OFAC publishes sanctions guidelines for the virtual currency industry
On October 15, 2021, the US Treasury Department’s Office of Foreign Assets Control (OFAC) released a new sanctions compliance guide for the virtual currency industry (the Guide). While suitable for the virtual sector – such as tech companies, exchangers, administrators, miners and wallet providers, as well as more traditional financial institutions that may be exposed to virtual currencies – the Guide will be of interest. of direct relevance to any industry dealing with cryptocurrency. , including those in the maritime community who trade in cryptocurrency.
The guide follows the designation in September 2021 of a Russian virtual currency bureau de change to facilitate transactions on behalf of ransomware players, and marks an attempt to counter ransomware and promote compliance with sanctions in the industry. virtual currency. The first-ever designation is part of a package of measures taken by the US government to counter ransomware payments, which includes, among other things, the publication of an updated notice on potential sanction risks for companies facilitating ransomware. ransomware payments, which replaces the previous ransomware notice. of October 2020. The Guide dovetails with a more general review of Treasury Department policy on October 18, 2021, which raises concerns that the growing prevalence of digital currencies as a method of payment poses a threat to the sanctions program. American.
The focus by regulators on virtual currency as a means of evading sanctions has grown significantly over the past two years, both in the United States and internationally. The UK’s Office of Financial Sanctions Implementation (OFSI) in its December 2020 Maritime Guidance, for example, devoted a section to the issue and made it clear that crypto-assets are covered by the definition of ‘funds’. or “economic resources”. The OFSI therefore recommended that maritime players adapt their due diligence practices to respond to the threat.
In accordance with the current OFAC regulations on sanctions, the Guide first provides an overview of the requirements for compliance with sanctions and emphasizes that these conditions apply equally to transactions involving virtual currencies and those involving virtual currencies. traditional financial institutions.
OFAC requires US individuals to deny sanctioned entities and individuals access to virtual currencies and to exercise controls consistent with a risk-based approach. He also reminds non-Americans that they must comply with OFAC sanctions requirements, especially with regard to programs in Cuba, Iran and North Korea.
Apparently acknowledging the inherent anonymity associated with digital currency and the potential problems with screening the parties involved, OFAC reminds the industry that breaches of sanctions are strict liability breaches resulting in civil and criminal penalties in the event of a breach. non-compliance – that is, people can be held accountable even if they have no knowledge or reason to believe that they have committed such a violation. However, OFAC has discretion to determine the appropriate enforcement it will implement against those who fail to comply with sanction regulations. Voluntary self-disclosure, cooperation with law enforcement authorities or the implementation of a compliance program may be viewed favorably and considered as mitigating factors by OFAC in enforcement actions. application.
Finally, the Guide offers suggestions on how best to tailor a company’s sanctions compliance policies and provides best practice examples for the virtual currency industry. Here are some key suggestions:
- Adopt a risk-based approach to sanctions compliance. Companies in the virtual currency industry need to tailor the risk assessment process to their specific business model and needs.
- Ensure senior management’s commitment to compliance programs. Senior management should review and approve compliance sanctions policies, ensure that adequate resources exist to support the compliance function, delegate sufficient authority to the compliance unit and appoint a dedicated internal manager. sanctions compliance with the required technical expertise.
- Implement robust internal controls to identify and report transactions or activities prohibited by OFAC sanctions regulations. These controls could include the use of geolocation tools and IP address blocking controls, KYC procedures, transaction monitoring and investigation, sanction screening, as well as the implementation of corrective actions in response to a violation of sanctions.
- Perform tests and audits to ensure the effectiveness of their sanctions compliance programs.
- Provide sanction training programs to all affected employees on a periodic basis and, at a minimum, annually.
While the Guide does not represent a change from previous opinions (general or specific to the maritime community), it does highlight an increased focus on this issue and a need to review compliance policies to ensure they are respond adequately to the threat. As OFAC has further emphasized, adopting a risk-based sanctions policy can be a powerful means of mitigating any unintentional violation.