Pub. 12 2021 Issue 4

wvbankers.org 26 West Virginia Banker I n October, the Office of Foreign Assets Control (OFAC) published more targeted guidance for digital asset companies related to compliance with sanctions and best practices for mitigating risks. OFAC’s virtual currency guidance is directed at the entire industry, including “technology companies, exchangers, administrators, miners, wallet providers, and users.” It aims to “help the virtual currency industry prevent exploitation by sanctioned persons and other illicit actors,” according to the press release issued with the guidance. Essentially, the guidance emphasizes that anyone subject to U.S. sanctions laws and regulations must continue to abide by them when engaging with virtual currencies. The guidance provides several best practices that entities involved in virtual currency activities should follow to remain in compliance and to mitigate penalties in instances of compliance failures. These practices will be familiar to anyone with experience in sanctions compliance and best practices that apply to other industries. This said, the document notes, compliance solutions should reflect a risk-based approach and should be tailored to the type of product or business involved, its size and level of sophistication, its clients and counterparties, and the locations it serves. OFAC also expects companies to implement these practices sooner rather than later in the company’s existence before any products and services are released. While there is no single compliance program to suit all scenarios, implementing OFAC’s best practices, as follows, can prevent sanctions violations and serve as a mitigating factor should any violations occur. Management Commitment Management should commit to enforcing a culture of compliance throughout the organization from the company’s earliest days. OFAC recommends specific actions that management can take to set an appropriate tone from the top, including reviewing and endorsing compliance procedures, allocating adequate resources to compliance, delegating autonomy and authority to the compliance department, and appointing an experienced sanctions compliance officer. Risk Assessment Regular and ongoing risk assessments should be conducted to identify risks associated with sanctions compliance. Activities and relationships associated with foreign jurisdictions or foreign persons should be assessed for their potential to expose a company to sanctioned persons or places. A virtual currency company’s risk assessment process should be tailored to the types of products and services offered and the locations in which such products and services are offered. Appropriately customized risk assessments should reflect a company’s customer or client base, products, services, supply chain, counterparties, transactions, and geographic locations, and may also include evaluating whether counterparties and partners have adequate compliance procedures. Internal Controls Internal controls should be able to “identify, interdict, escalate, report (as appropriate), and maintain records for” prohibited activities. Useful internal controls include sanctions screening, geolocation tools, know your customer OFAC Issues New Guidance Directed at Virtual Currency Industry: What You Need to Know By Roger Morris, Compliance Alliance