The Sanction Risks for Cryptocurrency

Cryptocurrency Sanctions

By Josh Ray

In a keynote address at the Aspen Institute’s Security Forum recently, the new Chairman of the US Securities and Exchange Commission (SEC), Gary Gensler, stressed his intention to tighten federal crypto regulation and enforcement, particularly with respect to American financial sanctions.  Chairman Gensler’s remarks echo a similar sentiment expressed in the US Department of Justice’s (DOJ’s) Cryptocurrency Enforcement Framework, issued last autumn, which stated  “cryptocurrency presents a troubling new opportunity for individuals and rogue states to avoid international sanctions and to undermine traditional financial markets, thereby harms the interests of the United States and its allies.”  Likewise, in a February 2021 enforcement action against Atlanta-based digital currency payment processor BitPay Inc., the Office of Foreign Assets Control (OFAC) – America’s chief sanctions enforcer –  stated that “companies involved in providing digital currency services . . . should understand the sanctions risks . . . and take steps necessary to mitigate those ricks.  Companies that . . . process transactions using digital currency are responsible for ensuring that they do not engage in unauthorized transactions prohibited by OFAC sanctions.”   

Given these developments and Chairman Gensler’s background as a fintech/crypto professor at MIT and former Commodity Futures Trading Commission (CFTC) Chair and Goldman Sachs partner, the SEC will no doubt be continuing to work with its counterparts at OFAC and other regulators to ensure that the intended bite of US sanctions is not bypassed by those using cryptocurrencies.  This comes as the American government maintains its keen interest in employing sanctions as a key foreign policy tool, as evidenced most recently by the fresh sanctions imposed on Myanmar and Belarus.  As sanctions regimes proliferate and cryptocurrencies become ever more widely used in international financial transactions, to avoid breaching sanction requirements businesses and individuals involved with sanctioned countries or parties must be especially cautious when it comes to accepting, safeguarding or processing cryptocurrencies and cryptoassets.      

Sanctions in a Nutshell

US sanctions are created in a two-step process. First, Congress passes a statute—such as the International Emergency Economic Powers Act (IEEPA)—that broadly authorizes the president to impose sanctions through executive orders (EOs) against perceived threats to American interests. Once such an EO is issued, OFAC (which is an arm of the Treasury Department) acts at the president’s direction to draft the sanctions and determine who specifically they should target.  Because sanctions can be created and eliminated largely at each successive administration’s discretion, they are complex, subject to change, and can overlap with one another. 

Generally speaking, US sanctions act to freeze assets subject to US jurisdiction, prevent US individuals and companies from doing business with sanctioned parties, and otherwise cut off sanctioned jurisdictions and individuals from accessing US dollars and the US financial system.  There are three basic types: comprehensive, which cover entire countries (e.g., North Korea); list-based, which focus on specific people and entities; and sectoral, which affect particular industries (e.g., the sanctions that prevent Russia’s defense industry from accessing US equity and debt markets). 

Who Has to Comply? 

In theory, so-called “primary sanctions”[1] only apply to “US persons,” defined to include American citizens and permanent residents (wherever located), individuals and business entities physically located in the US (including US subsidiaries of foreign companies), and all US-incorporated entities (including their foreign branches).  But OFAC takes an aggressive view on the scope of its jurisdiction and has imposed penalties in situations where the offender has had little connection to the US.  OFAC has, for example, fined non-US companies where their only connection with the US has been indirect contact with US financial institutions (e.g., processing of US dollar payments through foreign nostro and US correspondence accounts).  

How Does Crypto Fit In? 

The bedrock of sanctions compliance has long been due diligence – policies and procedures designed to identify and screen out sanctioned customers and counterparties.  But the anonymity or pseudonymity offered by crypto makes these efforts significantly more difficult.  In other words, crypto makes US sanctions harder to comply with and enforce.  As seen in the aggressive liability theory in United States v. Griffith (20-cr-15 (SDNY)), US regulators are clearly attuned to this reality.

In that case, the DOJ charged Virgil Griffith—an American citizen working as a researcher for the non-profit Ethereum Foundation in Singapore—with conspiring to violate sanctions on North Korea; essentially for simply giving a speech at a cryptocurrency conference in Pyongyang.  The primary evidence against him appears to be two text messages he sent to colleagues; one stating, “[W]e’d love to make an Ethereum trip to the DPRK and setup an Ethereum node. . ..  It’ll help them circumvent the current sanctions on them.”; and another that speculated that the reason for North Korea’s interest in cryptocurrencies was “probably avoiding sanctions.”[2]  After twice failing to have the indictment dismissed, in July Griffith had his bail revoked at the DOJ’s request after emailing his mother for help accessing approximately $1 million in a cryptocurrency account (in purported violation of his bail conditions).  Noting that the “serious” charges carry a “possible term of imprisonment of 20 years,” the district court judge found that Griffith had overwhelming incentives to flee the country and remanded him to custody to await his trial, set to begin at the end of September.[3]

That the federal government is taking such a hard line with a seemingly small-time defendant reveals the degree to which regulators see crypto as posing a serious threat to the effectiveness of the American sanctions framework—a framework mimicked by the UK, EU, and other US allies.  By making an example of Griffith, American prosecutors likely hope that his case will serve as a strong deterrent to anyone else who may be considering how cryptocurrencies could be used as a way to evade sanctions.      

What Now? 

It remains to be seen whether the Griffith case is an aberration or the start of a new wave of criminal cases against alleged sanctions violations by way of crypto.  Whichever it is, it is a near certainty that civil regulators at the SEC and OFAC will be using their enforcement powers to more strictly police and rein in crypto investments and transactions that may contravene or improperly evade US sanctions (and it’s safe to assume that authorities in other Western countries will eventually follow suit).    

This is a material risk that all players in the cryptocurrency space must appreciate and respond to.  Those who fare best in this new enforcement environment will probably be those who proactively seek out ways to ensure that their crypto activities take all reasonable steps to stay sanction compliant, rather than wait for regulators to come calling.  

About the Author

Josh RayJosh Ray is an English solicitor and US-qualified lawyer who defends companies and individuals in complex cross-border investigations, white-collar crime prosecutions, and regulatory enforcement actions.  His practice also focuses on advising fintech and cryptocurrency firms on compliance with anti-money laundering, sanctions, and bribery regulations in the US and UK. 

References:

[1] “Secondary sanctions” apply to non-US persons, even if there is no connection between the US and the activity in question.  If a non-US person is found to have violated a secondary sanction, OFAC cannot fine them but can effectively cut them off from using the US financial system.  At present, secondary sanctions are in place only with respect to Iran, Crimea, and North Korea. 

[2] See Order Denying Motion to Dismiss, United States v. Griffith, 20-cr-15 (SDNY Jan. 27, 2021). 

[3] See Order Revoking Bail, United States v. Griffith, 20-cr-15 (SDNY Jul. 20, 2021). 

The views expressed in this article are those of the authors and do not necessarily reflect the views or policies of The World Financial Review.