Unchained - How Binance Will Open All Its Activity to the U.S. Government - Ep. 581
Episode Date: December 12, 2023Unchained is running its annual survey to better serve you. Please answer our annual survey here. The record $4.3 billion settlement reached between Binance and the U.S. government over charges of m...oney laundering and sanctions violations calls for the world's largest crypto exchange to maintain an independent compliance monitor for the next five years. Michael Dawson, a partner at WilmerHale, and Dorothy DeWitt, founder and CEO of Tolt Strategies, a former director at the CFTC and former general counsel at Coinbase, dissect the intricacies of this arrangement, delving into the roles and responsibilities of the compliance monitor, the potential impact on Binance's operations and the broader implications for the crypto industry. Listen to the episode on Apple Podcasts, Spotify, Overcast, Podcast Addict, Pocket Casts, Pandora, Castbox, Google Podcasts, Amazon Music, or on your favorite podcast platform. Show highlights: what exactly is a compliance monitor, and why it's essential in the Binance settlement which regulatory agencies the monitors report to and their significance why the DOJ insisted on including a compliance monitor in its settlement with Binance how Binance’s compliance monitor is expected to create a “ripple effect across the industry,” according to Michael why Binance, despite being a non-U.S. entity, is subject to a U.S.-appointed monitor Dorothy's perspective on why more monitorships might be appointed in the crypto industry going forward how much the monitorship will cost Binance and the factors influencing their choice of monitor whether the government will be able to discover other crimes with all this new information, which will be used by other agencies such as the IRS and the FBI who might be appointed as the compliance monitor for Binance and why Michael favors Patrick McHenry what constitutes the SAR lookback and AML program consultancy what could happen when the government gets to look at all past transactions what happens if the monitor discovers any wrongdoing within Binance whether the monitorship is likely to impact Binance's business operations advice from Dorothy and Michael for Binance's new CEO on navigating these challenges why predicting the future of Changpeng Zhao, Binance's ex-CEO, is complex, according to Dorothy Thank you to our sponsors! LayerZero Popcorn Network Arbitrum Foundation Guests: Michael Dawson, partner, Financial Institutions Group at WilmerHale Dorothy DeWitt, founder and CEO of Tolt Strategies and former Director of the Division of Market Oversight at the CFTC Links Settlement DOJ Settlement Text FINCEN Settlement Text CFTC Settlement Text OFAC Settlement Text WSJ: Binance Penalties Include a Number of Crypto Industry Firsts: The Treasury Department’s FinCEN is imposing its first-ever monitorship on the cryptocurrency exchange CoinDesk: Binance's Future and Other Questions Post-Settlement Unchained: Binance to Pay $4.3B Penalty to Resolve U.S. DOJ Criminal Investigation; Changpeng Zhao Resigns, Pleads Guilty to Money Laundering Charges Law360: Binance's Compliance Chief Is Optimistic About Monitorship The CFTC’s guidance on monitorships CFTC Releases Enforcement Advisory on Penalties, Monitors and Admissions Other monitors at crypto companies Coinbase (independent monitor): Press Release- January 3, 2023: Superintendent Adrienne A. Harris Announces $100 Million Settlement with Coinbase, Inc. after DFS Investigation Finds Significant Failings in the Company’s Compliance Program | Department of Financial Services Robinhood Crypto (independent compliance consultant): Press Release- August 2, 2022: DFS Superintendent Harris Announces $30 Million Penalty on Robinhood Crypto for Significant Anti-Money Laundering, Cybersecurity & Consumer Protection Violations | Department of Financial Services (ny.gov) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Five years in an industry that changes quarterly with a company that has only been around for six years is a really long time.
And so, you know, this settlement agreement allows the U.S. to have extraordinary inside access to information and influence over the organization on an ongoing basis that it might or might not be able to have if there aren't future touchpoints to the U.S. jurisdiction.
Hi, everyone.
Welcome to Unchained. You're a no-hype resource for all things crypto. I'm your host, Laura Shin.
Author of The Cryptopians. I started covering crypto eight years ago and as a senior editor at Forbes
was the first mainstream media reporter to cover cryptocurrency full-time. This is the December 12th,
2023 episode of Unchained. Arbitrum's leading layer-to scaling solutions can provide you with
lightning-fast transactions at a fraction of the cost, all while ensuring security rooted on Ethereum.
Arbitrim's newest edition, Orbit,
Enables you to build your own
tailor-made Layer 3.
Visit Arbitrim.io today.
Streamline your Defy with VaultCraft,
the ultimate on-chain toolkit
for deploying custom automated defy products
on any EVM chain.
Join Volcraft's referral program,
unite with the community,
and supercharge your crypto.
Details on vaultcraft.io.
The game has changed.
The Google Cloud Oracle
built for Layer Zero
is now securing every layer zero message by default.
Their custom end-to-end solution sets itself up
to bring its world-class security to Web3
and establish itself as the HTTPS within Layer Zero messaging.
Visit Layer Zero.network to learn more.
Today's topic is Binance's Future with Compliance Monitors.
Here to discuss our Michael Dawson,
partner Financial Institutions Group at Wilmer Hale
and Dorothy DeWitt, founder and CEO of Toll Strategies.
Welcome, Dorothy and Michael.
Thank you for having us.
Pleasure to be here.
The U.S. Department of Justice, along with the Treasury Department and the Commodity Futures Trading Commission,
recently reached a settlement with finance, the largest crypto exchange in the world,
over anti-money laundering and sanctions violations.
The exchange's financial penalty totaled $4.3 billion, and Chang Peng Xiao or CZ stepped down as CEO.
One less talked about aspect of the agreement is that finance for the next five years will now have a compliance monitor.
The monitor will be there for three years for DOJ and for five years for the Financial Crimes Enforcement Network or FinC, as well as the CEPC and the Office of Foreign Assets Control or OFAC.
Dorothy, can you explain what this means?
What is a compliance monitor?
Sure.
The terms compliance monitor, corporate monitor, third party compliance, independent compliance consultant,
They can be used interchangeably, but effectively they are an independent entity that is paid for by the company,
but that reports to the court or the government.
And the primary responsibility, including reporting, is to assess and monitor Binance's compliance with the plea and settlement and consent orders
and to oversee the creation and implementation of new and effective compliance measures,
and to eliminate or at least reduce the risk of recurring misconduct.
As Secretary Yellen said in the conference announcing these agreements,
what she really would like to see is for Binance to you off board and not on board all U.S. customers going forward.
Dorothy, I like what you said about the monitor being an entity,
because sometimes people think it's going to be a single person,
but in fact it could be headed by a single person who's got some.
some particular domain expertise, but it's going to be a large team, especially in a matter like
this.
