Red Flags on Potential Russian Sanctions Evasion Attempts - WST

On March 7, 2022, FinCEN issued an alert advising all financial institutions to be vigilant against potential efforts to evade U.S. imposed sanctions and restrictions implemented in connection with the Russian Federation’s invasion of Ukraine. The Office of Foreign Assets Control has taken significant sanctions actions related to the Russian financial services sector, government entities, and high-level officials and their family members. Sanctions have also been issued for certain people and entities in Belarus due to their support for and facilitation of the Russian invasion. Financial institutions are encouraged to consult OFAC’s website to stay abreast of the ever-changing sanctions efforts.

Financial institutions should identify and report any suspicious activity associated with potential sanctions evasion quickly and conduct appropriate, risk-based customer and/or enhanced due diligence when required. FinCEN requests that financial institutions reference this alert by including the key term “FIN-2022-RUSSIANSANCTONS” in SAR field 2 (Filing Institution Note to FinCEN) and the narrative to indicate a connection between the suspicious activity being reported and the activities highlighted in this alert. FinCEN also encourages institutions to make full use of information sharing authorities provided by Section 314(b) of the USA PATRIOT Act.

The alert provides thirteen (13) select red flag indicators to assist financial institutions in identifying potential evasion of sanctions in the following areas:

• Using the U.S. Financial System
• Using Convertible Virtual Currency (CVC)
• Possible Ransomware Attacks and Other Cybercrime

Sanctions evasion may occur through various means, including currently unsanctioned banks or other financial institutions that still have access to the international financial system. CVC exchangers and administrators and other financial institutions may observe transactions tied to CVC activity associated with sanctioned Russian, Belarusian, or affiliated persons. FinCEN reminds financial institutions of dangers posed by Russian -related ransomware campaigns.

To view the alert in its entirety, please follow the link below:

https://www.fincen.gov/sites/default/files/2022-03/FinCEN%20Alert%20Russian%20Sanctions%20Evasion%20FINAL%20508.pdf

Editor’s Note:

Cyberattacks against US organizations and infrastructure continue to be a real possibility. 10-D will continue to monitor and provide technical insight as this ever-changing situation continues. In the meantime, please refer to our WST on the subject: https://10dsecurity.com/wst/cybersecurity-fundamentals.html

Authored by: Dawn Merrick, CRCM