Biden Administration Ramps Up Enforcement of Russia Sanctions and Export Controls. Here’s What Compliance Teams Need to Know.

In response to Russia’s invasion of Ukraine, the Biden Administration has issued a sweeping set of sanctions and export control measures affecting Russia, Ukraine and Belarus. The administration has also warned that it is ramping up efforts to enforce these new measures, as well as the pre-existing sanctions regarding Russia/Ukraine.

If we do not respond to Putin’s assault on global peace and stability today, the cost to freedom and to the American people will be even greater tomorrow. We will not be part of subsidizing Putin’s war against the Ukrainian people. pic.twitter.com/3PgsHheIiZ

— President Biden (@POTUS) March 9, 2022

Most notably, DOJ announced the creation of an “interagency law enforcement task force dedicated to enforcing the sweeping sanctions, export restrictions and economic countermeasures” that the U.S. government has recently imposed. The following day, DOJ announced the indictment of a U.S. citizen for providing services to a Russian individual that had been sanctioned in 2014 during a previous round of Russia/Ukraine sanctions. And yesterday, FinCEN released an alert describing 13 red flags to assist financial institutions in identifying potential Russian or Belarusian sanctions evasion attempts.

U.S. and non-U.S. companies should therefore anticipate increased efforts by DOJ, Treasury, Commerce and other federal and state agencies to investigate criminal and civil violations of sanctions and export control measures, as well as related violations, such as involving AML and bank fraud.

Biden Administration Announces Sanctions and Export Controls Against Russia and Belarus, Along with Plans to Step Up Enforcement

Below, we summarize relevant announcements and outline some practical considerations for mitigating risk.

• President Biden’s remarks during the State of the Union Address. On March 1, 2022, President Biden referred to a variety of ways his administration is “enforcing powerful economic sanctions” against Russia. He announced that DOJ was assembling a “dedicated task force to go after the crimes of Russian oligarchs,” and issued a warning: “We are joining with our European allies to find and seize your yachts, your luxury apartments, your private jets. We are coming for your ill-begotten gains.” Media reports indicate that France and Italy have taken action to seize yachts owned by sanctioned oligarchs, and that other such yachts are currently on the move towards ports in the Maldives and Montenegro, ostensibly to avoid capture.
• DOJ launches the KleptoCapture Task Force. On March 2, DOJ announced the creation of that task force to ensure the full effect of the Russia/Ukraine sanctions “by targeting the crimes of Russian officials, government-aligned elites and those who aid or conceal their unlawful conduct.” The task force will be run out of Deputy Attorney General Lisa Monaco’s office and led by a veteran SDNY prosecutor, Andrew Adams. The task force will be staffed by prosecutors, agents and analysts across DOJ with expertise in sanctions, export control, anticorruption, asset forfeiture, anti-money laundering, tax enforcement and national security investigations, as well as personnel from other departments and agencies, including the Department of Homeland Security and the Internal Revenue Service. As part of a $10 billion request to Congress for funding related to COVID-19 and Ukraine assistance, the White House asked for $59 million to fund the task force.

Targeting Broad Enforcement of New and Pre-Existing Sanctions

Although much attention has focused on the task force’s pursuit of oligarchs and their luxury assets, DOJ’s announcement indicates that the task force will more broadly investigate violations of pre-existing and recent Russia/Ukraine sanctions by companies and individuals, including activity, such as involving cryptocurrency, that seeks to evade sanctions laws. DOJ listed the following “missions” of the task force, only the fourth of which involves asset forfeiture:

• Investigating and prosecuting violations of new and future sanctions imposed in response to the Ukraine invasion, as well as sanctions imposed for prior instances of Russian aggression and corruption;
• Combating unlawful efforts to undermine restrictions taken against Russian financial institutions, including the prosecution of those who try to evade know-your-customer and anti-money laundering measures;
• Targeting efforts to use cryptocurrency to evade U.S. sanctions, launder proceeds of foreign corruption, or evade U.S. responses to Russian military aggression; and
• Using civil and criminal asset forfeiture authorities to seize assets belonging to sanctioned individuals or assets identified as the proceeds of unlawful conduct.

Watching for Red Flags

DOJ emphasized the broad range of charges that are often pursued as part of sanctions and export control investigations, including conspiracy to defraud or obstruct the U.S. government, money laundering, false statements to financial institutions, bank fraud and tax offenses.

