Office of Foreign Assets Control (OFAC)

Subscribe to Office of Foreign Assets Control (OFAC)

On January 25, the Financial Crimes Enforcement Network (“FinCEN”) issued an “Alert on Potential U.S. Commercial Real Estate Investments by Sanctioned Russian Elites, Oligarchs, and Their Proxies” (the “Alert”).  The Alert defines “commercial real estate,” which the Alert refers to as “CRE,” as “property that is used for investment or income-generating purposes rather than as a residence by the owner.”  The Alert “specifically highlights sanctions evasion-related vulnerabilities in the CRE sector and is based on a review of Bank Secrecy Act (BSA) reporting indicating that sanctioned Russian elites and their proxies may exploit them to evade sanctions.”

The Alert seeks to assist financial institutions with identifying potential sanctions evasion activity in the CRE sector by providing potential red flags and typologies related to this activity.  As we discuss, the Alert also may represent a step towards BSA regulations for the CRE sector.

Continue Reading  Russia Sanctions Evasion and Commercial Real Estate: An Alert

The Financial Crimes Enforcement Network (“FinCEN”) issued on December 22 a Financial Trend Analysis regarding Bank Secrecy Act (“BSA”) filings during the period of March to October 2022 (the “Report”) reflecting financial activity by Russian oligarchs the time of Russia’s unprovoked military invasion of Ukraine. This publication also refers to three prior alerts issued by FinCEN highlighting red flags on Russian oligarchs, high-ranking officials, and sanctioned individuals, on which we blogged here, here, and here.  FinCEN published the Report pursuant to the Anti-Money Laundering Act’s requirement that FinCEN periodically publish threat pattern and trend information derived from BSA filings.

Overall, FinCEN found that BSA data filed on financial transactions of Russian oligarchs, high-ranking officials, sanctioned individuals, and their family members in 2022 showed transactional patterns indicative of corruption and sanctions evasion, including:

  • the movement or transfer of funds or ownership of assets and trusts;
  • the purchase of high-value goods or property; and
  • changes in financial flows with links to property or companies in the United States.


Continue Reading  Russian Oligarchs and Suspicious Financial Flows: A FinCEN Analysis

On December 15, 2022, the New York Department of Financial Services (“NYDFS”) published an Industry Letter detailing the Department’s guidance regarding banking organizations that wish to engage in virtual currency-related activities. Specifically, while the guidance reminds New York banking organizations, branches, and agencies of foreign banking organizations licensed by the Department (together, “Covered Institutions”) of the preexisting obligation to seek approval from the Department before engaging in new or significantly different virtual currency-related activity, the guidance describes the process and types of information that the Department considers relevant to its approval process.  The guidance is effective as of December 15, 2022, and was accompanied by a press release from NYDFS’ Superintendent Adrienne A. Harris.

For the purposes of the Industry Letter, “virtual currency-related activity” includes “all ‘virtual currency business activity,’ as that term is defined in 23 NYCRR § 200.2(q), as well as the direct or indirect offering or performance of any other product, service, or activity involving virtual currency that may raise safety and soundness concerns for the Covered Institution or that may expose New York customers of the Covered Institution or other users of the product or service to risk of harm.”  As we will discuss, any Covered Institution seeking NYDFS approval should focus in part on addressing the Bank Secrecy Act (“BSA”)/Anti-Money Laundering (“AML”) and Office of Foreign Asset Control (“OFAC”)-related risks posed by the virtual currency-related activity.

