May US Crypto Regulatory Roundup

Coinfirm’s Regulatory Affairs looks into the major May US regulatory updates and law enforcement actions in the crypto industry: the ‘mining investment’ platform MCC charged with conspiracy to commit fraud and money laundering, the consent order issued against by the Office of the Comptroller of the Currency to Anchorage Digital Bank, the US Department of Commerce seeking comments on its development of framework in digital assets and the Senate Homeland Security and Governmental Affairs Committee’s report on ransomware and crypto.

Former BitMEX CEO Arthur Hayes Sentenced to 2 Years Probation 

Former BitMEX CEO Arthur Hayes was sentenced to two years of probation, with home detention for six months and location monitoring. He pleaded guilty in February to charges of wilfully failing to establish, implement, and maintain an anti-money laundering programme at BitMEX.  

As per the press release from the Department of Justice:  

‘Because of the lack of KYC, the full scope of criminal conduct on BitMEX may never be known. The company, still owned by HAYES and his co-defendants, accepted a settlement with the Department of Treasury in which the Company neither admitted nor denied that that it had conducted more than $200 million in suspicious transactions, and that the Company had failed to file suspicious activity reports on nearly 600 specific suspicious transactions.’ 

CEO of Mining Capital Coin Indicted in $62 Million Cryptocurrency Fraud Scheme 

The CEO and the founder of Mining Capital Coin (MCC) have been charged with conspiracy to commit wire fraud, conspiracy to commit securities fraud, and conspiracy to commit international money laundering.  

According to the indictment, the court alleges that MCC:

  • “misled investors about MCC’s cryptocurrency mining and investment program, under which investors could invest in MCC by purchasing “Mining Packages.” MCC claimed to have an “international network of cryptocurrency mining machines as being able to generate substantial profits and guaranteed returns by using investors’ money to mine new cryptocurrency“. Additionally, MCC issued their own cryptocurrency ‘Capital Coin’ which was claimed to be stabilised by the revenue from mining cryptocurrency. However, according to the indictment, MCC “operated a fraudulent investment scheme and did not use investors’ funds to mine new cryptocurrency, as promised, but instead diverted the funds to cryptocurrency wallets under his control
  • “fraudulently marketed MCC’s purported ‘Trading Bots’ as an additional investment mechanism for investors“, however instead of delivering on the promise to use the bots to generate income for investors, the funds were diverted to the CEO and his co-conspirators
  • operated a pyramid scheme recruiting promoters for MCC investment programs

The proceeds obtained from the scheme were subsequently laundered through various foreign-based cryptocurrency exchanges. 

On 22 April, The Office of the Comptroller of the Currency (OCC) issued a ‘Consent Order’ against the first crypto business that received a OCC banking license (for Anchorage’s custody and settlement arm) in Jan 2021.  

  • The OCC order states that the Bank ‘failed to adopt and implement a compliance program that adequately covers the required BSA/AML program elements, including, in particular, internal controls for customer due diligence and procedures for monitoring suspicious activity, BSA officer and staff, and training’.  
  • The Bank is ordered to form a Compliance Committee of at least 3 members that should not be the employees of the bank, and the bank has to submit an action plan to the OCC addressing the failings within 30 days.

The consent order document goes into details on what the regulator requires of the bank in all key areas of the AML framework:  

  • Appointment of BSA Compliance Officer  
  • Customer Due Diligence and High Risk Account Reviews  
  • Suspicious Activity identification and reporting  
  • Compliance Independent Testing  
  • AML Training  
  • Record Keeping  

The order:  

  • Is the first AML program failings related enforcement action against a regulated crypto business 
  • Gives a clear reaffirmation that all AML requirements should apply equally to the regulated crypto businesses
  • Mentions some crypto specific expectations, namely the bank
  • Implements “processes to effectively identify transactions involving unhosted wallets” within their monitoring systems
  • Implements “process that ensures sufficient information is collected on digital asset transactions conducted by or through the Bank to be able to effectively identify and report suspicious activity
  • Underlines the importance of adequate ‘expertise’ regarding AML and digital assets.  

The Department of Commerce Published Request for Comment on the Development of the Framework for Digital Assets 

The Department of Commerce has published the Request for Comment (RFC) requesting input from the public on the development of the framework for digital assets.  

Executive Order of March 9, 2022 – Ensuring Responsible Development of Digital Assets – outlines the US policy objectives with respect to digital assets. The Executive Order directs the Secretary of Commerce, in consultation with the Secretary of State, the Secretary of the Treasury, and the heads of any other relevant agencies, to establish a framework for enhancing the US economic competitiveness in, and leveraging of, digital asset technologies.  

The Commerce Department is seeking comments on a broad range of questions regarding the:

  • Competitiveness of US digital asset businesses 
  • Comparisons to traditional financial services and financial inclusion considerations
  • Technological considerations

The deadline for submitting the responses is 5 July 2022.  

HSGAC Report: Use of Cryptocurrency in Ransomware Attacks, Available Data and National Security Concerns

The Senate Homeland Security and Governmental Affairs Committee (HSGAC) released a report on the role “cryptocurrencies continue to play in emboldening and incentivising cybercriminals to commit ransomware attacks that pose an increasing national security threat”.

The key findings in the report include: 

  • The federal government lacks comprehensive data on ransomware attacks and use of cryptocurrency in ransom payments; 
  • Current reporting of ransomware attacks and ransom payments made in cryptocurrency is fragmented across multiple federal agencies; 
  • Lack of reliable and comprehensive data on ransomware attacks and cryptocurrency payments limits available tools to guard against national security threats; and 
  • Currently available data on ransomware attacks and cryptocurrency payments limits both private sector and federal government efforts to assist cybercrime victims.  

The report makes key recommendations, including: 

  • The Administration should swiftly implement the new ransomware attacks and ransom payments reporting mandate; 
  • The federal government should standardise existing federal data on ransomware incidents and ransom payments to facilitate comprehensive analysis; 
  • The Congress should establish additional public-private initiatives to investigate the ransomware economy; and 
  • The Congress should support information sharing regarding ransomware attacks and payments including crowdsourcing initiatives.