This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.

A Fresh Take

Insights on US legal developments

| 3 minute read

DOJ and Foreign Regulators Target the Bitzlato Cryptocurrency Exchange: Lessons on AML, KYC Obligations, and Cryptocrime

On January 18, 2023, the US Department of Justice (DOJ) announced that it arrested Mr. Anatoly Legkodymov, a Russian national and the founder and majority owner of a cryptocurrency exchange, Bitzlato Ltd. (Bitzlato), charging him with operating Bitzlato as an unlicensed money transmitting business, and also transmitting funds through Bitzlato that he knew to have been criminal proceeds or used to promote unlawful activity, in violation of US anti-money laundering (AML) laws.  According to DOJ, Bitzlato failed to establish an effective AML program and held itself out as requiring little—if any—know-your-customer (KYC) procedures in order to use the exchange: Bitzlato allegedly advertised “simple registration without KYC.  Neither selfies nor passports required.  Only your email needed.”  Although Bizlato claimed to not do business with US-based individuals, DOJ was able to gather evidence that the rule was not enforced, subjecting the exchange to US jurisdiction, similar to charges against founders and executives at another exchange, BitMex, who plead guilty to Bank Secrecy Act (BSA) violations in February 2022.  Bitzlato is alleged to have knowingly processed over $700 million in illicit cryptocurrency funds from Hydra Market (Hydra), currently the largest darknet underground marketplace in the world that is responsible for dealing in narcotics, stolen financial information, fraudulent identification documents, money laundering services, and other contraband.  

DOJ’s actions against Legkodymov reflect its follow through on its stated commitment, announced through the formation of the National Cryptocurrency Enforcement Team (NCET) in late 2021, to clamp down on the misuse of digital currency through concentrated efforts to investigate exchanges and other entities in the crypto ecosystem for violations of US AML laws, including the BSA.  Taken together with efforts undertaken by foreign regulators to dismantle Bitzlato—this action serves as a valuable reminder for companies operating in the digital currency space to beware of (1) US regulators’ continued targeting of the illicit use of cryptocurrency; (2) the potential for cooperation and cross-border enforcement actions undertaken by foreign regulators; and (3) the importance of effective, risk-based AML and KYC programs and procedures.

US Regulators Continue to Target Cryptocurrency

As we have previously noted, US regulators have increased efforts to combat the illicit use of cryptocurrency.  DOJ’s arrest of Legkodymov occurred in parallel with efforts from the US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) to hinder Bitzlato’s ability to transmit funds through financial institutions.  Specifically, FinCEN named Bitzlato as a “primary money laundering concern”—a designation that will block Bitzlato’s ability to access the US financial system, and therefore handicap its access to the traditional global financial network.  This follows on other regulatory actions we have discussed in this space, such as action taken by the US Treasury Department’s Office of Foreign Asset Control to designate virtual currency mixer Tornado Cash.

Regulatory scrutiny in the cryptocurrency realm will continue to escalate as a defined priority of the Biden Administration.  For example, in a September 2022 statement on digital assets, the White House encouraged regulators “to aggressively pursue investigations and enforcement actions against unlawful practices in the digital assets space.”  And on January 27, 2023, the Biden Administration released a Roadmap to Mitigate Cryptocurrencies’ Risks, which notes that “enforcement agencies are devoting increased resources to combatting illicit activities involving digital assets” and calls upon Congress to “strengthen penalties for violating illicit-finance rules and . . . fund greater law-enforcement capacity building, including with international partners.”

Regulators International Cooperation Targeting Cryptocurrency

In addition to US regulators’ efforts to target the illicit use of cryptocurrency and cryptocurrency exchanges, a key feature of this case is the cross-border effort that went into Legkodymov’s arrest and seizure of Bitzlato’s cryptocurrency assets.  In the press release accompanying Legkodymov’s arrest (the Press Release), DOJ Deputy Attorney General Lisa O. Monaco stated that the effort to arrest Legkodymov and take down Bitzlato reflect US regulators’ commitment to work with foreign regulators to target cryptocurrency-related crimes and, as stated in the Press Release, expand “the international net that law enforcement” can use to target the illicit use of cryptocurrency.  DOJ coordinated Legkodymov’s arrest with efforts by Interpol, and partners in France, Spain, Portugal, and Cyprus to dismantle Bitzlato’s digital infrastructure and seize its cryptocurrency.  This case demonstrates DOJ’s ability to cooperate with authorities across the world to combat perceived abuses in the global crypto ecosystem, which is only likely to increase over time given the successful seizures in this case. 

Establishing and Implementing an Effective AML Program

In light of DOJ’s warning and cross-border regulators’ interest to engage in joint operations to combat cryptocurrency-related crimes, companies operating in the digital assets space are likely to face increasing scrutiny and should consider reviewing their AML programs and KYC procedures.  An effective risk-based AML compliance program may include: (1) the development of internal policies, procedures, and controls based upon an assessment of the money laundering and terrorist financing risks associated with the relevant business; (2) designation of an AML compliance offer; (3) ongoing employee education and training on these policies; (4) an independent audit to test, monitor, and maintain the adequacy of the program; and (5) risk-based procedures for conducting ongoing customer due diligence.  Further, companies that claim to not service the US market to avoid jurisdiction should be aware that DOJ and regulators will scrutinize that claim closely and should be vigilant about implementing and maintaining controls in that regard.

* * *

Tags

cryptocurrency, investigations, litigation, national security