On October 15, 2021, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued anticipated Sanctions Compliance Guidance for the Virtual Currency Industry and updated two related Frequently Asked Questions (FAQs 559 and 646).  OFAC has published industry-specific guidance for only a handful of other industries in the past two decades; the new guidance demonstrates the agency’s increasing focus on the virtual currency (VC) sector.  It also clarifies US sanctions compliance practices in ways that could lay a foundation for future OFAC enforcement actions.

OFAC’s guidance was announced as part of broader US government enforcement priorities to combat ransomware, money laundering, and other financial crimes in the virtual currency sector, as noted in the Department of Justice’s recent announcement of a National Cryptocurrency Enforcement Team.  The OFAC guidance was published in tandem with a Financial Crimes Enforcement Network (FinCEN) analysis of ransomware trends in suspicious activity reporting, but the guidance is directed at the VC industry in general and is not specific to ransomware.  A ransomware actor who demands VC may or may not be a target of OFAC sanctions, and sanctioned actors may engage in a wide variety of VC transactions that do not involve ransomware.  The recommended compliance practices in OFAC’s new guidance are focused on the full range of sanctions risks that arise from virtual currencies.

Continue Reading OFAC Issues Compliance Guidance for the Virtual Currency Industry

On September 21, 2021, the US Department of the Treasury’s Office of Foreign Asset Control (OFAC) issued an updated advisory on the sanctions risks of facilitating ransomware payments.  OFAC issued a prior version of its advisory on October 1, 2020. In the months since, attacks have continued and target entities in the United States, including many in sensitive industries, generating increased concern over the scale of the problem. OFAC’s updated advisory is part of the Biden administration’s ongoing efforts to address the national security and economic risks posed by such attacks. The updated advisory emphasizes that OFAC “strongly discourages” victims from making ransom payments and reemphasizes the sanctions risks of doing so, but also seeks to provide victims with greater clarity about the steps that can be taken to reduce the likelihood of a public enforcement response if a company inadvertently makes or facilitates ransom payments that may have a sanctions nexus.

Continue Reading OFAC Issues Revised Ransomware Advisory

On September 24, 2021, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued General License 14 (GL-14) and General License 15 (GL-15), authorizing certain types of humanitarian transactions involving Afghanistan that could relate to the Taliban or the Haqqani Network that would otherwise be prohibited by the Global Terrorism Sanctions Regulations (GTSR), the Foreign Terrorist Organizations Sanctions Regulations (FTOSR), or Executive Order (EO) 13224.

Both the Taliban and the Haqqani Network are designated by OFAC as Specially Designated Global Terrorists (SDGTs) pursuant to EO 13224. The Haqqani Network is also designated by the US Department of State as a Foreign Terrorist Organization (FTO) under section 219 of the Immigration and Nationality Act.  Furthermore, several of the individual members of the Taliban and the Haqqani Network are designated by OFAC as SDGTs.

These groups have recently taken control of, and appointed officials (including at least one individual designated as an SDGT) to administer, the Government of Afghanistan and its associated agencies and organizations.  As a result, there are concerns that interactions with the Government of Afghanistan could be prohibited to the extent they involve a person subject to US sanctions or expose parties to broader risks under US counter-terrorism financing laws.

Continue Reading OFAC’s New Afghanistan-Related Humanitarian Licenses: Opportunities and Challenges

On September 20, 2021, the Biden administration announced its intention to end all COVID-related geographic travel suspensions, beginning in November 2021. Travel suspensions are currently in place for Brazil, China, India, Ireland, Iran, the Schengen countries, South Africa, and the UK. In lieu of these restrictions, all travelers to the United States will be required to verify full COVID vaccination. The vaccination requirement is in addition to the current requirement that all individuals present proof of a negative COVID test as a condition of embarking on travel to the United States.

Continue Reading Travel Suspensions Ending: Vaccinations to be Required for Entry to United States

On September 9, 2021, the long-awaited recast of the EU Dual-Use Regulation (the Regulation) will enter into force. It provides for new rules on cyber-surveillance technology, the provision of technical assistance, as well as export restrictions for reasons of public security and human rights considerations. Additionally, the new Regulation provides for large project authorizations as well as two new EU General Export Authorizations.

