On September 24, 2020, Commodity Futures Trading Commission (“CFTC”) Commissioner Dan Berkovitz discussed the agency’s Anti-Money Laundering (“AML”) enforcement program in detail, signaling the CFTC’s commitment to ensuring that financial institutions and other CFTC registrants comply with applicable AML regulations. Commissioner Berkovitz’s remarks accord with the priorities of several other regulators that have recently highlighted the significance of compliance with AML obligations.
In 2018, the CFTC’s Division of Enforcement established a Bank Secrecy Act (“BSA”) Task Force. Since the Task Force’s creation, the CFTC has brought several cases alleging AML-related deficiencies, including enforcement actions that have resulted in settlements with several financial institutions and trading platforms.
On March 4, 2019, a federal court approved a consent order to settle a CFTC enforcement action against a Marshall Islands-based trading platform, 1Pool Ltd., and its chief executive officer for AML violations. The CFTC alleged violations of the Commodity Exchange Act (“CEA”), including 1Pool’s failure to register as a futures commission merchant (“FCM”) and related failure to implement an adequate AML supervisory system (which is required of FCMs). The CFTC’s consent order arose from 1Pool’s sale of “contracts for difference” (“CFD”) to retail customers based on commodities margined, leveraged, and settled in a digital asset—bitcoin. The SEC also brought a parallel action for violations of the Securities Act and the Securities Exchange Act.
The CFTC determined that the online platform did not maintain and implement an adequate supervisory system that included specific AML procedures, primarily Know Your Customer (“KYC”) and Customer Identification Program (“CIP”) measures, which required 1Pool to obtain information that would enable the platform to form a reasonable belief regarding the true identity of its customers. To begin trading or to take a position on the platform, customers were required to complete only a “brief” registration, which merely consisted of providing a username and email address. 1Pool did not obtain other identifying information, such as the customer’s actual name or physical address. Because the platform did not implement adequate KYC/CIP procedures, the CFTC concluded that the platform similarly failed to implement an adequate supervisory system, in violation of CFTC Regulation 166.3. The company’s chief executive officer and platform developer also was held liable as a controlling person. Separately, the SEC found that the defendants did not determine whether customers met discretionary investment thresholds, as required for the unregistered sale of security-based swaps.
Based on the AML-related failures and other violations, the defendants entered into a consent order with the CFTC, agreeing to pay $246,000 in disgorgement and a civil penalty totaling $175,000.
The CFTC recently charged BitMEX (a cryptocurrency trading platform) and its affiliates and owners with illegally offering leveraged retail commodity transactions, futures, options, and swaps while failing to register as an FCM, swap execution facility (“SEF”), or designated contract market (“DCM”). In short, BitMEX operated as an unregistered exchange offering leveraged retail transactions and other cryptocurrency derivatives.
BitMEX is a “peer-to-peer” platform that offers trading of cryptocurrency derivatives, including leveraged trading to retail and institutional customers in the U.S. and throughout the world. The platform is a “pure derivatives exchange[,] as opposed to a spot market for the purchase or sale of virtual currencies,” and involves derivatives with leverage of up to 100 to 1, but BitMEX “does not actually deliver the cryptocurrencies underlying the contracts it offers for trading on its platform,” such that these transactions do not fall within the 28-day actual delivery exception for retail transactions. Accordingly, the CFTC alleges that BitMEX and the other defendants violated the CEA and accompanying regulations by (1) offering, entering into, confirming the execution of, or otherwise dealing in, off-exchange commodity futures transactions and commodity options; (2) acting as an unregistered FCM; (3) operating a facility for the trading or processing of swaps without registering as an SEF or DCM; (4) failing to supervise; and (5) failing to comply with applicable provisions of the BSA, including failure to implement sufficient KYC or AML procedures.
The DOJ brought a parallel action charging four BitMEX executives with violations of the BSA and conspiracy to violate the BSA based on similar factual allegations. These charges stem from the failure to register the platform as an FCM under the CEA. The CEA imposes a number of obligations on FCMs, including establishing a sufficient AML program, reporting suspicious activities in suspicious activity reports (“SARs”), and establishing a written KYC program. BitMEX failed to register as an FCM and by extension failed to comply with these obligations under the BSA while continuing to serve U.S. customers. The DOJ alleged willful violations of the BSA and attempts to evade BSA requirements.
On September 30, 2020, a registered introducing broker (“IB”), A&A Trading, settled with the CFTC for failing to file a SAR and failing to supervise the handling of customer accounts. The CEA required the firm, as an IB, to comply with the BSA and regulations promulgated thereunder.
As alleged in the order, A&A Trading assisted another IB, Kooima & Kaemingk Commodities, Inc. (“K&K”), in the handling of specific customer accounts. In exchange for commissions, A&A Trading accepted orders for commodity interests placed by K&K’s associated persons and handled certain office functions for the company. The CFTC’s consent order stemmed from a prior investigation into K&K’s misconduct. From 2012 to 2014, one of K&K’s former associated persons, Nathan Harris, engaged in unauthorized trading by failing to obtain specific authorization and executed powers of authority. The unauthorized trading resulted in almost $10.3 million in net customer losses, and the CFTC brought two enforcement actions against K&K and Harris.
