On March 7, 2022, the Financial Crimes Enforcement Network (FinCEN) issued an alert advising financial institutions to be vigilant against attempts to evade recent U.S. sanctions imposed on Russia’s following that country’s invasion of Ukraine.

Sanctioned actors may try evade the reach of U.S. and allied sanctions measures by hiding behind non-sanctioned and third-country entities, FinCEN warns. They may obscure their identity by, for example, using shell companies to conduct wire transfers or transact with accounts to send or receive funds from a sanctioned institution, among other listed red flags. Further, with the proliferation of cryptocurrency, sanctioned actors may attempt to use convertible virtual currency (CVC) and anonymizing tools to protect their assets. By their very nature, virtual currencies may exist separate from any regulated financial system and the use of privacy coins and other measures can anonymize transaction participants in some cases. The FinCEN alert is the latest reminder that anti-money laundering, countering the financing of terrorism, counter proliferation (AML/CFT/CP), and sanctions compliance obligations apply equally to cryptocurrency as they do to fiat currency.

In addition to more traditional red flags of potential sanctions evasion, FinCEN highlighted the following red flags of identify suspicious cryptocurrency activities:

  • Transactions initiated with IP addresses from non-trusted sources (i.e. VPNs), locations in Russia, Belarus, embargoed regions, or other FATF-identified jurisdictions with known AML/CFT/CP deficiencies.
  • Transactions connected with crypto wallets listed on OFAC’s Specially Designated Nationals List (SDN List).
  • Transactions with crypto exchangers or foreign-located money services business in high-risk jurisdictions with AML/CFT/CP deficiencies.
Financial institutions should also be aware of red flags suggestive of Russian ransomware campaigns. Relevant red flags include the initiation of a funds transfer involving a CVC mixing service or attempts to obfuscation the transaction, for example, receiving a CVC from an external wallet and then immediately initiating multiple, rapid trades among multiple CVCs with no apparent related purpose, followed by a transaction off the platform. FinCEN recommends that financial institutions review FinCEN and OFAC publications for additional guidance on detecting, preventing, and reporting suspicious activity related to crypto assets.

Should a transaction raise red flags of potential sanctions evasion, financial institutions are required to report the associated activity and should conduct appropriate due diligence in accordance with the Bank Secrecy Act, USA PATRIOT Act, and other authorities. FinCEN also encourages financial institutions to use the information sharing authorities under Section 314(b) of the USA PATRIOT Act.

Financial institutions should carefully review FinCEN’s alert and ensure that appropriate compliance controls are in place to detect, remediate, and report potential sanctions evasion.