InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC publishes additional guidance related to sanctioned virtual currency “mixer”
On September 13, the U.S. Treasury Department’s Office of Foreign Assets Control published new cyber-related frequently asked questions concerning transactions involving a virtual currency mixer sanctioned last month for allegedly laundering more than $7 billion in virtual currency since 2019. As previously covered by InfoBytes, the company “repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis,” and provided financial, material, or technological support for, or in support of, cyber-enabled activity contributing to a significant threat to the national security, foreign policy, or economic health or financial stability of the U.S. The FAQs outline requirements for completing virtual currency transactions without violating U.S. sanctions regulations, discuss whether OFAC reporting obligations apply to transactions involving unsolicited and nominal amounts of virtual currency, and reiterate that transactions involving identified virtual currency wallet addresses are prohibited absent a specific OFAC license. The FAQs noted that as part of the SDN List entry, OFAC included as identifiers certain virtual currency wallet addresses associated with the company as well as the company’s URL address. OFAC provided additional clarification on interactions with open-source code that does not involve a prohibited transaction with the sanctioned company.
OFAC sanctions individuals and entities connected to IRGC-QF
On September 14, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions as part of a joint action with the DOJ, Department of State, FBI, U.S. Cyber Command, National Security Agency, and Cybersecurity and Infrastructure Security Agency, against ten individuals and two entities for their roles in conducting malicious cyber acts, including ransomware activity. The individuals and entities designated are affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC), which “is known to exploit software vulnerabilities in order to carry out their ransomware activities, as well as engage in unauthorized computer access, data exfiltration, and other malicious cyber activities.” OFAC also noted that a joint cyber security advisory was published to highlight continued malicious cyber activity by advanced persistent threat actors that the authoring agencies assess are affiliated with IRGC. As a result of the sanctions, all property, and interests in property of the designated individuals and entities, “and of any entities that are owned, directly or indirectly, 50 percent or more by them, individually, or with other blocked persons, that are in the United States or in the possession or control of U.S. persons, must be blocked and reported to OFAC.” U.S. persons are generally prohibited from engaging in transactions with the designated persons. OFAC further warned that engaging in certain transactions with the individuals and entities designated today entails risk of additional sanctions.
OFAC sanctions Iranians involved in production of UAVs to Russia
On September 8, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Orders 13382 and 14024 against an Iran-based air transportation service provider, as well as three companies and one individual involved in the research, development, production, and procurement of Iranian unmanned aerial vehicles (UAVs) and UAV components. Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson reiterated that the U.S. “is committed to strictly enforcing our sanctions against both Russia and Iran and holding accountable Iran and those supporting Russia’s war of aggression against Ukraine,” and stressed that the U.S. will “not hesitate to target producers and procurers who contribute to Iran and its IRGC’s UAV program, further demonstrating [the U.S.’s] resolve to continue going after terrorist proxies that destabilize the Middle East.” The sanctions follow designations implemented by OFAC last year against members of a network of companies and individuals that provided critical support to Iran’s Islamic Revolutionary Guard Corps Qods Force’s use of UAVs (previously covered by InfoBytes here).
As a result of the sanctions, all property and interests in property belonging to the sanctioned individuals and entities subject to U.S. jurisdiction are blocked and must be reported to OFAC. U.S. persons are also generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons. Additionally, OFAC warned that “any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the individuals or entities designated today could be subject to U.S. correspondent or payable-through account sanctions.”
OFAC sanctions Iran’s MOIS over cyber activities
On September 9, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order (E.O.) 13694 against Iran’s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence for conducting malicious cyber-enabled activities targeting government and private-sector organizations and across various critical infrastructure sectors, including the U.S. and its allies. OFAC noted that in July, MOIS and the Iranian government sponsored cyber-threat actors who disrupted the Albanian government computer systems. OFAC previously flagged MOIS pursuant to E.O.s 13224, 13472, and 13553 for supporting multiple terrorist groups, as well as for commissioning serious human rights abuses against the Iranian people.
As a result of the sanctions, all property and interests in property belonging to the sanctioned targets that are in the U.S. or in the possession or control of U.S. persons, and “any entities that are owned 50 percent or more by one or more designated persons” are blocked. Additionally, U.S. persons are prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless exempt or authorized by a general or specific OFAC license. Additionally, OFAC warned that “any foreign financial institution that knowingly conducts or facilitates a significant transaction for or on behalf of the persons designated today could be subject to U.S. correspondent or payable-through account sanctions.”
Treasury issues guidance on Russian oil sales cap
On September 9, the U.S. Treasury Department announced preliminary guidance on implementing a maritime services policy and related price exception for seaborne Russian oil. As previously covered by InfoBytes, OFAC recently announced that it planned to publish preliminary guidance on implementing the price cap to provide a high-level overview of the directive, including how U.S. persons can comply in advance of formal guidance and legal implementation. According to the preliminary guidance, the policy is intended to establish a framework for Russian oil to be exported by sea under a capped price, and establish a ban on services for any shipments of seaborne Russian oil above the capped price. Objectives of the guidance include: (i) maintaining a reliable supply of seaborne Russian oil to the global market; (ii) reducing upward pressure on energy prices; and (iii) reducing the revenues the Russian Federation earns from oil after its own war of choice in Ukraine has inflated global energy prices. The policy contains an exception, which applies to “jurisdictions or actors that purchase seaborne Russian oil at or below a price cap to be established by the coalition (the “price exception”).” The policy, which relates to a broad range of services in connection with the maritime transportation of Russian Federation origin crude oil and petroleum products, will become effective December 5, 2022 for the maritime transportation of crude oil and on February 5, 2023 for the maritime transportation of petroleum products.
