Treasury Issues Compliance Guide Addressing Cryptocurrencies

The Treasury recently introduced OFAC’s sanctions compliance guide specifically addressing cryptocurrencies, and published a ransomware trend analysis by FinCEN providing guidance on the use of cryptocurrencies to facilitate ransomware payments. Both documents provide guidance to the industry on best practices and risk factors identified by OFAC and FinCEN related to virtual currencies.

In the compliance guide, OFAC reiterates that sanctions compliance obligations apply to cryptocurrencies as well as traditional currencies.  OFAC advises that once a U.S. person identifies they hold a virtual currency required to be blocked, the person must deny all parties access to the currency, and follow OFAC guidance related to holding and reporting that currency.  OFAC recommends that virtual currency companies and service providers develop a risk-based compliance program to meet OFAC reporting, recordkeeping, and other requirements.  This includes management involvement, risk assessment reviews, internal compliance audits, training, and reporting.  OFAC lists several best practices to assist companies develop these programs.  In addition, the guide states several “red flags” indicating increased sanctions compliance risk, including (1) inaccurate or incomplete customer information for new accounts, (2) use of an IP address or VPN from a sanctioned jurisdiction, (3) refusals to provide updated customer information or transaction information, and (4) attempted transactions with addresses associated with a blocked person or sanctioned jurisdiction.

FinCEN’s ransomware trend analysis reviewed SAR reporting between January 2021 and June 2021, identifying that ransomware actors (1) commonly demand payment in the form of a virtual currency (most often bitcoin), (2) generally develop variants of ransomware software, (3) and use a variety of virtual currency wallets, amongst other trends.  Importantly, FinCEN identified that ransomware actors request payments through the use of anonymity-enhanced cryptocurrencies (AECs are virtual currencies with features to anonymize transactions), avoid reusing wallet addresses, engage in chain hopping (the use of a variety of cryptocurrencies), and convert payments through the use of a variety of services, including centralized and decentralized exchanges.  Finally, the report notes that communication with Ransomware actors typically occurs primarily online through Tor, email, and other methods.