FTC v. Binance: Was Binance's Compliance Program Just For Show?

V. FACTS

F. Binance’s Superficial Efforts to Limit Trading by United States Customers and Internal Recognition That Its Compliance Program Was Just “For Show”

89. Throughout the Relevant Period, Binance purposefully grew, maintained, and simultaneously concealed its U.S. customer base while also failing to implement an effective AML program that is required of financial institutions such as FCMs to detect and prevent terrorist financing or other criminal activity, among other things.

One component of this failure to implement an effective AML program is Binance’s ongoing lack of effective KYC procedures or a CIP that would enable it to determine the true identity of its customers, whether from the United States or elsewhere.

Further, as of at least May 2022, Binance had not filed a single suspicious activity report (“SAR”) in the United States despite having filed such reports in other jurisdictions.

90. For approximately the first two years of its operations, Binance did not take any steps to limit or restrict the ability of U.S. customers to trade on the platform.

91. Even after Binance began to purportedly restrict access to its platform from certain jurisdictions in mid-2019, it left open a loophole for customers to sign up, deposit assets, trade, and make withdrawals without submitting to any KYC procedures as long as the customer withdrew less than the value of two BTC in one day.

Binance has referred to this two BTC-no KYC loophole by various labels, including “email registration,” and “tier 1” customers. The two BTC withdrawal limit was effectively meaningless—the notional value of two BTC in July 2019 was more than $22,000 and in March 2021 was more than $100,000.

92. Even before Binance made any attempts to restrict access to the platform by U.S. customers, Lim privately explained to Zhao that the two BTC-no KYC loophole would continue to allow U.S. customers to access the platform.

In February 2019, Lim chatted to Zhao: “a huge number” of Binance’s “TIER 1 [meaning customers trading via the two BTC-no KYC loophole] could be U.S. citizens in reality. They have to get smarter and VPN through non-U.S. IP.”

And Zhao stated during a management meeting in June 2019 that the “under 2 BTC users is [sic] a very large portion of our volume, so we don’t want to lose that,” although he also understood that due to “very clear precedents,” Binance’s policy of allowing “those two BTCs without KYC, this is definitely not possible in the United States.”

93. In June 2019, around the same time Binance announced a “partnership” with BAM Trading to launch what would become the Binance.US platform, Binance updated its Terms of Use to state for the first time that “Binance is unable to provide services to any U.S. person.”

Binance also announced that “[a]fter 90 days, effective on 2019/09/12, users who are not in accordance with Binance’s Terms of Use will continue to have access to their wallets and funds, but will no longer be able to trade or deposit on Binance.com.”

94. In September 2019, Binance claimed it had begun to block customers based on their internet protocol (“IP”) address. In reality, Binance simply added a pop-up window on its website that appeared when customers attempted to log in from an IP address associated with the United States.

The pop-up did not block customers from logging in to their account, depositing assets, or trading on the platform, it just asked them to self-certify that they were not a U.S. person before accessing the platform by clicking a button on the pop-up.

95. Notwithstanding the pop-up compliance control, Binance knew that U.S. customers continued to comprise a substantial proportion of Binance’s customer base even after September 2019 because, among other reasons, Binance’s internal reporting told them so.

According to periodic revenue reports prepared for and sent to Zhao every month, as of January 2020 approximately 19.9% of Binance’s customers were located in the United States, and as of June 2020—about a year after Binance amended its Terms of Use as alleged above in paragraph 93—approximately 17.8% of Binance’s customers were located in the United States.

96. In keeping with Binance and Zhao’s ethos of prioritizing profits over legal compliance, they knowingly allowed the two BTC-no KYC loophole to persist. In an October 2020 chat between Lim and a Binance colleague, Lim explained:

[Because you attended a telephone conference on which Zhao participated] then you will also know that as a company, we are probably not going to remove no kyc (email registration) because its too painful . . . i think cz understands that there is risk in doing so, but I believe this is something which concerns our firm and its survivability. If Binance forces mandatory KYC, then [competing digital asset exchanges] will be VERY VERY happy.

97. Binance senior management, including Zhao, continued to be aware of and discuss the two BTC-no KYC loophole. For example, in a March 2021 Signal message group that included multiple senior managers, Zhao asked: “Who was in the 2BTC limit meeting last time?”

98. And on August 20, 2021, Binance announced that “all Binance users are required to verify their accounts,” meaning that all new customers would be required to complete “Intermediate Verification” and provide a government issued identification evidencing their geographic location.

Binance also announced that existing customers that had not yet completed Intermediate Verification would have their account changed to “withdrawal only” status by October 19, 2021. Binance did not limit the ability of unverified customers to deposit funds and trade on the platform by October 19, 2021 as represented.

In February 2022, Binance testified that the identities of approximately only 30–40% of its customers had been verified though KYC documentation.

99. Binance has been aware that its compliance controls have been ineffective. As Lim—at the time Binance’s CCO—recognized in an October 2020 chat with other Binance compliance personnel, Binance’s compliance environment has amounted to “email sending and no action . . . for media pickup . . . I guess you can say its ‘fo sho.’”

