trading with cryptocurrency

AML/Sanctions Compliance for crypto firms: why you should care

Authors

  • Darko Stefanoski

    Digital Law Leader, Financial Services, Ernst & Young AG, Switzerland

  • Orkan Sahin

    Director, Digital Law in Financial Services | EY Switzerland

4 minute read 20 Jan 2023
Related topics
Law
Digital
Blockchain
Financial services
Enterprise protection in banking

The increasing of enforcement actions against crypto firms on AML/non-Sanctions Compliance and the lessons shared by the regulators.

In brief

  • Why are authorities increasing the enforcements for non-AML/Sanctions Compliance against Crypto firms?
  • How can the Crypto firms prevent enforcements?
  • Are there repercussions for the Web 3.0?

Organizations that operate within the jurisdiction of Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) laws are usually required to establish a Compliance function and implement various controls, such as Know-Your-Client (KYC) procedures and Sanctions screening. Knowing the customers with whom the company is doing business with and making sure that they are not subject to any Sanctions regime, such as OFAC’s Sanctions, is critical to ensure that the business can adequately assess AML/CFT and Sanctions risks and prevent regulatory enforcements.

The Office of Foreign Assets Control ("OFAC") of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States1.

In the cryptocurrency/blockchain business and Web 3.0 ecosystem - understood as a “new” internet built, operated, and owned by a community of users -, this is not different. The regulatory agencies and governments expect the crypto firms and the operators in the Web 3.0 ecosystem to also comply with AML/CFT regulations2 and Sanctions regimes3, otherwise they will be subject to fines and other penalties.

In August 2022, OFAC sanctioned a cryptocurrency “mixer”4 – programmes used to increase the anonymity of crypto transactions – for its alleged use in money-laundering, and, on 11 October 2022, an agreement5 between OFAC and a crypto firm settled a fine of $24,280,829.20 due to violation of Sanctions Compliance.

Crypto firms need to ensure that the controls in place can appropriately identify and mitigate risks generated by the fast pace of the transactions and the elevated anonymity level in a global customer base, peculiar to its own business, while navigate the complex and intricate Sanctions regimes, altogether. Likewise, the community of users of Web 3.0 that advocates the benefits of a novel, more efficient and fair ways of coordinating activities across jurisdictions, need to focus on developing collective solutions to identify and inhibit bad actors from misusing the technology and enforcing penalties.

Whenever these controls are not sufficient, resulting in deficiencies, as observed in the latest OFAC’S enforcements, for instance, the crypto firm/Web 3.0 operator will be subject to a fine. Therefore, relevant to learn the valuable lessons presented by the enforcement actions on how to build a Sanctions Compliance Program and what regulators expect crypto firms to do to prevent Sanctions risk.

Along with the Compliance Program essentials predicated in the management commitment, risk assessment, internal controls, testing and auditing and training, the crypto firm is expected to6:

  • have effective internal controls in place to proceed with complete screening on customers and transactions, also focusing on a nexus to sanctioned jurisdictions, in addition to formal demonstration of understanding of Sanctions regulations, through policies and procedures;
  • have a tailored and risk-based Sanctions Compliance Program in place and additional independent audits of its Sanction’s Compliance functions;
  • conduct additional Sanctions Compliance training for all relevant staff;
  • ensure that its Sanctions Compliance service providers are aligned and compliant with the institution’s Sanctions Compliance risk; and
  • timely implement remedial measures after becoming aware of a potential Sanctions issue.

How EY can help

  • Metaverse

    The Metaverse and Web3.0 have been a disruptive force like the internet when it first came to life. How will you seize real opportunities in tomorrow’s virtual world?

    Read more

At this stage, with more repertoire and guidance available about AML/CFT and Sanctions Compliance, enforcement actions with larger penalties shall be expected. Therefore, it is advisable that financial service providers, notably, crypto firms increase their attention to the importance of building effective AML/CFT and Sanctions Compliance Programs or improving the existent ones.


Summary

The article shares inputs on the importance of crypto firms being compliant with AML/CFT and Sanctions regulations, using a recent OFAC’s enforcement as starting point.

Special thanks to Ana Carolina Brönnimann and Dominique Jaussi for their valuable contribution to this article.

About this article

Authors

  • Darko Stefanoski
    Digital Law Leader, Financial Services, Ernst & Young AG, Switzerland
  • Orkan Sahin
    Director, Digital Law in Financial Services | EY Switzerland
Related topics
Law
Digital
Blockchain
Financial services
Enterprise protection in banking

Related article

How will you seize real opportunities in tomorrow’s virtual world?

As the corporate world embraces the metaverse, it’s time to explore the potential for players in all sectors.

Wolter Jalink

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Limited, each of which is a separate legal entity. Ernst & Young Limited is a Swiss company with registered seats in Switzerland providing services to clients in Switzerland.