Crypto world must face up to some hard truths
A Little About your Author: Fraud Stamp is a small team of experts in personal finance. You can follow us on Twitter @FraudStamp.
On October 1, 2020, US Federal prosecutors and the Commodity Futures Trading Commission (CFTC) swooped. Their target, BitMEX the online cryptocurrency derivative platform. It took the cryptocurrency community by storm, but not totally by surprise. The big concern was who is next? Was anyone safe? How about the rapidly growing DeFi (Decentralized Finance) sector, could that be a target?
Twitter was alive with speculation. The founder of BitMEX was ‘at large’ although his Twitter posts suggested he was living it large in Singapore. He faced many years in prison and many more if he didn’t surrender pronto and cooperate. The general feeling on Twitter was that BitMEX is based in the Seychelles, no one can touch them — ‘this is crypto baby!’ Unfortunately, they underestimate the determination of US law enforcement and their long memory.
BitMEX was founded in 2014 and has processed trillions of dollars of transactions providing a cryptocurrency derivatives platform. Their crime? Operating a “Purportedly ‘off-shore’ crypto exchange, while willfully failing to implement and maintain even basic anti-money laundering policies.” This is by far the biggest crypto scalp the US government has taken a knife too. The fact that BitMEX had 85,000 US clients and failed to provide any Know Your Client checks meant that eventually, the Feds would come knocking. And knock they did. Hard!
It doesn’t matter if you are located in Timbuktu or some small island in the Indian Ocean, if you are fool enough to target US citizens, then you are within the US jurisdiction. And in the case of BitMEX, because they breached Bank Secrecy laws (i.e., anti-money laundering and financing of terrorism regulation), then not only is the company liable but so are the officers. The US authorities are both willing and able to obtain cooperation with other jurisdictions and close down servers, obtain client records, and freeze bank accounts.
So that is the story of BitMEX. The big question, however, is how does that affect the rest of the industry?
When we heard the news, a few names immediately struck us as likely contenders for the special attention of US law enforcement. When we investigated further, that list grew quickly. Let us explain who we think could be next and why. This isn’t an exhaustive list. We are also not lawyers, and we don’t know what is going on behind the scenes, but these are common sense observations which any investor should be making in these more than usual volatile times.
Firstly we took a look at cryptocurrency exchanges. Of course, the largest operator is Binance, and that was a great place to start. For in our opinion, they pose a very high risk of attack. Why may you ask? Binance currently operates in the US, however, it prohibits access for residents in 13 states. Binance US launched four months after American users were barred from their site. Before the ban, at least 30 percent of its business came from the US. Binance, from our brief investigations, appears compliant with US regulation, however, the big question is what about their legacy issues?
Before Binance’s new stringent KYC rules were implemented, they required no form of ID for certain transaction sizes. Obviously, Binance didn’t explain why they initially exited the US market. But the reasons are crystal clear.
As well as maintaining stringent KYC procedures, cryptocurrency exchanges require a money transmission licence to operate. The US Federal legislation views cryptocurrency as a commodity, which brings it under the purview of federal regulators, most notably the Financial Crimes Enforcement Network. FinCEN requires companies who deal with commodities to be registered as money service businesses (MSBs).
More specifically, regulators view most crypto-related businesses in the US as money transmitters. This subjects cryptocurrency exchanges to the US Bank Secrecy Act (BSA), which requires them to register and obtain an appropriate licence in each US state apart from Montana. BitMEX came unstuck here.
Before the launch of Binance US, none of the above requirements were adhered to. They may be following these rules and regulations now, but the question is, is it too late? Are the US authorities going to brush Binance’s numerous breaches of the law under the carpet? As we said at the beginning of this article, US law enforcement has a long memory.
We believe that these legacy issues will come back and bite them. It could even be both a criminal prosecution and civil action in the same way that BitMEX was targeted.
Now, of course, Binance wasn’t the only one targeting US investors without adhering to the appropriate anti-money laundering (AML) and combating the financing of terrorism (CFT) regulations, and it was definitely not the only one operating without the correct licences and permissions in place. But Binance is by far the biggest, and making an example of them seems a plausible outcome.
What Is The Likely Outcome?
The likely outcome is a hefty fine for operating without a licence and lax AML and CFT procedures in place, in the same way as Ripple Labs settled to resolve potential criminal charges. That could run into the hundreds of millions of dollars. There is an outside chance of criminal action against the founder CZ and his key officers for breaching bank secrecy laws and operating without a money transmitter licence. In reality, Binance did have KYC processes in place for some US investors, depending on their transaction sizes. This could save them, however, their blatant disregard of Federal money transmission laws combined with lax KYC rules could lead to criminal action and is certain to lead to a hefty financial penalty.
