Sanctions Risk Management for Crypto Businesses

Sanctions Risk Management for Crypto Businesses

In our third episode of AMLBot Stream podcast, we spill all the details. Don’t miss this essential guide to Sanctions Risk management! Whether you're in the crypto industry or just interested in learning about compliance in crypto, this episode is packed with valuable insights, presented by our host, Graeme Hampton, Compliance Advisor, and INATBA Member.

You can listen or subscribe now on Apple Podcast, Spotify, Audible or Youtube. Continue reading for a comprehensive preview of episode 03.

Summary of Podcast:

1. Criminal Prosecution:
- Overview of new EU laws on freezing and confiscating assets.

2. Background on Sanctions:
- Explanation of sanctions screening by OFAC, EU, and UN.
- Importance of screening names against government and regulatory sanction lists.
- Role of sanctions screening in preventing illicit activities and ensuring compliance.

3. Identifying Sanctions in Crypto:
- Use of KYT (Know Your Transaction) and KYC (Know Your Customer) in sanctions risk management.
- Detailed process of customer and transaction screening.
- Application of sanctions compliance across various jurisdictions.

4. Handling Sanctioned Entities or Assets:
- Company's zero-tolerance policy for dealing with sanctioned entities.
- Steps to take if a sanctioned entity is identified, including reporting and management review.
- Risk management procedures for high-risk countries and regions.

5. Notable Real-Life Examples



Criminal prosecution: 

The EU are planning to implement new laws on freezing and confiscating assets.

Background on Sanctions (OFAC, EU, UN)

Sanctions screening aims to restrict dealings with persons involved in illicit activities. For this purpose, an entity is required to screen names against sanction lists maintained by governments, international organisations, and regulatory authorities.

By CASP conducting sanctions screening, they can efficiently identify and prevent dealings that are against the regulatory framework and can also demonstrate adherence to the compliance requirements. 

As per Regulations, CASPs are required to conduct screening against the EU Sanctions, OFAC, and United Nations Consolidated Lists.

If the regulated entity deals with third countries, it can adopt a Risk-Based Approach and consider other relevant sanction lists for screening purposes. 

Sanctions Risks risks are about other aspects of Financial Crime and Predicated Offences which may also be relevant. The headline risks include, but are not limited to, Financing of Proliferations, Financing of Terrorism, Human Trafficking, Money Laundering, Bribery and Corruption. 

How can a crypto business identify Sanctions? using KYT, KYC

Sanctions Risk Management is ensured via the Know Your Customers process, and specific Sanctions compliance controls, like Customer and Transactions Sanctions Screening.

The performance of the KYC procedure and Risk Appetite enables us to identify and manage the Sanctions Risk associated with Customers by Ensuring an appropriate level of Due Diligence is conducted, including but not limited, to identifying, and verifying the identity of Customers and any relevant associated parties by understanding clear purpose and nature of the planned or existing business relationship, including business industry volumes, involved countries, business partners, etc.

These measures enable Sanctions Risk Management activities for effective Screenings of the Customer and its Associated parties against National and International lists.

The identification of any other direct Sanctions Risk exposure associated with the Customer Business Relationship and their associated transactions, for example, where the Customer is incorporated or resident in a country which is subject to Sanctions, or where the Customer’s primary purpose is to conduct business in a country which is subject to Sanctions;

The identification of any other indirect Sanction Risk exposure associated with the Customer Business Relationship and their associated transactions, for example, where one of the Customer’s main business partners is subject to Sanctions.

The Sanctions identification process starts with a policy that outlines the responsibilities. Sanctions Risk Management includes Ensuring the identification and fullfilment of regulatory requirements applicable to the Sanctions compliance in all of the jurisdictions the entity operates in.

For example, EU entities apply EU Sanctions, the USA uses (OFAC), UK uses (OFSI) other countries could apply United Nations (UN) and National sanctions lists for financial and trade restrictions.

For International companies with branches overseas, all sanctions regimes will be applied. For example, An EU entity with branches in the UK and US will need to apply the parent entity laws and national laws.

The Company also ensures that IT systems used for Sanctions Screening, for example, AMLBot API are properly configured and apply relevant lists for Screening to ensure compliance with the requirement. The common factor is they all use screening tools that have comprehensive and up-to-date information. 

What to do if you identify a Sanctioned entity or assets?

In the Sanctions Risk Management area, the Company is precautious and applies the ‘’Zero tolerance’’ principle.

The company will not be establishing or maintaining any Business Relationship with customers who are considered Subjects of applicable Sanctions laws and regulations or have been suspected in Sanctions evasion cases.

When a Business Relationship with Customers can’t be terminated because of frozen assets/funds according to legislation requirements it is not considered as maintenance of a Business Relationship, to ensure immediate reporting to Management, Reviewing and deciding on cases that must be reported according to the legislation requirements.

To ensure reporting without delay of identified Subjects of Sanctions, Sanctions violation, alleged violation, and Sanctions evasion cases based on the regulatory requirements. 

