This is purely speculation but: since it's on the Ethereum chain anyone can see the history of tokens on any account, and as long as the tokens only move between accounts that are known then that should be good enough. They could very well make it so that if you transfer tokens outside of accounts controlled by or known to the exchanges then those tokens will become tainted and no longer redeemable.