The United States, the United Kingdom, and European Union have led a broad international coalition imposing a sweeping and unprecedented range of economic and financial sanctions against Russia and Belarus in response to Russia’s ongoing invasion of Ukraine. Experts and U.S. legislators warn that sanctioned Russian actors and their affiliates may turn to convertible virtual currencies (CVCs) in an attempt to evade these sanctions, protect their assets, and restore their ability to transact internationally.1
- While it is unlikely that the Russian government will turn to well-established virtual currencies to evade sanctions on a large scale, Russia is expected to loosen regulatory requirements on CVCs to facilitate cryptocurrency transfers by private-sector actors, potentially including sanctioned persons, other illicit actors, and their networks and facilitators.
- At the same time, Russia is expected to expedite the development of its central bank digital currency (CBDC), the so-called digital ruble, which it hopes to use to trade directly with other countries.
- Russian state actors may also use CVCs to fund intelligence operations abroad and to accelerate cyberattacks against Western targets, including ransomware attacks and hacks targeting CVC exchanges.
- In response to these developments, the United States and its allies have called on financial institutions (FIs) and virtual asset service providers (VASPs) to be vigilant against efforts to evade sanctions and other restrictions through the use of virtual currencies and CVC-anonymizing tools.
- FIs and VASPs should be aware of red flags for potential sanctions evasion activity, apply enhanced scrutiny to CVC transactions associated with Russian and Belarusian customers and wallets, and expect additional sanctions on Russian CVC mining operations and the Russian VASP market.
Since 2020, the Russian government has progressively eased regulatory restrictions on CVCs and VASPs, reversing early moves to ban CVCs entirely and instead reclassifying them as foreign currency and permitting and taxing their use—even in the face of warnings from the Bank of Russia that digital currencies pose a threat to financial stability.2
- If this trend continues in the face of recent sanctions and other restrictive measures, Russian oligarchs, government and military officials, and individuals active in the energy and finance sectors may turn increasingly to Russian-based VASPs and other third-party entities in an effort to evade sanctions, protect their assets, and restore their ability to transact internationally.3
- Specifically, Russian actors may seek to use CVC transactions as a partial substitute for traditional cross-border payment channels, as well as to convert assets that may be subject to freezing or seizure into CVC. At the same time, major CVC exchanges have seen an increase in CVC transactions by non-sanctioned Russian individuals in the face of the ruble’s collapse.4
- Russia is home to several VASPs with weak or non-existing anti-money laundering (AML)/combating the financing of terrorism (CFT) controls, which have been known to be used by criminal groups to launder illicit funds from darknet markets, scams, fraud, and ransomware attacks. Primarily concentrated in Moscow, these VASPs received nearly $700 million worth of virtual currency from addresses associated with criminal activity between 2019 to 2021.5
- However, the CVC market in Russia remains relatively immature, and Russian businesses have been slow to adopt CVCs in the face of uncertainty surrounding Russia’s approach to regulating the CVC industry. Given the magnitude of the recent sanctions, industry analysts and the Biden Administration have stated that CVC transactions are unlikely to serve as an effective replacement for traditional financial channels at scale.6
Russia has long prioritized blockchain technology as an economic and national security goal, stating as early as 2020 that a digital ruble would diminish the dependence of the Russian economy on the U.S. dollar and help mitigate the impact of foreign sanctions.7 Faced with sweeping new restrictions, Russia is expected to expedite the development of the digital ruble as an alternative to the U.S. dollar and a means of evading sanctions that now span most of the world’s leading economies.
- On February 15, 2022, the Bank of Russia announced the successful integration of three banks into the digital ruble pilot platform.8 Customers from two integrated banks also created digital ruble wallets using their mobile phones, converted rubles from their bank accounts into digital rubles, and conducted transactions.
- The Bank of Russia is expected to continue testing and refining the digital ruble platform in the coming months, including by expanding digital ruble access to additional users, testing the digital ruble as payment for goods and services, implementing smart contracts, and interacting with the Russian Federal Treasury.