And so, Mike, can you explain how it works for the company to have hired this person that in some
ways, or maybe in all ways, is actually working for another entity?
Like, what will they have access to?
What will they not, you know, what kind of like relationship and processes are, you know,
built up around a compliance monitor?
Yeah, it really varies from case to case. And there are a lot of provisions in the independent
monitorship provisions of the guilty plea that finance agreed to that are designed to try to make it
work better. So first and foremost, it's important that the monitor have good stature within the
organization and outside of the organization. And that comes from having a lead, monitors,
got relevant experience in crypto, preferably relevant experience from a regulatory background,
heading the effort. And then there will need to be access to personnel, information,
data so that the monitor can do their job. But you're quite right. At the end of the day,
the monitor sees their boss as being the Department of Justice, Vincent OVAC, and the CFTC,
and they see themselves as being answerable to them, not to the company.
Just to have the key to monitorships is this is an ongoing concern.
The purpose is to achieve and maintain a compliance structure and a cultural of compliance
that will prevent future violations of U.S. law and to move on and continue successfully.
There are lots of ways to trip that up, but a compliance monitor needs to also have
private sector sensibilities in addition to an up full understanding and experience with government
as a previous senior regulator or law enforcement, prosecutor, et cetera. But you have to have that
balance between private sector sensibilities and practicality and credibility as well as, you know,
the perspective of the government to whom you ultimately report. That's a good point. You need that balance.
I agree. And so why do you think the government made this part of the settlement rather than just
having the fine and having CZ step down? So the government has jurisdiction over, you know,
this person who's in the UAE, not a U.S. person and this entity that operates overseas and,
you know, theoretically, you know, theoretically, but not actually, not in the U.S.
But part of the agreement is that Binance will stop doing business with U.S. persons and will
offboard all of them. And so insofar as they have connections to the U.S., these regulators and
law enforcement have jurisdiction. But suppose they have completed the out theoretically, completed their
off-boarding of U.S. persons, I don't know, within six months or as of today, they've already done that.
Let's just suppose that. Then it's not clear what jurisdiction or effect or influence the U.S.
government regulators and law enforcement can have on an overseas entity that doesn't have touchpoints to the U.S.
So I think part of the, I'm speculating my sense is that part of the settlement is to enable the U.S. to really have
full insight into the way the organization works, what products it has, what compliance it has,
to be able to affect explicitly the company's culture of compliance, which is a major undertaking,
and to be able to ensure that and test and validate ongoing for five years, the compliance
function to make sure that it's adequate to achieve a compliance with U.S. laws.
Five years of compliance monitoring, which can be extended as six, and in certain circumstances,
that we can talk about could go very badly and there could be bigger issues, which could have
happened in other industries. Five years in an industry that changes quarterly with a company that
has only been around for six years is a really long time. And so, you know, this settlement
agreement allows the U.S. to have extraordinary inside access to information and influence over
the organization on an ongoing basis that it might or might not be able to have if there aren't
future touch points to the U.S. jurisdiction? Yeah, if I could just add to that, I think the
point about finance being a non-U.S. entity is really important because the Department of Justice
has a 10-factor protocol that it uses to decide whether or not it should impose a monitorship.
So in answer to your question, Laura, about why a monitor was chosen here, DOJ ran through those 10
factors and on balance concluded that one was important. But one of the key factors is, is the
entity subject to comprehensive supervision and regulation by a foreign regulator? In this case,
the answer is no. And so that would have factored into their decision to impose a monitor.
It's got an interesting consequence because what will happen as a de facto result of the
monitorship is that you'll have one of the largest players in the industry being subject to
a set of expectations and rules that are coming from this monitor, that's going to have
basically a ripple effect across the industry. I think essentially de facto regulation is going
to be defined by this monitor ship and then percolate out. But how is that the case?
How would that percolate? Like, I don't know. I would imagine it's mostly private or
explain how other exchanges. Because the reason why, the reason
I'm saying this is I guess most of these exchanges being private companies, like they probably all
have their own internal processes. And I'm sure there are certain things that become best practice,
but like within that framework still, they all have their own ways of doing things. So how would
that percolate out? I think exactly through that best practice mechanism. So what it happens
as a general tendency in the regulated space is that in the wake of an enforcement,
enforcement action like this, other companies looking at the Binance experience and attempting to avoid
a similar event, tempting to avoid a similar monitorship, we're going to try to reach the standards
that are set by Binance. Some of those are going to be private and unknown to other industry
participants, but others are going to be apparent. So, for example, if you're a customer and you're
trying to onboard at finance, you're going to know the KYC and enhance due diligence processes
that they put you to. And then when you go to other industry participants and go through
the same thing, you're going to share your experience. You're going to say, you know, wait a minute,
you're asking me questions at finance. Didn't. Why are you doing that? And so there's, there are
a lot of mechanisms through which word gets out as to what the current standards are. And you'll
see a tendency to, I think, for the industry to rise to the standards that will be set within
finance. And that's in their interest because, you know, the rest of the industry wants to
not have a monitor. Monitors are extremely expensive, extremely invasive, have a full access,
almost unfettered access to personnel, records, data, et cetera. And companies and frankly
policymakers want companies to improve their compliance functions and their culture compliance and
their internal risk and control framework, you know, terminologies that haven't been normal
lexicon in this industry because it's a newer industry, but have been the normal lexicon in more
traditional industries, they will really want to make sure that they have a demonstrable and
reasonably designed and effectively implemented internal control framework so that if in
when regulators come and ask about it or have inquiries or enforcement and maybe even with some
active enforcement cases, they can say a monitor is not required because of everything that we've done
and where we are, or if a monitor is required, the scope and time should be limited and so on and so
forth to have a little bit more. A lot of investment up front can really help out on the back
end around monitors and independent third-party consultants and resolutions.
And so one thing, you know, that is a little bit confusing, which we've kind of addressed, but I just want to ask about one specific aspect of it.
So as we mentioned, finance is not a U.S. entity. And yet these monitors will be reporting to the U.S. government.
So is it literally simply making sure that finance will not serve U.S. customers? Is that it?
or is it also making sure that they're complying with the laws and the jurisdictions where they operate?
Or like, what exactly are they making sure they do?
Yeah, it is off-porting the U.S. customers, for sure, but it's a lot more than that.
Yeah, because that can't take that long.
Yeah, although, you know, nothing is really as easy as it seems.
So you have to identify the U.S. customers.
You have to trace ultimate beneficial ownership,
and you might find some U.S. ownership that's lurking behind several,
layers of ownership. So it sounds easy, but nothing is easy as easy as it is as easy as it.
