Binance Holdings Limited, branded Binance, the world’s largest cryptocurrency exchange, agreed to pay an approximate $4.3 billion settlement, the largest in history, according to a press release by the U.S. Treasury Department on November 21, 2023. The company plead guilty to charges by the Treasury’s Financial Crimes Enforcement Network (FinCEN), the Office of Foreign Assets Control (OFAC), and IRS Criminal Investigation (CI) of engaging in anti-money laundering (AML), unlicensed money transmission, and sanctions violations.
The settlement is part of a global agreement concurrent with Binance’s resolution of related matters with the Department of Justice (DOJ) and the Commodity Futures Trading Commission (CFTC). The resolution also includes criminal charges against Changpeng Zhao, known as CZ in the industry, founder and Chief Executive Officer (CEO) of the crypto exchange giant who “issued guidance to ‘appear’ compliant, while knowingly allowing the apparently violative activity to continue.”
As noted in the CFTC’s complaint, “Binance and Zhao’s ethos of prioritizing profits over legal compliance” underscores how Binance’s business was run—"Its Compliance Program Was Just “For Show”.” The staggering settlement and CZ’s criminal charges are strong warnings for companies to take their own compliance programs and ethical practices seriously.
The Treasury also announced that the settlement with Binance resolves:
“Violations of the Bank Secrecy Act (BSA) and apparent violations of multiple sanctions programs. The violations include failure to implement programs to prevent and report suspicious transactions with terrorists — including Hamas’ Al-Qassam Brigades, Palestinian Islamic Jihad (PIJ), Al Qaeda, and the Islamic State of Iraq and Syria (ISIS) — ransomware attackers, money launderers, and other criminals, as well as matching trades between U.S. users and those in sanctioned jurisdictions like Iran, North Korea, Syria, and the Crimea region of Ukraine.”
FinCEN’s settlement agreement imposes a five-year monitorship, assesses a civil monetary penalty of $3.4 billion, and requires significant compliance undertakings, including ensuring Binance’s complete exit from the United States” (from which it had been banned in 2019).
OFAC assessed a $968 million penalty and the settlement agreement require Binance to “abide by a series of robust sanctions compliance obligations, including full cooperation with the monitorship overseen by FinCEN.”
The Treasury further stated:
“Binance willfully failed to report well over 100,000 suspicious transactions that it processed as a result of its deficient controls, including transactions involving terrorist organizations, ransomware, child sexual exploitation material, frauds, and scams.”
CZ's settlement with the DOJ includes a penalty of $50 million. He stepped down as CEO of Binance and is forbidden to have any involvement in the company.
The settlement also includes prohibitions against his making any direct or indirect public statements that contradict his admission of guilt and acceptance of responsibility. CZ faces a possible 10-to-18-month prison sentence and his request to visit his family in the UAE has been denied twice.
Since the settlement, the SEC has submitted a notice of supplemental authority to the court presiding over its case against Binance, highlighting similarities with the Terraform Labs case whose co-founder Do Kwon legal faced legal action for purportedly conducting unregistered securities offerings and fraudulent activities in relation to its tokens. The court ruled on December 28th in the Terraform case in favor of the SEC, finding specific tokens qualified as securities, principally because they were investment contracts. This has future implications for how crypto asset securities are assessed in the U.S.
On January 19, 2022, Binance lauded their company’s efforts in "security, regulation, and compliance,” on their company blog, announcing they had "increased our security and compliance team’s headcount by 500%, drawing in some of the industry’s best talent.” They further stated their commitment to conducting over “70 law enforcement workshops on topics related to crypto, blockchain, and combatting digital financial crime" and that they were "the first blockchain and crypto organization to join the National Cyber-Forensics and Training Alliance (NCFTA),” along with implementing key upgrades to our identity verification (know-your-customer, or KYC) processes.”
Yet, rather than leading the way in “security, regulation, and compliance,” Binance actively and intentionally failed in all regards, behaving as “bad actors” in their pursuit of profit and growth.
