Binance agrees to pay over $4 billion in brutal settlement with US authorities

Binance Holdings Limited, the world’s largest cryptocurrency exchange, has pleaded guilty to several federal charges. The charges include violations of the Bank Secrecy Act, unlicensed money transmitting, and sanctions under the International Emergency Economic Powers Act. As a result, Binance will pay over $4 billion in penalties.

The company’s CEO, Changpeng Zhao, also pleaded guilty. His charges relate to failing to maintain an effective anti-money laundering program. Following this, Zhao resigned as Binance’s CEO.

“Better to ask for forgiveness than permission”

Court documents revealed that Binance prioritized growth over compliance. The company failed to implement necessary controls to prevent money laundering and transactions with sanctioned jurisdictions.

Despite announcing a block on U.S. customers in 2019, Binance continued serving them. This included a focus on retaining “VIP” customers. Binance also failed to implement effective anti-money laundering protocols. It allowed users to trade without proper identification until as late as May 2022.

As part of the plea agreement, Binance will forfeit and pay a total of over $4.3 billion. The company has also agreed to a three-year independent compliance monitorship.

The Department of Justice considered several factors in reaching the resolution with Binance. These included the seriousness of the offense and Binance’s delayed cooperation in the investigation.

Zhao admitted to prioritizing Binance’s growth over legal compliance. His actions led to illegal transactions involving U.S. users. Binance did not make a timely and voluntary disclosure of wrongdoing, but it received partial credit for its cooperation with the Department’s investigation, and it has taken steps to remediate its compliance program. Binance did not receive full credit for its cooperation because it delayed producing relevant evidence, including recorded meetings in which Binance executives discussed U.S. legal requirements. Accordingly, the total criminal penalty reflects a 20% reduction off the bottom of the applicable U.S. sentencing guidelines fine range.

According to court documents, CZ admitted that he understood that Binance served U.S. users and was thus required to register with FinCEN and implement an effective AML program. However, he knew that U.S. users were essential to Binance’s growth and were a significant source of revenue and knew that an effective AML program would include KYC protocols that would mean that some customers would choose not to use Binance. The former chief executive had told employees it was “better to ask for forgiveness than permission”.

The case is being investigated by the IRS Criminal Investigation team. It is prosecuted by members of the Justice Department’s Criminal Division and the National Security Division.

CFTC’s first enforcement action that finds a violation of Regulation 1.6

The Binance case will be forever known as the CFTC’s first enforcement action that finds a violation of Regulation 1.6, a regulation authorizing the Commission to enforce against efforts to evade the application of the CEA.

The regulation prohibits “anti-evasion,” making it unlawful to conduct activities outside the United States designed “to willfully evade or attempt to evade” provisions of the Act and CFTC Regulations.

Even after announcing a policy that “Binance is unable to provide services to any U.S. person,” as described in the consent order, Binance solicited customers in the United States.

Nearly 20% of its customers were located in the U.S. during the period of alleged misconduct. Binance provided U.S. customers with a roadmap, showing them how to circumvent the company’s internal compliance programs.

According to court documents, customers were able to avoid completing KYC paperwork as long as they withdrew no more than the value of 2 bitcoin in one day.

Binance identified U.S.-based customers via IP address, but merely required such customers to acknowledge in a pop-up window that they were not located in the United States. Binance also advised customers on the use of VPNs, indicating that customers “might want to use [a VPN] to. . . unlock sites that are restricted in your country.”

Binance’s former Chief Compliance Officer to pay CFTC $1.5 million

The CFTC announced a proposed settlement with Samuel Lim, former Chief Compliance Officer at Binance. This agreement relates to charges of violating the Commodity Exchange Act (CEA). The settlement also addresses Lim’s role in aiding Binance’s CEA violations.

Under the proposed consent order, Lim faces a $1.5 million civil penalty. This order also includes permanent prohibitions on certain activities. These prohibitions include willfully evading the CEA, acting as an unregistered futures commission merchant, and operating an illegal digital asset derivatives exchange. Additionally, Lim is barred from failing to maintain adequate know-your-customer compliance controls.

