Why it matters

The AML compliance community is still wrestling to understand the full implications of an indictment filed against two men who allegedly operated a Bitcoin exchange that had not been registered as a money services business with the Financial Crimes Enforcement Network. The charge of operating an unregistered MSB itself was almost mundane for an industry under heavy law enforcement scrutiny. Instead, the questions surround the charge that the individuals failed to file Suspicious Activity Reports (SARs) on activity involving customers who needed Bitcoin to pay Ransomware to prevent encryption of their computer data by hackers. The indictment also alleges that the two defendants had undue influence on a federally insured credit union that handled the exchange's banking operations for a period of time, including the decision to provide a banking relationship to a payment processor for the Bitcoin exchange, and that they tried to "trick" major financial institutions about the nature of their business.

Detailed discussion

According to the recently unsealed criminal complaint filed in New York federal court, Anthony R. Murgio and Yuri Lebedev operated Coin.mx, a Bitcoin exchange that charged consumers a fee to exchange Bitcoins for cash. The indictment charged the two with operating an "unlicensed" money services business and failing to file any suspicious activity reports on Bitcoin exchange transactions involving victims of Ransomware. Allegedly, the defendants knowingly exchanged at least $1.8 million Bitcoins for cash for customers that they knew were engaged in criminal activity as well as individuals who claimed they were "Ransomware" attack victims needing Bitcoins to "pay off" cybercriminals to regain access to their computer system.

The two defendants (as well as various co-conspirators) allegedly tried to evade detection and "trick" major financial institutions with a business operated by setting up a fake front company (the "Collectibles Club") and website. In addition, one of the defendants also allegedly "obtained beneficial control" of a federal credit union, installing the other defendant on the institution's board of directors and transferring Coin.mx's banking operations to the credit union. The credit union then allegedly functioned as a "captive bank for their unlawful business." One of the defendants also helped a payment processor open an account at the credit union and use the account to process more than $30 million per month in ACH transactions for Coin.mx and "other purported businesses."

The indictment notes that in January 2015, the National Credit Union Administration discovered the operation and forced the credit union to cease engaging in unlawful activity. One of the defendants allegedly then managed to find "new, overseas payment processing channels" for the business.

The charges each carry a maximum prison sentence of five years. Murgio could be facing more time, with additional charges of one count of money laundering and one count of willful failure to file a suspicious activity report (maximum sentences of 20 and five years, respectively).

To read the complaint in U.S. v. Murgio, click here.

To read the complaint in U.S. v. Lebedev, click here.

To read the DOJ press release, click here.