Right. But I guess like I would imagine it just wouldn't take five years. It might take like one
year, maybe at the very most too. Yeah, that shouldn't. But the provisions also call for the
monitor to make sure that finance is meeting standards associated with compliance with U.S.
sanctions, making sure they're not allowing the platform to be used to facilitate terrorist financing.
They're also exporting U.S. expectations around anti-money laundering compliance programs.
So it's much more than just off-boarding the U.S. customers.
And when you say exporting U.S. anti-money laundering or K.R.C., you mean like to the other
jurisdictions that finance actually operates in?
Yes. Oh, interesting. Yeah. Okay, but I guess I'm just confused as to it, I guess it's just because of the settlement that they can do that because there's nothing in those. Like, let's say there's some gap between what the U.S. requires in those processes and what the jurisdictions that finance operates and require. Then, yeah, it's just kind of forcing finance to do something for the U.S. jurisdiction simply because of the settlement.
That's right. But if it's a contradiction, the agreement says that finance can say, hey, we're prohibited from doing that as a result by local law.
So what the monitor is asking us to do, we can't do because of local law. And the agreement recognizes that.
But where there's a gap and not a contradiction, then the U.S. regulation is going to fill that gap.
And to me, it's really interesting.
What we have is a situation where we have an absence of regulation in the U.S. and in foreign jurisdictions,
and that void is being filled as a result of this agreed to resolution by finance, the U.S. government.
It's being filled by U.S. standards.
So how unusual or perhaps typical is it for the government to make a monitorship part of a settlement
like this, like would you have predicted that this would be part of some arrangement, you know,
because obviously for years now there's been rumors that, or not even rumors, but, you know,
still reported that there was, you know, some action that was going to happen against finance.
So did you expect this or was this a surprise?
I expect it. And I expect there to be more monitorships appointed in the industry for a few
reasons. The first is, well, we talked about the overseas jurisdiction, overseas jurisdiction,
the challenges on an ongoing basis to having, you know,
boots on the ground and eyes on everything.
And that's part of the benefit of a monitorship and the establishment of that
monitorship.
The second is that DOJ has sort of waxed and waned on its approach to monitorships
as a part of criminal settlements.
But civil regulators have been increasingly emphasizing the need for monitorships,
particularly in the areas where there isn't comprehensive,
U.S. regulation, like a bank has day in and day out bank regulators that are at the company
and looking at everything and so on and so forth. You just don't have that, generally speaking,
in this and some other industries. And so this allows there to be, you know, government supervised,
you know, eye on the company and real influence on the company's operations going forward.
As we talked about for five years, you know, the whole industry could change,
the way that monitoring is done can change, the way that detection is done,
could change, prevention is done, can change. You know, we don't need to get into defy,
but there are all kinds of things that could change that could make it more challenging. And the length
of the monitorship reflects, I think, the anticipation of a really changing environment. So the CFTC
just recently said it's going to require monitorships as much more frequently in missions and other
things like that as a result of their settlements. And they indicated that where they trust that
the company has and can remediate itself. They might do a third-party consultant that could advise
on that remediation where they're really not sure. Maybe it's recidivist or maybe it's very serious,
as in this case, they are going to require monitorships, you know, probably akin to what we see
here because of these various things. And Mike, I just have a question for you. Do you think monitorships
are an optimal solution in crypto? Or do you think they reflect, you know, I spent six months on the Hill
recently drafting crypto legislation in the Senate, which, you know, it's not clear where that's going to
go. But it is clear that there has been a need for legislative solutions to allow for a comprehensive
regulatory program. How do you think monitorships play into that lack of legislative solutions to
some vaccine issues? Yeah, it's a good question. I think they're clearly a second best solution.
And if we had a comprehensive regulatory regime and a comprehensive supervisory regime like we had for banks or broker dealers or other participants, I don't think you'd see monitors being used as often as they are in crypto.
So you've got a monitor in the Coinbase settlement with the New York Department of Financial Services.
You have an independent consultant appointed in the DFS settlement with Robin Hood Crypto.
and now you've got this monitorship.
And they are necessary in these circumstances,
but I think a poor second best solution
in the absence of comprehensive regulatory approach.
One more reason to advocate for a comprehensive regulatory approach.
So, yeah, one thing I did want to note about, you know,
how unusual this is, is this is actually the first time that Finsen has
had an independent compliance monitor as part of, you know, a settlement.
So, you know, that I think says something.
Yeah.
Well, no, the Wall Street Journal reported that this was the first time that they've ever employed
an independence compliance monitor, independent compliance monitor.
Probably they're not just fine.
Yeah, for sure.
So now, you know, you mentioned earlier the high price that these companies have to pay when there are
monitor. So do you have a ballpark figure of like how much this will cost finance? I think it depends on
the monitor and it depends on also on the cooperation by the company. You know, providing information
credibly, not false green thumbing, you know, saying that everything is going well when it isn't
necessarily. And being responsive and cooperative are key factors in the duration and the cost.
But, you know, Mike, I don't know, what are other key factors?
Yeah, I think one thing that's really interesting here is that the provisions in the guilty plea say that the independent monitor can rely on the personnel reports, testing of Binance.
So they can rely on the internal resources.
And I think that will go a long way to reducing the cost.
But you're still talking about tens of millions of dollars over a five-year period.
not billions, maybe it might total 100 million by the time it is done. It's going to be expensive.
And so this can't all be going to the main person that's running the show. It's not like just a
salary, right? Or what is that expense comprised of? Well, it will be basically you're going to be
paying time and materials for the time of the labor of the lead independent monitor in all the arms
and legs that they're going to need to employ to do their job. So it will be a team of people
and will charge hourly rates that are basically competitive within the market for people with
talent in crypto, in regulation, and in, as Dordley said earlier, getting that balance right
in terms of what complies with the regulatory expectation, but is also practical from a business
perspective. Those people aren't cheap. I was just going to say there are different models. So one model
might be to hire a big law firm and the law firm will have the arms and legs within the law firm.
Maybe they'll hire some forensics experts as well, which I have no doubt will take place here
and so and so forth. And so, you know, there's a tacit. I don't think explicit because lawyers have,
lawyers that would do this kind of work and others will be, you know, credible and highbrow
and so on and so forth. But, you know, the more arms and legs are out there and the more work is done,
the more costs and the more of the monitor and its organization make. There's a second approach,
which is kind of a two-tier structure, which is to have a smaller organization or entity or
individual who does the monitorship and then outsources but does not benefit from
the cost of the arms and the legs.
And those are the types of services that my company
told offers,
monitor and third party compliance solutions
that are that second, that two-tier model.
But there are other very well-established,
longstanding, larger organizations that have,
you know, a whole slew of divisions
that can do that kind of work in-house.
And so it just sort of depends on where the bills come from,
who's seeing it, and who's ultimately in charge,
and you know what the incentive structures are on there.
