Digital Currency: OFAC’s New Frontier Starts with Iran

In a steady drumbeat of US sanctions targeting Iran during the month of November 2018, the Office of Foreign Assets Control has designated Iran-based financial facilitators of malicious cyber activity and, for the first time, associated digital currency addresses.

On November 28, 2018, OFAC designated two Iran-based individuals, Ali Khorashadizadeh and Mohammad Ghorbaniyan as Specially Designated Nationals under Executive Order 13694 for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, the SamSam ransomware attacks, which targeted critical computer infrastructure in the United States and elsewhere, and in the process extorted millions of dollars in ransom payments.

Khorashadizadeh and Ghorbaniyan helped exchange digital currency ransom payments into Iranian rial for Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, the Iran-based individuals indicted in the US District Court for the District of New Jersey for deploying their SamSam ransomware to extort more than 200 victims, including hospitals, municipalities, and public institutions throughout the United States, United Kingdom and Canada. The cyberattack is said to have caused over $30 million in losses. According to the indictment, the first of its kind, Savandi and Mansouri collected over $6 million in ransom payments.

OFAC identified and listed two digital currency addresses (listed below) associated with SDNs Khorashadizadeh and Ghorbaniyan. Digital currency addresses are alphanumeric identifiers that represent a potential destination for digital currency transfers, and are associated with a digital currency wallet – ordinarily a software application through which its owner can hold, store, and transfer digital currency.

Digital Currency Addresses

  • 149w62rY42aZBox8fGcmqNsXUzSStKeq8C
  • 1AjZPMsnmpdK2Rv9KQNfMurTXinscVro9v

Handling Digital Currency? Start Screening.

OFAC requires US persons to block transactions denominated in digital currency, such as bitcoin, involving a property interest of an SDN, just as it imposes this requirement on transactions denominated in traditional (fiat) currencies and other property. In other words, a US person that provided services to one of the two digital currency addresses OFAC has designated would be required to block the transaction, as well as report it to OFAC within 10 business days. Not doing so violates US sanctions laws.

Once a prohibited digital currency transaction is identified, there is not a particular required method for blocking such property, provided the blocked person’s access remains denied. Blocked digital currency may remain in its digital form as there is no requirement to convert it into traditional currency or some other form.

Critically, the OFAC compliance community should be aware that it is not yet possible to search for digital currency addresses on OFAC’s Sanctions List Search tool or the Consolidated Screening List, so it is important to be aware of and search for other relevant identifiers. Accordingly, persons who provide services to digital currency accounts need to adjust their sanctions compliance procedures to ensure they are checking the digital addresses.

Contacts

Continue Reading