The DOJ’s Crypto Framework Is a Warning to Exchanges

The Department of Justice (DOJ) just fired a warning to crypto exchanges worldwide: Comply with U.S. law or face the potential wrath of the federal government.

Last week, the DOJ published an 83-page cryptocurrency enforcement framework detailing its approach to the nascent space and discussing potential crimes. The document also suggested the U.S. government would enforce its laws regardless of where exchanges – referred to as virtual asset service providers, or VASPs – are based. In other words, these exchanges should comply with U.S. laws – even for their non-U.S. customers:

“The Department also has robust authority to prosecute VASPs and other entities and individuals that violate U.S. law even when they are not located inside the United States. Where virtual asset transactions touch financial, data storage or other computer systems within the United States, the Department generally has jurisdiction to prosecute the actors who direct or conduct those transactions.”

The document came just days after prosecutors with the U.S. Attorney’s Office for the Southern District of New York (SDNY) brought charges against crypto trading platform BitMEX, which is headquartered in the Seychelles, and its leaders, some of whom do not reside in the U.S. 

“I do think this is definitely a warning shot about cryptocurrency exchanges that are located outside the U.S.,” Marta Belcher, special counsel to the Electronic Frontier Foundation and general counsel at Protocol Labs, said of the framework. 

Interpreted broadly, the DOJ’s framework can also have implications for international exchanges that may have – or at one point, had – customers in the U.S. Exchanges that pulled out of the U.S. may not be safe either, based on the BitMEX charges.

That’s not to say every exchange operating outside the U.S. is at risk, or that the federal government is declaring open season on platforms it believes should be complying with its laws. Still, overseas exchanges that might have exposure to the U.S. should take note. 

Global reach

The DOJ framework notes that the U.S. has had anti-money laundering/countering the financing of terrorism (AML/CFT) measures for decades, with specific standards around cryptocurrency exchanges and activities since at least 2011. 

Despite this, many VASPs, as the U.S. government refers exchanges – still do not necessarily comply with the Bank Secrecy Act or other laws, the framework claimed. The framework complained that some exchanges might hold U.S. customers to standards that do not apply to non-U.S. customers, or might treat crypto-to-crypto transactions differently from crypto-to-fiat transactions. 

“Because of the global and cross-border nature of transactions involving virtual assets, the lack of consistent AML/CFT regulation and supervision over VASPs across jurisdictions – and the complete absence of such regulation and supervision in certain parts of the world – is detrimental to the safety and stability of the international financial system,” the framework said.

Jake Chervinsky, general counsel at Compound Finance, tweeted that policy makers are looking to tighten global restrictions on the trading of digital assets, in a change from how the crypto space was previously viewed. 

In the DOJ’s view, international regulations should be consistent, the document said. 

Read more: Crypto ‘Gray’ Markets Could Be Unintended Consequence of FATF Travel Rule

The new framework follows a pattern. Since 2018, the U.S. has spearheaded efforts to unite global regulatory efforts around cryptocurrency exchanges and transactions through its presidency of the Financial Action Task Force (FATF), an intergovernmental standards-setting organization. 

Last June, when the U.S. was president, the FATF unveiled the so-called “Travel Rule” for VASPs, advising regulators to require exchanges hold or be able to access comprehensive KYC data, even for individuals receiving funds from a transaction but who weren’t their own customers. The FATF is composed of representatives from the Group of 7 nations, and the presidency rotated between member nations every year at that time.

Implementation of the travel rule is ongoing. Some countries already require strict KYC, while others are still determining what compliance might look like. Switzerland, for example, requires exchanges to verify personal wallets before allowing customers to withdraw their crypto. 

In practice

The U.S. has gone after non-domestic platforms in the past. The Commodity Futures Trading Commission (CFTC), Securities and Exchange Commission and Federal Bureau of Investigation charged 1Broker, a crypto product exchange based in the Marshall Islands, on claims that it allowed U.S. customers to trade on its platform. 

1Broker later settled the charges with the two agencies, allowing customers to withdraw funds through the end of 2019 before shutting its doors

Earlier this month, the SDNY and the CFTC unveiled a variety of charges against BitMEX, one of the world’s largest crypto derivatives trading platforms – based in the Seychelles – as well as owners Arthur Hayes, Ben Delo and Samuel Reed. (SDNY brought an additional charge against Gregory Dwyer, an employee.) 

Both agencies allege U.S. residents were able to trade on BitMEX, despite the company not registering as a futures commission merchant, derivatives contract market or swap execution facility with the CFTC or conduct know-your-customer processes in compliance with the Bank Secrecy Act. 

Read more: OFAC Warns That Firms Helping Victims With Ransomware Payouts Risk Violating Its Rules

According to the indictment, the DOJ is alleging the defendants violated the Bank Secrecy Act and conspired to violate the Bank Secrecy Act across two separate charges. These charges could face criminal penalties, including jail time in addition to monetary fines.

“Beginning no later than November 2014 and continuing to the present (the ‘Relevant Period’), Defendants have offered commodity futures, options, and swaps on digital assets, including bitcoin, ether and litecoin, to persons in the United States, from offices in the United States, through the website www.bitmex.com and a mobile application,” the indictment said.

Speaking at the Digital Asset Compliance & Market Integrity Summit hosted by Solidus Labs last week, CFTC Commissioner Dan Berkovitz hinted the agency may go after other platforms that violate U.S. law in some way – even if they aren’t based in the U.S. 

“I think it’s very clear that if you’re operating outside the boundaries of the law and what the law requires, we will aggressively enforce it,” he said.

Future views

Berkovitz’s comments, alongside the enforcement framework itself, seem to be implying the BSA, a broad AML/KYC-focused law, are applicable outside of the U.S.

In other words, any transactions that might fit into the U.S. regulatory framework is fair game for enforcement, he said, a view the enforcement framework appeared to endorse. 

“They’re extremely explicit that they feel they have authority to prosecute them if they violate U.S. laws even when they’re not located in the U.S.,” Belcher said. “There’s a pretty long section where they, I think, make it pretty clear that is a thing they are contemplating.”

Read more: A New Bill Proposes to Put US Crypto Exchanges Under a National Framework

This should not be a surprise, she added, saying this is at least “one takeaway” from the simple fact the paper was published.

The framework even acknowledges the DOJ’s past international efforts, saying the agency has  “actively participated in international regulatory and criminal enforcement efforts” in the past. 

The DOJ, alongside its law enforcement and civil agency partners, is likely to take advantage of this perceived authority. 

“Where the law is clear, we will enforce it,” Berkovitz said.