And so, you know, finance will have to make some decisions.
I'm sure it has, you know, some good options.
I will focus one thing on one thing that Noah Perlman said.
He did an interview with Law 360 a couple days ago.
And he's the, he's the chief compliance officer of finance,
who was brought in about a year ago, very well regarded.
I've known him for decades in the industry.
I was at Morgan Stanley for 15 years.
And then at Gemini, but he came.
came in and I think he was critical to, and the settlement documents suggest very much so
that he was critical to kind of turning around that compliance program and to, he's also
very experienced in, you know, major program management, which this involves, like it's a major
cultural change, major change in the way business is done and so and so forth. So, you know,
he said in his interview that you need a crypto who has expertise in the space. You know, industry wants
a monitor who is kind of committed to the success of the industry and that is willing and able
with those sensible and practical approaches to allow and permit the company to go on and move past
some monitorship and succeed with great compliance programs and so and so forth. But you also
need someone who's credible with the government. And when you look at that Venn diagram,
it's really small. And then even within that, you may have firms and forensics
and others that are conflicted, for example, I'm sure that some of the blockchain
analytics companies have worked with the government.
In this case, and others, I'm sure that some of the law firms have represented their whole
host of individuals and entities who would have representation here, like individuals 1 through 4
and entities A through F that are unnamed, but you can kind of understand who they are.
So the Venn diagrams get, overlap gets smaller and smaller.
And also keep in mind that both the DOJ,
And FinCEN say they ultimately choose the monitor from the three that are recommended by Binance based on certain requirements.
DOJ and FinCEN ultimately choose it.
It'll probably be one monitor across all of it.
That's fairly apparent.
But they have obligations to or they have priorities around diversity and inclusion in deciding which of the monitors there are.
So even that makes the overlap of the VIN diagram even smaller.
Okay.
So basically it could be kind of one entity, meaning a law firm, as Mike mentioned,
or it could be maybe a person who then outsources some of the functions that they'll be overseeing.
So, you know, obviously at the moment.
It's a person either way.
The person may be affiliated with a bigger organization like a law firm or a big forensics
compliance company or something like that.
or the person may be not affiliated with the arms and legs, but decide how to use the arms
and legs which to use and not necessarily have, you know, direct interest in, you know,
how much that involves related to their own payments and remuneration and such.
Okay. So at the moment, Binance is, I guess, vetting these different candidates, or not vetting,
but choosing which candidates they're going to offer up to the government.
So what do you think Binance is looking for?
You know, some of the requirements we just discussed are just, you know, kind of what are the parameters of what they, you know, can select.
But within that, what do you think they'll be looking for?
They'll look for three things and maybe a fourth.
Cost.
And that's not to say like, is it X amount an hour, 1.5 X amount an hour.
It's more that, you know, are they going to be able to make sure that, you know,
there's a commensurate benefit to the public and the government and national security to the work that's being done and charged, for example.
There have been examples that, you know, Mike and I can tell you about where it's not clear that there's a commensurate benefit between the cost and the outcome.
So they're going to make sure cost is related in large part to scope, scope around AML, KYC sanctions, you know, etc.
No, scope creep is an issue that can come up and that can be very, very cost.
costly. And third, you know, part of the costs are what Mike said, where the monitor can rely on
Binance's internal forensic analysis and reports and this and the other, if in their own
discretion the monitor finds those credible, if not they can use their own. So different cost
mechanisms, scope mechanisms. There also is the ability to end the monitorship early. If, you know,
everything, if the government agrees that, you know, the purpose of the monitor has been completed and so on and so forth, that has happened. It's not very common, but it has happened. And that's certainly what companies always want to try to do and they're very incentivized to put in place the mechanisms to do that. It's key to note one particular thing. It's not just that the monitor is going to help ensure that the internal control framework prevents U.S. customers from accessing their platform going forward.
It's also that the monitor has an obligation to, and finance agree to this obligation, to do a look back.
A look back is where you look back over the last six years and you look at every transaction
or huge samplings and swaths of transactions, so and so forth, and you'd identify which transactions
should have had suspicious activity reports, SARS, filed.
And for each of those that they find over a long lookback period, they need to file those.
So that gives OFAC and FinC and FNsen much more information about what illicit activity has taken place.
And they can see the wallets and they can see the KYC if any was done.
And they can see the transactions and so on and so forth.
So the lookback is key.
That can take longer than you expect.
It's hard.
It's complicated.
And then also key is explicitly changing the culture of compliance.
and improving the compliance program to achieve compliance with U.S. laws.
So since, as we mentioned, this is a very small then diagram and just get smaller when you
kind of look at all the different requirements that need to be meant. So given that,
I wondered if you had any particular candidates that you thought were likely choices for this role.
I wouldn't want to speculate. There are big organizations that have done this.
There are like forensics and consulting firms.
There are law firms.
And then there are organizations like me that are, you know, having been the director of the
division of market oversight at the CFTC, the first woman director, and also having the
general counsel of Coinbase and more recently drafted crypto legislation in the Senate for a
temporary stint this year and last.
You know, those are those, you know, just to give us a shameless plug, you know, those are
other options as well.
And that's the two-tiered structure.
both structures can work, and it really depends on what the government prefers and what
finance prefers. And I'm sure they will put tremendous amount of thought. And I'm sure there will be
lots of interest and submissions to seek this monitorship. It's an important one. It's important
to our national security. It's important to the industry. And it's important to, you know,
the direction of the industry and compliance. Well, Michael, do you want to name names?
You know, sure, as a thought experiment, I've got a dream candidate,
completely, probably completely implausible.
But how about Patrick McHenry, outgoing chair of the House Financial Services Committee,
as announced he's not going to seek re-election.
I don't think the timing is going to work out for this.
But I think that's the type of person you want.
And it gets to one other dimension that is required here.
In addition to that bent diagram, and Dorothy alluded to it,
which is leadership. It's going to be a big project with a lot of people, and you need to have
a leader at the head of it who can keep all of the projects and tasks going on time. So I think
that's a fun candidate to speculate about. Again, thought experiment, probably completely
implausible. That's a great idea. All right. So in a moment, we're going to talk a little bit
more about what it is that the monitor will do, but first a quick word from the sponsors who make
this show possible.
The Google Cloud Oracle built for Layer Zero is now securing every Layer Zero message by default.
Their custom end-to-end solution sets itself up to bring its world-class security to Web3
and establish itself as the HTTPS within Layer Zero messaging.
Visit Layer Zero.network to learn more.
Defi just got way easier with VaultCraft, a blockchain infrastructure for building,
building, deploying, and monetizing non-custodial yield strategies in a few clicks.
