If it's at least a somewhat known centralized exchange, then the regulators and those who need to know are familiar with this business model. I doubt they could hide this from them. Not that they even needed to. Such a business practice can't be considered illegal by regulatory bodies as long as they are still collecting, storing, and sharing the information on their customers as asked by them.