InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC issues Ukraine general license and Russian FAQ
On March 18, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued General License (GL) 24, Blocking Property of Certain Persons and Prohibiting Certain Transactions With Respect to Continued Russian Efforts To Undermine the Sovereignty and Territorial Integrity of Ukraine, which authorizes certain transactions related to the provision of maritime services, provided such services are performed outside the covered regions and services are not performed on behalf of any entity located in, or organized under the laws of, the covered regions. The GL does not authorize “[a]ny new investment in the Covered Regions prohibited by E.O. 14065, unless separately authorized,” or “[a]ny transactions involving any person blocked pursuant to E.O. 14065, unless separately authorized.” OFAC also amended one Frequently Asked Question clarifying that Executive Order 14066 does not prohibit dealing in Kazakh-origin crude oil of the Caspian Pipeline Consortium.
Find continuing InfoBytes coverage on the U.S. sanctions response to Russia’s invasion of Ukraine here.
OFAC sanctions Russians, issues guidance on sanctions evasion through virtual currency, general licenses, and FAQs
On March 11, the U.S. Department of the Treasury’s Office of Foreign Assets Control issued guidance, in line with the G7 leaders' statement, to guard against possible attempts to use virtual currency to evade U.S. sanctions imposed on Russia. According to OFAC, the public guidance “further cut[s] off avenues for potential sanctions evasion by Russia” and “continues to make clear that Treasury’s expansive sanctions actions against Russia require all U.S. persons to comply with OFAC regulations, regardless of whether a transaction is denominated in traditional fiat currency or virtual currency.
Additionally, OFAC announced sanctions against Russian and Kremlin elites, and Russia’s political and national security leaders who have supported Russia’s invasion of Ukraine. As a result of the sanctions, all property and interests in property belonging to the sanctioned individuals and entities that are in the U.S. or in the possession or control of U.S. persons, and “any entities that are owned, directly or indirectly, 50 percent or more” by the targeted individuals and/or entities are blocked and must be reported to OFAC. The sanctions complement an Executive Order (E.O) issued by President Biden that imposes new import and export restrictions on Russia, including the export of U.S. banknotes to Russia. Among other things, this E.O. prohibits the importation into the U.S. of certain products of Russian Federation origin. Additionally, the E.O. bans the exportation, reexportation, sale, or supply, directly or indirectly, from the U.S., or by a U.S. person, wherever located, of U.S. dollar-denominated banknotes to the Russian government or to any person located in the Russian Federation.
OFAC also issued Russia-related General License 17 to authorize the import of existing purchases of prohibited products that are under pre-existing contract until March 25, 2022, and General License 18 and General License 19 to authorize certain activities regarding U.S. dollar-denominated banknotes as they pertain to personal remittances and U.S. persons, respectively. OFAC also issued Ukraine-related General License 23, “Blocking Property of Certain Persons and Prohibiting Certain Transactions With Respect to Continued Russian Efforts to Undermine the Sovereignty and Territorial Integrity of Ukraine,” “to authorize certain transactions that are ordinarily incident and necessary to nongovernmental organizations’ activities in the so-called Donetsk People’s Republic (DNR) or Luhansk People’s Republic (LNR) regions of Ukraine, including activities related to humanitarian projects to meet basic human needs, democracy building, education, non-commercial developments projects, and environmental and natural resource protection,” and published new Frequently Asked Questions and amended one Frequently Asked Question regarding Russia sanctions.
Find continuing InfoBytes coverage on the U.S. sanctions response to Russia’s invasion of Ukraine here.
DFPI reminds financial institutions of their sanctions compliance obligations
On March 4, the California Department of Financial Protection and Innovation (DFPI) issued guidance, in light of the evolving situation in Ukraine, to remind financial institutions of their sanctions compliance obligations under state and federal law. Licensees are reminded that they are prohibited from participating in financial transactions with individuals and entities listed on the SDN List, and encouraged to review specific, more limited sanctions that have been placed on several Russian entities. This information can be found on OFAC's website.
Additionally, licensees are strongly encouraged to immediately ensure their systems, programs, and processes comply with OFAC regulations, and review and monitor all transactions (particularly trade finance transactions and funds transfers) to identify and block transactions subject to sanctions. Licensees should also follow OFAC directions related to blocked funds.
