Binance 2023: $4.32B Enforcement Action

What happened?

Binance was founded in 2017 and grew into the world's largest cryptocurrency exchange by spot trading volume within a few years. From its founding through at least 2021, according to DOJ court documents filed alongside the guilty plea, the exchange deliberately structured its business to avoid US regulatory requirements.

The central allegation in the DOJ criminal information was that Binance wilfully failed to register with FinCEN as a money services business (MSB), a requirement under the Bank Secrecy Act for any business transmitting value in or through the United States. That choice had predictable downstream consequences. Without MSB registration, the exchange avoided triggering the statutory obligations registration activates: a written AML programme, customer identification procedures, transaction monitoring, and SAR filing.

The DOJ press release stated that Binance processed transactions for users in countries subject to US sanctions, including Iran, Cuba, Syria, and Russia. According to allegations in the supporting court filings, some Binance employees acknowledged internally that the platform's design would attract regulatory scrutiny but the exchange did not change course.

Separately, the CFTC alleged that Binance offered futures and derivatives products to US customers without CFTC registration, and that Binance and CZ knowingly directed US customers to continue using the platform while taking steps to obscure that access from regulators.

On November 21, 2023, Binance Holdings Ltd. and Changpeng Zhao entered guilty pleas in US District Court for the Western District of Washington. The total resolution across all agencies reached approximately $4.32 billion, with FinCEN's $3.4 billion component the largest single penalty the agency had ever assessed against any financial institution.

What did regulators say?

According to the DOJ press release, the government characterized Binance's non-compliance as deliberate and sustained over years. The press release stated that the exchange had allowed its platform to be used by actors connected to darknet markets, ransomware schemes, and groups designated as terrorist organisations by the US government, including Hamas and al-Qaeda, based on allegations set out in the supporting court documents.

FinCEN's November 2023 press release described the violations as "wilful" and extending across multiple years. FinCEN alleged that Binance received internal reports identifying suspicious transaction flows and still chose not to build a functioning AML programme. The consent order found that Binance filed essentially no SARs through most of its operating history, despite processing billions of dollars in transactions, many of which showed clear indicators of illicit activity.

The CFTC's November 2023 enforcement action cited internal Binance communications in which the exchange's own compliance personnel acknowledged operating in legally questionable territory. The CFTC alleged that Binance leadership was aware US customers were accessing the platform and took affirmative steps to maintain that access while avoiding CFTC oversight.

OFAC's settlement documents stated that Binance had the technical capability to screen for sanctioned-jurisdiction users but chose not to apply effective controls. OFAC alleged the exchange processed a substantial volume of transactions involving Iranian counterparties, among other sanctioned jurisdictions.

What controls failed?

Five distinct control failures drove this case. Each is transferable to any financial institution thinking about its own programme gaps.

No functioning AML programme. FinCEN alleged that Binance operated for years without a written, risk-based AML programme as required by the Bank Secrecy Act. A programme existed on paper at certain points, but regulators found it was not implemented in any operational sense. There was no designated compliance officer with genuine authority, no documented escalation chain, and no training that reached the teams making day-to-day onboarding decisions.

KYC and CDD failures. For a significant period, Binance allowed users to open accounts and trade up to 2 BTC per day without providing any identity documents. The FinCEN CDD Rule and FATF Recommendation 10 both require that financial institutions verify customer identity before providing services. Binance's product design actively sidestepped this requirement. According to court documents, the exchange also allowed users flagged for US IP addresses to continue trading, in some cases providing guidance on using VPNs to mask their location.

SAR filing failures. The consent order found that Binance filed essentially no suspicious activity reports for years, despite processing transactions that included direct transfers to and from wallets linked to sanctioned entities, darknet markets, and ransomware actors.

Sanctions screening. Binance processed transactions for users in Iran, Cuba, Syria, and Russia without deploying the geographic controls OFAC requires. The technical tools were available; the exchange chose not to apply them.

Travel rule non-compliance. Binance allegedly failed to transmit required originator and beneficiary information on crypto asset transfers, in breach of FATF Recommendation 16 and the FinCEN travel rule regulations that apply to MSBs.

Which regulations were violated?

The Binance case cut across the full stack of US financial crime compliance obligations.

The primary criminal charge was conspiracy to violate the Bank Secrecy Act, the foundational US statute requiring financial institutions to maintain AML programmes, identify customers, and report suspicious activity. Failure to register as an MSB under BSA provisions was a separate standalone violation.

FinCEN's civil penalty rested on BSA violations including failure to maintain a compliant AML programme, failure to file SARs under the SAR filing rules, and failure to implement customer identification procedures required by Section 326 CIP.

OFAC cited violations of the International Emergency Economic Powers Act (IEEPA) and the Iranian Transactions and Sanctions Regulations, the same sanctions programmes OFAC enforces against every institution processing dollar-denominated transactions.

The CFTC's charges covered the Commodity Exchange Act, specifically Binance's operation of an unregistered commodity derivatives platform and its failure to implement required customer due diligence for its derivatives business.

From a global standards perspective, the violations mapped to multiple FATF recommendations. FATF Recommendation 15 covers new technologies and virtual asset service providers (VASPs), and FATF's updated VASP guidance published in October 2021 spelled out exactly what crypto exchanges must do on KYC, SAR filing, and travel rule compliance. FATF Recommendation 20 covers suspicious transaction reporting. The Binance case demonstrated how completely a VASP could fail to implement these standards, even while operating at massive scale.

