by Britt Mosman, David Mortlock, Elizabeth P. Gray, J. Christopher Giancarlo, and Samuel Hall
This is Part III of a three-part post. For Part I, providing an overview of sanctions compliance issues for the cryptocurrency industry, click here. For Part II, discussing blocked coins, blocked persons, and sanctioned regions, click here.
Restricted Transactions
Still more categories of sanctions pose risks for cryptocurrency transactions. OFAC also administers various less-than-comprehensive sanctions measures that do not require blocking, but instead prohibit specific transactions with sanctions targets.[1] For example, OFAC prohibits transacting in, providing financing for, or otherwise dealing in certain debt of specified tenors, or certain equity, if that debt or equity was issued by certain persons operating in Russia’s financial sector. If a prohibited debt transaction is completed in cryptocurrency, U.S. persons involved in processing that transaction would be required to reject the transaction to avoid violating sanctions.
This issue becomes even more complicated when one considers the possibility that the mere issuance of a coin can itself be considered a debt transaction, depending on how the coin is set up. In a now-deleted guidance statement, OFAC indicated that it would view the purchase of a digital currency produced by the Venezuelan government as an “extension of credit” to the government, in part because that currency “would carry rights to receive commodities in specified quantities at a later date.”[2] OFAC specifically noted that:
A currency with these characteristics would appear to be an extension of credit to the Venezuelan government. Executive Order 13808 prohibits U.S. persons from extending or otherwise dealing in new debt with a maturity of greater than 30 days of the Government of Venezuela. U.S. persons that deal in the prospective Venezuelan digital currency may be exposed to U.S. sanctions risk.[3]
When this guidance was in effect, it was highly likely that OFAC would find most uses of the government-backed currency as a violation of Executive Order 13808’s restrictions on transactions involving debt of the Government of Venezuela with a maturity of over 30 days. Because each “token” would be deemed by OFAC an extension of credit to the Government of Venezuela, any transactions involving a token purchased from the Government of Venezuela more than 30 days prior could be deemed to “relat[e] to” the extension of illegal debt. This could be true even if the participants in the transaction were not the original purchasers of the token. Indeed, the token itself is potentially the debt instrument, and it could continue to mature from the moment it is first issued to the moment it is repurchased by the Venezuelan government. Although this guidance statement was removed when the Maduro regime issued the Petro, and OFAC subsequently prohibited all transactions and dealings in the Petro under Executive Order 13827, there is no evidence that OFAC has changed its views on this issue. Certain digital currencies could therefore implicate sanctions prohibitions and should be closely analyzed prior to their use.
Blocking and Rejecting Crypto Transactions
In general, OFAC requires U.S. persons that come into contact with a transaction involving a sanctions target to either reject the transaction (where the underlying transaction is prohibited, but there is no blockable interest) or block the transaction (where there is a blockable interest). Each requirement carries its own affirmative reporting and other obligations. For instance, OFAC regulations require U.S. persons to submit reports of rejected transactions within 10 days, including a variety of listed information about the transaction and the persons involved.[4] For any transaction that involves blocked property—i.e., property owned 50% or more by an SDN—any person that holds the property must continue to hold it, report the property to OFAC within 10 days, and then submit annual reports on the property thereafter.[5] Any further transfer of blocked property is itself a violation of the sanctions.