Forget spending months of R&D, capital, and human resources
when you can now instantly launch your crypto fund with Valkraft on any EVM chain.
From wallets and institutional service providers to a non-DIFID gens,
Volcraft supercharges your crypto assets by enabling instant cross-chain yield strategies
that you can deploy in one minute.
Now anyone can supercharge their crypto portfolio.
with custom-tailored defy strategies.
Join Valkraft's referral program,
unite with the community,
and supercharge your crypto.
Details on Valkraft.io.
Arbitrum stands at the forefront of innovation
as the premier suite of layer two scaling solutions,
bringing you lightning-fast transactions at a fraction of the cost,
all with security rooted on Ethereum.
From DFI to gaming, Arbitrum 1 plus Nova
is home to over 500 projects,
And with the recent launch of orbit, Arbitrum welcomes you to build your very own
tailor-made layer three, or, as the Arbitrum ecosystem calls it, an orbit chain, directly on the Arbitrum
tech stack. Designed with you in mind, Arbitrum empowers you to explore and build without compromise.
Propel your project and community forward by visiting Arbitrum.io today.
The scorebed app here with trusted stats and real-time sports news.
Yeah, hey, who should I take in the Boston game?
Well, statistically speaking.
Nah, no more statistically speaking.
I want hot takes.
I want knee-jerk reactions.
That's not really what I do.
Is that because you don't have any knees?
The score bet.
Trusted sports content, seamless sports betting.
Download today.
19 plus, Ontario only.
If you have questions or concerns about your gambling or the gambling of someone close to you,
please go to Connixontera.ca.
Back to my conversation with Dorothy and Michael.
So Dorothy alluded to this,
earlier. But, you know, in addition to just making sure Binance is offboarding, U.S. users,
and that it's complying, you know, up to a certain standard, especially if there are gaps
in the jurisdictions that finance operates. And they are going to be also doing this lookback.
So as far as I understand, this is actually a separate role, or it's probably somebody under
the monitor. And it's called the SAR lookback consultant with SAR standing for a
Suspicious Activity Report, which is something that has to be filed here in the U.S. when a financial
institution identifies what they believe to be suspicious activity. And then the other is an AML
or anti-money laundering program consultant. So can you talk a little bit about what these two
roles will be doing? Yeah, why don't I take the SAR lookback one, Dorothy, and maybe you can speak to
the other one. I've been involved in a lot of suspicious activity report lookbacks. And basically
what's involved is the monitor is going to have to first collect transactional and customer data
from the past from Binelbbs. And that itself is a non-trivial, difficult exercise, because at the
end of the process, you have to be able to show the Department of Justice and FinCEN that the
beginning of the process was sound, that you collected all the data that there weren't any gaps
in the data that you collected. Then what the
monitor's team is going to have to do is analyze those transactions against a set of typologies
or known patterns of money laundering or terrorist financing behavior to try to identify
potentially suspicious activity. Then what the monitor does is that that's kind of an automated
computer-driven process. That'll spit out alerts that a team of humans will then invent
investigate to see whether those potentially suspicious activity are actual suspicious activity,
then they prepare and file a report with FinCEN that details the who, what, win, and where
of the suspicious activity.
These are very, even though it begins with this automated process to generate the alerts,
they're very labor intensive.
I would anticipate you'd have a team of, you know, scores of analysts.
So in the maybe not quite 100, but around that number of people actually reviewing the alerts to identify suspicious activity.
Yeah, I would imagine that the sheer number of transactions that they have to kind of, you know, that initially is, I don't even want to match.
Yeah.
this SAR lookback operation could turn up a lot of information that leads to clues about who
perpetrated other crimes that we don't know about yet. And, you know, thinking back, I remember
there was the Dutch authorities who seized the dark net market Hansa, the DOJ seized Alpha Bay,
which is another dark net market. And I'm not saying that Venex is a dark net market,
but I'm just saying when authorities get a lot of information about transactions, it's led to
other crimes being resolved. Like, for instance, the Bitfinex hacker, I believe, you know, the authorities
figured out who they were from, I think it was transactions on Alphabet. And so do you think this
look back operation could end up identifying more crimes? And if so, like, how it, because the, you know,
everything that the government's produced so far has, has shown that they have a lot of information
already about what happened on Binance. I was just wondering kind of what the difference is between
the information they've received so far versus what they'll be getting now.
Let me start and then I'll turn it over to Mike who will have some good insights.
You raise a very important question.
You know, some of our discussion has reflected whether illicit actors who may have been able
to transact an exchange in the past on Binance will want to do so in the future.
You know, the likelihood of reducing that illicit activity on the world's largest platform
is significant going forward.
The question you raise is retrospectively.
And that highlights and underscores why our senses or my sense is that the government
structured the resolution in the way that it did.
Not only does it have boots on the ground, it's very invasive to have a monitor that can
see everything for the next five years, extendable to six, all the information, client
information, transaction information, et cetera, to be able to monitor for these types of things,
but also the look back provision, that's sort of half of the rematch, the other half of the remit is sort of ongoing compliance program improvement and testing and so on and so forth.
The look back provision requires that Binance go back and identify what the government believes is to be more than 100,000 suspicious activity reports that should have been filed.
And it has to go back.
It's traditional in a look back.
You go back and correct.
It can be very time consuming.
It be very complicated.
And the government has required finance to go back and look back at virtually all of its transactions
and to identify and file SARS for those transactions retroactively.
And that is absolutely a trove of information for law enforcement.
And I'll underscore that criminal plea agreement was with the criminal division's money laundering
an asset recovery section known as Imlars and with a separate division in the DOJ, which is a
national security division. And I think a large part of this settlement is the priority of the Department
of Justice to get as, you know, get as much information as it can to uphold our national interest by
prospectively preventing and retrospectively getting information and identification to help it
in its fight against illicit finance and sanctions violations.
My guess is that they have been starting the look back, but I'm not sure.
They may be waiting for the plan that the monitor puts forth so that they're not doing some work and then, you know, doing it in a more formalized way with the monitor.
But my guess is in the last period of time that they went working hard to remediate before this, they have, you know, provided the information that they can.
and I feel fairly certain that once the monitor is in place, there will be likely a rolling
production.
And it will be, you know, significant and a significant amount of information on illicit actors.
And you might see in the coming months and years following those productions, or you might
not see, government activity integrating all of that information into their efforts to support
our national security.
What do you think, Mike?
Totally agree.
And I guess I would add that this really goes to the core, the original mission of Vincent.
The E in the end, and Vincent stands for Enforcement Network.
And what FinCEN was originally stood up to do was to share this information with federal and state law enforcement agencies.
