Today the Commodity Futures Trading Commission (CFTC) announced the filing of a proposed consent order in its litigation against three affiliated entities of the cryptocurrency exchange Binance, Binance's founder and chief executive officer (CEO) Changpeng Zhao, and former Binance chief compliance officer (CCO) Samuel Lim. Pending approval by Judge Manish S. Shah of the United States District Court for the Northern District of Illinois, this order will resolve the CFTC’s litigation against Binance, Zhao, and Lim filed in March of this year. The Commission’s complaint charged the defendants with offering and executing illegal off-exchange futures, options, and retail commodity transactions; failing to register as a futures commission merchant and a designated contract market or swap execution facility; failing to diligently supervise, including failing to maintain a Customer Identification Program (CIP), know your customer (KYC) procedures, or an anti-money laundering (AML) program; and conducting activities designed to willfully evade requirements of the Commodity Exchange Act (the CEA) and Commission Regulations.

The defendants have agreed to findings of liability on each of the charges alleged in the complaint, including the first ever charged violation of CFTC Regulation 1.6, governing anti-evasion. The order, once final, imposes:

• $1.35 billion in disgorgement on the affiliated Binance entities, and
• civil monetary penalties of

o   $1.5 million on Lim,

o   $150 million on Zhao, and

o   $1.35 billion on the Binance entities.

Throughout my term of service, I have encouraged the Commission to seek penalties that are fair, consistent with the alleged misconduct, proportionate with the harm or concerns regarding potential harm, and effective in deterring recidivist conduct.

The obligations are notable and mark the most significant penalties imposed by the Commission to date in connection with an investigation that does not allege fraud. These penalties should send an unmistakable message that the CFTC Division of Enforcement will impose heavy—and appropriate—penalties on firms who engage in our markets while willfully ignoring our regulatory authority.[1] As I have said before, civil monetary penalties and other relief the Commission seeks in its enforcement actions cannot be merely the cost of doing business.[2]

That said, I want to draw particular attention to two other critical aspects of the resolution: the implications for regulation of crypto-intermediaries and the Commission’s anti-evasion regulation.

Creating Structure for the Crypto-Economy

A week ago, I delivered an address at the Federal Reserve Bank of Atlanta that focused on the market structures that I believe we must introduce in emerging commodities markets, namely, the digital assets and voluntary carbon offsets markets.

For over a century, the CFTC has introduced regulatory requirements that establish guardrails for firms operating in novel commodities markets. In my speech at the Federal Reserve Bank, I outlined the approach that the Commission may take in the context of digital asset markets. My suggestions acknowledge that digital assets markets are new, but the risks and concerns within digital asset markets are not unique. Same risk. Same regulation. Consequently, for digital assets that are commodities, I have called for robust reporting requirements, auditing standards, and corporate governance reforms, among other improvements.

Corporate Governance and Risk Management Reforms

For several years and from my earliest days as a CFTC Commissioner, I have advocated for the introduction of threshold risk management, corporate governance, and AML/KYC reforms in digital asset markets. These market structure reforms are at the heart of our Core Principles. Complying with these basic risk management and governance reforms reflects a commitment to transparency, customer protection, market integrity, and market stability.

Today, Binance has agreed to adopt several of the reforms that I believe should be standard obligations for digital asset firms operating in our markets.

Enhanced KYC and Other Critical Compliance Reforms

Binance has agreed to enhance several critical components of its compliance program. Binance will require all accounts to complete an onboarding program, including all KYC procedures, and be operated only by the account registrants and permitted users who have also undergone KYC procedures. Binance will also no longer allow sub-accounts to circumvent compliance obligations and instead will require sub-accounts to undergo the same onboarding compliance procedures before being opened. These KYC procedures are particularly critical in the crypto-economy, which has long been dogged by concerns that its intrinsic lack of transparency into the holders of particular assets allows for digital assets’ easier use for illicit finance, money laundering, and terrorist financing.[3] The 2022 National Money Laundering Risk Assessment found that “U.S. law enforcement agencies have detected an increase in the use of virtual assets to pay for online drugs or to launder the proceeds of drug trafficking, fraud, and cybercrime, including ransomware attacks . . . , as well as other criminal activity, including sanctions evasion.”[4]

Qualified, Independent Board Members

The order will also require Binance to maintain at least three independent members on its board of directors—and Zhao will not be permitted to be a member of the Board. In addition, Binance must stand up Board Compliance and Audit Committees. Binance will also be required to operate a Nationality of Business Entities Checklist to ensure U.S.-based customers are not offered digital asset derivative products.

