Sanctions Evasion and Crypto: UK Financial Regulators Joint Statement

A joint statement published by the Office of Financial Sanctions Implementation (OFSI), the Bank of England and Financial Conduct Authority (FCA), summarises the legal and regulatory requirements on firms - and the action that firms can take - in relation to the risk of sanctions evasion via cryptoassets. It comes in the wake of Russia’s invasion of Ukraine, which has prompted the imposition of sanctions on Kremlin-linked individuals and entities.

Legal and regulatory requirements

The statement emphasises that financial sanctions regulations do not differentiate between cryptoassets and other forms of assets. Use of cryptoassets to circumvent economic sanctions is a criminal offence under the Money Laundering Regulations 2017 and regulations made under the Sanctions and Anti-Money Laundering Act 2018.

Firms are reminded that if they have concerns about sanctions evasion or money laundering, they need to consider their obligations to report suspicions to the UK Financial Intelligence Unit (UKFIU) at the National Crime Agency, under the Proceeds of Crime Act 2002. The importance is emphasised of companies and individuals checking the FCA register to identify whether any cryptoasset firms they do business with are registered – as is the need to check the equivalent register of the jurisdiction in which the cryptoasset firm is based.

Action to be Taken

If an individual or firm has knowledge or a reasonable cause to suspect that they are in possession or control of, or are otherwise dealing with, the funds or economic resources of a designated person they must:

• Freeze them
• Not deal with them or make them available to, or for the benefit of, the designated person, unless this is covered by a relevant exception in the legislation or they have a licence from OFSI.
• Report them to OFSI.

The statement makes it clear that controls developed to identify customers and monitor their transactions under the Money Laundering Regulations 2017 can help with compliance. But it says that firms will need to implement additional sanctions-specific controls as and when appropriate.

It states that firms should consider:

• Updating business-wide and customer risk assessments to account for changes in the nature and type of sanctions measures.
• Ensuring that customer onboarding and due diligence processes identify customers who use corporate vehicles to obscure ownership or source of funds.
• Taking steps to make sure that customers and their transactions are screened against relevant updated sanctions lists - and that effective re-screening is in place to identify any activity that could indicate breaches of sanctions.
• Doing everything possible to identify activity that is not in line with the customer profile or appears suspicious - and ensuring that this is reported quickly to the nominated officer for consideration.
• Ensuring that compliance teams understand how blockchain analytics solutions can be best used to identify transactions linked to higher-risk wallet addresses.
• Engaging with public-private partnerships and private-private partnerships to gather insights on the latest typologies and additional controls that might be relevant and to share best practice examples.

Firms also need to look for possible “red flag indicators’’ that may suggest an increased risk of sanctions evasion.

Such red flags include:

• A customer who is resident in (or conducting transactions to or from) a jurisdiction that is subject to sanctions, on the UK’s High Risk Third Countries list for anti-money laundering and counter-terrorist financing purposes or has been identified as posing an increased risk of illicit financial activity.
• Transactions to or from a wallet address associated with a sanctioned entity or a wallet address otherwise deemed to be high-risk, based on its transaction history, associated addresses or other factors.
• Transactions involving a cryptoasset exchange or custodian wallet provider known to have poor customer due diligence procedures or deemed to be high-risk.
• Use of tools designed to obscure either the location of the customer (such as an IP address associated with a virtual private network or proxy) or the source of cryptoassets (such as mixers and tumblers).
• Other factors that are viewed as broader indicators money laundering.

The clear implication is that enhanced due diligence is required. Firms now have additional obligations regarding the verification of a customer’s wealth and/or source of funds. These are obligations above and beyond your standard know-your-customer checks.