If anti-money laundering (AML) and counter-terrorism financing (CFT) protections weren’t already high on financial institutions’ priority lists, then they should be after the $4.3 billion in penalties the US Department of Justice hit cryptoasset marketplace Binance with last week.
Mark Kornfeld of law firm Buchanan Ingersoll and Rooney, quoted in the Financial Times, warned the DoJ action “is proof that this is the new normal, not just a random development for the industry. Everyone is on pretty significant notice that this is the way it’s going to be.”
Serial Binance AML, sanctions failings
The list of Binance’s criminal wrongdoing is long.
The crypto exchange was found to have disregarded US AML laws and failed to implement comprehensive know your customer (KYC) protocols or systematically monitor transactions. Binance never filed a suspicious activity report (SAR) with Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN).
And it did not “implement controls that would have prevented U.S. customers from conducting transactions with customers in sanctioned jurisdictions” such as Iran, Cuba, Syria and Russian-occupied regions of Ukraine. Indeed, between January 2018 and May 2022, Binance enabled nearly $900 million in transactions between US users and “users ordinarily resident in Iran.”
The exchange also acted as a conduit for “well over 100,000 suspicious transactions” linked to ransomware attacks, child sexual abuse, large-scale hacks, the drugs trade and financing to designated terrorist groups including al-Qaeda, Isis and Hamas.
As part of the settlement, Binance chief executive Changpeng Zhao resigned, agreed to pay a $50 million fine and pleaded guilty to a US criminal charge of failure to protect against money laundering. It’s a case that follows hot on the heels of FTX founder Sam Bankman-Fried’s conviction by a New York jury of fraud and money laundering, with SBF facing decades in prison when he is sentenced next March.
EBA takes aim at industry AML system deficiencies
Global supervisory authorities’ heightened AML/KYC expectations follow the latest biennial European Banking Authority report, released in July 2023, which warned “[n]ew risks arise from the laundering of proceeds from environmental crimes and cybercrimes, with a perceived increase in risks associated with financial innovation linked to market growth.”
The report criticised the AML/CFT systems and procedures many institutions have in place. Poor AML controls with incomplete, inaccurate or outdated customer due diligence and enhanced due diligence information restrict institutions’ “ability to identify sanctions targets or suspicious changes in shareholding structures, which can be used to obfuscate beneficial ownership.”
The report added that “[t]ransaction monitoring and the reporting of suspicious transactions are particularly weak and rated as ‘poor’ or ‘very poor’ by between 30% and 50% of competent authorities, with payment institutions and e-money institutions among the worst performing sectors.”
Without an automated, real-time transaction monitoring capability that can spot money laundering risks and block accounts or transactions when suspicious events occur, AML teams will be left grappling with some sort of offline, manual process that requires staff to sift through bank statements or other transaction records to look for anything falling outside their parameters. Such non-standardised, non-automated approaches inevitably expose firms to significant material risk.
Growing regulatory risk from AML weaknesses
And the penalties for any AML/CFT lapses are ever more punitive.
The new EU Anti-Money Laundering Authority (AMLA) – which is due to launch in 2024 – will establish a single integrated AML/CFT supervision framework across the bloc to better combat threats. AMLA will directly supervise cross-border financial sector entities most exposed to money laundering, including crypto asset service providers, and indirectly supervise other institutions, with the power to request further investigations and imposition of sanctions where appropriate.
To fulfil its duties, AMLA can mandate companies and people to hand over relevant information and conduct on-site visits. It can place restrictions on an entity’s business operations and withdraw licences. And impose sanctions of up to €2 million or 0.5-1% of annual turnover for material breaches, and up to 10% of the entity’s total annual turnover in the preceding business year.
Faced with these tightening strictures, financial institutions – and especially neobanks and crypto custodians that may lack the experience and robust safeguards authorities, clients and investors increasingly want to see – will do well to get their houses in order while they still can.
ABOUT DEEP POOL
Deep Pool is the #1 investor servicing and compliance solutions supplier, providing cutting-edge software and consulting services to the world’s leading fund administrators and asset managers. Our flexible solution suite, developed by an experienced team of accountants, business analysts and software engineers, supports offshore and onshore hedge funds, partnerships, private equity vehicles, retail funds and regulated financial firms. Deep Pool is a global organisation with offices in Dublin, Ireland, the United States, the Cayman Islands and Slovakia. For more information, visit: www.deep-pool.com.