‘Sanctions apply equally to virtual and fiat currencies,’ says OFAC

‘OFAC sanctions compliance obligations apply equally to transactions involving virtual currencies and those involving traditional fiat currencies. Members of the virtual currency industry are responsible for ensuring that they do not engage, directly or indirectly, in transactions prohibited by OFAC sanctions, such as dealings with blocked persons or property, or engaging in prohibited trade- or investment-related transactions.’

This is the message that the US Treasury’s Office of Financial Assets Control (‘OFAC’) seeks to convey in new guidance for the virtual currency industry, published 15 October.

The guidance explains that,

‘Once a U.S. person determines that they hold virtual currency that is required to be blocked pursuant to OFAC’s regulations, the U.S. person must deny all parties access to that virtual currency, ensure that they comply with OFAC regulations related to the holding and reporting of blocked assets, and implement controls that align with a risk-based approach. U.S. persons are not obligated to convert the blocked virtual currency into traditional fiat currency (e.g., U.S. dollars) and are not required to hold such blocked property in an interest-bearing account. Blocked virtual currency must be reported to OFAC within 10 business days, and thereafter on an annual basis, so long as the virtual currency remains blocked.’

By way of example, it notes,

‘On March 2, 2020, OFAC sanctioned two Chinese nationals involved in a North Korean state-sponsored money-laundering scheme. The individuals received approximately $100 million in virtual currency stolen from cyber intrusions against two virtual currency exchanges and began layering the funds in complex transactions to include purchasing over $1 million in digital music gift cards. 

‘More recently, on September 21, 2021, OFAC designated a Russian virtual currency exchange for facilitating financial transactions for ransomware actors. Based on analysis of known transactions, over 40 percent of the exchange’s transaction history had been associated with illicit actors, involving the proceeds from at least eight ransomware variants. As sanctioned persons and countries become more desperate for access to the U.S. financial system, it is vital that the virtual currency industry prioritize cybersecurity and implement effective sanctions compliance controls to mitigate the risk of sanctioned persons and other actors exploiting virtual currencies to undermine U.S. foreign policy interests and national security.’

In September OFAC, designated UEX OTC, S.R.O. (SUEX), a virtual currency exchange, for its part in facilitating financial transactions for ransomware actors – as part of what it describes as a ‘whole of government effort’ to combat ransomware.

https://home.treasury.gov/system/files/126/virtual_currency_guidance_brochure.pdf

For more on understanding ransomware risks and facilitation payments see Issue 3 of Financial Institutions Sanctions Compliance (FISC) @ www.fiscjournal.com