by John Barker, Ronald Lee, Soo-Mi Rhee, Tal Machnes, and Christine Choi
This is part II of a two-part post. For Part I, which outlines two OFAC advisory opinions on US sanction risks associated with cyber related activities, including virtual currency platforms, click here.
Focus on Virtual Currency Platforms
OFAC’s increased focus on cybersecurity, generally, has also put a spotlight on the sanctions risks specific to the virtual currency industry. Indeed, concurrent with the release of its September 2021 Updated Advisory, OFAC added SUEX OTC, S.R.O. (SUEX), a Russian virtual currency exchange, to the SDN List for facilitating financial transactions for ransomware actors—the first such designation of a virtual currency exchange. According to Treasury, over 40% of SUEX’s known transactions were associated with illicit actors, and the exchange facilitated transactions involving at least eight ransomware variants. In designating SUEX, Treasury observed that the virtual currency sector plays a “critical role” in sanctions compliance.[1]