By Rene Perez, Financial Crime Consultant at Jack Henry & Associates
More than two months ago, February 23rd at 5 a.m. local time, Russia invades Ukraine. Since then, news channels and social media news feeds around the world have covered developments daily, including the implementation of economic sanctions against Russia.
Since the start of the war, the US government has imposed a long list of sanctions against Russia, which are intended to have both immediate and long-term effects on the country’s economy. The sanctions targeted Russia’s largest financial institution, Sberbank, and Russia’s largest private bank, Alfa Bank, Russian elites and their family members, large Russian state-owned companies, and banned new investment in Russia. , among others.
At the start of the war, Bank Secrecy Act (BSA) officers at American financial institutions took immediate action to maintain sanctions compliance. First, agents monitored all foreign transactions, ensured that their financial institution’s Office of Foreign Assets Control (OFAC) list was compliant with the latest update, and executed all transactions and customers through the listing. This proved difficult, as not all Russian industries are on the sanctions list – for example, oil and gas transactions are still allowed. As a result, BSA officers closely monitor and scrutinize every transaction, making sure they cancel some and clear others. When they encounter a positive result, they immediately issue a Suspicious Activity Report (SAR) to stay in compliance.
BSA agents also focused on adding Russia to their list of sanctioned countries to determine whether any active transactions or those transmitted through the SWIFT system after February 26and – the day SWIFT removed Russian financial institutions from its channel – came from sanctioned entities. If so, they should also immediately file a SAR. Interestingly, Russia has pushed China’s Cross-Border Interbank Payment System (CIPS) as an alternative payment channel to SWIFT. CIPS was established in 2015 as a payment clearing and settlement system for transactions using the yuan, as part of China’s broader ambition in international finance. The channel never really took off globally like SWIFT, being mainly used by Chinese financial institutions. However, as the sanctions continue to escalate, BSA officers should keep an eye on transactions going through CIPS, as it has already started to be used by some Russian financial institutions.
While staying OFAC compliant and monitoring SWIFT transactions were obvious immediate actions for most experienced BSA officers, paying attention to virtual currencies probably wasn’t. While conventional assets have seen volatility over the past two months, crypto has gained ground as many Russians liquidated their savings with traditional financial institutions and invested them in crypto, an unregulated channel. Cryptocurrency continues to be very fluid as the war develops, and we have already started to see funds flow from crypto accounts to US financial institutions. For example, a client of Jack Henry started receiving crypto deposits into an inactive corporate account that was already flagged as a potential front company, setting off serious alarms within the institution. BSA officers must remain vigilant and monitor all crypto transactions, and if they see a large deposit from a foreign domestic account, they must file an SAR immediately.
Finally, we have already seen an increase in cyberattacks against US financial institutions, food producers, and utility companies from the Conti ransomware gang. Conti, one of the most prolific ransomware groups in the world, is known to originate from Russia. In February, members of the gang showed their support for the Russian invasion of Ukraine. Cybersecurity has always been an important component of Russia’s arsenal, and the country is a real threat to the United States and our allies in the cyber world. US financial institutions and businesses need to be on high alert, develop or review their cybersecurity policy and complete their risk assessments, as well as review and potentially increase their escalation levels. In addition, they must also inform and educate their employees and customers about the increased threat level and prepare them to respond effectively in the event of an attack.
As with everything in the world of financial crime, this crisis too will pass. In the meantime, US financial institutions, and in particular BSA officers, must remain extremely cautious and vigilant, review internal processes and closely monitor suspicious activity. This is the only way to remain compliant with government sanctions while keeping their customers and employees safe and their reputations intact.
About the Author:
Rene Perez is a financial crimes consultant at Jack Henry & Associates, leading the firm’s financial crimes portfolio for 13 years. He also contributes to the Federal Reserve Bank Payments Improvement Fraud Task Force. Jack Henry (NASDAQ: JKHY) is a leading SaaS provider primarily aimed at the financial services industry. Learn more about their contributions to risk management here.