All financial services organizations, regardless of their stance on crypto, should review regulatory warnings about crypto and OFAC sanctions evasion.
As a result of the current situation in Ukraine, the U.S. and the global community have raced to enact an extraordinary number of sanctions in a short period of time. The Office of Foreign Assets Control (OFAC) and its regulatory counterparts around the world have imposed a variety of complex sanctions and export controls targeting individuals and entities as specially designated nationals (SDNs) and placed certain areas of the Russian economy under Sectoral Sanctions Identifications (SSI) List. Adding to the complexity of this situation is the rise of popularity of cryptocurrency and digital assets and their potential use to evade sanctions.
U.S. regulators and government representatives have issued warnings to financial markets and organizations about managing the impact of OFAC sanctions and the risk of entities using crypto assets to skirt the sanctions. On March 9, 2022, President Biden signed an executive order that outlines a directive for digital assets and sets in motion needed due diligence for both the benefits and risks of crypto and digital assets.
Now is the time for financial services organizations and fintechs to heed warnings and address risks.
A regulatory anti-money laundering (AML) and sanctions risk framework specific to the impacts of crypto has yet to be established, but that should not stop financial services organizations and fintechs from implementing controls that can help mitigate the risk of unwittingly enabling OFAC sanctions evasion via the use of crypto.
Three Crowe specialists highlight four of the most pressing risks and provide an action plan for enacting meaningful controls to help mitigate risks.
| Risk concern | Risk rationale | Action plan |
| Incomplete OFAC risk assessment | Crypto is a means of value transfer, like writing a check or sending a wire. Even if an organization is not directly exposed to crypto risk through established relationships or partnerships with crypto-based businesses, customers still might use the organization to send or receive funds tied to crypto through so-called on-ramp and off-ramp transactions. As a result, financial services organizations might be understating the impact of crypto on their OFAC risk. | Confirm that the OFAC risk assessment for the organization is updated with relevant metrics related to crypto exposure, including the population of customers engaging with crypto and transactional volumes. |
| Incomplete customer risk profiles related to crypto use | Although widespread adoption of crypto by U.S. consumers and businesses is limited, it is easily accessible and virtually any customer of the organization could become engaged with cryptocurrency at any time. As a result, without proper and effective know-your-customer, customer due diligence, and enhanced due diligence controls, a financial services organization might be unaware of the amount of crypto exposure within its customer base. | Confirm that the organization has the ability to recognize and categorize customers conducting crypto transactions, including businesses that accept crypto and consumers who buy and sell crypto. |
| Incomplete transaction data related to crypto use | At present time, many transaction monitoring systems have not developed or implemented robust alert triggers for crypto. As a result, financial services organizations might be unable to accurately identify and assess crypto transaction risk. | Confirm that the transaction monitoring process addresses crypto transactions and provides the organization with valuable alerts to stay vigilant. |
| Ineffective sanctions screening | While crypto is a means of value transfer, its decentralized nature allows for a disintermediated flow of funds, which reduces transparency into the true original sender or ultimate beneficiary of the transferred value. As a result, most standard OFAC interdiction software might not be as effective for crypto-related transactions and require additional due diligence. | Confirm robust counterparty (sender and beneficiary) screening is being conducted by the organization on crypto transactions whenever possible, using all available data and a strong, risk-based approach. |
Crowe specialists understand both the opportunities and risks associated with the cryptocurrency and digital asset markets. We can help you examine the regulatory, legal, and reputational impacts faced by your organization.
For specific questions about OFAC sanctions, organizations can contact OFAC directly, either via its hotline number (+1 800 540 6322) or its Contact OFAC page.
