US Treasury: Russia may Bypass Sanctions Using Ransomware Payments
The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) warned U.S. financial institutions this week to keep an eye out for attempts to evade sanctions and US-imposed restrictions following Russia’s invasion of Ukraine.
Although unlikely, FinCEN added that convertible virtual currency (CVC) — the term used by U.S. Treasury to describe unregulated digital currency like cryptocurrency — exchanges and other financial institutions may still observe transactions linked to crypto wallets associated with sanctioned Russian, Belarusian, and affiliated individuals.
In such cases, FinCEN said [PDF] that it’s critical to “identify and quickly report suspicious activity associated with potential sanctions evasion, and conduct appropriate risk-based customer due diligence or, where required, enhanced due diligence.”
“In addition, FinCEN reminds financial institutions of the dangers posed by Russian-related ransomware campaigns,” the Treasury Department added.
FinCEN also provided examples of red flags that would help identify suspicious activity that may be linked to sanctions evasion and reminded financial institutions of their duty to report such events under the Bank Secrecy Act.
Out of the list of all red flags included in the alert, the following three specifically relate to potential money laundering of payments from ransomware attacks and other cybercrime activity:
- A customer receives CVC from an external wallet and immediately initiates multiple, rapid trades among multiple CVCs with no apparent related purpose, followed by a transaction off the platform. This may indicate attempts to break the chain of custody on the respective blockchains or further obfuscate the transaction.
- A customer initiates a transfer of funds involving a CVC mixing service.
- A customer has direct or indirect transaction exposure identified by blockchain tracing software as related to ransomware.
FinCEN’s alert and guidance come after U.S. Senators asked the Treasury regarding the potential use of cryptocurrency to evade sanctions, and its plans to issue and enforce sanctions-compliance guidance for cryptocurrency industry organizations.
President Joe Biden also issued an Executive Order on Wednesday regarding the use of digital assets to bypass sanctions imposed by the United States and foreign governments.
“In the face of mounting economic pressure on Russia, it is vitally important for U.S. financial institutions to be vigilant about potential Russian sanctions evasion, including by both state actors and oligarchs,” said FinCEN Acting Director Him Das.
“Although we have not seen widespread evasion of our sanctions using methods such as cryptocurrency, prompt reporting of suspicious activity contributes to our national security and our efforts to support Ukraine and its people.”
In September, the U.S. Treasury announced its first-ever sanctions against a cryptocurrency exchange for facilitating ransom transactions linked to ransomware gangs and helping them evade sanctions.
One month after, a FinCEN Financial Trend Analysis identified approximately $5.2 billion worth of outgoing BTC transactions likely tied to the top 10 most commonly reported ransomware variants, the vast majority of them linked to cybercrime groups based in Russia.
Publicly disclosed ransomware payments reached almost $500 million worth of cryptocurrency globally during the last two years. $400 million represent ransoms paid in 2020 and over $80 million in Q1 2021).
Governments worldwide also announced that they would crackdown on cryptocurrency payment channels used by ransomware gangs following virtual Counter-Ransomware Initiative meetings between officials from 31 countries and the European Union.