On February 24, 2022, Russia began its invasion of Ukraine. Since then, and even prior to the invasion, the Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury has published over a dozen sanctions list updates and guidance policies specifically related to Russia and the conflict in Ukraine. With the newly imposed Russian sanctions, financial institutions are left to decipher the wide array of sanctions imposed on specific Russian oligarchs and their family members to sanctions targeting specific sectors of Russia’s economy.
On March 7, 2022, the Financial Crimes Enforcement Network (FinCEN) released an alert, FinCEN Advises Increased Vigilance for Potential Russian Sanctions Evasion Attempts, for “all financial institutions to be vigilant against efforts to evade the expansive sanctions and other U.S.-imposed restrictions implemented in connection with the Russian Federation’s further invasion of Ukraine.” The alert includes 13 red flag indicators divided into three categories:
Sanctions evasion attempts using the U.S. financial system
- Use of corporate vehicles (i.e., legal entities, such as shell companies, and legal arrangements) to obscure (i) ownership, (ii) source of funds, or (iii) countries involved, particularly sanctioned jurisdictions.
- Use of shell companies to conduct international wire transfers, often involving financial institutions in jurisdictions distinct from company registration.
- Use of third parties to shield the identity of sanctioned persons and/or PEPs seeking to hide the origin or ownership of funds, for example, to hide the purchase or sale of real estate.
- Accounts in jurisdictions or with financial institutions that are experiencing a sudden rise in value being transferred to their respective areas or institutions, without a clear economic or business rationale.
- Jurisdictions previously associated with Russian financial flows that are identified as having a notable recent increase in new company formations.
- Newly established accounts that attempt to send or receive funds from a sanctioned institution or an institution removed from the Society for Worldwide Interbank Financial Telecommunication (SWIFT).
- On-routine foreign exchange transactions that may indirectly involve sanctioned Russian financial institutions, including transactions that are inconsistent with activity over the prior 12 months. For example, the Central Bank of the Russian Federation may seek to use import or export companies to engage in foreign exchange transactions on its behalf and to obfuscate its involvement.
Sanctions evasion using convertible virtual currency (CVC)
- A customer’s transactions are initiated from or sent to the following types of Internet Protocol (IP) addresses: non-trusted sources; locations in Russia, Belarus, FATF-identified jurisdictions with AML/CFT/CP deficiencies, and comprehensively sanctioned jurisdictions; or IP addresses previously flagged as suspicious.
- A customer’s transactions are connected to CVC addresses listed on OFAC’s Specially Designated Nationals and Blocked Persons List.
- A customer uses a CVC exchanger or foreign-located MSB in a high-risk jurisdiction with AML/CFT/CP deficiencies, particularly for CVC entities and activities, including inadequate “know-your-customer” or customer due diligence measures.
Possible ransomware attacks and other cybercrime.
- A customer receives CVC from an external wallet, and immediately initiates multiple, rapid trades among multiple CVCs with no apparent related purpose, followed by a transaction off the platform. This may be indicative of attempts to break the chain of custody on the respective blockchains or further obfuscate the transaction.
- A customer initiates a transfer of funds involving a CVC mixing service.
- A customer has either direct or indirect receiving transaction exposure identified by blockchain tracing software as related to ransomware.
While most financial institutions rely on a vendor to update their sanctions screening application with each Treasury release of new individuals added to Specially Designated Nationals (SDN) list, a level of due diligence is still required to identify potential sanctions evasion tactics. The 13 red flags are not completely new typologies for evading sanctions but rather serve as a fresh reminder to financial institutions to not simply rely on watchlist filtering applications as the only means of satisfying requirements for OFAC compliance.
It is imperative that financial institutions have a strong Know Your Customer (KYC) Program in order to fully understand what business their customers are involved in with Russia. Understanding a customer’s nature of business with regards to Russia and comparing historical transactions involving Russia will serve as a baseline for applying the red flags indicators outlined in the FinCEN alert. Due diligence measures should be applied to transactions to/from Russia to safeguard against potential OFAC violations regarding Russian sanctions.
To ensure compliance with industry-specific sanctions and general licenses issued, financial institutions should stay informed of updates by viewing them as they are released on the Treasury’s website or by signing up for email updates for recent OFAC actions.
Reach out to Stout professionals to learn more.
Contributing author: Steven Bunn of Stout