FinCEN Urges Firms To Help Thwart Russia Sanctions Evasion

(March 7, 2022, 6:32 PM EST) -- The U.S. Department of the Treasury issued an alert Monday urging financial institutions to report red flags about potential attempts from Russian entities to sidestep the sweeping sanctions levied against the country amid its military invasion of Ukraine, pointing to potential risks involving digital currencies and ransomware.

As the U.S. and its global allies roll out aggressive financial sanctions against Russia, the Treasury's Financial Crimes Enforcement Network warned specifically that currently unsanctioned Russian banks or other institutions could use so-called convertible virtual currencies, which include cryptocurrencies, to try and evade the sanctions.

"In the face of mounting economic pressure on Russia, it is vitally important for U.S. financial institutions to be vigilant about potential Russian sanctions evasion, including by both state actors and oligarchs," Him Das, FinCEN's acting director, said in a statement.

The U.S. and its global allies have levied a growing list of sanctions to help isolate Russia from the global financial system, targeting the largest Russian financial institutions, the country's central bank, and a range of additional entities, oligarchs and individuals, including Russian President Vladimir Putin himself.

FinCEN warned financial firms that exchange or serve as administrators of digital currencies to be on the lookout for transactions tied to convertible virtual currencies, or CVC, wallets that could be associated with sanctioned Russian entities or individuals. The agency expanded the warning to include Belarusian entities and individuals, after that country was also hit with sanctions tied to its support for Russia, the alert notes.

The alert warns that such sanctions evasion could be carried out by currently unsanctioned Russian and Belarusian banks or other financial institutions that continue to retain "at least some access to the international financial system." FinCEN also reminds financial institutions of the dangers posed by Russian-related ransomware campaigns.

When it comes to potentially suspicious activity involving CVCs, FinCEN told firms to be on the lookout for IP addresses from "non-trusted" or previously flagged sources from within Russia, Belarus, or from other locations deemed to have anti-money laundering deficiencies by the Paris-based Financial Action Task Force.

FinCEN also warned firms to watch out for customer transactions connected to Office of Foreign Assets Control's blocked persons lists, and for customers using CVC exchangers or foreign-based service providers in jurisdictions with lax customer due diligence measures.

"It is critical that all financial institutions, including those with visibility into CVC flows, such as CVC exchangers and administrators ... identify and quickly report suspicious activity associated with potential sanctions evasion, and conduct appropriate risk-based customer due diligence or, where required, enhanced due diligence," the alert states.

Das did note that the agency has not yet seen "widespread evasion of our sanctions using methods such as cryptocurrency."

Braddock Stevenson, of counsel in Paul Hastings LLP, who spent more than 12 years at FinCEN investigating financial institutions, noted that the warning regarding the "mere use of a Russian associated IP addresses or IP addresses" shows that FinCEN is erring on the side of caution as it monitors the ongoing sanctions to ensure maximum impacts on Russia.

"While this will likely result in the reporting of legitimate transactions, it's clear that FinCEN wants the information first and will ask questions later," Stevenson said in an emailed statement to Law360.

FinCEN has vast authority to gather intelligence about international wire transfers and crypto transactions, and could also request this information on an "ad hoc" basis, he added.

"Financial institutions should be prepared for these ad hoc requests related to Russian financial activity in the coming weeks and know that the Bureau can issue these requirements publicly and confidentially," Stevenson said.

FinCEN also reminded financial institutions about the dangers posed by Russian-related ransomware campaigns, pointing to additional red flags that should raise eyebrows.

For instance, firms should report any customer who receives CVCs from an external wallet and "immediately initiates multiple, rapid trades among multiple CVCs with no apparent related purpose, followed by a transaction off the platform," an indication of an attempt to "break the chain of custody" to obfuscate the transaction, the agency said.

--Editing by Patrick Reagan.


For a reprint of this article, please contact reprints@law360.com.

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!