What haven’t we learned? The Binance money laundering debacle tells us there’s a long way to go

Those of us in the financial crimes compliance profession look at the current fiasco with Binance’s recent money laundering guilty plea (among many other accusations) and ask ourselves “How could this happen?” We believe that with contemporary policies, procedures, and technology, this could not happen. But it can—and does—when we forget that key ingredient of any internal control structure: PEOPLE. 

In August 2014, the US Financial Crimes Enforcement Network (FinCEN) issued an advisory stating that “Shortcomings identified in recent Anti-Money Laundering (AML) enforcement actions confirm that the culture of an organization is critical to its compliance.” It also provided guidance to financial institutions that leadership should be engaged and create a culture of compliance. In addition, the Office of Foreign Assets Control (OFAC) provided guidance that articulates the need for management commitment to compliance. 

Certainly, Binance’s management was committed not to compliance but rather to a culture of non-compliance. Given what we see in the enforcement orders, the organization’s chief compliance officer (CCO) should have resigned and not been party to the efforts of management to circumvent regulations.

So, what can we learn from this? 

• Any person or entity associated with Binance must reflect on their due diligence efforts and what went wrong. There was clearly too much reliance on statements provided by the company and little to no verification effort. The bad guys will be looking for a new platform, so everyone should beware of customers coming from Binance.
• If you are a compliance professional, be aware of that primary red flag: a lack of a compliance culture. A commitment to compliance must permeate throughout the entire organization, starting from the top.
• As a compliance professional, ensure your service providers understand your business, the compliance risks you face, and how their system—when configured correctly—helps mitigate risk.
• As a service provider to financial institutions, make sure your customer is using your system correctly and not just as a “cover” for compliance.

The Binance situation should prompt organizations to reevaluate and reinforce their internal controls, focusing particularly on the human element. We must remain vigilant, adapt to emerging challenges, and remember that technology and policies are only as effective as the people who provide and implement them. The lessons from Binance are clear: a culture of compliance is non-negotiable, and our diligence in fostering this culture is the bedrock of effective financial crime prevention.