In September 2021, Tigran Gambaryan, a former special agent of the Internal Revenue Service—Criminal Investigation (IRS-CI) joined Binance as VP of Global Intelligence and Investigations. Tigran, whose background includes over a decade as a special agent has investigated numerous cases involving "national security, terrorism financing, identity theft, distribution of child pornography, tax evasion, and bank secrecy act violations during his award-winning career" and who led "multi-billion-dollar cyber investigations, including the Silk Road corruption investigations, BTC-e bitcoin exchange, and the Mt. Gox hack," according to Binance's own website.
Gambaryan was quoted as saying “Compliance is the first line of defense. We will work closely with our colleagues in compliance to identify criminals and refer them for prosecution…. Our goal is to increase trust in cryptocurrency by establishing Binance as the leading contributor in the fight against human trafficking, ransomware and terrorism financing. I want to educate the worldwide law enforcement community on how Binance is a partner in the fight against the illicit use of cryptocurrency.…”
CZ, Binance’s founder and CEO set the tone.
Samuel Lim, Binance’s first and former Chief Compliance Officer (CCO) is also charged in the CFTC’s complaint which states, “Zhao, and Lim have all chosen to ignore those requirements and undermined Binance’s ineffective compliance program by taking steps to help customers evade Binance’s access controls.”
Company employees, “Binance officers, employees, and agents have acknowledged that the Binance platform has facilitated potentially illegal activities” and even joked about it, according to the CFTC’s filing. In 2019, Lim “explained to a colleague that terrorists usually send “small sums” as “large sums constitute money laundering” after receiving information “regarding HAMAS transactions” on the company platform. A coworker’s response: “can barely buy an AK47 with 600 bucks.” In 2020, concerning certain clients Lim said in a chat: “Like come on. They are here for crime.” The response from Binance’s Money Laundering Reporting Officer (MLRO)? We see the bad, but we close 2 eyes.”
The tone at the top sets the tone for a company’s ethics (or lack thereof) and culture. In Binance’s case, this tone was set by “bad actor” senior executives. Compliance and ethical behavior must always be a priority for businesses of any size.
Binance believed that adhering to compliance and legal strictures would impede growth and cause a loss of customers and revenue.
Binance is not the only company that views compliance this way and from the crypto exchange’s continuing legal and criminal entanglements, the lesson should be obvious. But this does not seem to be the case. Some companies consciously choose to perform the bare minimum of compliance. They either fail to note its vital importance, or resent the financial and time investment needed for successful compliance endeavors, often seeking to ignore or off-shore their compliance responsibilities to countries such as India, forgetting that the majority of FCPA and other violations involve subsidiaries in foreign jurisdictions.
Internal departments within a company may also be resistant to following, reporting, and adhering to compliance strictures thinking it is a strain on their time, productivity, and staff. This is incorrect thinking. Compliance needs to be part of the culture of all companies and needs to start at the top. Trying to get compliance managers or staff to encourage or cajole executives and others to follow through on compliance initiatives should not be the norm. It should be expected that executives lead the way and see it as something critical to the company’s success. This “tone” needs to come from the top and be reinforced at all levels within the company in order to be effective. Compliance needs to be built in to corporate departments responsibilities and tasks rather than viewing it as an external burden.
This should also be inherent in hiring executives, starting with a Tier III due diligence investigations at regular intervals. Due diligence investigations are designed to detect hidden and undisclosed information that is not readily available in standard background checks. Due diligence investigations evaluate relationships of executives to foreign officials, criminal history, financial and legal issues, civil litigation issues, relationships with other companies and entities, reputation issues, shell company involvement, evidence of fraud, signs of money laundering, financial impropriety, conflicts of interest, drug, alcohol and human trafficking, anti-competitive behaviors and numerous other serious issues.
Open Source Intelligence (OSINT) investigations are an important source of information in addition to publicly available records. Partnering with a third-party, non-biased global security and risk management company, is one of the integral pieces in making sure that risk is mitigated both externally and internally within a business.
Integrity in business is key to continued success. As Deputy Attorney General Lisa Monaco stated in her remarks announcing Binance and CEO guilty pleas to federal charges in the $4 billion resolution: “Some say the key to success in the tech sector is to “move fast and break things.” Today’s actions show that if what you break is the law, there will be consequences.”