as appropriate, and implementing a proper KYC program. The indictment therefore tracks and compliments the CFTC’s BSA-related allegations, and adds some color and detail. Both charges carry five year maximum sentences.

The four defendants are described variously as residents of the United States, the United Kingdom, Hong Kong, Australia and Bermuda. Currently, three defendants remain abroad and one has been arrested in the U.S. Since the indictment and complaint, traders reportedly have withdrawn $818 million worth of bitcoin from BitMEX, which released a statement declaring that “[w]e strongly disagree with the U.S. government’s heavy-handed decision to bring these charges, and intend to defend the allegations vigorously. From our early days as a start-up, we have always sought to comply with applicable U.S. laws, as those laws were understood at the time and based on available guidance.” This statement appears to focus on the mental state and subjective understandings of persons at BitMEX; it does not clearly and definitively claim that laws in fact were followed.

The DOJ press release summarizes the indictment as alleging that BitMEX has long serviced and solicited business from U.S. traders and therefore was required to register with the CFTC and to establish and maintain an adequate BSA/AML compliance program. However, the defendants

. . . . knew by no later than in or about September 2015 that, because BitMEX served U.S. customers, it was required to implement an AML program that included a . . . “KYC” component, but chose to flout those requirements. Indeed, each of the defendants knew of customers residing in the United States who continued to access BitMEX’s trading platform through at least in or about 2018, and that BitMEX policies nominally in place to prevent such trading were toothless or easily overridden to serve BitMEX’s bottom line goal of obtaining revenue through the U.S. market without regard to U.S. regulation. While knowing of BitMEX’s obligation to implement AML and KYC programs because BitMEX was serving U.S. customers, [the defendants] took affirmative steps purportedly designed to exempt BitMEX from the application of U.S. laws such as AML and KYC requirements. For example, the defendants caused BitMEX and its parent corporations formally to incorporate in the Seychelles, a jurisdiction they believed had less stringent regulation and from which they could still serve U.S. customers without performing AML and KYC.

Perhaps needless to say, the DOJ press release repeats the allegation in the indictment that Hayes bragged that the Seychelles was desirable because bribes to Seychellois authorities cost “just a coconut,” and posits that “the price of their alleged crimes will not be paid with tropical fruit[.]”

The lengthy indictment tells a tale of hubris and is full of many interesting details alleging guilty knowledge and efforts to conceal the U.S. presence of BitMEX. For example, one of the defendants allegedly denied knowing during a CFTC deposition that BitMEX maintained reports identifying U.S. customers, when in fact he received such a report just months before. Further, although BitMEX supposedly withdrew from the U.S. market, it allegedly still catered to U.S. customers, in part by “providing an anonymous means of accessing the platform, through the Tor network, a special Internet network that makes it practically impossible to physically locate the computers hosting or accessing websites on the network.” Likewise, one of the defendants allegedly allowed a customer to continue to access a BitMEX trading account despite being based in the U.S. because the customer is “‘famous in Bitcoin,’ and falsely changed this customer’s internal country of residence to a country other than the United States.”

Arguably the most ominous allegation in the indictment is that the defendants allowed Iranians subject to U.S. sanctions to trade on BitMEX, thereby raising the possibility that the DOJ will supercede the indictment with even more serious charges regarding such conduct.

Ultimately, the indictment is remarkable because it alleges that the high-flying owners and operators of a major player in the digital currency space nonetheless played intentional games about “avoiding” U.S. regulations – and then commented on their efforts in a manner which provided the U.S. government with ready-made proof for a trial before everyday jurors.

The DOJ and CFTC complaints should serve as important warnings and reminders for cryptocurrency companies. They signal the continued focus by regulators on digital asset companies and perhaps with an emphasis on exchanges and trading platforms. The complaints also highlight how offshore exchanges and platforms can run afoul of U.S. legal requirements when soliciting customers or otherwise operating in the United States.

Perhaps not coincidentally, the DOJ rolled out a document entitled “Cryptocurrency: An Enforcement Framework,” shortly after this indictment. Whatever may be said about this document – whether it’s more useful as a description of that which already has occurred, as opposed to practical guidance regarding the future – it clearly signals the desire of the DOJ to continue to bring indictments against those allegedly using digital assets to violate the law.