• SDNY Prosecution of Jack Hanick. On March 3, DOJ announced the unsealing of a criminal indictment charging Jack Hanick, a U.S. citizen, for providing services to a Russian oligarch who had been sanctioned in 2014 for financing Russia’s malicious activities in Ukraine. Specifically, DOJ alleged that Hanick, a former television producer, violated U.S. sanctions by helping Konstantin Malofeyev over a period of years in establishing or purchasing television networks in Russia, Greece, and Bulgaria following Malofeyev’s designation as an SDN. DOJ described this as the first-ever criminal prosecution relating to these original Russia/Ukraine sanctions. Hanick was also charged with making false statements to the FBI about his work for Malofeyev. DOJ’s announcement may indicate that it will accelerate other cases involving pre-existing Russia/Ukraine sanctions to send a deterrence message.
• FinCEN issues alert advising increased vigilance for sanctions evasion. On March 7, FinCEN released an alert highlighting the need for “all financial institutions to be vigilant against efforts to evade the expansive sanctions and other U.S.-imposed restrictions implemented in connection with the Russian Federation’s further invasion of Ukraine.” The alert describes 13 “red flags” to assist institutions in identifying potentially evasive activity, though it cautions that the indicators are not exhaustive.
• The red flags include the use of shell companies and other arrangements to obscure ownership, source of funds, and the countries involved in a transaction; the use of third parties to shield the involvement of sanctioned persons or Politically Exposed Persons (“PEPs”); the involvement of jurisdictions previously identified with Russian financial flows that are having a notable increase in new company formations; and the use of newly established accounts that attempt to wire funds to one of the Russian banks recently removed from SWIFT.
• FinCEN also addresses the use of cryptocurrency, noting that “[w]hile large scale sanctions evasion using CVC [convertible virtual currency] by a government such as the Russian Federation is not necessarily practicable, sanctioned persons, illicit actors, and their related networks or facilitators may attempt to use CVC and anonymizing tools to evade U.S. sanctions and protect their assets around the globe, including in the United States.” Accordingly, FinCEN advises crypto exchanges and other financial institutions to watch for various red flags, including customer transactions initiated from or sent to IP addresses associated with, among others, Russia, Belarus and jurisdictions with AML deficiencies as identified by the Financial Action Task Force (“FATF”).
• The alert also identifies red flags associated with ransomware schemes, including a customer’s receipt of cryptocurrency, followed by multiple, rapid trades with no apparent purpose, followed by a transaction off the platform.

FinCEN also includes reminders regarding financial institutions’ obligations under the BSA, including the need for suspicious activity reporting, due diligence and other reporting requirements.

Compliance, Risk and Due Diligence

In light of the U.S. government’s heightened focus on enforcement in the Russia/Ukraine context, U.S. and non-U.S. companies should consider taking steps to strengthen their compliance efforts. These steps may include:

• Risk assessment and due diligence. Companies should assess the extent of their (and, if relevant, their portfolio companies or other investments’) connections to Russia, Ukraine and Belarus, including the extent to which they have operations, customers, business partners, vendors, supply chain links and employees in these regions. Once the relevant connections are identified, and depending on the circumstances, companies should consider undertaking refreshed diligence to determine, for example, whether a business partner is sanctioned or owned by a sanctioned party (or has sanctioned individuals on its board or executive teams) or is located in one of the newly sanctioned regions of Ukraine. Enhanced diligence may be warranted depending on the circumstances given that sanctioned entities and individuals in Russia have been known to use complex techniques, including the use of shell companies, to obscure ownership and financial flows. Additionally, where appropriate, companies should consider conducting reputational diligence and consulting advisors to assess the risk that non-sanctioned entities or individuals with whom the companies conduct business become subject to sanctions at a later time.
• Sanctions screening. In addition to adding newly sanctioned parties’ information to the sanctions filter, companies should take steps to ensure that they are implementing screening in a manner that aligns with OFAC guidance and the lessons drawn from recent OFAC enforcement actions. For example, sanctions screening should use fuzzy logic (i.e., it should identify near-matches, not just exact matches), be tuned and evaluated regularly, and employ appropriate screening lists (for example, depending on its risk profile, a company should consider acquiring enriched screening lists that include entities that are not on OFAC’s lists, but are suspected to be owned 50% or more by sanctioned parties and are therefore subject to sanctions). In addition, sanctions filters should include region, city, port and other place names and common alternative spellings of the same, as well as postal codes, associated with the newly sanctioned regions of Ukraine.
• IP blocking. OFAC has communicated in guidance and in several recent enforcement actions that it expects companies to institute IP blocks against comprehensively sanctioned countries and regions, which now include the three sanctioned regions of Ukraine.
• Training. Given how rapidly Russia/Ukraine sanctions and export controls are evolving, companies should consider instituting a method and a cadence for keeping relevant employees (from front-line sales staff to personnel in finance, procurement and HR) apprised of developments and the steps needed to effectuate compliance. This can be done through a combination of email advisories and in-person or virtual trainings.
• Vigilance towards evasion. DOJ has announced that it will be vigilant to sanctions evasion, including the evasion of KYC measures or the use of cryptocurrency to potentially avoid sanctions controls. Companies should follow suit by increasing their vigilance, including by training employees regarding evasion tactics and warning signs. Companies should pay particular attention to when the U.S. government calls attention to specific red flags, such as in FinCEN’s recent alert. To take another example, OFAC recently stated that companies should be on the lookout for “non-routine foreign exchange transactions” that may indicate the indirect involvement of sanctioned entities. OFAC noted that the Russian Central Bank “may seek to use import or export companies to engage in foreign exchange transactions on its behalf and obfuscate its involvement.”
• Sanctions compliance program. In addition to implementing the recent sanctions, companies should take the opportunity when feasible to review their broader sanctions compliance policies and programs to determine whether they align with OFAC’s expectations set forth in its 2019 compliance program guidance. In the event of sanctions violations, OFAC will provide appropriate credit if a company maintained a sufficient sanctions compliance program.

In addition to these compliance measures, many companies are also determining whether to cease or scale back their Russian business even beyond what sanctions require for a combination of reputational, risk mitigation (e.g., getting ahead of potential additional sanctions) and commercial reasons.

This article originally appeared on the website of Paul Weiss. It is reprinted here with permission.