U.S. Treasury Issues Report On Ransomware Trends And Sanctions Compliance Guidance For Crypto Firms

October 19, 2021
As part of a “whole-of-government” effort, the U.S. Treasury's new report finds an increasing threat from ransomware attacks, while it also offers guidance to help prevent the illicit use of virtual currencies by sanctioned persons.

  • FinCEN finds a significant increase in ransomware-related filings
  • OFAC recommends virtual currency businesses apply risk-based approach to sanctions compliance

As part of a “whole-of-government” effort, the U.S. Treasury's new report finds an increasing threat from ransomware attacks, while it also offers guidance to help prevent the illicit use of virtual currencies by sanctioned persons.

The Financial Crimes Enforcement Network (FinCEN), an independent bureau of the Treasury, has published a financial trends analysis, identifying ransomware patterns and trends based on Bank Secrecy Act (BSA) data.

The report, which analysed suspicious activity reports (SARs) that financial institutions filed during the first six months of 2021, found that the average amount of reported ransomware transactions per month was approximately $100m.

This shows a significant increase compared with last year when the total value of suspicious activity reported in ransomware-related SARs for the entirety of 2020 was $416m.

FinCEN identified 68 different ransomware variants reported in SAR data for transactions and found several money laundering typologies common among ransomware variants in 2021. These included threat actors increasingly requesting payments in anonymity-enhanced cryptocurrencies, such as Monero, and avoiding reusing wallet addresses to launder the payments from each ransomware event to minimize consolidation into single wallet addresses.

They have also typically used the practice of “chain hopping,” whereby the actors convert one virtual currency into a different one before moving the funds to another service or platform, and cashing out at centralized exchanges.

To conceal or obfuscate the source or owner of a virtual currency, the actors relied on mixing services and using decentralized exchanges to convert the proceeds.

As the number of ransomware attacks increased, so did the number of ransomware payments, the Treasury said, adding that these are typically paid through virtual currencies. Therefore, it believes the virtual currency industry “plays an increasingly critical role in preventing sanctioned persons from exploiting virtual currencies.”

New Guidelines

To promote sanctions compliance in the virtual currency industry, the Treasury’s Office of Foreign Assets Control (OFAC) has issued guidance to help prevent illicit transactions by sanctioned persons.

OFAC asks virtual currency businesses to apply a risk-based approach to sanctions compliance based on a variety of factors, such as the type of business involved, its size and sophistication, products and services offered, customers and counterparties, and geographic locations served.

“All companies in the virtual currency industry, including technology companies, exchanges, administrators, miners, and wallet providers, as well as more traditional financial institutions that may have exposure to virtual currencies or their service providers, are encouraged to develop, implement, and routinely update, a tailored, risk-based sanctions compliance program,” the paper says.

The guidance states that any U.S. person that determines they hold virtual currency that is required to be blocked pursuant to OFAC’s regulations must deny all parties access to that virtual currency.

Although there are various sanctions programs, the paper reminds the industry that certain reporting and recordkeeping requirements and licensing procedures uniformly apply.

For instance, initial blocked property reports and rejected transaction reports must be filed within ten business days following the date that the property is blocked or the transaction was rejected, while annual reports on all blocked property must be filed by September 30 of each year.

Records on each transaction subject to OFAC’s regulations, including transactions processed pursuant to a license and of blocked property held, must be kept for five years after the date of the transaction.

Failure to comply with OFAC regulations would risk facing civil penalties based on a strict liability legal standard, the paper notes.

“[The] Treasury is helping to stop ransomware attacks by making it difficult for criminals to profit from their crimes, but we need partners in the private sector to help prevent this illicit activity,” Treasury deputy secretary Wally Adeyemo said.

“The private sector plays a key role by implementing appropriate sanctions and anti-money laundering/countering the financing of terrorism (AML/CFT) controls to prevent sanctioned persons and other illicit actors from exploiting virtual currencies and undermining U.S. foreign policy and national security interests,” the announcement added.

The FinCEN report was prepared pursuant to the Anti-Money Laundering Act of 2020 (AMLA), which mandates that FinCEN publish threat pattern and trend information derived from financial institutions’ SARs.

The guidance and the report are part of a government-wide effort whereby almost a dozen U.S. agencies are taking steps to fight ransomware.

Last month, the OFAC added a virtual currency exchange to its designated entities list for the first time, after the office’s investigation revealed that more than 40 percent of the exchange’s known transaction history was associated with illicit actors.

Our premium content is available to users of our services.

To view articles, please Log-in to your account, or sign up today for full access:

Opt in to hear about webinars, events, industry and product news

To find out more about Vixio, contact us today
No items found.