In our recent webinar, we explored the complex world of cryptocurrency regulations and enforcement of sanctions in the crypto space. In this discussion led by Su Carpenter, Director of Operations at Crypto UK, our expert panelists including Nicholas Smart from Crystal Blockchain, Arun Srivastava from Paul Hastings, and Scott Sarsam and Ankit Shah from EY, shared insights into the intricacies of implementing and enforcing sanctions in the cryptocurrency space.
Effectiveness of crypto sanctions
Nick started the discussion by questioning the effectiveness of crypto sanctions. Using Crystal’s unique position as a blockchain intelligence company, Nick candidly assessed the current landscape. Implementing sanctions in the crypto space has proven to be a double-edged sword. While larger entities faced restrictions, nimble operators found ways to circumvent sanctions, creating a complex and dynamic environment.
Garantex: what happened when it was sanctioned?
A notable example discussed was the case of Garantex, sanctioned by the US government. Despite being on the sanctions list, Garantex continued to trade around $30 billion, raising questions about the practical impact of sanctions. This highlighted a gap between the intent of sanctions to restrict and the actual effectiveness in curbing certain entities.
The challenges of navigating sanctions in real-time
Nick emphasized the challenges posed by the dynamic nature of crypto transactions. The slower process of sanctioning entities clashes with the rapid pace of crypto movements, creating disparities in the effectiveness of sanctions.
Furthermore, the need for continuous updates to cryptocurrency addresses associated with sanctions targets complicates screening efforts, leaving room for evasion.
Arun broadened the discussion to the global context. He highlighted the extraterritorial nature of sanctions rules, which apply not only to conduct within a country but also to entities and individuals operating anywhere in the world. The discussion underscored the challenges of regulating crypto exchanges based in other countries and the potential for extraterritorial criminal liability under the Proceeds of Crime Act. where UK nationals or companies are involved or there is some connection to the UK territory (e.g, on or off ramps).
Sanctions and civil penalties
Scott elaborated on the game-changing aspect of strict liability in sanctions enforcement. Firms can now face civil penalties without proving intent or awareness, raising the stakes for regulatory compliance. OFSI now have the ability to publicly disclose sanctions breaches even where the threshold for financial penalties hasn’t been met. Scott emphasized the increased focus on governance, screening systems, and oversight of third-party providers by regulatory bodies like the Financial Conduct Authority (FCA).
Ankit provided practical insights into enhancing sanctions’ effectiveness. He emphasized the importance of robust management information reporting covering not only operational metrics but also risk metrics, including a view on emerging risks. Ankit also highlighted the need for solid operational capacity planning, addressing potential spikes in alerts, the critical role of testing screening capabilities, especially in the context of blockchain analytics tools, and tailoring of blockchain analytics tools to company’s risk profile (as opposed to the use of off-the-shelf tool settings).
UK-registered firms must conduct due diligence on the origin of assets. This process’s linchpin is customer due diligence, underscoring the critical need for firms to enhance their awareness of customer activities, mainly when acting on behalf of third parties.
The panelists stressed an unwavering zero-tolerance approach toward any association with entities subject to sanctions. The FCA is a central figure in the UK’s regulatory landscape, setting explicit expectations for crypto firms to establish and maintain robust sanctions compliance program. In September, the FCA released examples of good and poor practices to aid firms in meeting these stringent standards.
Transparency and accurate data are crucial for transaction screening
When it comes to ensuring transaction screening is effective, two important things are needed: transparency and accurate data.
It’s also important to prevent firms from circumventing screening measures as a due diligence measure to ensure that parties know with whom they are interacting to manage risk.
The Travel Rule recently introduced by the FCA addresses these issues by mandating that companies must look closely at information about crypto asset transfers. By doing this, they can identify any possible risks, like breaking sanctions or interacting with high-risk entities.
Critical factors to consider for screening and compliance
- Aligning sanctions screening with regulatory expectations
The panelists stressed the need for compliance tools to align with regulatory expectations, especially considering the clear directives from regulators on how these tools should be configured and used. - Compliance tools and technology should not replace basic compliance policies
Nick is then prompted to provide more insight into risk scoring, shedding light on how analytics and configuration of tools contribute to reflecting a firm’s risk appetite. He emphasized that while tools like blockchain analytics are invaluable for understanding transaction sources, they should not replace fundamental compliance practices. Nick underlined the importance of onboarding practices, internal controls, and expertise, cautioning that these tools are not foolproof.
- Principles of risk scoring
The panelists also discussed the working principles of risk-scoring tools, which generally aggregate signals and analyze the source of funds in transactions. Nick pointed out potential pitfalls, such as detecting new wallets without transaction history, highlighting the need for sharp control measures. The conversation also touched on the room for obfuscation in transmitting signals and the importance of a robust compliance program.
- Calibrating screening tools
Ankit, Arun, and Scott added that the correct calibration of screening tools, transaction monitoring, and the role of risk assessment in configuring compliance tools are essential. The panelists provided examples and shared experiences setting up tools and their configurations. Arun discusses this from the regulator’s perspective, emphasizing the exercise of correctjudgment in setting screening parameters noting the high expectations of regulators. and the Firms face challenges in ensuring the correct level of resourcing to handle output from transaction screening and other compliance processes.
Well-documented and transparent records of sanctions-related controls are crucial
As the webinar concluded, each panelist offered advice for crypto firms regarding sanctions monitoring and compliance.
Ankit emphasized clear and comprehensive documentation of the overall UK focused sanctions compliance program, while Scott highlighted the significance of quality data. Arun urged firms to remember to exercise their own risk based judgment and be prepared to defend this to the FCA, and Nick advised against panicking if a deposit is received from a sanctioned entity, encouraging firms to take appropriate actions and analyze the reasons behind such transactions.
An in-depth analysis of the various factors must be considered to ensure regulatory compliance and prevent potential legal ramifications.
Overall, the conversation in this webinar provides a comprehensive understanding of the challenges and considerations involved in maintaining compliance in the ever-evolving landscape of cryptocurrency.
To learn how Crystal can help you transform your approach to compliance, book a call in with our team.