FinCEN warns financial institutions of Russian sanctions evasion

The Financial Crimes Enforcement Network (FinCEN) issued guidance Monday highlighting the types of red flags banks should be looking for proactively. While the agency has yet to see widespread sanctions evasion, it warned financial institutions to remain vigilant.

In addition to Russia, the country of Belarus and some of its political leaders were hit with sanctions.

Businesses should also be aware of the recent announcement by the Department of Justice of a special task force created to ensure compliance with sanctions against Russia.

The red flags listed in the FinCEN alert highlight the government’s concern about traditional sanctions evasion vehicles—most commonly, the use of complicated corporate ownership structures, shell companies, and third parties to conceal true owners—as well as emerging threats posed by convertible virtual currency (CVC) transactions.

“[S]anctions evasion may occur through various means, including through currently unsanctioned Russian and Belarusian banks or other financial institutions that retain at least some access to the international financial system,” FinCEN said in a press release.

The U.S. Treasury Department last month sanctioned Russia’s two largest banks—Sberbank and VTB Bank—in addition to almost 90 financial institution subsidiaries around the world. The United States has also prohibited transactions with the Central Bank of Russia and issued sanctions against Russian President Vladimir Putin, his political cronies, and many oligarchs who support him.

On Tuesday, President Joe Biden announced the United States would ban imports of Russian oil and natural gas.

The wide-ranging actions aimed at punishing Russia create a lot of trip points for U.S. financial institutions seeking to avoid violating an ever-increasing list of sanctions.

FinCEN is recommending financial institutions identify and report suspicious activity regarding possible sanctions evasion, per their Bank Secrecy Act obligations.

Red flags include transactions issued by nonsanctioned banks and financial institutions within Russia and Belarus, particularly if there is a recent increase in new company formations or sudden influx of funds without any clear economic or business rationale. Another potential warning sign might be contained in nonroutine foreign exchange transactions, which might be an attempt by the Central Bank of Russia to use third parties to obfuscate its involvement.

Financial institutions must pay particular attention to sanction evasion attempts using digital assets, FinCEN said. Transactions initiated from or sent to IP addresses from nontrusted sources; locations in Russia, Belarus, jurisdictions with anti-money laundering/countering the financing of terrorism/counter proliferation deficiencies flagged by the Financial Action Task Force, or comprehensively sanctioned jurisdictions; or IP addresses previously flagged as suspicious warrant additional attention. Financial institutions should also be wary of CVC transactions connected to individuals on sanctions lists or from a CVC exchange located in a high-risk jurisdiction.

“FinCEN’s use of red flags that include the mere use of Russian-associated IP addresses or IP addresses for countries known to be thoroughfares of Russian finance indicates the government wants institutions to err on the side of reporting when it comes to Russian sanctions evasion,” said Braddock Stevenson, former deputy associate director of FinCEN’s Enforcement Division and now of counsel with the law firm Paul Hastings. “While this will likely result in the reporting of legitimate transactions, it’s clear FinCEN wants the information first and will ask questions later.”

FinCEN also warned financial institutions of an increased risk for ransomware and other cyberattacks emanating from Russia or from criminal gangs operating with the implicit support of the Russian government. Experts have warned Russia might retaliate against U.S. sanctions by launching cyberattacks against American governmental organizations, utilities, and companies.

In its alert, FinCEN offered a list of potential signs that a customer could be a victim of a ransomware attack and is attempting to pay a ransom to a cybercriminal.