 The base criminal fines are 250,000 per violation and up to five years in prison. It's possible they could shut them down. The future may not be bright for former Bitmex CEO Arthur Hayes. He recently stepped down after criminal and civil charges were brought against him by U.S. authorities. If I were their attorneys, I'd probably be looking to try and cooperate if I could and try to reach some kind of settlement. The charges were brought against Bitmex, Hayes and three others for violations of the Bank Secrecy Act or BSA. The Bank Secrecy Act is the U.S. government's main legal means for preventing money laundering. It is enforced by nearly 10 distinct U.S. regulators. So, a note to all those crypto exchanges out there. You know, you should be looking really carefully at your customer base to understand if you've got U.S. persons. So far in 2020, U.S. indictments have been brought against numerous crypto actors, including John McCarthy, two Chinese nationals, two Russian nationals, and ironically, the founder of the anti-money laundering Bitcoin project. So, I think you've got some very sophisticated actors that realize that there's some vulnerability there and are trying to exploit it, you know, including some nation-state actors. And yet crypto actors' illicit activities pale in comparison with the large amounts of money laundered in the traditional banking system. The International Consortium of Investigative Journalists found that big banks have defied money laundering crackdowns by moving staggering sums of illicit cash for shadowy characters and criminal networks that have spread chaos and undermined democracy around the world. Do you feel that there's unfair attention given towards crypto from U.S. regulatory agencies? To answer this question, I spoke to a former top legal advisor to FinCEN, the BSA's main enforcement agency. This is Carlton Green, partner at Crowell & Moreing, and former chief counsel to the Financial Crimes Enforcement Network. So, the main reason why we are talking here today is to address the charges that were brought against Arthur Hayes and his colleagues, as well as against BitMEX. So, could you please just kind of explain what exactly those charges were? Yeah, so, I mean, there are two actions here that I see. One of them is brought by the CFTC, and that is a civil complaint for violation of the Commodity Exchange Act and, you know, its regulations. And then there's a related indictment in the Southern District of New York against Arthur Hayes related to some of the same activity. And the CFTC complaint is focused on the idea that Hayes and his other co-founders through the BitMEX group of entities operated an unregistered designated contract market and swap execution facility and also that they acted as Futures Commodity Merchants FCMs and that they basically did all that without appropriate registration and licensure from CFTC. And one of the key core aspects of the complaint is that, you know, they were soliciting U.S. customers and servicing U.S. customers, which subjected them to regulation in the U.S., but they weren't complying with U.S. law. And, you know, in particular, a special relevance for me is they weren't complying with the requirements of the Bank Secrecy Act, which required BitMEX to, you know, have an anti-money laundering program, establish and maintain an anti-money laundering program, and to also establish and maintain a customer identification program, which would require them to obtain and verify certain minimal identifying information on all of their customers. And in fact, their business model was specifically oriented around not obtaining that information, as I understand it, from the FCTC complaint and from the related indictment brought by the SDNY. You know, both of those suggest that they specifically solicited U.S. customers and also that they were aware that that would carry BSA obligations, including the obligation to identify their customers, but that they deliberately chose not to have those obligations and instead allowed people to use email addresses without, you know, customer identification. So I wanted to go back to that point you made about how BitMEX was soliciting U.S. customers, because as far as I understand CFTC has advised against or forbidden U.S. customers from trading on BitMEX because they don't comply with their regulations. So what exactly does soliciting mean? And like, what exactly does that mean? Yeah, well, I mean, I think that the, you know, there's quite a bit of detail in the CFTC complaint and in the SDNY indictment, you know, basically suggesting that they were, you know, appearing on, you know, U.S. publicate, you know, U.S. tech platforms, Facebook, Twitter, that they were granting interviews in the U.S. and encouraging people to do business with them, that they were helping people find ways to access, U.S. persons to access their website from IP addresses outside the U.S. through the use of things like Tor and other, you know, and VPNs. And, you know, otherwise we're aware of information to suggest that a significant portion of their customer base, you know, were in the U.S. and that they did not take steps to, you know, prevent that. But BitMEX was not operating officially and in any way under, on U.S. soil, right? Well, actually, no, the complaints I think actually suggest they did have offices. They had offices in New York and also in San Francisco. And of course, at least one of the three founders was, I think, permanently resident in Wisconsin, I believe. So they actually had a significant U.S. presence. They had