The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) announced on October 19, 2020 that it assessed a $60 million civil monetary penalty against Larry Dean Harmon, as the primary operator of Helix, and as the Chief Executive Officer and primary operator of Coin Ninja LLC (Coin Ninja), for violating the Bank Secrecy Act (BSA) and related anti-money laundering regulations. Mr. Harmon operated Helix and Coin Ninja as a mixer or tumbler, in an effort to assist customers in anonymously transacting in bitcoin.
FinCEN charged Mr. Harmon with willfully failing to: (i) register as a Money Services Business (MSB), (ii) implement and maintain an effective anti-money laundering program, and (iii) file suspicious activity reports. In addition, FinCEN charged Mr. Harmon, in operating Coin Ninja, with willfully participating in Coin Ninja’s failure to register as an MSB. Mr. Harmon has been separately indicted in the District of Columbia, charged with conspiracy to launder monetary instruments and the operation of an unlicensed money transmitting business.
Bitcoin Mixers and Tumblers
According to FinCEN, Helix operated two separate “mixer” or “tumbler” schemes called “Helix” and “Helix Light,” stripping customer and other identifying information from bitcoin transactions. Mixers and tumblers typically involve the use of software or other means to allow customers to pool together their bitcoin, and then receive back different bitcoin of the same value, breaking the link in the transaction history on the public ledger with the result that transactions can no longer be traced back to the customer.1
FinCEN alleged that Mr. Harmon utilized Helix and Helix Light to engage in mixer-like transactions, including in relation to the Grams darknet website. Helix would charge customers a fee to send bitcoin to a designated wallet address associated with the customers’ Grams accounts. Customers would send bitcoin to Helix, which would in turn transmit the bitcoin to accounts owned by Helix held at a number of different cryptocurrency exchanges. Then, Helix would transmit bitcoin owned by Helix and held at a different Bitcoin address to the customer (minus a fee), scrubbing the transaction of any customer information in the process. Helix Light conducted transactions in a similar manner, though it did not require the creation of a separate Gram-affiliated account, among other distinctions.
FinCEN found that Helix and Helix Light conducted over 1,225,000 transactions for its customers and was associated with virtual currency wallet addresses that sent or received over $311 million. FinCEN identified over 356,000 bitcoin transactions through Helix.
The use of external privacy mechanisms such as mixers or tumblers, and privacy coins (such as Monero and Dash), can create challenges for in-house legal and compliance departments in their efforts to trace the source of funds and perform transaction due diligence.
It is important to take a risk-based approach to anti-money laundering and sanctions compliance, including the implementation of policies, procedures, and controls; management awareness and support; ongoing employee training; independent risk reviews; and designate an employee responsible for overseeing such programs.