DFPI further warned that Russia’s invasion of Ukraine increases the risk that listed individuals and entities will attempt to evade sanctions by using virtual currency transfers, and encouraged licensees to review OFAC Guidance to protect against these risks. Licensees engaged in transactions involving virtual currencies are instructed to implement policies, procedures, and processes to protect against the unique risks posed by virtual currencies and should “consider virtual currency-specific control measures including sanctions lists, geographic screening, and any other measures appropriate to the licensee’s specific risk profile.”
Additionally, DFPI cautioned that the “Russian invasion significantly elevates the cyber risk for the U.S. financial sector,” and licensees are instructed to take measures to mitigate cybersecurity threats, including adopting core cybersecurity hygiene measures, eliminating any non-essential networking protocols, ensuring procedures are able to address a ransomware attack, and reevaluating “plans to maintain essential services, protect critical data, and preserve customer confidence considering the realistic threat of extended outages.” Licensees are encouraged to track alerts from the Cybersecurity and Infrastructure Security Agency.
Licensees conducting business in Ukraine and/or Russia should also “take increased measures to monitor, inspect, and isolate traffic from Ukrainian or Russian offices and service providers,” and “segregate networks for Ukrainian or Russian offices from the global network.”
NYDFS also recently issued similar guidance for New York state regulated entities on its cybersecurity and virtual currency regulations in response to the Russian invasion and recently imposed sanctions. (Covered by a Buckley Special Alert.)
Treasury releases guidance on E.O. banning Russian imports
On March 8, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) released a General License (GL) and several Frequently Asked Questions (FAQs) following President Biden’s announcement banning the import of Russian oil, liquefied natural gas, and coal to the U.S. President Biden announced an Executive Order earlier in the week, which prohibits certain imports and new investments with respect to continued Russian federation efforts in Ukraine. (Covered by a Buckley Special Alert.) According to the announcement, the guidance is “to aid in the wind-down of deliveries of existing purchases that have already been contracted for.” GL 16, Authorizing Transactions Related to Certain Imports Prohibited by Executive Order of March 8, 2022 Prohibiting Certain Imports and New Investments With Respect to Continued Russian Federation Efforts to Undermine the Sovereignty and Territorial Integrity of Ukraine, prohibits certain imports from Russia from March 8 to April 22. The FAQs, which feature a new FAQ and several updated FAQs, provide guidance regarding the E.O.
Find continuing InfoBytes coverage on the U.S. sanctions response to Russia’s invasion of Ukraine here.
FinCEN warns financial institutions about Russian sanctions evasion
On March 7, FinCEN issued an alert advising financial institutions to be vigilant against potential attempts to evade sanctions levied against Russian individuals, banks, and other entities in response to the situation in Ukraine. FinCEN provided several examples of red flag indicators that could help identify attempted sanctions evasions, including actions by state actors and oligarchs, and reminded financial institutions of their Bank Secrecy Act (BSA) reporting obligations.
The alert stressed that all financial institutions, including those with visibility into convertible virtual currency (CVC) flows identify and promptly report associated suspicious activity, and conduct appropriate, risk-based customer due diligence or enhanced due diligence as required. This includes CVC exchangers and administrators within or outside of Russia (which are generally considered to be money services businesses under the BSA) that retain at least some access to the international financial system. FinCEN noted that “[w]hile large scale sanctions evasion using [CVC] by a government such as the Russian Federation is not necessarily practicable, CVC exchangers and administrators and other financial institutions may observe attempted or completed transactions tied to CVC wallets or other CVC activity associated with sanctioned Russian, Belarusian, and other affiliated persons.”
Financial institutions are instructed to specifically watch for (i) transactions initiated from IP addresses located in Russia, Belarus, FATF-identified jurisdictions with anti-money laundering/countering the financing of terrorism/counter-proliferation deficiencies, or other sanctioned jurisdictions; (ii) transactions connected to CVC addresses listed on OFAC’s Specially Designated Nationals and Blocked Persons List; and (iii) customers’ use of a CVC exchanger or foreign-located money service businesses in high-risk jurisdictions, including those with inadequate “know-your-customer” or customer due diligence measures. FinCEN also warned financial institutions of the dangers posed by Russian-related ransomware campaigns and encouraged financial institutions to refer to FinCEN and OFAC resources to help detect, prevent, and report potential suspicious activity.
Find continuing InfoBytes coverage on the U.S. sanctions response to Russia’s invasion of Ukraine here.