staff, I think, in both of those locations, although it sounds like they ultimately closed the New York office and moved, you know, but retained the San Francisco presence. Yeah, thank you for clarifying that because I think a lot of people were wondering what authority the CFTC and the DOJ had to go after BitMEX when ostensibly BitMEX was not operating within the U.S. So it's great that that's cleared up. And you mentioned that they had violated the Bank of Secrecy Act. What kind of penalties does that, a violation like that entail? Yeah, they can be pretty significant. So, you know, the, for willful violations of the Bank of Secrecy Act, which are pretty easy to establish despite the willfulness, it sounds pretty, it sounds like a really high standard, but it's actually fairly straightforward to establish. The civil penalties can be up to, I think it's like over $50,000 a day for not having an AML program. You know, that's adjusted for inflation from what's in the regulations. And then for every time there's a suspicious transaction that qualifies for a suspicious activity report, let's say, that you didn't file and were required to file, it can be, you know, up to, it's the value of the transaction up to, I think adjusted for inflation, it's over $200,000. So $200,000 per transaction for where you're supposed to file a SAR and you didn't file a SAR, you know, that adds up really quickly. And same thing for, you know, 50,000 plus per day of not having an AML program, if you multiply that by one year at 365 days, it adds up quick. But these are all monetary fines, correct? And I understand that Arthur Hayes and his colleagues are facing up to five years in prison. Yeah, that's right. So I was just talking about the civil. Yeah, you're right. Let me get you, let me get you to the criminal. So the criminal, the criminal fines, I think are, the base criminal fines are $250,000 for violation and up to five years in prison. So for criminally, criminal violations of the BSA, criminally willful, I believe, yeah. Okay. So the BSA Bank Secrecy Act, right? The Bank Secrecy Act, yes. Actually, which despite its name actually means the opposite. It's not the act to make your banking secret, it's designed to ensure that it's difficult to engage in secret transactions, not subject to any kind of oversight with U.S. persons. So let me see if I'm understanding this correctly. They violated the Bank Secrecy Act and for that violation, both the DOG and the CFTC have brought charges against them. Is that correct? Yeah. So the DOJ has brought a criminal indictment. They've brought a criminal action against Arthur Hayes, one of the founders of BitMEX. And then the CFTC, separately, using its own enforcement authorities, has brought a civil action, civil enforcement action for civil penalties against BitMEX and its founders. And do you think that there's a possibility that those, that civil action will end up shutting BitMEX down? Is that one of the intentions, or is it just strictly to fine? Yeah. I mean, I think it depends. It seems like the potential penalties here could be very large. And how it resolves from here, I think, depends on how BitMEX responds to it. It certainly could, it's possible it could shut them down. Or it's possible they could reach a negotiated settlement where they pay a large fine and they come into compliance with the law. I'd like to also talk about the suspicious activity reports that we've been mentioning throughout all of this. And as I understand it, the U.S. anti-money laundering prevention depends largely on these specific suspicious activity reports. So how useful are these suspicious activity reports? And how much effort goes into following up on them? I think the answer to that is, well, first of all, let me let me start by saying that I think that it's not just SARS that are used to prevent money laundering and terrorism financing and other activity. Even within the Bank Secrecy Act itself, the requirement to have anti-money laundering programs is designed to help institutions detect and prevent that kind of activity from flowing through their operations. SARS are intended to be a source of potential lead information for law enforcement. When a financial institution sees a transaction, something doesn't look quite right, but they're not required to determine whether that's criminal activity or not. They basically can put that in a SAR and in many, in some cases, they're obligated to do so. And that information then gets kind of pulled into the BSA database and law enforcement agencies can kind of do their own analysis on that material to try and figure out if there is criminal activity going on and then do their part to help protect the financial system. So I think it's really a joint effort, the way the Bank Secrecy Act is set up, between the financial institutions themselves is kind of the front line and then law enforcement falling on behind to try to take action using their authorities. In terms of utility, I think, yes, I mean, I think there's been a lot, I think, I think Finsen and law enforcement have really tried to say as much as they can about how useful SAR reporting has been in, you know, identifying criminal actors and taking action. And they've tried to explain that both to the public and to the institution themselves. I can certainly say from my time at the agency, I think SARs were immensely useful to law enforcement just anecdotally from what I saw. And, you know, I also think that financial institutions, by and large, you know, take those obligations really seriously and they put a