So in addition to FinCEN having access to the data, IRS criminal investigations has access to the data.
the FBI has access, customs, state law enforcement agencies, U.S. Secret Service, and Fincen, in addition,
has cooperation agreements with the financial intelligence units of other countries.
So this information, I think, will be a very sort of target-rich environment,
and the question will be kind of the law enforcement agencies
kind of marshal resources to exploit it in a timely, timely manner.
I think the other thing I would add is that this information likely has relevance
to the national security intelligence community,
both United States and abroad.
So I totally agree with Dorothy's points,
and it really goes to, I think, a core of what,
Vincent's mission is.
So for national security, are you referencing like the North Korea type stuff?
North Korea, Amas.
Right.
And one other things, so, you know, they already seem to have a fair amount of inflation
on finance.
So, you know, what's the difference between how that was obtained or what they were
able to obtain there versus what they'll be?
I mean, obviously now it's like literally everything.
But just, you know, what, yeah, what were they able to have?
so far so far and how? Of course we don't know, but the likelihood is that, and I think it's reflected
in a lot of the language in the consent orders and the plea agreement, the likelihood is that
in order to bring these enforcement actions and charges, they had, you know, a sampling, a significant
sampling. In the plea agreement, it spoke only of Iran. In the FinCent agreement, it spoke of a lot of
other comprehensively designated countries and SDNs that have been designated and, you know,
or not, it shouldn't be, it would be a violation of U.S. law for U.S. persons to transact with them
and the matching engine itself enabled that to happen. So that was sort of a lot of discussion in
these agreements about that. So they clearly had a meaningful sample that was sufficient to
bring these comprehensive charges and this record-breaking settlement.
in resolution. But what I think those documents also made clear, at least tacitly, is that
there's probably a lot more. It's likely they didn't sample 100% of everything. And that's why
they brought in a lookback monitor. Neither monitor has to sample 100% of everything, but they
can if they want and they feel it's appropriate. So they'll put together as Mike, you know,
is an expert on a plan to, you know, tackle this.
and they'll get through it. And as they go through, they'll see what perhaps their sampling is showing and then decide how much deeper to do or decide whether to sample 100% of everything, which is likely because the more information that the government is able to identify through this process on illicit finance, the better. And so, you know, you'll see in these agreements, they say at least 100,000 or at least this amount. I think my sense is that there is a likelihood that there will be.
a much more comprehensive review that will provide more information over a period of time. And part of
why this monitorship is so long, three years for DOJ and five for the rest, it can be extended,
is because that may be something that can be accomplished in one period of time or that may
require a significantly greater period of time, especially if complications come up or it's
difficult to and so forth. I would also say that, you know, when I was general counsel at Coinbase,
It was a huge priority to prevent illicit finance and to do
transaction monitoring and customer do not just know your customer,
et cetera.
And it was really comprehensive.
And that's just the day-to-day stuff.
It's very resource intensive.
And this look back is going to be a massive project that I think, you know,
I think is expected in general to yield some significant benefits to the customer, I mean,
to the country, national security and our, you know, the integrity of our financial system.
And so Dorothy, can you talk a little bit about what the anti-money laundering program consultant will do?
Sure. So the anti-money laundering program consultant will primarily do two things.
Ensure that there is a culture of compliance, and that's more complicated than it sounds.
And second, ensure that obviously the elements of the agreements relating to improvements and enhancements and of the compliance program are put into effect.
So ensuring culture of compliance is pretty significant.
It's not just illicit finance compliance.
It's everything.
And that can involve tone from the top, which is critical, the CEO and board and senior leadership.
It involves investments, making sure compliance is sufficiently independent and sufficiently resourced
and that their team has the expertise that are requisite for this type of level of sophistication and transactions and programs.
that is necessary to achieving the goals.
And it also needs to make sure that there's training across the organization,
which is no small feat, that there are policies in place that are reasonably,
and training and controls and other things that are reasonably designed
and effectively implemented to assure compliance with U.S. laws.
Reasonably designed, that means that you've, based on your business model and your products
and your risks, it's a risk-based approach.
to this, that you have addressed in controls, which can be policies and procedures, training,
you know, whether the controls are detective, preventive, automated, or manual, you know, what type
of mitigative measures are in place, what type of escalation measures are in place when
concerns are identified through alerts or otherwise, you know, how those are decided,
what level of decision-making is in place. Like, these are all very complicated sort of policies
and procedures and controls and training undertakings that they need to do.
And what often comes up, Mike and I have worked together on some of these types of things,
including a major financial institution that had huge remediation obligations based on a very
significant fine.
And it took several years to put in place.
But things can come up during that analysis, both the look back and also the compliance
monitor.
And those can include, you know, suspected additional.
violations of the law and kind of confirmed additional violations of law and those need to be
reported. They may need to be reported immediately to law enforcement. Lots of things can come up.
But let's go back to the compliance framework. You've got to have training. You've got to have
ton for the top. You've got to have alignment of the compliance program with disciplinary measures
and compensation measures like their staff's compensation and review annual review and performance
expectations should not only be revenue and product and so on and so forth, but should explicitly
and in a very documented way include, you know, compliance as a priority of what their job function is.
There are also obligations to, for example, formalize how you deal with law enforcement.
So those are all reasonably designed in reporting and timing and, you know, everything that Mike
also described.
Effectively implemented is also critical.
So in the FinCEN consent order, it described many situations where at some point,
Binance had policies and procedures in place, but it had nothing or little to do in the government's
view with what they were actually doing.
You know, they might not have known about the policies of procedures.
It might not have followed it.
It might not have been had anything to do with sort of how they actually do business.
So one of the ways that companies trip up a lot in companies who want to prevent or limit
monitors will really want to focus on is making sure that they have a control and training and so
and so forth and that they're walking the walk in each of these areas around comprehensive risk
and control frameworks for following their regulatory legal obligations, independently testing
those with reasonable samples and making sure that their policies and procedures reflect their
business. And as their business model changes, those have to be changed as well. And that's a big
undertaking in any day-to-day company. It's a particularly big undertaking in, first of all,
finance and the industry, which, you know, kind of built itself on innovating and doing really
cool and interesting stuff, but may not have thought as much or implemented as much, you know,
those sort of ticking and tying of making sure everything is dressed, reasonably designed,
effectively implemented, and tested independently. In the resolution, there was a lot of, in the resolution,
was also a discussion of their testing of their compliance policy, which has to be independent.
It could be audit. It could be external. And that the sampling was tiny and it was terrible and it
excluded non-KYC users and so and so forth. So all of those elements need to be in place, and that's
what the compliance monitor will ensure. So I did also want to ask about a situation in which
the monitor finds that there's, you know, something wrong, some kind of wrongdoing.
