On May 13, 2022, Magistrate Judge Zia Faruqui released a redacted Memorandum Opinion disclosing that the US Department of Justice (DOJ) had launched a criminal prosecution against a US citizen involving the alleged operation of a cryptocurrency payments platform to evade US sanctions. In re Crim. Complaint, No. 22-mj-067-ZMF (D.D.C. May 13, 2022) (the Sealed Action).[1] The Sealed Action follows an April 12, 2022 announcement by DOJ that Virgil Griffith, a US citizen, was sentenced to 63 months in prison and ordered to pay a $100,000 fine for providing advice on using cryptocurrency and blockchain technology to evade US sanctions against North Korea. United States v. Griffith, No. 20-cr-00015 (S.D.N.Y. Apr. 13, 2022) (the Griffith Action).
These actions come on the heels of various initiatives focused on cryptocurrency and demonstrate that regulators are committing resources to target the misuse of cryptocurrency to evade US sanctions. As Magistrate Judge Faruqui observed, “The Department of Justice can and will criminally prosecute individuals and entities for failure to comply with OFAC’s regulations, including as to virtual currency.” Companies that deal in virtual currency or transact with those that do, including financial institutions, should be alive to the AML and sanctions risks associated with cryptocurrency transactions. This is particularly the case since many cryptocurrency transactions are conducted outside the traditional financial system, and thus the subset that flow through banks may well be subjected to heightened regulatory scrutiny.
Regulators Target Use of Cryptocurrency to Evade Sanctions
In recent years, virtual currency has emerged as an attractive tool for individuals seeking to evade sanctions. In response, US regulators have announced new initiatives and reiterated enforcement priorities in the virtual currency space. For example, on March 2, 2022, DOJ announced the launch of “Task Force KleptoCapture”—an interagency task force dedicated to enforcing sanctions, export controls restrictions, and economic countermeasures, including “[t]argeting efforts to use cryptocurrency to evade U.S. sanctions.” Task Force KleptoCapture builds on DOJ’s National Cryptocurrency Enforcement Team (NCET), a specialized team announced in October 2021 that combines resources from DOJ’s Money Laundering and Asset Recovery Section (MLARS) and Computer Crime and Intellectual Property Section (CCIPS) to step-up enforcement across the broad spectrum of cryptocurrency-related crimes.
Relatedly, the US Treasury Department’s (Treasury) Office of Foreign Assets Control (OFAC) released guidance on March 11, 2022 noting that US sanctions can apply “regardless of whether a transaction is denominated in traditional fiat currency or virtual currency.” On March 7, 2022, Treasury’s Financial Crimes Enforcement Network (FinCEN) alerted financial institutions that they should “be vigilant against efforts to evade sanctions” and reminded financial institutions of their suspicious activity reporting obligations, including with respect to virtual currency transactions. A few weeks later, on April 14, 2022, FinCEN issued an advisory on kleptocracy and foreign public corruption, which reiterated the role financial institutions are expected to play in reporting sanctions evasion.
Recent Enforcements
In the Griffith Action, a US citizen pleaded guilty to conspiring to violate the International Emergency Economic Powers Act (IEEPA), the primary statute authorizing regulators to promulgate sanctions regulations. Specifically, Griffith traveled to North Korea to “develop[] cryptocurrency infrastructure” to help North Koreans circumvent US sanctions. While in North Korea, Griffith delivered presentations to North Korean officials on cryptocurrency and blockchain technologies and advised attendees on “the potential uses of blockchain and cryptocurrency technologies to evade sanctions and launder money.” DOJ described Griffith’s actions as “gravely serious conduct that jeopardizes the efficacy of the sanctions regime and endangers the public.” Griffith’s actions occurred against the backdrop of North Korea continuing its efforts to generate cryptocurrency to help fund its regime through cybercrime. These efforts, including hacks on cryptocurrency exchanges (which stole almost $400 million across seven hacks in 2021 alone) and the deployment of the WannaCry variant ransomware that extorted cryptocurrency from victims that wanted to regain access to their infected systems, constitute a national security concern that has contributed to a rise in regulator attention in this area.
Separately, in the Sealed Action, DOJ alleged that Defendant, a US citizen, “conspire[d] to operate an online payments and remittances platform” in an unnamed comprehensively sanctioned country. Defendant allegedly created a payments platform and used a US-based virtual currency exchange (VCE 1) to buy and sell Bitcoin. According to DOJ, Defendant funded the VCE 1 account “with fiat currency from a traditional U.S. financial institution” that Defendant used “to send thousands of dollars to two accounts at a foreign-based virtual currency exchange.” (VCE 2). Ultimately, Defendant allegedly used VCE 2 to transmit approximately $10 million worth of Bitcoin between the United States and an unnamed comprehensively sanctioned country for customers of the payments platform.
While Defendant had allegedly advertised the payments platform “as designed to evade U.S. sanctions, including through purportedly untraceable virtual currency transactions,” the payments platform was tied to a US-based financial institution linked to Defendant’s US-residence IP address. Even though the exchange in question was set up outside the United States, Magistrate Judge Faruqui found that “it was still subject to U.S. sanctions regulations when it knowingly reexported financial services––including virtual currency that originated in the U.S. or came from a U.S. person––to a sanctioned jurisdiction, person, or entity.” Accordingly, the Sealed Action serves as a reminder that US regulatory jurisdiction can extend to foreign cryptocurrency transactions with US touchpoints, and that touchpoints involving US-based financial institutions may be particularly likely to attract regulatory scrutiny.
Finally, as we have previously discussed, OFAC has already enforced sanctions laws in the virtual currency space: In February 2021, OFAC released details of its $507,375 settlement with BitPay, Inc., a Bitcoin payment processor, for apparent violations of multiple sanctions programs related to virtual currency transactions. In December 2020, OFAC reached a $98,830 settlement with BitGo, Inc., a virtual wallet company, which had reason to know based off of IP address data that users were located in sanctioned territories.
Takeaways for Companies
The recent actions taken by DOJ and OFAC demonstrate that US regulators are channeling enforcement resources to address the potential use of virtual currencies to evade sanctions and that they have the appetite to prosecute individuals and companies that operate in the virtual currency space. Financial institutions and those with exposure, even indirect, to cryptocurrency should be alive to the associated AML and sanctions risks. Further, to the extent that they have not done so already, now may be a good time for companies to consider testing the effectiveness and adequacy of their sanctions and AML controls.
[1] The docket in this matter remains under seal because DOJ’s investigation is ongoing. For that reason, the Court has redacted certain facts and identifying information from the Memorandum Opinion.