tremendous amount of effort into, you know, creating, trying to create detailed SARs that will provide useful information to law enforcement and building programs to detect suspicious activities so that they file SARs when they need to file SARs. I mean, that is, you know, large banks in particular spend millions and millions of dollars to try to comply with those obligations and I think they take them exceptionally seriously. Do you think that's true of all banks? Because, as I understand, a New York Times article says that Bank of America officials in early 2016 warned the federal government about their serious concerns about how Deutsche Bank was failing to detect and prevent money laundering. Deutsche Bank has been among the world's most heavily penalized banks in part for its work, laundering money for wealthy Russians. That kind of, shedding that kind of light on Deutsche Bank's practices doesn't really say much about the efficacy of the U.S. anti-money laundering prevention. Well, I mean, I think you have to remember there's an enforcement component too to the Bank Secrecy Act, right? So a lot of financial institutions, most financial institutions that I would say, take their obligations very, very seriously under the Bank Secrecy Act, but there are enforcement provisions for institutions that don't do that. And, you know, it's one of the things that's really interesting about the Bank Secrecy Act is that in many cases there are multiple parties that are helping to enforce the Bank Secrecy Act. So, FinCEN, you know, as the agency charged with administering the Bank Secrecy Act has, you know, they have authority certainly to bring penalties under the Bank Secrecy Act, but in many cases, those financial institutions will have their own prudential regulators that have independent authorities to pursue penalties related to AML violations. And that includes banking regulators like the Office of the Comptroller of the Currency, the Federal Reserve, the FDIC, and in the case of securities, the SEC, and in the case of commodities, the CFTC, which is exactly what we're seeing here with the civil complaint that they've brought. I think a lot of people in the crypto community do feel that crypto is often unfairly targeted with these anti-money laundering laws when there's so much money laundering going on with the U.S. dollar and potentially through banks as the New York Times article alluded to with Deutsche Bank. Given your experience at FinCEN and your familiarity with U.S. regulatory practice, do you also feel similarly, do you feel that there's unfair attention given towards crypto from U.S. regulatory agencies? I certainly don't think that there is an effort to enforce against crypto more than other financial institutions. I think a lot of what's generating that perception might be the fact that enforcement in this area is relatively new and that this is a new emerging type of financial institution activity. And people are regulators and companies are in the process of sorting out how these laws apply to their activities. And so people may not have thought that they were subject to regulation and are finding that they are. And I do think that it is the case that AML in particular is turning out to be the largest hurdle to virtual currency activity for people trying to come into this industry. And some of that is not the result, I think, of any malice on the part of any regulators, but it is an artifact of the fact that they're coming within the scope of AML and other laws that were intended originally to regulate money transmission, for example. One of the biggest problems I've seen for virtual currency companies is the fact that you have both federal AML regulation and state money transmitter laws in almost every single one of the 50 states. And that's just been a disaster. That's been horrible and a real burden and impediment on companies that are trying to do the right thing. In terms of enforcement, though, right now banks and broker-dealers spend millions and millions of dollars complying with Bank Secrecy Act obligations, building real AML programs using artificial intelligence and other kinds of technology to try and identify suspicious activities and report them. I don't think it means that the regulators are ignoring money laundering with those guys. I think far from it, they continue to get hit for very large penalties in cases where their AML programs are not up to standard. And I think what's going on is there's just a recognition that anytime you've got a new area that presents yet another financial channel that there are going to be risks for money laundering and that financial channel as well. And especially if the regulatory status of entities in that channel is not determined, you have a risk of bad actors trying to run into that channel and exploit that fact before the regulators come in and iron those creases out. And then just one last thing, which is that I also know that there's a lot of, the great majority of actors in the crypto sector are legitimate. They're trying to offer a legitimate service and you want to do the right thing. And a lot of them are expending considerable effort to try and comply with the Bank Secrecy Act and other applicable laws. And I think it's been very frustrating for a lot of them to see other actors who are not compliant with those laws, not suffering any consequences from it. So I think you kind of have to see it from all different sides in that market. I mean, for the people, for the companies that are actually expending the effort to try and comply with those standards, you certainly don't want to put them at a disadvantage against the parties that are not doing that. And something else just occurred to me as well. Do you think it's easier for these enforcement entities to go after crypto, these unregulated exchanges and such? Because I feel like people who have been using banks to launder money are probably much more experienced, have been doing it for longer and don't really know what they're doing more or less. And maybe these people at crypto exchanges don't really have as much of an idea. I mean, one of the defendants in the Bitmex case is literally on record saying that he was bribing regulators with just a coconut. I mean, that seems like a bit of an amateur mistake, don't you think? Yeah, it's a very colorful detail in the criminal complaint. And it comes up a few times. You can tell the DOJ really enjoyed the fact that they had that language to work with in their complaint. A little bit of this is speculation, right? But my sense is that I think you've got a combination. I think you've got people who might be using crypto because they think it's less regulated than traditional banks and are not very sophisticated and are doing stuff, are using it to launder, in some cases using it to launder the proceeds of criminal activity. But I also think you have some very sophisticated actors who really understand how that medium can be used to evade scrutiny. And the fact that it's not subject to the same kind of deep comprehensive regulation that you see in the banking and security sectors, where it's not just FinCEN out there policing, but you've got all these banking regulators at the federal and state level, all these security regulators at the federal and state level regulating these guys eight ways to Sunday. And so I think you've got some very sophisticated actors that realize that there's some vulnerability there and are trying to exploit it, including some nation-state actors. So I think there are risks. And that doesn't undercut the legitimacy of cryptocurrency at all. That's always going to happen anytime you innovate in financial services. And it's just going to be a question of finding a way to empower legitimate actors and reduce the utility of that channel for bad actors so that you don't tar the reputation of that entire industry. So bringing it back around specifically to the charges brought up by the CFTC and the DOJ against BitMEX and Arthur Hayes, could you give us an idea of what the legal roadmap might look like going forward? What are the next steps of action that these enforcement agencies are going to take? Yeah, I think there'll be, I think there'll certainly be discussions with these guys and a desire to, they'll start interviewing people trying to gather facts. They've probably already got quite a few. And if I were them, if I were their attorneys, I'd probably be looking to try and cooperate if I could. If you were the BitMEX attorney? Yeah. And try to reach some kind of settlement that would involve BitMEX coming into compliance with the Bank Secrecy. And from the enforcement perspective, what would you be looking to try to do? You know, I think they're going to be looking to try and ensure, first of all, I mean, they're going to be trying to ensure that the public is protected. And then possibly that, you know, these guys don't profit from, you know, from engaging in activity that is allegedly done without required registration under US law. And that there's also a deterrent effect for others in the industry who might be, you know, doing business with US persons or soliciting business with the United States and engaging in this kind of, you know, swaps in futures activity, thinking that they may not have to register or that there will never be any enforcement. You know, I think part of the goal here is also a message for those folks to really think about this. And frankly, there's a message also for companies that, you know, maybe aren't intentionally trying to evade regulation in the US, but just haven't really paid attention to whether they've got customers that are US persons or whether they might be advertising in channels that would be construed as advertised, soliciting in the United States. And so I think that's a takeaway from this for non-US based companies, which is, you know, you should be looking really carefully at your customer base to understand if you've got US persons. You should be looking really carefully about how you're advertising your service to understand whether it, you know, it reasonably can be characterized as focusing on the US market. Do you have any final comments you'd like to make about the charges, the case or anything? Yeah. I mean, I think, you know, registration, I know can be a big, a big deal and it involves a lot of kind of regulatory, you know, some regulatory burden and expense. The AML aspects of this, you know, are, you know, they have some complexity, but they're very doable. And so I think it's, I think it's worth companies thinking carefully about their operations and that they shouldn't be necessarily scared off by the idea of having to comply and have an AML program. I think it sounds scarier than it is. Great. Thank you so much for joining me today, Carlton. Yeah, my pleasure. Thank you. Thank you, everyone, for watching. That was Carlton Green, who is a partner at Crowell and Mooring and a former chief counsel to the Financial Crimes Enforcement Network. My name is Jackson and if you enjoyed the show, please hit that like button and subscribe to our channel. Cointelegraph, like, subscribe and hodl.