A string of recent penalties issued by US authorities has highlighted rules meant to prevent crypto exchanges from being used for illicit purposes. They have also shown how some exchanges have failed to implement them.
In the latest case, CoinList has agreed to pay $1.2 million to settle allegations it violated US sanctions related to Russia and Ukraine. Although the fine is tiny compared to Binance’s record $4.3 billion settlement with the Department of Justice (DoJ) in November, it points to a widespread problem affecting many crypto exchanges.
For both Binance and CoinList, recent penalties can be traced back to their failure to properly implement “Know-Your-Customer” (KYC) protocols. Specifically, the 2 exchanges were accused of onboarding users from regions that are subject to blanket sanctions.
The Office of Foreign Assets Control (OFAC) accused CoinList of opening accounts for users residing in Crimea. Meanwhile, Binance pleaded guilty to a more extensive range of KYC crimes related to users in Cuba, Iran, Syria, North Korea, Crimea and other parts of Russian-occupied Ukraine.
Although Binance’s recent settlement made headlines both for the size of its fine and the extent of its Anti-Money Laundering (AML) violations, over the years, hardly a single exchange has avoided such AML penalties.
In 2023, KYC shortcomings have been cited in US enforcement actions against BitPay, Bitzlato, Coinbase, bZeroX and Poloniex, resulting in fines and seizures collectively worth over $70 million.
Given such widespread non-compliance, are there any exchanges that haven’t breached US AML laws at some point?
Among the most well-known US crypto exchanges, Gemini and Kraken were among the first to implement stronger KYC controls. Given that they are two of the few platforms that haven’t been accused of sanctions violations, their decision to invest in AML compliance before it was fashionable appears to have paid off.
Although Coinbase reached a $100 million settlement with the New York Department of Financial Services (DFS) over weaknesses in its AML program, it has avoided falling foul of Federal regulators’ due diligence sanctions enforcement investigations. Moreover, as part of its deal with the DFS, Coinbase has committed to spending an additional $50 million upgrading its KYC and transaction monitoring systems.
Ultimately, an exchange’s ability to follow US regulations isn’t the only factor impacting how safe it is for users.
Privacy advocates argue no-KYC exchanges are an important buttress against regulatory oversight and government surveillance. And for those who wish to use their services, a VPN is sufficient to skirt US restrictions.