The United States Department of the Treasury is continuing to focus its sanctions efforts on those with ties to Russia as part of its continuing efforts to limit the Kremlin’s resources in wake of the ongoing military conflict in Ukraine. In addition to increasing sanctions on Russian oligarchs, which was previously chronicled by Global RADAR, the U.S. is also taking on Russian hackers that are grossly misusing cryptocurrencies to fund their illicit schemes, with the main strategy for the Treasury appearing to be targeting various cryptocurrency exchanges themselves. Over the past few months, the United States has been hitting Russian elites and organizations with unprecedented sanctions and have aimed at closing unorthodox avenues being utilized for moving money into and out of Russia (i.e. through hedge funds, private equity firms, and investment advisers) as part of an effort by targeted individuals to work around novel U.S. sanctions. “… [W]e know that many Russian oligarchs and elites are attempting to evade sanctions, and we are working tirelessly to prevent sanctions evaders from exploiting financial loopholes to hide and move their wealth,”¹ said Brian Nelson, the Treasury’s under secretary for terrorism and financial intelligence, in a May 25 speech made at an anti-money laundering (AML) conference. Thus far the U.S. government seems to be taking this issue very seriously. The Treasury views sanctions evasion and illicit financing as a national security issue, and has been working with the European Union to increase penalties for all parties involved in the process.

            And despite the Office of Foreign Assets Control (OFAC) not making any major changes to its regulatory requirements over recent weeks, the pressure on banks and other financial institutions to identify and report suspicious activity in this regard is arguably higher than ever before. A positive development has been the increasing prevalence of investment firms both wanting and asking “for detailed information about who the beneficial owners are of the parties with whom they engage. We need to know who you actually are, or we can’t do business with you,” said Daniel Goren, partner at law firm Wiggin and Dana who specializes in international trade compliance. “It’s risk analysis on steroids.”¹ In addition to closing several aforementioned loopholes available for Russian oligarchs to move sanctioned funds, the Treasury Department has also set its sights on cyber criminals—particularly those with ties to Russia. The U.S. government has noticed an uptick in the use of ransomware as a primary tactic for making off with difficult-to-trace funds, with this process involving the pilfering of personal or commercial business information and then extorting the victim in a “digital ransom” which can later be converted into cash. The sanctions implemented in recent months have hit cryptocurrency services that are willing to support shady business practices. In 2021, the Treasury sanctioned at least three Russia-based crypto exchanges that hackers had used to launder their money. These moves seem to have been quite effective. “Sanctions have been catastrophic to their business, severely damaging their operations,” said Jackie Koven, head of cyber threat intelligence at Chainalysis Inc., which analyzes cryptocurrency blockchains, when speaking on these recent sanctions expansions.²

            The list of currency exchanges that are off-limits to U.S. businesses is quickly increasing as the Treasury Department aims to identify more nefarious activity. Not all of these crypto exchanges have Russian ties however. One recently banned exchange involved $20.5 million in stolen crypto sent by North Korean hackers in an attempt to launder their funds. Andrea Gacki, director of OFAC, said her team has sanctioned over 300 virtual-currency addresses, barring all U.S. companies from doing business with them. “And we will continue to expose more,” Gacki said, speaking at a Chainalysis blockchain conference last month.² Not all developments have been positive in this regard however, as new sanctions have also created new headaches for U.S. financial institutions aiming to maintain sanctions compliance, as well as organizations who have been, or are at risk of being hacked (as payment of ransom to be freed from ransomware exploits can technically be viewed as violation of sanctions dependent on parties involved). This has in turn led to the initiation of new compliance protocols among third-parties such as insurers to avoid potential missteps.² Clearly the Treasury’s moves have aimed at hindering the financial infrastructure behind ransomware attacks, yet in spite of these ramped-up efforts, little effect has been had on the gross number of cyberattacks seen abroad since late February. This is due in large part to these bad actors frequently altering their tactics, with the Wall Street Journal reporting that some hacker groups are “increasingly working in smaller cells, rotating malware variants or employing different crypto tools to conceal their identities” and continuing to draw payments.²

            Tangible change looks to be on the horizon to provide an improved national approach to countering ransomware/malware efforts however, as a recently approved law now requires many critical-infrastructure companies to report instances where they were hacked to the Department of Homeland Security, which should provide the Treasury with much-needed data to identify additional targets. Until more data is available however, financial institutions should continue to pay close attention to updates to OFAC sanctions lists as it appears likely that there will be more and more individuals, businesses, and currency exchanges added to these lists moving forward.

Citations

1. Nicodemus, Aaron. “Treasury Considering Rule to Address AML ‘Loopholes’ in Private Investment.” Compliance Week, 7 June 2022. 
2. Uberti, David. “Sanctions Take Toll on Laundering Tools Used by Ransomware Gangs.” The Wall Street Journal, Dow Jones & Company, 7 June 2022.