Establishing or maintaining of Business Relationship with any customers having significant Sanctions Risk exposure which arises from customers, their ownership structure, controlling persons, affiliate countries which are targeted by the sanctions, business activities, main business partner, business industry, used services, products and their delivery channels or performed transactions perspective, could be allowed only with approval of the Management if Sanctions Risk can be properly managed.

With the approval of the Management exception for the establishing or maintaining of Business relationships could be made only for the Subject of Sectoral Sanctions if Sanctions Risk can be properly managed.

To manage Sanctions Risk related to the Comprehensively Sanctioned countries/regions in the Company’s Risk Appetite and Risk assessment Policy of High-Risk Countries we have defined prohibited countries and regions or having affiliation of which is not allowed to make any transactions and deals, including establishing and maintaining Business Relationship. 

We reject any request to execute any transaction, provide services or make a deal if it can be created to violate Sanctions imposed by the Sanctions Authorities as defined in these Standards. 

Cases when a Business Relationship with a Customer can’t be immediately terminated due for example valid contractual obligations must be referred to the Management and reported to the Financial Investigation Agency (hereinafter FIA) using a Risk-Based Approach. 

Notable examples from real-life

Wire stripping in the context of financial crime refers to the practice of deliberately removing or omitting critical identifying information from financial transactions, especially during wire transfers, to prevent detection by regulatory authorities.

This technique is often used by individuals or institutions attempting to circumvent sanctions, anti-money laundering (AML) laws, or other regulatory requirements.

The process involves altering or deleting information that could link a transaction to countries, individuals, or entities that are subject to regulatory restrictions or international sanctions. Key details like the name of the beneficiary or the originator, their address, or account numbers are stripped from the transaction data.

By modifying the information the altered transactions are less likely to be flagged by automated monitoring systems that scan for matches against lists of sanctioned entities or countries. 

Often, transactions are routed through intermediary countries that do not have strict enforcement of international sanctions or AML measures, further obscuring the origin or destination of the funds. 

The primary purpose of wire stripping is to hide the true nature of a transaction to facilitate the movement of funds that would otherwise be blocked or flagged for further investigation.

This practice is illegal and poses significant risks, not only to the stability and integrity of the global financial system but also to national security interests.

Regulatory bodies around the world, including the Financial Action Task Force (FATF) and national regulators like the U.S. Office of Foreign Assets Control (OFAC), EU Sanctions have placed strict regulations and penalties on wire stripping.

Financial institutions are required to implement robust compliance programs that include transaction monitoring, customer due diligence, and sanctions screening to detect and prevent such practices. 

Transliteration can also be used particularly with names from languages that use non-Latin alphabets (like Arabic); different transliterations into the Latin alphabet can significantly alter how names appear in English.

For example, the Arabic name علي could be transliterated as Ali, Aly, or even Alie. The goal of these alterations is often to evade automated systems that financial institutions use for sanctions screening, Anti-Money Laundering (AML) checks, and Counter-Terrorist Financing (CTF).

Financial institutions counter these tactics by using advanced software that recognizes these variations and alternative spellings. 

A notable example of wire stripping was the case with BNP Paribas, one of the most famous sanctions violations involving the French bank, which resulted in a record-breaking penalty.

In 2014, BNP Paribas agreed to plead guilty and pay fines totalling $8.9 billion to U.S. authorities for violating sanctions. This case is particularly notable because of the size of the penalty and the nature of the violations.

Countries Involved, BNP Paribas was accused of processing billions of dollars in transactions through the U.S. financial system on behalf of entities located in countries subject to U.S. economic sanctions, including Sudan, Iran, and Cuba.

The illegal transactions reportedly took place from the early 2000s up to 2012. The bank concealed the identities of sanctioned clients by stripping information from wire transfers, thus enabling them to pass through U.S. financial systems without raising red flags.

This was not only the largest sanctions-related fines at the time but also led to significant changes in operations.

BNP Paribas was forced to suspend certain U.S. dollar clearing operations through its New York branch and other units, and the case prompted tighter controls within the industry.

The BNP Paribas case underscores the severe consequences of violating sanctions and the importance of compliance programs within financial institutions. It also highlights the reach of regulatory authorities in enforcing sanctions.

Overall, wire stripping is a serious financial crime that undermines the effectiveness of international regulatory efforts to combat money laundering, terrorism financing, and economic sanctions violations. 

This website may include links to third-party sites beyond AMLBot's control. AMLBot neither endorses nor recommends these sites or their operators. Our podcasts offer informational content only and do not constitute legal, tax, financial, or investment advice. Listeners should seek advice from their own advisors before acting on any information provided. AMLBot cannot guarantee the accuracy or completeness of podcast content and will not be liable for any errors or inaccuracies. References to specific products or entities do not imply endorsement by AMLBot. Guest opinions are their own and do not necessarily reflect AMLBot's views. Opinions expressed by AMLBot employees are personal and not necessarily endorsed by the company.