The proposed order also finds Lim complicit in Binance’s numerous CEA violations. These include illegal offerings and executions of commodity derivatives transactions to U.S. customers. Furthermore, it cites Lim’s role in Binance’s supervisory failures. This includes using communication methods designed to automatically destroy evidence of illegal conduct.

CZ agreed to pay a $150 million civil monetary penalty to the CFTC, a mere 10% of Samuel Lim’s settlement with the US regulator.

“The CFTC has zero tolerance for crypto platforms used for illicit finance. Binance was aware that its platform facilitated illicit activity by terrorist organizations like Hamas, darknet marketplaces like Hydra, and others. Instead of shutting down this criminal activity financing, Binance turned a blind eye and even advised users how to circumvent Binance’s superficial controls. Today, the CFTC, in partnership with the Department of Justice, FinCEN and OFAC, has helped to shut down a pathway for illicit finance”, said CFTC Commissioner Christy Goldsmith Romero.

“There are no pirate ships in U.S. markets. Access to U.S. customers is a privilege, not a right. The CFTC will aggressively go after crypto platforms operating in U.S. markets that seek to evade the CFTC’s customer protection regime. Binance is the first defendant charged under the CFTC’s anti-evasion law implemented by the Dodd Frank Act. Its maze of corporate entities designed to obscure the ownership, control and location of the Binance platform did not work. This case should also send a message that the CFTC will not tolerate use of VPNs, “I am not a U.S. customer”-type pop-up buttons, or any other actions to circumvent KYC obligations”, the CFTC Commissioner added.

In regard, to the CFTC charges, which include the first-ever charged violation of CFTC Regulation 1.6, governing anti-evasion, the defendants agreed to all of them and are ordered to pay:

• $1.35 billion in disgorgement on the affiliated Binance entities;
• $1.5 million in civil monetary penalties on Samuel Lim;
• $150 million in civil monetary penalties on Zhao;
• $1.35 billion in civil monetary penalties on the Binance entities.

Binance’s new measures toward compliance

Enhanced KYC and Other Critical Compliance Reforms

Binance has agreed to enhance several critical components of its compliance program. Binance will require all accounts to complete an onboarding program, including all KYC procedures, and be operated only by the account registrants and permitted users who have also undergone KYC procedures. Binance will also no longer allow sub-accounts to circumvent compliance obligations and instead will require sub-accounts to undergo the same onboarding compliance procedures before being opened. These KYC procedures are particularly critical in the crypto-economy, which has long been dogged by concerns that its intrinsic lack of transparency into the holders of particular assets allows for digital assets’ easier use for illicit finance, money laundering, and terrorist financing. The 2022 National Money Laundering Risk Assessment found that “U.S. law enforcement agencies have detected an increase in the use of virtual assets to pay for online drugs or to launder the proceeds of drug trafficking, fraud, and cybercrime, including ransomware attacks . . . , as well as other criminal activity, including sanctions evasion.”

Qualified, Independent Board Members

The order will also require Binance to maintain at least three independent members on its board of directors—and Zhao will not be permitted to be a member of the Board. In addition, Binance must stand up Board Compliance and Audit Committees. Binance will also be required to operate a Nationality of Business Entities Checklist to ensure U.S.-based customers are not offered digital asset derivative products.

Certification of Adoption of Reforms

All of these changes must be certified in writing to the Commission within 90 days of the entry of the Consent Order by Binance’s CEO and CCO. Given that the company’s current CEO and former CCO are defendants in this matter, Binance would benefit from carefully reviewing its broader conflicts of interest protocols, risk management procedures, corporate governance structures, and the qualifications for CCO when implementing these changes.

While integrating risk management and corporate governance guardrails through resolution in an enforcement actions is a step in the right direction, it is not a substitute for a comprehensive regulatory regime. Part 38, for example, includes under Core Principle 16 that 35% of a DCM’s board of directors must be comprised of “public directors,” meaning having no material relationship with the DCM. Likewise, FCMs must maintain Customer Identification Programs, including KYC and AML, in order to comply with the Bank Secrecy Act.