Which typologies were involved?

The Binance case is a clear example of how a permissive platform becomes a transit hub for several criminal typologies simultaneously.

Sanctions evasion was the largest category by volume. Users in Iran, Cuba, Syria, and Russia transacted through the platform after the exchange's controls failed to screen them out. In some cases, according to DOJ allegations, counterparties were directly connected to sanctioned entities or designated individuals.

Darknet market proceeds moved through Binance accounts. According to court documents, the exchange received deposits from, or sent withdrawals to, wallets associated with known darknet markets. Blockchain analytics tools would have flagged many of these transfers automatically, but the exchange had not integrated such tooling in any meaningful way during the relevant period.

Ransomware proceeds were a second typology cited in the court documents. Groups engaged in ransomware operations used Binance accounts to convert cryptocurrency received from victims into fiat or other assets. This pattern has been documented across multiple subsequent criminal prosecutions where ransomware proceeds were traced to major exchange accounts.

Terrorist financing was alleged in connection with groups including Hamas and al-Qaeda, based on wallet tracing in the government's evidence. Its presence explains why the DOJ treated this as a criminal matter rather than limiting the government's response to civil enforcement.

The common thread: Binance's absence of effective monitoring meant the platform could not distinguish legitimate trading volume from illicit proceeds. No alerts fired. No SARs were filed. Illicit flows ran alongside compliant ones with no separation and no human review.

Aftermath and remediation

The immediate consequence was Changpeng Zhao's resignation as CEO on November 21, 2023, the day the pleas were entered. Richard Teng, formerly Binance's regional markets head, took over as CEO. The leadership change was a condition of the broader resolution.

As part of the DOJ settlement, Binance agreed to the appointment of an independent compliance monitor for a period of three years. The monitor's role is to assess Binance's compliance programme and report deficiencies directly to the DOJ. This monitorship structure follows the same pattern used in major BSA settlements with traditional banks, applied here to the world's largest crypto exchange.

CZ personally pleaded guilty to one count of failing to maintain an effective AML programme, a federal misdemeanour under the BSA. In April 2024, he was sentenced to four months in federal prison. He was also required to pay a $50 million personal fine and is barred from serving as an officer or director of Binance for three years following completion of his sentence, according to court documents from the sentencing hearing.

Binance committed to building a compliance function commensurate with its transaction volumes, including real-time transaction monitoring, a sanctions screening programme integrated at the point of onboarding, and a SAR filing function staffed by experienced compliance professionals.

The reputational fallout extended beyond the US. Regulators in the UK, EU, Canada, and Japan cited the US enforcement action in their own scrutiny of Binance's licences and registrations. The case accelerated regulatory pressure on crypto exchanges globally to implement BSA-equivalent controls regardless of their country of incorporation.

Lessons for other institutions

Several concrete lessons from this case apply directly to compliance teams at exchanges, banks, and payment processors.

Register before you scale. Binance grew to hundreds of billions in annual trading volume while avoiding MSB registration. Any institution transmitting value in the US, including fintech companies and crypto businesses with US customer bases, needs to register with FinCEN and comply with the BSA from the first transaction. The cost of registration is trivial compared to a wilful-violation finding.

Blockchain analytics is table stakes. The government's case relied heavily on on-chain tracing that linked Binance wallet addresses to sanctioned entities, darknet markets, and ransomware groups. Any crypto business without automated blockchain analytics is operating blind. Vendors including Chainalysis, Elliptic, and TRM Labs provide this capability, and regulators now treat its absence as a control failure in its own right.

The "no KYC tier" model is finished. Allowing users to trade without identity verification, even at low thresholds, is not viable in the current regulatory environment. Every account needs a verified identity before transactions are processed. Full stop.

Paper programmes create criminal liability. FinCEN and the DOJ both focused on the gap between Binance's stated policies and its actual operations. A compliance programme with no operational authority, no escalation chain, and no board access is worse than no programme at all. It creates documentary evidence that management knew the requirements and chose not to meet them.

Resource SAR filing proportionately. FinCEN found that Binance filed essentially no SARs while processing trillions in transactions. The ratio of investigators to transaction volume has to make sense. Filing zero SARs is, itself, evidence of a broken programme.

Monitor the travel rule on all transfer types. FATF Recommendation 16 travel rule obligations for virtual assets are now enforced across the US, EU, UK, and Singapore. Exchanges must transmit originator and beneficiary data on transfers and screen counterparties for travel rule compliance. This is not optional; it's the standard against which regulators will measure future enforcement.

How FluxForce helps prevent similar failures

FluxForce's AI agents run real-time transaction monitoring across fiat and crypto flows, flagging behavioural patterns consistent with sanctions evasion, darknet-linked wallets, and ransomware cash-outs before they clear. Nova Sentinel handles continuous sanctions screening, cross-referencing wallet addresses and counterparties against OFAC and international designation lists at the point of transaction. Aiden Flux automates SAR drafting with a full evidence trail attached, so compliance teams can meet SAR filing deadlines even at high transaction volumes. Every decision is logged with the evidence that triggered it, giving compliance officers an audit-ready record for regulators. Book a demo to see how FluxForce maps to your specific control gaps.