If you’ve been following the news recently, you’ve probably heard about the recent legal sanction by the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) against the SUEX cryptocurrency exchange.

While this sanction does not have a direct impact on all organizations working with cryptocurrency, it does emphasize the need for legal compliance and awareness when it comes to financial sanctions in the U.S. What exactly are the details of this incident, and what implications does it have for businesses operating in future cryptocurrency markets?

What Is Cryptocurrency?

Whether it’s Bitcoin, Ethereum, or any other alternative coin, cryptocurrency all relies on blockchain technology where transactions are verified across a whole network of users. Unlike traditional currencies, there is no single authority for centralized management.

A blockchain is a digital ledger that records transactions, and every user in a crypto network has an up-to-date copy of the blockchain. The proponents of cryptocurrency consider blockchain a strong point because it prevents a single entity from exploiting the entire system and helps fight fraudulent activity since every entity in the network must verify the transactions.

Cryptocurrencies have seen a significant rise in popularity in recent years, and multiple versions have popped up, all with their own features, advantages, and drawbacks.

So What’s the Problem?

Cryptocurrency itself is certainly legal and will remain so, but its users are always at risk of perpetrating cybercrime using it. Ransomware has been an issue in the past, most notably with the Colonial Pipeline on the East Coast and another attack impacting agricultural grain harvesting in Iowa.

In fact, the numbers are telling us that it's a growing problem. The total amount of ransom paid in 2020 was over quadruple what it was just a year ago.

Unfortunately, ransomware attacks are facilitated by cryptocurrency exchanges, hence why the U.S. government has its eyes on companies like SUEX. Keep in mind that you can avoid such sanctions with the right cybersecurity and accountability precautions.

The SUEX Sanction And What We Can Learn From It

OFAC has recently issued a sanction against the SUEX virtual currency platform for serving perpetrators of ransomware attacks. The report by the Treasury indicated that 2 out of every 5 transactions at the exchange likely involved illicit activity like money laundering.

As a result, the exchange and any connected with the incident will be barred from doing business with U.S. entities in the future. Other companies dealing with cryptocurrency must be aware that a new precedent has been set for later legal sanctions.

The Implications

It’s more important than ever to keep track of cryptocurrency regulations and ensure that your business stays compliant with OFAC’s rulings. Don’t worry: the Treasury does not intend to ban cryptocurrency; it has indicated that it will only go after illicit actors in the field.

If your organization works with virtual currencies, consider adopting cybersecurity practices to make sure you don’t end up facing the same fate. Have antivirus and antimalware software active; have an authentication system in place to ensure that only allowed users can access your network; and provide cybersecurity training to your staff.

Even with these preparations, it’s still advised to backup your sensitive data regularly and plan in advance for incident response.

Best Practices For OFAC Cryptocurrency Compliance

Five major components make up a robust compliance program for companies dealing with cryptocurrency exchange.

  • Identifying vulnerabilities through risk assessment and management. Whenever you work with third-parties, review your touchpoints and any risks you may encounter.
    • Allowing for effective audits to check on your security posture regularly. This step allows you to make improvements and identify weaknesses in your defenses.
    • Having internal controls in place to readily report and address these risks with due diligence.
    • Instilling cybersecurity practices into the work culture through employee training. Awareness matters when it comes to reducing risk.
    • Getting upper management on board with your efforts. If they can understand why cybersecurity matters, they will divert resources and instill the proper controls for strong compliance efforts.

For more information and tips, consult OFAC’s official Sanctions Compliance Guidance document.

How Descartes Can Help

For companies unsure about their current readiness to handle the rapid pace of changes to the compliance landscape, there are several options. Solutions provided by leading vendors, such as from Descartes Systems Group, can help organizations rapidly deploy full-fledged compliance solutions, including denied and restricted party screening, sanctioned ownership screening to account for regulations such as the OFAC 50 percent rule, and export documentation and licensing management.

Compliance is an ongoing process, and the most important thing an organization can do to remain on the straight and narrow is to be aware of the ongoing changes in the compliance world as they occur, and to adapt to the changes in a timely manner.

Written by Jackson Wood

Director, Industry Strategy, Global Trade Intelligence, Descartes