Economic Sanctions and Anti-Money Laundering Developments: 2023 Year in Review

Table of Contents

• Executive Summary
• Treasury’s Office of Foreign Assets Control
  • Changes to Sanctions Programs
  • Guidance
  • Other Developments
  • Enforcement Actions
• Treasury’s Financial Crimes Enforcement Network
  • Rulemaking
  • Guidance
  • Enforcement Actions
• Department of Justice
  • Guidance
  • Prosecutions and Other Actions by DOJ
• Federal Banking Agencies
  • Guidance and Rulemaking
  • Enforcement Actions
• Securities and Exchange Commission and Financial Industry Regulatory Authority
  • Guidance
  • Enforcement Actions
• New York State Department of Financial Services
  • Enforcement Actions
• Considerations for Strengthening Sanctions/AML Compliance

Executive Summary

In this memorandum, we survey 2023 U.S. economic sanctions and anti-money laundering (“AML”) developments and trends and provide an outlook for 2024. We also provide thoughts on compliance and risk mitigation measures in this dynamic environment.

During the second year of Russia’s invasion of Ukraine, the U.S. continued tightening sanctions on Russia and, in particular, focused on combatting efforts to evade or circumvent the extensive sanctions in place. Among other things, the Treasury Department’s Office of Foreign Assets Control (“OFAC”) designated a number of parties in third countries, including Türkiye and the United Arab Emirates (“UAE”), for facilitating the transfer of high-value goods to Russia’s military-industrial complex. In December 2023, President Biden issued an Executive Order authorizing the imposition of secondary sanctions on foreign financial institutions that facilitate the transfer of critical goods to Russia or otherwise support Russia’s military-industrial complex. Additionally, OFAC took action in other sanctions programs to advance U.S. foreign policy objectives, such as by further targeting terrorist financing following Hamas’s October 7 attack on Israel.

In 2023, OFAC issued 17 enforcement actions, totaling over $1.5 billion in civil penalties, nearly four times the level of OFAC’s civil penalties in 2022. OFAC’s $970 million settlement with Binance marked the largest penalty in OFAC’s history.^[1] Brian Nelson, the Treasury Department’s Under Secretary for Terrorism and Financial Intelligence, said that this penalty, in addition to the penalty imposed by Treasury’s Financial Crimes Enforcement Network (“FinCEN”), marked a “new era of enforcement for the Treasury.”^[2] Additionally, OFAC entered into a $508 million settlement with British American Tobacco, which marked the largest-ever OFAC resolution with a non-financial institution.^[3]

At the Department of Justice (“DOJ”), there is an increased focus on corporate national security-related criminal enforcement, encompassing sanctions, export controls, and related violations. In addition to the continuing operation of Task Force KleptoCapture and the Disruptive Technology Strike Force, in 2023 DOJ hired 25 new prosecutors to its National Security Division (“NSD”) and created new corporate enforcement roles filled by longtime prosecutors with experience bringing national security-related cases against corporations. DOJ initiated at least 15 prosecutions or enforcement actions involving Russia sanctions or export control evasion, and achieved significant multi-agency resolutions with Binance and British American Tobacco.

DOJ, OFAC, and the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) have also made a new push to encourage voluntary self-disclosures (“VSDs”), although the policies vary by agency. One of the most notable announcements on VSDs this year involved DOJ’s Safe Harbor Policy for mergers and acquisitions, which provides incentives for acquiring companies to voluntarily disclose misconduct uncovered during the M&A process.^[4]

On the AML side, FinCEN has remained busy implementing the various provisions of the AML Act of 2020. Notably, January 1, 2024 marked the effective date of FinCEN’s Beneficial Ownership Information reporting rule; the implementation of the rule will be a core area of focus for the agency in 2024. Additionally, in 2024 FinCEN intends to undertake additional significant rulemakings, including to revise its Customer Due Diligence (“CDD”) Rule in light of the Beneficial Ownership Information reporting rule and to impose AML requirements on investment advisers and the residential real estate sector.^[5] FinCEN has also announced that it expects to issue a proposed rule to facilitate the implementation of its whistleblower program, which applies to both AML and sanctions violations. In the interim, FinCEN is already receiving tips and making referrals to OFAC and DOJ.^[6] In 2023, FinCEN also joined with BIS to issue guidance to financial institutions for filing Suspicious Activity Reports (“SARs”) related to export control violations.

Additionally, FinCEN has continued to utilize its enforcement tools. In 2023, FinCEN released an order under Section 9714(a) of the Combating Russian Money Laundering Act, placing restrictions on Bitzlato Limited (“Bitzlato”), a virtual currency exchange, for facilitating illicit transactions linked to Russian money laundering. And in the wake of the Hamas attack, FinCEN proposed a regulation under Section 311 of the USA PATRIOT Act that would require domestic financial institutions to report information about a transaction that they “know, suspect, or have reason to suspect . . . involves CVC mixing within or involving jurisdictions outside the United States.”^[7] FinCEN also imposed a $3.4 billion penalty on Binance, which represented FinCEN’s largest penalty to date, and issued over $30 million in additional penalties, including FinCEN’s first enforcement actions against a Puerto Rican International Banking Entity and against a trust company.^[8]

New York’s Department of Financial Services (“DFS”) remains an active regulator in the sanctions/AML space. DFS pursued enforcement actions focused on deficiencies in AML compliance programs, both against entities in the virtual currency industry, including a $100 million settlement with Coinbase, and against banks, including Metropolitan Commercial Bank and Shinhan Bank America (“SHBA”).

In total, through the end of 2023, federal and state authorities imposed approximately $3.96 billion in penalties and asset seizures for AML/sanctions violations.^[9] While this total is on par with the total penalties and seizures imposed in 2022 ($3.88 billion), it is significantly higher than the totals from prior years (approximately $630 million in 2021 and approximately $960 million in 2020) and reflects a more aggressive enforcement environment driven by multiple agencies. 

Treasury’s Office of Foreign Assets Control

Changes to Sanctions Programs

Russia. OFAC took a number of actions in 2023 to ratchet up sanctions pressure on Russia. The key actions are summarized below.

• Designations of Russian Individuals and Entities. As we discussed in our prior Year in Review,^[10] following Russia’s February 2022 invasion of Ukraine, OFAC imposed blocking sanctions on major Russian financial institutions and state-owned entities (including Sberbank, Alfa Bank VTB Bank, Alrosa, and the Russian Direct Investment Fund), as well as additional prominent Russian companies and individuals. OFAC designated these individuals and entities on the Specially Designated Nationals List (“SDN List”), which broadly prohibits U.S.-nexus dealings with the designated parties, and which requires U.S. persons in possession of designated parties’ property or interests in property to “block” or “freeze” their property, and report the block to OFAC. Throughout 2023, OFAC continued to designate hundreds of Russian individuals and entities on the SDN List, broadly cutting them off from the U.S. economy.^[11] Many of the Russian entities added to the SDN List in 2023 are active in the country’s financial, defense, and energy sectors, or are owned or controlled by the Russian government or prominent Russian oligarchs. OFAC also sanctioned a number of Russian individuals involved in malicious cyber activities like election interference and disinformation activities.^[12]
• Restrictions on New Investments and Certain Services. On April 6, 2022 President Biden issued Executive Order 14071, which prohibits U.S. persons from (i) making any new investment in the Russian Federation and (ii) providing any category of services to any person in the Russian Federation, as determined by the Secretary of the Treasury (in consultation with the Secretary of State).^[13] Since then, the Secretary of the Treasury has issued a number of determinations on “categories of services” that U.S. persons are prohibited from providing to persons in the Russian Federation without a license, including, for example, accounting, management consulting, architecture, and engineering services.^[14]
• Prohibitions on Facilitation. OFAC sanctions programs generally contain a prohibition on “facilitation” that prohibits a U.S. person from “facilitating” a transaction that they would be prohibited from taking themselves. For example, Executive Order 14071 (which, as explained above, prohibits the provision of new investments and certain services to persons in the Russian Federation) includes a prohibition on “facilitation”—meaning that a U.S. person is prohibited from facilitating the provision of these services or new investments in the Russian Federation by a non-U.S. person.^[15] Furthermore, the March 11, 2022 Executive Order 14068 prohibits U.S. persons from approving, financing, facilitating, or guaranteeing the export, reexport, sale, or supply to Russia of any item that could not be exported to Russia from the U.S. based on Commerce Department regulations. OFAC has in multiple enforcement matters treated a U.S. parent company’s approval of its foreign subsidiary’s transaction with a prohibited party or jurisdiction as prohibited “facilitation.”^[16]
• Preventing Evasion/Circumvention. In 2023, OFAC focused on limiting attempts to evade or circumvent Russia sanctions. Indeed, in May 2023, Secretary of the Treasury Janet Yellen stated that “a central piece” of Treasury’s strategy on Russia sanctions “is to take further actions to disrupt Russia’s attempts to evade our sanctions.”^[17] Consistent with that strategy, in 2023, OFAC designated under its Russia sanctions program over 375 individuals and entities domiciled outside of Russia, generally for facilitating circumvention or sanctions evasion. As reflected in the heat map below, the largest number of designations were in Cyprus, the UAE, Türkiye, and the PRC.^[18] According to OFAC, the UAE, Türkiye, and the PRC are “hubs for exporting, re-exporting and transshipping to Russia foreign-made technology and equipment” and entities in those countries “continue to send high-priority dual-use goods to Russia, including critical components that Russia relies on for its weapons systems.”^[19] OFAC also designated networks linked to the transfer of unmanned aerial vehicles from Iran to Russia and the transfer of arms from North Korea to Russia.^[20]
  
  OFAC also has reiterated that it can bring enforcement actions against non-U.S. persons that cause a U.S. person to violate sanctions, especially in the context of transactions that transit the U.S. financial system or that depend on U.S.-based servers or other infrastructure. ^[21] In December 2023, OFAC stated that “non-U.S. persons are prohibited from causing or conspiring to cause U.S. persons to wittingly or unwittingly violate U.S. sanctions, as well as engaging in conduct that evades U.S. sanctions. OFAC uses its enforcement discretion robustly to identify and address U.S. sanctions violations by non-U.S. persons.”^[22]

• Executive Order Authorizing Secondary Sanctions on Foreign Financial Institutions. Beginning in early 2023, administration officials traveled to countries of concern to highlight the risks of Russia-related sanctions evasion.^[23] In furtherance of these efforts, on December 22, 2023, President Biden issued Executive Order 14114, which pointedly adds the threat of secondary sanctions. Specifically, the Executive Order provides that Treasury may impose on foreign financial institutions either (i) correspondent banking restrictions or (ii) full blocking sanctions (i.e., an SDN designation) upon determining that the financial institution has:

(i) conducted or facilitated any significant transaction or transactions for or on behalf of any person designated pursuant to Section 1(a)(i) of E.O. 14024 for operating or having operated in the technology, defense and related materiel, construction, aerospace, or manufacturing sectors of the Russian economy, or other such sectors as may be determined to support Russia’s military-industrial base by the Secretary of the Treasury, in consultation with the Secretary of State; or

(ii) conducted or facilitated any significant transaction or transactions, or provided any service, involving Russia’s military-industrial base, including the sale, supply or transfer, directly or indirectly, to the Russian Federation of any item or class of items as may be determined by the Secretary of the Treasury, in consultation with the Secretary of State and the Secretary of Commerce.^[24]

On December 22, 2023, OFAC issued a Determination identifying certain “critical items” (including certain machine tools and manufacturing equipment, manufacturing materials for semiconductors and related electronics, electronic test equipment, propellants and chemical precursors for propellants and explosives, lubricants and lubricant additives, bearings, advanced optical systems, and navigation instruments)^[25] that support Russia’s military-industrial base. OFAC stated that foreign financial institutions should “use the list of specified items for the purpose of mitigating sanctions risk under” the Executive Order.^[26]

As a senior administration official stated, the Executive Order marks the “first time that we’re introducing a tool that allows us to use secondary sanctions to go after financial institutions during this conflict” and would “provide us with a strong tool to disincentivize the type of behavior that is furthering Russia’s ability to build weapons of choice that they are using in Ukraine.”^[27] Deputy Treasury Secretary Wally Adeyemo stated: “Financial institutions that continue to process transactions to Russia have a clear choice to make—stop all transactions from customers selling critical goods, or ensure these goods are not benefiting Russia’s war machine. Otherwise, you risk losing access to the US financial system.”^[28]

Notably, the Executive Order does not require that foreign financial institutions “knowingly” engage in the conduct specified in the Executive Order, allowing OFAC, in theory, to impose secondary sanctions for unwitting conduct. 

OFAC also issued a sanctions advisory on December 22, 2023, providing examples of conduct that could constitute a sanctions risk, including maintaining accounts, transferring funds, or providing other financial services (including trade finance) that would support Russia’s military-industrial base, facilitating the sale, supply, or transfer of the critical items to Russian importers or companies shipping the items to Russia, or helping companies or individuals evade U.S. sanctions on Russia’s military industrial base (including taking steps to hide the ultimate purpose of transactions to evade sanctions).^[29] The advisory states that “each institution should implement controls commensurate with its risk and current exposure to Russia’s military-industrial base and its supporters.” It also builds on other recent guidance from OFAC, FinCEN, and BIS relating to sanctions and export controls evasion and notes that foreign financial institutions should (1) communicate compliance expectations relating to the usage of accounts to customers (including the prohibitions related to Russia’s military-industrial base); (2) seek additional information from certain customers through questionnaires and attestations; and (3) place appropriate mitigation measures on accounts related to high-risk activity or where the customer failed to respond to a request regarding activity of concern. In effect, the advisory provides an overview of OFAC’s compliance expectations for foreign financial institutions to avoid the imposition of sanctions.  

Additionally, in December 2023, OFAC issued 12 new Russia-related FAQs regarding the Executive Order.^[30] Those FAQs include FAQ 1151, which states that “OFAC may consider the totality of the facts and circumstances” to determine whether a given transaction is “significant” for purposes of the Executive Order. According to FAQ 1151, “some or all of the following factors may be considered: (a) the size, number, and frequency of the transaction(s); (b) the nature of the transaction(s); (c) the level of awareness of management and whether the transactions are part of a pattern of conduct; (d) the nexus of the transaction(s) to persons sanctioned pursuant to E.O. 14024, or to persons operating in Russia’s military-industrial base; (e) whether the transaction(s) involve deceptive practices; (f) the impact of the transaction(s) on U.S. national security objectives; and (g) such other relevant factors that OFAC deems relevant.”

• Price Cap on Russian Oil. OFAC has also heightened its enforcement activities surrounding the multilateral “price cap” on Russian oil and issued significant guidance related to compliance with the price cap.^[31] In October 2023, OFAC imposed the first sanctions for violations of the price cap, designating vessels and entities from Türkiye, the Marshall Islands, the UAE, and Liberia tied to shipments of Russian oil.^[32] In November and December 2023, OFAC issued additional price-cap-related sanctions, including designating vessels and entities from the UAE, Liberia, and Hong Kong that carried Russian oil priced above the price cap, as well as designating several oil traders.^[33] In October 2023, the international Price Cap Coalition published an advisory with “best practices” for industry stakeholders to ensure they do not purchase Russian-origin oil priced above the price cap.^[34] In December, OFAC and the Price Cap Coalition updated OFAC’s “Guidance on Implementation of the Price Cap Policy and Petroleum Products of Russian Federation Origin” to strengthen the requirements relating to attestation and recordkeeping for certain covered service providers.^[35]
• Russian Sovereign Assets. Throughout 2023, the U.S. and other members of the G-7 considered options regarding the approximately $300 billion of immobilized Russian sovereign assets. Secretary Yellen stated that the U.S. is “examining a number of options, including some that we may be able to take under existing authorities.”^[36] According to press reports, the G-7 may make an announcement on this issue before the second anniversary of Russia’s invasion of Ukraine on February 24, 2024.^[37] Notably, there are potential limitations under U.S. law on what the Biden Administration can do regarding Russian sovereign assets in the U.S., as the International Emergency Economic Powers Act (“IEEPA”) only permits seizures of foreign property during a time of war. However, there are press reports suggesting that the Biden Administration supports legislation expanding IEEPA authority to allow action in this specific circumstance.^[38]

Virtual Currency. In 2023, OFAC continued taking actions related to virtual currency. This included a number of significant enforcement actions (described below) and the designations of entities and individuals associated with the illicit use of virtual currency, such as: (i) a “virtual currency mixer,” Sinbad.io, utilized by the Lazarus Group^[39]; (ii) a Gaza-based virtual currency exchange utilized by terrorist groups; and (iii) a “virtual currency money launderer” who illicitly transferred funds for Russian elites.^[40]

As we discussed in our last Year in Review, in 2022, OFAC designated Tornado Cash, a cryptocurrency privacy protocol and a number of smart contracts associated with it.^[41] That designation was challenged by plaintiffs in lawsuits filed in the Western District of Texas and the Northern District of Florida. On August 17, 2023, the district court in the Western District of Texas granted summary judgment for OFAC. The court held that OFAC did not exceed its authority in this designation because, under the IEEPA and OFAC’s regulations, Tornado Cash is a “person” and it has an “interest” in the designated smart contracts, which are “property.”^[42] On October 20, 2023, the district court in the Northern District of Florida granted summary judgment for OFAC, finding that, “because foreigners (e.g., Tornado Cash’s founders, developers, and DAO) have a financial ‘interest’ in the increased use and popularity of the Tornado Cash service as a whole, OFAC did not exceed its statutory authority by designating all of the addresses affiliated with the service, including the core software tool, under the IEEPA.”^[43] Those cases are now pending appeal.

