FinCEN Warns Institutions of Sanctions Evasion Risks
As the U.S. government's economic sanctions against Russia continue to grow, regulators are calling on financial institutions to help detect and prevent attempts to evade these measures through the use of convertible virtual currencies ("CVC") and other means.
The United States responded to the Russian military action in Ukraine by imposing extensive sanctions against Russia and Belarus. On March 7, 2022, the Treasury Department's Financial Crimes Enforcement Network ("FinCEN") issued an alert ("Alert") urging financial institutions to be "vigilant" in preventing attempts to evade these sanctions. As the Alert explains, illicit actors will likely attempt to circumvent sanctions by concealing their identities via shell companies, transacting with presently unsanctioned banks, and utilizing CVCs to blur chains of custody. These types of alerts often serve as the basis for future enforcement actions.
Red Flags
FinCEN encourages firms to review traditional indicators of sanctions evasion and to share information under the USA PATRIOT Act. The Alert also advises financial institutions to consider context-specific red flags related to the Russia sanctions, including:
- Jurisdictions previously associated with Russian financial flows evincing a notable recent increase in new company formations.
- New accounts attempting to send or receive funds from a sanctioned institution or an institution removed from the Society for Worldwide Interbank Financial Telecommunication ("SWIFT").
- Non-routine foreign exchange transactions indirectly linked to sanctioned Russian entities. For example, Russia's Central Bank could engage import or export companies to conduct foreign exchange transactions on its behalf and obfuscate its involvement.
CVC Concerns
Although FinCEN recognizes that a direct governmental effort to utilize CVCs is unlikely, it notes that sanctioned individuals may attempt to move or conceal assets via CVC anonymizing tools and segmented transactions. FinCEN reminds financial institutions that CVCs trigger the same compliance obligations as fiat currencies. Red flags specific to CVCs include transactions linked to IP addresses in Russia and Belarus and the use of CVC exchangers in high-risk jurisdictions. Financial institutions should also remain alert to Russia-related ransomware campaigns.
The Alert reminds financial institutions of their obligations to file Suspicious Activity Reports when they detect activity designed to evade sanctions. Further, financial institutions should ensure their due diligence procedures address the sanctions-related risks linked to foreign "politically exposed persons" and their networks. Financial institutions should actively monitor the evolving sanctions situation and incorporate the above guidance into their risk-based compliance program.