How U.S. banks can stay compliant with sanctions against Russia

Financial institutions need to do their due diligence, review internal processes and remain extra vigilant to keep their organization and customers safe.

Starting  in late February, the U.S. government has imposed an extensive list of sanctions against Russia that target the country’s top financial institutions, including its largest banks, economic elites and their family members, and major state-owned enterprises.

What do U.S. financial institutions have to do to remain compliant with the new sanctions? There are four vital angles Bank Secrecy Act officers should consider.

Sign up for the free BAI Banking Strategies newsletter and get industry insights delivered to your inbox.

By clicking the Subscribe button, you acknowledge that you have read our Privacy Policy and Terms of Use and agree to be bound by them.

Office of Foreign Assets Control (OFAC)

Before the war, Russian financial institutions conducted $46 billion worth of foreign exchange, 80% of which was in U.S. dollars. In the past few days, the OFAC added Russia’s top 10 financial institutions to its sanctions list, disrupting their ability to move money. Several influential Russian billionaires and government leaders were also added to the list, many of which have assets and businesses in the U.S.

It is the responsibility of BSA officers to monitor all foreign transactions, ensure their financial institution’s OFAC list is in line with the latest update and run all transactions and customers through the list. If they come across a positive hit, they must fill a Suspicious Activity Report immediately to remain compliant.

SWIFT

This week, the U.S. and the European Union removed a number of Russian banks –as well as the Central Bank of Russia – from the SWIFT network.

Most people think of SWIFT as a wire messaging network, but in many parts of the world, SWIFT runs credit cards, interbank transfers and facilitates other global monetary transfers. The power of SWIFT lies in its ability to move money securely and rapidly.

To remain compliant, BSA officers need to add Russia to their sanctioned country list. Once that’s in order, officers will be able to determine if any active transactions, or those pushed through the SWIFT system after February 26th, originated from the sanctioned entities. If so, BSA officers need to immediately file a SAR.

Cryptocurrency

While the previous recommendations may be obvious to seasoned BSA officers, keeping an eye on cryptocurrency may be less intuitive. In recent days, we have seen virtual currencies bounce higher at the same time that global stock markets and other conventional asset classes are experiencing volatility.

Gains in Bitcoin, Ethereum and other coins are due in part to Russian nationals escaping sanctions by liquidating savings from their financial institutions and investing them into cryptocurrency, a non-regulated channel. Others have been liquidating their traditional bank accounts to invest in crypto in fear of Russian cyberattacks on their financial institutions.

Banks need to monitor incoming deposits for crypto funds and report any large influx. If they detect a transaction done through a foreign national’s account that involves a large incoming deposit from a crypto exchange, they should immediately file a SAR and let the government take over the investigation.

Cybersecurity

Cybersecurity is a big component of Russia’s arsenal. The country has always posed a threat to the U.S. and its allies in the cyberworld, from alleged ransomware attacks to influencing our elections.

From a cybersecurity position, all U.S. financial institutions and enterprises need to be on the highest alert as we continue to impose stronger actions. Experts believe that the financial, utility and military sectors would likely be the first targets.

To keep their organizations and customers safe, bankers need to ensure they have a true cybersecurity policy and have completed their risk assessments. They should review their escalation levels and potentially raise them. They should also inform employees of the heightened threat, make sure they are prepared in case of an attack and know to treat suspicious emails and messages with added caution. Russia has already attacked Ukrainian financial institutions, so it may only be a matter of time until they focus on us.

U.S. financial institutions need to do their due diligence, review internal processes and remain extra vigilant and cautious during this time of crisis. Following this course will not only help them remain compliant with our government’s sanctions on Russia, but will also enable them to keep their organization and customers safe.

Rene Perez is a financial crimes consultant at Jack Henry & Associates.