On March 7, 2022, the Financial Crimes Enforcement Network (FinCEN) issued an alert advising financial institutions to be vigilant against efforts to evade the expansive and unprecedented sanctions implemented by the United States and its allies in connection with Russia’s invasion of Ukraine. According to FinCEN Acting Director Him Das, “[i]n the face of mounting economic pressure on Russia, it is vitally important for U.S. financial institutions to be vigilant about potential Russian sanctions evasion, including by both state actors and oligarchs. Although we have not seen widespread evasion of our sanctions using methods such as cryptocurrency, prompt reporting of suspicious activity contributes to our national security and our efforts to support Ukraine and its people.”
The FinCEN alert provides several examples of red flags to assist in identifying suspected sanctions evasion activity, building on the U.S. Treasury Department’s Office of Foreign Assets Controls (OFAC) 2015 advisory, which highlighted practices used to evade or circumvent Russia-related sanctions following Russia’s annexation of Crimea. The alert also reminds financial institutions of their obligations under the Bank Secrecy Act (BSA), including monitoring for, and reporting suspicious activity, and conducting risk-based customer due diligence or enhanced due diligence.
While the alert addresses all financial institutions, it specifically calls out those with visibility into convertible virtual currency (CVC) flows, such as CVC exchangers and administrators. Previously, OFAC and the New York State Department of Financial Services warned that, as sanctioned persons and jurisdictions “become more desperate for access to the U.S. financial system,” they are likely to turn to cryptocurrency to minimize the crippling effect of sanctions. In addition, FinCEN reminds financial institutions of the risks posed by Russian-related ransomware attacks.
The latest FinCEN alert highlights seven red flags that may be indicative of sanctions evasion activities by Russian and Belarusian actors, including through non-sanctioned Russian and Belarusian financial institutions and financial institutions in third countries:
FinCEN recognizes that “large scale sanctions evasion” using cryptocurrency by a government such as the Russian Federation may not be “necessarily practicable,” and the Blockchain Association has assured the market and the regulators that “it’s very easy” for crypto exchanges “to comply with sanctions, just like any other financial institution.” Nevertheless, the alert warns that sanctioned entities and individuals and their networks or facilitators may attempt to use crypto currency and anonymizing tools to evade U.S. sanctions. FinCEN urges CVC exchangers and administrators, among other financial institutions, to be on the lookout for attempted or completed transactions tied to crypto wallets or other activity associated with sanctioned Russian, Belarusian, and other affiliated persons, providing three additional red flags:
The alert also emphasizes the “dangers posed by Russian-related ransomware campaigns.” These dangers are palpable in light of Russia-based cybercrime group Conti’s recent vow to attack the Kremlin’s enemies. Drawing attention to the previous guidance by FinCEN and OFAC, the alert highlights the following red flags:
The alert serves as another reminder to financial institutions of their BSA-related obligations. In light of OFAC’s increased designations of Russian oligarchs and their family members as SDNs, FinCEN’s diligence reminders include financial institution’s obligations (1) to ascertain the status of an individual as a foreign PEP and to conduct scrutiny of assets held by such individuals and (2) to identify and verify the identity of beneficial owners of legal entity customers, which will facilitate the identification of legal entities that may be owned or controlled by foreign PEPs.
FinCEN also connects this increased PEP risk to certain financial institutions’ obligations to implement a due diligence program for private banking accounts held for non-U.S. persons. Such due diligence should be designed to detect and report any known or suspected money laundering or other suspicious activity.
There are also additional due diligence obligations related to maintaining correspondent accounts for foreign financial institutions, an issue of high importance following OFAC’s new prohibitions on U.S. correspondence and payable-through account access for Russia’s largest financial institution, Sberbank, which take effect on March 26, 2022. The alert reminds banks, broker-dealers, mutual funds, futures commission merchants, and introducing brokers in commodities of their obligation to comply with the due diligence obligations for correspondent accounts. These include the obligation to: (1) assess the money laundering risk presented by correspondent accounts; (2) apply risk-based procedures and controls to correspondent accounts reasonably designed to detect and report known or suspected money laundering activity; and (3) assess whether enhanced due diligence is required.
FinCEN notes that reporting suspicious activity is critical to U.S. “national security and our efforts to support Ukraine and its people.” In this regard, the alert provides guidance on filing SARs related to suspicious activity involving Russia-related sanctions evasion and ransomware attacks. When filing ransomware SARs, financial institutions are encouraged to provide any relevant technical cyber indicators. Relatedly, financial institutions, including crypto exchanges, should report ransomware attacks and payments directly to OFAC if a potential sanctions nexus exists.
In addition, when blocking or rejecting transactions involving sanctioned persons and jurisdictions, FinCEN reminds financial institutions that they should generally file SARs in addition to OFAC blocking and rejected transaction reports, to the extent the facts and circumstances surrounding the OFAC match are “independently suspicious” and otherwise required to be reported under FinCEN regulations.
Finally, the alert strongly encourages financial institutions to share information regarding suspicious activities with one another under the safe harbor authorized by section 314(b) of the USA PATRIOT Act. FinCEN emphasizes that such information sharing is “critical to identifying, reporting, and preventing evolving sanctions evasion, ransomware/cyber attacks, and laundering of the proceeds of corruption.”
The unprecedented and expansive Russia-related sanctions are reportedly already presenting significant compliance challenges to financial institutions. And there are signs enforcement activities will likely intensify. On March 2, the Department launched Task Force KleptoCapture, an interagency law enforcement task force dedicated to enforcing sanctions. Among other things, the Task Force will: (1) investigate and prosecute Russia-related sanctions violations; (2) combat efforts to undermine restrictions against Russian financial institutions, “including the prosecution of those who try to evade know-your-customer and anti-money laundering measures”; and (3) target efforts to use cryptocurrency to evade U.S. sanctions. And on March 3, the Department unsealed its first-ever criminal indictment charging a violation of Crimea-related sanctions violations.
In light of the increased regulatory, enforcement, and reputational risk, financial institutions should consider whether to adjust compliance resources to ensure they are quickly identifying and reporting suspicious activity associated with potential sanctions evasion.