What do you do about the new Russian Sanctions?
Given the current situation in Eastern Europe, specifically Ukraine, many are questioning what more they should be doing involving OFAC and the various sanctions programs involving the Russian Federation and Belarus. I will take a few minutes and go over the due diligence that is being requested by FinCEN. In my opinion, it is more than sanctions and a direct connection to Russia or Belarus and the various sanctioned entities involved in the situation.
Recently, FinCEN published a new FinCEN Alert (FIN-2022-Alert001) entitled, “FinCEN Advises Increased Vigilance for Potential Russian Sanctions Evasion Attempts.” Some key elements of this publication involve the following:
- Select Red Flag Indicators of Sanctions Evasion through the U.S. Financial System
- Select Red Flag Indicators of Sanctions Evasion Using CVC
- Select Red Flag Indicators of Possible Ransomware Attacks and Other Cybercrime
- New SAR Key Term “FIN-2022-RUSSIASANCTIONS”
Additionally, the bulletin provides distinct ‘Relevant BSA Obligations and Tools for U.S. Financial Institutions,’ specifically calling out the following:
- Suspicious Activity Reporting involving OFAC Sanctions
- Placement of key term “FIN-2022-RUSSIASANCTIONS” in SAR field 2
- Currency Transaction Reporting and other Relevant BSA Reporting Requirements
- Due Diligence (CDD/EDD)
- Information Sharing (USA PATRIOT Act 314(b))
- Executive Order 14024 (This is the specific Sanctions Program regarding the Russian Federation)
This seems like quite a bit to go over, but in my opinion, much of this is a reiteration of what a Compliance Department should already be doing. If you have questions or need more confidence, it is always a good move to read through the FinCEN Alert and apply it to your current practices. From there, determine for yourself whether your organization is meeting the ‘spirit of the law.’ Without regurgitating what is already written in the bulletin, I will briefly discuss each topic above and attempt to explain how I might go about establishing confidence in meeting each relative key element.
Select Red Flag Indicators of Sanctions Evasion through the U.S. Financial System
On this topic, there are seven (7) Select Red Flag Indicators that FinCEN is asking Financial Institutions to keep an eye on. In reading through these, I get the following overall feeling that FinCEN is asking that Financial Institutions know their customers. More specific, corporate vehicles and third parties need to be scrutinized to ensure that their use is not to obscure ownership, as well as the origination or destination of funds in a transaction. Regarding EO 14024, scrutinize high-risk areas normally associated with transactional flows to and from the Russian Federation, such as neighboring countries, or high-risk countries known for being tax havens and safe harbors. Pay attention to new account relationships, and always get to the bottom of an entity’s Beneficial Ownership. For established clientele, take exception to unusual foreign exchange activities. If you see something, it’s better to say something than ignore it.
Select Red Flag Indicators of Sanctions Evasion Using CVC
“CVC” is also known as convertible virtual currency, or the more popular term, cryptocurrency. There are three (3) Red Flag Indicators mentioned, but unless you own, operate, or host a cryptocurrency exchange, wallet provider, or host any of these products within your institution, the third one is where most financial institutions need to focus. The overall meaning of the red flag is to know where funds are coming from or going to, specific to cryptocurrency exchange. For most conventional financial institutions, this means scrutinizing transactions specific to crypto exchanges or foreign Money Services Businesses (MSBs) operating in high-risk countries or regions. Also, pay special attention here to volume and frequency of these types of transactions as an additional indicator of risk, as not all CVC transactions are necessarily bad. As previously mentioned in another blog post, more information on the risks and pitfalls to CVC transactions can be found on the FATF website, in a publication labeled “Virtual Assets Red Flag Indicators of Money Laundering and Terrorist Financing,” which can be downloaded and distributed.
Possible Ransomware Attacks and Other Cybercrime
Within this key element are three (3) more Red Flag Indicators. The first involves knowing where customer transactions are initiated or received by means of knowing the geolocation of IP Addresses. This may prove to be more difficult for most small financial institutions, as tools that do this sort of work can be expensive. Check in on your BSA Risk Assessment to determine the right risk-based approach for you organization. Another topic here is customers that use crypto currency mixers or tumblers. Using these services is an indicator of the user’s desire for anonymity.
Relevant BSA Obligations and Tools for U.S. Financial Institutions
The last section goes over much of what a compliance department already does. If you are to file a SAR on activity you believe to be related to the sanction program, enter the key term “FIN-2022-RUSSIASANCTIONS” in SAR field 2, which is on the first page. You can also contact FinCEN and advise them of the SAR by calling the FinCEN Financial Institutions Toll-Free Hotline at (866) 556-3974.
In my opinion, for smaller institutions, the last piece of the bulletin is the most important. This is the Customer Due Diligence reminder, and it is just as strong of a tool as OFAC scanning or transaction monitoring. Refine your process if necessary to get to the beneficial owner of each entity in your portfolio. Ensure that back-shop operations involving foreign transactions get special one-on-one guidance involving what they might look for as they process foreign transactions involving IAT and SWIFT, or any other foreign transaction vehicle your institution uses.
Lastly, one thing I do want to cover briefly is Charitable Organizations. As things progress in Ukraine, many are going to be looking for ways to help. Unfortunately, we also know that many scams out there will be taking advantage of customer interest in assisting those in need. Vigilance here is important as well, and as you field calls of charity fraud, make note of these transactions, and attempt to template them and find others who may not even know they were deceived. Look for common recipients or other patterns of activity to build your case.
In closing, often our premonitions are enough to draw light on something strange that may be occurring. As with most things OFAC, it’s better to be cautious than to let something slip through. Best of luck to everyone out there!