Office of Foreign Assets Control (OFAC)

Sanctions involving Russia is a front-burner issue for all businesses, but particularly for financial institutions. As we previously blogged, the Financial Crimes Enforcement Network (“FinCEN”) issued on March 7 an alert calling for increased vigilance in the face of potential evasion of Russian sanctions. On March 16, FinCEN issued its second alert on the topic (the “Alert”), reiterating the need for increased vigilance and assisting financial institutions in detecting suspicious transactions involving high-value assets to evade sanctions.

We discuss here the Alert, which provides guidance to financial institutions on how to identify suspicious transactions relating to the use of certain high-value assets by Russian elites, their family members and their “proxies.” The Alert reminds financial institutions of the importance of quickly identifying suspicious activity related to the disposition of sanctioned Russian assets. The Alert also highlights the international and domestic task forces that were formed to effectuate the sanctions laws we describe below, emphasizing the need for cross-agency collaboration and information sharing to achieve the common goal of sanctioning Russia’s power players.  However, and as we discuss, the Alert unfortunately offers no guidance on how “proxies” should be identified or defined.
Continue Reading  Russian Sanctions Redux: FinCEN Issues Guidance on Suspicious Transactions and Evasion Using High-Value Assets

On March 7, the Financial Crimes Enforcement Network (“FinCEN”) issued an alert “advising all financial institutions to be vigilant against potential efforts to evade the expansive sanctions and other U.S.-imposed restrictions implemented against potential efforts to evade the expansive sanctions and other U.S.-imposed restrictions implemented in connection with the Russian Federation’s further invasion of Ukraine.”  The press release is here.  The alert itself is here.
Continue Reading  Russian Sanctions:  FinCEN Provides Red Flags for Potential Evasion Attempts

On October 15, 2021, the Financial Crimes Enforcement Network (“FinCEN”) issued a financial trend analysis on ransomware relating to Suspicious Activity Reports (“SARs”) filed in the first half of this year (“Analysis”).  According to the Analysis, U.S. banks and financial institutions reported $590 million in suspected ransomware payments in SARs filed between January and June 2021, more than the total for all of 2020.  FinCEN found that ransomware payments are often made using virtual currency, such as Bitcoin (“BTC”).  The Office of Foreign Assets Control (“OFAC”) also released guidance in tandem with the FinCEN Analysis, addressing how the virtual currency industry can address sanctions-related risks.

Ransomware appears to be top-of-mind at the U.S. Treasury, as we have blogged.  FinCEN’s Analysis and OFAC’s guidance came quickly on the heels of OFAC issuing on September 21 a six-page Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, which states that OFAC will consider self-reporting, cooperation with the government and strong cybersecurity measures to be mitigating factors in any contemplated enforcement action against a ransomware victim that halts an attack by making the demanded payment to attackers who were sanctioned or otherwise had a sanctions nexus.  Also on September 21, 2021, OFAC issued its first sanctions designation against a virtual currency exchange by designating the virtual currency exchange “for its part in facilitating financial transactions for ransomware variants.”
Continue Reading  FinCEN Reports Spiraling SARs Relating to Ransomware

Second Post in a Two-Part Series on Recent OFAC Designations

As we blogged yesterday, OFAC has been busy.  Right before OFAC designated the virtual currency exchange SUEX for allegedly facilitating ransomware payments,  OFAC announced another significant but more traditional action on September 17, 2021 by designating members of a network of Lebanon and Kuwait-based

OFAC Updates Advisory on Enforcement Risks Relating to Agreeing to Pay Ransomware

First Post in a Two-Part Series on Recent OFAC Designations

On September 21, 2021 OFAC issued its first sanctions designation against a virtual currency exchange by designating the virtual currency exchange, SUEX OTC, S.R.O. (SUEX) “for its part in facilitating financial transactions for ransomware variants.”  Although this is a unique development, the broader and more important issue for any financial institution or company facing a ransomware attack is the continuing problem encapsulated in OFAC’s six-page Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, which OFAC released in conjunction with the announcement of the SUEX designation.  The Updated Advisory illustrates a “Catch 22” scenario, in which a victim that halts a ransomware attack by making the demanded payment then may find itself under scrutiny from OFAC on a strict-liability basis if it turns out that the attackers were sanctioned or otherwise had a sanctions nexus.  The Updated Advisory states that OFAC will consider self-reporting, cooperation with the government and strong cybersecurity measures to be mitigating factors in any contemplated enforcement action.