China-related Designations. In 2023, the Biden Administration did not issue any designations under China-specific sanctions authorities, such as the Chinese Military Industrial Complex Company program or the Hong Kong Autonomy Act. However, there have been significant designations of Chinese entities and individuals under other sanctions programs, including designations of Chinese companies and individuals for: (i) providing high-value goods to Russia’s defense-industrial complex;^[44] (ii) involvement with the international proliferation of illicit drugs, including the manufacturing and distribution of fentanyl and methamphetamine precursors;^[45] and (iii) involvement in the procurement of sensitive parts for Iran’s unmanned aerial vehicle program.^[46] 

Counter-terrorism. Since the October 7, 2023 terrorist attack on Israel, OFAC has sanctioned additional Hamas members, financial facilitators in Gaza and abroad, and Hamas-linked operatives in other parts of the region, including Sudan, Türkiye, Algeria, and Qatar.^[47] Notably, OFAC designated a Gaza-based crypto exchange.^[48] These sanctions build on OFAC’s May 2022 designations of persons and entities involved in Hamas’s secret investment portfolio and previous designations of Hamas-linked entities and individuals.^[49] In December, OFAC also targeted an Iranian-affiliated network that supported the Houthis in Yemen, which resulted in sanctions on entities in Iran, Lebanon, Türkiye, St. Kitts and Nevis, Yemen, and the United Kingdom (“U.K.”).^[50] Most recently, in January 2024, OFAC re-added the Houthis to the SDN List as a “Specially Designated Global Terrorist group,”^[51] three years after it had delisted the group in “recognition of the dire humanitarian situation in Yemen.”^[52] Treasury has signaled that its “efforts to identify and freeze the finances of Hamas and other Iran-backed terrorist groups” are a high priority and that such “targeted measures will continue.”^[53] 

OFAC has also continued to make designations targeting Hezbollah. In April 2023, Treasury designated a global network that facilitated the shipment of “diamonds, precious gems, art, and luxury goods” for a Hezbollah financier. Under Secretary Nelson noted that the individuals in the network “used shell companies and fraudulent schemes” to disguise the Hezbollah financier’s involvement and that “luxury good market participants should be attentive to these potential tactics and schemes[.]”^[54]

Venezuela. In October 2023, OFAC issued General Licenses and related guidance providing sanctions relief to the Government of Venezuela and certain sectors of the Venezuelan economy. The relief follows the “electoral roadmap agreement” between the Maduro regime and Venezuelan opposition parties. Notably, General License 44 (“GL 44”) authorized certain transactions with Petróleos de Venezuela, S.A and related entities (subject to certain limitations, including that the authorization does not apply to entities that are Specially Designated Nationals (“SDNs”)).^[55] GL 44 extends until April 18, 2024, and OFAC noted in its October 18, 2023 guidance that the U.S government “intends to renew GL 44 only if the representatives of Maduro follow through with their commitments and take continued concrete steps toward a democratic election by the end of 2024.”^[56] In November 2023, Assistant Secretary of State Brian Nichols said that he was “confident” that the Maduro regime would live up to the electoral roadmap agreement, but emphasized that “everything is on the table” if they do not, including removing the newly issued licenses.^[57]

Inflation Adjustment to OFAC Penalties. Consistent with the Federal Civil Penalties Inflation Adjustment Act of 1990, as amended by the Federal Civil Penalties Adjustment Act Improvements Act of 2015, OFAC announced on January 12, 2024 amendments to its regulations to adjust for inflation the maximum amount of civil monetary penalties that OFAC may assess pursuant to OFAC regulations.^[58] The amendments raised the applicable statutory maximum civil penalty amounts to $368,136 per violation of the IEEPA and $108,489 per violation of the Trading With the Enemy Act. The penalties for violations of sanctions administered pursuant to the Antiterrorism and Effective Death Penalty Act of 1996 were increased to $97,178, and penalties for violations of the sanctions administered pursuant to the Foreign Narcotics Kingpin Designation Act were increased to $1,829,177. The applicable penalties for various OFAC-administered recordkeeping violations were increased to between $1,422 and $71,162, depending on the type of recordkeeping violation.

Guidance

Compliance-related Guidance. As discussed in greater detail in the DOJ section, OFAC joined with other government agencies in issuing compliance-related guidance, including guidance on “Know Your Cargo” in December 2023,^[59] on “Voluntary Self-Disclosure of Potential Violations” in July 2023,^[60] on “Russia Sanctions and Export Control Evasion” in March 2023,^[61] and on “Iran Ballistic Missile Procurement” in October 2023.^[62]

Humanitarian-related Guidance. In December 2022, OFAC amended its regulations across a number of sanctions programs to “ease the delivery of humanitarian aid.”^[63] Secretary of State Anthony Blinken noted that the updates to U.S. sanctions were intended to “make our sanctions clearer, stronger, and more effective and streamlined.”^[64] In 2023, OFAC built on that effort by releasing Supplemental Guidance for the Provision of Humanitarian Assistance,^[65] which clarified the scope of the December 2022 updates, and further guidance specific to providing humanitarian assistance to the Palestinian people (November 2023)^[66] and to Syria (August 2023).^[67] In June 2023, OFAC and the U.K.’s Office of Financial Sanctions Implementation issued guidance related to humanitarian assistance and food security under the Russian sanctions program.^[68]

Other Developments

In 2023, OFAC’s Director, Andrea Gacki, was named as the Director of FinCEN^[69]; OFAC’s Deputy Director, Brad Smith, was named as the new Director of OFAC; and Lisa Palluconi, who had served as an associate director, was elevated to Deputy Director.^[70]

OFAC has indicated that it is considering updating its enforcement guidelines. The existing guidelines are essentially the same as the guidelines issued in 2009.^[71]

Enforcement Actions

OFAC’s 2023 enforcement actions targeted a mix of U.S. and non-U.S. parties across a range of industries including financial institutions, technology companies, manufacturing companies and, continuing a trend that began in 2021, a number of companies active in the virtual currency space. OFAC penalties for 2023 totaled more than $1.54 billion, before crediting, which vastly exceeded the approximately $43 million penalties imposed in 2022. Although OFAC issued 17 public enforcement actions in 2023, the vast majority of its 2023 penalty total (almost $1.5 billion) is from two major actions—against Binance ($968 million) and British American Tobacco (“BAT”) ($508 million), two of the largest OFAC settlements ever. Consistent with OFAC’s new focus in recent years on individual liability, OFAC reached a settlement involving a penalty with an unnamed U.S. executive at a company that was also the target of an enforcement action (Murad LLC). Below we summarize OFAC’s enforcement actions from 2023, grouped by category.  

Use of the U.S. Financial System

British American Tobacco p.l.c. As discussed in our prior memorandum and in the DOJ section below,^[72] on April 25, 2023, OFAC announced a $508,612,492 settlement with U.K.-based tobacco and cigarette manufacturer BAT for 16 apparent violations of North Korea sanctions between 2009 and 2017 that involved a BAT subsidiary in Singapore, British-American Tobacco Marketing (Singapore) PTE Ltd. (“BATMS”).^[73] According to the government, in 2001, BATMS established a joint venture (the “Joint Venture”) with a company located in North Korea for the purpose of manufacturing and distributing BAT cigarettes. According to OFAC, in 2007, BAT’s Standing Committee, which includes BAT senior executives in London, approved a plan whereby BATMS would sell its 60% stake in the Joint Venture to a company in Singapore because of concerns over public associations with North Korea and the difficulty in extracting profits from that country. OFAC stated that BAT publicly represented this sale in a press release as a divestment of the portion of its business involved in North Korea tobacco sales, but that, in reality, BATMS still held a controlling interest in the Joint Venture and used that control to continue tobacco sales in North Korea. According to OFAC, through this concealment scheme, BATMS caused U.S. financial institutions to process transactions that would have been frozen, blocked, investigated, or declined had the banks known of the connection to North Korea. OFAC determined that the apparent violations were egregious and not voluntarily self-disclosed. OFAC’s resolution with BAT was reached concurrently with BATMS’s DOJ guilty plea agreement and BAT’s execution of a deferred prosecution agreement. 

In announcing the settlement, Under Secretary Nelson stated that “[c]ompanies that seek to profit from circumventing sanctions by obscuring their involvement will be discovered and will pay a price . . . Firms that deal with blocked persons, even indirectly, will be penalized when their schemes implicate the U.S. financial system.” Under Secretary Nelson also noted that this action constituted the largest resolution against a non-financial institution in OFAC’s history. As with the Binance settlement, OFAC credited fines paid to DOJ against a vast majority of the settlement, and BAT was ultimately obligated to pay $5,348,685 to Treasury.

Godfrey Phillips India Limited. On March 1, 2023, OFAC announced a $332,500 settlement with India-based Godfrey Phillips India Limited (“GPI”) for five apparent violations of North Korea sanctions between 2016 and 2017.^[74] According to OFAC, the apparent violations resulted from GPI’s use of the U.S. financial system to receive payments for tobacco it indirectly exported to North Korea through third-country intermediaries. OFAC stated that GPI had exported tobacco to North Korea through an intermediary in Thailand and had received payments through intermediaries in Hong Kong. OFAC stated that “by directing the Hong Kong intermediaries to remit payments in USD, GPI caused U.S. correspondent banks that processed payments, as well as the foreign branch of a U.S. bank, to export financial services to or otherwise facilitate the exportation of tobacco” to North Korea. OFAC found the case to be non-egregious. OFAC noted that this action “highlights how non-U.S. persons engaged in business with sanctioned actors and jurisdictions can violate U.S. sanctions regulations by causing U.S. persons to engage in prohibited transactions.”

Swedbank Latvia AS. On June 20, 2023, OFAC announced a $3,430,900 settlement with Swedbank Latvia AS (“Swedbank Latvia”) for 386 apparent violations of OFAC sanctions on Crimea.^[75] Swedbank Latvia is headquartered in Riga, Latvia, and is a subsidiary of Swedbank AB, an international financial institution headquartered in Stockholm, Sweden. According to OFAC, throughout 2015 and 2016, a customer with an IP address in Crimea used Swedbank Latvia’s e-banking platform to send payments through U.S. correspondent banks to persons in Crimea. According to OFAC, a U.S. correspondent bank rejected certain payments initiated by the client due to a potential connection with Crimea and alerted Swedbank Latvia. OFAC determined that a relationship manager at Swedbank Latvia then re-routed the rejected payments to a different U.S. correspondent bank, which ultimately processed the transactions. OFAC determined that the apparent violations were non-egregious and not voluntarily self-disclosed. OFAC treated as an aggravating factor Swedbank Latvia’s failure to integrate into its sanctions screening process Know Your Customer (“KYC”) and IP data regarding its client’s presence in Crimea. OFAC also noted that Swedbank Latvia is a sophisticated financial institution and had knowledge that it had customers in Crimea. Mitigating factors noted by OFAC included Swedbank AB and Swedbank Latvia’s “extensive lookback” review.

OFAC emphasized that the case illustrates, among other things, the importance of “ensuring that KYC information (such as passports, phone numbers, nationalities, and addresses) and IP data are appropriately integrated into sanctions screening protocols.” OFAC remarked that “the bank’s own KYC information supported the concerns of its correspondent bank, yet it went ignored.”

Wells Fargo Bank, N.A. On March 30, 2023, OFAC announced a $30,000,000 settlement with Wells Fargo Bank, N.A. (“Wells Fargo”) related to 124 apparent violations of the U.S.’s Iran-, Sudan- and Syria-focused sanctions programs.^[76] According to OFAC, from approximately 2008 to 2015, Wells Fargo and Wachovia Bank (“Wachovia”), which Wells Fargo acquired in 2008, provided a custom trade software platform for use by a European bank. OFAC determined that the European bank then used the platform to process trade finance transactions with U.S.-sanctioned jurisdictions and persons. According to OFAC, this system relied on servers and technology based in the U.S. and was created at the direction of a U.S.-based mid-level manager within Wachovia’s Global Trade Services (“GTS”) business unit. OFAC stated that Wells Fargo “knew or should have known” the European bank would use the software to transact with comprehensively sanctioned jurisdictions or SDNs—especially as concerns were raised internally regarding the system on multiple occasions following Wells Fargo’s acquisition of Wachovia and because OFAC also determined that employees in GTS had unsuccessfully attempted to design the system in a manner that would avoid the involvement of Wells Fargo or other U.S. persons due to sanctions compliance concerns.

OFAC determined that the apparent sanctions violations were voluntarily self-disclosed and egregious. Aggravating factors included the fact that sanctions concerns were repeatedly raised to senior management, and that Wachovia and Wells Fargo are global commercially sophisticated financial institutions. Mitigating factors included GTS’s small role within Wells Fargo and the bank’s otherwise “strong” sanctions program; the relatively modest financial magnitude of the apparent violations; and the fact that the majority of the apparent violations related to agriculture, medicine, and telecommunications, and thus may have been eligible for a license.

In announcing the settlement, OFAC highlighted the sanctions compliance risks that companies can face from “smaller, non-core business lines” and emphasized the importance of addressing internal compliance concerns even when they relate to those more marginal lines of business.

Emigrant Bank. On September 21, 2023, OFAC announced a $31,867.90 settlement with U.S.-based Emigrant Bank (“Emigrant”) for 30 apparent violations of the Iranian Transactions and Sanctions Regulations between 2017 and 2021.^[77] For approximately 26 years, Emigrant maintained a Certificate of Deposit account for two Iranian residents, for which it processed 30 transactions totaling $91,051.13. According to OFAC, Emigrant had actual knowledge of the Iranian address and apparent location of the accountholders during this period, but failed to implement adequate controls to identify and prevent prohibited account services. OFAC treated as an aggravating factor that “Emigrant is a longstanding privately-owned bank in the United States and is a sophisticated financial institution.” OFAC ultimately found the case to be non-egregious and voluntarily self-disclosed. It highlighted as a mitigating factor the “negligible harm to U.S. sanctions policy objectives.”

Sanctions Screening Issues; Deficiencies in IP Address Blocking; Deficiencies in Other Automated Systems

Uphold HQ Inc. On March 31, 2023, OFAC announced a $72,230.32 settlement with U.S.-based digital trading platform Uphold HQ Inc. (“Uphold”) for 152 transactions worth $180,575.80 in apparent violation of OFAC’s sanctions against Iran, Cuba, and Venezuela.^[78] According to OFAC, Uphold or certain of its non-U.S. affiliates processed transactions for customers who self-identified as being located in Iran or Cuba and for employees of the Government of Venezuela. OFAC determined that the apparent violations were voluntarily self-disclosed and were non-egregious. OFAC treated as an aggravating factor that Uphold had information in its possession giving it reason to know that it was processing payments in apparent violation of U.S. sanctions. OFAC stated that the case illustrates the importance of integrating “information provided by customers during the account opening and diligence processes, such as identification and location information” into financial institutions’ sanctions screening programs. Regarding the Venezuela-related transactions, OFAC reminded financial institutions that it expects them to “conduct due diligence on their own direct customers to confirm that those customers are not persons whose property and interests in property are blocked.”

Microsoft Corporation. On April 6, 2023, OFAC announced a $2,980,265.86 settlement with Microsoft related to the indirect export of services and software from the U.S. to sanctioned jurisdictions and SDNs in apparent violation of OFAC’s Cuba, Iran, Syria, and Ukraine-/Russia-Related sanctions programs.^[79] The settlement was part of a joint administrative enforcement effort with BIS, resulting in a total penalty of over $3.3 million.^[80] According to OFAC, Microsoft Ireland Operations Limited and Microsoft Rus LLC (collectively, the “Microsoft Entities”), were involved in 1,339 apparent violations of OFAC sanctions programs when they engaged third-party licensing solution partners (“LSPs”) to sell the Microsoft Entities’ products to customers globally. OFAC determined that the Microsoft Entities’ LSPs sold software licenses to end users located in several comprehensively sanctioned jurisdictions and also SDN end users, to which the Microsoft Entities then provided U.S.-origin software and/or U.S.-based services.

OFAC also faulted the Microsoft Entities’ sanctions screening procedures, which OFAC determined “did not identify blocked parties not specifically listed on the SDN List, but owned 50 percent or more by SDNs, or SDNs’ Cyrillic or Chinese names.” OFAC also faulted the Microsoft Entities’ screening procedures for not screening certain address information collected by the Microsoft Entities during the normal course of business. OFAC determined that the apparent violations were non-egregious and self-disclosed. OFAC treated as aggravating factors the sheer number of apparent violations, which OFAC described as “not isolated or atypical in nature”; the fact that “major Russian enterprises” benefitted from the apparent violations; and that Microsoft is a leading global technology company. OFAC focused in particular on Microsoft’s failure to screen certain end users whose names were provided to the Microsoft Entities during the normal course of business—including names that appeared in Cyrillic.

OFAC stated that global technology companies should ensure that their sanctions controls are “commensurate” with the risks posed by “the increased use of internet-based computing and global demand for software applications.” Finally, OFAC emphasized that these apparent violations illustrate the “persistent efforts” of Russian actors to evade sanctions, and cautioned firms to be aware of the “evasion techniques” that resulted in the apparent violations.

Poloniex, LLC. On May 1, 2023, OFAC announced a $7,591,630 settlement with U.S.-based virtual currency exchange Poloniex, LLC (“Poloniex”) for 65,942 apparent violations of multiple OFAC sanctions programs between 2014 and 2019.^[81] According to OFAC, the Poloniex trading platform allowed customers apparently located in sanctioned jurisdictions, such as Crimea, Cuba, Iran, Sudan, and Syria, to engage in online digital asset-related transactions, such as trades, deposits, and withdrawals, with a combined value of $15,335,349, despite having reason to know their location from both KYC information and IP address data. OFAC treated as an aggravating factor that Poloniex operated with no sanctions compliance program for more than a year after first beginning operations. OFAC noted that even after Poloniex implemented its sanctions compliance program in May 2015, the company did not apply the program consistently across comprehensively sanctioned jurisdictions nor to customers who had self-identified before May 2015 as residing in a comprehensively sanctioned jurisdiction. OFAC ultimately found the case to be non-egregious, citing, among other things, that Poloniex was a small start-up at the time of most of the apparent violations. OFAC highlighted “the importance of using all available location-related information for sanctions compliance purposes” and that compliance controls apply “not only to new customers, but to existing ones as well.”

daVinci Payments. On November 6, 2023, OFAC announced a $206,213 settlement with U.S.-based financial services firm Swift Prepaid Solutions, Inc. d/b/a daVinci Payments (“daVinci”) for 12,391 apparent violations of OFAC’s Crimea, Iran, Syria, and Cuba sanctions programs.^[82] According to OFAC, daVinci provides payment reward card programs that allow their clients to issue prepaid cards to select recipients, typically as part of a loyalty, award, or promotional incentive for employees, customers, and others. OFAC determined that clients funded cards themselves through an issuing bank, and that daVinci provided digital or physical prepaid cards to authorized users after receiving a list of recipients from its client and prompting the recipient to redeem the token for the prepaid card. OFAC noted that to receive the token, users entered their names, addresses, and email addresses on daVinci’s website and that users could not enter an address in a comprehensively sanctioned jurisdiction and were screened against sanctions lists. According to OFAC, in the course of a compliance review and subsequent investigation, daVinci discovered that on 12,378 occasions it had redeemed cards for users with IP addresses associated with comprehensively sanctioned jurisdictions. OFAC determined that the conduct was non-egregious and was voluntarily self-disclosed.

OFAC emphasized that the action “underscores the importance of obtaining and using all available information to verify a customer’s identity or residency, including by using location-related data, such as IP address and top-level domains, for sanctions compliance purposes.” It also stressed that the case “demonstrates the potential shortcomings of controls that rely on customer-provided information.”

Binance Holdings, Ltd. As discussed further in the DOJ section, on November 21, 2023, OFAC announced a $968,618, 825 settlement with Cayman Islands-incorporated Binance Holdings, Ltd. (“Binance”) for 1,667,153 apparent violations of multiple OFAC sanctions programs.^[83] These apparent violations related to crypto transactions involving both comprehensively sanctioned jurisdictions as well as persons on the SDN List. This action represents the largest settlement in OFAC history and was part of a global settlement including DOJ, FinCEN, and the Commodity Futures Trading Commission (“CFTC”). OFAC determined that “senior Binance management knew of and permitted the presence of both U.S. and [comprehensively] sanctioned jurisdiction users on its platform and did so despite understanding that [this] could cause violations of OFAC-administered sanctions programs.” OFAC ultimately determined that Binance’s apparent violations were not voluntarily self-disclosed and that Binance’s conduct was egregious. OFAC credited fines paid to DOJ against a vast majority of the settlement. OFAC also credited Binance for its “significant remedial measures,” including revamping and expanding its sanctions and KYC compliance frameworks and retaining a compliance monitor for a five-year period.

