Listen to this post

On November 21, 2023, the U.S. Office of Foreign Assets Control (OFAC) announced its largest settlement in history with the virtual currency exchange Binance. This almost-billion dollar settlement is a part of a larger comprehensive settlement with the Department of Justice, FinCEN, and the CFTC, totaling over $4 billion. OFAC found that Binance had allowed 1.6 million transactions in violation of multiple sanctions regimes while Binance’s C-Suite was complicit. Binance’s blunders that led to this enforcement action highlight the importance of management commitment to compliance programs.[1]

This penalty is news in and of itself, but the news is not niche or limited to cryptocurrencies or the exchanges on which they are traded. In going after the largest cryptocurrency exchange in the world, OFAC is sending a clear message to any company involved in FinTech: you cannot hide behind your algorithms or paper compliance programs. FinTech companies cannot claim that, just because theirs is a new area, a new technology, a new way of doing business, that it cannot be subject to, or comply with, the existing rules that govern international transactions involving U.S. persons, U.S. banks, or the U.S. Dollar.

Binance is a virtual currency trading platform with millions of users across the planet. The platform used an algorithm to match buying and selling orders from users with other users on its platform. This algorithm would complete trades based only on time and value which led to transactions between U.S.-users and users from sanctioned countries. Not only do OFAC sanctions prohibit U.S. persons from transactions involving sanctioned countries and parties, they also prohibit any person from causing U.S. persons from participating in transactions involving sanctioned parties.

Binance’s compliance program did little to stop these transactions. For instance, the Terms of Use for Binance stated that in using the platform users are declaring they are not on any sanctions list. Considering most people never read Terms of Service, it is easy to see why this was ineffective. Binance also created a U.S.-only platform and implemented IP screening, but, at the same time, Binance encouraged users to use a VPN to work around these geofencing measure.

Binance’s compliance issues started at the top. Their CEO and CCO painted a rosy picture of compliance when dealing with third parties, but internally, they made deliberate choices to hamstring their own compliance program. Multiple times the CEO and the CCO were made aware of users from sanctioned countries on the platform, but each time their response was not to fix the problem but to hide it, even going as far to say that “compliance is here to make Binance APPEAR compliant.” OFAC found this complicity to be an aggravating factor. If anything, this should highlight the importance of management buy-in to compliance programs because that is where a culture of compliance can begin.

It is important to assess your company’s risks and build a compliance around those elements that make your company unique. OFAC has provided compliance guidance for the virtual currency industry, which applies its compliance framework to the unique issues faced in the financial technologies industry. Any virtual currency platform should have internal controls like Know Your Customer Procedures and transaction monitoring. Your compliance program should assess and audit these internal systems and empower operations managers to make changes where needed. It should also train employees on how to protect the company. As the Binance settlement show, all these measures are for naught if there is not management buy-in.

Binance’s Apparent Violations amounted to less than 0.0028% of their total trade volume, but OFAC hit them with the largest fine in history. This shows that OFAC takes these violations seriously and will view “paper programs” as egregious. FinTech companies—start-up or established—as well as traditional financial institutions with an international footprint can learn from this cases because the message is not that OFAC is done with enforcement in this area. It appears the agency is just getting started.

We will provide updates here as events warrant.

FOOTNOTES

[1] Look, we write this on Thanksgiving eve knowing that our colleague at the bar and Financial-Thing-Explainer extraordinaire, Matt Levine at Bloomberg will have a really cool take on this by Monday in his newsletter, Money Stuff (which, if you’re not reading, you’re missing out), but we’ve got a chance to steal a march on him and we’re gonna take it!