Six Steps Exchanges Can Take to Comply With Cryptocurrency Sanctions

Why Cryptocurrency Matters in the AML World

With the Russian invasion of Ukraine ongoing and extensive sanctions being levied accordingly, cryptocurrency-specific designations may be close behind. Below, we outline six steps exchanges can take to strengthen compliance.

1) Collect Know Your Customer (KYC) information and screen it against sanctions lists
Any cryptocurrency business should explore collecting KYC information from new users upon sign-up, recording information such as customer names, addresses, phone numbers, emails, and related documentation. As part of the KYC process, cryptocurrency businesses should screen this information against sanctions lists to refrain from doing business with any designated individuals, entities, or with sanctioned countries.

Because each country maintains its own sanctions list, the easiest way to perform a screening is to use a service like Thomson Reuters or Refinitiv that consolidates and updates sanctions lists daily.

2) Block IP addresses based in sanctioned jurisdictions
According to OFAC guidance (pg. 18), exchanges should use IP address screening to prevent users in sanctioned jurisdictions from accessing their products and services.
For an even more robust compliance approach, exchanges can screen IP addresses against addresses known to be associated with VPN services in order to catch users attempting to mask their true location.

3) Continuously monitor transactions
Exchanges can screen transfers in order to ensure they don’t include cryptocurrency addresses identified as sanctioned parties or countries. Transaction monitoring alerts are crucial here so that compliance teams can take immediate action in the event one of their users attempts a transaction with a sanctioned entity or country.

Transaction monitoring can’t be a one-time deal either — it needs to be continuous, meaning that counterparties on old transactions are re-screened in case new information or sanctions designations have occurred since the initial transaction.

Chainalysis Know Your Transaction (KYT) continuously monitors old transactions at no extra cost and notifies compliance teams in real time when previously unflagged transactions become suspicious in light of new information. With accurate and robust attributions of exchanges and other services such as mixers, Chainalysis’s blockchain analysis platform reduces false positives and enhances exchanges’ screening capabilities.

4) Perform counterparty due diligence
Sometimes service providers, rather than individuals or jurisdictions, are sanctioned. Suex and Chatex — two Russia-based cryptocurrency exchanges — fall under this category. Exchanges must identify their corporate counterparties to ensure that these organizations aren’t subject to sanctions either.

5) Screen for Travel Rule Violations
Exchanges can use Travel Rule information to screen transfers even further. Exchanges using Chainalysis can use Travel Rule integrations to set risk-based rules to automatically restrict incoming or outgoing Travel Rule transfers with VASPs that are sanctioned or do not meet due diligence criteria.

6) Report when interactions with designated parties are found
If a user’s activity is indicative of sanctions violations, US-based exchanges should assess whether they are legally obligated to file a Suspicious Activity Report (SAR) with FinCEN and the necessary regulatory reporting with OFAC. Exchanges based elsewhere must follow the reporting requirements defined by their jurisdiction. If sanctioned activity is identified after this period, exchanges should evaluate whether a voluntary self-disclosure is appropriate.
By following these six steps, cryptocurrency exchanges can build robust compliance programs that mitigate the risk of sanctions violations.

Article credit: https://blog.chainalysis.com/reports/six-steps-exchanges-can-take-to-comply-with-cryptocurrency-sanctions/