No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

BitPay’s $507K OFAC Sanctions Violations Settlement

Details of the Settlement, Plus Takeaways from the Enforcement Action

by Michael Volkov
March 4, 2021
in Compliance, Featured
illustration of man under giant gavel

OFAC has brought two enforcement actions against digital currency services providers in as many months – the latest, against BitPay, should spur companies to develop risk-based sanctions compliance programs. Michael Volkov discusses the violations.

The Treasury Department’s Office of Foreign Asset Control continues to focus enforcement activities on digital currency companies. This focus is likely to increase given recent comments by Janet Yellen, the head of the Treasury department, criticizing digital currencies and the utility of this rapidly growing new technology. Last year, OFAC announced an enforcement action against BitGo, a digital wallet asset management service.

In OFAC’s latest enforcement action, BitPay, Inc. (BitPay), a private company based in Atlanta, Georgia which provides payment processing for merchants to accept digital currency as payment for goods and services, agreed to pay $507,375 to settle violations of various OFAC sanctions programs.

The Violations

BitPay engaged in 2,102 violations of sanctions programs in the Crimea region of Ukraine, Cuba, North Korea, Iran, Sudan and Syria. In particular, BitPay processed transactions for customers with merchants in the United States and elsewhere using digital currency on BitPay’s platform, even though BitPay had location information, including IP addresses and other location data about those persons prior to completing the transactions.

As a result, BitPay processed transactions totaling approximately $129,000 in digital currency with BitPay merchant customers. Specifically, BitPay received digital currency payments from its merchant customers on behalf of the merchants’ buyers who were located in sanctioned jurisdictions, BitPay converted the digital currency to fiat currency and then BitPay relayed that currency to its merchants.

Between approximately June 10, 2013 and September 16, 2018, BitPay processed 2,102 transactions on behalf of individuals who, based on IP addresses and information available in invoices, were located in sanctioned jurisdictions. BitPay screened its merchant customers against OFAC’s SDN List and conducted due diligence on them to ensure they were not located in sanctioned jurisdictions. However, BitPay failed to screen location data that it obtained about its merchants’ buyers to confirm the location and screen the customers against OFAC’s SDN List.

Specifically, BitPay at times received information about merchants’ buyers, including a buyer’s name, address, email address and phone number. Starting in November 2017, BitPay also obtained buyers’ IP addresses. BitPay’s transaction review process failed to review and analyze buyer identification and location data. As a result, buyers who were located in Crimea, Cuba, North Korea, Iran, Sudan and Syria were able to make purchases from merchants in the United States and elsewhere using digital currency on BitPay’s platform.

BitPay did not voluntarily disclose the sanctions violations. OFAC determined that the violations were not egregious. OFAC determined that BitPay failed to exercise due caution or care for its sanctions compliance obligations when it allowed persons in sanctioned jurisdictions to transact with BitPay’s merchants using digital currency for approximately five years, even though BitPay had sufficient information to screen those customers.

Remediation

BitPay implemented sanctions compliance controls in 2013 for conducting due diligence and sanctions screening on its merchant customers but failed to extend its controls to merchants’ buyers. Notwithstanding this omission, BitPay employees were trained that BitPay was subject to sanctions prohibitions involving Cuba, Iran, Syria, Sudan, North Korea and Crimea, as well as sanctioned individuals and entities.

To remediate the violations, BitPay has blocked IP addresses that originate in Cuba, Iran, North Korea and Syria from connecting to the BitPay website or from viewing any instructions on how to make payment. In addition, BitPay checks physical and email addresses of merchants’ buyers when provided by the merchants to prevent completion of an invoice from the merchant if BitPay identifies a sanctioned jurisdiction address or email top-level domain and has implemented “BitPay ID,” a new customer identification tool that is mandatory for merchants’ buyers who wish to pay a BitPay invoice equal to or above $3,000. As part of BitPay ID, the merchant’s customer must provide an email address, proof of identification/photo ID and a selfie photo.

OFAC’s enforcement action underscores the importance of sanctions compliance for digital currency companies and the implementation of risk-based sanctions compliance controls commensurate with their risk profile. As stated by OFAC,

“Companies that facilitate or engage in online commerce or process transactions using digital currency are responsible for ensuring that they do not engage in unauthorized transactions prohibited by OFAC sanctions, such as dealings with blocked persons or property or engaging in prohibited trade or investment-related transactions.”


This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.


Tags: CryptocurrencyOffice of Foreign Assets Control (OFAC)Sanctions
Previous Post

Thinking Outside the Tick Box: Compliance Training as a Competitive Advantage

Next Post

SEC Announces Enforcement Task Force Focused on Climate and ESG Issues

Michael Volkov

Michael Volkov

Michael-Volkov-leclairryan Michael Volkov is the CEO of The Volkov Law Group LLC, where he provides compliance, internal investigation and white collar defense services.  He can be reached at mvolkov@volkovlaw.com. Michael has extensive experience representing clients on matters involving the Foreign Corrupt Practices Act, the UK Bribery Act, money laundering, Office of Foreign Asset Control (OFAC), export controls, sanctions and International Traffic in Arms, False Claims Act, Congressional investigations, online gambling and regulatory enforcement issues. Michael served for more than 17 years as a federal prosecutor in the U.S. Attorney’s Office in the District of Columbia; for five years as the Chief Crime and Terrorism Counsel for the Senate Judiciary Committee, and Chief Crime, Terrorism and Homeland Security Counsel for the Senate and House Judiciary Committees; and as a Trial Attorney in the Antitrust Division of the U.S. Department of Justice. Michael also maintains a well-known blog: Corruption Crime & Compliance, which is frequently cited by anti-corruption professionals and professionals in the compliance industry.

Related Posts

ftx arena miami

2023: The Year of Crypto Compliance

by Ben Richmond
January 11, 2023

The November collapses of FTX and BlockFi, two of the world’s biggest cryptocurrency exchanges, were shocking — and devastating for...

The North Korean Crypto Threat_f

The North Korean Crypto Threat

by Corporate Compliance Insights
October 20, 2022

How to challenge North Korea's entry into the crypto field of play Facing the Latest Challenge to the Crypto Ecosystem...

unpacking crypto eo

Unpacking Biden’s Crypto Executive Order

by Harriet Christie
July 27, 2022

Rather than an exhaustive dossier of rules and regulations providing next steps for crypto firms, President Joe Biden’s March 9...

mining for gold in russia

U.S. Widens Sanctions, Targets Russian Gold Production

by Michael Volkov
July 13, 2022

Russia cranked up its gold production to offset previous international sanctions; now, the U.S. and a group of international allies...

Next Post
hands holding seedling in eggshell

SEC Announces Enforcement Task Force Focused on Climate and ESG Issues

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT