Don’t Take Our Word for It: What U.S. Regulatory Agencies Said About Binance’s Compliance Improvements
Main Takeaways
In the interest of accountability and growth, Binance has taken full responsibility for its past conduct, made significant efforts to improve its compliance initiatives, and built a stronger, safer platform.
This sentiment was also reflected in statements made by U.S. agencies throughout their investigations, particularly regarding Binance’s cooperation and AML, CFT, and KYC measures.
While the investigation by U.S. agencies was triggered by past actions, it has helped create the comprehensive compliance program we see at Binance today. As always, the security of our users remains paramount.
As has been widely reported, when Binance first launched, it did not have compliance controls adequate for the company that it was quickly becoming, and it should have. Acknowledging this, we have taken full responsibility for our past actions. We are cooperating with U.S. agencies, including accepting a robust monitorship for our compliance and sanctions control programs, and we will continue to take proactive steps to remedy historical issues.
As the author and thinker Matshona Dhliwayo once observed, a diamond earns its sparkle from the pressure it endures.
We have faced – and actually welcomed – unprecedented scrutiny, which shed light not only on issues of the past but on the many ways we have worked to fix them. It’s time to move forward.
Over the past two years, in the lead-up to the historic announcement of our resolutions with U.S. agencies, we have become a stronger, safer, and even more secure platform for our users. But you don’t have to take our word for it. Here are points and quotes directly from the government agencies with whom we settled: the U.S. Financial Crimes Enforcement Network (FinCEN) consent order, our plea deal agreement with the Department of Justice (DOJ), and the settlement with the Office of Foreign Assets Control (OFAC).
[Binance] Remodeled its compliance program governance and organization structure, including by hiring new compliance leadership with professional compliance experience in the financial sector and law enforcement. – From FinCEN’s consent order
Cooperation in Investigations and Beyond
The U.S. agencies noted Binance’s cooperation during the course of their investigations and remedial measures it undertook, as well as Binance’s proactive work alongside law enforcement agencies globally.
Specifically, OFAC noted Binance’s “substantial cooperation,” which included “conducting an extensive, independent, internal investigation, responding promptly to OFAC’s requests for information, providing large volumes of data regarding the Apparent Violations, making multiple presentations to OFAC, submitting inculpatory internal communications, and executing a statute of limitations tolling agreement.”
The agency also said that Binance has implemented “significant remedial measures,” such as creating “two teams dedicated to cooperation with law enforcement, including by proactively sharing intelligence and to respond to time-sensitive requests.”
FinCEN stated that "Binance works closely with law enforcement agencies worldwide related to this type of illicit activity, including Hydra, darknet markets, and hacks." Furthermore, although it did not file suspicious activity reports with FinCEN, Binance has “proactively cooperated with global law enforcement and blockchain vendors to combat terrorism financing.”
The DOJ itemized Binance’s remedial measures, some of which we cite in the sections below, and noted that the company has committed to additional remediation as part of its resolution of parallel investigations by U.S. regulatory agencies.
Binance has taken significant recent steps to enhance its compliance program, including committing substantial resources to address the types of compliance gaps addressed. – From FinCEN’s consent order
AML and CFT
The statements by the DOJ and FinCEN describe the measures that Binance took in the areas of Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT). According to FinCEN’s consent order, "Binance’s current compliance program would not permit users identified as associated with terrorist financing to remain on the platform or remove funds."
The DOJ plea deal agreement stated that Binance has invested significant financial resources in improvements to our AML and CFT programs, “including by replacing ineffective compliance staff with experienced employees and significantly increasing compliance headcount.”
Moreover, the DOJ noted that Binance has “Implemented enterprise-wide AML/CFT and sanctions risk assessments beginning in November 2022,” “implemented Financial Action Task Force standards for AML and KYC” and “improved employee AML/CFT training.”
The agencies also mentioned Binance’s measures to improve transaction monitoring. As per OFAC, Binance has “partnered with third-party companies to implement real-time transaction monitoring, including screening for sanctioned parties.” The DOJ determined that Binance has “increased investment in real-time and post-transaction monitoring including by increasing headcount, enhancing internal tools, and employing recognized third-party vendors-such as blockchain analytics vendors-to scan user transactions and profiles.”
User Identity Verification (KYC)
The acronym KYC stands for “know your customer” and refers to the verification of a user’s identity by financial organizations, which is required by regulators in most jurisdictions. As per the text of the OFAC settlement, Binance has “required all users to pass KYC and implemented periodic customer reviews according to users’ compliance risk ratings.”
The DOJ’s list of the remedial measures taken by Binance, the agency notes that we have:
Changed our terms of service to require all new users to submit to full KYC procedures in August 2021;
Implemented full KYC requirements for all direct account holders by May 2022, including the use of recognized third-party vendors to verify identity and assess customer risk;
Improved our enhanced due diligence program in November 2022 to cover, among other things, politically exposed persons, high-risk users, applicants for limit increases, unusual corporate structures, and unusual transaction activity;
Updated our sanctions policy in November 2022, improving customer due diligence, screening, offboarding, account blocking, risk assessments, and sanctions reporting;
Developed and implemented a comprehensive framework designed to determine the nationality of enterprise users.
Sanctions Compliance and Addressing U.S. Persons
Binance has substantially enhanced its sanctions and AML compliance program to seek to address the presence of sanctioned and U.S. persons on the platform. – From FinCEN’s consent order
The regulatory agencies noted Binance’s efforts to improve its capacity to identify sanctioned persons and U.S.-based users and prevent them from using the platform.
According to the OFAC settlement, we have “revamped compliance policies and procedures, such as the Binance Sanctions Manual that requires Binance to complete an annual enterprise-wide risk assessment and additional due diligence reviews of users suspected of being located in a sanctioned jurisdiction.”
The agency further noted that Binance has conducted multiple lookback reviews of users to identify and offboard those from the United States as well as sanctioned jurisdictions, “including a re-screening of all active users against sanctions lists from the United States and various other countries.”
Additionally, OFAC acknowledged Binance’s other measures on this front, including mandating “sanctions training at initial onboarding of new hires and for all employees yearly at a minimum,” significantly increasing “line-level compliance resources, including for sanctions compliance;” engaging “third-party vendors to detect and prevent certain parties, including blocked persons, from onboarding,” and implementing “further technological controls to screen and identify users from sanctioned jurisdictions, including IP blocking, geo-fencing, and blockchain monitoring.”
The DOJ also noted several measures that Binance put in place, specifically, by “implementing geofencing measures in late 2019” and continuing to “improve its controls by using a variety of location-detection tools, including IP address, phone number, and mobile carrier."
The Department stated that Binance began restricting accounts for a number of known U.S. users prior to notice of the ongoing investigation, began restricting accounts for users subject to U.S. sanctions, and “initiated an extensive historical review to identify and offboard U.S. enterprise users from the platform."
Publishing these statements is not an attempt to minimize the severity of the historical conduct described in the U.S. agencies’ documents, nor in any way deviate from our acceptance of responsibility. As noted, the actions that triggered these authorities’ investigations were historical, and their scrutiny has led to the development of Binance's comprehensive compliance program today. These facts speak eloquently to our commitment to ensuring the security of our users and the wider blockchain space by continuously enhancing our compliance policies, processes, and systems.