CoinList Markets LLC. On December 13, 2023, OFAC announced a $1,207,830 settlement with U.S.-based virtual currency exchange CoinList Markets LLC (“CLM”) relating to 989 apparent violations of OFAC’s Russia/Ukraine sanctions.^[84] According to OFAC, although CLM screened new and existing customers against OFAC and other sanctions lists, CLM’s screening procedures “failed to capture users who represented themselves as resident of a non-embargoed country but who nevertheless provided an address within Crimea.” OFAC ultimately found CLM’s apparent violations were not voluntarily self-disclosed and were non-egregious. OFAC treated as an aggravating factor that CLM knew or had reason to know it was conducting transactions on behalf of individuals likely to be ordinarily resident in Crimea. Specifically, OFAC noted that the users in question self-reported addresses during the opening of a CLM account specifying a city in Crimea, the word “Crimea,” or both.

Privilege Underwriters Reciprocal Exchange. On December 21, 2023, OFAC announced a $466,200 settlement with U.S.-based insurance company Privilege Underwriters Reciprocal Exchange (“PURE”) for 39 apparent violations of OFAC’s Ukraine/Russia-Related sanctions between May 2018 and July 2020.^[85] According to OFAC, during the relevant period, PURE engaged in transactions related to four insurance policies involving a Panama-based company that, while not itself listed on the SDN List, was wholly owned by Russian SDN Viktor Vekselberg. According to OFAC, email correspondence from as early as January 2010 demonstrated that PURE’s underwriting manager was aware that the insurance policies provided coverage for property wholly owned by Vekselberg. OFAC ultimately found PURE’s apparent violations were not voluntarily self-disclosed and were non-egregious. OFAC treated as aggravating factors that PURE had reason to know it was receiving premium payments from and providing coverage to a company wholly owned by a blocked person, and that PURE did not ensure ownership information about a customer was incorporated into its sanctions screening program.

OFAC noted that the case demonstrates the importance of including in sanctions compliance programs mechanisms to comply with OFAC’s 50 Percent Rule and to ensure that information collected during the ordinary course of business, such as customers’ ownership information, is regularly re-screened to account for changes or updates to the SDN List.

U.S. Parent Liability for Non-U.S. Subsidiary Business with Iran or Cuba

Construction Specialties Inc. On August 16, 2023, OFAC announced a $660,594 settlement with U.S.-based Construction Specialties Inc. (“CS”) related to three apparent violations of OFAC sanctions targeting Iran.^[86] According to OFAC, between December 4, 2016 and August 3, 2017, CS’s UAE subsidiary, Construction Specialties Middle East L.L.C. (“CSME”) “imported building materials from the United States to the UAE and then knowingly reexported them to Iran.” OFAC noted that CSME’s general manager directed this activity in contravention of CS’s sanctions policy. OFAC determined that a whistleblower at CSME alerted CS headquarters, and that CS then initiated an internal review and voluntarily reported the matter to OFAC. According to OFAC, the apparent violations were voluntarily self-disclosed and egregious. OFAC treated as aggravating factors the willful involvement of senior CSME management in the apparent violations and the general commercial sophistication of CS and CSME.

In announcing the settlement, OFAC emphasized the “challenges that multinational companies face when they pursue business opportunities in high-risk jurisdictions,” where employees might be particularly inclined to “act on their own initiative to disregard policies and controls and seek to circumvent applicable sanctions.” OFAC also stated that the action highlights the importance of a whistleblower program through which employees can report potential sanctions violations. In this context, OFAC highlighted the FinCEN whistleblower program, noting that it applies to OFAC-administered sanctions. As discussed in our prior memorandum,^[87] OFAC also highlighted “the importance for parent companies to . . . exercise appropriate oversight over activities of . . . subsidiaries that may pose sanctions risks.”

3M Company. As discussed in our prior memorandum, on September 21, 2023, OFAC announced a $9,618,477 settlement with U.S.-based 3M Company (“3M”), a global manufacturing company, for 54 apparent violations of OFAC sanctions targeting Iran between 2016 and 2018.^[88] According to OFAC, two non-U.S. 3M subsidiaries engaged in sales of reflective license plate sheeting to a German reseller which “3M knew or should have known would be resold to an arm of the [Law Enforcement Forces] of Iran.” Although during the period in question OFAC’s General License H (“GL H”) authorized foreign subsidiaries of U.S. companies to engage in certain transactions with Iran, GL H explicitly prohibited transactions with Iranian law enforcement. OFAC treated as an aggravating factor that numerous 3M employees, including trade compliance personnel, failed to “properly evaluate the proposed sales” and “ignore[d] ample evidence” of the apparent violations; however, OFAC noted as mitigating factors 3M’s remedial efforts, such as the addition of more trade compliance counsel.

In announcing the settlement, OFAC emphasized that “parent companies are expected to oversee compliance with applicable U.S. sanctions laws within their subsidiaries, and to empower employees to alert headquarters trade compliance when business dealings need further review.”

Nasdaq, Inc. On December 8, 2023, OFAC announced a $4,040,923 settlement with U.S.-based stock exchange NASDAQ, Inc. (“Nasdaq”) for 151 apparent violations between 2012 and 2014 arising from the conduct of its former wholly owned subsidiary, Nasdaq OMX Armenia OJSC (“Nasdaq OMX Armenia”).^[89] According to OFAC, in February 2008, Nasdaq acquired OMX AB, a Swedish financial company that owned and operated the Armenian Stock Exchange, which, after the acquisition, became Nasdaq OMX Armenia. According to OFAC, Nasdaq OMX Armenia knowingly processed trades and settled payments involving the OFAC-designated Armenian subsidiary of Iran’s state-owned Bank Mellat, Mellat Bank SB CJSC (“Mellat Armenia”). OFAC determined that Nasdaq OMX Armenia knew throughout the relevant period that Mellat Armenia regularly participated in Nasdaq OMX Armenia’s credit resource and foreign exchange markets. OFAC ultimately determined that the apparent violations were non-egregious and voluntarily self-disclosed. OFAC treated as aggravating factors that Nasdaq OMX Armenia was owned and operated by Nasdaq, a large, commercially sophisticated, international financial services corporation, and that Nasdaq and Nasdaq OMX Armenia had actual knowledge that Mellat Armenia was trading on the Nasdaq OMX Armenia exchange throughout the relevant period. OFAC also highlighted several mitigating factors, including that Nasdaq was subsequently eligible for a license to permit Nasdaq OMX Armenia’s continued engagement in certain activities with Mellat Armenia.

OFAC noted that this case highlights the “acute potential sanctions risks” associated with cross-border mergers and acquisitions. OFAC stated that, as a result, companies engaging in such activity would be well-advised to perform commensurate diligence and to implement sanctions compliance policies and procedures at their newly acquired subsidiaries. Here, OFAC noted that “basic screening of the 35 [Nasdaq OMX Armenia] members as a part of the due diligence of the newly acquired business would have revealed Mellat Armenia’s participation.”

Sales to Comprehensively Sanctioned Jurisdictions Through Non-U.S. Third Parties; Individual Liability

Murad LLC and U.S. Person-1. On May 17, 2023, OFAC announced a $3,334,286 settlement with U.S.-headquartered cosmetics company Murad, LLC (“Murad”) and a separate $175,000 settlement with a U.S. person (“U.S. Person-1”), who was a former senior manager of Murad.^[90] According to OFAC, U.S. Person-1 conspired with an Iranian distributor and UAE distributor to sell Murad’s products in Iran. OFAC determined that the scheme, which ended in 2018, resulted in the export to Iran of more than $11 million of goods and services over an approximately eight-year period. OFAC noted that Murad sold its products to the UAE distributor and provided support for it to open a Murad-branded store in Tehran even after OFAC rejected Murad’s request for a license to export its products to Iran. OFAC noted that Murad was ultimately acquired by Unilever, which, when it discovered this arrangement, instructed U.S. Person-1 to direct the UAE distributor to cease all sales to Iran; however, OFAC determined that U.S. Person-1 continued to support the UAE distributor’s sales of Murad products into Iran for several more years. In announcing the settlement with Murad, OFAC treated as an aggravating factor the fact that U.S. Person-1 was a Murad senior executive. OFAC noted as a mitigating factor for both Murad and U.S. Person-1 the “benign consumer nature of [Murad’s] products.” For Murad, OFAC also highlighted as a mitigating factor “the small overall share of Company sales represented by its sales to Iran.” Nevertheless, OFAC determined that the apparent violations constituted an egregious case. OFAC also determined that Murad’s apparent violations were voluntarily self-disclosed, but that Person-1’s were not.

In announcing the settlement, OFAC highlighted the “importance of conducting sufficient pre- and post-acquisition due diligence in order to identify and promptly remediate compliance deficiencies.” According to OFAC, the action also “underscores the importance of companies ensuring that conduct implicating OFAC sanctions is authorized, including by general or specific license, before engaging in what could be prohibited activity.”

Treasury’s Financial Crimes Enforcement Network

Rulemaking

Beneficial Ownership. In January 2021, as part of the AML Act of 2020, Congress enacted the Corporate Transparency Act (“CTA”), which required Treasury (through FinCEN) to undertake three rulemakings related to beneficial ownership: (i) establish a beneficial ownership reporting requirement; (ii) establish rules for who may access beneficial ownership information and in what circumstances; and (iii) revise FinCEN’s customer due diligence (“CDD”) rule.

As discussed below, FinCEN has now completed the beneficial ownership rulemakings relating to reporting and access. The reporting requirement became effective on January 1, 2024 and applies broadly to millions of companies incorporated or doing business in the United States. 

• Beneficial Ownership Reporting Rule. On January 1, 2024, FinCEN’s beneficial ownership reporting rule (the “Beneficial Ownership Reporting Rule”) took effect and FinCEN began accepting Beneficial Ownership Information (“BOI”) reports. According to Secretary Yellen, “[t]he launch of the United States’ beneficial ownership registry marks a historic step forward to protect our economic and national security.”^[91]
  
  As discussed in greater detail in our previous memorandum, ^[92] the Beneficial Ownership Reporting Rule, which was issued in September 2022, requires “Reporting Companies”—generally legal entities formed or registered to do business in the U.S.^[93]—to file BOI reports with FinCEN. Under the rule, there are 23 categories of entities that are exempt, including certain entities that are already required to report BOI, or similar information, to other regulators (e.g., publicly traded companies, registered investment funds and registered investment advisers, banks, credit unions, broker-dealers, insurance companies). Notably, the rule exempts large operating companies—companies with a physical U.S. office, 20 or more full-time employees in the U.S., and $5 million in gross receipts or sales in the past year. Subsidiaries of certain exempt entities are also exempt.^[94]
  
  Reporting Companies that cannot rely on an exemption are now required to report certain identifying information regarding the companies, as well as their beneficial owners and company applicants (as applicable),^[95] including date of birth, residential or business address (as applicable), and an identifying document.
  
  An individual can apply for a “FinCEN identifier” that can be obtained directly from FinCEN, and then can provide that unique identifier to the Reporting Company, which in turn can provide that “identifier” to FinCEN.^[96] While the use of these identifiers is not required, it is an option that may streamline the reporting process.
  
  Under the Beneficial Ownership Reporting Rule, beneficial owners are defined as individuals who directly or indirectly (i) exercise substantial control^[97] or (ii) own or control at least 25% of the ownership interests of a Reporting Company. This is a meaningfully broader definition of beneficial owners than that adopted by FinCEN in its CDD Rule.
  
  Reporting Companies must file their beneficial ownership report under the following timeline:
  
  —    Reporting Companies in existence before January 1, 2024 must file a report by January 1, 2025;
  
  —    Reporting Companies formed or registered from January 1, 2024 through December 31, 2024 must file a report within 90 days of being formed or registered to do business in the United States;^[98] and
  
  —    Reporting Companies formed or registered from January 1, 2025 onwards must file a report within 30 days of being formed or registered to do business in the U.S.
  
  The Beneficial Ownership Reporting Rule also imposes ongoing obligations on Reporting Companies, including that they must file updated BOI reports in the event that any previously provided information regarding their beneficial owners changes.
  
  Although FinCEN has issued FAQs clarifying reporting requirements and details about the reporting process,^[99] there is still ambiguity on how the Beneficial Ownership Reporting Rule may apply to certain complex business structures.
  
  Willful reporting violations of the Beneficial Ownership Reporting Rule can result in civil and criminal penalties, including fines of $500 per day (up to a maximum of $10,000) and imprisonment for not more than two years.^[100] The rule notes that “as a general matter, FinCEN does not expect that an inadvertent mistake by a reporting entity acting in good faith after diligent inquiry would constitute a willfully false or fraudulent violation.” FinCEN has emphasized that during 2024 it will prioritize educating reporting entities on their reporting obligations. FinCEN has stated that it “understands this is a new requirement” and that entities that make a mistake or omission in their report may correct it within 90 days without penalty.

• Beneficial Ownership Access Rule. In December 2023, FinCEN issued a final regulation governing the availability of BOI (the “Beneficial Ownership Access Rule”).^[101] Under the Beneficial Ownership Access Rule, FinCEN may disclose BOI under specific circumstances to “(1) U.S. Federal agencies engaged in national security, intelligence, or law enforcement activity; (2) U.S. State, local, and Tribal law enforcement agencies; (3) foreign law enforcement agencies, judges, prosecutors, central authorities, and competent authorities (foreign requesters); (4) financial institutions using BOI to facilitate compliance with customer due diligence (CDD) requirements under applicable law; (5) Federal functional regulators and other appropriate regulatory agencies acting in a supervisory capacity assessing financial institutions for compliance with CDD requirements under applicable law; and (6) Treasury officers and employees.”^[102]
  
  There are certain limitations on how these users will be able to access BOI. For example, State, local, and Tribal law enforcement agencies will be required to certify that “a court of competent jurisdiction” has authorized the agency to seek the information in a criminal or civil investigation and that the information being requested is relevant to that investigation. Financial institutions will only be able to access BOI where it has the relevant Reporting Company’s consent for such disclosure. Access by any recipient will be “subject to security and confidentiality protocols aligned with applicable access and use provisions.”
  
  The Beneficial Ownership Access Rule becomes effective on February 1, 2024, but FinCEN is taking a “phased approach” to providing access, beginning with a pilot program for “a handful of key Federal agency users starting in 2024” and then providing access to other users, with “financial institutions and their supervisors” being the last to receive access.
  
  The Beneficial Ownership Access Rule included some notable differences from the NPRM pertaining to financial institutions’ access to BOI. First, the final rule broadened the types of financial institutions that could access the information. While the NPRM limited access to financial institutions that are required to comply with FinCEN’s CDD rule, the final rule broadened this to all financial institutions, which means that financial institutions including money service businesses could obtain access. Second, the final rule broadened how financial institutions could utilize the information they obtain. While the NPRM limited use to compliance with the CDD rule, the final rule would allow financial institutions to utilize the information to comply with legal requirements where financial institutions would normally verify customer information—which would include AML and sanctions compliance functions. Third, FinCEN removed the restriction proposed in the NPRM that the information must be kept “in the United States” and revised this section to allow financial institutions to send and store the BOI in most foreign jurisdictions (with the exception of China, Russia, and jurisdictions designated as state sponsors of terrorism or subject to comprehensive sanctions). Taken together, these changes appear to be designed to make the BOI more useful for financial institutions.
  
  While the beneficial ownership rulemakings do not alter a financial institution’s obligation to comply with FinCEN’s CDD rule, FinCEN has stated that, consistent with the CTA, in 2024 it intends to issue an NPRM on revision to the CDD rule to “account for the changes created by the BOI reporting and access requirements set out in the CTA.”^[103]

Bitzlato Section 9714 Order. As discussed in our previous memorandum, on January 18, 2023, FinCEN issued an order pursuant to Section 9714(a) of the Combating Russian Money Laundering Act identifying Bitzlato—a virtual currency exchange offering exchange and peer-to-peer services—as a “primary money laundering concern” and prohibiting covered financial institutions from transacting with Bitzlato, effective on February 1, 2023.^[104] FinCEN stated that Bitzlato enables the laundering of Convertible Virtual Currency (“CVC”) by facilitating illicit transactions for ransomware actors in Russia, including those connected to the Russian government, and transactions involving Russia-linked darknet markets. The Bitzlato order is FinCEN’s first order issued under Section 9714(a), which, through authority delegated by the Treasury Secretary, authorizes FinCEN to prohibit or impose conditions on the transmittal of funds that involve foreign financial institutions found to be of “primary money laundering concern in connection with Russian illicit finance.” Under Section 9714(b), FinCEN can impose several “special measures” on such institutions, including requiring recordkeeping and reporting. That provision also permits FinCEN, in consultation with the Secretary of State, the Attorney General, and the Chairman of the Board of Governors of the Federal Reserve, to prohibit the creation of correspondent or payable-through accounts for such foreign financial institutions.^[105] Because technological limitations may prevent a financial institution from declining transfers originating from Bitzlato, the order permits financial institutions to “reject” a transfer after funds are received, such as by preventing the recipient from accessing the transferred assets.

Virtual Currency Mixing 311 Special Measure. As discussed in our previous memorandum, on October 19, 2023, FinCEN proposed a new regulation under its Section 311 of the USA PATRIOT Act that would identify “non-U.S. convertible virtual currency mixing” (“CVC mixing”) as a class of transactions of primary money laundering concern.^[106] This proposed regulation was issued pursuant to Section 311’s Special Measure One and would “requir[e] covered financial institutions,” including crypto exchanges that qualify as money services businesses, “to implement certain recordkeeping and reporting requirements on transactions that covered financial institutions know, suspect, or have reason to suspect involve CVC mixing within or involving jurisdictions outside the United States.”^[107] Deputy Secretary of the Treasury Wally Adeyemo stated that FinCEN was proposing this regulation because of the “exploitation” of CVC mixing by “a broad range of illicit actors, including state-affiliated cyber actors, cyber criminals, and terrorist groups.”^[108] FinCEN’s new director, Andrea Gacki, highlighted the novel nature of the proposed regulation, noting that it is “FinCEN’s first ever use of the Section 311 authority to target a class of transactions of primary money laundering concern” and that “Treasury will work to identify and root out the illegal use and abuse of the CVC ecosystem.”^[109] While this proposed regulation was issued in the weeks after Hamas’s attacks on Israel, it covers non-U.S. crypto mixing more broadly.

