UK Cryptocurrency Firms Face Increased Scrutiny Over Sanctions Compliance
Recent findings from the UK’s Office of Financial Sanctions Implementation (OFSI) indicate that a significant number of cryptocurrency firms may have underreported suspected breaches of financial sanctions, especially since August 2022. The comprehensive threat assessment published this week highlights concerning trends, particularly in relation to Russian exchanges and threats linked to North Korea.
Key Findings from the Threat Assessment
The OFSI report revealed that over 90% of crypto-related breach reports filed since January 2022 were associated with sanctions imposed on Russia. The remaining breaches were tied to sanctions against Iran. Notably, a mere 7% of all suspected breach reports to OFSI originated from cryptocurrency firms, despite the sector’s rapid growth.
Direct Exposure to Sanctioned Entities
The assessment raises alarms regarding the likelihood that UK cryptoasset firms have been exposed to the designated Russian exchange, Garantex, since its designation in May 2022. This exposure has potentially led to multiple breaches of UK financial sanctions.
Legal Implications for Non-Compliance
Legal implications for these firms can be severe, even if violations were unintentional. Konstantin Bureiko, a Counsel at the law firm Debevoise & Plimpton in London, highlighted that UK financial sanctions breaches can be enforced on a ‘strict liability’ basis. In other words, ignorance of engaging in transactions with a sanctioned crypto exchange does not constitute a valid defense.
Cooperation and Compliance Systems
Despite the strict liabilities, Bureiko noted that OFSI’s enforcement guidelines indicate that enforcement action may be less likely when a business inadvertently breaches sanctions, provided it discloses the breach and cooperates with OFSI. Additionally, having robust sanctions compliance systems in place can mitigate penalties—although, in the event of a breach, it is critical to demonstrate those compliance mechanisms were operational, even if they failed.
Emergence of Successor Organizations
The assessment warns that one or more successor organizations may have emerged following Garantex’s designation. The Treasury identified Grinex, a Kyrgyz-registered service, as a probable continuation of Garantex’s operations. Grinex serves Russian clients using similar interfaces, with projected transaction volumes exceeding $1.2 billion in stablecoin transfers by May 2025.
Best Practices for Transaction Monitoring
To minimize the risk of exposure, OFSI recommends that UK firms conduct thorough transaction history scans, ideally checking a minimum of 3 to 5 hops in the transaction pathway to uncover any indirect links to sanctioned entities. Bureiko remarked that this stipulation sets a new compliance benchmark, surpassing previous UK and US guidance.
However, he also cautioned about the practical challenges involved in conducting such in-depth transaction checks, particularly due to the different levels of attribution information available from analytics providers. While checking 3-5 transaction hops is advised, it is not a legal requirement. Yet, failure to meet this suggested standard could be viewed unfavorably if a sanctions breach is later identified.
North Korean Threats
The threat assessment emphasizes the heightened risk posed by North Korean actors. OFSI noted that UK-based crypto asset firms are likely targets of hackers and IT workers linked to North Korea, who may aim to steal or illicitly acquire funds. Noteworthy incidents include a $1.8 million loss in an April 2023 attack on Merlin Dex, and approximately $19.5 million lost during the June 2024 compromise of the Lykke exchange.
Risks from Iranian Cryptocurrency Firms
The report also highlights compliance risks associated with Iranian cryptocurrency firms. OFSI found that UK cryptoasset entities are likely facilitating transfers to Iranian firms linked to designated persons (DPs), particularly through Nobitex exchange, which is suspected of ties to the Islamic Revolutionary Guard Corps.
Sanctions Evasion Techniques
The assessment identifies various sanctions evasion techniques, such as cross-border payments that bypass traditional financial channels, mixing services that obscure transaction pathways, and peer-to-peer trading platforms that evade direct transactions with designated exchanges. Bureiko emphasizes the need for UK firms to have compliant systems that can effectively address the elevated risks stemming from transactions coming from high-risk jurisdictions, especially in light of the emergence of successor exchanges.
Inconsistencies in Reporting
The Treasury’s findings indicate that crypto asset firms exhibit inconsistent reporting practices, characterized by significant delays in identifying and reporting suspected breaches to OFSI. While firms have been obligated to report suspected breaches since August 2022, most reports have only surfaced since April 2024.
Heightened Money Laundering Risks
This sanctions warning coincides with growing concerns regarding cryptocurrency-associated money laundering risks in the UK. The National Crime Agency estimates that illicit cryptocurrency transactions connected to the UK range from $1.7 to $5.1 billion annually. Following recent assessments, the Treasury increased the cryptoasset sector’s money laundering risk rating from medium to high, attributing this shift to rapid growth and heightened exposure to high-risk jurisdictions.
Retrospective Reporting Obligations
OFSI urged firms to conduct retrospective assessments identifying any unreported historical breaches. Importantly, firms should still report any breaches discovered retrospectively, even if the identification occurs long after the fact.
Response from Grinex
In a statement to WorldECR and its sister publication Risk Journal, Grinex asserted that it is an independent platform with no affiliation to Garantex. They described claims surrounding “succession” or “rebranding” as speculative and unsubstantiated. However, they did acknowledge entering an agreement with the management of Garantex, emphasizing their commitment to complying with international sanctions regimes and not conducting business with restricted jurisdictions or sanctioned entities.
For more detailed insights, you can access the full threat assessment here.
Explore More:
Latest Bitcoin News |