How crypto companies can avoid AML fines and penalties

Crypto and virtual assets trading is getting regulated and platforms need to keep up. Here’s how to avoid AML fines and penalties

Anti Money Laundering (AML) is a set of laws, principles, and regulations aimed at preventing businesses and individuals from disguising illicitly obtained funds. AML laws have been around for a long time, and increasingly reinforced over the years to combat fraud, tax evasion, terrorist financing, and more. In particular, some markers that deepened regulatory focus on AML were the Bank Secrecy Act (BSA) in 1970, the Financial Action Task Force (FATF) in 1989, and the 2001 terrorists attacks in the US.

AML laws were initially aimed at companies providing traditional financial services, but a recent report by Kroll on global money laundering fines states that the amount of fines issued has significantly decreased - from $2.2B in 2020 to $1.6B in 2021. This doesn’t mean that financial watchdogs have loosened their grip, though.

Regulators are now turning their attention from banks to Virtual Asset Service Providers (VASPs). This means crypto companies will have to be very careful in managing users’ transactions so as not to become subject to penalties for money laundering. Below, we are going to analyze some of the most prominent cases of AML fines imposed on various firms over the course of the last year, lessons crypto companies can learn, and what they can do in order to avoid these money laundering fines.


Fine: $100,000,000

Bitmex, one of the world’s largest and most reputable cryptocurrency trading platforms with a focus on leveraged trading, became subject to AML fines and penalties in Q3 2021. It was fined by the Financial Crimes Enforcement Network (FinCEN) and Commodities Futures Trading Commission (CFTF) for AML violations that took place from November 2014 through October 1, 2020.

The order issued by CFTF discovered that throughout this period, the platform violated numerous policies as it neglected to implement verification programs. Although the platform is officially registered in Seychelles and is not certified to conduct any activities on the US territory, many US citizens transferred funds through it.

As no KYC procedures were required during onboarding, it was discovered that Bitmex had facilitated more than $209 million of illegal transactions on darknet markets and other unofficial businesses.


Fine: $700,000,000

The Malaysian bank, AmBank, has been under scrutiny for playing a major role in the alleged theft of $4.5 billion in 2015. The former prime minister, Najib Razak turned out to be a key player in the story as he was found guilty of AML violations and corruption. The association with the so-called 1Malaysia Development Berhad (1MDB) scandal seriously damaged the reputation of AmBank as they managed Razak’s accounts, including those through which he received a $681 million payment from the Saudi royal family members. Besides reputational losses, the bank became subject to the largest AML fines over the past year.

This isn’t AmBank’s first time being handed penalties for money laundering, as there was a similar situation in 2015 where they were fined RM53.7 million by Bank Negara for “non-compliance with certain regulations”.


Fine: $30,000,000

Robinhood Crypto, the crypto arm of Robinhood Markets Inc., faced a $30 million fine in November 2021 from the New York Department of Financial Services (NYDFS) for violating numerous regulatory requirements. The issues were revealed during a probe on anti-money laundering and cybersecurity-related issues that took place in 2020, and resulted in huge AML fines.

Before going public, the company revealed that it indeed had some deficiencies in its policies and procedures regarding risk assessment. Also, in addition to the lack of adequate incident response and business continuity plan, there were deficiencies in its application development security.

An interesting fact is that just like in the case of AmBank, this was not the first time that Robinhood faced penalties. In December 2020, it had to pay a $65 million settlement with the SEC. At that time, the fine was imposed for a different reason, as the company was accused of misleading customers about income sources and neglecting to fulfill its obligation of best execution for client trades.

Preventive measures to avoid AML fines

The above cases of AML fines and penalties reveal a common pattern inherent to all the parties involved. The key problem of these companies was the lack of proper controls that would help them detect any illicit activities at the early stages. The task of staying compliant and avoiding money laundering fines gets even more complicated with time due to constantly changing requirements. The new laws are implemented not as fast as the new blockchain-based technologies emerge. But still, companies operating with crypto realize there are new rules quick enough, which brings them at the risk of facing AML fines and penalties.

In the light of growing attention towards crypto, it’s particularly important to have an automated solution to identify your users… With that said, here are some tips that can help you stay compliant and avoid money laundering fines.

1. Implement KYC processes

Make sure that you collect the necessary data about every new customer so as to have a full picture of who you are working with. The list of basic requirements typically includes name, date of birth, address, and government identification number, with each of these being supported by relevant documents. The more you know about your clients, the easier it will be to spot potential fraudsters and avoid AML fines in the future.

2. Ensure you carry out Customer Due Diligence (CDD)

Having collected the information about new customers, perform the background check and other screening procedures such as ongoing monitoring, reauthentication of already registered users (when needed), and biometric verification to assess all the potential risks before onboarding.

3. Enable various levels of authentication

Multi-factor authentication tools have proved their efficiency not only in regards to protecting end-users from fraudulent activities on their accounts but also the exchange platform. Reputable crypto companies should consider implementing several levels of authentication internally for their staff members as well.

4. Call in independent experts

Hiring a full-time compliance officer may be a costly task. To reduce expenses, you may apply to a third-party company that already has all the necessary tools. Passbase can help you identify suspicious users and track any risky behavior in a fully automated way. Our developer-friendly, highly customizable tools and flexible pricing allow companies to incorporate ID verification and AML compliance into your product seamlessly.

Passbase provides a convenient way for crypto businesses to perform KYC and AML checks through identity verification. You can integrate Passbase into your platform via the Passbase API or with SDKs for iOS, Android, and web.

To see how identity verification can work for your business today, sign up with Passbase today or book a demo.

Get the latest news from Passbase

Passbase © 2023


Passbase is an identity verification solution that makes facial recognition, liveness detection, ID verification and KYC and AML compliance accessible through a suite of flexible developer tools. A zero-knowledge architecture ensures that companies using Passbase can securely verify users from over 190 countries without having to store their data. Built for developers, it can be integrated with just a few lines of code on iOS, Android, and Web.