Matt Stankiewicz, Partner at The Volkov Law Group, continues his series of posts breaking down Binance’s recent criminal settlement.
Binance’s settlement with the DOJ represents one of the largest criminal corporate enforcement actions ever. A review of the facts reveals that the penalty is likely warranted, as the misconduct was driven from the very top. Binance’s founder and CEO, Changpeng Zhao (“CZ”) was involved in all of it.
Taking the DOJ’s factual allegations as true, it appears that Binance’s strategy was simply avoid its compliance obligations and focus on growth and profit at all costs. And despite its decision to avoid compliance U.S. regulations, Binance actively sought U.S. customers. The company even specifically tracked its U.S. user base as early as August 2017, just a month after it began operating. Many of these users were enterprise users considered as VIPs, as they transacted the most significant volumes and provided the needed liquidity for the exchange to operate at the highest level. This deep liquidity provided Binance with a significant advantage over its nearest competitors.
Binance required virtually no KYC throughout the majority of its operation. The exchange maintained a Level 1 tier for new users that required only an email address to set up, with no other identifying information needed. At this initial level, users could withdraw up to the value of two Bitcoin per day. At its peak, this allowed users to withdraw nearly $180,000 per day. Furthermore, if that limit was still not enough, users could simply create additional accounts with new email addresses to receive the same limit immediately. This effectively allowed unlimited withdrawals.
The lack of KYC also allowed sanctioned entities to transact on Binance unabated. The company became aware of these issues and compliance staff did attempt to make recommendations to remedy the situation. However, they were consistently met with resistance or inaction. On one occasion, after noting some significant gaps allowing sanctioned users to use the exchange, an executive wrote back suggesting that they “should pay more attention is to give user better service and user experience, not further ban some users.”
The exchange further lacked any transaction monitoring, as required by the Bank Secrecy Act (“BSA”). Internal compliance staff constantly joked about the lack of controls, with the DOJ providing quotes where one compliance staff noted to another that “we need a banner ‘is washing drug money too hard these days – come to binance we got cake for you.” Indeed, Binance frequently processed transactions related to ransomware, hacks, darknet markets, criminal activity, and mixing services. Indeed, even in our own cryptocurrency investigations in recent times, we have frequently found that the funds we are tracing are typically routed, at least in part, to Binance at some point.
Throughout its operation, Binance continued to track its U.S.-customer base and took affirmative steps to continue serve U.S. customers. It wasn’t until June 2019, following recommendations from consultants, did the company even begin to discuss its compliance with basic BSA/AML regulations. At that point, between 20-30% of Binance’s revenue came from the United States. Despite acknowledging that the company needed to consider either blocking U.S. users or implement KYC controls, CZ authorized strategies that ultimately circumvented these regulations.
Shortly after that discussion, the company set up Binance.US as its dedicated U.S. platform and redirected a contingent of its U.S. userbase to this new exchange, which did maintain various KYC and AML controls. This was more window-dressing than it was actual compliance, however. Ultimately, the company continued to maintain its most valuable U.S. customers on its main exchange, in a clear, willful disregard for U.S. regulations.
CZ himself apparently helped establish a strategy titled “U.S. Exchange and Main Exchange – Compliance parameters.” These parameters were designed to allow certain U.S. users to continue operating on the main exchange, which did not require KYC, by utilizing an API. At this point, CZ was also advised that Binance needed to comply with U.S. money transmitter laws and that the company would certainly be categorized as a money services business (“MSB”). Binance.US applied and received necessary licenses, though the foreign exchange still continued to service its high-value U.S. customers through the main exchange which lacked these same licenses. These high-value U.S. customers accounted for nearly a quarter of Binance’s global revenue.
In order to maintain these high-value customers, CZ authorized strategies to help these users circumvent the main exchange’s basic controls. This would allow Binance to bury its head in the sand and feign ignorance of the violations. The dedicated VIP customer support would basically obtusely hint to these users what the issues were—such as noting that a user’s U.S. based IP address was the “sole” reason they could not access the platform, hoping that they would get the hint to utilize a VPN. Binance support even sometimes provided specific help to circumvent its own controls. For example, Binance developed a script, approved by CZ, that customer support could use that explain that Binance’s internal review “mis-categorized” certain users as U.S.-based and that Binance would help them re-categorize themselves. Binance would then provide information on how to establish offshore entities that the exchange could then use for its lax KYC purposes and allow the users to continue operating on the main exchange.
The company still continued to track its U.S. user base and related revenues in its internal reporting, though referred to the U.S. as “UNKWN” in these reports. CZ was apparently aware of—and approved—all of this non-compliance and related strategies. Binance realized more than $1.6 billion in profit from its U.S. users between August 2017 and October 2022.