OFAC has been busy.  Tomorrow, we will blog on a more traditional action announced by OFAC right before the SUEX designation:  OFAC’s designation of members of a network of financial conduits funding Hizballah and Iran’s Islamic Revolutionary Guard Corps-Qods Force.  This designation is notable for the targets’ alleged use of gold as a vehicle to launder illicit funds through front companies.
Continue Reading  OFAC Targets Virtual Currency Exchange For Ransomware Attack

On April 12, 2021, the Office of the Comptroller of the Currency (“OCC”), the Board of Governors of the Federal Reserve System (“Board”), the Federal Deposit Insurance Corporation (“FDIC”), the National Credit Union Administration (“NCUA”) and the Financial Crimes Enforcement Network (“FinCEN”) issued a Request for Information (“RFI”) requesting comment on the extent to which the agencies’ previous guidance on model risk management supports banks’ compliance with Bank Secrecy Act (“BSA) and Anti-Money Laundering (“AML”) regulations and Office of Foreign Asset Control (“OFAC”) requirements.

The RFI asks for comments from interested parties on suggested changes to guidance or regulations, and whether aspects of the agencies’ approaches to BSA/AML and OFAC compliance are either working well, or could be improved.  The agencies explained that the reason for the RFI is to further understand current bank practices, and determine whether additional explanation or clarification of their guidance may be helpful.  Although the genesis of the RFI is not entirely clear, it appears that it was issued in response to certain financial institution inquiries or comments regarding how the maintenance of their BSA/AML compliance programs should incorporate principles set forth in earlier, more general regulatory guidance on model risk management for banks, which we describe below.  Further, the RFI has not occurred in a vacuum, but rather has appeared in the midst of a major, ongoing overhaul of the BSA/AML legislative, regulatory and enforcement regime.  Comments to the RFI must be received by June 11, 2021.
Continue Reading  Risk Management: Agencies Issue Request for Information on Intersection of Model Risk Management Guidance and BSA/AML Compliance

As we’ve blogged, high-end artwork can create an ideal vehicle for money laundering. And, as we’ve also blogged, the Permanent Subcommittee on Investigations for the U.S. Senate released in July 2020 a detailed report titled “The Art Industry and U.S. Policies That Undermine Sanctions,” focusing on the nexus between high-end art and U.S. sanctions law violations, potential money laundering schemes and anti-money laundering (“AML”) risks. The Senate report recommends in part that the Bank Secrecy Act (“BSA”) be amended to include art dealers as “financial institutions” subject to AML obligations under the BSA.

Indeed, recent legislation has included a proposal to (i) add to the list of “financial institutions” covered by the BSA “a person trading or acting as an intermediary in the trade of antiquities, including an advisor, consultant or any other person who engages as a business in the solicitation of the sale of antiquities;” and (ii) require a study by the Secretary of the Treasury “on the facilitation of money laundering and terror finance through the trade of works of art or antiquities,” including an evaluation of whether art industry markets should be regulated under the BSA.

This is a “hot” topic.  In the latest development in this area, and in what appears to be a response to — or affirmation of – the Senate report, the U.S. Department of the Treasury’s (“Treasury”) Office of Foreign Assets Control (“OFAC”) recently issued a new advisory (the “Advisory”) highlighting the related problem of individuals blocked by OFAC from entering the U.S. financial system trying to evade those restrictions through the commerce of art, and emphasizing sanctions for U.S. persons who engage in prohibited transactions.
Continue Reading  Art and OFAC

October is National Cybersecurity Awareness Month, and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) and Office of Foreign Assets Control (“OFAC”) kicked off the month by issuing two advisories that aim to increase cybersecurity awareness, assist financial institutions in detecting and reporting ransomware activity, and highlight potential sanctions risks for facilitating ransomware payments.

