Four key lessons from the Binance case
The Binance case in the United States serves as a stark reminder of the consequences of regulatory non-compliance in the fast-paced world of cryptocurrency. Despite its rapid growth, Binance failed to meet its regulatory obligations, leading to a historic fine of over $4.3 billion. This landmark penalty underscores the critical importance of regulatory adherence, particularly in industries prone to money laundering and sanctions violations.
Binance's violations can be summarised in three points:
- Systemic regulatory violations: based on the agreements with public authorities, Binance was aware of its regulatory obligations (including registering with FinCEN, implementing an anti-money laundering compliance program, identifying and reporting any suspicious transactions). However, the company's system was exploited by criminal networks without any proactive steps taken to prevent or address said situation.
- Intentional circumventions: messages seized showed that Binance management discussed ways to circumvent the application of U.S. rules (by creating a separate platform, encouraging the use of a VPN to hide the real IP address, encouraging secrecy on accounts opened despite international sanctions). Additionally, it forgot to mention on its website countries sanctioned by the U.S., countries it happened to service. As a result, a total of 1,667,153 violations of several sanctions programs were recorded by the Office of Foreign Assets Control (OFAC).
- Concealing compliance: while Binance has been recognised by the U.S. justice as disregarding the regulatory obligations that they were subject to, their internal policies reflected their legal responsibilities of a "money services business" as defined by FinCEN but were not properly implemented in practice. Thus, the paper-only compliance program was used as a concealer to the unlawful transactions being processed by Binance.
However consequential the fine might appear, the penalties were reduced on account of the active cooperation of Binance in the investigation (promptly responding, providing compromising documents, taking disciplinary actions against the involved employees, etc.). It also took into consideration the redeeming attitude of the company (through improvement of its compliance program, monitoring agreements, compliance investment in tools, internal procedures and recruitment).
Key lessons from the case:
- The necessary identification of the applicable law and regulatory requirements arising therefrom (including legislation with extraterritorial reach);
- The importance of implementing a robust compliance program, adapted to the risks of the company's activity, effective and efficient;
- The importance of having a strong independent compliance function (with sufficient skills and experience, material, human, and financial resources to carry out its mission independently);
- Companies are responsible for operation and consequence of the technologies they employ, even in the case of the use of an algorithm or other 'autonomous' system.