These obligations pose unique risks for cryptocurrency users. How do you reject a transaction on an exchange where the underlying mechanics of the exchange will not allow for reversing the flow of funds? How do you report required user-information if those involved are represented only by a wallet address? And for blocked funds, will exchanges be deemed to “hold” the blocked currency for the duration of the transfer? If so, primary responsibility for reporting will rest with the exchange and additional (problematic) requirements will be triggered. As one example, U.S. persons deemed to be holding blocked funds must place those funds into a “blocked interest-bearing account,” generally defined as:
(i) a federally-insured U.S. bank, thrift institution, or credit union, provided the funds are earning interest at rates that are commercially reasonable; or
(ii) a broker or dealer registered with the Securities and Exchange Commission under the Securities Exchange Act of 1934 (15 U.S.C. 78a et seq.)[6]
These requirements will be difficult to perform for a holder of cryptocurrencies. Fortunately, OFAC has issued some helpful guidance on this front, stating that “holders” of blocked crypto assets are “not obligated to convert the blocked digital currency into traditional fiat currency (e.g., U.S. dollars).”[7] In addition, it has provided examples of appropriate methods for blocking such property, stating:
Institutions may choose, for example, to block each digital currency wallet associated with the digital currency addresses that OFAC has identified as being associated with blocked persons, or opt to use its own wallet to consolidate wallets that contain the blocked digital currency (similar to an omnibus account) titled, for example, “Blocked SDN Digital Currency.” Each of these methods is satisfactory, so long as there is an audit trail that will allow the digital currency to be unblocked only when the legal prohibition requiring the blocking of the digital currency ceases to apply.[8]
That said, questions remain, and well-reasoned requests to OFAC for guidance, and in some circumstances specific licenses, may be required to avoid violations and to help ensure that harmful positions are not taken by OFAC in the future.
Compliance Considerations
Given the various risks discussed above, crypto sector participants should build into their technological architecture a tailored, risk-based compliance program to identify transactions with potential sanctions exposure and prevent illicit use of their products. In some cases, it may be beneficial to engage with the Treasury Department to seek authorization or guidance regarding ambiguities in the sanctions prohibitions. Some rules may even be vulnerable to APA or other types of legal challenges in U.S. courts. Overall, although there are significant sanctions-related risks for crypto sector participants, actors in this space have many options so long as they are proactive and knowledgeable about the potential risks.
To that end, we recommend, the following basic steps (at a minimum) for U.S. participants in the cryptocurrency industry:
- Develop and implement a sanctions compliance program that incorporates each of the five core elements of compliance discussed in OFAC’s Framework for OFAC Compliance Commitments:[9] (1) management commitment; (2) risk assessment; (3) internal controls; (4) testing and auditing; and (5) training;
- Screen the digital addresses, names, locations, and identifying information of all incoming and outgoing transactions. The frequency of screening will depend on the business’s risk-profile, but in our view, should generally occur at account opening and periodically thereafter. It may be prudent to conduct enhanced screening of transactions involving regions in which a high concentration of SDNs are designated;
- Identify (depending on the U.S. person’s risk profile) red flags that indicate that a blocked person may continue to have an interest in a digital asset, regardless of how many times the asset is transferred away from a known blocked address;
- Develop procedures to prevent transactions involving blocked coins, such as the Petro;
- Block transactions involving IP addresses, physical addresses, and other identifiers that appear to originate in sanctioned jurisdictions; and
- Consider the use of address-clustering software, where practicable, to identify addresses associated with blocked addresses that are not on the SDN List.
Overall, these basic steps can help ensure against inadvertent sanctions violations and mitigate against severe penalties should a violation nonetheless occur, though they should be tailored to the unique operations of anyone dealing in crypto currency. That said, we fully expect the compliance landscape to continue to change, as more restrictions and enforcement actions are made public. We encourage frequent reviews of any compliance program, with the assistance of experienced counsel, to ensure that you are maintaining best practices.
Footnotes
[1] Examples include the debt restrictions in the Russia/Ukraine sanctions, detailed in Directives 1-4, or the debt, securities, and equity restrictions in the Venezuelan sanctions included in Executive Orders 13808 and 13835.
[2] OFAC FAQ No. 551.
[3] Id.
[4] 31 CFR § 501.604.
[5] 31 CFR § 501.603.
[6] E.g. 31 CFR § 542.203 (emphasis in original).
[7] OFAC FAQ No. 646.
[8] Id.
[9] U.S. Department of the Treasury, A Framework for OFAC Compliance Commitments, May 29, 2019 available online here (PDF: 142 KB).
Britt Mosman, David Mortlock, and Elizabeth P. Gray are partners, J. Christopher Giancarlo is senior counsel, and Samuel Hall is an associate, at Willkie Farr & Gallagher LLP.
Disclaimer
The views, opinions and positions expressed within all posts are those of the authors alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the authors and any liability with regards to infringement of intellectual property rights remains with them.