- The acceleration of the digital ruble could complement Russian plans to expand its alternative international payments network—the System for Transfer of Financial Messages (SPFS)—following the removal of several Russian banks from the Society for Worldwide Interbank Financial Telecommunications (SWIFT) network.9
- However, analysts note that Russia’s so-called “SWIFT analogue” suffers from limited operating hours, size constraints, and a lack of international connectivity beyond Central Asia, making it unlikely to function as a full-scale SWIFT replacement.10
In the current environment, the Russian government is increasingly likely to view CVCs as a critical tool for funding intelligence operations abroad and conducting cyberattacks against Western targets. While these attacks often may be punitive in nature rather than a sanction-evasion strategy, the inherent features of CVCs make such operations potentially devastating to U.S. critical infrastructure, including financial institutions.
- Several ransomware groups have been known to have connections to Russia’s Foreign Intelligence Service (SVR) and its Federal Security Service (FSB). It is likely that the Russian government will form closer ties with Russia-based ransomware groups to mount targeted cyberattacks against critical infrastructure in the U.S. and its allies.
- On February 27, 2022, an anonymous individual leaked a year’s worth of internal communications between members of Conti, a Russia-based ransomware group.11 The leak occurred two days after the group threatened to launch cyberattacks on the critical infrastructure of any country that retaliated against Russia’s invasion of Ukraine. According to cybersecurity specialists, chat logs suggested that the group took direct orders from the FSB.12
The United States is taking an aggressive and proactive approach against the use of CVCs and VASPs to circumvent sanctions, aligning with previous U.S. government actions against individuals and entities engaged in illicit CVC and VASP activity.
- On March 2, 2022, The U.S. Justice Department announced the launch of Task Force KleptoCapture, an interagency law enforcement force dedicated to enforcing the sanctions, export restrictions, and economic countermeasures imposed on Russia and Belarus.13 The mission of Task Force KleptoCapture includes investigating and prosecuting violations of new and future sanctions, combating unlawful efforts to undermine restrictions against Russian financial institutions, targeting efforts to use CVCs to evade sanctions or launder proceeds from corruption, and using civil and criminal asset forfeiture authorities to seize assets belongings to sanctioned persons.
- This effort complements the U.S. government’s ongoing campaign to target Russia-backed ransomware actors and operational infrastructure, including the Office of Foreign Asset Control’s (OFAC’s) September 2021 designation of a Russian virtual currency exchange and its November 2021 designation of a second Russian CVC exchange and its support network for facilitating transactions for ransomware actors.14
Key Considerations for the Private Sector
- VASPs and FIs serving VASP customers should be on guard for the use of CVCs and CVC-anonymizing tools by sanctioned persons and their networks for facilitators to evade sanctions and protect their assets internationally.
- Established CVC exchanges have already taken steps to block CVC wallets with potential links to Russian sanctions targets, with Coinbase blocking 25,000 CVC wallet addresses related to Russian individuals or entities it believes to be engaging in illicit activity.15
- VASPs may observe attempted or completed transactions tied to CVC wallets or other CVC activity associated with Russian, Belarusian, and other affiliated persons, and should scrutinize customers and transactions for the following red flags:16
- Transactions initiated from or sent to Internet Protocol (IP) addresses previously flagged as suspicious and those from non-trusted sources or locations in Russia, Belarus, comprehensively sanctioned jurisdictions, and countries with weak AML/CFT regimes;
- Transactions connected to CVC addresses listed on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List); and
- Customers using a VASP or foreign money services business in a jurisdiction with AML/CFT deficiencies.
- FIs and VASPs should also be alert to the dangers posed by transactions made in connection with a Russian-related ransomware campaign, and should scrutinize customers and transactions for the following red flags:17
- Customers receiving CVCs from an external wallet and immediately initiating multiple, rapid trades among multiple VASPs with no apparent related purpose, followed by a transaction off the platform;
- Customers initiating a transfer of funds involving a CVC mixing service; and
- Customers either directly or indirectly receiving transaction exposure identified by blockchain tracing software as related to ransomware.
- More generally, FIs and VASPs should review their sanctions compliance programs to ensure that risks associated with illicit CVC activity, including the use of CVCs to evade sanctions, are fully integrated into their policies, procedures, and controls.
