FinCEN, in October 2022 has announced a penalty of $29 million to crypto exchange Bittrex. Why?
Between 2014 - 2018 Bittrex:
Failed to maintain an effective AML program, including written policies and procedures
Failed to appropriately assess the risks associated with the products and services it offered (crypto)
Failed to implement effective transaction monitoring on its trading platform
Relied on only two employees with minimal AML training and experience to manually review over 20,000 transactions per day for suspicious activity in addition to other duties.
Failed to file any SAR for more than three years.
How about screening systems?
Only in 2016 Bittrex hired a third-party vendor to automatically screen transactions for compliance with OFAC sanctions.
The software however, only screened transactions to identify potential matches with sanctioned persons but not with sanctioned jurisdictions
As a result, Bittrex conducted more than 116,000 transactions for over $260 million with persons subject to OFAC sanctions.
Risk assessment is an essential step to AML compliance
If policies and procedures are not written down, they do not exist.
A manual transaction monitoring system, in most of the cases is deemed to fail.
The AML officers should be sufficiently experienced.
The AML department must have sufficient resources.
Regulated entities should ensure that the third-party vendors screening tools check against all relevant sanctions lists.
Penalties for AML failures can be huge.