Decentralized Finance needs regulatory clarity and smarter compliance


This article was co-authored by Ridgway Barker and Joseph Bambara CIPP/US.

This year has been a very good year for digital asset markets. A growing number of crypto prime service providers have emerged to provide essential trading, lending, clearing and settlement functions. See, our article here. The digital asset markets are changing from primarily speculative in nature, driven by high-frequency traders, to longer-term buy-and-hold activity. Yale and Harvard have both made multi-million-dollar investments in crypto funds as the asset class continues to gain momentum. Visa, Mastercard and PayPal have made recent announcements that they, too, are embracing the digital asset markets.

As of mid-July 2020, according to the Bank for International Settlements report, at least 36 central banks have published retail or wholesale central bank digital currency work. At least nine countries have undertaken CBDC pilots; 18 central banks have published research on retail CBDCs; and another 13 have announced research or development work on a wholesale central bank digital currency. See, our article here.

Regulatory clarity has been slow to materialize. It is an impediment to adoption by traditional investors and service providers, however, change is underway. The Office of the Comptroller of the Currency (“OCC”) recently announced that national banks can provide crypto services, including holding private keys for customers and other custody solutions. And crypto businesses may soon see a harmonized patchwork of state and federal money transmitter rules. Such developments are making markets more palatable for participants entering this space.

Unfortunately, regulatory uncertainty remains. Will banks store customers’ digital asset keys and facilitate transacting on crypto platforms, and, if so, how; or will they require customers to engage another provider to de-risk that function? How can crypto businesses manage the instrument pricing and reporting? How can crypto businesses navigate the rapidly changing and complex regulatory landscape?

As the market for digital assets grows, the number of trade breaks and security breaches may rise if the infrastructure doesn’t mature, making security and compliance existential priorities for trading venues. For instance, there was also a massive Bitcoin selloff on the BitMEX exchange in March, 2020. Nearly $200 million was liquidated with overleveraged traders unable to move money between networks in time to unwind their positions.

In the view of U.S. regulators, crypto businesses are virtual asset service providers that should be required to collect the names of transaction senders and receivers. They also must have Anti-Money Laundering (“AML”) policies and procedures in place. Crypto businesses have to be vigilant to reconcile the changing state, federal and cross-border rules. As market oversight remains fragmented and in a state of change, counterparties can be unfairly damaged if a transaction goes awry.

An AML case in point is the BitMEX trading platform. On Oct. 1, 2020, the United States Department of Justice filed criminal charges against executives of BitMEX trading platform for violating the Bank Secrecy Act. Additionally, the Commodity Futures Trading Commission filed a civil enforcement action against BitMEX for violating Anti-Money Laundering regulations.

The regulatory body claimed that BitMEX and its executives have been using weak AML and Know Your Customer (“KYC”) policies that bad actors can exploit using various methods such as virtual private networks (“VPN”s) to mask their identities, among others. That said, BitMEX customers have no limits on their Bitcoin (BTC) withdrawals. Identity checks will only become mandatory for traders in February 2021. Throughout 2019, the CFTC was investigating BitMEX because U.S. residents were able to trade crypto derivatives on the platform even though it was neither registered as a derivatives exchange with the CFTC nor as a money services provider with any state in the U.S. BitMEX’s website expressly advertised the fact that “No real-name or other advanced verification is required” to make use of the platform.

BitMEX was given time to improve their Customer Identification Program to effectively exclude US persons. It did not do so and BitMEX’s ongoing negligence and lack of compliance led to the actions against them. As part of its complaint, the CFTC has claimed that BitMEX’s executive team were in contact with multiple compliance consultants, who stated that the company needed to implement stricter KYC standards to comply with international sanctions. BitMEX had ample warnings to make corrections but chose not to heed them. The Department of Justice’s indictment has each of the defendants facing up to 10 years in jail.

Options for BitMEX and its executive team remain relatively limited because in addition to the civil charges, the U.S. attorney for the Southern District of New York has also indicted BitMEX’s executive team on criminal charges of violating and conspiring to violate the Bank Secrecy Act, or BSA.

The BSA is the primary law governing America’s AML/KYC regulations that banks and financial companies are required to follow. The BSA also contains rules as to whether or not entities must register as money services businesses. The guidelines put forth by the BSA serve as the American government’s primary method of preventing money laundering and activities related to terrorist financing.

If BitMEX is found to have been operating unlawfully, in addition to the fines and penalties, the CTFC will also seek to ‘disgorge’ or recoup all of the profits generated by the exchange. This is consistent with the general idea that ‘wrongdoers’ should not profit from their unlawful activity.”

It is important to note that even though Bit MEX’s website clearly states it cannot be used by U.S. persons, regulators require that businesses take active steps to ensure that residents don’t actually use the site. Even for gambling websites and ICOs, it is not enough for the business to simply state ‘No US Persons Allowed.’. This is commonly used technology, e.g., gambling web sites have browser plugins which check the locale of the user before allowing entry.

Regulatory action could be a game-changer for crypto industry.

On October 8, 2020, the Department of Justice’s Cyber-Digital Task Force (DOJ) published “Cryptocurrency: An Enforcement Framework” (the Framework), see, which provides DOJ’s perspective on law enforcement issues and challenges involving cryptocurrency. The Framework represents DOJ’s latest articulation of its evolving perspective as it relates to the cryptocurrency regulatory landscape. That said the Framework implies some new liabilities for crypto developers which need to be reviewed to avoid compliance issues. We will cover the Framework in detail in a forthcoming article.

On October 12,2020, BitMex announced it finally has engaged its first chief compliance officer Malcolm Wright. BitMEX’s operator has since said it will carry out business as usual but recast the executive team, removing Hayes and other founders Samuel Reed and Ben Delo from executive roles. The hiring of the compliance chief is latest reaction to the charges, and an effort to avoid similar situations in future.

In summary, it is incumbent on all developing decentralized finance applications to engage and follow the changes taking place in the legislative and regulatory landscape. Additionally, they need to retain compliance counsel from firms like Withersworldwide else they will find themselves on the wrong side of actions enforcement and criminal actions like those experienced by BitMEX.

Stay in touch with us at Withersworldwide to learn how to prepare your businesses both technically and legally to incorporate these emerging technology trends safely and efficiently. The Withers team can help their financial partners with the legal and technology expertise to stay ahead of the competition.

Category: Article