Highlights

If a crypto trading platform fails to identify U.S. customers and screen, monitor, and report participants and transactions pursuant to CFTC and FinCEN rules, individuals can be personally liable

Three crypto co-founders held personally liable for failure to register digital asset derivatives platform and failure to comply with necessary requirements

Millions in civil penalties have been assessed to such individuals for violation of the Commodity Exchange Act and operating unregistered futures commissions

The Commodity Futures Trading Commission (CFTC) recently announced that the U.S. District Court for the Southern District of New York entered consent orders against three co-founders of a cryptocurrency derivatives trading platform for $30 million in personal civil monetary penalties. This is not the first time the platform has been cited.

The court’s move highlights how important regulatory compliance is for fintech company founders – and emphasizes how they are personally responsible for ensuring that U.S. operations are undertaken with careful consideration of regulatory regimes and compliance requirements. These responsibilities include implementing procedures to identify U.S. persons using financial services, products, and platforms.

The $30 million in civil penalties to be paid by the three co-founders result from the platform conducting significant aspects of the business from the U.S. and accepting orders and funds from U.S. customers to trade cryptocurrencies and derivatives through unregistered entities and without complying with applicable customer identification, screening, regulatory compliance, and consumer protection requirements.

The personal liability flowing to the three co-founders stems from platform violations of the Commodity Exchange Act (CEA) by operating as a Futures Commission Merchant (FCM) without CFTC registration and failing to implement a Customer Information Program (CIP) and Know Your Customer (KYC) procedures that would enable the identification of U.S. persons using the platform. Further failures included a combination of violations of Financial Crimes Enforcement Network (FinCEN) and CFTC rules which require the implementation of an adequate Anti-Money Laundering (AML) program and customer identification program.

These personal civil penalties ordered for the platform’s founders highlight the paramount importance of regulatory analysis in the context of offering digital asset, cryptocurrency, and virtual currency services. The trading platform was not only cited for its unregistered derivatives products, but also for its failure to implement an appropriate BSA/AML program for related money transmission activities. The implementation of penalties and concurrent findings between the CFTC and FinCEN highlights the complex framework of regulatory requirements applicable to digital asset and fintech products.

The May consent orders relate to a 2021 CFTC consent order for the company’s unregistered operation of the trading platform in violation of the CEA and CFTC regulations, and a concurrent enforcement action by FinCEN for violations of the Bank Secrecy Act (BSA) and FinCEN regulations. The 2021 fines totaled more than $100 million in civil monetary penalties to be paid by the trading platform itself.

Acting CFTC Director of Enforcement Gretchen Lowe commented that, “Individuals who control cryptocurrency derivatives trading platforms conducting business in the U.S. must ensure that their platform complies with applicable federal commodities laws, including CFTC registration and regulatory requirements such as Know-Your-Customer and Anti-Money Laundering regulations.”

Regulators are taking a granular approach to addressing money laundering and terrorist financing concerns and, as FinCEN’s Deputy Director AnnaLou Tirol commented in 2021, “It is critical that platforms build in financial integrity from the start, so that financial innovation and opportunity are protected from vulnerabilities and exploitation.”

These orders highlight the high price founders may pay when they fall short of meeting their regulatory obligations by allowing unlicensed activities and unscreened persons on their platforms. Fintech founders should take care to weigh this recent announcement to ensure they meet their regulatory obligations in their U.S. operations.