Financial institutions

FinCEN urges vigilance of financial institutions in anticipation of Russian sanctions evasion attempt | Troutman pepper

Following significant sanctions and other restrictions imposed by the United States and its global allies following the Russian Federation’s invasion of Ukraine, the Financial Crimes Enforcement Network (FinCEN) has issued an alert (FinCEN Alert) on March 7, advising financial institutions how to identify and report potential attempts to evade sanctions.

The FinCEN Alert provides a number of red flags associated with possible sanctions evasion using the US financial system and convertible virtual currency (CVC). These include:

  • Use of legal structures to conceal (1) ownership, (2) source of funds, or (3) countries involved, especially sanctioned jurisdictions;

  • Use of shell companies to effect international wire transfers, often involving financial institutions in jurisdictions separate from company registration;

  • Use of third parties to protect the identity of sanctioned persons and/or politically exposed persons (PEPs) seeking to disguise the origin or ownership of funds, such as concealment of the purchase or sale of real estate;

  • Accounts in jurisdictions or with financial institutions experiencing a sudden increase in value being transferred to their respective areas or institutions, without clear economic or business justification;

  • Jurisdictions previously associated with Russian financial flows identified as having a notable increase in new business start-ups;

  • Newly created accounts that attempt to send or receive funds from a sanctioned institution or an institution withdrawn from the Society for Worldwide Interbank Financial Telecommunication;

  • Non-routine foreign exchange transactions that may indirectly involve sanctioned Russian financial institutions, including transactions inconsistent with activity in the previous 12 months;

  • Customer transactions initiated or sent to the following types of Internet Protocol (IP) addresses: untrusted sources; sites in Russia, Belarus, jurisdictions identified by the Financial Action Task Force as having anti-money laundering/countering the financing of terrorism/proliferation (AML/CFT/CP) deficiencies and jurisdictions comprehensively sanctioned; or IP addresses previously flagged as suspicious;

  • Customer’s transactions related to CVC addresses listed on any of the United States Treasury Department’s Office of Foreign Assets Control (OFAC) lists; and

  • Client’s use of a CVC exchanger or money services business located overseas in a high-risk jurisdiction with AML/CFT/CP deficiencies, particularly for CVC entities and activities, including including inadequate “know your customer” or customer due diligence measures.

FinCEN also warned of the dangers posed by Russian-linked ransomware campaigns, offering additional red flags regarding Russian and other ransomware and cybercrime activity:

  • A client receives a CVC from an external wallet and immediately initiates several rapid transactions between multiple CVCs with no apparent apparent purpose, followed by an out-of-platform transaction, which may indicate attempts to break the chain of custody on the respective blockchains or further complicate the transaction;

  • A customer initiates a funds transfer involving a CVC mixing service; and

  • A customer is directly or indirectly exposed to a receipt transaction identified by blockchain tracking software as being related to ransomware.

If a financial institution detects suspicious activity as defined in the FinCEN alert, FinCEN requires it to file a Suspicious Activity Report (SAR) using the key term “FIN-2022-RUSSIASANCTIONS” in the SAR 2 field ( Filing Institution Note to FinCEN) and The Narrator.

In addition to urging financial institutions to promptly identify and report suspicious activity that may indicate sanctions evasion, FinCEN stressed that all financial institutions should conduct appropriate risk-based due diligence and leverage their ability to share information under Section 314(b) of the USA PATRIOT Act to help identify hidden Russian and Belarusian assets.

Financial institutions should promptly and carefully review and update their AML, Bank Secrecy Act (BSA), OFAC and other related procedures to meet the obligations imposed by the FinCEN Alert, including any necessary training on the indicators of alert and new SAR filing instructions. associated with sanctions-busting activities. Financial institutions should also continue to monitor OFAC’s sanctions list and guidance updates to ensure compliance with changing requirements and prohibitions.