US Advisory on AML Blockchain Analytics and Ukraine-Related Sanctions Regulations

In April, various regulatory bodies in the US issued a number of guidance materials in relation to crypto and blockchain.

Here, Coinfirm’s Regulatory Affairs department summarises the NYSDFS’ ‘good practices’ on AML blockchain analytics, a Joint Cybersecurity Advisory by the FBI, CISA and Treasury, as well as the updated Ukraine-related sanctions regulations and lists of Russian related designated entities and individuals.

New York State Department of Financial Services – Paper on the Use of Blockchain Analytics 

The paper on Virtual Currency Guidance includes a set of ‘good practices’ examples, a more detailed list of deficiencies identified as well as case studies illustrating both. The guidance is directed at regulated virtual currency business entities, and it emphasises the importance of blockchain analytics in creating policies and procedures including customer due diligence, transaction monitoring or sanctions screening: 

Customer due diligence (CDD) or Know Your Customer (KYC): 

Blockchain analytics can be used to obtain additional identifying information of the customer, such as  

  • The party that controls a given wallet (e.g. exchange or darknet market) 
  • Location of a wallet address 
  • Numerical scores or tiered rankings to represent risk on the counterparty based on on-chain and off-chain data 

This additional identifying information should be combined with off chain obtained (e.g. customer provided) identifying information. 

Transaction monitoring of on-chain activity:

Blockchain analytics can be used to monitor transactions against applicable typologies and red flags, such as exposure to 

  • High risk or sanctioned jurisdictions
  • Mixers or tumblers 
  • Darknet markets 
  • Scams and ransomware 
  • Other illicit activity 

Sanctions screening of on-chain activity:

Blockchain analytics can be used to identify transactions involving virtual currency addresses or other indicators (e.g., originator, beneficiary, originating and beneficiary exchanges, and underlying transactional data) associated with sanctioned parties or parties located in the sanctioned jurisdictions.

Joint Cybersecurity Advisory (FBI, CISA and Treasury) 

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury) have issued a joint Cybersecurity Advisory (CSA) to highlight the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group known as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima. 

‘The U.S. government has observed North Korean cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry, including cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens (NFTs). The activity described in this advisory involves social engineering of victims using a variety of communication platforms to encourage individuals to download trojanized cryptocurrency applications on Windows or macOS operating systems. The cyber actors then use the applications to gain access to the victim’s computer, propagate malware across the victim’s network environment, and steal private keys or exploit other security gaps. These activities enable additional follow-on activities that initiate fraudulent blockchain transactions.’ 

This advisory is targeted towards stakeholders in the blockchain and crypto industry, it provides information on techniques used by these North Korean actors as well as discussion on potential mitigations. Actions that are recommended for blockchain and crypto businesses to protect themselves against exploitation are: 

  • Apply defense-in-depth security strategy
  • Implement patch management
  • Enforce credential requirements and multifactor authentication
  • Educate users on social engineering on social media and spearphishing
  • Implement email and domain mitigations such as HTML and email scanning 
  • Endpoint protection
  • Enforce application security
  • Be aware of third-party downloads
  • Create an incident response plan

OFAC- New Designations Relating to Crypto Assets 

In April 2022, OFAC has taken further action against additional Russian entities and individuals, targeting both the crypto and fiat industries. The additional players in the crypto sphere on the Specially Designated Nationals And Blocked Persons List (SDN list) are: Hydra Market, the world’s most prominent darknet market; Garantex, a virtual currency exchange; Bitriver AG and an additional 10 Russia-based subsidiaries of Bitriver AG making this a first for the Treasury in designating a virtual currency mining.

Secretary of the Treasury Janet L. Yellen stated: “Our actions send a message today to criminals that you cannot hide on the darknet or their forums, and you cannot hide in Russia or anywhere else in the world. In coordination with allies and partners, like Germany and Estonia, we will continue to disrupt these networks.”

For their involvement in attempts to evade US imposed sanctions against Russian individuals and entities supporting the Russian invasion of Ukraine, OFAC has designated Russian commercial bank Public Joint Stock Company Transkapitalbank (TKB) together with its subsidiary Joint Stock Company Investtradebank and a global network of more than 40 individuals and entities led by U.S.-designated Russian oligarch Konstantin Malofeyev, including organizations whose primary mission is to facilitate sanctions evasion for Russian entities.

Two general licenses (28 and 29) have been issued in relation to Transkapitalbank (and any entity in which TKB owns, directly, or indirectly, a 50 percent or greater interest) allowing certain transactions necessary to the wind down of transactions until 20 May 2022, respectively 20 October 2022 relating to those that are destined for or originating from Afghanistan, in support of efforts to address the humanitarian crisis. 

“Treasury can and will target those who evade, attempt to evade, or aid the evasion of U.S. sanctions against Russia, as they are helping support Putin’s brutal war of choice,” said Under Secretary for Terrorism and Financial Intelligence Brian E. Nelson. “The United States will work to ensure that the sanctions we have imposed, in close coordination with our international partners, degrade the Kremlin’s ability to project power and fund its invasion.”

Additionally, the Ukraine-/Russia Sanctions Regulations published in May 2014 are replaced by the Ukraine-Related Sanctions Regulations, 31 C.F.R. part 589, published in the Federal Register on May 2, 2022. The change introduces a more comprehensive set of regulations with additional interpretive and definitional guidance and general licenses. This change has led to the revision of several FAQs and has triggered an automatic administrative update to a number of sanctions entries.

The Importance of Blockchain AML Compliance

Blockchain AML analytics have many advantages over fiat currencies AML. As crypto assets provide a high degree of transparency and transaction security – blockchain analytics allow investors to trail fund flows all the way back on blockchain network, with information publicly visible on the blockchain, rather than siloed in the TradFi space.

Blockchain RegTech analytics and solutions are increasing being used by crypto related companies, Virtual Asset Service Providers (VASPs) as more authorities around the world impose regulations covering tax, AML/CFT compliance and source of wealth stipulations for investors exchanging funds from crypto into fiat.

Looking to stay in compliance with crypto AML regulations?

Get in contact with Coinfirm today.