- FIs should apply enhanced scrutiny to relationships with VASPs in jurisdictions with weak or undeveloped AML/CFT regimes and ensure that all VASP customers comply with international standards for due diligence and payment transparency.
- VASPs should conduct annual risk assessments to determine their sanctions exposure risk and identify steps to take to minimize their risk. Risk assessments should reflect a VASP’s customer base, products, services, supply chain, counterparties, transactions, geographic locations, and the AML/CFT and sanctions controls of any relevant counterparties or customers.
- VASPs that provide crypto-to-fiat conversion and nesting services to smaller exchanges should reassess their controls in light of evolving sanctions evasion risks. VASPs should request and review documents supporting and confirming that nested services have implemented an effective sanctions compliance program, monitor the transaction activity of such services, and request any information related to suspicious activity found on their accounts.
- FIs and VASPs should also ensure that they have the tools to understand the sanctions and other potential illicit finance risks associated with counterparty wallet addresses, going beyond simply screening wallet addresses against the OFAC SDN List. FIs and VASPs should consider implementing CVC transaction monitoring solutions that offer real-time monitoring and flagging of suspicious transactions, including transactions with potential exposure to sanctions.
Endnotes
1 Flitter, Emily, and David Yaffe-Bellany. 2022. “Russia Could Use Cryptocurrency to Blunt the Force of U.S. Sanctions.” The New York Times. February 23, 2022, https://www.nytimes.com/2022/02/23/business/russia-sanctions-cryptocurrency.html.
2 Baydakova, Anna, and Tracy Wang. 2022. “Russia to Regulate Crypto, Dispelling Fears of
Ban.” Coindesk. February 9, 2022. https://www.coindesk.com/policy/2022/02/09/russia-to-license-crypto-exchanges-tax-large-transactions/. See also (Baydakova and Gkritsi, Bank of Russia Calls for Full Ban on Crypto 2022) and Reuters, “Russian Finance Ministry to Consider Central Bank Proposals on Cryptocurrencies,” February 21, 2022, https://www.reuters.com/markets/europe/russian-finance-ministry-consider-cbank-proposals-cryptocurrencies-2022-02-21/.
3 Flitter, Emily, and David Yaffe-Bellany. 2022. “Russia Could Use Cryptocurrency to Blunt the Force of U.S. Sanctions.” The New York Times. February 23, 2022, https://www.nytimes.com/2022/02/23/business/russia-sanctions-cryptocurrency.html; Tom Wilson, “Crypto Exchanges Won’t Bar Russians, Raising Fears of Sanctions Backdoor,” March 3, 2022, https://www.reuters.com/markets/europe/crypto-exchanges-wont-bar-russians-raising-fears-sanctions-backdoor-2022-03-02/.
4 Fatima Hussein, “Russia Eyes Sanctions Workarounds in Energy, Gold, Crypto,” Associated Press, March 1, 2022, https://apnews.com/article/russia-ukraine-vladimir-putin-cryptocurrency-technology-business-d6a6d1bb3f664a555a2871eef3cd0e8c; Joanna Ossinger, “Coinbase CEO Says Ordinary Russians Using Bitcoin as ‘Lifeline,’” Bloomberg, March 4, 2022, https://www.bloomberg.com/news/articles/2022-03-04/coinbase-ceo-says-ordinary-russians-using-bitcoin-as-lifeline?sref=Pw1Mp35R.
5 Chainalysis. 2022. “The 2022 Crypto Crime Report.” Chainalysis. February 2022. https://go.chainalysis.com/2021-Crypto-Crime-Report.html.
6 Arjun Kharpal, “The Russia-Ukraine Conflict Has Thrust Crypto into the Spotlight and Raised 3 Big Questions,” CNBC, March 4, 2022, https://www.cnbc.com/2022/03/04/russia-ukraine-war-cryptocurrencies-and-sanctions-in-the-spotlight-.html; Hannah Lang, “U.S. Lawmakers Push Treasury to Ensure Russia Cannot Use Cryptocurrency to Avoid Sanctions,” March 2, 2022, https://www.reuters.com/world/us/us-lawmakers-push-treasury-ensure-russia-cannot-use-cryptocurrency-avoid-2022-03-02/.
