Compliance Blog

June 2022 is now in full swing, which means the temperatures are heating up outside, people are having barbeques, and kids are beginning their summer vacations (including my six-year-old, who just finished kindergarten). It’s been a while since we’ve provided a roundup of BSA activity, so let’s look back at some recent actions by the Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC). After all, who doesn’t like reading about BSA developments while lounging by the pool?

OFAC

We previously blogged about OFAC’s decision to add a virtual currency exchange, SUEX, to the specially designated nationals (SDN) list in September 2021. A second virtual currency exchange, Chatex, was also added in November 2021.

Continuing that trend, OFAC announced further actions to fight cybercrime in April 2022. First, OFAC announced that it was designating Hydra Market, which the press release described as “the most prominent Russia darknet market, and the largest darknet market left in the world.” As the press release describes, Hydra offered a marketplace for illicit goods and services, including ransomware (also known as “ransomware as a service”) and illegal drugs. Users of the marketplace preferred to transact in cryptocurrency because they believed it provided greater anonymity than other payment methods. The designation of Hydra means that it has now been added to the SDN list, and therefore U.S. persons are prohibited from engaging in transactions with Hydra and assets of Hydra in U.S. accounts must be blocked.

Concurrent with the announcement that Hydra had been designated, OFAC also announced a third virtual currency exchange, Garantex, had been designated. Garantex was originally registered in Estonia, but OFAC’s press release stated most of its operations actually occur in Russia. According to OFAC, Garantex has been providing services to Hydra Market and has also assisted Russian ransomware gangs. Notably, both of these actions involve Russia, and came when the Russia-Ukraine conflict was a major focus of international attention. The actions themselves could be viewed as a way of fighting against Russia’s underground economy – in fact, the press release basically says as much, noting that the actions “reinforce” guidance discussing possible sanctions evasion.

In that vein, OFAC announced a determination in May that executive orders relating to the Russia-Ukraine conflict prohibit U.S. persons from providing accounting, trust and corporate formation and/or management counseling services to any person located in the Russian Federation. These new prohibitions became effective last week, on June 7, 2022. Generally speaking, most credit unions do not provide accounting services, corporate formation services or management counseling services, and would be unlikely to provide such services to persons located in Russia, so this new action is unlikely to affect credit unions much. However, if a credit union or its CUSO does provide such services, then they may need to ensure that they avoid transactions with persons located in Russia. 

Finally, in May OFAC announced its first-ever designation of a virtual currency mixing service, Blender.io (Blender). According to the announcement, Blender assisted North Korean state-sponsored hackers by providing currency mixing services that allowed them to launder stolen virtual currency. For those that are not familiar, a “mixing service” essentially mixes cryptocurrency funds to try to make them harder to trace and to obscure whether funds were illicitly obtained. Blender has been added to the SDN list, making it the first virtual currency mixing service to be added, and joining the three virtual currency exchanges mentioned above to further expand OFAC’s attempts to combat illicit virtual currency actors across the globe.

FinCEN

On June 6, 2022, FinCEN published an Advanced Notice of Proposed Rulemaking (ANPRM) relating to a proposed No Action Letter (NAL) program. The Anti-Money Laundering Act of 2020 required FinCEN to examine whether it should establish a NAL program and to report to congress on its determination. FinCEN sent its report to Congress last June, which concluded that “FinCEN should undertake a rulemaking in order to establish a no-action letter process to supplement the existing forms of regulatory guidance and relief that may currently be requested from FinCEN.” Now, nearly a year later, FinCEN has published this ANPRM, which mostly seeks comments on how a NAL program should work. The NAL program would, in theory, allow an institution (such as a credit union) to apply to FinCEN for a letter which, if granted, would state that FinCEN does not intend to bring enforcement activity against the institution for the activities described in the application. The ANPRM asks credit unions to comment on additional considerations that FinCEN should weigh when evaluating NAL applications, as well as whether information from NAL applications should be provided to other regulatory agencies, among other things.

NAFCU’s Regulatory Affairs team has published a Regulatory Alert on this topic (available to NAFCU members only). NAFCU member credit unions that wish to provide feedback or comments on this proposal can submit their comments to NAFCU by July 22, 2022.