Continue Reading  NYDFS Releases Virtual Currency Guidance for Banking Organizations

Rodeo Drive

Indictment Alleges Use of Shell Companies, Nominees, Foreign Bank Accounts and Real Estate

On December 7, 2022, the United States Attorney’s Office for the Eastern District of New York (“DOJ”) unsealed a seven-count indictment against Andrii Derkach.  In the corresponding press release, Derkach is described as a “Kremlin-backed Ukrainian politician and oligarch” who attempted to “influence the 2020 U.S. Presidential election on behalf of the Russian Intelligence Services.”  Derkach was charged with conspiracy to violate the International Emergency Economic Powers Act (“IEEPA”), bank fraud conspiracy, money laundering conspiracy, and four counts of money laundering.  His wife, Oksana Terekhova, is alleged to be a co-conspirator and is referred to as “Co-Conspirator 1” in the indictment.  The investigation was “coordinated through the Justice Department’s Task Force KleptoCapture, an interagency law enforcement task force dedicated to enforcing the sweeping sanctions, export controls, and economic countermeasures that the United States . . . has imposed in response to Russia’s unprovoked military invasion of Ukraine.”

In connection with the indictment, the DOJ is requesting both criminal forfeiture of two Beverly Hills condominiums at issue in the indictment, as well as civil forfeiture in a parallel proceeding.  If successful, the DOJ would seize both the condominiums and proceeds in an investment and banking account held by Derkach’s alleged business entity.  Derkach remains at large.

This appears to be another in the long line of actions and sanctions brought against alleged Russian oligarchs and Russian agents, especially those with close connections to Russian Intelligence Services, in response to Russia’s invasion of Ukraine (of which we have blogged about here and here).  As long as Russia remains active in Ukraine, it is likely that federal law enforcement will continue to focus on the actions and assets of high-profile Russian oligarchs and agents in the U.S.  Financial institutions should continue to remain vigilant, as we have blogged about here, in rooting out attempts to evade sanctions.

Continue Reading  Russian Agent’s Beverly Hills Condominiums Subject to Forfeiture Based on Alleged Violations of Bank Fraud, Money Laundering, and U.S. Sanctions Statutes

The Office of Foreign Assets Control (“OFAC”) announced (here and here) yesterday that virtual currency exchange Payward, Inc. – better known as Kraken – has agreed to pay $362,158.70 in order to settle its potential civil liability for apparent violations of the sanctions against Iran. Kraken also has agreed to invest an additional $100,000 in certain sanctions compliance controls.  According to OFAC, “[d]ue to Kraken’s failure to timely implement appropriate geolocation tools, including an automated internet protocol (IP) address blocking system, Kraken exported services to users who appeared to be in Iran when they engaged in virtual currency transactions on Kraken’s platform.” 

Compared to OFAC’s recent settlement with Bittrex, which agreed to pay a total of $29,280,829.20 to OFAC and the Financial Crimes Enforcement Network (“FinCEN”) in order to resolve allegations of sanctions and Bank Secrecy Act violations, the settlement amount is relatively low – and, as OFAC noted in its announcement, Kraken faced an astronomical statutory maximum civil monetary penalty of $272,228,964.  OFAC has stated that “[t]he settlement amount reflects OFAC’s determination that Kraken’s apparent violations were non-egregious and voluntarily self-disclosed.”

Continue Reading  Kraken Settlement Demonstrates Importance of Sanctions Monitoring for Transactions — Not Just When Onboarding Customers

The “Highlights” — To Russia, With Crypto

The Financial Crimes Enforcement Network (“FinCEN”) issued on November 1 a Financial Trend Analysis regarding ransomware-related Bank Secrecy Act (“BSA”) filings during the second half of 2021 (the “Report”).  This publication follows up on a similar ransomware trend analysis issued by FinCEN regarding the first half of 2021, on which we blogged here.  

In the most recent analysis, FinCEN found that both the number of ransomware-related Suspicious Activity Reports (“SAR”) filed, and the dollar amounts at issue, nearly tripled from 2020 to 2021.  The notable takeaways from the Report include:

  • Ransomware-related SARs were the highest ever in 2021 (both in number of SARs and in dollar amounts of activity reported).
  • Ransomware-related SARs reported amounts totaling almost $1.2 billion in 2021.
  • Approximately 75% of ransomware-related incidents between June 2021 and December 2021 were connected to Russia-related ransomware variants.