100. Zhao’s strategy of refusing to implement effective compliance controls at Binance was widely known within Binance. In a January 2019 chat between Lim and a senior member of the compliance team discussing their plan to “clean up” the presence of U.S. customers on Binance, Lim explained: “Cz doesn’t wanna do us kyc on .com.”

And Lim acknowledged in February 2020 that Binance had a financial incentive to avoid subjecting customers to meaningful KYC procedures, as Zhao believed that if Binance’s compliance controls were “too stringent” then “[n]o users will come.”

101. Despite their awareness of Binance’s compliance failures, Zhao, Lim, and others acting on behalf of Binance publicly represented that the platform had effective compliance controls. For example, in an August 14, 2019 letter sent on Binance letterhead, Lim assured a state financial regulator in the United States that

[O]ur [compliance] program provides for AML/CFT controls to ensure the safe and legitimate use of our platforms . . . . Binance screens all its customers prior to the establishment of a business relations or undertaking a transaction against OFAC, EU, UK and Hong Kong sanctions . . . . Binance performs customer due diligence (CDD) anytime the company establishes a customer relationship with all customers engaged in crypto-fiat activity, where there is suspicion of money laundering or terrorism financing . . . .

102. Four months later, in an internal December 2019 message to a colleague, Lim admitted that “.com doesn’t even do AML namescreening/sanctions screening.”

103. Binance also intentionally tried to hide the scope of its compliance program’s ineffectiveness from its business partners. For example, in or around October 2020, Binance underwent a compliance audit to satisfy a request from Paxos.

But according to Lim, Binance purposely engaged a compliance auditor that would “just do a half assed individual sub audit on geo[fencing]” to “buy us more time.” As part of this audit, the Binance employee who held the title of Money Laundering Reporting Officer (“MLRO”) lamented that she “need[ed] to write a fake annual MLRO report to Binance board of directors wtf.”

Lim, who was aware that Binance did not have a board of directors, nevertheless assured her, “yea its fine I can get mgmt. to sign” off on the fake report. Around the same time as the referenced “half assed” compliance audit, in November 2020 the MLRO exclaimed to Lim in a chat, “I HAZ NO CONFIDENCE IN OUR GEOFENCING.”

104. Internally, Binance officers, employees, and agents have acknowledged that the Binance platform has facilitated potentially illegal activities. For example, in February 2019, after receiving information “regarding HAMAS transactions” on Binance, Lim explained to a colleague that terrorists usually send “small sums” as “large sums constitute money laundering.”

Lim’s colleague replied: “can barely buy an AK47 with 600 bucks.” And with regard to certain Binance customers, including customers from Russia, Lim acknowledged in a February 2020 chat: “Like come on. They are here for crime.” Binance’s MLRO agreed that “we see the bad, but we close 2 eyes.”

105. Lim’s internal discussions with compliance colleagues illustrate that Binance has tolerated Binance customers’ use of the platform to facilitate “illicit activity.”

For example, in July 2020, a Binance employee wrote to Lim and another colleague asking if a customer whose recent transactions “were very closely associated with illicit activity” and “over 5m USD worth of his transactions were indirectly sourced from questionable services” should be off-boarded or if it was in the class of cases “where we would want to advise the user that they can make a new account.” Lim chatted in response:

Can let him know to be careful with his flow of funds, especially from darknet like hydra

He can come back with a new account

But this current one has to go, it’s tainted

106. Lim’s instruction to allow a customer “very closely associated with illicit activity” to open a new account and continue trading on the platform is consistent with Zhao’s business strategy, which has counseled against off-boarding customers even if they presented regulatory risk. For example, in a September 2020 chat Lim explained to Binance employees that they

Don’t need to be so strict.

Offboarding = bad in cz’s eyes.

107. Binance’s corporate communications strategy has attempted to publicly portray that Binance has not targeted the United States at the same time Binance executives acknowledge behind closed doors that the opposite is true.

For example, on June 9, 2019, around the time Zhao and Binance hatched their secret plot to retain U.S. customers even after the launch of Binance.US, Binance’s Chief Financial Officer stated during a meeting with senior management including Zhao:

[S]ort of, the messaging, I think would develop it as we go along is rather than saying we’re blocking the US, is that we’re preparing to launch Binance US. So, we would never admit it publicly or privately anywhere that we serve US customers in the first place because we don’t.

So, it just so happens we have a website and people sign up and we have no control over [access by U.S. customers] . . . . [B]ut we will never admit that we openly serve US clients. That’s why the PR messaging piece is very, very critical

Zhao agreed that Binance’s “PR messaging” was critical, explaining in a meeting the next day that “we need to, we need to finesse the message a little bit . . . . And the message is never about Binance blocking US users, because our public stance is we never had any US users. So, we never targeted the US. We never had US users.”

But during the June 9, 2019 meeting, Zhao himself stated that “20% to 30% of our traffic comes from the US,” and Binance’s “July [2019 Financial] Reporting Package,” which was emailed directly to Zhao, attributes approximately 22% of Binance’s revenue for June 2019 to U.S. customers.