Record Sanctions Penalty Shows OFAC Is 'Just Getting Started,' Law Firms Say
The Office of Foreign Assets Control’s historic fine of virtual currency exchange Binance could signal more enforcement action against fintech companies, particularly those that may be cutting corners within their sanctions compliance programs, law firms said this month. They also said the case shows OFAC may specifically be targeting companies that don’t have enough compliance buy-in from senior management.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
The $968 million settlement with Binance, the largest civil sanctions penalty ever announced by OFAC, isn’t “niche or limited to cryptocurrencies or the exchanges on which they are traded,” Sheppard Mullin said in a client alert. “In going after the largest cryptocurrency exchange in the world, OFAC is sending a clear message to any company involved in FinTech: you cannot hide behind your algorithms or paper compliance programs.”
OFAC fined Binance after it allegedly violated multiple U.S. sanctions programs by allowing people who were either subject to sanctions or located in sanctioned jurisdictions to use its platform (see 2311210076). The record fine shows OFAC may continue to prioritize the fintech industry, Sheppard Mullin said, and could go after both startups and established financial institutions.
“The message is not that OFAC is done with enforcement in this area,” the firm said. “It appears the agency is just getting started.”
Kelley Drye said the settlement reflected the “enormity and aggravated nature” of Binance’s alleged violations and signaled OFAC’s “willingness to take aggressive enforcement action within the virtual currency industry.” The firm said anyone with ties to money-services businesses should review compliance with sanctions, anti-money laundering and “other U.S. national security obligations.”
In the Nov. 21 announcement, OFAC stressed that many of Binance’s “egregious” sanctions violations stemmed from its executives pretending to invest in compliance. Sheppard Mullin noted that Binance’s terms of use asked users to declare that they weren’t on a sanctions list but “considering most people never read Terms of Service," the firm said, "it is easy to see why this was ineffective.”
Binance also created a U.S.-only platform and had internet protocol screening in place, but the company encouraged the use of virtual private networks “to work around these geofencing” measures, the firm said. It added that any virtual currency platform should have in place Know Your Customer procedures, transaction monitoring, regular testing and audits and “empower operations managers to make changes where needed.”
OFAC said Binance lacked in all those areas, and Sheppard Mullin said Binance’s problems “started at the top.” The company’s CEO and chief compliance officer “painted a rosy picture of compliance when dealing with third parties, but internally, they made deliberate choices to hamstring their own compliance program,” which OFAC pointed to as an aggravating factor in calculating the record penalty.
“If anything,” Sheppard Mullin said, “this should highlight the importance of management buy-in to compliance programs because that is where a culture of compliance can begin.”
Kelley Drye said investing in a compliance program -- such as establishing a “corporate culture of compliance” and preventing messaging that encourages employees to evade internal compliance controls -- can save companies from strict government monitoring agreements if they are caught committing a violation. The firm noted that Binance agreed to hire an independent monitor for the next five years and is required to completely exit the U.S.
Sheppard Mullin said the settlement also means OFAC is willing to target emerging industries, no matter how new they are. “FinTech companies cannot claim that, just because theirs is a new area, a new technology, a new way of doing business,” the firm said, “that it cannot be subject to, or comply with, the existing rules that govern international transactions involving U.S. persons, U.S. banks, or the U.S. Dollar.”