The CFTC found that despite K&K informing A&A Trading of Harris’s conduct, A&A Trading failed to file a SAR, in violation of CFTC Regulation 42.2, and continued to accept orders from Harris on behalf of customers. According to the CFTC, A&A Trading’s policies and procedures for filing SARs were inadequate; the company’s policy simply required filing a SAR for unusual customer wire activity, such as frequent transfers. The BSA, however, requires filing a SAR in four circumstances, where the transaction or series of transactions exceed $5,000: (1) the transaction involves funds derived from illegal activity or intended or conducted to hide or disguise assets derived from illegal activity; (2) the transaction is designed to evade requirements under the BSA; (3) the transaction has no business, apparent lawful, or expected purpose; or (4) the transaction involves use of a company to facilitate criminal activity.
Further, the CFTC determined that A&A Trading failed to diligently supervise the handling of customer accounts, in violation of CFTC Regulation 166.3. In particular, Harris’s unauthorized trading continued even after K&K warned A&A Trading of Harris’s conduct. A&A Trading did not take any actions to confirm that customers had authorized Harris’s trades. Based on this conduct, A&A Trading entered into a settlement with the CFTC, agreeing to pay a civil monetary penalty of $400,000 and more than $95,000 in disgorgement.
During his remarks, Commissioner Berkovitz detailed several general considerations for market participants, as well as other implications stemming from CFTC settlements regarding AML compliance. Accordingly, financial institutions and other CFTC registrants should consider whether updating their AML programs is warranted.
Requirements under the BSA focus on three areas: (1) adopting a customer identification program to identify and verify the identities of customers; (2) adopting a customer due diligence program to detect money laundering or suspicious activity; and (3) reporting suspicious transactions via SARs. Under CFTC Regulation 42.2, financial institutions—specifically FCMs and IBs—must adopt relevant policies and procedures to ensure compliance with AML rules and regulations. AML regulations are not relevant for only FCMs and IBs, however; although not specifically referenced in the regulation, commodity pool operators, commodity trading advisors, swap dealers, and retail foreign exchange dealers also have AML obligations. Companies dealing with digital assets, as demonstrated by the CFTC’s resolution with 1Pool and charges against BitMEX, are not exempt from these requirements.
In reviewing their AML programs, financial institutions and other CFTC registrants should consider the three general areas of obligations under the BSA. First, companies should ensure that they implement a customer identification program and that the program can facilitate the formation of a reasonable belief as to the true identities of customers. The CFTC’s consent order with 1Pool and charges against BitMEX underscore the importance of a robust customer identification program. Obtaining usernames and email addresses from customers is insufficient to identify customers, and companies should seek other identifying details from their customers, including names and addresses.
Second, a customer due diligence program should facilitate the detection of money laundering or suspicious activity. The program should be adequately resourced to allow companies to reasonably surveil money movements and transactions. Market participants must continually evaluate and update their AML systems to mirror the nature and scope of their businesses. Relying on manual review of transactions likely is insufficient for large companies. Evaluation of the business is not a static process, and an AML program should reflect any expansion in a company’s business. Further, after detecting suspicious activity, a company’s AML program should facilitate the investigation of red flags. Customer complaints should not be ignored, as demonstrated by the CFTC’s settlement with A&A Trading. Other warning signs include large deposits compared to net worth and annual income, excessive wire activity or losses, transactions that lack business sense, and notices of federal investigations. Transactions occurring in high-risk jurisdictions also warrant more examination. Accordingly, a company’s customer due diligence program must be risk-based. The program should adequately assess the level of risk presented by each customer, and the accompanying diligence procedures should match the risk.
Third, as a continuation of the customer due diligence process, financial institutions should file SARs when appropriate. In particular, if a market participant receives a regulatory or law enforcement inquiry regarding suspicious activity, it must still conduct its own investigation and make an appropriate determination of whether a SAR should be filed, regardless of the government’s separate conclusions about the activity.
Risks from Misconduct Unrelated to AML Obligations
Regulators may use unrelated misconduct to uncover a company’s AML deficiencies. In its settlement with A&A Trading, for example, the CFTC referenced enforcement actions involving K&K, which previously had partnered with A&A Trading for the completion of several duties. Regulators similarly have referenced civil lawsuits, criminal proceedings, and enforcement actions involving customers in settlements for AML-related misconduct. These resolutions illustrate that regulators that discover fraudulent conduct on a company’s platform may seek to file AML-related charges against the company if the company fails to implement controls sufficient to detect and report that misconduct.
Increased Interagency Coordination
The recent settlements and charges also demonstrate increased interagency coordination relating to AML violations. Notwithstanding this collaboration, regulators generally have not afforded credit for payments made to other agencies arising from the same misconduct. In the case of 1Pool, the CFTC and the SEC both imposed separate penalties, for example, albeit for slightly different conduct. Further, FINRA, the CFTC, and the SEC also have imposed separate penalties arising from a company’s misconduct, resulting in penalties totaling over $38 million. These penalties, as well as the multi‑agency collaboration, underscore the importance with which regulators regard AML obligations.
