On March 7, 2022, the Financial Crimes Enforcement Network (FinCEN) of the Treasury Department published guidance on increased vigilance for potential Russian sanctions evasion attempts.[1] The FinCEN Alert follows the imposition of mounting sanctions levied by the U.S. government against Russian interests in connection with the invasion of Ukraine.[2] Among these recent efforts, the Office of Foreign Assets Control and the U.S. Department of State sanctioned numerous Russian elites by identifying certain of their property as blocked.[3] This initiative aims to prevent elites from providing support to the Russian government through their wealth and other resources. The Treasury Department and State Department have also sanctioned Russian intelligence-directed disinformation outlets and defense-related firms.

FinCEN warns that Russian and Belarusian actors may seek to evade these sanctions through various means, through non-sanctioned financial institutions and a variety of actors who retain some degree of access to the international financial system. The FinCEN Alert highlights “red flag indicators” for financial institutions to scrutinize, such as (i) use of corporate vehicles like shell companies to obscure ownership, source of funds, or countries involved; (ii) use of third parties to shield the identity of sanctioned persons who seek to hide the origin or ownership of funds; and (iii) nonroutine foreign exchange transactions that may indirectly involve sanctioned Russian institutions.

Financial institutions should also be alert regarding convertible virtual currency (CVC)[4] and ransomware campaigns. While FinCEN notes that large-scale sanctions evasion using CVC by the Russian government is less practicable, smaller entities and individuals may attempt to use CVC and anonymizing tools to evade sanctions. FinCEN cautions that transactions initiated from or sent to IP addresses located in Russia or Belarus are red flag indicators. Further, in the midst of an “unprecedented” increase in cyberattacks due to the conflict in Ukraine,[5] organizations should be increasingly vigilant against ransomware threats from Russian cyber operations.[6]

The FinCEN Alert also reminds financial institutions of relevant Bank Secrecy Act obligations, such as Suspicious Activity Reporting. A financial institution is required to file a Report if it knows, suspects or has reason to suspect that a transaction it is involved in uses funds derived from illegal activity, attempts to disguise funds derived from illegal activity, is designed to evade Bank Secrecy Act regulations, lacks a business or lawful purpose, or involves the use of the institution to facilitate criminal activity. Financial institutions further have due diligence obligations surrounding politically exposed persons, private banking accounts held for non-U.S. persons, and accounts involving foreign agents or foreign counterparties.

FinCEN encourages financial institutions to make full use of the information-sharing authorities provided by Section 314(b) of the USA PATRIOT Act, as such collaboration is “critical to identifying, reporting, and preventing evolving sanctions evasion, ransomware/cyber attacks, and laundering of the proceeds of corruption.”[7] Under Section 314(b)’s safe harbor provision, financial institutions may share information with each other regarding individuals, organizations and countries for purposes of identifying possible terrorist activity or money laundering.[8]


[1] FinCEN Advises Increased Vigilance for Potential Russian Sanctions Evasion Attempts (Mar. 7, 2022) (FinCEN Alert), https://www.fincen.gov/sites/default/files/2022-03/FinCEN%20Alert%20Russian%20Sanctions%20Evasion%20FINAL%20508.pdf.

[2] See Executive Order 14024 of April 15, 2021, Blocking Property With Respect To Specified Harmful Foreign Activities of the Government of the Russian Federation, https://home.treasury.gov/system/files/126/14024.pdf; Determination Pursuant to Section 1(a)(i) of Executive Order 14024 (Feb. 22, 2022), https://home.treasury.gov/system/files/126/russia_harmful_determination_20220222.pdf. See also OFAC Recent Actions | U.S. Department of the Treasury, https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions.

[3] See Treasury Press Release, Treasury Sanctions Russians Bankrolling Putin and Russia-Backed Influence Actors (Mar. 3, 2022), https://home.treasury.gov/news/press-releases/jy0628.

[4] Virtual currency is a digital representation of value that functions as a medium of exchange, a unit of account and/or a store of value. Convertible virtual currency is virtual currency that has an equivalent value in real currency (i.e., coin and paper money). Bitcoin is one such example. See Virtual Currencies, IRS, https://www.irs.gov/businesses/small-businesses-self-employed/virtual-currencies.

[5] See Kate Conger & Adam Satariano, Volunteer Hackers Converge on Ukraine Conflict With No One in Charge, N.Y. Times (Mar. 4, 2022), https://www.nytimes.com/2022/03/04/technology/ukraine-russia-hackers.html.

[6] See, e.g., Shields Up, Cybersecurity & Infrastructure Security Agency, https://www.cisa.gov/shields-up (compiling best practices for organizations to take in light of increased cybersecurity threats following Russia’s attack on Ukraine).

[7] FinCEN Alert at 9.

[8] See Section 314(b) Fact Sheet, https://www.fincen.gov/section-314b.