TRM Labs | Aug 8, 2022
Key insights
- The U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) sanctioned Ethereum-based cryptocurrency mixer Tornado Cash, which has been used by North Korean cyber-criminals and other threat actors to launder the proceeds of hacks and other illicit activity
- Tornado Cash is a favorite money laundering tool for North Korean cybercriminals who, according to analysis by TRM Labs, have used the mixer to launder stolen funds in ten of their most recent crypto heists at an estimated value of nearly $1 billion, including in the $620 million Ronin Bridge hack
- Tornado Cash has been central to many other large cryptocurrency heists
- The U.S. government has been targeting mixers that launder proceeds of hacks and illicit activity — blender.io, Helix and Bitcoin Fog
See: Tornado Cash Virtual Currency Mixer Sanctioned by the U.S.
- As a result of today’s action, all property and interests in property of Tornado Cash in the U.S. is blocked and U.S. persons or entities may not transact with Tornado Cash or sanctioned persons
OFAC expects crypto businesses to follow best practices to mitigate the risk of sanctions’ exposure
In October 2021, OFAC issued guidance to cryptocurrency businesses. The guidance focuses on best practices for crypto businesses setting out five essential components of a compliance program including (1) management commitment, (2) risk assessment, (3) internal controls, (4) testing and auditing, and (5) training. These best practices become more important than ever when you are dealing with a designated entity the size of Tornado Cash.
OFAC outlines how crypto businesses should tailor their sanctions’ compliance programs to meet their own unique risk-based approach. Under the third category of internal controls OFAC provides additional guidance on the use of blockchain intelligence and other risk mitigation measures including:
- Transaction Monitoring and Investigation. According to OFAC, transaction monitoring and investigation software should be to identify transactions involving virtual currency wallet addresses associated with sanctioned individuals or entities located in sanctioned jurisdictions. Crypto businesses should also employ transaction monitoring and investigation tools to continually review historical information for such addresses or other identifying information to better understand their exposure to sanctions risks and identify sanctions compliance program deficiencies.
See: Federal Reserve: Crypto and DeFi Insights from Recent Turbulence Through a Financial Stability Lens
- Geolocation Tools. OFAC makes clear that it expects the use of geolocation tools and IP address blocking tools in order to ensure that a business is not transacting with sanctioned jurisdictions.
- Screen Relevant Data. OFAC expects that companies will screen customer and transactional data available to them against the SDN list and account for updates to user information.
- Know-Your-Customer Procedures. OFAC expects businesses to obtain KYC information from customers during onboarding and throughout the lifecycle of the customer relationship and use this information to conduct due diligence sufficient to mitigate the customer’s potential sanctions-related risk. Heightened due diligence, including examining customer transactional history, should be implemented for higher risks customers.
Continue to the full article –> here
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada’s Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