Certification of Adoption of Reforms

All of these changes must be certified in writing to the Commission within 90 days of the entry of the Consent Order by Binance’s CEO and CCO. Given that the company's current CEO and former CCO are defendants in this matter, Binance would benefit from carefully reviewing its broader conflicts of interest protocols, risk management procedures, corporate governance structures, and the qualifications for CCO when implementing these changes.

While integrating risk management and corporate governance guardrails through resolution in an enforcement actions is a step in the right direction, it is not a substitute for a comprehensive regulatory regime. Part 38, for example, includes under Core Principle 16 that 35% of a DCM’s board of directors must be comprised of “public directors,” meaning having no material relationship with the DCM.[5] Likewise, FCMs must maintain Customer Identification Programs, including KYC and AML, in order to comply with the Bank Secrecy Act.[6]

Protecting Our Markets

The resolution with the Defendants here will be the CFTC’s first enforcement action that finds a violation of our Regulation 1.6, a regulation authorizing the Commission to enforce against efforts to evade the application of the CEA. The regulation prohibits “anti-evasion,” making it unlawful to conduct activities outside the United States designed “to willfully evade or attempt to evade” provisions of the Act and CFTC Regulations.[7]

Even after announcing a policy that “Binance is unable to provide services to any U.S. person,” as described in the consent order, Binance solicited customers in the United States. Nearly 20% of its customers were located in the U.S. during the period of alleged misconduct. Binance provided U.S. customers with a roadmap, showing them how to circumvent the company’s internal compliance programs. Customers were able to avoid completing KYC paperwork as long as they withdrew no more than the value of 2 bitcoin in one day. Binance identified U.S.-based customers via IP address, but merely required such customers to acknowledge in a pop-up window that they were not located in the United States. Binance also advised customers on the use of VPNs, indicating that customers “might want to use [a VPN] to. . . unlock sites that are restricted in your country.” 

In my statement published two months ago, following the CFTC’s resolution of cases against three decentralized finance (DeFi) entities, charging them with failing to register as SEFs, DCMs, or FCMs, and failing to maintain CIPs, among other things, I wrote:

These DeFi protocols were operating in our markets, at great potential risk to customers in our markets, without oversight or transparency. As the designated cop on the derivatives beat, the CFTC could not permit such activity to continue unaddressed. We must take steps to protect our markets now.[8]

Those cases were critical steps in advancing the Commission’s efforts to regulate the crypto or digital assets that are derivatives.

I want to commend the work of our cooperative enforcement partners who are also announcing the resolution of charges against the same defendants today: the National Cryptocurrency Enforcement Task Force, the Money Laundering and Asset Recovery Section, and the National Security Division, all of the Department of Justice; the United States Attorney’s Office for the Western District of Washington; and the Department of the Treasury’s Financial Crimes Enforcement Network and Office of Foreign Assets Control. As a result of this remarkable joint effort, the defendants resolving with the CFTC today will be subject to fines, penalties, disgorgement, and forfeiture totaling over $4.3 billion.

I want to end by commending the outstanding work of our Division of Enforcement for imminently bringing this case to a resounding conclusion, in particular Candy Haan, Joseph Platt, Katherine Paulson, Joseph Patrick, Matthew Edelstein, Elizabeth N. Pendleton, Scott R. Williamson, and Robert T. Howell. 

[2] Kristin N. Johnson, Commissioner, CFTC, Statement Regarding Effectively Calibrating CFTC Civil Money Penalties to Deter Repeated Compliance Failures (Aug. 29, 2023), https://www.cftc.gov/PressRoom/SpeechesTestimony/johnsonstatement082923.

[3] See, e.g., Financial Crimes Enforcement Network, FinCEN Proposes New Regulation to Enhance Transparency in Convertible Virtual Currency Mixing and Combat Terrorist Financing (Oct. 19, 2023) (“The lack of transparency surrounding international [convertible virtual currency] mixing activity is an acute money laundering and national security risk, and increasing transparency in connection with this activity is a key component to denying illicit actors access to the U.S. and global financial systems . . . and counter the efforts of terrorist groups . . . .”), https://www.fincen.gov/news/news-releases/fincen-proposes-new-regulation-enhance-transparency-convertible-virtual-currency.

[4] Department of the Treasury, 2022 National Money Laundering Risk Assessment, at 41 (Feb. 2022), https://home.treasury.gov/system/files/136/2022-National-Money-Laundering-Risk-Assessment.pdf.

[5] 17 C.F.R. Part 38 app’x B (2022).

[6] 17 C.F.R. § 42.2 (2022).

[7] 17 C.F.R. § 1.6(a) (2022).

[8] Kristin N. Johnson, Commissioner, CFTC, Statement Regarding CFTC Resolving Charges Against Three Decentralized Finance Companies: The Need for Oversight (Sept. 7, 2023), https://www.cftc.gov/PressRoom/SpeechesTestimony/johnsonstatement090723b.