Between April 5 and April 17, 2022, the US government took several steps to ratchet up economic sanctions, export controls, and other restrictive trade measures targeting Russia and Belarus.

President Biden issued a new Executive Order prohibiting US persons from engaging in new investment in Russia, and also establishing a framework through which US persons could in the future be prohibited from providing certain services to any person in Russia.

The US Treasury Department’s Office of Foreign Assets Control (OFAC) designated a darknet market and cryptocurrency exchange, several Russian banks and their subsidiaries, and a number of companies allegedly assisting the Russian military by adding them to the Specially Designated Nationals and Blocked Persons (SDN) List pursuant to Executive Orders (EOs) 14024 and 13694. OFAC also published seven new and amended general licenses, including authorizations related to the recent designations of Public Joint Stock Company Sberbank of Russia (Sberbank), Joint Stock Company Alfa-Bank (Alfa-Bank), and Public Joint Stock Company Alrosa (Alrosa).

Separately, the US Commerce Department’s Bureau of Industry and Security (BIS) announced new, stringent export controls so that all items subject to the US Export Administration Regulations, except items designated “EAR99,” require a license for export, reexport, or transfer (in country) to or in the Russian Federation and Belarus.

Continue Reading US Sanctions on Russia Continue to Grow

As of March 20, 2022, a new Executive Order (EO) prohibited certain imports, exports, the transfer of US dollar banknotes to Russia, and new investments involving certain sectors of the Russian economy.  The US Office of Foreign Assets Control (OFAC) also issued new General Licenses and Frequently Asked Question (FAQ) guidance. Additionally, the US Department of Commerce’s Bureau of Industry & Security (BIS) announced new regulations to control the export, reexport, and transfer (in country) of certain luxury goods to or within Russia and Belarus. BIS also identified numerous aircraft subject to US export controls jurisdiction that had flown to Russia without a license, and issued a reminder regarding the restrictions under General Prohibition 10 under the Export Administration Regulations (EAR) of servicing such aircraft.

Key points of these US sanctions developments and export controls are summarized below.

For a summary of US sanctions and export controls adopted between February 21 and March 8, 2022, see this Steptoe blog post.

Continue Reading Update: New US Sanctions on Russia Target Certain Imports, Exports, Dollar Banknotes, and Investments

On March 7, 2022, the Financial Crimes Enforcement Network (FinCEN) of the US Department of the Treasury published guidance (Guidance) for US financial institutions warning about: (1) efforts of foreign actors to evade expanding US economic sanctions and trade restrictions related to the Russian Federation and Belarus and (2) increased risk of malicious cyber-attacks and related ransomware campaigns, following the invasion of and continued military action in Ukraine.  The Guidance provides instructive red flags and related advice for all US financial institutions to evaluate, and provides information of particular relevance for Money Services Businesses (MSBs) and other FinCEN-regulated institutions undertaking transactions in what the agency calls “convertible virtual currency” (CVC).

Most notably, FinCEN strongly encourages US financial institutions that have information about CVC flows, including exchangers or administrators of CVC to: (1) be mindful of efforts to evade expanded US sanctions and export controls related to Russia and Belarus, summarized by Steptoe here; (2) submit Suspicious Activity Reports (SARs) as soon as possible regarding such conduct; (3) undertake appropriate risk-based due diligence of customers, and where required, enhanced due diligence; (4) voluntarily share information with other financial institutions consistent with Section 314(b) of the USA PATRIOT Act; and (5) consider using tools to identify assets that must be blocked or frozen under applicable sanctions.

Continue Reading What US Financial Institutions Need to Know about FinCEN’s Russian Sanctions Evasion and Ransomware Guidance

The United States government has continued to impose numerous economic sanctions and export controls measures following Russia’s invasion of Ukraine.  On February 24, 2022, the US Commerce Department’s Bureau of Industry and Security (BIS) significantly expanded export controls applicable to Russia.  On February 25, 2022, the US Treasury Department’s Office of Foreign Assets Control (OFAC) added Russian President Vladimir Putin and others to the Specially Designated Nationals (SDN) List.  It also imposed significant economic sanctions measures targeting Russia’s financial system — including by imposing sanctions on Russia’s largest financial institutions and limiting the ability of certain Russian state-owned and private entities to raise capital.  Together, OFAC’s actions, which were taken pursuant to Executive Order (EO) 14024 following Russia’s invasion of Ukraine, are estimated to affect nearly 80 percent of all banking assets in Russia.

Finally, on February 26, 2022, the United States and European Union countries, together with the United Kingdom and Canada, announced an agreement to block certain Russian banks from access to SWIFT (with Japan also agreeing the following day), to impose sanctions on Russia’s Central Bank, and to limit the ability of certain Russian nationals connected to the Russian government to obtain citizenship in their countries. They further agreed to ensure effective transatlantic coordination in implementing sanctions, including by sanctioning additional Russian entities and persons, and by working together and with other governments around the world to identify and freeze sanctioned Russian assets.