So, you know, I take it after they file this suspicious activity report, which is for past transactions that then whatever FinCEN does at that point, you know, directs, they would direct finance. But what if there's something happening, you know, in the present time? Then is that something that they talk about with Binance? Is that something they go directly to the government to you without telling finance? Like, or maybe there's, you know, certain types of wrongdoing will fall under one or the other. Can you talk a little bit about that?
I think it depends on the wrongdoing.
They're definitely going to, the monitor will definitely report it to the government.
If it's lower level within finance, they'll report it to the finance leadership as well.
In the, I think, unlikely event that it's the new senior leadership of finance,
then they would go to the government without telling finance.
But I think in the most instances, if they do find something wrong,
it's likely going to be within the kind of,
the ranks or the systems of the organization, and they would apprise the leadership,
like the chief compliance officer, the new CEO of finance, as well as the government. So that's
on right, Dorley. And there are two elements of misconduct. The first is suspicious transactions.
And first of all, if you don't have U.S. persons, you're in a different place. And if you do have U.S.
person, and you find out what, you know, maybe one of your users is a U.S. person. And then
you had not been able to detect them before. So one is a suspicious activity. There's transaction
monitoring, there's KYC, there's customer due diligence, there's risk ranking of customers and so
and so forth. So SARS are reported all the time. And I would expect that there would be
SARS reported with some level of consistency on a go forward basis as takes place in all financial
organizations. And that's the way it's supposed to work on an ongoing.
basis. The second level of a parent or suspected or actual misconduct is something like within an
organization, for example, you know, obstruction of evidence about what Biden knows, but the
monitor doesn't know about something that they've discovered by their staff or that they did
wrong or so on and so forth. That's where it gets really challenging and can be pretty risky. It's
smaller level things come up a lot during these types of monitorships.
Occasional bigger stuff comes up and that can result in some challenges, including
extension of the monitorship, if they feel like it's necessary, it can result in,
can potentially result in some additional charges and additional, you know, broadening of scope,
etc., etc.
So one other thing that I want to ask about was, you know, there's probably
like some boundaries in terms of what's appropriate for the monitor to look into and then what's
not appropriate. So what are kind of the limitations of the monitorship or, you know, where can
finance sort of assert like, you know, this is off limits or, you know, not part of the agreement?
I think the work plan is going to be key to that. So the guilty plea and the agreement with
FinCEN requires the independent monitor to submit a detailed work plan to, uh, to
the government and I think that's where you'll see the real effort to define the scope and to get
the balance right between meeting the government's expectations while at the same time being
something that's doable, practicable and does not exceed the scope of what the government is looking
for in terms of stopping terrorist financing, stopping the payments to child prologutors,
adopting the AML compliance program.
So, you know, for example, in its efforts to establish a culture of compliance, you could look
at that very broadly and look at, say, compliance with local tax rules.
That could be part of a compliance mandate, but I think at this instance, it would likely,
I think all parties would likely agree that that's not within scope.
So the work plan will be the place where the three sides hash out what the appropriate scope is for the monitorship, hopefully.
And then earlier, Dorothy, you said that there are some instances when the compliance monitorship can go very badly.
So what does that look like?
And yeah, what did you mean when you said that?
So in TradFi, there have been monitorships that started out as maybe three years.
And then as additional serious violations arise in the scope of the, you know, close inspection and, you know, access to full information that the monitor has, you know, those things can result in additional consents and pleas and other things like that.
And that those may involve an extension of the monitorships.
I mean, there have been monitorships that have started out with just a few years and have gone, you know, a decade.
also in a privately
issued report on sort of guide to monitorships
there was a callout of Governor Chris
there's a concern in the industry
and also it's articulated by the DOJ
in the Deputy Attorney General's recent remarks
about monitorships they base
the DOJ is not a regulator
it's a law enforcement agency FinC
CFAC are regulators
and so DOJ
DOJ wants remediation, but it doesn't want to be in the position of being, you know, kind of the
regulator, the inspector. And that's why you may see the same monitor doing both. You know,
primary contact point practically may well be FinCEN. But the fact of the matter is that, you know,
in this public report about how to how to think about monitorships and how to scope it, you know,
there was an example of Chris Christie when he was Attorney General of New York.
Jersey appointing Ash John Ashcroft to do some monitor work that ended up being several years
and $50 million.
And, you know, in the view of sort of the analysis and study, you know, that amount of money
and time and expense was not commensurate with the public benefit for that resulted from that.
And it reflected a concern that's been ongoing of cronyism, which is where, you know,
DOJ monitorships tend to have.
have tended or been seen to tend to prefer former prosecutors who have worked there and know them
and so on and so forth. So the Deputy Treaty General has really tried to address those things
by putting forth a really clear process so that the process is what dictates how the monitor
works, not the DOJ being the regulator, and also by, you know, prioritizing things that will
limit the risk of kind of cronyism and so on and so forth. And, you know, that's a good sign for
industry. That's good news. So what effect do you think this monitor will have on Binance's
business overall? Like, do you expect that users will leave? Should users think any differently in
terms of like their privacy or any other issues, you know, about being, you know, on the platform?
Yeah, I was just curious what your perspective was from the user side.
Sure. The good news is if you're a Hamas or an al-Qaeda or a ransom,
where entity or, you know, like a really bad actor.
And you know that for the next five years, there's a monitor with a, you know, huge scope
looking at every transaction and access to all the data and so on and so forth.
The monitor doesn't have to look at every transaction, but it can do sampling and so on and
so forth.
But it can.
You know, are you going to want to be on that platform?
And that's sort of the beauty of the settlement is it's not only does it address stuff
historically, like with the look back review, but it also,
protects our country and our national security by providing disincentives for really bad actors
to be on the largest exchange and platform in the world. And so, you know, will that have an
effect in limiting and narrowing the ability of bad actors to compromise our national security
and to support all these terrible things like, you know, what Mike described? I think that will
really have a profound effect. And as Mike described, it will resonate across the industry and
I think overall it will have a profound effect on the ability to limit illicit finance and
terrorist finance and money laundry.
If I could just add, I think in terms of what this means for the finance business,
you know, too soon to say, and it could really depend on a lot of things, but the early
indications are pretty positive.
And I think there are two things that I would point to.
One is the detail that the government has used in specifying how the monitorship will work.
That's a positive.
And the second, and probably more important, positive is that finance has embraced the monitorship.
So you have their chief compliance officer publicly saying he's excited about commencing the monitorship,
it's going to embrace it as a business accelerator, sees it as feeding a competitive
commercial advantage. And I think that sort of attitude and tone from the top are a really good sign
that this bodes well for the business in the long term. Yeah, and I was going to ask,
so I'll just ask it more directly, but this is the perfect segue. Like, are there any tips that
you would offer to either finance or Richard Tang for, you know, how they can best cooperate
with the monitorship to make sure that it's successful and doesn't, you know, go badly?