OFAC amends cyber-related sanctions regulations
On September 2, the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced that it is amending, and reissuing in their entirety, the Cyber-Related Sanctions Regulations. OFAC noted that this administrative action replaces regulations that were published in abbreviated form on December 31, 2015, with a more comprehensive set of regulations that includes additional interpretive and definitional guidance, general licenses, and other regulatory provisions that will provide further guidance to the public. As previously covered by InfoBytes, the regulations prohibited all transactions described in Executive Order (E.O.) 13694, including dealing in the property or interests in property, that come within the United States, of blocked persons. Among other things, under E.O. 13694, a party may be blocked if the U.S. government finds the party “to be responsible for or complicit in, or to have engaged in, directly or indirectly, cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the U.S. that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States” and that have one of the purposes or effects enumerated in the order. The sanctions became effective September 6.
Additionally, OFAC noted that “the publication of this final rule has triggered an automatic administrative update to a number of sanctions entries.” OFAC listed unique identifier numbers (UIDs) for the affected entries as part of the administrative update and provided FAQs to clarify UIDs.
OFAC issues updated Iran general license and related FAQ
On August 25, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued Iran General License (GL) M-2, “Authorizing the Exportation of Certain Graduate Level Educational Services and Software,” which authorizes accredited graduate and undergraduate degree-granting academic institutions in the U.S. to engage with Iranian students in online educational services and exploration of software through September 1, 2023, provided certain criteria are met. OFAC also published an updated FAQ related to GL M-2. Effective August 25, GL M-2 supersedes and replaces GL M-1.
OFAC issues new Russia-related general licenses
On August 19, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued Russia-related General License (GL) 38A and GL 50. GL 38A authorizes transactions related to pension payments to U.S. persons or non-U.S. persons not located in the Russian Federation that are normally prohibited by Executive Order (E.O.) 14024 “provided that the only involvement of blocked persons is the processing of funds by financial institutions blocked pursuant to E.O. 14024.” GL 50 authorizes “the closing of an account of an individual, wherever located, who is not a blocked person” held at financial institutions blocked pursuant to E.O. 14024. GL 50 also permits “the unblocking and lump sum transfer of all remaining funds and other assets in the account to the account holder, including to an account of the account holder held at a non-blocked financial institution.”
OFAC sanctions Liberian officials
On August 15, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13818 against two Liberian government officials under the Global Magnitsky Human Rights Accountability Act. According to OFAC, the sanctioned individuals are involved in ongoing public corruption in Liberia, and the sanctions are intended “to target[] perpetrators of serious human rights abuse and corruption around the world.” As a result, all property, and interests in property of the designated individuals and entities, “and of any entities that are owned, directly or indirectly, 50 percent or more by them, individually, or with other blocked persons, that are in the United States or in the possession or control of U.S. persons, must be blocked and reported to OFAC.” U.S. persons are generally prohibited from engaging in transactions with the designated persons. OFAC further warned that engaging in certain transactions with the designated individuals entails risk of sanctions.
OFAC sanctions “mixer” for laundering over $7 billion in virtual currency
On August 8, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13694 against a virtual currency mixer accused of allegedly laundering more than $7 billion in virtual currency since 2019. According to OFAC, this amount includes more than $455 million stolen by a previously sanctioned Democratic People’s Republic of Korea state-sponsored hacking group (covered by InfoBytes here). OFAC stated that the designations resulted from the company “having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, a cyber-enabled activity originating from, or directed by persons located, in whole or in substantial part, outside the United States that is reasonably likely to result in, or has materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that has the purpose or effect of causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.” Under Secretary of the Treasury for Terrorism and Financial Intelligence, Brian E. Nelson, added that the company “repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis,” and stressed that Treasury “will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them.” As previously covered by InfoBytes, in 2020, Treasury’s FinCEN penalized a bitcoin mixer $60 million for violating the Bank Secrecy Act.
As a result of the sanctions, all property and interests in property of the sanctioned entity that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC, as well as “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons.” OFAC noted that its regulations prohibit U.S. persons from participating in transactions with designated persons unless authorized by a general or specific license issued by OFAC or exempt.
Treasury further stressed that players in the virtual currency industry should take a risk-based approach for assessing risks associated with different virtual currency services, implementing measures to mitigate risks, and addressing the challenges anonymizing features can present to anti-money laundering/countering the financing of terrorism sanctions obligations. “[M]ixers should in general be considered as high-risk by virtual currency firms, which should only process transactions if they have appropriate controls in place to prevent mixers from being used to launder illicit proceeds,” Treasury said.