As Commissioner Berkovitz expressed, AML compliance is of great importance to the CFTC. This priority extends to other regulators, including FINRA and the SEC, as well. To that end, participants in the financial, securities, and commodities markets should take steps to ensure that they have the proper policies, procedures, and systems in place to identify, investigate, and remediate suspicious activity.
 Id. ¶¶ 20-36. Specifically, the CFTC alleged that the defendants illegally offered retail commodity transactions that were margined in bitcoin and that the platform failed to register as an FCM.
 Joint Motion to Enter Final Judgment, SEC v. 1Pool Ltd., No. 18-cv-02244 (D.D.C. Mar. 4, 2019), ECF No. 13 (hereinafter “1Pool SEC Final Judgment”); Complaint, SEC v. 1Pool Ltd., No. 18-cv-02244 (D.D.C. Sept. 27, 2018), ECF No. 1, https://www.sec.gov/litigation/complaints/2018/comp-pr2018-218.pdf (hereinafter “1Pool SEC Complaint”). While the CFTC’s consent order focused on the commodity-backed CFDs, the SEC focused on those CFDs “tied to the values of underlying securities, market indices, or other financial assets.” 1Pool SEC Complaint ¶ 3.
 1Pool CFTC Consent Order ¶¶ 51-55.
 Id. ¶¶ 36, 53-55 (citing 17 C.F.R. § 166.3 (1983)).
 1Pool SEC Complaint ¶¶ 19, 24.
 1Pool CFTC Consent Order ¶¶ 60, 62. To settle with the SEC, the defendants agreed to pay more than $27,000 in disgorgement and a civil penalty of more than $26,000 for failing to register with the SEC as a securities dealer, failing to conduct transactions on a national exchange, and allowing customers to purchase and sell security-based swaps without meeting required discretionary investment thresholds. 1Pool SEC Complaint ¶¶ 19-40; Consent of Defendants Patrick Brunner and 1Pool Ltd. ¶ 2, SEC v. 1Pool Ltd., No. 18-cv-02244 (D.D.C. Mar. 4, 2019), ECF No. 13-1 (hereinafter “1Pool SEC Consent Order”).
 Press Release, CFTC, CFTC Charges BitMEX Owners with Illegally Operating a Cryptocurrency Derivatives Trading Platform and Anti-Money Laundering Violations, Release No. 8270-20 (Oct. 1, 2020), https://www.cftc.gov/PressRoom/PressReleases/8270-20?utm_source=govdelivery (hereinafter “BitMEX CFTC Press Release”); Complaint ¶ 1, CFTC v. HDR Global Trading Ltd., No. 20-cv-01832 (S.D.N.Y. Oct. 1, 2020), ECF No. 1, available for download at https://www.cftc.gov/PressRoom/PressReleases/8270-20?utm_source=govdelivery (hereinafter “BitMEX CFTC Complaint”).
 BitMEX CFTC Complaint ¶¶ 36-37.
 See 7 U.S.C. § 2(c)(2)(D)(ii)(III)(aa).
 BitMEX CFTC Complaint ¶¶ 102-139.
 See generally id. A U.S.-based brokerage firm also recently paid more than $38 million to settle charges brought by the CFTC, the Financial Industry Regulatory Authority (“FINRA”), and the SEC alleging pervasive failures in the firm’s AML program. See Press Release, FINRA, FINRA Fines Interactive Brokers $15 Million for Widespread AML Failures (Aug. 10, 2020), https://www.finra.org/media-center/newsreleases/2020/finra-fines-interactive-brokers-15-million-widespread-aml-failures; Press Release, CFTC, CFTC Orders Interactive Brokers LLC to Pay More Than $12 Million for Anti-Money Laundering and Supervision Violations, Release No. 8218-20 (Aug. 10, 2020), https://www.cftc.gov/PressRoom/PressReleases/8218-20; Press Release, SEC, SEC Charges Interactive Brokers With Repeatedly Failing to File Suspicious Activity Reports, Release No. 2020-178 (Aug. 10, 2020), https://www.sec.gov/news/press-release/2020-178.
 Id. at 3-6 (citing 17 C.F.R. § 42.2 (2014)).
 Id. at 7-8 (citing 17 C.F.R. § 166.3 (1983)).
 Commissioner Berkovitz Keynote Address.
 Id.; 17 C.F.R. § 42.2 (2014).
 Commissioner Berkovitz Keynote Address.
 Id.; 1Pool CFTC Consent Order.
 1Pool CFTC Consent Order ¶¶ 33-35.
 Id.; see generally BitMEX CFTC Complaint.
 1Pool CFTC Consent Order ¶¶ 33-35.
 Commissioner Berkovitz Keynote Address.
 A&A CFTC Order at 3-6.
 Commissioner Berkovitz Keynote Address.
 A&A CFTC Order at 1-3.
 1Pool CFTC Consent Order ¶¶ 60, 62; 1Pool SEC Complaint ¶¶ 19-40; 1Pool SEC Consent Order ¶ 2.