Legal alerts / 22.11.2021

OFAC’s New Sanctions Compliance Guidance for the Virtual Currency Industry

On October 15, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (‘OFAC’) published its Sanctions Compliance Guidance for the Virtual Currency Industry (the ‘Guidance’).

The Guidance is for information purposes and is addressed to persons whose activities involve using virtual currency, including technology companies, virtual currency exchangers, cloud mining services, and e-wallet providers, as well as more traditional financial institutions that can have access to virtual currencies.

The Guidance explains which tools can be used to prevent virtual currencies from being accessed by persons in sanctioned jurisdictions (such as Cuba, Iran, Sudan, or Syria), and to prevent a virtual currency from being used to carry out allegedly illegal activities.

For instance, this September, OFAC included in its SDN List a Moscow-based Suex cryptocurrency exchange platform for facilitating financial transactions which involved malicious Ransomware software. Another example is that in March 2020 OFAC imposed sanctions on two Chinese citizens who were involved in a money-laundering scheme sponsored by North Korea. The individuals received approximately $100 million in virtual currency which was stolen as a result of a cyberhack on two virtual currency exchanges.

The Guidance is intended to assist members of the virtual currency industry in considering the sanctions-related risks in their lines of business and in complying with statutory requirements while they are engaged in transactions using virtual currency.

In particular, OFAC recommends using geolocation tools to determine IP addresses with a view to blocking users’ access to virtual currency services from sanctioned jurisdictions and also utilizing analytical tools to identify IP misattribution, which can evidence that attempts were made to circumvent sanctions control.

It is expected that members of the virtual currency industry will implement the “know your client” (KYC) procedure to verify data relating to their clients, such as an IP-address, and bank or other information.

OFAC anticipates, among other things, that companies will utilize tools that are sufficient to identify and block transactions involving persons who were included in the Specially Designated Nationals and Blocked Persons List (SDN). The SDN List contains both individuals and legal entities against which sanctions have been introduced based on the link to a specific jurisdiction, as well as groups and organizations such as terrorists, drug traffickers and human rights abusers included on the list under sanctions programs that are not jurisdiction-specific.  Therefore, persons can be identified who do not appear on the SDN List but are connected with blocked persons and subject to sanctions risks.

OFAC recommends those engaged in virtual currencies to continually monitor the risks of sanctions being applied to them and to implement measures to ensure that the company complies with sanctions legislation before they start offering goods or services to clients.

The presence of an internal sanctions compliance program which is based on risk assessment will not only help to prevent and prevent potential violations, but also to mitigate consequences if any such violations occur. Specifically, OFAC may consider that a company’s implementation of a risk-based OFAC compliance program and remedial measures taken in response to breach are a mitigating factor.


Share on LinkedInTweet about this on TwitterShare on Facebook

Additional information