Ensuring compliance with sanctions against Russia￼
After the invasion of Ukraine by Russia, worldwide governments reacted swiftly, imposing various sanctions on the country and on key individuals. As these sanctions are mainly financial sanctions, companies must ensure they have processes in place to avoid facilitating sanction evasion.
Sanctions are raining on Russia since the start of the conflict
Asset freezes and SWIFT exclusion sanction against Russia
Showing support to Ukraine, governments are implementing various sanctions on Russia because of its attacks in Ukraine. These sanctions range from travel bans to exportation curbs and financial sanctions. For instance, the EU, the UK, and the US froze assets belonging to Russia’s Central Bank preventing it to access its dollar reserves abroad.
In the US, the Office of Foreign Asset Control (OFAC) has updated its specially-designated nationals (SDN) list with Russian officials, oligarchs, and elites.
Western governments additionally agreed to exclude seven Russian banks from SWIFT, a banking messaging system, allowing faster transactions. The excluded banks include:
VNESHECONOMBANK (VEB); and
FinCEN’s alert advising vigilance on potential sanction evasion by Russia
The alert provides 3 red flags associated with sanction evasion using cryptocurrencies:
A customer’s transactions are received from or sent to IP addresses from non-trusted sources, Russia and Belarus, FATF-identified jurisdictions with AML/CFT/CP deficiencies, sanctioned jurisdictions, or previously flagged IP.
A customer’s transactions are linked to cryptocurrency addresses listed on OFAC’s SDN List.
A customer uses a crypto exchange or foreign-located MSB in a high-risk jurisdiction with AML/CFT/CP deficiencies including inadequate KYC or customer due diligence (CDD) measures.
In addition, 3 red flags associated with ransomware and cybercrime activities are also provided in the document. FinCEN considers a red flag when a customer:
receives cryptocurrency from an external wallet, and immediately initiates multiple, rapid trades among multiple cryptocurrencies with no apparent related purpose, followed by a transaction off the platform in an attempt to obfuscate the transaction.
initiates a transfer of funds involving a cryptocurrency mixing service.
has either direct or indirect receiving transaction exposure identified by blockchain tracing software as related to ransomware.
Singapore’s restrictions and sanctions against Russia
In Asia, Singapore’s Ministry of Foreign Affairs announced financial and exportation sanctions against Russia on March 5. The list of financial sanctions implemented by the country includes:
(a) Entering into transactions or establishing business relationships with VTB Bank Public, Joint Stock Company The Corporation Bank for Development and Foreign Economic Affairs Vnesheconombank, Promsvyazbank Public Joint Stock Company, and Bank Rossiya;
(b) Providing financing or financial services in relation to the export from Singapore or any other jurisdiction of goods subject to Singapore’s export controls on Russia;
(c) Providing financial services in relation to designated Russian non-bank entities which are involved in activities in (b);
(d) Entering into transactions or arrangements, or providing financial services that facilitate fundraising by the Russian government, Central Bank of the Russian Federation, and any entity owned or controlled by them or acting on behalf;
(e) Entering into transactions or providing financial services in relation to transport, telecommunications, energy and prospecting, exploration and production of oil, gas, and mineral resources, in the breakaway regions of Donetsk and Luhansktransport;
The Ministry also prohibits cryptocurrency transactions aimed at bypassing these sanctions. This includes cryptocurrencies and other digital assets such as non-fungible tokens (NFTs).
All of this is severely impacting the Russian economy resulting in the collapse of the Ruble value. Additionally, several multinational companies are cutting ties with Russia to comply with newly established sanctions and show support to Ukraine. Major financial companies like Visa, Mastercard, American Express, and Paypal stopped all their operations in the country.
How can crypto-related companies ensure compliance with sanctions on Russia?
KYC checks against sanctions
First, financial services including crypto service companies must conduct KYC (know your customer) and CDD (customer due diligence) checks on their customers. With these checks, they will be able to ensure customers are not listed on any sanction list. This is vital to stay compliant as authorities, such as OFAC, are updating their lists with Russian nationals. Thorough KYC checks against sanction lists will mitigate the risk of facilitating sanction evasion.
Blockchain analytics to avoid sanction evasion
Then, crypto services companies should conduct continuous crypto transaction monitoring through KYT (know your transaction). Blockchain analytics software, like Scorechain’s, are providing KYT solutions to help companies easily do that. It allows compliance officers to easily analyze blockchain transactions, spot and report suspicious patterns to comply with AML/CFT requirements implemented for cryptocurrencies.
For example, Scorechain’s crypto AML platform provides a wide range of risk indicators that let users easily spot links with specific risky activities. Users can set these risk indicators based on entity type, behavioral type but also jurisdiction.
In the case of sanctions against Russia, users can set up the risk indicator “Russia”. They will receive an alert if funds are related to Russian entities. In the same manner, users can set the risk indicators “Mixing Service” and “Mixing pattern”. For example, this feature can help companies apply the requirements set by FinCEN’s alert.
Scorechain’s platform also displays red flags on crypto addresses and entities related to suspicious or illegal activities. For instance, addresses and entities that appear on OFAC’s sanction list will be flagged accordingly with a low SCx. More specifically, a low SCx means high risks in terms of money laundering. The same goes for scam, hack, or ransomware activities for example, that are equally red-flagged in the platform.
Users can also perform due diligence checks on entities and counterparties with the Entity Directory. The Directory assesses the level of AML risk for exchanges and gives information on:
Compliance risk such as the level of KYC and CDD checks in place;
Security risk for example if the exchange allows P2P transactions or anonymous coins; and
Jurisdiction risk such as countries placed on FATF’s gray list.
Reporting suspicious activity to authorities
To further ensure full compliance with sanctions, companies must report any activity that it suspects to be an attempt of sanction evasion via a suspicious activity or transaction report (SARs, STRs). Indeed in its alert, FinCEN reminds that all MSBs, including cryptocurrency service companies, are subject to reporting obligations. (Learn more: KYA KYT reports: 5 reasons our customers love them)
You are a company handling cryptocurrencies and you need help to comply with sanction measures? Don’t hesitate to request a demo to understand how the solution can help you with that.
Scorechain is a Risk-AML software provider for cryptocurrencies and digital assets. As a leader in crypto compliance, the Luxembourgish company has helped more than 200 customers in 45+ countries since 2015, ranging from cryptocurrency businesses to financial institutions with crypto trading, custody branch, digital assets, customers onboarding, audit and law firms, and some LEAs.
Scorechain solution supports Bitcoin analytics with Lightning Network detection, Ethereum analytics with all ERC20 tokens and stablecoins, Litecoin, Bitcoin Cash, Dash, XRP Ledger, Tezos, Tron with TRC10 and TRC20 tokens, and BSC with BEP20 tokens. The software can de-anonymize the Blockchain data and connect with sanction lists to provide risk scoring on digital assets, transactions, addresses, and entities. The risk assessment methodology applied by Scorechain has been verified and can be fully customizable to fit all jurisdictions. 300+ risk-AML scenarios are provided to its customers with a wide range of risk indicators so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.