Special Alert: Latest developments in OFAC sanctions against Russia
Beginning February 21, the U.S. Department of the Treasury’s Office of Foreign Assets Control has issued significant sanctions in response to the Russian Federation’s military invasion of Ukraine and its recognition of Ukraine’s separatist regions.
Since Buckley’s last update on February 25, there have been a number of developments in the sanctions against Russia, which include:
- A prohibition on the importation into the United States of Russian crude oil and certain petroleum products, liquified natural gas, and coal
- A ban on new investment by U.S. persons in the Russian energy sector
- The imposition of asset blocking sanctions on Vladimir Putin, Sergei Lavrov, numerous oligarchs and families with ties to Putin, and Russian-backed disinformation services
- Sanctions targeting Russia’s U.S. foreign reserves by prohibiting all dealings with Russia’s Central Bank, National Wealth Fund, and Ministry of Finance
- The issuance of the Russian Harmful Foreign Activities Sanctions Regulations, which codify the prohibitions imposed under Executive Order 14024, discussed below, and include several interpretations and general licenses
- The issuance of a general license that exempts “transactions related to energy” from certain prohibitions imposed under Executive Order 14024
OFAC, DOJ measures aim for stronger compliance with Russian sanctions
On March 2, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) and the DOJ announced new measures to strengthen compliance with Russia-related sanctions in response to the situation in Ukraine. OFAC observed that in the past few days, Russia has taken measures “to use exporters to act as their agents and help them raise resources to prop up their currency and fund their priorities.” In response, OFAC reiterated that such actions taken on behalf of Russia’s Central Bank are prohibited. Newly issued and updated frequently asked questions address enhanced sanctions compliance measures and further explain recent sanctions, including prohibitions imposed pursuant to Directive 4 under Executive Order (E.O.) 14024, “Prohibitions Related to Transactions Involving the Central Bank of the Russian Federation, the National Wealth Fund of the Russian Federation, and the Ministry of Finance of the Russian Federation.” (Covered by InfoBytes here.) Additionally, the updated FAQs clarify, among other things, that energy payments can and should continue. As explained in OFAC’s announcement, General License (GL) 8A permits “U-turn transactions” so that energy payments may be processed through non-sanctioned, third-country financial institutions to allow the continuation of transactions that support the flow of energy to the market. OFAC also issued new FAQs and general licenses (see GLs 9A, 10A, 13, and 14) related to E.O. 14065, “Blocking Property of Certain Persons and Prohibiting Certain Transactions With Respect to Continued Russian Efforts to Undermine the Sovereignty and Territorial Integrity of Ukraine” to further clarify the stipulated prohibitions.
The same day, the DOJ launched Task Force KleptoCapture, “an interagency law enforcement task force dedicated to enforcing the sweeping sanctions, export restrictions, and economic countermeasures that the United States has imposed, along with allies and partners,” in order to “isolate Russia from global markets.” “The Justice Department will use all of its authorities to seize the assets of individuals and entities who violate these sanctions,” Attorney General Merrick B. Garland stated. The Task Force will be staffed with DOJ prosecutors, agents, analysts, and professional staff with expertise in sanctions and export control enforcement, anticorruption, asset forfeiture, anti-money laundering, tax enforcement, national security investigations, and foreign evidence collection. According to the announcement, the Task Force will use data analytics, cryptocurrency tracing, foreign intelligence sources, and information from financial regulators and private sector partners to investigate and prosecute violations of new and future sanctions (both those related to the Ukraine invasion as well as those imposed for prior instances of Russian aggression and corruption), and “combat[] unlawful efforts to undermine restrictions taken against Russian financial institutions,” including prosecuting persons who attempt to evade know-your-customer and anti-money laundering measures. The Task Force will also target efforts to use cryptocurrency to launder foreign corruption proceeds and sanctions evasion and “us[e] civil and criminal asset forfeiture authorities to seize assets belonging to sanctioned individuals or assets identified as the proceeds of unlawful conduct.”