The Report, which stated that the majority of these ransomware payments were made in Bitcoin, serves as a particular reminder to cryptocurrency exchanges of their role in both identifying and reporting ransomware-related transactions facilitated through their platforms.  The Report stresses that SAR filings play an essential role in helping FinCEN identify ransomware trends.

Continue Reading  FinCEN Reports Staggering Increase in Reported Ransomware Attacks

Actions Highlight Risky Mix of Sanctions Law, Inadequate Transaction Monitoring and Dealing with Anonymity-Enhanced Cryptocurrencies

The Office of Foreign Assets Control (“OFAC”) and the Financial Crimes Enforcement Network (“FinCEN”) announced on October 11 simultaneous settlements with Bittrex, Inc. (“Bittrex”), a virtual currency exchange and hosted wallet provider. Under the OFAC settlement, Bittrex has agreed to pay $24,280,829.20 to settle its potential civil liability for 116,421 alleged violations of multiple sanctions programs. Under the FinCEN consent order, Bittrex agreed to pay a civil penalty of $29,280,829.20 for alleged anti-money laundering (“AML”) violations under the Bank Secrecy Act (“BSA”). FinCEN has agreed to credit Bittrex’s payment to OFAC against its penalty because it found that the alleged BSA violations “stem from some of the same underlying conduct”; thus, Bittrex’s total payments to the two regulators come to $29,280,829.20. 

According to the Department of the Treasury dual press release, the two settlements represent the first parallel enforcement actions by FinCEN and OFAC in the virtual currency and sanctions space. Also, it is OFAC’s largest virtual currency enforcement action to date. To further highlight the importance of the settlements, the press release quotes the OFAC Director Andrea Gacki and FinCEN Acting Director Himamauli Das, both sternly warning operators in the same environment as Bittrex to implement effective AML compliance and sanction screening programs.

It is conceivable that Bittrex, for years now, has been on notice that federal and state regulators are closely watching and expecting more comprehensive risk assessment programs and procedures from businesses transacting with virtual currency. As we previously blogged here, in 2019 the New York Department of Financial Services (“NYDFS”) denied Bittrex’s application for a Bitlicense, citing: “deficiencies in Bittrex’s BSA/AML/OFAC compliance program; a deficiency in meeting the Department’s capital requirement; and deficient due diligence and control over Bittrex’s token and product launches.”  In its letter denying Bittrex’s application, NYDFS set forth in detail the deficiencies it found in Bittrex’s BSA/AML/OFAC compliance program, noting that Bittrex’s compliance policies and procedures “are either non-existent or inadequate.”

As we will discuss, the FinCEN consent order highlights Bittrex’s alleged failure to address adequately the overall risk environment in which it operated, including transactions involving anonymity-enhanced cryptocurrencies, or AECs.  The consent order also highlights two repeated themes in enforcement actions: lack of adequate compliance staff, and a seemingly robust written compliance policy that was not matched by an effective day-to-day transaction monitoring system.

Continue Reading  OFAC and FinCEN Settle with Bittrex in Parallel Virtual Currency Enforcements

With Guest Speaker Matthew Haslinger of M&T Bank

We are extremely pleased to offer a podcast (here) on the legal and logistical issues facing financial institutions as they implement the regulations issued by the Financial Crimes Enforcement Network (FinCEN) pursuant to the Anti-Money Laundering Act of 2020 (AMLA) and the Corporate Transparency Act

Complaint Illustrates Existential Fight Over OFAC’s Ability to Sanction Open-Source Code – and OFAC Responds (?) By Issuing FAQs on Tornado Cash Use

Last month, the Office of Foreign Assets Control (“OFAC”) sanctioned Tornado Cash, a virtual currency “mixer” operating on the Ethereum blockchain which allegedly has been used to launder the virtual currency equivalent of more than $7 billion since its creation in 2019, by adding it to the Specially Designated Nationals and Blocked Persons List (the “SDN List”). The initial response from certain elements of the crypto community was, not surprisingly, negative: for example, an 8/15 Coin Center whitepaper and an 8/23 letter from Congressman Tom Emmer to Treasury Secretary Janet Yellen argued that OFAC lacked the legal authority.