Binance’s biggest test right now is whether the UK regulator will approve its proposed new UK business. It was supposed to launch in ‘the summer,’ but it is still showing as coming soon. If there are issues back in the US, it is unlikely the UK will regulate their business. This, in our opinion, is crucial to Binance’s future. The Financial Action Task Force (FATF) has already hinted at Binance as an exchange avoiding regulation. They are definitely on the government’s radar.
If Binance or any other exchange come under attack how could this affect investors assets?
This all depends on the severity of the attack. If it is a heavy fine, Binance will shrug it off, and it will be business as usual, allowing them to put their old fly by night ways behind them for good. However, if the Feds want to make an example of them in a similar vein to BitMEX then just as in the case of BitMEX there will be a large outflow of cryptocurrency. Although inconvenient, that isn’t a major problem for investors. The problems could occur if investors hold fiat currency on account or the exchanges central wallets are ‘frozen’ until matters are resolved. Yes, these wallets are outside US jurisdiction, but it wouldn’t take much to persuade another authority to freeze funds or block the transfer of cryptocurrency from the central wallet. More importantly, if there are arrest warrants circulating, the last thing on CZ’s mind (the name the founder of Binance goes by) will be ensuring all investors are able to withdraw their assets when his focus will be on avoiding the boys from INTERPOL.
Investors should be avoiding all exchanges with legacy issues and only use regulated exchanges.
That Brings Us Nicely Onto DeFi
The selling point of DeFi is that it is decentralized. There is no one central party that controls things. The products operating within DeFi are supposed to be trustless, permissionless, and non-custodial. However, decentralization varies from one project to another. Some project teams have significant control of the product’s direction, others are governed by venture capital investors, whilst some have broader communities that control the protocol.
So let’s talk generally. Most DeFi projects have a team behind the project. They are responsible for the code and making sure the vision of the project is carried out. Although the project’s governance tokens, which are similar to shares in a company, in many cases, are distributed to the community, the team usually holds onto a significant number. In the case of Compound Labs, they continue to hold 5.8m out of 10m government tokens, the Uniswap team and investors retain 40% of the tokens and Aave retains 3m from a total of 16m.
As a rule, there is no KYC in DeFi. There are also no money transmitter licenses. Perhaps the project teams consider that their platforms are not involved in the business of money transmission and that they only provide a platform so individuals can transact peer to peer. Maybe they also consider cryptocurrency is not money. In a recent report by the Attorney General’s Cyber Digital Task Force, it is patently clear that the government does not agree to any of these interpretations.
So are these DeFi platforms breaking any US laws? Of course, they are! The platforms allow US citizens to participate whilst not collecting KYC data, that is a clear breach of Bank Secrecy laws. They are also providing a money transmission service without a licence. Although virtual, that is irrelevant. It also doesn’t matter if the platforms are dealing cryptocurrency to cryptocurrency — that still counts according to the government. The Feds won’t be going after the thousands of people using these platforms that is for certain, they will target the project and the project team.
If US law enforcement came after anyone who would they target?
Despite the project teams’ efforts to hand control of the protocol to the community many still maintain control i.e. over 51% or a significant interest in the governance of the project/platform, but that probably isn’t the major issue. As we have seen in a few recent examples, it is within the project team’s capability to change the code of the protocol. The US government could insist that the non-compliant projects are shuttered. They could then go on to target the founders of these projects for it was they who had the original idea — if anything, they are guilty of conspiracy at the bare minimum.
Is this a realistic outcome considering that many of these platforms are backed by blue chip venture capitalists who are trying to do the right thing?
It is obvious from the recent comments by the founders of many DeFi platforms about the BitMEX debacle that they are in complete denial.
Founders seem more focused on contrasting BitMEX’s ‘dodgy activities’ with the transparency and professionalism of their own platforms glossing over the real problem — they are breaking the law!
What Is the Risk To Investors?
Of course, if the SEC or CFTC came down hard on the non-compliant DeFi platforms, investor’s assets would probably be safeguarded through the smart contracts, which would release funds back to investors, unless of course, the government demanded the project team freeze the contracts by altering code. This is an unlikely outcome but possible.
We would be very surprised if many of the blue chip projects such as Compound have not received top legal advice on the regulatory environment they operate in, but this is only an opinion, the government will have its own opinion. They all entered this market knowing this was a grey area. But with the takedown of BitMEX, this is no longer a grey area!
What Is The Solution?
Many of the DeFi protocols are young, so it would be a good idea to forget about operating in this dangerous grey area and introduce regulation that is likely to safeguard their projects and allow us all to benefit from their inventive creations. Yes, crypto was supposed to be anti-government, but that approach doesn’t work in reality. If we are to protect the great projects these crypto founders have created, we must all put regulation at the top of our to-do list, so that project founders don’t find themselves on their own list — the most wanted list!
Follow us on Twitter: @fraudstamp
No Financial Advice
This article does not constitute financial advice in any way. This article should be treated as supplementary information to add to your existing knowledge base.