2024 Regulatory Priorities. Treasury’s fall 2023 statement of regulatory priorities highlights a number of critical rulemakings that FinCEN considers “regulatory priorities” for fiscal year 2024.^[110] Those include:

• Revisions to Customer Due Diligence Requirements for Financial Institutions. As discussed in the Beneficial Ownership section, FinCEN intends to update the CDD rule to accord with the Beneficial Ownership rules.
• Residential Real Estate Transaction Reports and Records. In recent years, Treasury has emphasized the AML risks from “anonymous, non-financed (i.e., all-cash) purchases of residential real estate to launder or hide the proceeds of crime” and has stated that it will “issue a notice of proposed rulemaking (NPRM) in early 2024 that will be an important step toward bringing greater transparency to this sector.”^[111]
• Commercial Real Estate Transaction Reports and Records. Treasury has noted that it is “also considering next steps with regard to addressing the illicit finance risks associated with the U.S. commercial real estate sector” and indicated that it intends to undertake a separate rulemaking to address this issue.
• Anti-Money Laundering Program and Suspicious Activity Report Filing Requirement for Investment Advisers. In recent years, Treasury has emphasized the AML risks associated with investment advisers. Treasury recently noted that “[i]nvestment advisers are not subject to consistent or comprehensive AML/CFT obligations in the United States, creating the risk that corrupt officials and other illicit actors may invest ill-gotten gains in the U.S. financial system through hedge funds, private equity firms, and other investment services.” Building on a 2015 NPRM, Treasury “aims to issue in the first quarter of 2024 an updated NPRM that would propose applying AML/CFT requirements pursuant to the Bank Secrecy Act [“BSA”], including suspicious activity reporting obligations, to certain investment advisers.”
• Establishment of National Exam and Supervision Priorities. Consistent with the requirements of the CTA, FinCEN intends to issue an NPRM related to the establishment of national exam and supervision priorities. This proposed rule will build on the AML/CFT national priorities that FinCEN published in 2021, which include: (1) corruption; (2) cybercrime, including relevant cybersecurity and virtual currency considerations; (3) foreign and domestic terrorist financing; (4) fraud; (5) transnational criminal organization activity; (6) drug trafficking organization activity; (7) human trafficking and human smuggling; and (8) proliferation financing.^[112] The proposed rulemaking will include a risk assessment requirement, a requirement to incorporate AML/CFT priorities into risk-based programs, and certain technology-related requirements.^[113] While financial institutions are not required to incorporate the national priorities into their AML compliance program until a final rule is effective, FinCEN and the banking regulators noted in 2021 that financial institutions may “wish to start considering how they will incorporate the AML/CFT Priorities into their risk based BSA compliance programs, such as by assessing the potential related risks associated with the products and services they offer, the customers they serve, and the geographic areas in which they operate.”^[114]
• Updating Whistleblower Incentives and Protection. As discussed in our prior memorandum, the whistleblower framework established by the AML Act of 2020 and expanded upon in the Anti-Money Laundering Whistleblower Improvement Act provides financial incentives for U.S. or non-U.S. individuals to report certain AML and sanctions violations to FinCEN, which is responsible for administering the program.^[115] Under the AML Act, successful whistleblowers would receive at least 10 percent of a collected penalty that exceeds $1 million, up to a 30 percent cap.^[116] FinCEN has stated that it plans to issue an NPRM aimed at governing the awards distributed in connection with the program. While FinCEN has not yet issued whistleblower regulations, it has established an Office of the Whistleblower and has been “accepting whistleblower tips while we work towards the development of a more formal tip intake system.”^[117] FinCEN routinely shares these tips with OFAC and DOJ.

While this list is only a statement of “regulatory priorities” and it is possible that FinCEN could issue rulemakings not on the list in 2024, it is notable that a number of significant recent FinCEN rulemakings do not appear in the statement of priorities—including the SARs sharing pilot program (NPRM issued in 2022), the application of BSA requirements to the trade in antiquities (ANPRM issued in 2021), updates to the travel rule (NPRM issued in 2020), and the so-called unhosted wallets rule (NPRM issued in 2020).

Guidance

Countering Terrorist Financing to Hamas. As discussed in our previous memorandum, on October 20, 2023 FinCEN issued an alert to financial institutions identifying several red flags of potential terrorist financing related to Hamas, following the terrorist organization’s October 7 attack on Israel.^[118] The alert encouraged financial institutions to report promptly suspicious transactions with indicia of terrorist financing and provided guidance for the type of information to include in SARs for cyber-related transactions. The guidance instructs financial institutions to include any relevant technical cyber indicators in their SARs, including, for example, chat logs, suspicious IP addresses, suspicious email addresses, and suspicious digital asset addresses. FinCEN also encouraged reporting financial institutions to include any external information available to them suggesting that activity may be linked to Hamas or other terrorist groups. Specific red flags provided by FinCEN in the alert include: (i) a customer conducting transactions that involve shell entities, “trading companies,” or other holding companies with a nexus to Iran or countries of higher risk for terrorist financing; (ii) a customer that is a charitable organization that receives large donations from an unknown source in a short period of time and then wires the funds to other charitable organizations or non-governmental organizations; and (iii) a customer that is a charitable organization but which does not appear to provide any charitable services or openly supports Hamas and its operations.

Potential U.S. Commercial Real Estate Investments by Sanctioned Russian Elites, Oligarchs, and Their Proxies. On January 25, 2023, FinCEN issued an alert to financial institutions regarding “potential investments in the U.S. commercial real estate (“CRE”) sector by sanctioned Russian elites, oligarchs, their family members, and the entities through which they act.”^[119] The alert provides potential “red flags and typologies” that may indicate an attempt to circumvent sanctions. The typologies include, but are not limited to, using pooled investment vehicles, using shell companies and trusts, the involvement of third parties, and investing in CRE projects that are “inconspicuous” and provide “stable returns.” The “red flags” include, but are not limited to, the use of an offshore-based private investment vehicle to buy CRE, with investors that are politically exposed persons or other foreign nationals, customers refusing to provide information regarding ultimate beneficial owners or controllers, and ownership of CRE through legal entities in more than one jurisdiction without a clear business purpose.

This guidance builds on extensive guidance issued by FinCEN in 2022 relating to Russian sanctions evasion, including through high-value assets and real estate investments, as discussed further in our 2022 Year in Review.^[120]

New Reporting Key Term and Red Flags Relating to Global Evasion of U.S. Export Controls; Potential Russian Export Control Evasion Attempts (FinCEN and BIS). As discussed in our previous memorandum, on November 6, 2023 FinCEN and BIS jointly issued a notice announcing a new SAR key term, “FIN-2023-GLOBALEXPORT,” that financial institutions should reference when reporting potential efforts by individuals or entities seeking to evade U.S. export controls.^[121] The Notice emphasizes that BIS and FinCEN expect financial institutions to “be vigilant against efforts by individuals or entities to evade U.S. sanctions and export controls.” The Notice states that financial institutions “with customers in export/import industries, including the maritime industry, should rely on the financial institutions’ internal risk assessments to employ appropriate risk-mitigation measures consistent with their underlying BSA obligations.” Further, the Notice states that financial institutions that are “directly involved in providing trade financing for exporters also may have access to information relevant to identifying potentially suspicious activity” that should be accounted for in their risk-mitigation measures. The Notice underscores that financial institutions should be “applying a risk-based approach to trade transactions.” The Notice builds on two earlier joint alerts from FinCEN and BIS in June 2022 and May 2023 that urged financial institutions to monitor potential Russian export controls evasion and provided a SAR term, “FIN-2022-RUSSIABIS,” for filing SARs related to suspected Russian export control evasion.^[122] A September 2023 FinCEN Financial Trend Analysis noted that there had been nearly $1 billion in relevant SARs filed following those alerts and that this reporting was used to provide leads to BIS enforcement agents and to support new designations on the Entity List.^[123]

Enforcement Actions

Shinhan Bank America. On September 29, 2023, FinCEN entered into a consent order and assessed a $15 million civil money penalty against SHBA, finding that SHBA failed to fully remediate BSA/AML deficiencies for which it had received repeated notice. ^[124] FinCEN found, among other things, that SHBA failed to develop and implement an effective process for identifying and reporting suspicious activity in a timely manner, resulting in the untimely filing of several hundred SARs. DFS and the FDIC entered into consent orders with SHBA for the same conduct, with penalties of $10 million and $5 million, respectively. FinCEN credited the civil money penalty imposed by the FDIC.

Bancrédito International Bank. On September 15, 2023, FinCEN entered into a consent order and assessed a $15 million civil money penalty against Bancrédito International Bank (“Bancrédito”) for failing to implement an effective AML program and a correspondent banking due diligence program and failing to file timely SARs.^[125] This is the first time FinCEN has brought an enforcement action against a Puerto Rican International Banking Entity^[126] and is also FinCEN’s first enforcement under its “Gap Rule”—31 C.F.R. 1020.210(b)—which imposed AML program requirements specific to banks that lack a federal functional regulator. As part of the consent order, Bancrédito agreed to surrender its International Banking Entity license.^[127] 

The consent order stated that FinCEN had identified hundreds of millions of dollars in suspicious transactions where Bancrédito failed to file timely SARs. According to FinCEN, Bancrédito provided foreign correspondent accounts to high-risk financial institutions, and also failed to establish a due diligence program for those accounts. FinCEN stated that “Bancrédito operated as an offshore financial institution for persons conducting business in or with Venezuela, a high-risk jurisdiction subject to FinCEN warnings.” FinCEN found that Bancrédito did not have sufficient information on its customers to confirm the nature and purpose of the transactions, which led to Bancrédito facilitating thousands of transactions with characteristics FinCEN deemed to be “red flags” and the subsequent failure to file SARs on these transactions.   

The Kingdom Trust Company. On April 26, 2023, FinCEN issued a consent order with a $1.5 million penalty against The Kingdom Trust Company (“Kingdom Trust”).^[128] According to FinCEN, Kingdom Trust relied on a manual review of daily transactions by a single employee to identify potentially suspicious transactions. Under this system, Kingdom Trust failed to report hundreds of suspicious transactions between high-risk customers in Latin America, including a set of transactions that have been implicated in an indictment involving an alleged money laundering scheme. This was FinCEN’s first enforcement action against a trust company.

Binance. As discussed further in the DOJ section below, on November 22, 2023, FinCEN issued a consent order assessing a $3.4 billion penalty on virtual currency exchange Binance for AML violations.^[129] According to the consent order, because Binance served U.S. customers, it was required to register with FinCEN and to implement an effective AML program. Binance was also required under the BSA to file SARs, but had not done so since its founding in 2017. In fact, FinCEN stated that Binance’s former Chief Compliance Officer told employees that the CEO did not want to report suspicious activity. FinCEN determined that certain of Binance’s unreported transactions involved terrorist organizations, ransomware, and child sexual exploitation material.

Under the resolution, Binance was required to undertake certain remedial measures including a SAR lookback covering transactions or attempted transactions from 2018–2022, an AML program review conducted by a qualified independent consultant, and completely exiting from the United States.

As part of the resolution, FinCEN imposed on Binance a five-year monitorship.^[130] The monitor will be charged with overseeing Binance’s compliance with the terms of the resolution, and violations could lead to additional penalties, including the imposition of a $150 million suspended FinCEN penalty.

Department of Justice

In 2023, DOJ brought several major enforcement actions related to sanctions evasion and other national security-related crimes. These enforcement actions underscore the focus on “national security-related corporate crime,” including sanctions evasion and export control violations, by DOJ leadership.^[131] “Today corporate crime intersects with our national security,” Deputy Attorney General Lisa Monaco noted, “in everything from terrorist financing, sanctions evasion, and the circumvention of export controls, to cyber- and crypto-crime.”^[132] As a result, Monaco explained, “the tectonic plates of corporate crime have shifted. National security compliance risks are widespread; they are here to stay; and they should be at the top of every company’s compliance risk chart.”

A core aspect of DOJ’s focus on the intersection of corporate crime and national security is sanctions enforcement. Indeed, Monaco said that “sanctions are the new FCPA” and emphasized that DOJ was pursuing “corporate investigations that involve sanctions evasion—in industries as varied as transportation, fin tech, banking, defense and agriculture.”^[133] In 2023, DOJ’s Task Force KleptoCapture, which was founded in March 2022 to target Russian sanctions evasion, expanded its scope beyond a focus on the illicit wealth of Russian oligarchs to the “facilitators” of sanctions evasion.^[134] In February 2023, DOJ and the Department of Commerce established the Disruptive Technology Strike Force, which is targeted at attempts by adversaries to illegally siphon sensitive technology.^[135] Though the latter task force is focused more on export controls, it brought a number of cases also citing sanctions violations—reflecting the increased convergence of sanctions and export controls enforcement.^[136]

To support this emphasis on national security-related corporate crime, DOJ announced plans this year to hire 25 additional prosecutors in the NSD focused on sanctions evasion, and also increased the number of prosecutors in the Bank Integrity Unit by 40%. DOJ also created new roles in NSD—a Chief and Deputy Chief Counsel for Corporate Enforcement—charged with coordinating national security-related corporate criminal cases, and filled those roles with longtime prosecutors who previously brought complex national security cases against major corporations, including PRC-based Huawei Technologies and French construction company LaFarge.^[137]

As discussed further below, DOJ has brought a number of significant sanctions evasion cases in 2023, including cases related to Russian sanctions evasion and cryptocurrency. It has, at the same time, sought to encourage companies to increase their voluntary self-reporting of violations.

Guidance

Voluntary Self-Disclosures. Over the course of 2023, DOJ has published VSD policies that outline the benefits and criteria for companies that voluntarily disclose potential federal criminal violations to DOJ, as well as the expectations for cooperation and remediation. The policies vary in some details and scope depending on the division and the nature of the violations but generally offer a presumption of leniency or declination for companies that meet the requirements.^[138]

On March 1, 2023, DOJ’s NSD issued its updated VSD policy, which applies to potential criminal violations of U.S. export control and sanctions laws that undermine national security.^[139] The policy grants a presumption of a non-prosecution agreement and no fine for companies that voluntarily self-disclose, fully cooperate, and timely and appropriately remediate, as long as they do not retain any unlawful gain; in other words, they must “pay all disgorgement, forfeiture, and/or restitution resulting from the misconduct.” The presumption would not apply where aggravating circumstances are present, such as misconduct that involves a significant national security threat, transactions with terrorists or hostile powers, significant profit, repeated violations, or concealment by management. The policy also allows for the possibility of declination in some cases, depending on the totality of the circumstances.

On July 26, 2023, DOJ, along with OFAC and BIS, issued a compliance note regarding VSDs of potential violations of U.S. sanctions and export control laws.^[140] This new guidance highlighted the benefits to companies that properly and promptly disclose potential sanctions violations, as well as recent updates to the policies—such as BIS’s consideration of a company’s “deliberate non-disclosure of a significant possible violation” of export controls as an aggravating factor under its penalty guidelines.

The guidance also noted that, as a result of the AML Act of 2020, whistleblowers who provide information regarding AML, sanctions, or export control violations to DOJ or the Financial Crimes Enforcement Network that leads to penalties of more than $1 million are eligible to receive 10%–30% of the collected penalty. As discussed in the FinCEN section, FinCEN has stated that it intends to issue a rulemaking on the whistleblower program in 2024.

M&A Safe Harbor Policy. On October 4, 2023, DOJ announced a new safe harbor policy for acquiring companies that voluntarily disclose misconduct uncovered during the M&A process.^[141] The Safe Harbor Policy will generally result in a presumption of declination where an acquiring company voluntarily discloses the misconduct within the six-month period after closing an acquisition, subject to a reasonable extension based on the complexity of the transaction; cooperates fully with DOJ’s investigation; and engages in proper remediation, restitution, and disgorgement, completed within one year of closing. Notably, any aggravating factors at the acquired company where the misconduct is discovered, such as the involvement of senior management or pervasiveness of the misconduct, will not impact the acquiring companies’ pathway to receiving a declination. However, in announcing this new safe harbor policy, the Deputy Attorney General (“DAG”) specifically noted that companies that uncover misconduct “threatening national security or involving ongoing or imminent harm” must not wait until the deadline of the safe harbor period to disclose. This safe harbor policy will apply across DOJ, but the DAG also instructed each component to “tailor its application of this policy to fit their specific enforcement regime, and will consider how this policy will be implemented in practice.”

Safe Business Practices and Compliant Transfer of Goods. On December 11, 2023, DOJ, Department of Commerce, Department of Homeland Security, Department of State, and Department of Treasury issued a “know-your-cargo” advisory for the maritime and transportation industries.^[142] The advisory highlighted deceptive shipping or transportation practices used by bad actors to facilitate transit of cargo to sanctioned countries and individuals, including manipulating location or identification data such as vessels’ Automatic Identification Systems, falsifying shipping documents, making ship-to-ship transfers late at night or in high-risk regions, use of irregular shipping routes, and complex ownership or management structures. The advisory also highlighted the importance of developing strong sanctions and export control compliance programs and risk assessments, developing best practices for location monitoring and contractual requirements, and the use of robust KYC procedures.

Russia Sanctions Evasion Alert. On March 2, 2023, DOJ, OFAC, and BIS issued an alert regarding continued attempts to evade sanctions and export controls related to Russia’s war in Ukraine using third-party intermediaries.^[143] The agencies advised financial institutions and businesses to be vigilant to attempts to evade sanctions by having effective compliance programs, exercising heightened due diligence upon discovery of potential violations, and recognizing warning signs of third-party intermediary diversions.

Corporate Monitorships. On February 28, 2023, the NSD issued a policy on the selection of corporate monitors in the context of deferred prosecution agreements, plea agreements, and non-prosecution agreements in cases brought by NSD (e.g., for sanctions and export control violations).^[144] The policy states that the company should recommend three candidates for the monitor position and that NSD should review the candidates based on various factors, such as their background, credentials, experience, objectivity, and independence. The policy creates a Committee on Selection of Monitors, composed of the Deputy Assistant Attorney General or his/her designee, a Section Chief or designee, and a Deputy Designated Agency Ethics Official, to review and vote on the recommended monitor candidate (and ensure that there are no conflicts of interest). The policy also sets forth the required terms for monitorship agreements, such as the monitor qualifications, selection process, replacement process, and monitor responsibilities.

Evaluation of Corporate Compliance Programs. In March 2023, the Criminal Division of DOJ revised its guidance regarding the framework by which DOJ assesses corporate compliance programs.^[145] 

In terms of assessing the culture of compliance, the guidance encourages prosecutors to evaluate whether the company has implemented clear “consequence management procedures,” making clear to employees that “unethical conduct will not be tolerated and will bring about swift consequences” and the manner in which those procedures are enforced, publicized, and communicated to employees. Relatedly, the guidance notes that compensation also “play[s] an important role in fostering a compliance culture” and states that a prosecutor “may consider” whether a company has linked compensation to ethical conduct, including any recoupment or reduction of compensation policies the company may have in place to address employees who may have received compensation, but were later determined to have engaged in “corporate wrongdoing.”

The revised guidance also emphasizes the growing popularity of communicating via messaging applications in a corporate environment (including ephemeral messaging applications), and, in the context of assessing the strength of a company’s policies for “identifying, reporting, investigating, and remediating potential misconduct and violations of law” notes prosecutors should review a company’s policies and procedures governing such messaging platforms, including to what extent they ensure communications can be preserved and accessed.

