Years of regulatory policy and enforcement by the US Treasury Department’s Office of Foreign Assets Control (OFAC) have clarified certain elements of the United States sanctions regime: most financial transactions emanating from comprehensively sanctioned jurisdictions must be blocked. Similarly, many goods imported from such a jurisdiction must also be blocked. Avoidance of these controls, including any transaction structures designed to benefit the sanctioning party, is strictly prohibited.
Since 2018, OFAC has repeatedly indicated that its sanctions regulations apply to activities in digital assets. In practice, however, transactions involving digital assets do not always fit neatly into the existing regulatory sanctions scheme.
For example, while it is operationally simple for a crypto exchange to identify and block digital assets it has received directly from specifically designated nationals or entities in comprehensively sanctioned jurisdictions, it is less obvious what a crypto exchange should do with funds it receives indirectly through a series of wallets that are self-hosted originating from a sanctioned actor or jurisdiction. Because the transparency of the blockchain allows the compliance team to look back through numerous “hops” – or transfers between wallets – and identify exposures to sanctioned parties, the exchange’s compliance team is faced with the challenge of trying to determine whether any funding this indirect exposure to a sanctioned entity must be blocked and reported to OFAC. This is a compliance challenge that has no obvious parallel in the traditional financial sector.
Compliance of cryptoasset sanctions in practice
To better understand these challenges in practice, we will focus here on one example for analysis: Iran.
Once inside a sanctioned jurisdiction, the reason for the lack of regulatory clarity in the sanctions space becomes clear – there is a maze of legal fences to navigate. CFR Chapter V – Office of Foreign Assets Control, Department of the Treasury contains four separate sections dealing with Iran. Namely, it contains:
- Part 535—Iranian Assets Control Regulations (§§ 535.101 – 535.905)
- Part 560—Iran Transactions and Sanctions Regulations (§§ 560.101 – 560.901)
- Part 561—Iran Financial Sanctions Regulations (§§ 561.101 – 561.901)
- Part 562—Iran Sector Sanctions Regulations and Human Rights Violations (§§ 562.101 – 562.901)
Each section has specific nuances that must be considered when determining whether a particular class of transaction is permitted and what the requirements might be to block a property.
Generally speaking (and without diving into the specifics of each piece of the Iran sanctions puzzle), no property under the jurisdiction of the United States in which the Iranian government or an Iranian entity has any “interest of any nature may be transferred, paid for, exported, withdrawn, or otherwise traded except as authorized.”
Furthermore, the importation of any goods or services of Iranian origin or owned or controlled by the Government of Iran is prohibited. Likewise, the export, re-export, sale, or supply, directly or indirectly, from the United States, or by a United States person, of any goods, technology, or services to Iran or the Government of Iran is prohibited.
However, beyond just affecting goods and services, the regulations further state that:
[T]acquiring, transferring (including a transfer on the books of any issuer or its agent), disposing of, transporting, importing, exporting or withdrawing or confirming or guaranteeing the signature or otherwise dealing in any security (or evidence thereof) registered or registered on behalf of any Iranian entity is prohibited notwithstanding the fact that at any time (whether before, on or after the Effective Date) its registered or registered owner may have, or appear to have assigned, transferred or otherwise disposed of any such a value.
Finally, any transaction that is intended to avoid or avoid, causes a violation or attempts to violate any of the above prohibitions is also prohibited.
So what does this mean for crypto industry participants? Any time funds are received from an entity with an applicable connection to Iran, such funds must be blocked — frozen — and a report submitted to OFAC. These reports must be submitted annually for all blocked assets. Additionally, if an asset is “unblocked,” this status must also be reported to OFAC. Even when assets are not blocked, if a US person rejects a transaction that would violate a regulatory provision administered by OFAC, that person must also file a report.
This can be a time-consuming and operationally burdensome process. In addition to teams responsible for anti-money laundering filings (eg, SARs), a team must also be employed to file and monitor OFAC reports and to assist in ongoing financial crime risk mitigation exercises related to sanctions compliance. The question then must be asked: how much must the transaction nexus be weakened before it is determined that no Iranian entity has an interest in it, and that, therefore, asset blocking is no longer necessary
There are no easy answers here. There is no de minimis amount of sanctions exposure that OFAC has deemed acceptable; and considering the prohibition of transactions that try to avoid sanctions control, there is not necessarily a limit on the number of “jumps” that a transaction can be, in order to be considered “safe” from the perspective of compliance with sanctions.
Since digital assets cannot be individualized, there is no way to know if a transaction that passed from the Iranian stock exchange through a series of unhosted wallets was actually “clean” because one of those intermediary wallet owners himself blocked the asset and properly filed report to OFAC. We are left with a “background radiation” of sanctions contamination that constantly follows a series of wallets, as it is still not feasible to demonstrate on-chain whether or not a blocked asset report has been filed and whether funds have been appropriately frozen.
This places a huge burden on digital asset service providers, placing an implicit “tax” on any transaction with any exposure to sanctions, should all such transactions result in asset blocking. Even when the overall exposure to a penalized actor may be small, in the aggregate this may result in a significant loss to the exchange that facilitates the transaction activity and/or the underlying client whose funds may be affected. Most worryingly, this tax may be for naught, as it is quite possible that the assets were previously blocked by the intermediary owner of the wallet address.
Designing an effective sanctions compliance program
So what is the right approach? Some firms decide to freeze all assets exposed to sanctions. Others choose to assess the likelihood that the observed exposure to sanctions actually represents a benefit to the sanctioned party, or that the funds are more likely to have flowed through some other entity that would be engaged in blocking and reporting. Still others use the proximity of the punished actor as the sole driver of risk decision-making. Until we receive clear guidance from OFAC on how sanctions risk management should be undertaken in the context of digital assets, we can only rely on existing financial crime risk management and compliance best practices to guide us in the fight against global sanctions evasion. while maintaining a viable operational compliance function.
Regardless of which approach is taken, it is imperative that companies leverage blockchain analytics technology to understand the nexus of financial crime risk in the chain. Only by clearly understanding how bad actors work to undermine regulatory and policing efforts globally can companies effectively mitigate the risk of sanctions and deter potential evaders.
Get in touch to find out more about how we can support you.
Articles on US sanctions