FinCEN Offers Red Flags on Russia

Today we return to risks arising from the Ukraine crisis, because FinCEN has just published an alert warning financial firms to watch for transactions that might actually be Russians trying to avoid Western sanctions — including a list of red flags that AML compliance functions should keep on the radar screen.

FinCEN published the 10-page alert Monday. It includes a quick recap of sanctions the Treasury Department has imposed against Vladimir Putin, his oligarch cronies, and the Central Bank of Russia; plus various junior varsity thugs and dictators in Belarus. Then comes the requisite warning: “As a result of these actions, sanctioned Russian and Belarusian actors may seek to evade sanctions through various means, including through non-sanctioned Russian and Belarusian financial institutions and financial institutions in third countries.” (If you did not already know that, please leave your compliance officer card at the door as you exit the room.)

After that come the red flags that financial firms should be watching for. Among them:

  • Use of corporate vehicles (legal entities, such as shell companies, and legal arrangements) to obscure ownership, the source of funds, or the countries involved, particularly sanctioned jurisdictions. 
  • Use of shell companies to conduct international wire transfers, often involving financial institutions in jurisdictions distinct from company registration.
  • Use of third parties to shield the identity of sanctioned persons or PEPs (politically exposed persons) seeking to hide the origin or ownership of funds, such as to hide the purchase or sale of real estate.
  • Accounts in jurisdictions or with financial institutions that are experiencing a surge in value being transferred into their respective areas or institutions, without a clear economic or business rationale.
  • Jurisdictions previously associated with Russian financial flows that are identified as having a notable recent increase in new company formations.
  • Newly established accounts that attempt to send or receive funds from a sanctioned institution or an institution removed from the (SWIFT).
  • Non-routine foreign exchange transactions that may indirectly involve sanctioned Russian financial institutions. For example, the Central Bank of the Russian Federation may seek to use import or export companies to engage in foreign exchange transactions on its behalf and to hide its involvement.

So right away, AML compliance teams should revisit their policies and procedures to assure that you can catch these red flags. Policing against these transactions will require sophisticated due diligence capabilities, so confer with any due diligence screening partners you have to confirm that, yes, they can keep pace with the challenges here. 

That said, whenever I read enforcement actions about financial firms’ AML failures, the problem foremost seems to be an unwillingness to carry out policies and procedures, rather than flaws in the policies and procedures themselves. The core issue here is whether your firm has its ethical priorities straight, and is prepared to cut ties with parties close to Moscow even if that will cost your firm money.

Virtual Currency and Ransomware Risks

FinCEN also had several red flags specific to virtual currencies (known as “CVCs” in money-laundering circles, for convertible virtual currencies). We’re not likely to see the Russian central bank launder money through CVCs simply because the amounts are too large, but individual sanctioned persons might give it a try — and sanctions compliance obligations apply to virtual currencies just like traditional currencies, so financial firms can’t ignore the risk here. (Sidebar: the Biden Administration will roll out an executive order on cryptocurrency later this week. I suspect that is very much related to this.)

The red flags for money laundering in virtual currencies include:

  • A customer’s transactions are sent from or to IP addresses from untrusted sources. That includes addresses in Russia, Belarus, other sanctioned jurisdictions like North Korea, or IP addresses previously flagged as suspicious.
  • A customer’s transactions are connected to CVC addresses listed on OFAC’s Specially Designated Nationals and Blocked Persons List.
  • A customer uses a CVC exchange or foreign-located money-service business in a high-risk jurisdiction with AML deficiencies, including inadequate customer due diligence measures.

Lastly, the FinCEN bulletin warned that Russian actors might try to launch ransomware attacks under the guise of financial transactions, and you need to watch out for those threats too. (That should not be news; other regulatory agencies have already warned that ransomware attacks will be on the rise.)

That’s not a compliance issue in the strict sense of the term, but ransomware attackers use the same strategy as money launderers: they hide their identity to do something illegal. So the same due diligence procedures you use in AML compliance can be highly relevant in fighting ransomware, too. 

FinCEN identified three red flags here:

  • A customer receives virtual currency from an external wallet, and immediately launches multiple, rapid trades among multiple virtual currency exchanges with no apparent related purpose, followed by a transaction off the platform. This may be indicative of attempts to break the chain of custody on the respective blockchains or to further obfuscate the transaction.
  • A customer initiates a transfer of funds involving a CVC mixing service.
  • A customer has either direct or indirect receiving transaction exposure identified by blockchain tracing software as related to ransomware.

Yes, You Need to Report This

Lastly, FinCEN reminded everyone that when you encounter sketchy transactions, you should file a suspicious activity report. FinCEN even has a special designation for these reports:“FIN-2022-RUSSIASANCTIONS” which should go into Field 2 of the standard Suspicious Activity Report.

Firms filing an SAR need to keep a copy of the SAR itself, plus any supporting documentation, for five years. If the report involves a person on OFAC sanctions lists, then you need to send a copy to OFAC as well.

My only advice would be to take these warnings from FinCEN seriously. The reputational risk of laundering money for Putin’s cronies will be sky-high for U.S. and European financial firms, and the enforcement risk is likely to be just as high too. Every leader in the free world is foaming at the mouth to crack down on Putin’s money, and rather than go through the hard work of legislative change to seal off the global flows of dirty money, hauling banks into the spotlight is far easier. 

Leave a Comment

You must be logged in to post a comment.