Prosecutions and Other Actions by DOJ 

Significant Corporate National Security Actions

DOJ announced a series of significant resolutions with companies for national security-related corporate crimes. Senior DOJ officials described two of the most notable resolutions—with British American Tobacco and the oil transportation company Suez Rajan Limited (“Suez Rajan”) as emblematic of DOJ’s new “focus on corporate enforcement,”^[146] and the resolution with cryptocurrency company Binance as emblematic of the “intersection between corporate crime and national security.”^[147]

British American Tobacco. As discussed in our prior client alert, on April 25, 2023, DOJ and OFAC entered into parallel resolution with BAT, a subsidiary of BAT, one of the world’s largest tobacco manufacturers, relating to sanctions violations and bank fraud.^[148] While BAT entered a deferred prosecution agreement, BATMS entered a guilty plea. This was coordinated with the OFAC resolution described above.

As part of the DOJ resolution, BATMS pled guilty to conspiracy to commit bank fraud and to violate IEEPA.^[149] According to the court documents, although BAT claimed in 2007 to have spun off its tobacco sales with North Korea to a third-party company in Singapore, BAT and BATMS had actually maintained control of the third-party company and used it to conceal their continued involvement in sales of tobacco to North Korea through 2017. In doing so, BAT caused U.S. financial institutions to process transactions that would have been frozen, blocked, investigated, or declined had the banks known about the connection to North Korea. As a result, DOJ alleged conspiracy to commit bank fraud and conspiracy to violate the IEEPA. Under its allegations of bank fraud, DOJ identified 280 wire transfers made by the North Korea Company during the relevant time period, totaling $341,297,848, a portion of which was ultimately intended for BATMS. DOJ noted that the scheme generated significant revenue for North Korea’s Weapons of Mass Destruction programs.

As part of the resolution with DOJ, BATMS and BAT agreed to pay a total of more than $629 million in penalties and fines. As part of the resolution with OFAC, BAT agreed to pay $508 million, $503 million of which will be satisfied by their payment of the penalties and fines levied by DOJ.^[150]

Suez Rajan Limited. On September 8, DOJ announced the first-ever criminal resolution with a company that violated sanctions by facilitating the illicit sale and transport of Iranian oil. The case involved Iranian oil being shipped by the Islamic Revolutionary Guard Corps (“IRGC”), a designated foreign terrorist organization, in violation of U.S. sanctions law.^[151] Suez Rajan, a Marshall Islands company, was responsible for shipping over 980,000 barrels of contraband crude oil.^[152] The oil was successfully seized when the operating company of the vessel, Empire Navigation, cooperated with DOJ pursuant to a deferred prosecution agreement and transported the contraband Iranian oil to the United States. The contraband oil is now the subject of a civil forfeiture action. There, DOJ alleged that the oil was either the property of, or a “source of influence” over, the IRGC and, further, that the oil facilitated money laundering. Suez Rajan pled guilty to conspiring to violate IEEPA and was sentenced to three years of corporate probation and an almost $2.5 million fine.

Binance Holdings Limited. On November 21, DOJ announced that Binance, the operator of the world’s largest cryptocurrency exchange, and its founder and CEO, Changpeng Zhao, had pleaded guilty to violating the BSA, IEEPA, and the Commodity Exchange Act.^[153] The plea was part of a coordinated resolution with FinCEN, OFAC, and the CFTC.

According to DOJ, Binance, which operates Binance.com, and Zhao, a Canadian national, admitted to serving U.S. customers between 2017 and 2022 without registering as a money services business with FinCEN or implementing an effective AML program. According to DOJ, Binance sought out a large U.S.-based userbase, while attempting to obscure this fact to avoid U.S. regulations that would have required it to report illicit trades and trades between U.S. users and sanctioned entities. In 2019, for instance, Binance stated that it would launch a separate U.S.-based money exchange. However, DOJ stated that it retained valuable “VIP” customers located in the United States, and encouraged them to obscure their location by registering new accounts or providing information suggesting they were located overseas. DOJ stated that, while Binance belatedly introduced KYC procedures, it allowed users who had previously registered with the exchange to continue trading for almost a year without providing identifying information. DOJ further claims that Binance did not take other necessary steps to block trades between U.S. users and sanctioned entities, nor did it file SARs with FinCEN regarding potentially illegal activity on its platform. DOJ stated that the defendants’ conduct included facilitating over $898 million in trades between U.S. and Iranian users.

As part of its resolution with DOJ, Binance agreed to pay $4.3 billion, including $1.8 billion in criminal fines. Zhao separately agreed to pay a $50 million fine. DOJ described the Binance action as the largest corporate resolution to include criminal charges for an executive. Additionally, FinCEN imposed a five-year monitorship—the first time that FinCEN had imposed this as part of a resolution.^[154] The monitor will be charged with overseeing Binance’s compliance with the terms of the resolution, including the terms of Binance’s plea agreement with DOJ. Violations of the resolution could lead to additional penalties, including the imposition of a $150 million suspended FinCEN penalty.

Roman Storm, Roman Semenov. On August 23, the U.S. Attorney’s Office for the Southern District of New York announced the unsealing of an indictment charging Roman Storm and Roman Semenov, co-founders of Tornado Cash, a cryptocurrency privacy protocol, with crimes including conspiracy to commit money laundering, conspiracy to operate an unlicensed money transmitting service, and conspiracy to commit sanctions violations.^[155] According to the indictment, from approximately 2019 through 2023, Storm and Semenov operated Tornado Cash in a way that allowed its users to engage in untraceable transfers of cryptocurrency. DOJ alleged that Tornado Cash ultimately facilitated more than $1 billion in money laundering transactions and knowingly facilitated the receipt of  hundreds of millions of dollars from the North Korean cybercrime organization, the Lazarus Group, in violation of sanctions. DOJ alleged that Storm and Semenov knew about the illicit use of their service, refused to comply with laws requiring the implementation of KYC, and used Tornado Cash as a vehicle for money laundering. Another co-founder, Alexey Pertsev, was separately charged with related money laundering violations by Dutch authorities in 2022.^[156]

ChipMixer. On March 15, the U.S. Attorney’s Office for the Eastern District of Pennsylvania announced that Minh Quốc Nguyễn, who operated a cryptocurrency mixer service called ChipMixer, had been charged with money laundering, operating an unlicensed money transmitting business, and identity theft.^[157] The prosecution followed an international investigation into “darknet” markets. According to DOJ, from August 2017 to March 2023, Nguyễn allegedly processed more than $3 billion worth of cryptocurrency, while failing to register with FinCEN or collect identifying information about its customers. Nguyễn allegedly used ChipMixer to commingle and obscure the sources and destinations of the cryptocurrency transactions, while publicly deriding anti-money laundering and know-your-customer legal requirements.

Russia Sanctions Evasion Actions

DOJ remains focused on enforcing Russia-related sanctions evasion cases, including through the Task Force KleptoCapture. DOJ’s actions have, in particular, targeted the use of proxies and other sanctions evasion techniques to supply prohibited equipment and materials to Russia in violation of sanctions. DOJ has also focused on the use of sanctions evasion techniques by sanctioned Russian parties and their enablers to access the U.S. financial system.

United States v. Goltsev et al. In November 2023, two Brooklyn residents and two Russian-Canadian nationals were arrested on charges of sanctions evasion and conducting an export control scheme.^[158] According to DOJ, the individuals used Brooklyn-registered entities to export to Russia semiconductors, integrated units, and other electronic components that have been found in Russian military equipment. Orders came from Russia’s defense and technology sectors, and the defendants knowingly obtained equipment from U.S. manufacturers and shipped it through intermediary companies abroad. In the same week, another Brooklyn resident was arrested and two Russian nationals were charged for allegedly conducting an export control scheme that benefited Russian military‑affiliated and sanctioned entities.

Metalhouse LLC. In October 2023, the President of Metalhouse LLC, John Can Unsalan, pleaded guilty to charges relating to a multi-year scheme to violate U.S. sanctions on Sergey Kurchenko by engaging in transactions related to metal products.^[159] In 2015, OFAC sanctioned Kurchenko and companies controlled by him for misappropriation of Ukrainian state and other assets. According to DOJ, Unsalan knowingly traded steelmaking equipment and raw materials with Kurchenko and affiliated entities. Earlier, on April 19, DOJ also announced the arrest of Sergey Karpushkin, a Belarusian citizen living in Miami, who was charged with conspiring to violate U.S. sanctions against Sergey Kurchenko and his two companies, Gaz-Alyans and Vneshtorgservis.^[160] Karpushkin was allegedly a co-conspirator of Unsalan and helped him purchase over $150 million in steelmaking materials from Kurchenko and his companies in violation of the sanctions. Karpushkin faced up to 20 years in prison on the one count of conspiring to violate sanctions with which he was charged.

Robert Wise. In April 2023, New York attorney Robert Wise pleaded guilty to conspiracy to commit money laundering by participating in a scheme to maintain six U.S. properties owned by Russian oligarch Viktor Vekselberg, who was named an SDN in 2018 and 2022.^[161] After the designation, Wise, through his lawyer’s trust account, facilitated nearly $4 million in payments from shell companies and a Russian bank account for various charges, taxes, and fees for the properties. Wise also worked with Vekselberg’s associate Vladimir Voronchenko, whom DOJ described as a “fugitive,” to try to sell some of the properties that were located in New York. Again, Wise and others neither sought nor obtained OFAC licenses to make these payments. The charge carries a maximum five-year sentence, and Wise agreed to forfeit more than $3.7 million. A civil forfeiture complaint was also filed earlier against the properties.

Federal Banking Agencies

AML/sanctions compliance continues to be an important area of focus for the federal banking agencies. In addition to issuing updated guidance on third-party relationships, the agencies took several notable enforcement actions in the past year.

Guidance and Rulemaking

Final Interagency Guidance on Third-Party Relationships. On June 9, 2023, the Federal Reserve Board (FRB or the “Board”), the FDIC, and the OCC issued Final Interagency Guidance on Third-Party Relationships (the “Guidance”), which sets forth principles for banks to follow when developing and implementing risk management practices for their third-party relationships.^[162] The Guidance replaces each agency’s existing general guidance on this topic and applies to all banks supervised by the agencies, regardless of their size or complexity. The Guidance emphasizes that the use of third parties does not diminish a bank’s responsibility to operate in a safe and sound manner and to be in compliance with applicable laws and regulations, including those designed to protect consumers and prevent financial crimes. The Guidance also states that banks should tailor their risk management processes to the level of risk and complexity of their third-party relationships, and that more comprehensive oversight is warranted for higher-risk activities, including critical activities. The Guidance provides examples of considerations for each stage of the third-party risk management life cycle, such as planning, due diligence, contract negotiation, ongoing monitoring, and termination.

Enforcement Actions

Office of the Comptroller of the Currency

Lake Shore Savings Bank. On February 9, 2023, the OCC entered a consent order without a penalty against Lake Shore Savings Bank for violations of the BSA.^[163] The OCC found Lake Shore was not compliant with risk management requirements and failed to properly monitor and report suspicious activity. The order imposes various remedial requirements to enhance BSA compliance.

Federal Deposit Insurance Corporation

Shinhan Bank America. The FDIC announced on September 29, 2023 that it assessed a civil money penalty of $5 million against Shinhan Bank America, a New York-based subsidiary of a South Korean bank, for violations of the BSA and for failure to comply with the requirements of an earlier consent order. ^[164] The FDIC determined that the bank failed to implement an adequate AML program, resulting in the Bank being unable to adequately identify and manage illicit financial activity risk to the institution. In related resolutions, FinCEN imposed a $15 million civil penalty, which credited the FDIC penalty (see p. 28) and DFS imposed a $10 million penalty (see p. 41).

Federal Reserve Board

Popular Bank. As discussed in our 2022 Year in Review,^[165] on January 24, 2023, the FRB announced a $2.3 million consent order against Popular Bank for unsafe and unsound practices in connection with its processing of six Paycheck Protection Program (PPP) loans–worth roughly $1.1 million in total–“despite having detected that the loan applications contained significant indications of potential fraud in a timely manner.”^[166] According to the consent order, the bank did not timely report the indicia of potential fraud to the Small Business Administration, but rather continued to process and fund the loans, in violation of the Bank’s internal BSA protocols.

Wells Fargo. On March 30, 2023, the FRB announced a $67.8 million fine against Wells Fargo & Co. for its allegedly unsafe and unsound practices relating to historical inadequate oversight of sanctions compliance risks.^[167] The Board said that Wells Fargo’s deficient oversight enabled the bank to violate U.S. sanctions regulations by providing a trade finance platform to a foreign bank that used the platform to process approximately $532 million in prohibited transactions between 2010 and 2015. The Board’s action was taken in conjunction with an OFAC settlement, which is discussed above. The total penalty announced by both agencies was approximately $97.8 million.

Deutsche Bank. On July 19, 2023, the FRB issued a consent order and a $186 million fine for unsafe and unsound practices and violations of the Board’s prior consent orders with Deutsche Bank relating to sanctions compliance and anti-money laundering controls, including with respect to compliance oversight, customer due diligence, transaction data, transaction monitoring and filtering, suspicious activity reporting, and facilitating independent third-party reviews.^[168] The Board found that Deutsche Bank made insufficient remedial progress under the 2015 and 2017 consent orders and had deficient anti-money laundering internal controls and governance processes relating to its prior relationship with the Estonian branch of Danske Bank, despite consistently high customer risk ratings for Danske Estonia, high levels of suspicious activity reporting associated with Danske Estonia’s clients, and serious risk concerns expressed by senior firm compliance personnel as a result of their continuing customer due diligence efforts. This consent order requires Deutsche Bank to prioritize completion of several critical requirements, including: (i) improvements in systems and data; (ii) implementation of a customer due diligence program; and (iii) establishment of a framework for transaction monitoring. Separately, the Board announced a Written Agreement to address other general deficiencies relating to Deutsche Bank’s governance, risk management, and controls.

Metropolitan Commercial Bank. On October 19, 2023, the FRB issued a consent order against Metropolitan Commercial Bank (“Metropolitan”) imposing an approximately $14.5 million penalty for violations of customer identification rules and for deficient third-party risk management practices relating to the bank’s issuance of prepaid card accounts.^[169]  The Board found that in 2020, Metropolitan opened prepaid card accounts for illicit actors who subsequently used the accounts to collect illegally obtained state unemployment insurance benefits. By opening prepaid card accounts through a third-party program manager without having adequate procedures for verifying each applicant’s true identity, Metropolitan violated customer identification rules of the Bank Secrecy Act. The Board further found that the bank continued to issue prepaid accounts despite being aware of multiple reports of widespread fraud. The Board’s action was taken in conjunction with an NY DFS action, with the total penalties totaling approximately $30 million.

Securities and Exchange Commission and Financial Industry Regulatory Authority

Guidance

On July 31, 2023, the SEC’s Division of Examiners (the “Division”) issued a risk alert called “Observations from Anti-Money Laundering Compliance Examinations of Broker-Dealers.”^[170] In addition to offering general observations on broker-dealer AML and sanctions compliance programs, the Division highlighted three specific compliance program deficiencies: (i) inadequate or untimely independent AML program testing and training; (ii) incomplete implementation of customer identification programs, resulting in broker-dealers being unable to know the “true identify of customers”; and (iii) AML programs that did not account for the adoption of FinCEN’s CDD Rule. The Division also noted “certain weaknesses in OFAC’s compliance programs, including instances in which entities did not adopt or implement reasonable, risk-based internal controls” for screening clients and customers, following-up on potential matches with the sanctions lists and documenting the outcome of such follow-up, and timely conducting OFAC searches.

Enforcement Actions

Securities and Exchange Commission

Cambria LLC. On March 2, 2023, the SEC announced settled charges against Cambria Capital, LLC for failing to file SARs on numerous transactions.^[171] Cambria allegedly failed to file SARs on activities that raised red flags in the firm’s AML policies and procedures, including unusually large deposits, suspicious wire activity, and multiple accounts trading in the same microcap security. The SEC found that Cambria failed to properly investigate the suspicious conduct, failed to investigate red flags, and failed to file SARs when required. Between 2017 and 2019, Cambria has no record of investigations into any suspicious activity and only filed two SARs. Cambria agreed to pay a $100,000 civil penalty and undertook to retain an independent AML compliance consultant to conduct a review of its AML compliance program.

Merrill Lynch. On July 11, 2023, in conjunction with the Financial Industry Regulatory Authority (“FINRA”) (discussed below), the SEC announced a $6 million settlement with Merrill Lynch and its parent company, Bank of America North America Holding Co. (BACNAH), for allegedly failing to file “hundreds” of SARs between 2009 and 2019.^[172] The SEC charged that BACNAH, the entity responsible for implementing Merrill Lynch’s SAR policies and procedures and filing Merrill Lynch’s SARs, used a $25,000 threshold, instead of the proper $5,000 threshold, for reporting transactions or attempted transactions where a suspect may have been using Merrill Lynch to facilitate criminal activity and could not be identified. The error was discovered by an employee in BACNAH’s Fraud Investigations Group in September 2019, and in arriving at a settlement, the SEC considered that BACNAH and Merrill Lynch voluntarily conducted an internal investigation and shared the results with the SEC.

Archipelago. On August 29, 2023, the SEC announced a $1.5 million settlement with Archipelago Trading Services Inc. (ATSI) for allegedly failing to file at least 461 SARs between 2012 and 2020.^[173] The SEC charged that ATSI failed to establish an AML program for transactions in over-the-counter securities executed on ATSI’s alternate trading system. As a registered broker-dealer, ATSI was required to file SARs relating to suspicious transactions that ATSI knew, suspected, or had reason to suspect, involved the use of its trading platform to facilitate fraudulent activity or that had no business or apparent lawful purpose. The conduct requiring SAR filings included red flags of potentially unlawful manipulative trading, including possible spoofing, layering, wash trading, and pre-arranged trading.

J.H. Darbie & Co., Inc. As discussed in our 2022 Year in Review,^[174] on December 12, 2022, the SEC filed a complaint against broker-dealer firm J.H. Darbie & Co., Inc. (“Darbie”) for failure to comply with SAR filing obligations. On September 22, 2023, the SEC obtained a consent judgment against Darbie, whereby Darbie consented to pay a $125,000 civil penalty and retain an independent AML compliance consultant.^[175]

DWS. On September 25, 2023, the SEC announced a $25 million settlement with DWS Investment Management Americas Inc (“DWS”), a subsidiary of Deutsche Bank AG, for allegedly failing to develop a mutual fund AML program.^[176] Specifically, the SEC’s order found that DWS violated Rule 38a-1 under the Investment Company Act, which requires registered investment companies to develop and implement, among other things, a reasonably designed AML program to comply with the BSA and FinCEN regulations.