7 Baydakova, Anna. 2020. “Digital Ruble Could Be Tool Against Sanctions, Bank of Russia Says.” Coindesk. October
8 Partz, Helen. 2022. “Digital Ruble Trial Goes Live as Bank of Russia Insists on Bitcoin Ban.” Cointelegraph. February 15, 2022. Accessed 03 04, 2022. https://cointelegraph.com/news/digital-ruble-trial-goes-live-as-bank-of-russia-insists-on-bitcoin-ban.
9 Tom Bergin, “Russia Could Work Around SWIFT Ban but with High Costs,” March 7, 2022, https://www.reuters.com/markets/europe/russia-could-work-around-swift-ban-with-high-costs-2022-03-07/. See also Catherine Belton, Paritosh Bansal, and Megan Davies, “SWIFT Block Deals Crippling Blow to Russia; Leaves Room to Tighten,” February 27, 2022, https://www.reuters.com/markets/europe/swift-block-deals-crippling-blow-russia-leaves-room-tighten-2022-02-27/.
10 Tom Bergin, “Russia Could Work Around SWIFT Ban but with High Costs,” March 7, 2022, https://www.reuters.com/markets/europe/russia-could-work-around-swift-ban-with-high-costs-2022-03-07/.
11 Faife, Corin. 2022. “A Ransomware Group Paid the Price for Backing Russia.” The Verge. February 28, 2022. https://www.theverge.com/2022/2/28/22955246/conti-ransomware-russia-ukraine-chat-logs-leaked.
12 Bing, Christopher. 2022. “Russia-based Ransomware Group Conti Issues Warning to Kremlin Foes.” Reuters. February 25, 2022. https://www.reuters.com/technology/russia-based-ransomware-group-conti-issues-warning-kremlin-foes-2022-02-25/.
13 U.S. Department of Justice. 2022. “Attorney General Merrick B. Garland Announces Launch of Task Force KleptoCapture.” The United States Department of Justice Office of Public Affairs. March 02, 2022. https://www.justice.gov/opa/pr/attorney-general-merrick-b-garland-announces-launch-task-force-kleptocapture.
14 U.S. Department of the Treasury. 2021. “Treasury Continues to Counter Ransomware as Part of Whole-of-Government Effort; Sanctions Ransomware Operators and Virtual Currency Exchange.” November 08, 2022. https://home.treasury.gov/news/press-releases/jy0471; Chainalysis. 2021. “P2P Cryptocurrency Exchange Chatex and Two Russian Nationals Indicted and Sanctioned for Roles in Ransomware Operations.” November 08, 2022. https://blog.chainalysis.com/reports/ofac-sanction-chatex-revil-sodinokibi-november-2021/; K2 Integrity. 2021. “OFAC Releases Updated Ransomware Advisory and Announces First Designation of Cryptocurrency Exchange.” Dedicated Online Financial Integrity Network. September 28, 2022. https://app.dolfin.org/finhub-article/ofac-releases-updated-ransomware-advisory-and-announces-first-designation-of-cryptocurrency-exchange/.
15 Yueqi Yang, “Coinbase Blocks 25,000 Crypto Wallets Linked to Russia Users,” Bloomberg, March 7, 2022, https://www.bloomberg.com/news/articles/2022-03-07/coinbase-blocks-25-000-crypto-wallets-linked-to-russian-users?sref=Pw1Mp35R.
16 Financial Crimes Enforcement Network (FinCEN), “FinCEN Advises Increased Vigilance for Potential Russian Sanctions Evasion Attempts,” March 7, 2022, https://www.fincen.gov/sites/default/files/2022-03/FinCEN%20Alert%20Russian%20Sanctions%20Evasion%20FINAL%20508.pdf.
17 Financial Crimes Enforcement Network (FinCEN), “FinCEN Advises Increased Vigilance for Potential Russian Sanctions Evasion Attempts,” March 7, 2022, https://www.fincen.gov/sites/default/files/2022-03/FinCEN%20Alert%20Russian%20Sanctions%20Evasion%20FINAL%20508.pdf.