February 5, 2023

Volume XIII, Number 36

Error message

  • Warning: Undefined variable $settings in include_once() (line 135 of /var/www/html/docroot/sites/default/settings.php).
  • Warning: Trying to access array offset on value of type null in include_once() (line 135 of /var/www/html/docroot/sites/default/settings.php).

February 03, 2023

Subscribe to Latest Legal News and Analysis

OFAC Ransomware Update

On Friday, OFAC published a compliance guide aimed at the virtual currency industry, which promotes sanctions compliance amid the rise of ransomware attacks. Similar to OFAC’s recent advisory, this compliance guide is yet another initiative relating to the U.S. Treasury Department's ongoing efforts to combat ransomware and many other flourishing crypto-related crimes. The guide includes an introduction to sanctions compliance requirements and makes clear that the requirements apply to the virtual currency industry just as they apply to traditional financial institutions, carrying both civil and criminal penalties for violations. The OFAC guidance offers examples of compliance best practices for companies in this industry, including technology companies, exchange platforms, wallet providers, and miners, as well as more traditional financial institutions that may have exposure to cryptocurrencies. Some key recommendations by OFAC to remain complaint include:

  • Implementing a robust compliance program, including sanctions list and geographic screening, investigations, and transaction monitoring;

  • Establishing adequate internal controls to identify, interdict, escalate, and report transactions prohibited by OFAC-administered sanctions;

  • Ensuring senior management commitment to compliance efforts; and

  • Conducting routine risk assessment exercises to identify potential areas in which the company may, directly or indirectly, engage with OFAC sanctioned persons, countries, or regions.

OFAC warned that failure to take sanctions risks seriously could lead to enforcement actions, as it has in the past. For example, BitPay, a cryptocurrency payment processing platform, entered into a $507,000 settlement with OFAC in 2021. Significantly, OFAC did not allege that BitPay knowingly violated sanctions laws, rather, OFAC alleged that BitPay had inadequate internal control policies in place which failed to identify potential sanctions violations. OFAC’s enforcement action underscores the importance of implementing risk-based sanctions compliance controls commensurate with the risk profile of an organization.

The OFAC guidance is the latest in a series of moves by the Biden administration to combat ransomware attacks by making it more difficult for ransomware groups to profit from their crimes. Accordingly, there is increasing pressure on the virtual currency industry to take action against those exploiting their services. Sanctions risks are vulnerabilities that, if ignored or mishandled, can lead to subsequent enforcement actions, harm to U.S. national security interests, and negative impacts on a company’s reputation and business. Bracewell attorneys are available to help organizations navigate this challenging legal landscape and build strong and effective compliance programs

© 2023 Bracewell LLPNational Law Review, Volume XI, Number 292

About this Author

Philip Bezanson, white collar criminal defense, securities, attorney, Bracewell
Managing Partner, Seattle

Philip J. Bezanson's practice focuses on white collar criminal defense, internal investigations, securities enforcement and regulatory matters.

Mr. Bezanson is a member of the Bracewell & Giuliani LLP team that has represented corporate and individual clients in recent high-profile and complex cases, including the Deepwater Horizon explosion, the George Washington Bridge lane closure and General Motors ignition switch investigations, "Pay to Play" cases in New York, New Mexico and Illinois, the stock options backdating cases, and a variety...

Seth DuCharme Insurance Lawyer Bracewell LLP

Seth DuCharme draws on his 14 years of experience as a senior-level law enforcement officer to advise companies and individuals on cases involving cybersecurity and breach response, Foreign Corrupt Practices Act (FCPA) diligence and litigation, export controls, sanctions compliance and anti-money laundering.

Seth served in the United States Attorney’s Office for the Eastern District of New York from 2008 through 2021. He held various positions at the Eastern District, including Chief of the Criminal Division, Chief of the National Security & Cybercrime Section, and Acting United...

Brittney Justice Litigation Attorney Bracewell

Brittney Justice represents clients across a range of industries in litigation and government enforcement and investigations in federal and state courts. She provides advice on diverse matters, including securities litigation, complex commercial disputes, environmental claims and government investigations. 

Prior to joining Bracewell, Brittney was a legal intern with Texas’ First Court of Appeals.