Maxim Group, LLC. On September 29, 2023, the SEC announced an $800,000 settlement with Maxim Group, LLC for allegedly violating federal securities laws governing the execution of short sales and failing to file SARs. The SEC charged that Maxim did not reasonably design or implement its AML policies and procedures, which caused it to fail to file SARs for transactions Maxim should have had reason to suspect involved possible fraudulent activity or had no business or apparent lawful purpose.^[177]

Financial Industry Regulatory Authority

Merrill Lynch. On July 11, 2023, in conjunction with the SEC (discussed above), FINRA announced that it had fined Merrill Lynch $6 million for failing to establish and implement policies, procedures, and internal controls reasonably designed to comply with SAR filing requirements under the BSA.^[178] FINRA’s fine was based on the same conduct described in the SEC’s settlement with Merrill Lynch, bringing the total penalties paid by Merrill Lynch for this conduct to $12 million.

New York State Department of Financial Services

Enforcement Actions

Coinbase. As discussed in our 2022 Year in Review,^[179] on January 4, 2023, DFS announced a $100 million settlement with Coinbase, Inc. after finding failures in Coinbase’s AML program, including with regard to its KYC/CDD, transaction monitoring, and suspicious activity reporting systems. ^[180] Coinbase agreed to pay a $50 million penalty for violating the New York Banking Law and DFS’s virtual currency, money transmitter, transaction monitoring, and cybersecurity regulations. In addition to the penalty, Coinbase agreed to invest an additional $50 million in its compliance function over the next two years to remediate the issues and to enhance its compliance program pursuant to a plan approved by DFS.

Payoneer. On November 2, 2023, DFS announced a $1.25 million settlement with the U.S.-based money transmitter Payoneer, Inc. (“Payoneer”) after determining that the company processed payments in violation of U.S. sanctions.^[181] In 2016, Payoneer was alerted that it had processed a payment to a bank in Crimea in violation of U.S. sanctions. Payoneer made a voluntary self-disclosure to OFAC and took remedial actions, including an audit and voluntary “lookback” of transactions over the preceding five years. Following the lookback, Payoneer furnished to OFAC information that it had processed transactions worth $793,950.70 in violation of U.S. sanctions, including for individuals in sanctioned countries such as Iran, Sudan, and Syria, as well as individuals on the SDN list (Payoneer entered into a $1,385,901.40 settlement with OFAC over this conduct in 2021).^[182] According to DFS, a breakdown in Payoneer’s existing compliance program and inadequate focus on screening for sanctioned jurisdictions caused the violations, amounting to “unsafe and unsound” business practices in violation of New York law and rules requiring effective sanctions compliance programs, among other things.

Shinhan Bank America. On September 29, 2023, DFS announced a $10 million settlement with Shinhan Bank America after finding that the bank’s AML compliance program suffered from material deficiencies that it failed to remediate over a period of years, and particularly in response to a prior enforcement action by the FDIC in 2017.^[183]

BitPay, Inc. On March 16, 2023, DFS announced a $1 million settlement with BitPay Inc. concerning deficiencies in BitPay’s AML and cybersecurity programs.^[184] DFS conducted a full-scope examination of BitPay in 2018 and found deficiencies in its AML compliance program. After a second full-scope examination in 2022 found that deficiencies remained in BitPay’s AML compliance program, DFS initiated this enforcement action. Specifically, DFS identified deficiencies in BitPay’s customer/merchant risk rating processes, the sufficiency of BSA/AML Risk Assessment policies and procedures, quality assurance, rule management, and its semi-automated onboarding process.

Metropolitan Commercial Bank. On October 19, 2023, DFS announced a $15 million settlement with Metropolitan that centered on compliance deficiencies in Metropolitan’s third-party debit card program that allegedly enabled bad actors to open accounts with fraudulently obtained personal identifying information and subsequently misdirect funds.^[185] The settlement requires Metropolitan, within 90 days, to submit to DFS extensive information about its compliance program and any changes to its BSA/AML compliance program that are planned and/or underway or have been implemented. This action was taken in conjunction with an FRB action, with the total penalties amounting to approximately $30 million.

Considerations for Strengthening Sanctions/AML Compliance

In light of these developments, senior management, general counsel, and compliance officers may wish to consider the following points in strengthening their institutions’ sanctions/AML compliance programs:

1. Companies with Global Operations Should Consider Exposure to National Security Risks. Given DOJ’s increased focus on “corporate national security” enforcement, even companies that do not traditionally think of themselves as having exposure to national security risks should re-examine their exposure and consider taking additional measures—including undertaking risk assessments, putting into place or enhancing policies and procedures, updating training, and ensuring contracts have sufficiently broad sanctions—and export control-related provisions—to guard against national security-related enforcement risk. As discussed below, companies with exposure to Russia, China, and other jurisdictions that are the focus of U.S. national security efforts should be particularly cautious.^[186]

a. Monitor Russia- and Belarus-related Risks. Russia (and to a lesser extent, Belarus) continue to be effectively quasi-comprehensively sanctioned countries from a U.S. sanctions perspective. As a result, the entire U.S. government national security apparatus is focused on activities and transactions involving these jurisdictions. Additionally, allied countries’ sanctions and export control regimes often target the same sanctioned individuals, entities, and activities in or relating to Russia and Belarus as the United States does, such that continued dealings with or in Russia or Belarus may require compliance with multiple countries’ sanctions and export control programs. Further, there has been a litany of guidance from FinCEN and seizure actions from DOJ that show the U.S. government’s focus on Russian oligarchs and potential attempts to evade sanctions, including through complex ownership structures, dealings in high-value assets, and attempts to create the appearance of transferred control to non-sanctioned family members or associates. U.S. and non-U.S. companies that continue to engage in business in or with Russia or Belarus may wish to further review and enhance their policies and procedures regarding the screening of customers and counterparties (and their owners and directors) against relevant U.S. and other sanctioned party lists; the monitoring for, and appropriate escalation and investigation of, negative news and red flags identified in federal government guidance; and the performing of periodic export control classification assessments. 

b. Be Aware of Expanding China-related Risks. There is significant tension in the U.S.-China relationship and the Biden Administration has continued to focus on potential risks to U.S. national security posed by China. As a result, China-related sanctions and export controls have continued to expand during the Biden Administration, and companies with involvement in China may wish to refresh their risk assessments regarding that business and strengthen, as appropriate, their sanctions and export control procedures. Although the sanctions targeting China are nowhere near as restrictive as those targeting Russia, they are in part reflective of a bipartisan belief that China is and will remain a threat to U.S. national security. During 2023, the U.S. government continued to place a number of Chinese individuals and companies on various sanctions and export control lists, and has expressed concern regarding Chinese companies’ expanded trade with Russia. The U.S. government has also taken steps to expand U.S. export controls targeting China, particularly with regard to semiconductors, artificial intelligence, and items used in supercomputers.^[187]

2. Financial Institutions Should Renew Attention to Their Terrorist Financing Risks. Given the focus on countering the finance of terrorism following Hamas’s October 7 attack on Israel, U.S. financial institutions, including those in the crypto space, may wish to consider re-assessing their exposure to terrorist financing risks and enhancing their related sanctions and BSA/AML controls. As part of these assessments, U.S. financial institutions should examine their compliance frameworks in light of FinCEN’s guidance on red flags of potential terrorist financing. U.S. banks could also review their correspondent banking relationships with foreign financial institutions given Treasury’s identification of correspondent banking as one of the avenues of terrorist financing. Non-U.S. financial institutions may also wish to reassess their exposure to terrorist financing risks to avoid designation or violating applicable sanctions.^[188]

3. U.S. Parent Companies Should Ensure Appropriate Sanctions Oversight of Foreign Subsidiaries. It is important for U.S. companies with global operations to ensure their foreign subsidiaries are taking appropriate measures to comply with U.S. sanctions. In a recent enforcement action against Construction Specialties Inc., discussed above, OFAC highlighted “the importance for parent companies to ensure that they and their overseas subsidiaries implement appropriate compliance programs and procedures, routinely audit their overseas subsidiaries or ensure that independent auditing occurs, and otherwise exercise appropriate oversight over activities of those subsidiaries that may pose sanctions risks.”^[189]

4. Companies with Global Operations Should Consider a Uniform Global Sanctions Policy. U.S. companies with global operations may consider adopting a uniform global sanctions policy applicable to all subsidiaries and affiliates, including non-U.S. subsidiaries and affiliates, that prohibits unlicensed transactions with sanctioned parties and/or involving comprehensively sanctioned jurisdictions. While this policy would sweep more broadly than is required by U.S. sanctions, many companies take this approach for risk-mitigation purposes given that interdependencies between U.S. operations and overseas operations could risk prohibited “facilitation” on the part of U.S. personnel. OFAC sanctions programs generally prohibit a U.S. person from “facilitating” a transaction that they would be prohibited from taking themselves. In a 2021 enforcement action, OFAC highlighted that the “approval of a contract, agreement, sale, or transaction by a U.S.-person manager between a foreign subsidiary and sanctioned entity” risks violating the prohibition on “facilitation.”^[190]A uniform global sanctions policy can address the risk of a U.S. person engaging, even if inadvertently, in “facilitation” of a prohibited transaction. With respect to Iran and Cuba, a uniform global sanctions policy would address liability from a foreign subsidiary’s dealings with either country, regardless of whether the U.S. parent is involved in facilitation. 

5. Acquiring Companies Should Renew Focus on Appropriate Diligence in Mergers & Acquisitions. In light of DOJ’s new Safe Harbor Policy for Mergers & Acquisitions, acquiring companies should consider whether they have developed diligence processes and dedicated sufficient resources to timely identify potential sanctions and export control-related violations at companies they are acquiring.^[191] Under the Safe Harbor Policy, the acquiring company will have six months (which is extendable in some circumstances) to make a disclosure to DOJ. Furthermore, after the completion of the transaction, the acquiring company should ensure that the newly acquired entity has in place appropriate sanctions compliance measures. OFAC expects the immediate adoption and implementation of appropriate controls when U.S. companies acquire non-U.S. companies with preexisting relationships with sanctioned persons or jurisdictions.

6. Financial Institutions Should Consider Their Programs for Reporting Export Control Violations. Based on the joint alerts from FinCEN and BIS on filing SARs related to potential export control activities, U.S. financial institutions engaged in international transactions may wish to consider their exposure to potential export evasion activity and to develop a risk-based approach to identifying and reporting potential violations. Although regulators expect financial institutions’ efforts in this regard to extend beyond trade finance, trade finance remains a particular area of focus given banks’ greater information about the transactions at issue. The Federal Financial Institutions Examination Council has noted a “wide range of risks and vulnerabilities” related to trade finance, including possible violations of “export prohibitions,” and offered guidance on how banks may mitigate that risk.^[192]

7. Non-U.S. Companies Should Continue to Exercise Caution around USD Transactions. The BAT resolutions underscore that both DOJ and OFAC will pursue enforcement actions against non-U.S. companies for violating U.S. sanctions under the theory that the non-U.S. company had “caused” U.S. persons (including U.S. financial institutions) to violate sanctions.^[193] DOJ and OFAC have in recent years targeted non-U.S., non-financial companies transacting with sanctioned jurisdictions in ordinary goods and services, with the only apparent U.S. nexus being the use of the U.S. financial system.^[194]

8. Companies with Global Operations Should Consider Renewed Attention on Screening for Sanctioned Jurisdictions. As mentioned in our last Year in Review, OFAC continues to focus on the controls that companies have in place to prevent transactions with sanctioned jurisdictions and has emphasized that screening against sanctioned party lists is insufficient to ensure compliance with U.S. sanctions. In particular, OFAC expects companies to screen geolocation information derived from IP addresses and other information obtained in the ordinary course of business (such as email addresses, phone numbers, and other address information) to identify transactions involving comprehensively sanctioned jurisdictions, a principle reiterated in its actions against Swedbank Latvia AS, Uphold, CoinList Markets, Microsoft, Poloniex, and daVinci Payments. In the daVinci matter, OFAC highlighted the importance of using all available information to verify a customer’s location and noted the “potential shortcomings of controls that rely on customer-provided information.” Further, in recent years OFAC has taken enforcement actions against companies for doing business with residents of Crimea and has made clear that it expects companies to use a variety of methods to identify Crimean residence, such as being able to identity the names of Crimean cities (see the CoinList matter).

9. Financial Institutions and Fintechs Should Consider Renewing Focus on Third-Party Relationships. As demonstrated by the banking regulators’ updated third-party relationships guidance, the FRB and DFS’s enforcement actions against Metropolitan Commercial Bank, and last year’s action by the OCC against Blue Ridge Bank, regulators have increased focus on banks’ partnerships with fintechs, including to ensure that AML, sanctions, and other financial crimes risks are adequately identified and managed and that responsibility for the administration of controls is clear. Both banks and fintech partners should expect increased examination and other scrutiny in this area and should consider revisiting contracts, risk assessments, compliance programs and processes, and related documentation with this increased focus in mind.

                                                                                                                         * * *

Paul Weiss’s Sanctions and AML team represents U.S. and non-U.S. financial institutions, investment companies, technology companies, and other clients in a range of sanctions, AML, and export control investigations by DOJ, Treasury’s OFAC and FinCEN, Commerce, the federal banking agencies, and NY DFS, and we have assisted clients in resolving some of the largest matters in this space. We also provide regulatory advice and advice on compliance upgrades, assist clients in complex licensing matters, and perform deal due diligence. Our team has broad government experience drawn from DOJ (including a former U.S. Attorney General and a head of the National Security Division), Department of the Treasury (including a former Deputy General Counsel), the Department of State, the Department of Homeland Security, the Federal Reserve, and the White House. We regularly provide analysis of developments in this space through client alerts and articles in leading publications, including the International Comparative Legal Guide to Sanctions.^[195]

                                                                                                                         * * *

[1]      U.S. Dep’t of Treasury, U.S. Treasury Announces Largest Settlements in History with World’s Largest Virtual Currency Exchange Binance for Violations of U.S. Anti-Money Laundering and Sanctions Laws (Nov. 21, 2023), available here.

[2]      Mengqi Sun, Binance Penalties Include a Number of Crypto Industry Firsts, Wall Street Journal (Nov. 22, 2023), available here.

[3]      U.S. Dep’t of Treasury, Treasury Announces $508 Million Settlement with British American Tobacco Largest Ever Against Non-Financial Institution (Apr. 25, 2023), available here.

[4]      As discussed further below, this policy applies beyond the sanctions context.

[5]      The White House, FACT SHEET: U.S. Leadership in the Fight Against Global Corruption (Dec. 11, 2023), available here.

[6]      U.S. Dep’t of Treasury, Prepared Remarks of FinCEN Director Andrea Gacki During ACAMS: The Assembly (delivered virtually) (Oct. 3, 2023), available here.

[7]      U.S. Dep’t of Treasury, FinCEN Proposes New Regulation to Enhance Transparency in Convertible Virtual Currency Mixing and Combat Terrorist Financing (Oct. 19, 2023), available here.

[8]      U.S. Dep’t of Treasury, FinCEN Assesses $1.5 Million Civil Money Penalty Against Kingdom Trust Company for Violations of the Bank Secrecy Act (Apr. 26, 2023), available here; U.S. Dep’t of Treasury, FinCEN Announces $15 Million Civil Money Penalty Against Bancrédito International Bank and Trust Corporation for Violations of the Bank Secrecy Act (Sept. 15, 2023), available here.

[9]      This total reflects the substantial crediting of DOJ penalties that OFAC provided with respect to the Binance and BAT settlements and FinCEN provided with respect to the Binance settlement.

[10]     Paul, Weiss, 2022 Year in Review: Economic Sanctions and Anti-Money Laundering Developments (Mar. 1, 2023), available here.

[11]     Treasury also continued to designate Belarusian individuals and entities in 2023. See, e.g., U.S. Dep’t of Treasury, Treasury Targets Belarusian Revenue Generators for Lukashenka, Human Rights Abuses, and Cogs in Russia’s War Machine (Dec. 5, 2023), available here; see also U.S. Dep’t of Treasury, U.S. Expands Sanctions on the Belarusian Regime, Marking the Three-Year Anniversary of the Fraudulent August 2020 Presidential Election (Aug. 9, 2023), available here; see also U.S. Dep’t of Treasury, Treasury Targets Belarusian State-Owned Enterprises, Government Officials, and Lukashenka’s Aircraft (Mar. 24, 2023), available here.

[12]     See, e.g., U.S. Dep’t of Treasury, Treasury Sanctions Russian Ransomware Actor Complicit in Attacks on Police and U.S. Critical Infrastructure (May 16, 2023), available here; U.S. Dep’t of Treasury, United States and United Kingdom Sanction Additional Members of the Russia-Based Trickbot Cybercrime Gang (Sept. 17. 2023), available here; U.S. Dep’t of Treasury, Treasury Sanctions Russian Intelligence Officers Supervising Election Influence Operations in the United States and Around the World (June 23, 2023), available here.

[13]     The White House, Executive Order on Prohibiting New Investment in and Certain Services to the Russian Federation in Response to Continued Russian Federation Aggression (Apr. 8, 2023), available here.

[14]     U.S. Dep’t of Treasury, FAQ 1128 (May 19, 2023), available here.

[15]     The Executive Order prohibits “any approval, financing, facilitation, or guarantee by a United States person, wherever located, of a transaction by a foreign person where the transaction by that foreign person would be prohibited by this section if performed by a United States person or within the United States.”

[16]     For example, in 2018 OFAC brought an enforcement action against a U.S. parent company that “review[ed] and approve[d]” transactions by its Hungarian subsidiary with a Specially Designated National in violation of the Belarus Sanctions Regulations. See OFAC, Settlement Agreement between the U.S. Department of the Treasury's Office of Foreign Assets Control and Zoltek Companies, Inc. (Dec. 20, 2018), available here. Similarly, in 2021, OFAC brought an enforcement action against a U.S. parent company whose U.S.-person employees “approved” contracts by its Romania-based subsidiary with a Russian company in violation of the Ukraine-Related Sanctions Regulations. See U.S. Dep’t of Treasury, OFAC Settles with Cameron International Corporation for Its Potential Civil Liability for Apparent Violations of Ukraine-Related Sanctions Regulations (Sept. 27, 2021), available here.

[17]     Christopher Condon, Yellen Takes Aim at Russian Sanctions Evasion at G-7 Gathering, Bloomberg (May 10, 2023), available here.

[18]     The map does not include individuals/entities domiciled in Russia, Ukraine, and Belarus. Of the more than 35 designations of entities and individuals in the PRC, the majority were in Hong Kong.

[19]     U.S. Dep’t of Treasury, Treasury Hardens Sanctions with 130 New Russian Evasion and Military-Industrial Targets (Nov. 2, 2023), available here.

[20]     U.S. Dep’t of Treasury, Treasury Sanctions Entities Tied to Arms Deals Between North Korea and Russia (Aug. 16, 2023), available here (designating a Slovakian network involved in the shipment of arms from North Korea to Russia); see also U.S. Dep’t of Treasury, Treasury Sanctions Suppliers of Iranian UAVs Used to Target Ukraine’s Civilian Infrastructure (Jan. 6, 2023), available here (designating suppliers of Iranian unmanned aerial vehicles to Russia).

[21]     The vast bulk of international payments in U.S. dollars flow through correspondent banks in New York City.  See also Paul, Weiss, OFAC Cites the Use of U.S.-Origin Software and U.S. Network Infrastructure in Reaching a Nearly $8 Million Settlement with a Swiss Commercial Aviation Services Company (Mar. 16, 2020), available here.