OFAC targets Russian wealth, imposes sanctions on Putin and Lavrov
During February and March, as conflict continued to escalate in Ukraine, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed significant new sanctions, including most recently designations targeting numerous Russian elites and their family members for continuing to provide direct and indirect support to the Russian government through their business empires, wealth, and other resources. (See also General License 15.) The sanctions also targeted six of the individuals companies, one of Russia’s largest privately-owned aircraft, and one of the world’s largest superyachts. The actions were taken in close coordination with the EU, UK, Canada, Japan, the ROK, and Australia as part of a “transatlantic effort to further deny Russian elites the benefits of their kleptocracy” and to ensure the effective implementation of recently announced financial sanctions. An additional 26 Russia- and Ukraine-based individuals and seven Russian entities connected with the Russian government’s efforts to promulgate disinformation and influence perceptions were also sanctioned by OFAC, while the Department of State imposed substantial costs on 22 Russian defense-related firms. OFAC also released three new Russian harmful foreign activities sanctions FAQs.
OFAC also imposed significant sanctions against the Central Bank of the Russian Federation, the National Wealth Fund of the Russian Federation, and the Ministry of Finance of the Russian Federation, as well as three entities that manage one of Russia’s key sovereign wealth funds: the Russian Direct Investment Fund, its management company, and one of the managing company’s subsidiaries. Sanctions were also imposed against Russian President Vladimir Putin and Minister of Foreign Affairs Sergei Lavrov, along with directors of the Foreign Intelligence Service, the Federal Security Service and the Federal Service of National Guard Troops, the interior minister, and other top government officials (see announcements here and here). As a result of the sanctions, all property and interests in property belonging to the sanctioned individuals and entities, and “any entities that are owned, directly or indirectly, 50 percent or more” by the blocked persons that are subject to U.S. jurisdiction are blocked and must be reported to OFAC. U.S. persons are prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless exempt or authorized by a general or specific OFAC license. The Financial Industry Regulatory Authority also sent a regulatory notice alerting members of recent sanctions-related developments and advising members to continue to monitor OFAC’s website for relevant information.
OFAC also issued Directive 4 under Executive Order (E.O.) 14024, which prohibits related transactions involving the Central Bank of the Russian Federation, the National Wealth Fund of the Russian Federation, and the Ministry of Finance of the Russian Federation, unless otherwise authorized by OFAC. Entities subject to Directive 4 can be found in OFAC’s updated list of Specially Designated Nationals or on OFAC's Non-SDN Menu-Based Sanctions List. Additionally, OFAC issued Russia-related General License 8A to authorize certain energy transactions with specified entities through 12:01 a.m. eastern daylight time, June 24, 2022.
OFAC further announced that it is adding regulations to implement E.O. 14024 related to specified harmful foreign activities of the Russian government (covered by InfoBytes here). OFAC stated it plans to supplement these regulations with a more comprehensive set of regulations that may include additional interpretive guidance and definitions, general licenses, and other regulatory provisions.
Additionally, President Biden, along with leaders of the European Commission, France, Germany, Italy, the UK, and Canada, issued a joint statement imposing further restrictive economic measures to further isolate Russia from the international financial system. The leaders agreed to block certain Russian banks from accessing the SWIFT global messaging system in order to harm the banks’ ability to operate globally and announced their commitment to “restrictive measures” against the Russian Central Bank to prevent the deployment of its international reserves in a manner that undermines the impact of these sanctions. The announcement further noted that the leaders plan to launch a transatlantic task force to ensure financial sanctions are effectively implemented through the identification and freezing of assets belonging to sanctioned individuals and companies that exist within their countries’ jurisdictions. Actions will include “employing sanctions and other financial and enforcement measures on additional Russian officials and elites close to the Russian government, as well as their families, and their enablers.”
Find continuing InfoBytes coverage on the U.S. sanctions response to Russia’s invasion of Ukraine here.
OFAC sanctions Belarusians for supporting Russian invasion of Ukraine
On February 24, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against 24 Belarusian individuals and entities due to Belarus’s support for, and facilitation of, Russia’s invasion of Ukraine. The sanctions focus on Belarus’s defense sector and financial institutions, which have close ties to Russia. OFAC stressed that the “Belarusian economy is highly dependent on key Russian financial institutions and their subsidiaries” and that restrictions imposed against the Public Joint Stock Company Sberbank of Russia, VTB Bank Public Joint Stock Company, and State Corporation Bank for Development and Foreign Economic Affairs Vnesheconombank, combined with the new measures taken against Belarusian banks “target nearly one-fifth of the country’s entire financial sector.” Specifically, OFAC designated two significant state-owned banks that directly or indirectly finance or conduct activity on behalf of the Government of Belarus (GoB). “Sanctioning these two GoB-owned banks, in addition to Russia-related restrictions imposed on three other systemically important Belarusian financial institutions, means that a significant portion of the Belarusian financial sector is now subject to U.S. sanctions,” OFAC stated. As a result of the sanctions, all property and interests in property belonging to the sanctioned individuals and entities that are in the U.S. or in the possession or control of U.S. persons, and “any entities that are owned, directly or indirectly, 50 percent or more” by the blocked persons are blocked and must be reported to OFAC. U.S. persons are prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless exempt or authorized by a general or specific OFAC license.
