Joint statement from UK financial regulatory authorities on sanctions and the cryptoasset sector

The UK, in partnership with our allies across the globe, has imposed an unprecedented package of economic sanctions on Russia and Belarus, in response to Russia’s invasion of Ukraine on 24 February.

The UK financial regulatory authorities reiterate that all UK financial services firms, including the cryptoasset sector, are expected to play their part in ensuring that sanctions are complied with.

We are working closely with partners in government and law enforcement both here and abroad, including regulatory authorities, to share intelligence and act to prevent sanctions evasion, including through cryptoassets. We also remain ready to act in the event of sanctions breaches.

Legal and regulatory requirements on firms

Financial sanctions regulations do not differentiate between cryptoassets and other forms of assets. The use of cryptoassets to circumvent economic sanctions is a criminal offence under the Money Laundering Regulations 2017 and regulations made under the Sanctions and Anti-Money Laundering Act 2018.

The FCA has already written to all registered cryptoasset firms and those holding temporary registration status to highlight the application of sanctions on various entities and individuals.

Where transactions give rise to concerns about sanctions evasion or money laundering firms should also consider their obligations to report to the UK Financial Intelligence Unit (UKFIU) at the National Crime Agency under the Proceeds of Crime Act 2002. The UKFIU has published guidance and a Suspicious Activity Reports (SARs) glossary code that should be used when reporting any suspicions.

We remind all other authorised financial institutions to check the FCA register to identify whether any cryptoasset firms they do business with are registered, or to check the equivalent register of the jurisdiction in which the cryptoasset firm is based. Both the FCA and the PRA will act if they see authorised financial institutions supporting cryptoasset firms operating in the UK illegally.

The Office of Financial Sanctions Implementation (OFSI), part of HM Treasury, ensures financial sanctions are properly understood, enforced and implemented in the UK. If you know, or have ‘reasonable cause to suspect’ that you are in possession or control of, or are otherwise dealing with, the funds or economic resources of a designated person you must:

  • freeze them
  • not deal with them or make them available to, or for the benefit of, the designated person, unless:
    • there is an exception in the legislation that you can rely on; or
    • you have a license from OFSI
  • report them to OFSI ([email protected])

Full guidance can be found on OFSI’s website.

Steps to reduce the risk of sanctions evasion via cryptoassets

As set out in communications from the FCA, cryptoasset firms must take steps to ensure they are compliant with their legal obligations in relation to sanctions.

Controls developed to identify customers and monitor their transactions under the Money Laundering Regulations 2017 can help with compliance, but firms will need to implement additional sanctions specific controls as appropriate. In particular, firms should consider:

  • updating business-wide and customer risk assessments to account for changes in the nature and type of sanctions measures
  • ensuring that customer onboarding and due diligence processes identify customers who make use of corporate vehicles to obscure ownership or source of funds
  • ensuring that customers and their transactions are screened against relevant updated sanctions lists and that effective re-screening is in place to identify activity that may indicate sanctions breaches
  • identifying activity that is not in line with the customer profile or is otherwise suspicious and ensuring that these are reported quickly to the nominated officer for timely consideration
  • where blockchain analytics solutions are deployed, ensuring that compliance teams understand how these capabilities can be best used to identify transactions linked to higher risk wallet addresses
  • engage with public-private partnerships and private-private partnerships to gather insights on the latest typologies and additional controls that might be relevant and share their own best practice examples

Firms should also look for red flag indicators that suggest an increased risk of sanctions evasion. These may include, but are not limited to:

  • a customer who is resident in or conducting transactions to or from a jurisdiction which is subject to sanctions, or which is on the UK’s High Risk Third Countries list for anti-money laundering and counter-terrorist financing purposes, or any jurisdiction you have identified as posing an increased risk of illicit financial activity
  • transactions to or from a wallet address associated with a sanctioned entity, or a wallet address otherwise deemed to be high-risk, based on its transaction history or that of associated addresses, or other factors
  • transactions involving a cryptoasset exchange or custodian wallet provider known to have poor customer due diligence procedures or which is otherwise deemed high-risk
  • the use of tools designed to obfuscate the location of the customer (eg an IP address associated with a virtual private network or proxy) or the source of cryptoassets (eg mixers and tumblers)
  • other red flag indicators that are normally associated with money laundering more broadly. In both situations, the aim of the illicit actor is to make an illegal transaction seem legitimate

Red flag indicators should be considered in context. What may appear innocent in isolation may be indicative of sanctions evasion when considered alongside other red flag indicators or contextual information.

Regulatory authorities

  • The Office of Financial Sanctions Implementation (OFSI), part of HM Treasury, ensures financial sanctions are properly understood, enforced and implemented in the UK. If you have information to report regarding financial sanctions, this must be sent to OFSI ([email protected]).
  • The FCA is the anti-money laundering and counter-terrorist financing supervisor for cryptoasset businesses and other financial institutions in the UK. It is also the conduct regulator for financial institutions which carry out activities within scope of the Regulated Activities Order. If a person you are dealing with, directly or indirectly, is a designated person; if you hold any frozen assets; or if knowledge or suspicion of these come to you while conducting your business, you must also notify the FCA ([email protected]).
  • The Bank of England prudentially regulates and supervises financial services firms through the PRA. The PRA is responsible for the prudential regulation and supervision of banks, building societies, credit unions, insurers and major investment firms.