The FinCEN and OFAC advisories signal the seriousness with which the Department of Treasury treats the threat of cybercriminals and ransomware attacks. Both FinCEN and OFAC have now squarely placed an obligation on financial institutions and other payment intermediaries to put procedures in place to detect ransomware payments and to restrict payments to blocked individuals. It appears FinCEN and OFAC want to make sure cybercrime does not pay by cutting off cybercriminals’ access into the financial system.

While both FinCEN and OFAC have offered guidance to financial institutions formulating policies and procedures for deciding whether to process or report payment requests that may be connected to ransomware attacks, OFAC has also offered a warning: facilitating ransomware payments may lead to an enforcement action and civil penalties. Given the growing national security concerns associated with ransomware attacks, the advisories rightly encourage financial institutions and other payment intermediaries that facilitate ransomware payments to share information via Suspicious Activity Reports (“SARs”) and to fully cooperate with law enforcement during and after ransomware attacks.
Continue Reading  FinCEN and OFAC Advisories Aim to Increase Cybersecurity Awareness and Thwart Ransomware Attacks in the Financial Sector

Is Art an “Ideal Playing Ground” for Money Laundering?

Last week, the Permanent Subcommittee on Investigations for the U.S. Senate released a detailed, 147-page report titled “The Art Industry and U.S. Policies That Undermine Sanctions” (“the Report”). Although the Report ostensibly addresses the evasion of U.S. sanctions law, much of the Report actually focuses on the connection between high-end art and potential money laundering schemes and anti-money laundering (“AML”) risks. Among other proposals, the Report recommends that the Bank Secrecy Act (“BSA”) be amended to include art dealers as “financial institutions” subject to AML obligations under the BSA.

The Report focuses on an elaborate case study documenting how certain Russian oligarchs allegedly used transactions involving high-end art and shell companies to evade U.S. sanctions, imposed on them on March 20, 2014 in response to Russia’s invasion of Ukraine and the annexation of Crimea. We will not focus on the detailed allegations in the Report regarding the particular facts of this alleged scheme, or the alleged involvement of certain major art auction houses. Rather, we will focus on the more general sections in the Report relating to systemic concerns about the potential role of high-end art in money laundering schemes, and the more general findings of fact and recommendations generated by these concerns.

The Report was not issued in a vacuum; rather, it clearly was written in part to spur legislative action. Proposed legislation on BSA/AML reform is pending before the U.S. Congress and Senate, including a proposal – currently nestled within a lengthy proposed amendment to a defense spending bill – to (i) add to the list of “financial institutions” covered by the BSA “a person trading or acting as an intermediary in the trade of antiquities, including an advisor, consultant or any other person who engages as a business in the solicitation of the sale of antiquities;” and (ii) require a study by the Secretary of the Treasury “on the facilitation of money laundering and terror finance through the trade of works of art or antiquities,” including an evaluation of whether certain art industry markets (“by size, entity type, domestic or international geographic locations, or otherwise”) should be regulated under the BSA. And, this general issue has been percolating for some time. Last year, we blogged in detail about the potential role of high-end art and antiquities in money laundering schemes, and the voluntary AML programs which art dealers might adopt to combat such schemes.
Continue Reading  Using Art to Evade Sanctions and Launder Money:  The Senate Report

The Southern District of New York (“SDNY”) recently rejected a retaliation claim brought by a former bank employee under the Bank Secrecy Act (“BSA”), granting summary judgment in favor of the employer bank because the former employee failed to demonstrate that his firing was caused by his act of reporting a potential violation of law to the government. Although the reasoning underlying the Court’s Order is straight-forward, the case provides another reminder of the often difficult employment issues that both financial institutions and potential whistleblowers can face.

Whistleblowing as to alleged anti-money laundering (AML) violations is a growing phenomenon, perhaps best exemplified by the fact that a whistleblower precipitated the colossal Dankse Bank money laundering scandal. Previously, we blogged about a bank whistleblower case producing the opposite result as the SDNY Order here. In this post, we discuss both the BSA whistleblower statute and the SDNY Order, and, more generally, we note steps that financial institutions might take to protect themselves from liability and legitimate whistleblowers from retaliation.
Continue Reading  Would-Be Whistleblower Fails to Show Causation Under the Bank Secrecy Act for Termination