The Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has assessed a $3,500,000 civil money penalty against Paxful, Inc. and Paxful USA, Inc. (collectively doing business as, Paxful) for its (alleged) willful violations of the Bank Secrecy Act (BSA), the primary U.S. anti-money laundering law “that safeguards the financial system from illicit use.” Paxful, a convertible virtual currency (CVC), peer-to-peer (P2P) trading platform, facilitated more than “$500 million in suspicious activity involving a host of illicit actors.”
Notably, Paxful is no longer operational. The platform is now requesting all users to withdraw funds as soon as possible. The peer to peer Bitcoin and Ethereum exchange had been quite active from around 2018 to 2022 but previous management including former CEO Ray Youssef appeared to not have effectively handled the business. As widely reported by many users across social media channels, Paxful had numerous issues with people trying to scam other platform users.
While Paxful was not to blame for every mishap, the platform lacked proper management and oversight and was clearly unable to scale while ensuring a seamless user experience. Back in 2023, Paxful had abruptly shut down all services with former CEO Ray Youssef blaming other co-founders and team members for not handling the business professionally. However, it now appears that the blame for all this should be shared by everyone involved including the platform users.
Even though Paxful managed to resume operations after its abrupt shutdown a few years back, they have now again decided to shut down permanently. The company had issued a press release claiming that the main reason they are winding down the business is due to the actions of (or lack thereof) incompetent management under Ray Youssef. Based on extensive media reporting over the years, this is most likely the case but other co-founders Artur Schaback are to blame as well.
Other major P2P bitcoin exchanges like LocalBitcoins also shut down many years back. This is likely due to the fact that the industry has now matured considerably and competitors that are far more resourceful like Binance which arguably offer far better and reliable services. In the end, the customers are the ones who suffer the most and anyone doing business must step up and accept full responsibility while also taking practical actions to address these critical situations.
According to FinCEN, the company had enabled transactions with countries including Iran, North Korea, and Venezuela, along with a website seized by the Department of Justice in 2018 for facilitating illegal activities.
FinCEN Director Andrea Gacki stated:
“For years, Paxful disregarded its BSA obligations and facilitated transactions associated with illicit activity and high-risk jurisdictions, such as Iran and North Korea. FinCEN is committed to mitigating risks to the U.S. financial system while fostering responsible innovation in the virtual asset ecosystem.”
Paxful admits that it willfully “violated the BSA, including failing to: (i) register with FinCEN as a money services business (MSB); (ii) develop, implement, and maintain an effective AML program; and (iii) file suspicious activity reports (SARs).”
Consistent with FinCEN’s Statement on Enforcement of the BSA—and as outlined in the Consent Order—FinCEN considered “a variety of factors in determining the appropriate penalty for this matter.”
These included mitigating factors, such as the “decision by Paxful to terminate its relationship with leadership who oversaw Paxful’s operations at the time the willful violations took place and remediation efforts by the company, including conducting a review to identify and report previously unreported suspicious activity that Paxful processed during the relevant time period.”
FinCEN acknowledges the close collaboration “with its partners from the Department of Justice’s Money Laundering, Narcotics and Forfeiture Section, the U.S. Attorney’s Office for the Eastern District of California, and Homeland Security Investigations.”
Effective AML programs can prevent FIs “from being used to facilitate money laundering and the financing of terrorism.”
For new and existing financial institutions, such programs “should be risk-based and commensurate with the risks posed by the location and size of, and the nature and volume of the financial products and services provided by, the institution.”
Businesses engaged in money transmission services should “ensure that they register and maintain registration with FinCEN as an MSB.”
FIs dealing in virtual assets and prepaid access are reminded that the BSA obligation “to identify and report suspicious activity is also applicable to transactions effected in these products that take place by, at, or through the financial institution.”
FIs should consider the coverage of these products “within their procedures to monitor for potentially suspicious activity, including the extent to which these procedures support the volume of relevant activity.”
FIs with obligations to verify customer identity should “ensure they maintain appropriate processes to comply with this requirement.”
FIs are now encouraged to consider the “use of Internet Protocol (IP) address and geolocation data to mitigate exposure to high-risk jurisdictions and prohibited parties.”
However, it is worth noting that the widespread use of VPNs and other privacy software now makes it very difficult if not impossible to accurately determine where a user is operating from. In the years ahead, it might become completely impractical to take enforcement actions based on traditional methods.
Where it may be applicable, FIs should similarly “consider the nature of their customers’ businesses to mitigate the risk that such accounts may be engaged in illicit activities.”
Finally, this enforcement action, unveiled earlier this month, demonstrates the value in taking “appropriate and timely mitigating procedures when deficiencies are identified.”
As noted in the update, FIs now need to take appropriate action to ensure they have a “culture of compliance,” including an appropriate “tone at the top.”
Further, FIs are now being encouraged to remediate reporting issues when they are identified in order “to ensure timely and accurate reporting of SARs.”
