On November 28, OFAC announced that crypto exchange Kraken agreed to pay a fine settling a civil liability related to the violation of sanctions on Iran. As part of the settlement, Kraken agreed to pay $362,000 and invest an additional $100,000 in sanctions compliance controls.
Policymakers and governments have steadily increased risk monitoring efforts to focus on cryptocurrencies and digital assets, a popular but largely unregulated sector.
About The Investigation
Newspapers first announced that Kraken was under investigation by the US Treasury Department’s Office of Foreign Assets Control (OFAC) in July on suspicion that the platform allowed Iranian users to utilize the site’s services, despite strict federal sanctions.
After the article appeared, Chief Legal Officer Marco Santori declined to comment but stated that Kraken has “robust compliance and continues to grow its compliance team to match its business growth. Kraken closely monitors compliance with sanctions laws and, as a general matter, reports to regulators even potential issues.”
Federal sanctions are an important coercive measure for achieving policy goals and other desired outcomes. By blocking individuals or nations from accessing the global financial system, the US government can effectively apply pressure to change the behaviour of the target country’s regime.
The United States imposed long-standing sanctions against Iran in response to the country’s nuclear program and continued government support for terrorist organizations, including Hezbollah, Palestine Islamic Jihad and Hamas.
Multiple crypto-users and addresses in Iran have been sanctioned.
The Crypto Industry and Sanctions
Kraken is not the only crypto-based organization that has come under fire in recent months. Reuters found that Binance continued to provide Iranian users with access to the platform, while crypto exchange BitGo and transaction processor BitPay have both been hit by steep Treasury fines for violations. Bittrex Inc was fined $29 million for apparent violations of sanctions and AML laws in 2022.
Others have taken a more proactive approach. Ethereum incubator ConsenSys blocked Iranian students from a coding boot camp in 2021, while OpenSea blocked Iranian users from their NFT trading site in 2022.
It’s no secret that the CEO and co-founder of Kraken have been critical and willing to challenge international sanctions in the past, stating that the “weaponisation of the financial system is immoral”, referring to “unfairly exclusionary” and “outdated” laws imposed by government agencies.
The Violations and Penalty
According to OFAC, Kraken processed 826 transactions worth nearly $1.7 million for users in Iran between October 2015 to June 2019. However, it should be said that the site had some controls in place. Kraken maintained an AML and sanctions compliance program, including onboarding screening checks. Users could not open an account in a jurisdiction subject to international sanctions. But the platform failed to implement IP address blocking based on geolocation, leaving the door wide open for sanctioned parties to trade.
It was found that once Kraken realized that a gap existed in their compliance controls, they implemented automated blocking for IP addresses linked to sanctioned jurisdictions as well as blockchain analytical tools supporting sanctions monitoring.
The statutory maximum civil monetary penalty applicable for violations of this nature is $272 228 964. The base monetary penalty in a violation case is typically 50% of the value of the transactions in question; in this case, $850,000. However, the relatively low settlement amount Kraken will pay reflects the non-egregious nature of the violation as well as OFAC’s determination to respond positively to self-disclosed, voluntary declarations of violations. OFAC also looks favourably upon the remedial efforts Kraken took to rectify the situation, including additional training and IP blocking.
OFAC’s enforcement release acknowledged that Kraken “failed to exercise due caution or care for its sanctions compliance obligations when, knowing it had customers worldwide, it applied its geolocation controls only at the time of onboarding and not with respect to subsequent transactional activity, despite having reason to know based on available IP address information that transactions appear to have been conducted from Iran.”
Kraken cooperated with OFAC’s investigation and has hired a dedicated head of sanctions to direct and implement a more robust sanctions compliance program. The company further expanded its contract with its sanctions screening provider to add additional screening capabilities to ensure compliance with OFAC’s rules related to beneficial ownership. Kraken also contracted with a vendor that is able to assist with identification and nationality verification using AI tools.
Becoming Compliant and Avoiding Penalties
OFAC encourages a risk-based approach to sanctions compliance, i.e. identifying and prioritizing the highest compliance risks to the organisation through compliance controls, policies and procedures. Once the compliance programme reduces the highest risks to acceptable levels, it can move to lower risks.
An acceptable sanctions compliance program for virtual currency companies will depend on its nature, size, sophistication, customers and geographic reach. Per OFAC, the program should be predicated on management commitment, robust risk assessment, internal controls, testing and auditing and training.
Sanctions screening forms an important part of every compliance program. In sanctions.io's Ultimate Sanctions Screening Guide, you can learn more about it.
If you would like to know more, book a demo with our team at sanctions.io. We provide a non-intrusive, highly accurate sanctions screening solution that effectively reduces AML, CFT and sanctions risks for financial institutions, including the crypto industry.