The Banking Executive Magazine, Issue 154, October 2021

eign Assets Control (OFAC) issued a brochure to promote sanctions com- pliance in the virtual currency indus- try. The growing prevalence of virtual currency as a payment method brings greater exposure to sanctions risks—like the risk that a sanctioned person or a person in a sanctioned jurisdiction might be involved in a virtual currency transaction. Accord- ingly, the virtual currency industry plays an increasingly critical role in preventing sanctioned persons from exploiting virtual currencies. OFAC sanctions compliance require- ments apply to the virtual currency industry in the same manner as they do to traditional financial institu- tions, and there are civil and criminal penalties for failing to comply. The guidance issued by OFAC today pro- vides an overview of OFAC sanctions requirements and provides examples of compliance best practices for op- erators in this space, including tech- nology companies, exchangers, ad- ministrators, miners, and wallet providers, as well as more traditional financial institutions that may have exposure to virtual currencies or their service providers. Industry partici- pants should consider incorporating the elements and controls outlined in the brochure into their sanctions compliance programs. If ignored or mishandled, sanctions risks are vul- nerabilities that can lead to violations and subsequent enforcement actions, as well as harm U.S. foreign policy and national security interests. OFAC is publishing this guidance as part of its commitment to engage with the virtual currency industry to promote compliance with sanctions requirements. RANSOMWARE TRENDS IN BANK SECRECY ACT DATA FinCEN is also publishing Ran- somware Trends in Bank Secrecy Act data today. The Anti-Money Laun- dering Act of 2020 (AMLA) mandates that FinCEN publish threat pattern and trend information derived from financial institutions’ Suspicious Ac- tivity Reports (SARs). This first report issued pursuant to the AMLA focuses on pattern and trend information per- taining to ransomware, in line with FinCEN’s issuance of government- wide priorities for AML/CFT policy. FinCEN analysis of ransomware-re- lated SARs filed during the first half of 2021 further establishes that ran- somware is a significant threat to the U.S. financial sector, businesses, and the public. FinCEN’s analysis of ran- somware-related SARs highlights av- erage ransomware payment amounts, prevalent ransomware vari- ants, and prominent ransomware money laundering typologies: Average Monthly Ransomware Pay- ment Amount: The average amount of reported ransomware transactions per month filed in 2021 was approx- imately $100 million.” Prevalent Ransomware Variants: Fin- CEN identified 68 different ran- somware variants reported in SAR data for transactions occurring be- tween January 1, 2021 and June 30, 2021. The most commonly reported variants were REvil/Sodinokibi, Conti, DarkSide, Avaddon, and Pho- bos. • Ransomware Money Laundering Typologies: FinCEN identified sev- eral money laundering typologies common among ransomware vari- ants in 2021, including threat ac- tors increasingly requesting payments in Anonymity-Enhanced Cryptocurrencies such as Monero, and avoiding reusing wallet ad- dresses, “chain hopping” and cash- ing out at centralized exchanges, and using mixing services and de- centralized exchanges to convert proceeds. OFAC ISSUE 154 OCTOBER 2021 the BANKING EXECUTIVE 13