This article appears as the "Discussion of the month" topic in AML News and Updates Newsletter - November 2023 edition which can be found here.
On November 3, 2023, Sam Bankman-Fried (SBF), the founder of the now-bankrupt cryptocurrency exchange FTX, was found guilty on all seven counts of fraud, conspiracy, and money laundering. The verdict was a strong rejection of SBF's claims that he had simply made mistakes, and it sent a clear message that the cryptocurrency industry is not above the law.
“This was a fraud that occurred on a massive scale,” Nicolas Roos, one of the federal prosecutors, said in the government’s closing argument. “Thousands of people lost billions of dollars.”
What SBF did wrong
SBF admitted to making some mistakes, which were revealed by the investigation:
He engaged in fraud through Alameda Research hedge fund. SBF used Alameda Research to borrow money from FTX’s clients’ funds although he knew it was wrong. He also used Alameda Research to trade against FTX customers, which gave him an unfair advantage.
He used client money to fund his lavish lifestyle and buy real estate for himself and his parents.
He misled customers about the financial condition of FTX and about the risks associated with investing in cryptocurrency. He claimed that FTX was “the safest and easiest way to buy cryptocurrency”, but in reality, the company was losing money. He also failed to disclose that FTX was commingling customer funds with its own funds.
He failed to implement adequate risk management measures to protect customer funds. He did not have strong policies and procedures in place to prevent fraud or theft. He also did not have adequate safeguards in place to protect customer funds from market volatility.
Why all these mistakes?
SBF, during his trial, admitted that he did some mistakes. But what led to these mistakes?
Lack of experience: SBF was a relatively young and inexperienced entrepreneur when he founded FTX. He may not have had the necessary knowledge or experience to implement effective risk management measures.
Rapid growth: FTX grew very quickly, which can make it difficult to implement and maintain effective risk management systems.
Competitive pressure: The cryptocurrency industry is very competitive, and companies may be under pressure to take risks in order to attract customers and investors.
Ideology: Some cryptocurrency enthusiasts believe that government regulation and traditional risk management measures are harmful to the industry.
Definitely not an excuse!
Lessons Learned for Compliance Officers and Risk Managers
The SBF conviction offers a number of important lessons for other entities dealing with clients funds and compliance professionals, particularly those working in the cryptocurrency industry.
Don't underestimate the importance of effective risk management.
One of the key failures at FTX was a lack of effective risk management. SBF and his team were able to engage in fraudulent activities for an extended period of time because there were no adequate safeguards in place to prevent them.
Organizations must ensure that they have a comprehensive risk management framework in place to identify, assess, and mitigate the company's risks. This framework should include policies and procedures for customer protection, conflict of interest management, and fraud prevention.
Be transparent and provide a true view of the company.
FTX was opaque, and SBF was known for his secrecy. This lack of transparency made it difficult for investors and regulators to assess the company's true financial condition and to identify potential problems.
Organizations must ensure transparent practices and provide a true view of their financial condition and operations. This includes disclosing all material risks and conflicts of interest.
Don't be afraid to speak up.
Some FTX employees have admitted that they had concerns about SBF's behavior and the company's practices, but they were afraid to speak up. This fear of retaliation allowed SBF to continue his fraudulent activities for longer than he would have otherwise.
Entities must create an environment where employees feel comfortable speaking up about compliance concerns. This means ensuring that employees have access to confidential reporting mechanisms and that they will not be retaliated against for reporting concerns in good faith.
Conduct regular audits and reviews.
FTX failed to conduct regular independent audits and reviews, which allowed SBF to engage in fraudulent activities for an extended period of time. These audits and reviews could have revealed the problems and addressed any potential compliance or risk issues.
Foster a culture of compliance and risk awareness.
Organizations must foster a culture of compliance and risk awareness. This means creating an environment where employees feel comfortable speaking up about compliance or risk concerns and knowing they will be held accountable for their actions.
Be aware of the unique risks associated with the cryptocurrency industry.
The cryptocurrency industry is a new and rapidly evolving industry. Compliance officers and risk managers must be aware of the unique risks associated with this industry, such as market volatility, fraud, and cyberattacks and ensure that they have all safeguards in place to protect the organization from these types of risks.
This case is also a warning to every fraudster who thinks they’re untouchable, that their crimes are too complex for us to catch, that they are too powerful to prosecute, or that they are clever enough to talk their way out of it if caught. Those folks should think again, and cut it out. And if they don’t, I promise we’ll have enough handcuffs for all of them. (US Attorney Damian Williams)
The SBF conviction is a reminder that compliance is not just about following rules and regulations. It is also about creating a culture of integrity and ethics within an organization. By taking the lessons of the SBF conviction to heart, compliance professionals can help to prevent future scandals and protect investors and consumers.
Compliance officers and risk managers who take these lessons to heart can help prevent future scandals like the one at FTX and protect investors and consumers.