In conjunction with the sanctions, OFAC issued numerous related directives and general licenses that provide for multiple exceptions, along with several new and updated frequently asked questions. A Buckley Special Alert provides additional details related to the evolving nature of the U.S. sanctions response to Russia’s invasion of Ukraine.
Special Alert: NYDFS guidance on cybersecurity and virtual currency responds to events in Ukraine
The New York Department of Financial Services last week issued guidance on its cybersecurity and virtual currency regulations in response to the Russian military actions in Ukraine and recently imposed sanctions. NYDFS specifically raised the specter of elevated cyber risk due to ongoing cyberattacks against Ukraine, which could spill over to other networks, as well as potential direct attacks against U.S. critical infrastructure.
Updated cybersecurity regulation guidance
NYDFS suggested that regulated entities with programs pursuant to its cybersecurity regulation (23 NYCRR 500) have the potential to mitigate increased cyber threats and should take the following steps:
- Review cybersecurity programs for compliance, with particular attention to certain safeguards and core cybersecurity hygiene measures, including access control, vulnerability management, and privileged access review
- Review, update, and test incident-response and business-continuity plans and ensure they address ransomware events
- Review and implement practices pursuant to the June 2021 Ransomware Guidance
- Re-evaluate plans to maintain essential services and protect critical data in the event of an extended outage or service disruption
- Conduct a full test of backup and recovery abilities
- Provide additional cybersecurity awareness training and reminders for all employees
NYDFS also advised that regulated entities should keep track of known threat actors and take extra precautions when doing business in Russia and Ukraine, including segregating Russian and Ukrainian networks. Regulated entities must report cybersecurity events that meet the criteria of 23 NYCRR 500.17(a) as promptly as possible and within 72 hours, and should also report cybersecurity events immediately to law enforcement, including the FBI and the Cybersecurity and Infrastructure Security Agency.
Guidance in response to recent sanctions
In the last week, the Biden administration imposed significant new sanctions targeting Russian assets, the Russian financial market, and Russian business dealings in response to Russia’s invasion of Ukraine. (See InfoBytes coverage here.) NYDFS reiterated that regulated entities should fully comply with U.S. sanctions on Russia, as well as Part 504 of its regulations regarding transaction monitoring and filtering. In order to comply with the new sanctions, NYDFS recommended that regulated entities take the following steps immediately:
- Monitor all communications from NYDFS, the U.S. Department of the Treasury, the Office of Foreign Assets Control (OFAC), and other federal agencies on a real-time basis to keep tabs on the latest developments
- Modify transaction monitoring and filtering programs as necessary to capture new sanctions as they are proposed
- Monitor all transactions, particularly trade finance transactions and funds transfers, and identify and interdict transactions prohibited by U.S. sanctions.
- Update OFAC compliance policies and procedures on a continuous basis to incorporate the recent sanctions and any new sanctions that may be imposed.
Updated virtual currency regulation guidance
NYDFS also cautioned that sanctioned entities may attempt to use virtual currency to evade sanctions. It said regulated entities must ensure they have “tailored policies, procedures, and processes to protect against the unique risks that virtual currency present” and are complying with the relevant state and federal laws, including the OFAC Sanctions Compliance Guidance for the Virtual Currency Industry and New York virtual currency regulation (23 NYCRR 200). Additionally, regulated entities should monitor the effectiveness of virtual currency-specific control measures, including sanctions lists, geographic screening, geolocation tools/IP address identification and blocking capabilities, and transaction monitoring and investigative tools, including blockchain analytics tools.
Buckley will continue to monitor the ongoing situation in Ukraine and provide updates in conjunction with significant developments.
If you have any questions regarding the NYDFS guidance or the recent Ukraine-related sanctions against Russia, please visit our Privacy, Cyber Risk & Data Security or Bank Secrecy Act/Anti-Money Laundering & Sanctions practice pages, or contact a Buckley attorney with whom you have worked in the past.