[22]     U.S. Dep’t of Commerce, U.S. Dep’t of Treasury, U.S. Dep’t of Just., U.S. Dep’t of State, U.S. Dep’t of Homeland Security, Know Your Cargo: Reinforcing Best Practices to Ensure the Safe and Compliant Transport of Goods in Maritime and Other Forms of Transportation (Dec. 11, 2023), available here.

[23]     Daphne Psaledakis & Humeyra Pamuk, Exclusive: Top U.S. Treasury Official to Warn UAE, Turkey over Sanctions Evasion, Reuters (Jan. 28, 2023), available here.

[24]     The White House, Executive Order on Taking Additional Steps with Respect to the Russian Federation’s Harmful Activities (Dec. 22, 2023), available here (emphasis added).

[25]     U.S. Dep’t of Treasury, Determination Pursuant to Section 11(a)(ii) of Executive Order 14024 (Dec. 22, 2023), available here.

[26]     U.S. Dep’t of Treasury, FAQ 1150 (Dec. 22, 2023), available here.

[27]     The White House, Background Press Call on Upcoming Action to Continue Holding Russia Accountable (Dec. 21, 2023), available here.

[28]     Wally Adeyemo, The US Is Ready to Impose Sanctions on Foreign Financial Institutions When Others Don’t, Financial Times (Dec. 22, 2023), available here.

[29]     U.S. Dep’t of Treasury, Guidance for Foreign Financial Institutions on OFAC Sanctions Authorities Targeting Support to Russia’s Military-Industrial Base (Dec. 22, 2023), available here.

[30]     U.S. Dep’t of Treasury, FAQs 1146-1157 (Updated Dec. 22, 2023), available here.

[31]     U.S. Dep’t of Treasury, Guidance on Implementation of the Price Cap Policy for Crude Oil and Petroleum Products of Russian Federation Origin (Revised Dec. 20, 2023), available here.

[32]     U.S. Dep’t of Treasury, Russia-related Designations; Publication of Maritime Oil Industry Advisory; Issuance of Russia-related General License (Oct. 12, 2023), available here.

[33]     U.S. Dep’t of Treasury, Treasury Sanctions Additional Maritime Companies, Vessels Transporting Oil Sold Above the Coalition Price Cap (Nov. 16, 2023), available here; see also U.S. Dep’t of Treasury, Treasury Imposes Additional Price Cap-Related Sanctions (Dec. 1, 2023), available here; U.S. Dep’t of Treasury, Treasury Tightens the Price Cap with New Sanctions and Updated Guidance (Dec. 20, 2023), available here.

[34]     U.S. Dep’t of Treasury, Price Cap Coalition Advisory for the Maritime Oil Industry and Related Sectors (Oct. 12, 2023), available here; see also U.S. Dep’t of Treasury, Possible Evasion of the Russian Oil Price Cap, available here.  

[35]     U.S. Dep’t of Treasury, OFAC Guidance on Implementation of the Price Cap Policy for Crude Oil and Petroleum Products of Russian Federation Origin (Revised Dec. 20, 2023), available here.

[36]     Christopher Condon & Viktoria Dendrinou, Yellen Says US, Allies Mapping Russia Assets; Seizures an Option, Bloomberg Law (June 13, 2023), available here.

[37]     Alan Rappeport, U.S. and Europe Eye Russian Assets to Aid Ukraine as Funding Dries Up, The New York Times (Dec. 21, 2023), available here.

[38]     Daniel Flatley, White House Throws Support Behind Seizing Frozen Russian Assets, Bloomberg (Jan. 10, 2024), available here.

[39]     U.S. Dep’t of Treasury, Treasury Sanctions Mixer Used by the DPRK to Launder Stolen Virtual Currency (Nov. 29, 2023), available here.

[40]     U.S. Dep’t of Treasury, Treasury Designates Virtual Currency Money Launderer for Russian Elites and Cybercriminals (Nov. 3, 2023), available here.

[41]     Paul, Weiss, 2022 Year in Review: Economic Sanctions and Anti-Money Laundering Developments (Mar 1, 2023), available here.

[42]     Loon v. Dep’t of Treasury, No. 1:23-CV-312 (W.D. Tex. Aug. 17, 2023).

[43]     Coin Center v. Yellen, No. 22-cv-20375 (N.D. Fla. Oct. 30, 2023).

[44]     U.S. Dep’t of Treasury, Treasury Hardens Sanctions with 130 New Russian Evasion and Military-Industrial Targets (Nov. 2, 2023), available here.

[45]     U.S. Dep’t of Treasury, Treasury Targets Large Chinese Network of Illicit Drug Producers (Oct. 3, 2023), available here.

[46]     U.S. Dep’t of Treasury, Treasury Sanctions Transnational Procurement Network Supporting Iran’s One-Way Attack UAV Program (Sept. 27, 2023), available here.

[47]     Paul, Weiss, OFAC and FinCEN Take Action Following Recent Hamas Terrorist Attacks in Israel (Oct. 24, 2023), available here; see also U.S. Dep’t of Treasury, Following Terrorist Attack on Israel, Treasury Sanctions Hamas Operatives and Financial Facilitators (Oct. 18, 2023), available here.

[48]     U.S. Dep’t of Treasury, Following Terrorist Attack on Israel, Treasury Sanctions Hamas Operatives and Financial Facilitators (Oct. 18, 2023), available here.

[49]     U.S. Dep’t of Treasury, Treasury Targets Covert Hamas Investment Network and Finance Official (May 24, 2022), available here.

[50]     U.S. Dep’t of Treasury, Treasury Targets Network Financing Houthi Regional Aggression (Dec. 7, 2023), available here.

[51]     The White House, Statement from National Security Advisor Jake Sullivan on the Terrorist Designation of the Houthis (Jan. 17, 2024), available here.

[52]     U.S. Dep’t of State, Revocation of the Terrorist Designations of Ansarallah (Feb 12, 2021), available here.

[53]     U.S. Dep’t of Treasury, Testimony of Assistant Secretary for Terrorist Financing and Financial Crimes Elizabeth Rosenberg Before the Committee on Financial Services Subcommittee on Oversight and Investigations, U.S. House of Representatives (Dec. 13, 2023), available here.

[54]     U.S. Dep’t of Treasury, Treasury Disrupts International Money Laundering and Sanctions Evasion Network Supporting Hizballah Financier (Apr. 18, 2023), available here.

[55]     U.S. Dep’t of Treasury, Venezuela General License No. 44 (Oct. 18, 2023), available here.

[56]     U.S. Dep’t of Treasury, Frequently Asked Questions Related to the Suspension of Certain U.S. Sanctions with Respect to Venezuela on October 18, 2023 (Updated Nov. 16, 2023), available here (emphasis added).

[57]     Eric Martin & Andreina Itriago Acosta, US Says All Venezuela Sanctions Are on Table If Maduro Reneges, BNN Bloomberg (Nov. 16, 2023), available here.

[58]     U.S. Dep’t of Treasury, Final Rule, Inflation Adjustment of Civil Monetary Penalties (Effective Jan. 12, 2024), available here.

[59]     U.S. Dep’t of Commerce, U.S. Dep’t of Treasury, U.S. Dep’t of Just., U.S. Dep’t of State, U.S. Dep’t of Homeland Security, Know Your Cargo: Reinforcing Best Practices to Ensure the Safe and Compliant Transport of Goods in Maritime and Other Forms of Transportation (Dec. 11, 2023), available here.

[60]     U.S. Dep’t of Commerce, U.S. Dep’t of Treasury, U.S. Dep’t of Just., Publication of Tri-Seal Compliance Note: Voluntary Self-Disclosure of Potential Violations (July 26, 2023), available here.

[61]     U.S. Dep’t of Commerce, U.S. Dep’t of Treasury, U.S. Dep’t of Just., Publication of Tri-Seal Compliance Note: Cracking Down on Third-Party Intermediaries Used to Evade Russia-Related Sanctions and Export Controls (Mar. 2, 2023), available here.

[62]     U.S. Dep’t of Just., United States Issues Advisory to Industry on Iran Ballistic Missile Procurement (Oct. 18, 2023), available here.

[63]     U.S. Dep’t of Treasury, Publication of Humanitarian-related Regulatory Amendments and Associated Frequently Asked Questions (Dec. 20, 2022), available here.

[64]     Anthony J. Blinken, U.S. Secretary of State, Improving Humanitarian Aid Delivery by Expanding Authorizations Across U.S. Sanctions (Dec. 20, 2022), available here.

[65]     U.S. Dep’t of Treasury & OFAC, Supplemental Guidance for the Provision of Humanitarian Assistance (Feb. 27, 2023), available here.

[66]     U.S. Dep’t of Treasury, Guidance for the Provision of Humanitarian Assistance to the Palestinian People (Nov. 14, 2023), available here.

[67]     U.S. Dep’t of Treasury, Compliance Communiqué: Guidance for the Provision of Humanitarian Assistance to Syria (Aug. 8, 2023), available here.

[68]     U.S. Dep’t of State & U.K. Office of Financial Sanctions Implementation, Humanitarian Assistance and Food Security Fact Sheet: Understanding UK and U.S. Sanctions and their Interconnection with Russia (June 28, 2023), available here.

[69]     U.S. Dep’t of Treasury, The Treasury Department Announces Andrea Gacki as the New Director of FinCEN (July 13, 2023), available here.

[70]     Alan Rappeport, Treasury Taps Sanctions Architect to Lead Financial Crimes Team, New York Times (July 13, 2023), available here; see also Mengqi Sun, U.S. Treasury Appoints Leaders in Sanctions, Anti-Money Laundering Units, Wall Street Journal (Dec. 13, 2023), available here.

[71]     Max Fillion, GIR Live: OFAC Reviewing Enforcement Guidelines, Global Investigations Review (Nov. 22, 2022), available here.

[72]     Paul, Weiss, DOJ and OFAC Reach Historic Resolutions with British American Tobacco for North Korea Sanctions Violations (May 22, 2023), available here.

[73]     U.S. Dep’t of Treasury, Treasury Announces $508 Million Settlement with British American Tobacco Largest Ever Against Non-Financial Institution (Apr. 25, 2023), available here.

[74]     U.S. Dep’t of Treasury, OFAC Settles with Godfrey Phillips India Limited for $332,500 Related to Apparent Violations of the North Korea Sanctions Regulations (Mar. 1, 2023), available here.

[75]     U.S. Dep’t of Treasury, OFAC Settles with Swedbank Latvia for $3,430,900 Related to Apparent Violations of Sanctions on Crimea (June 20, 2023), available here.

[76]     U.S. Dep’t of Treasury, OFAC Settles with Wells Fargo Bank, N.A. for $30,000,000 Related to Apparent Violations of Three Sanctions Programs (Mar. 30, 2023), available here.

[77]     U.S. Dep’t of Treasury, OFAC Settles with Emigrant Bank for $31,867.90 Related to Apparent Violations of the Iranian Transactions and Sanctions Regulations (Sept. 21, 2023), available here.

[78]     U.S. Dep’t of Treasury, OFAC Settles with Uphold HQ Inc. for $72,230.32 Related to Apparent Violations of Multiple Sanctions Programs (Mar. 31, 2023), available here.

[79]     U.S. Dep’t of Treasury, OFAC Settles with Microsoft Corporation for $2,980,265.86 Related to Apparent Violations of Multiple OFAC Sanctions Programs (Apr. 6, 2023), available here.

[80]     U.S. Dep’t of Treasury, Microsoft to Pay Over $3.3M in Total Combined Civil Penalties to BIS and OFAC to Resolve Alleged and Apparent Violations of U.S. Export Controls and Sanctions (Apr. 6, 2023), available here.

[81]     U.S. Dep’t of Treasury, OFAC Settles with Poloniex, LLC for $7,591,630 Related to Apparent Violations of Multiple Sanctions Programs (May 1, 2023), available here.

[82]     U.S. Dep’t of Treasury, OFAC Settles with daVinci Payments for $206,213 Related to Apparent Violations of Multiple Sanctions Programs (Nov. 6, 2023), available here.

[83]     According to the terms of the settlement, Binance’s obligation to pay OFAC the potion of this settlement totaling $898,618,825 “shall be deemed satisfied up to an equal amount by payments in satisfaction of Respondent’s obligations under its plea agreement with the U.S. Department of Justice . . . arising out of the same conduct.” As such, as part of the OFAC settlement, Binance was only obligated to pay $70 million to Treasury. See U.S. Dep’t of Treasury, Settlement Agreement Between the U.S. Dep’t of Treasury’s OFAC and Binance (Nov. 21, 2023), available here.

[84]     U.S. Dep’t of Treasury, OFAC Settles with CoinList Markets LLC for $1,207,830 Related to Apparent Violations of the Ukraine-/Russia-Related Sanctions Regulations (Dec. 13, 2023), available here.

[85]     U.S. Dep’t of Treasury, OFAC Settles with Privilege Underwriters Reciprocal Exchange for $466,200 Related to Apparent Violations of the Ukraine-/Russia-Related Sanctions Regulations (Dec. 21, 2023), available here.

[86]     U.S. Dep’t of Treasury, OFAC Settles with Construction Specialties Inc. for $660,594 Related to Apparent Violations of the Iranian Transactions and Sanctions Regulations (Aug. 16, 2023), available here.

[87]     Paul, Weiss, OFAC Once Again Warns of Potential Liability of U.S. Parent Companies for Sanctions Violations Committed by Foreign Subsidiaries, (Oct. 4, 2023), available here.

[88]     U.S. Dep’t of Treasury, OFAC Settles with 3M Company for $9,618,477 Related to Apparent Violations of the Iranian Transactions and Sanctions Regulations (Sept. 21, 2023), available here.

[89]     U.S. Dep’t of Treasury, OFAC Settles with Nasdaq, Inc. for $4,040,923 Related to Apparent Violations of the Iranian Transactions and Sanctions Regulations Undertaken by Former Armenian Subsidiary (Dec. 8, 2023), available here.

[90]     U.S. Dep’t of Treasury, OFAC Settles with Murad, LLC for $3,334,286 and with a Former Senior Executive of Murad, LLC for $175,000 Related to Apparent Violations of the Iranian Transactions and Sanctions Regulations (May 17, 2023), available here.

[91]     U.S. Dep’t of Treasury, U.S. Beneficial Ownership Information Registry Now Accepting Reports (Jan. 1, 2024), available here.

[92]     Paul, Weiss, New Filing Requirements Under the Corporate Transparency Act (Nov. 27, 2023), available here; see also FinCEN, U.S. Dep’t of Treasury, Final Rule, Beneficial Ownership Information Reporting Requirements (Effective Jan. 1, 2024), available here.

[93]     The Reporting Rule recognizes two categories of reporting entities: (i) a domestic reporting entity, which is an entity created or formed in the U.S. through the filing of a document with a secretary of state or any similar office; and (ii) a foreign reporting entity, which is an entity created or formed under the laws of a foreign country but is registered to do business in the U.S.

[94]     In an FAQ, FinCEN stated that “[i]f an exempt entity controls some but not all of the ownership interests of the subsidiary, the subsidiary does not qualify [for the subsidiary exemption]. To qualify, a subsidiary’s ownership interests must be fully, 100 percent owned or controlled by an exempt entity.” U.S. Dep’t of Treasury, FAQ: Beneficial Ownership Information Reporting L. 6 (Jan. 12, 2024), available here.

[95]    Only companies created or registered on or after January 1, 2024 are required to report their company applicants. FinCEN notes that “up to two individuals . . . could qualify as company applicants: The individual who directly files the document that creates or registers the company; and If more than one person is involved in the filing, the individual who is primarily responsible for directing or controlling the filing.” U.S. Dep’t of Treasury, FAQ: Beneficial Ownership Information Reporting E. 1 (Sept. 18, 2023), available here.

[96]     FinCEN, U.S. Dep’t of Treasury, Final Rule, Use of FinCEN Identifiers for Reporting Beneficial Ownership Information of Entities (Effective Jan. 1, 2024), available here. Under the final rule, reporting companies are permitted to identify individual beneficial owners to FinCEN by using a FinCEN identifier—a unique number issued by FinCEN upon request by an individual—instead of the specific identifying information of the beneficial owner. The rule also permits reporting companies to submit the identifier of an entity in certain conditions instead of providing the beneficial ownership information for an individual.

[97]     Under the rule, an individual exercises substantial control over a reporting entity if he or she: (i) is a senior officer of the reporting entity; (ii) has authority to appoint or remove certain officers or a majority of the board of directors of the reporting entity; (iii) is an important decision-maker for the reporting entity; or (iv) has any other form of substantial control.

[98]     In November 2023, FinCEN extended the deadline for new entities to report BOI from 30 days to 90 days during the first year (2024). See U.S. Dep’t of Treasury, Beneficial Ownership Information Reporting Deadline Extension for Reporting Companies Created or Registered in 2024 (Nov. 30, 2023), available here.

[99]     U.S. Dep’t of Treasury, FAQ: Beneficial Ownership Information Reporting (Updated Jan. 12, 2024), available here.

[100]   The rule notes that the concept of willfulness is “well established in existing caselaw, and FinCEN will consider all facts . . . when deciding whether to pursue enforcement actions.” See FinCEN, U.S. Dep’t of Treasury, Final Rule, Beneficial Ownership Information Reporting Requirements (Effective Jan. 1, 2024), available here.

[101]   FinCEN, U.S. Dep’t of Treasury, Final Rule, Beneficial Ownership Information Access and Safeguards (Effective Feb. 20, 2024), available here.

[102]   U.S. Dep’t of Treasury, Fact Sheet: Beneficial Ownership Information Access and Safeguards Final Rule (Dec. 21, 2023), available here.

[103]   U.S. Dep’t of Treasury, Statement of Regulatory Priorities (Fall 2023), available here.

[104]   U.S. Dep’t of Treasury, FinCEN Identifies Virtual Currency Exchange Bitzlato as a “Primary Money Laundering Concern” in Connection with Russian Illicit Finance Concern (Jan. 18, 2023), available here. For the purposes of this order, a covered financial institution is any domestic financial institution as defined in 31 C.F.R. § 1010.100(t).

[105]   31 U.S.C. § 5318A(b)(5).

[106]   Paul, Weiss, DOJ and FinCEN Take Coordinated Action Against Bitzlato Cryptocurrency Exchange and Its Owner (Feb. 3, 2023), available here.

[107]   U.S. Dep’t of Treasury, Proposal of Special Measure Regarding Convertible Virtual Currency Mixing, as a Class of Transactions of Primary Money Laundering Concern (Oct. 23, 2023), available here. The proposed regulation would define CVC mixing to mean, subject to certain exceptions, “the facilitation of CVC transactions in a manner that obfuscates the source, destination, or amount involved in one or more transactions, regardless of the type of protocol or service used, such as: (1) pooling or aggregating CVC from multiple persons, wallets, addresses, or accounts; (2) using programmatic or algorithmic code to coordinate, manage, or manipulate the structure of a transaction; (3) splitting CVC for transmittal and transmitting the CVC through a series of independent transactions; (4) creating and using single-use wallets, addresses, or accounts, and sending CVC through such wallets, addresses, or accounts through a series of independent transactions; (5) exchanging between types of CVC or other digital assets; or (6) facilitating user-initiated delays in transactional activity.”