I'll be happy to start. And I think Michael should add on as well.
So the biggest tips are to be credible and candid.
You know, if it takes you longer to produce the information that they need, be candid as to why,
be candid as to how if a deadline slips a little bit, but there are reasons why, then that's
workable, that's credible.
Credibility is key.
Cooperation is key.
That tone from the top that was reflected recently in the CCO's interview and make it lemonade
out of lemons, which I really, I think they honest, at least.
the CCO honestly buys into, and I think a lot of people in the industry also buy into,
even though it's a little bit painful to get through the process of monitoring and remediation.
So it's credibility, producing information, full access, if there's a suspicion by the monitor
that documents or people are not being produced in a voluntary and cooperative and easy way.
You know, that may be an issue.
You also want to make sure you know you have the resources and you have the capability and the expertise
in-house to manage what is a huge set of projects, change management plans, and that you
have the expertise and so and so forth. And you want to, you know, you want to, basically, I think
those are the main points is credibility, cooperation, investment, and expertise.
Couldn't agree more. I think that's perfectly said. So CZ can actually technically return to
finance after three years. Do you think that would happen? And do you think the government
would be okay with it or what's the outlook for that actually happening?
A lot can happen in three years.
So it's really hard to predict.
You know, there can be other, look, the thing that we haven't talked about, which is actually key,
so it's a great opportunity from your question to mention it, is that this global settlement,
all companies want a global settlement.
So they can settle, they can pay, and they can focus all of their resources on the monitor
and their remediation and the improvement of their programs and so on and so forth,
so that they can kind of graduate from the monitoring and move on and pursue their business
and achieve a lot of their goals in terms of innovation and so and so forth responsibly.
But the fact of the matter is that at the podium, you saw the chairman of the CFTC,
you saw Secretary Yellen, you saw Attorney General Garland and others, and there was one person
who was missing, which is the head of the SEC.
The SEC has filed an enforcement action.
It wasn't part of the global settlement.
We can speculate as to why, perhaps the SEC required an admission that the tokens that they're
trading are securities and they wouldn't trade them going forward, regardless of whether it was
the U.S. persons.
I'm speculating.
That could be something.
And then perhaps, you know, there are other elements of what the SEC would require that,
you know, they couldn't reach an agreement.
And so that's a, you know, that's a big threat hanging over the head of finance that they
really need to resolve in order to really move forward.
And, you know, there may be other jurisdictions and other concerns and so and so forth. And there,
alternatively, may be, you know, just hurt, you know, great tone from the top, great implementation,
great design, great remediation, so and so forth. So it could really go, you know, a variety of
different directions. So it's very hard to predict. Why don't we zoom out now because this, you know,
as we've discussed, probably isn't just going to be the one time. We've already seen that the New York
Department of Financial Services did also reach a tunnel on a Coinbase where they appointed
independent monitor. Robin Hood Crypto also ended up with an independent compliance consultant.
So talk a little bit about, you know, where you see this going. Like, do you think this is going to
become a trend or, you know, in what cases do you expect we'll see more of this and how do you
think the industry can avoid it since, as you mentioned, it's costly? I think in the absence of
comprehensive regulation at the national and international level, it's definitely,
a trend that when companies in the crypto space get into trouble, I would expect to see
monitors and independent consultants appointed more often than not. I think one interesting question
will be how do the monitors make sure they're giving consistent advice across multiple
engagements, right? So if we get this situation where the monitors are de facto regulators of
individual companies, how do we make sure that they're being relatively consistent across each
other, especially when one's appointed by the DFS and others appointed by DLJ? So this is a problem
that I think will need to think about and solve in the future. But to answer your question,
I think it's definitely a trend that's with us for the foreseeable future. Yeah, but I would also
say that, you know, our advice to companies is keep in mind that Biden is sort of, you know,
by census of finance got wind of this a few years ago and started some remediation efforts a
couple of years ago. And those really ramped up particularly a year ago when they hired
real serious compliance expertise and so and so forth. And then a lot, the documents suggest
that a lot of the kind of remediation of their compliance program is very well underway,
if not, you know, certain major milestones have been completed. So that's good news. And the good
And that's a takeaway for industry.
So if you're not dealing with an enforcement matter at the moment,
you really want to make sure you have that robust, demonstrable,
internal control and risk framework that's reasonably designed and effectively implemented,
it's far more complicated and tested and verified and validated.
It's far more complicated than, you know, industry might consider, might present,
might presume. You know, Mike and I both have done internally and externally major internal control
framework building from scratch or restructuring and so or so forth. It's pretty big and comprehensive
and it has to be tested, it has to be validated, and it has to be documented, and so on so forth. So you're
really going to want to get that in place. If you're in the midst of an enforcement action
or you think you might be or so on and so forth, again, the more you can remediate, you know,
and before, the more you can invest in that type of remediation, the likelihood of you getting a monitor
is lower, although I think still pretty decent for the reasons we've discussed. And the time duration,
the cost and the scope of the monitor can also be negotiated and reduced because you've already
done what you needed to do. And then you can, you know, there are also issues around, you know,
if you find issues, do you self-report them? Those can, you know, help you with any
fines or penalties and can really bring credibility to the negotiations about whether
monitor should be in place.
I think DOJ and certainly CFTC recently said explicitly, it really depends on how much we trust
you.
And it really depends on whether you're a citivist and whether you've self-reported and so on and so
and so forth.
So those are all different things that industry should think about.
And I think they should think about it early and often because the investment now, I think
we'll pay dividends later.
All right.
Well, this has been a highly illuminating conversation.
Where can people learn more about each of you and your work?
So for me, I'm on LinkedIn and Twitter and Telegram, Dorothy D. DeWitt.
And Mike?
I think LinkedIn is best.
Michael Dawson.
I'm at Wilmer Hill.
So if you put that in the search, you won't get the former midfielder for the Tottenham Hotspurs.
You'll get the crypto financial regulatory lawyer in Washington, D.C.
Great. Well, it's been a pleasure having you both on Unshade.
Thank you.
You so much.
You're here.
Thanks so much for joining us today to learn more about Dorothy and Michael and the Binance Settlement with ZOJ.
Check out the show notes for this episode.
Unchained is produced by me, Laura Shin, with all from Kevin Pukes, Matt Pilchard, Juan Urvanovich, Megan Gavis, Nelson Wong, Shashank, and Margaret Curia.
Thanks for listening.
Unchained is now a part of the Coin Desk Podcast.
Network. For the latest in digital assets, check out markets daily seven days a week with new host, Noel Atchison. Follow the CoinDesk Podcast Network for some of the best shows in crypto.