March 1, 2022
With Russia’s invasion of Ukraine last week, we saw a swift response by the U.S. beginning with President Biden’s Executive Order 14024 (“The EO”) and followed quickly by the Office of Foreign Assets Control’s (“OFAC”) severe restrictions on economic activity related to the Russian Federation. In total, the U.S. Treasury expects these sanctions to impact nearly eighty percent of the Russian Federation’s economy. On February 25, 2020, these programs were broadened to include political leaders of the Russian Federation, including Vladimir Putin (“President”) and Sergei Lavrov (“Minister of Foreign Affairs”), amongst others.
Summary of Impact on Banks and FinTech Companies
These changes pose a significant regulatory risk to U.S. financial institutions and FinTech companies. While an entity’s strong Bank Secrecy Act (“BSA”), anti-money laundering (“AML”) compliance program, and Office of Foreign Asset Control (“OFAC”) sanctions program should digest be able to address these new sanctions, the controls around your third-party due diligence and FinTech partnership program oversight most likely did not anticipate such a large-scale change to the regulatory landscape with a developed country that is extremely active in the payments, digital assets, and FinTech spaces.
It is extremely important that financial institutions and FinTech companies immediately review their BSA and AML compliance and OFAC screening policies and procedures to ensure implementation of these sanction regimes. In addition, this is an opportunity for financial institutions to assess their (and their FinTech partners’) compliance management programs and ability to integrate these sanctions programs and quickly deploy controls. As explained more fully below, you should immediately review your company’s:
In addition, OFAC encourages regulated entities to avoid any procedures that would allow for temporary release of transactions during “pending” investigations. If not already in place, your company should also begin developing a robust risk assessment program that includes monitoring, testing, and sampling of transactions, as well as retroactive analysis of previous transactions under prior compliance programs. As always, if issues are identified, companies should immediately contact OFAC and coordinate with the agency through the self-disclosure program.
What We Can Learn from History
Lessons from Venezuela Cryptocurrency
Historically, when nations have been subjected to significant sanctions regimes, government actors and businesses will turn to alternative, FinTech platforms for the movement of funds. Following extensive sanctions programs, the Venezuelan government launched its own digital currency and began transacting in digital assets. As reported by CoinTelegraph and Bitcoin.com, Venezuelan President Maduro has officially announced efforts to use digital asset exchanges to bypass sanctions programs. The firm is aware of many attempts by Venezuelan nationals and Venezuelan-related companies to use international and U.S.-based digital asset payment companies and exchanges to access cryptocurrency markets. It would not be a stretch for the Russian Federation to employ similar strategies to bypass U.S., U.K., E.U., and other nations’ sanctions programs. New sources, such as Politico and The Washington Post, have already identified digital assets as one of the ways that the Russian Federation and blocked persons will attempt to evade these sanctions programs.
OFAC Enforcement Against BitPay
The FinTech company BitPay operated a digital asset payment system for merchants. On February 18, 2021, OFAC announced a monetary settlement with BitPay for OFAC screening failures. The BitPay Settlement serves as a guide for FinTech companies and FinTech-partnering financial institutions implementing sanctions programs. BitPay screened its merchant customers against OFAC’s Specially Designated Nationals and Blocked Persons lists (SDN Lists) and conducted due diligence to confirm that these merchants were not located in sanctioned jurisdictions. However, BitPay did not screen its customers’ customers at the time of the transaction. As a result, BitPay enabled persons—its customers’ customers—located in Crimea, Cuba, North Korea, Iran, Sudan, and Syria to engage in digital currency-related transactions. In the Settlement, OFAC concluded that BitPay should have screened transaction data, including:
OFAC did not determine that BitPay’s customer screening processing was lacking. Rather, the focus was on appropriate transaction monitoring to ensure that payment counterparties were not subject to sanctions programs.
Payoneer operates a money transmission and prepaid access service. On July 23, 2021, OFAC announced a monetary settlement with Payoneer for violations of multiple sanctions programs. The Payoneer Agreement determined that the company processed 2,201 payments for parties located in sanctioned nations and 19 payments on behalf of individuals on the SDN List. In the Settlement, the OFAC criticized Payoneer for:
These enforcement actions reflect OFAC’s priorities, particularly as they relate to FinTech customer relationships. In late 2021, OFAC issued Sanctions Compliance Guidance for the Virtual Currency Industry that built upon OFAC’s Framework for OFAC Compliance Commitments. These documents drive home the need for FinTech companies to focus on:
Initial Blocking Orders
The U.S. Department of the Treasury has engaged in broad-based sanctions programs against the Russian Federation, its financial sector, key industries, and governmental figures.
Additional Blocking Orders
Additions to OFAC's SDN List were extensive and include two financial institutions, VEB and PSB which are state-owned institutions that are crucial to financing the Russian defense industry, as well as 42 of their subsidiaries. These financial institutions play significant roles in the Russian economy, holding combined assets worth tens of billions of dollars. These subsidiaries which are now blocked include:
Treasury also stated that elites close to Russian President Vladimir Putin continue to leverage their proximity to the President to harm the stability of Ukraine. Treasury, therefore, blocked all property and interests in property of those listed below that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, fifty percent or more by one or more by these individuals are blocked. The individuals are:
On February 25, 2022, OFAC imposed sweeping sanctions against Putin and other political figures in the Russian government. Though it is rare for OFAC to impose sanctions against foreign heads of state, there is precedent involving other “despots” such as Kim Jung Un, Alyaksandr Lukashenka, and Bashar al-Assad. In addition, the sanctions also target:
This latest round of sanctions builds off previous sanctions programs targeting members of the Russian Security Council:
Now is the Time
Now is the time to assess your compliance program and associated controls as well as your strategic partnerships and product offerings to confirm your institution is not only accounting for these significant changes but also to determine if your controls are sufficient and reasonable. You should consider these changes considering your current customers, the industries you service, and your various partnerships. Certain areas of bank operations are at a higher risk than others and your program and controls should reflect that. Those areas include:
We anticipate that BSA/AML, OFAC, and Third-Party oversight programs will be an area with increased focus within upcoming exams given these far-reaching sanctions.
These materials have been prepared for informational purposes only and are not legal advice. This information is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Internet subscribers and online readers should not act upon this information without seeking professional counsel.