The Financial Crimes Enforcement Network (FinCEN) released guidance on Monday outlining the types of red flags banks should proactively look for. Although the agency has yet to find widespread circumvention of sanctions, it warned financial institutions to remain vigilant.
Besides Russia, the country of Belarus and some of its political leaders have been hit with sanctions.
Businesses should also be aware of the Justice Department’s recent announcement of a special task force created to ensure compliance with sanctions against Russia.
The red flags listed in the FinCEN alert underscore the government’s concern over traditional sanctions evasion vehicles – most often the use of complex corporate ownership structures, front companies and third parties to conceal the real proprietary – as well as emerging threats posed by convertible virtual currency. (HVAC).
“[S]Sanctions evasion can occur through a variety of means, including through currently unlicensed Russian and Belarusian banks or other financial institutions that retain at least some access to the international financial system,” FinCEN said in a statement. Press release.
The US Treasury Department last month sanctioned the two largest Russian banks, Sberbank and VTB Bank, as well as nearly 90 subsidiaries of financial institutions around the world. The United States has also banned transactions with the Central Bank of Russia and issued sanctions against Russian President Vladimir Putin, his political cronies and many oligarchs who support him.
On Tuesday, President Joe Biden announced that the United States would ban imports of Russian oil and natural gas.
The wide-ranging actions to punish Russia create numerous trigger points for U.S. financial institutions seeking to avoid violating an ever-growing list of sanctions.
FinCEN recommends that financial institutions identify and report suspicious activity regarding possible sanctions evasion, consistent with their obligations under the Bank Secrecy Act.
Red flags include transactions issued by unauthorized banks and financial institutions in Russia and Belarus, especially if there is a recent increase in the number of new business start-ups or a sudden influx of funds without justification clear economic or commercial. Another potential red flag could be contained in non-routine foreign exchange trading, which could be an attempt by Russia’s Central Bank to use third parties to mask its involvement.
Financial institutions should pay close attention to attempts to evade sanctions using digital assets, FinCEN said. Transactions initiated or sent to IP addresses from untrusted sources; sites in Russia, Belarus, jurisdictions with anti-money laundering/terrorist financing/proliferation deficiencies identified by the Financial Action Task Force, or globally sanctioned jurisdictions; or IP addresses previously flagged as suspicious warrant further attention. Financial institutions should also be wary of CVC transactions tied to people on sanctions lists or from a CVC exchange located in a high-risk jurisdiction.
“FinCEN’s use of red flags that include the mere use of IP addresses associated with Russia or IP addresses for countries known to be conduits for Russian finance indicates that the government wants institutions look to Russian sanctions circumvention reports,” said Braddock Stevenson, former associate associate director of FinCEN’s enforcement division and now an attorney at the Paul Hastings law firm. “While this will likely result in legitimate transactions being reported, it is clear that FinCEN wants the information first and will ask questions later.”
FinCEN also warned financial institutions of an increased risk of ransomware and other cyberattacks emanating from Russia or criminal gangs operating with the implicit support of the Russian government. Experts have warned that Russia could retaliate against US sanctions by launching cyberattacks against US government organizations, utilities and businesses.
In its alert, FinCEN offered a list of potential signs that a customer might be the victim of a ransomware attack and is attempting to pay a ransom to a cybercriminal.