Financial Conduct Authority Issues New Crypto Sanctions Evasion Guidance

The Bank of England, Office of Financial Sanctions Implementation (OFSI) and the Financial Conduct Authority (FCA) have issued a joint statement offering guidance for the cryptoasset sector relating to sanctions evasion. 

With an unprecedented package of economic sanctions being imposed on Russia and Belarus in response to the invasion of Ukraine, the firms are being warned that they must ensure their services are not being used to evade sanctions – with cryptoasset firms explicitly highlighted.

The question of whether Russia will try to use cryptocurrencies to evade sanctions has been an open discussion in recent weeks, and decentralized exchanges (DEX) and decentralized finance (DeFi) platforms are seen as particularly vulnerable. 

Cryptocurrencies have already been used to evade sanctions in Iran, with a report by a think tank attached to the Iranian presidency highlighting how Bitcoin can be used to circumvent sanctions. And there is a fear that Russia could use ransomware attacks to demand crypto or even cyber heists of crypto like North Korea, to evade financial sanctions.

What has the FCA said? 

The new UK guidance stated that: “Financial sanctions regulations do not differentiate between cryptoassets and other forms of assets. The use of cryptoassets to circumvent economic sanctions is a criminal offence under the Money Laundering Regulations 2017 and regulations made under the Sanctions and Anti-Money Laundering Act 2018.” 

Firms are warned that if they have “reasonable cause to suspect” that they are in possession or control of funds or economic resources of a sanctioned person they must: freeze them, not deal with them or make them unavailable to the designated person (unless there is an exception in the legislation or the firm has a license from OFSI), and report them to OFSI. More guidance can be found on OFSI’s website.

The regulators also remind FIs to check the FCA register to identify whether any cryptoasset firms they do business with are registered, or to check the equivalent register of the jurisdiction in which the cryptoasset firm is based.

How to Reduce Sanctions Evasion Risk

Practical steps outlined in the announcement to reduce the risk of sanctions evasion via cryptoassets include:

• Updating business-wide and customer risk assessments to reflect changes in the nature and type of sanctions measures
• Ensuring KYC and CDD processes identify customers who use corporate vehicles to obscure ownership or source of funds
• Ensuring customers and transactions are screened against relevant updated sanctions lists and effective re-screening is in place to identify sanctions breaches
• Ensuring any suspicious activity is reported quickly 
• Ensuring compliance teams understand how blockchain analytics solutions can be best used to identify transactions linked to higher risk wallet addresses
• Engaging with public-private partnerships to gather insights on the latest typologies and relevant additional controls, and share best practice examples

The regulators also share red flag indicators that suggest an increased risk of sanctions evasion that compliance teams should be aware of. These should be considered in context, as they may not appear suspicious in isolation, but indicate sanctions evasion when considered alongside other red flags: 

• A customer who is resident in or conducting transactions to or from a jurisdiction which is subject to sanctions, a high-risk country or a jurisdiction identified as posing an increased risk of illicit financial activity
• Transactions to or from a wallet address associated with a sanctioned entity, or otherwise deemed to be high-risk, based on its transaction history or other factors
• Transactions involving a cryptoasset exchange or custodian wallet provider known to have poor customer due diligence procedures 
• The use of tools designed to conceal the location of a customer (e.g. an IP address associated with a virtual private network or proxy) or the source of cryptoassets (e.g. mixers and tumblers)
• Other money laundering red flag indicators where the aim of the illicit actor is to make an illegal transaction seem legitimate

This latest guidance from the regulators follows a wider, renewed focus on cryptoassets that firms should expect to continue to accelerate through 2022. The FCA issued a warning to crypto operators in March to shut down crypto ATMs, as none of the firms registered with the FCA had been approved for offering crypto ATM services. 

In its March sanctions announcements, extending the scope of measures against Russia and Belarus, the EU explains that measures “clearly include cryptoassets”. It clarifies that cryptoassets fall under the scope of “transferable securities”, and loans and credit referred to can be provided by any means, including cryptoassets.

Compliance teams should also note that the National Crime Agency has issued a new Glossary Code for SARs that includes reporting activity connected to money laundering involving sanctioned persons and entities. This includes a reminder that SARs should not be submitted just to report a suspected sanction breach – SARs are only applicable if the breach also relates to money laundering or terrorist financing.

Uncover more compliance guidance with our report on the EU’s new AML/CFT framework.