Continue Reading Biden Administration Imposes Sweeping Financial Sanctions, Export Controls after Russian Invasion of Ukraine

On December 22, 2021, the US Treasury Department’s Office of Foreign Assets Control (OFAC) issued three general licenses (GLs) to authorize additional activities involving the Taliban and the Haqqani Network in Afghanistan that would otherwise be prohibited under the Global Terrorism Sanctions Regulations, 31 CFR part 594 (GTSR), the Foreign Terrorist Organizations Sanctions Regulations, 31

On December 7, 2021, the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN), published a proposed rule to implement the Corporate Transparency Act (CTA), which was enacted as part of the Anti-Money Laundering Act of 2020 within the National Defense Authorization Act for Fiscal Year 2021.  The proposed rule is intended to implement the CTA’s beneficial ownership reporting provisions, but does not yet have the force and effect of law. In short, the proposed rule would require certain business organizations and entities to report affirmatively information to FinCEN about the beneficial owners and controllers of such organizations and the individuals who have filed an application with state or tribal authorities to form the entity or register it to do business.  Below we summarize a number of the proposed rule’s key provisions, for which interested persons may submit public comments before February 7, 2022.

Continue Reading FinCEN Issues Proposed Rule on Reporting of Corporate Ownership

On October 28, 2021, the House Rules Committee released the latest version of HR 5376, the Build Back Better Act. This draft reflects the most recent attempt to forge compromise among Democratic lawmakers, as Congress moves towards a vote on a comprehensive infrastructure bill. Section 138152 of the Build Back Better Act (the Act) would

On December 11, 2020, the US Treasury Department’s Office of Foreign Assets Control (OFAC) issued a much-anticipated report under Section 5(b) of the Hong Kong Autonomy Act (HKAA) that—to the relief of non-US financial institutions, including those in Hong Kong—stated the Treasury Department had not identified any foreign financial institution (FFI) at risk of secondary sanctions under the HKAA at this time.

Background

Under Section 5(b) of the HKAA, Congress directed the Treasury Department to identify any FFI that knowingly conducted a significant transaction with a person identified by the State Department in a report under Section 5(a) of the HKAA. The State Department issued its report on October 14, 2020, identifying ten individuals, including Hong Kong’s Chief Executive and other prominent government officials.

(For more information about the HKAA and the State Department’s Section 5(a) report, see our blog post of October 15, 2020, “Update: Hong Kong Financial Institutions Face US Secondary Sanctions after State Department Issues First Report under Hong Kong Autonomy Act.”)

Under the HKAA, FFIs identified in a Section 5(b) report could be subject to a “menu” of ten secondary sanctions described in Section 7 of the HKAA. Those sanctions would become mandatory after one year of the report’s issuance.

Continue Reading Financial Institutions Spared, for Now, from Secondary Sanctions after Treasury Department Issues ‘Null Report’ Under Section 5(b) of the Hong Kong Autonomy Act

On October 1, 2020, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN) published advisories on the sanctions and anti-money laundering (AML) risks of facilitating ransomware payments.

Ransomware attacks have become increasingly common in recent years with malicious attacks targeting companies in a variety of industries, including healthcare, technology, and education, among others.  Ransomware attacks typically involve a hacker breaching a company’s information technology (IT) infrastructure and encrypting a company’s data or other systems. The attacker then typically demands the victim pay a ransom in exchange for a decryption key that allows the victim to unlock the IT systems or data.  Such attacks can have severe consequences for the victim, often preventing the victim from being able to conduct business operations in whole or in part, and, in the case of healthcare companies such as hospitals, can potentially lead to loss of life, as reportedly occurred recently with a ransomware attack on a hospital in Germany.  Such inability to conduct business can also have ripple effects on other companies or individuals whose data is affected.  In some instances, an attacker may also threaten to disclose private information or data unless the ransom is paid.

As a result, victims of ransomware attacks often choose to pay the ransom.  However, because ransomware attackers rarely, if ever, identify themselves, and often demand payment in cryptocurrency, victims making such payments are generally forced to do so without a clear understanding of the recipient.  Such conduct potentially exposes the victim, and third party service providers (including financial institutions and incident response consultants, among others), to violations of and obligations under US sanctions and/or AML laws.

The OFAC and FinCEN advisories provide information to the public regarding the sanctions and AML risks to victims and third party service providers, including US financial institutions, who assist victims in responding to ransomware attacks.  While in many respects the guidance does not break new regulatory ground, it is a stark reminder of the way that those trying to deal with the consequences of a ransomware attack can find themselves in trouble with the US government.  This puts victims and companies that assist them in a difficult conundrum: don’t pay the ransom and potentially watch the victim company’s business get destroyed, or pay the ransom and run the risk of violating US sanctions and AML laws.  It is therefore imperative that victim companies and those in the business of facilitating ransom payments carefully consider the legal risks and evaluate potential ways to avoid or minimize them.

Continue Reading Five Key Takeaways from OFAC and FinCEN’s Ransomware Advisories