On February 25, the New York State Department of Financial Services (NYDFS) issued Guidance to all individuals and entities subject to its regulation due to the rapidly evolving situation in Ukraine, following the Russian invasion and the imposition of sanctions, in particular businesses engaged in virtual currency activity. Relatedly, on March 2, Governor Hochul announced additional actions to strengthen NYDFS enforcement of sanctions against Russia, including the expedited procurement of additional blockchain analytics technology to bolster the ability to detect exposure among NYDFS-licensed virtual currency businesses to Russian individuals, banks, and other entities that the Biden administration has sanctioned, which is intended to strengthen the ability to enforce anti-money laundering and Bank Secrecy Act laws.
The NYDFS Guidance reiterates that regulated entities should fully comply with U.S. sanctions on Russia, as well as New York state and federal laws and regulations, including NYDFS virtual currency regulations set forth in 23 NYCRR 200. This Guidance provides a non-exhaustive summary of steps that regulated entities should be taking.
Guidance Regarding Virtual Currency Regulation
Consistent with other reports, the NYDFS believes the Russian invasion significantly increases the risk that virtual currency transfers may be used to evade sanctions. As a result, all regulated entities engaging in virtual currency business activity — including, but not limited to, a BitLicensee or a Limited Purpose Trust Company — must have tailored policies, procedures, and processes to protect against the unique risks that virtual currency presents, including through implementation of existing federal and NYDFS guidance related to sanctions compliance. These include, but are not limited to:
- “OFAC Sanctions Compliance Guidance for the Virtual Currency Industry” brochure; and
- New York virtual currency regulation, generally (23 NYCRR 200) and specifically, “Section 200.15 Anti-Money Laundering Program.”
NYDFS also believes regulated entities should pay special attention to the effectiveness of virtual currency-specific control measures, including, but not limited to, sanctions lists, geographic screening, and any other measures relevant to each entity’s specific risk profile.
Examples of virtual currency-specific internal controls include:
- Use of geolocation tools and IP address identification and blocking capabilities to detect and prevent potential sanctions exposure; and
- Transaction monitoring and investigative tools, including blockchain analytics tools, to identify transaction activity involving virtual currency addresses or other identifying information associated with sanctioned individuals and entities listed on the Specially Designated Nationals and Blocked Persons (SDN) List or located in sanctioned jurisdictions.
Regulated entities should have policies, procedures, and processes in place to implement necessary internal controls, with appropriate training, risk assessments, and testing and auditing against their risk profile.
Guidance Regarding Sanctions
As economic sanctions on Russian individuals, banks, and other entities have been imposed, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has been issuing orders and guidance on implementation of these sanctions. All orders and guidance on sanctions, including financial entities on the SDN List, are accessible on the U.S. Treasury’s website. In anticipation of frequent additions, the NYDFS is urging regulated entities to sign up on that site for email updates directly from the U.S. Treasury to ensure timely implementation of any further sanctions.
The Guidance reiterates that U.S. persons (including, without limitation, banks, virtual currency businesses, insurers, and other financial institutions, as well as insurance producers and third-party administrators) are prohibited from engaging in any financial transactions with persons on the SDN List, unless OFAC has authorized otherwise through licenses listed on the OFAC website or by obtaining a separate license for a particular transaction. While not on the SDN List, more limited, yet stringent, sanctions have been placed on several Russian entities with respect to their ability to raise debt and equity and/or with respect to their correspondent and payable-through accounts. The NYDFS is echoing that regulated entities must review the specific restrictions as contained on the OFAC website to ensure continued compliance.
The NYDFS also stated that regulated entities “should take the following actions immediately“:
- Monitor all communications from the NYDFS, the U.S. Treasury, OFAC, and other federal agencies on a real-time basis to stay fully updated on the latest developments;
- Modify their transaction monitoring and filtering programs to make any modifications necessary to their systems to capture the new sanctions as they are proposed and to ensure continued compliance with all applicable laws and regulations, including Part 504 of the NYDFS superintendent’s regulations;
- Monitor all transactions going through their institutions, particularly trade finance transactions and funds transfers, to identify and block transactions subject to the OFAC sanctions and follow OFAC’s direction regarding any blocked funds; and
Update their OFAC compliance policies and procedures on a continuous basis to incorporate already imposed sanctions and any new sanctions that may be imposed in the future.