FinCEN’s order regarding Bitzlato and action to be taken by financial institutions  

fincen order bitzlato

On January 18th, FinCEN released an order regarding Bitzlato Limited (“Bitzlato”), identifying it as a hub for Russian criminals to launder proceeds of crime. 

Key Points: 

  1. Bitzlato Limited (“Bitzlato”) has been identified as facilitating money laundering for Russian criminals. 
  1. FinCEN issued an order on January 18, coming into effect February 1st, prohibiting USA’s financial institutions to allow transactions involving Bitzlato-owned blockchain addresses. 
  1. As Bitzlato’s activity represents a threat to the international financial system, financial institutions worldwide must pay special attention if and when they detect transactions involving Bitzlato-owned addresses. 
  1. Coinfirm details on what action has been taken internally to assist its clients in determining whether the addresses they or their users transact with have nexus to Bitzlato  
  1. Confirm provides its input on how to identify such addresses and where in obliged entities’ AML processes and procedures Coinfirm’s solution fit. 

Why was the order released? 

USA’s Combating Russian Money Laundering Act, section 9714(a), states that “if the Secretary of the Treasury determines that reasonable grounds exist for concluding that […] a foreign financial institution is of primary money laundering concern in connection with Russian illicit finance”, the Secretary may: 

  1. require domestic financial institutions and agencies to create and maintain records and/or file reports on the transactions involving an institution identified to be of primary money laundering concern, including “the identity and address of the participants in a transaction or relationship, including the identity of the originator of any funds transfer”, “the legal capacity in which a participant in any transaction is acting”, “the identity of the beneficial owner of the funds involved in any transaction”, “a description of any transaction”, “obtain and retain information concerning the beneficial ownership of any account opened or maintained in the United States by a foreign person” among other such details as described in title 31, section 5318A(b) of United States Code(Special measures for jurisdictions, financial institutions, international transactions, or types of accounts of primary money laundering concern) 
  1. „prohibit, or impose conditions upon, certain transmittals of funds […] by any domestic financial institution or domestic financial agency, if such transmittal of funds involves any such institution […]”. 


FinCEN explains in the order that Bitzlato has been identified as an institution of “primary money laundering concern” in connection with Russian illicit finance, based on its detected transactional activity, which allowed Russian criminals to launder proceeds of crime stemming primarily from darknet markets and ransomware activities and decided to „prohibit certain transmittals of funds by any covered financial institution involving Bitzlato Limited (Bitzlato)”. 

Key findings regarding Bitzlato: 

  • previously known as ChangeBot 
  • VASP (specifically a convertible virtual currency exchanger) is incorporated in Hong Kong, with headquarters in Russia 
  • Services offered: exchange and P2P (wallet, escrow and other related services) 
  • Cryptocurrencies covered: Bitcoin (BTC), Ether (ETH), Bitcoin Cash (BCH), Litecoin (LTC), Dash (DASH), Tether (USDT), Monolith Ruble (MCR) and Dogecoin (DOGE) 
  • Allowed Russian and global ransomware groups, such as Conti, DarkSide, Phobos to deposit and transfer funds 
  • Facilitated transactions between darknet markets customers and vendors – Hydra, BlackSprut, OMG!OMG!, and Mega 
  • between 2019 and 2021, Bitzlato received $206 million from darknet markets, $224 million from scams, and $9 million from ransomware attackers 
  • lax KYC controls  

What measures are imposed by FinCEN upon financial institutions in relation to Bitzlato-related transactions?  

FinCEN acknowledges that there may be „technological limitations that may limit or preclude covered financial institutions from declining CVC transfers originating at addresses outside of their control, and as such, compliant institutions may find themselves in receipt of CVC from Bitzlato despite a desire and effort to limit such exposure”.  

As a result, “this order allows covered financial institutions the flexibility to act with discretion based on the facts and circumstances of a particular transaction and comply with this order”.  

Detailed explanations about required actions by US financial institutions are provided in the order starting with chapter “C. The extent to which the action or the timing of the action would have a significant adverse systemic impact on the international payment, clearance, and settlement system, or on legitimate business activities involving Bitzlato.”  

To whom do FinCEN restrictions apply? 

US-covered financial institutions are under the obligation to comply with FinCEN’s decisions.  

The definition provided in the order of a „covered financial institution” is same as the meaning as “financial institution” in  in 31 CFR § 1010.100(t):Financial institution. Each agent, agency, branch, or office within the United States of any person doing business, whether or not on a regular basis or as an organized business concern, in one or more of the capacities” further described in the CFR.   

However, given the activities, Bitzlato allows and facilitates, it’s safe to say that financial institutions worldwide, especially those in jurisdictions with strong AML regulations, would benefit from applying proper due diligence in relation to transactions with nexus to Bitzlato.  

 Mitigating measures applied by an obliged entity would depend on:  

  1. their risk appetite, AML policies and procedures, Customer acceptance policy and Customer risk assessment; 
  1. available software and tools to detect, stop, prevent and/or mitigate the transactional activity described in the order 
  1. the decided-upon actions to enforce when such activity is detected 

Out of these three points, Coinfirm tools can be used to detect the activity, as part of point 2. The decisions to be made upon detection are up to each entity, based on points 1, 2 (tools and software to stop, prevent, mitigate risk), and 3. 

How to comply with the order by using Coinfirm’s tools? 

First we have to mention what were the measures taken by Coinfirm to assist our clients respect FinCEN’s order and detect transactions involving Bitzlato addresses: 

  1. Coinfirm has flagged the entity as “fined for AML failings”, is linked to a “severe risk country” (Russia) and countries subject to targeted sanctions (Hong Kong and Russia), “is allowing anonymous coins trading”, has limited KYC verification (in our due diligence process of verifying the entity we’ve discovered that Bitzlato requested documentation from users upon withdrawal – FinCEN mentions in its report that no proper KYC was conducted at deposit stage – which is conclusive of our findings as well) 
  1. Coinfirm has clustered over 450,000 addresses as owned by Bitzlato – all these addresses have inherited some of above risk indicators pertaining to the owner.  

Recommended steps to identify Bitzlato addresses and transactions to/from using Coinfirm tools:  

1. Direct exposure  

Step 1: all addresses clustered to Bitzlato will show the owner name in their generated AML risk report (Coinfirm tool). In this case, your compliance officers will need to have internal knowledge that Bitzlato is not a reputable owner from/to which you allow transactions. 

Step 2: For an easier way to identify that a client is/ was interacting with addresses of an entity that falls out of your risk appetite (i.e. Bitzlato – if this is the case), use the customization feature to Blacklist Bitzlato (owner) – this will result in all clustered addresses to Bitzlato to have the risk indicator “Address belonging to the entity appearing on the private blacklist” applied. By using this measure, your compliance officers will know that any transaction from or to an address with this risk indicator is to be avoided/appropriate measures to be applied based on your AML policy and procedures. 

2. Indirect exposure – an address has had a transactional activity with addresses that have sent funds to/ received funds from Bitzlato addresses.  
This indication of indirect exposure to Bitzlato shows up in the Enhanced AML risk report via the proximity path feature, showing the flag, the address the flag stems from (i.e. risk activity), owner name, amount, and a number of hops (1 hop away, for example, means the address has sent to/received from directly the address which represents the source of the risk). In such cases, your compliance officers will know the origin of the funds and can take appropriate measures as described in your AML policies and procedures.