Continue Reading Revised EU Dual-Use Regulation to Enter into Force

Like the United States and other like-minded countries, the EU regularly uses targeted financial sanctions against foreign organizations, legal entities, and individuals as a proportionate response in situations where an international disagreement or a crisis cannot effectively be resolved by conventional instruments of diplomacy, or to give weight to its demands against foreign powers.  The procedure for the adoption of financial sanctions by the EU is in principle governed by strict standards as concerns due process and the respect of the rule of the law. However, when the parties targeted by sanctions seek legal redress, they are often frustrated by the outcome.  This is illustrated by two judgments of the EU General Court in a matter involving Viktor Yanukovych, the former President of Ukraine, and his son, Oleksandr Yanukovych (see cases T-303/19 and T-302/19).

Continue Reading “Déjà vu” in EU Sanctions Policy: A Comment on Two EU General Court judgments in the Yanukovych Case

In 2015, the People’s Republic of China (PRC) enacted the first part of its comprehensive data security regime with the promulgation of the State Security Law, which provided a statutory basis for the construction of a nationwide network and information security system.  The Cybersecurity Law (CSL), which followed in 2017, addressed cybersecurity protection and introduced the concept of a “Critical Information Infrastructure Operator” (CIIO).  Subsequently, other laws, regulations, and rules have been promulgated addressing the requirements of China’s digital economy, related state security matters, and personal information privacy rights. Among those, the Data Security Law (DSL) became effective on September 1, 2021, and the Personal Information Protection Law (PIPL) will go into effect on November 1, 2021.  After subsidiary regulations and rules addressing implementation of the DSL and PIPL have entered into force, China’s new data security architecture should be largely complete.

Continue Reading China Builds Out Data Security Architecture With New Regulations on Cross Border Data Transfers

On August 20, 2021, the Biden administration issued a new Executive Order (“EO”) entitled “Blocking Property with Respect to Certain Russian Energy Export Pipelines.”  At the same time, the Treasury Department’s Office of Foreign Assets Control (“OFAC”) added five entities and 13 vessels to the List of Specially Designated Nationals and Blocked Persons (“SDN List”) under the new EO.

These developments – the latest in a series of US actions related to the Nord Stream 2 and TurkStream pipelines – suggest that the United States is attempting to strike a balance between formally opposing the Nord Stream 2 project and cooperating with major allies who favor the pipeline’s completion, such as Germany.  Importantly, the sanctions under the new EO are not as incrementally significant as they may seem: of the 18 new SDNs, all but four (two entities and two vessels) were already subject to sanctions under the Protecting Europe’s Energy Security Act of 2019 as amended (“PEESA”), which were imposed in May 2021 and were virtually identical to the new sanctions.  Rather than reflecting a more aggressive US stance in opposition to Nord Stream 2, the new EO appears to be driven primarily by legal technicalities including a limitation on the sanctions that could be imposed under PEESA.

Continue Reading A Pipeline Runs Through It: US Government Strikes Delicate Balance on Nord Stream 2 with New Executive Order, Four Sanctions Designations

On July 20, 2021, the European Commission published its long-awaited legislative package titled “Anti-money laundering and countering the financing of terrorism” as announced in the Commission’s 2020 Action Plan for a comprehensive EU policy on preventing money laundering and terrorist financing (ML/TF).

As expected, the proposals seek to harmonize the application of more detailed anti-money laundering and counter-financing of terrorism (AML/CFT) rules, by suggesting to create an EU-level AML authority, to strengthen the supervisory framework and further harmonize and detail EU AML/CFT rules, and to adapt such rules to digitalization and technological innovation. Further, in promoting higher disclosure and transparency requirements, the proposed legislation could have far-reaching consequences in relation to those transacting or using cryptocurrencies.

In this Client Alert, we provide an overview of the four Commission proposals, including the creation of a new EU AML Authority (AMLA).

For more on this subject, click here to read the full Steptoe Client Alert or contact a member of Steptoe’s Brussels team.

On August 9, 2021, the United States, United Kingdom and Canada announced further coordinated sanctions to mark one year since the allegedly fraudulent 2020 Belarusian presidential election in response to the continued undermining of democracy and human rights violations by the Lukashenko regime.  The new sanctions follow the imposition by the United States, United Kingdom, European Union and Canada, on June 21, 2021, of targeted financial sanctions against dozens of individuals and entities as well as EU sectoral-style sanctions against certain sectors of the Belarusian economy, as discussed in our June 28, 2021 blog post.

Continue Reading US, UK and Canada Announce Additional Sanctions on Belarus