skip to Main Content

CFTC, DOJ Charge BitMEX Owners with Illegal Operations and Anti-Money Laundering Violations 

On October 1, the US Department of Justice announced the indictment of four BitMEX executives, charging the group with violating the Bank Secrecy Act (BSA), and conspiring to violate the BSA by “willfully failing to establish, implement, and maintain an adequate anti-money laundering (“AML”) program.” On the same day, the Commodity Futures Trading Commission (CFTC) filed a civil enforcement action charging five entities and three individuals that own and operate the BitMEX trading platform, including BitMEX CEO Arthur Hayes. These charges include operating an unregistered trading platform and violating multiple CFTC regulations such as failing to implement AML procedures while generating $1B USD in transaction fees 

Jurisdictional Arbitrage 

BitMEX has been under investigation by the CFTC since early 2019 for allowing Americans to trade on their exchange. While the platform claims to have improved their Customer Identification Program to effectively exclude US persons, the CFTC complaint alleges otherwise. According to the complaint, BitMEX is a maze of corporate entities all owned and controlled by the same people, doing business as the same name. These businesses include: HDR Global Trading Limited, 100x Holdings, ABS Global Trading, Shine Effort, and HDR Services. 

According to the CFTC, HDR Global Trading Limited operated the BitMEX trading platform. Despite being incorporated in the Seychelles, “HDR does not have, and never has had, any operations or employees in the Seychelles.” Despite being domiciled in the Seychelles, Hayes held his ownership interest in BitMEX entities through a Delaware limited liability company that maintains bank accounts at financial institutions in the US. Despite serving at least 85,000 US customers and managing a large portion of its trading infrastructure from within the US—with half the its employees working from San Francisco or New York offices—BitMEX never registered with the CFTC.    

Jurisdiction shopping to maintain operations in a country where AML regulations are more lax is not an uncommon practice. New CipherTrace research found that three-quarters of the cryptocurrency businesses registered in the Seychelles have bad or porous KYC policies, making the small island country a boon for potential money launderers. These charges against individual executives, will serve as a warning to similarly modeled offshore companies that do business with US customers. 

AML Deficiencies and
ure to Report Suspicious Activity 

The complaint also claims that BitMEX not only failed to comply with record keeping obligations, but the company was actively deleted critical customer identification information. In certain cases, these records were deleted “explicitly because a user was found to be located in the US or another restricted jurisdiction.” The DOJ complaint adds that from BitMEX’s launch in late 2014 to at least in or about September 2020, the exchange did not file any SARs, failing to report suspected illegal activity on the platform. 

Addressing the DOJ indictment, Acting Manhattan US Attorney Audrey Strauss said, “With the opportunities and advantages of operating a financial institution in the United States comes the obligation for those businesses to do their part to help in driving out crime and corruption. As alleged, these defendants flouted that obligation and undertook to operate a purportedly ‘off-shore’ crypto exchange while willfully failing to implement and maintain even basic anti-money laundering policies. In so doing, they allegedly allowed BitMEX to operate as a platform in the shadows of the financial markets. Today’s indictment is another push by this Office and our partners at the FBI to bring platforms for money laundering into the light.”  

BitMEX responded to the charges on their website, stating “We strongly disagree with the U.S. government’s heavy-handed decision to bring these charges, and intend to defend the allegations vigorously. From our early days as a start-up, we have always sought to comply with applicable U.S. laws, as those laws were understood at the time and based on available guidance.” 

Steps to Improve AML Compliance

In an effort to improve compliance, BitMEX has already taken steps to increase their AML procedures. Since the indictment, BitMEX has hired Malcolm Wright, an associate fellow of the Centre for Financial Crime and Security Studies at the UK’s Royal United Services Institute, as the company’s Chief Compliance Officer. Wright will monitor the exchange’s global compliance activities, and directly report to Vivien Khoo, acting interim CEO and COO of BitMEX. It is still unclear as to whether BitMEX had a CCO before Wright.

Upon reevaluating BitMEX’s KYC, CipherTrace has found that the exchange has already improved its practices, moving the exchange from a “porous” (yellow) score since the release of our Geographic Risk Report earlier this month, to a “strong” (green) KYC score. This further corroborates BitMEX’s position on strengthening their compliance procedures, proving the effort to hire a new CCO isn’t in jest.

Why it Matters: Personal Liability 

While executive liability for inadequate anti-money laundering controls has a long precedent at traditional financial institutions, enforcement agencies are increasingly setting their eyes towards the virtual asset world. BitMEX is just the latest example of the heads of a virtual asset service provider facing severe consequences for the AML deficiencies in their exchange.  

The defendants each face up to 10 years in jail and the CFTC’s injunction may top $1.3B USD, making it one of the most expensive AML penalty ever paid by a financial institution. 


Press coverage and Sources: 

Memo to crypto exchanges: KYC compliance can be a competitive advantage  

BitMEX CTO Samuel Reed released on $5 million bond 

The case against BitMEX is a compass pointing toward the future of crypto regulation 

Read the CFTC announcement:    

Read the full CFTC complaint:    

Read the DOJ Indictment:  

Read CipherTrace’s Geographic Risk Report:  




Back To Top