In the intervening month, things have heated up considerably. Last week, six plaintiffs filed a complaint against OFAC and the Treasury Department, as well as Secretary Yellen and OFAC Director Andrea Gacki in their respective official capacities, in the Western District of Texas (Waco Division), seeking declaratory and injunctive relief – specifically, that the court declare OFAC’s addition of Tornado Cash to the SDN List as unlawful, and permanently enjoin the enforcement of the designation and any sanctions stemming therefrom.  Plaintiffs allege that venue is proper due to Plaintiff Joseph Van Loon’s residence in Cedar Park, TX, within the Western District.  Plaintiffs’ decision to opt for the Waco Division, rather than the Austin Division, may be intentional, because the Waco Division has only one judge, who until recently has been the go-to choice for patent litigation plaintiffs.

The complaint has and will continue to draw considerable attention.  It lays out the framework for a fascinating question:  under existing law, can OFAC act directly against a piece of technology such as open-source code?  Or, must OFAC pursue enforcement, through a more difficult, piece meal and time-consuming process, only against specific individuals and specific legal entities? Presumably, both sides will invoke broad policy-related and equity-related arguments regarding “privacy,” “transparency,” and the need to fight crime.  However, the key issue may come down to a more traditional and rather dry legal issue of parsing the meaning of statutory language.

Continue Reading  Civil Complaint Challenges OFAC’s Tornado Cash Sanctions

On August 8, the U.S. Department of the Office of Foreign Assets Control (“OFAC”) sanctioned “notorious” virtual currency “mixer” Tornado Cash, which allegedly has been used to launder more than $7 billion worth of virtual currency since its creation in 2019.  Tornado Cash is a virtual currency mixer that operates on the Ethereum blockchain.  Tornado Cash receives a variety of transactions and mixes them together before transmitting them to their individual recipients.  The stated purpose of such mixing is to increase privacy, but mixers are often used by illicit actors to launder funds because the process enhances anonymity and makes it very hard to track the flow of funds.  According to the Treasury Department press release, “[d]espite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risk.”  This statement seems to imply that Tornado Cash is run by actual people – an implication that is at the heart of the controversy over these sanctions, as we will discuss.

The sanctions against Tornado Cash have elicited enormous controversy in the crypto world because, some argue, (1) Tornado Cash is not an entity run by actual people, but is merely code; and (2) although OFAC has the legal authority to sanction people and entities, it lacks such authority to sanction code or a technology – or at the very least, such sanctions create many practical problems for innocent actors, including in ways which no one has foreseen fully.  As we discuss,  even a member of the U.S. House of Representatives has waded into the controversy this week, questioning the ability of OFAC to issue the sanctions and demanding answers.  The controversy also reflects that, once again, whether one chooses to focus on the word “privacy” or on the word “anonymity” typically reflects an a priori value judgment predicting one’s conclusion as to whether something in the crypto world is good or bad. 

Indisputably, the Tornado Cash sanctions are, to date, unique and unprecedented.  Although they may turn out to be an outlier experiment by OFAC, public pronouncements by the U.S. Treasury Department strongly suggest that, to the contrary, they represent part of the future of crypto regulation, in which the enormous power of the U.S. government to issue broad sanctions obliterates legal and practical hurdles which could stymie other agencies, such as the Financial Crimes Enforcement Network (FinCEN).  This may be because, ultimately, the government actually agrees that no person is in control of a powerful technology that has easy application for malicious uses, and that is precisely the problem.

Continue Reading  OFAC Sanctions Virtual Currency “Mixer” Tornado Cash and Faces Crypto Backlash