Out-Law / Your Daily Need-To-Know

UK regulators warn cryptoassets cannot be used to circumvent sanctions

Out-Law News | 15 Mar 2022 | 3:15 pm | 2 min. read

The UK financial regulatory authorities have issued a joint statement reminding financial services firms that cryptoassets cannot be used to evade economic sanctions on entities and individuals.

The statement from HM Treasury’s Office of Financial Sanctions Implementation (OFSI), the Financial Conduct Authority (FCA) and the Bank of England (BoE) highlights the legal and regulatory requirements on all UK financial services firms – including the cryptoasset sector – alongside suggested steps to reduce the risk of sanctions evasion via cryptoassets.

Financial crime and intelligence expert Hinesh Shah of Pinsent Masons said the statement puts the cryptoasset industry on notice that UK regulators will act against sanction breaches, and that attempts by sanctioned parties to use cryptoassets to circumvent restrictive measures will not be tolerated.

The statement (3 page / 140KB PDF) highlights specific controls cryptoasset firms must take to ensure they are compliant with their legal obligations in relation to sanctions, amid the continuing measures being taken against Russian entities and individuals following the invasion of Ukraine.

These include: updating risk assessments to take into account the changes in nature and type of sanction measures; conducting periodic re-screening as sanction lists are updated more frequently with additional sanctioned individuals and entities; using blockchain analytics to identify transactions linked to higher risk wallet addresses and ensuring compliance staff are trained appropriately; and collaborating with both public-private and private-private partnerships to gather and share insights on the latest typologies being used to evade sanctions.

The statement also specifies certain ‘red flag’ indicators that the regulators consider pose an increased risk of sanctions evasions, including transactions to high-risk countries and to jurisdictions subject to sanctions, including Russia and Belarus; transactions to wallet addresses considered high risk or associated with sanctioned parties; and the use of tools such as virtual private networks to hide the origin of funds.

Firms are reminded of their obligation under the Proceeds of Crime Act 2002 to report any concerns about transactions to the UK Financial Intelligence Unit (UKFIU) at the National Crime Agency. The UKFIU recently published guidance and a suspicious activity reports glossary code (1 page / 248KB PDF) to help firms with reporting obligations.

Pinsent Masons regulatory expert David Hamilton said: “The statement is also a timely prompt for firms to consider how they have implemented sanctions controls outlined in the Joint Money Laundering Steering Group’s guidance.”

“Part 3 of the guidance, which although not binding has Treasury approval and is a go-to resource for criminal and regulatory authorities, sets out the steps that ‘regulated sector’ businesses, which have included crypto exchanges and digital wallet custodians since January 2020, need to take to address their sanctions risks,” Hamilton said.

The JMLSG guidance provides that regulated sector businesses must, as part of the risk assessments and customer due diligence measures mandated under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR2017), implement appropriate controls to prevent breaches of relevant sanctions. In keeping with the MLR2017’s emphasis on “risk-based” compliance measures, firms should principally focus their resources on those areas of their business that carry a greater likelihood of involvement with sanctions targets. Nevertheless, businesses cannot completely ignore ‘low-risk’ areas and must ensure that systems and controls also pay attention to areas where dealings with a sanctions target are unlikely, but possible.

Firms should also have staff training programmes aligned with their business and risk profiles and put in place processes to manage the risk of conducting business with or on behalf of sanctioned individuals and entities. They should also keep a written record of their screening policy and be able to justify the timescales and frequency of screening, resolution of screening matches, and regulatory reporting if required.

Russia-Ukraine crisis
Russia's invasion of Ukraine in February 2022 shocked the world and had immediate economic and political consequences. We track and analyse the implications of the situation as it develops.
Russia-Ukraine crisis