[108]   U.S. Dep’t of Treasury, FinCEN Proposes New Regulation to Enhance Transparency in Convertible Virtual Currency Mixing and Combat Terrorist Financing (Oct. 19, 2023), available here.

[109]   U.S. Dep’t of the Treasury, FinCEN Proposes New Regulation to Enhance Transparency in Convertible Virtual Currency Mixing and Combat Terrorist Financing (Oct. 19, 2023), available here.

[110]   U.S. Dep’t of Treasury, Statement of Regulatory Priorities (fall 2023), available here.

[111]   U.S. Dep’t of Treasury, Fact Sheet: U.S. Department of the Treasury Actions to Prevent and Disrupt Corruption (Dec. 11, 2023), available here.

[112]   U.S. Dep’t of Treasury, Financial Crimes Enforcement Network, Anti-Money Laundering and Countering the Financing of Terrorism National Priorities (June 30, 2021), available here.

[113]   U.S. Dep’t of Treasury, Semiannual Agenda and Regulatory Plan (Feb. 22, 2023), available here.

[114]   U.S. Dep’t of Treasury, Statement on the Issuance of the Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) National Priorities (June 30, 2021), available here.

[115]   Paul, Weiss, OFAC Once Again Warns of Potential Liability of U.S. Parent Companies for Sanctions Violations Committed by Foreign Subsidiaries (Oct. 4, 2023), available here.

[116]   31 U.S.C. § 5323(b).

[117]   U.S. Dep’t of Treasury, Prepared Remarks of FinCEN Acting Director Himamauli Das During NYU Law’s Program on Corporate Compliance and Enforcement (Mar. 25, 2022), available here.

[118]   Paul, Weiss, OFAC and FinCEN Take Action Following Recent Hamas Terrorist Attacks in Israel (Oct. 24, 2023), available here.

[119]   U.S. Dep’t of Treasury, FinCEN Alert on Potential U.S. Commercial Real Estate Investments by Sanctioned Russian Elites, Oligarchs, and Their Proxies (Jan. 25, 2023), available here.

[120]   Paul, Weiss, Economic Sanctions and Anti-Money Laundering Developments: 2022 Year in Review, at 22 (Mar. 1, 2023), available here.

[121]   Paul, Weiss, FinCEN and BIS Issue Joint Notice Emphasizing That Financial Institutions Should Monitor for Possible Export Control Violations (Nov. 14, 2023), available here.

[122]   See FinCEN and BIS, FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security Urge Increased Vigilance for Potential Russian and Belarusian Export Control Evasion Attempts (June 28, 2022), available here; FinCEN and BIS, Supplemental Alert: FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security Urge Continued Vigilance for Potential Russian Export Control Evasion Attempts (May 19, 2023), available here.

[123]   FinCEN, FinCEN Analysis Reveals Trends and Patterns in Suspicious Activity Potentially Tied to Evasion of Russia-Related Export Controls (Sept. 8, 2023), available here.

[124]   U.S. Dep’t of Treasury, FinCEN Announces $15 Million Civil Money Penalty Against Shinhan Bank America for Violations of the Bank Secrecy Act (Sept. 29, 2023), available here; see also U.S. Dep’t of Treasury, In the Matter of Shinhan Bank America, No. 2023-03, available here.

[125]   U.S. Dep’t of Treasury, FinCEN Announces $15 Million Civil Money Penalty Against Bancrédito International Bank and Trust Corporation for Violations of the Bank Secrecy Act (Sept. 15, 2023), available here.

[126]   U.S. Dep’t of Treasury, National Money Laundering Risk Assessment (Feb. 2022), available here. International Banking Entities “present money laundering vulnerabilities to the U.S. financial system” and are of “particular concern because of their offshore banking business model.”

[127]   U.S. Dep’t of Treasury, FinCEN Announces $15 Million Civil Money Penalty Against Bancrédito International Bank and Trust Corporation for Violations of the Bank Secrecy Act (Sept. 15, 2023), available here; FinCEN, In the Matter of Bancrédito International Bank and Trust Corporation, No. 2023-02, available here.

[128]   U.S. Dep’t of Treasury, FinCEN Assesses $1.5 Million Civil Money Penalty Against Kingdom Trust Company for Violations of the Bank Secrecy Act (Apr. 26, 2023), available here.

[129]   U.S. Dep’t of Treasury, FinCEN Announces Largest Settlement in U.S. Treasury Department History with Virtual Asset Exchange Binance for Violations of U.S. Anti-Money Laundering Laws (Nov. 21, 2023), available here.

[130]   U.S. Dep’t of Treasury, U.S. Treasury Announces Largest Settlements in History with World’s Largest Virtual Currency Exchange Binance for Violations of U.S. Anti-Money Laundering and Sanctions Laws (Nov. 21, 2023), available here; Mengqi Sun, Binance Penalties Include a Number of Crypto Industry Firsts, Wall Street Journal (Nov. 22, 2023), available here.

[131]   Paul, Weiss, DOJ Announces New Department-Wide Mergers & Acquisitions Safe Harbor Policy and Emphasizes Expanded Focus on National Security Corporate Crime (Oct. 6, 2023), available here.

[132]   U.S. Dep’t of Just., Deputy Attorney General Lisa O. Monaco Announces New Safe Harbor Policy for Voluntary Self-Disclosures Made in Connection with Mergers and Acquisitions (Oct. 4, 2023), available here.

[133]   U.S. Dep’t of Just., Deputy Attorney General Lisa Monaco Delivers Remarks at American Bar Association National Institute on White Collar Crime (Oct. 4, 2023), available here.

[134]   Dylan Tokar, Justice Department’s Oligarch Hunters Widen Scope to Include Facilitators, Wall Street Journal (Sept. 7, 2023), available here.

[135]   Paul, Weiss, Deputy Attorney General Announces Creation of Disruptive Technology Strike Force (Mar. 3, 2023), available here.

[136]   Paul, Weiss, First Cases from DOJ’s Disruptive Technology Strike Force Cover Export Control Evasion and Trade Secret Theft (June 5, 2023), available here.

[137]   U.S. Dep’t of Just., Justice Department’s National Security Division Announces Key Corporate Enforcement Appointments (Sept. 11, 2023), available here.

[138]   See U.S. Dep’t of Just., Voluntary Self Disclosure and Monitor Selection Policies (Oct. 31, 2023), available here.

[139]   U.S. Dep’t of Just., NSD Enforcement Policy for Business Organizations (Mar. 1, 2023), available here.

[140]   U.S. Dep’t of Just., Departments of Justice, Commerce, and Treasury Issue Joint Compliance Note on Voluntary Self-Disclosure of Potential Violations (July 26, 2023), available here; Dep’t of Commerce, Dep’t of Treasury, Dep’t of Just., Department of Commerce, Department of the Treasury, and Department of Justice Tri-Seal Compliance Note: Voluntary Self-Disclosure of Potential Violations (July 26, 2023), available here.

[141]   U.S. Dep’t of Just., Deputy Attorney General Lisa O. Monaco Announces New Safe Harbor Policy for Voluntary Self-Disclosures Made in Connection with Mergers and Acquisitions (Oct. 4, 2023), available here; see U.S. Dep’t of Just., Principal Associate Deputy Attorney General Marshall Miller Delivers Remarks at the Global Investigations Review Annual Meeting (Sept. 21, 2023), available here.

[142]   U.S. Dep’t of Just., Five Federal Agencies Issue Joint Advisory on Safe Business Practices and Compliant Transfer of Goods (Dec. 11, 2023), available here.

[143]   Paul, Weiss, On One-Year Anniversary of Russia’s Invasion of Ukraine, OFAC and BIS Announce Expansive New Sanctions and Export Controls Targeting Russia and Belarus, While DOJ Increases Resources Targeting Sanctions Evasion (Mar. 8, 2023), available here; U.S. Dep’t of Just., Publication of Tri-Seal Compliance Note: Cracking Down on Third-Party Intermediaries Used to Evade Russia-Related Sanctions and Export Controls (Mar. 2, 2023), available here.

[144]   U.S. Dep’t of Just., Standards, Policies, and Procedures for the Selection of Corporate Monitors in National Security Division Matters (Feb. 28, 2023), available here. A monitor is an independent third party who oversees a company’s compliance with the terms of a deferred prosecution agreement (DPA), non-prosecution agreement (NPA), or plea agreement. The NSD policy does not extend to foreign investment security reviews.

[145]   U.S. Dep’t of Just., U.S. Department of Justice Criminal Division: Evaluation of Corporate Compliance Programs (Updated March 2023), available here.

[146]   U.S. Dep’t of Just., Principal Associate Deputy Attorney General Marshall Miller Delivers Remarks at the New York City Bar Association’s International White Collar Crime Symposium (Sept. 21, 2023), available here.; U.S. Dep’t of Just., Deputy Attorney General Lisa O. Monaco Announces New Safe Harbor Policy for Voluntary Self-Disclosures Made in Connection with Mergers and Acquisitions (Oct. 4, 2023), available here; U.S. Dep’t of Just., Deputy Assistant Attorney General Eun Young Choi Delivers Keynote Remarks at GIR Live: Sanctions & Anti-Money Laundering Meeting (Nov. 16, 2023), available here.

[147]   U.S. Dep’t of Just., Deputy Attorney General Lisa O. Monaco Delivers Remarks Announcing Binance and CEO Guilty Pleas to Federal Charges in $4B Resolution (Nov. 21, 2023), available here.

[148]   Paul, Weiss, DOJ and OFAC Reach Historic Resolutions with British American Tobacco for North Korea Sanctions Violations (May 22, 2023), available here.

[149]   U.S. Dep’t of Just., United States Obtains $629 Million Settlement with British American Tobacco to Resolve Illegal Sales to North Korea, Charges Facilitators in Illicit Tobacco Trade (Apr. 25, 2023), available here.

[150]   U.S. Dep’t of Treasury, Treasury Announces $508 Million Settlement with British American Tobacco Largest Ever Against Non-Financial Institution (Apr. 25, 2023), available here.

[151]   U.S. Dep’t of Just., Justice Department Announces First Criminal Resolution Involving the Illicit Sale and Transport of Iranian Oil in Violation of U.S. Sanctions (Sept. 8, 2023), available here.

[152]   Unsealed Complaint at 2, United States v. All Petroleum-Product Cargo Aboard The Suez Rajan With International Maritime Number 9524475, No. 23-CV-00882 (D.D.C. Mar. 31, 2023).

[153]   U.S. Dep’t of Just., Binance and CEO Plead Guilty to Federal Charges in $4B Resolution (Nov. 21, 2023), available here.

[154]   U.S. Dep’t of Treasury, U.S. Treasury Announces Largest Settlements in History with World’s Largest Virtual Currency Exchange Binance for Violations of U.S. Anti-Money Laundering and Sanctions Laws (Nov. 21, 2023), available here; Mengqi Sun, Binance Penalties Include a Number of Crypto Industry Firsts, Wall Street Journal (Nov. 22, 2023), available here.

[155]   U.S. Dep’t of Just., Tornado Cash Founders Charged with Money Laundering and Sanctions Violations (Aug. 23, 2023), available here.

[156]   Mengqi Sun, U.S. Charges Two Alleged Founders of Crypto Platform Tornado Cash with Money Laundering, Wall Street Journal (Aug. 23, 2023), available here.

[157]   U.S. Dep’t of Just., Justice Department Investigation Leads to Takedown of Darknet Cryptocurrency Mixer that Processed Over $3 Billion of Unlawful Transactions (Mar. 15, 2023), available here.

[158]   U.S. Dep’t of Just., Four Arrested and Multiple Russian Nationals Charged in Connection with Two Schemes to Evade Sanctions and Send U.S. Technology Used in Weapons Systems to Russia (Nov. 1, 2023), available here.

[159]   U.S. Dep’t of Just., President of Metalhouse LLC Pleads Guilty to Conspiracy to Launder Over $150 Million to Promote Russian Sanctions Violations (Oct. 3, 2023), available here.

[160]   U.S. Dep’t of Just., Second Conspirator in Russia-Ukraine Sanctions Violation Case Arrested (Apr. 19, 2023), available here.

[161]   U.S. Dep’t of Just., New York Attorney Pleads Guilty to Conspiring to Commit Money Laundering to Promote Sanctions Violations by Associate of Sanctioned Russian Oligarch (Apr. 25, 2023), available here.

[162]   Fed. Reserve Bd., Fed. Deposit Ins. Corp., U.S. Dep’t of Treasury, Final Interagency Guidance, Interagency Guidance on Third-Party Relationships: Risk Management, (June 9, 2023), available here.

[163]   U.S. Dep’t of Treasury, In the Matter of Lake Shore Savings Bank, No. 2023-02 (Feb. 9, 2023), available here.

[164]   Fed. Deposit Ins. Corp., FDIC Assesses Civil Money Penalty Against Shinhan Bank America, New York, NY (Sept. 29, 2023), available here.

[165]   Paul, Weiss, Economic Sanctions and Anti-Money Laundering Developments: 2022 Year in Review, at 22 (Mar. 1, 2023), available here.

[166]   Fed. Reserve Bd., Federal Reserve Board Announces It Has Fined Popular Bank $2.3 Million for Processing Six Paycheck Protection Program (PPP) Loans Despite Having Detected that the Loan Applications Contained Significant Indications of Potential Fraud (Jan. 24, 2023), available here.

[167]   Fed. Reserve Bd., Federal Reserve Board Fines Wells Fargo $67.8 Million for Inadequate Oversight of Sanctions Risk at Its Subsidiary Bank (Mar. 30, 2023), available here.

[168]   Fed. Reserve Bd., Federal Reserve Board Announces Two Enforcement Actions Against Deutsche Bank AG, Its New York Branch, and Other U.S. Affiliates (July 19, 2023), available here.

[169]   Fed. Reserve Bd., Federal Reserve Board Issues Enforcement Action and Fines Metropolitan Commercial Bank Approximately $14.5 Million for Violations of Customer Identification Rules and for Deficient Third-Party Risk Management Practices (Oct. 19, 2023), available here.

[170]   SEC, Observations from Anti-Money Laundering Compliance Examinations of Broker-Dealers (July 31, 2023), available here.

[171]   SEC, SEC Charges Broker-Dealer with Failing to Report Suspicious Transactions (Mar. 2, 2023), available here.

[172]   SEC, SEC Charges Merrill Lynch and Parent Company for Failing to File Suspicious Activity Reports (July 11, 2023), available here.

[173]   SEC, SEC Charges Archipelago Trading Services with Failing to File Suspicious Activity Reports (Aug. 23, 2023), available here.

[174]   Paul, Weiss, Economic Sanctions and Anti-Money Laundering Developments: 2022 Year in Review, at 22 (Mar. 1, 2023), available here.

[175]   SEC, Litigation Release No. 25844, SEC Obtains Final Judgment Against Brokerage Firm Charged with Anti-Money Laundering Violations (Sept. 22, 2023), available here.

[176]   SEC, Deutsche Bank Subsidiary DWS to Pay $25 Million for Anti-Money Laundering Violations and Misstatements Regarding ESG Investments (Sept. 25, 2023), available here.

[177]   SEC, SEC Charges Maxim with Failing to File Suspicious Activity Reports and Violations of Regulation SHO (Sept. 29, 2023), available here.

[178]   FINRA, FINRA Fines Merrill Lynch $6 Million for Longstanding AML Program Failures (July 11, 2023), available here.

[179]   Paul, Weiss, Economic Sanctions and Anti-Money Laundering Developments: 2022 Year in Review (Mar. 1, 2023), available here.

[180]   N.Y. Dep’t of Fin. Services, Superintendent Adrienne A. Harris Announces $100 Million Settlement with Coinbase, Inc. after DFS Investigation Finds Significant Failings in the Company’s Compliance Program (Jan. 4, 2023), available here.

[181]    NY Dep’t of Financial Services, In the Matter of Payoneer Inc. (Nov. 2, 2023), available here.

[182]   U.S. Dep’t of Treasury, OFAC Enters into $1,385,901.40 Settlement with Payoneer Inc. for Apparent Violations of Multiple Sanctions Programs (July 23, 2021), available here; see also Paul, Weiss, OFAC Enforcement Action Against U.S. Payments Company Shows the Importance of Robust Sanctioned Person and Location Screening (Aug. 13, 2021), available here.

[183]   N.Y. Dep’t of Fin. Services, Superintendent Adrienne A. Harris Announces $10 Million Settlement with Shinhan Bank America for Repeated Compliance Failures (Sept. 29, 2023), available here.

[184]   N.Y. Dep’t of Fin. Services, In the Matter of BITPAY, INC. (Mar. 16, 2023), available here.

[185]   N.Y. Dep’t of Fin. Services, Superintendent Adrienne A. Harris Announces $15 Million Penalty on Metropolitan Commercial Bank for Compliance Deficiencies in Third-Party Debit Card Program (Oct. 19, 2023), available here.

[186]   Paul, Weiss, Recent DOJ Announcement Signals Continued Surge of Resources to Combat Corporate National Security Crime (Sept, 14, 2023), available here.

[187]   For a further discussion on export controls and “outbound investment” restrictions, see Paul, Weiss, 2023 Year in Review: CFIUS, Outbound Investments and Export Controls (Dec. 21, 2023), available here.

[188]   Paul, Weiss, OFAC and FinCEN Take Action Following Recent Hamas Terrorist Attacks in Israel (Oct. 24, 2023), available here.

[189]   U.S. Dep’t of Treasury, OFAC Settles with Construction Specialties Inc. for $660,594 Related to Apparent Violations of the Iranian Transactions and Sanctions Regulations (Aug. 16, 2023), available here.

[190]   OFAC, OFAC Settles with Cameron International Corporation for Its Potential Civil Liability for Apparent Violations of Ukraine-Related Sanctions Regulations (Sept. 27, 2021), available here.

[191]   Paul, Weiss, DOJ Announces New Department-Wide Mergers & Acquisition Safe Harbor Policy and Emphasizes Expanded Focus on National Security Corporate Crime (Oct. 6, 2023), available here.

[192]   Paul, Weiss, FinCEN and BIS Issue Joint Notice Emphasizing That Financial Institutions Should Monitor for Possible Export Control Violations (Nov. 14, 2023), available here.

[193]   Paul, Weiss, DOJ and OFAC Reach Historic Resolutions With British American Tobacco for North Korea Sanctions Violations (May 22, 2023), available here.

[194]   Paul, Weiss, 2022 Year in Review: Economic Sanctions and Anti-Money Laundering Developments (Mar. 1, 2023), available here.

[195]   Roberto J. Gonzalez & Joshua R. Thompson, International Comparative Legal Guide to Sanctions: Sanctions USA 2024 (Sept. 27, 2023), available here.