In the statement the UK financial regulatory authorities reiterate that all UK financial services firms, including the cryptoasset sector, are expected to play their part in ensuring that sanctions are complied with.
The FCA refers to a letter that has already been sent to registered cryptoasset firms and those holding temporary registration status highlighting the application of sanctions on various entities and individuals. The FCA also reminds firms that financial sanctions’ regulations do not differentiate between cryptoassets and other forms of assets. The use of cryptoassets to circumvent economic sanctions is a criminal offence under the Money Laundering Regulations 2017 and regulations made under the Sanctions and Anti-Money Laundering Act 2018.
The joint statement also sets out steps to reduce the risk of sanctions evasion via cryptoassets. These steps cover controls to identify customers and monitor their transactions under the Money Laundering Regulations 2017 (MLRs 2017). It also covers red flag indicators that suggest an increased risk of sanctions evasion.
In terms of controls developed under the MLRs 2017 the joint statement mentions that firms will need to implement additional sanctions specific controls as appropriate including:
- Updating business-wide and customer risk assessments to account for changes in the nature and type of sanctions measures.
- Ensuring that customer onboarding and due diligence processes identify customers who make use of corporate vehicles to obscure ownership or source of funds.
- Ensuring that customers and their transactions are screened against relevant updated sanctions lists and that effective re-screening is in place to identify activity that may indicate sanctions breaches.
- Identifying activity that is not in line with the customer profile or is otherwise suspicious and ensuring that these are reported quickly to the nominated officer for timely consideration.
- Where blockchain analytics solutions are deployed, ensuring that compliance teams understand how these capabilities can be best used to identify transactions linked to higher risk wallet addresses.
- Engage with public-private partnerships and private-private partnerships to gather insights on the latest typologies and additional controls that might be relevant and share their own best practice examples.
In terms of red flag indicators, these include:
- A customer who is resident in or conducting transactions to or from a jurisdiction which is subject to sanctions, or which is on the UK’s High Risk Third Countries list for anti-money laundering and counter-terrorist financing purposes, or any jurisdiction a firm has identified as posing an increased risk of illicit financial activity.
- Transactions to or from a wallet address associated with a sanctioned entity, or a wallet address otherwise deemed to be high-risk, based on its transaction history or that of associated addresses, or other factors.
- Transactions involving a cryptoasset exchange or custodian wallet provider known to have poor customer due diligence procedures or which is otherwise deemed high-risk.
- The use of tools designed to obfuscate the location of the customer (for example, an IP address associated with a virtual private network or proxy) or the source of cryptoassets (for example, mixers and tumblers).
- Other red flag indicators that are normally associated with money laundering more broadly. In both situations, the aim of the illicit actor is to make an illegal transaction seem legitimate.
The FCA adds that flag indicators should be considered in context. What may appear innocent in isolation may be indicative of sanctions evasion when considered alongside other red flag indicators or contextual information.