In light of Kraken violating US sanctions against Iran, Gatenox CEO, Pawel Kuskowski invited top practitioners of corporate compliance, Carol Van Cleef and Amber Scott to discuss sanctions breach regulations and give their views on how the impact of self-disclosure and having a compliance program can potentially reduce the fine given to an entity as well as the complexities of tackling geolocation issues.
Pawel started off the discussion by quoting a tweet by Jesse Powell, Kraken’s CEO, on Carol’s Twitter account, “To be clear, the payment is for settlement, not a fine of a self-disclosed potential issue. The Geo IP is complicated, and it is not about KYC. People can register in one place and travel to another. Geo IP databases can become stale and imperfect. People use proxies”.
Pawel asked a very important follow up question from this tweet – is there any way that you can create a defense by self-disclosing sanction breach or sanction deficiencies?
Amber responds to this by saying that there are very different laws depending on which sanction has been breached. She admits that compliance is not perfect, but the intent is never to impose penalties where people made their best efforts to do what they were expected to do and complied with all the regulatory obligations.
Carol shares that the US Office of Foreign Assets Control (OFAC) sanctions compliance and regulatory regimes can sometimes cause confusion amongst people. She adds that zero liability is not taken as a fully strict liability but it is basically how OFAC approaches the world. Carol says “OFAC is saying thou shall not do something. The expectation is thou isn’t doing something and if thou does something”, then OFAC can impose penalties.
If thou self-discloses a violation, the fine that would be imposed by OFAC will be cut in half. Another major mitigating factor is where there is a compliance program that contains many of the elements that OFAC is looking for which would consequently reduce the chance of a violation. A key element of that is using an interdiction which allows one to review transactions before they happen.
Unfortunately, under OFAC, if someone allows a transaction to go through, penalties are inevitable. Nevertheless, having a compliance structure at least establishes the fact that all necessary steps to avoid such transactions were taken. The problem with the crypto world is that it is very difficult to be able to interdict before transactions happen.
A key highlight of the discussion was also focused on banks offering services to companies that are operating in the crypto space. In the UK and the rest of Europe, banks are reluctant to invest in crypto.
In addition to that, it is important that the individual who runs the bank has some sort of financial skill that he or she has acquired patiently, over time. Regulatory regimes, be that in any country, do not approve of individuals without those skills to be owners of banks as they do not have the necessary experience to be the director or be in the top management of a federally regulated financial institution.
Carol also tackles the accuracy of FTX media coverage and starts an interesting discussion on the processes banks who hold cryptocurrency assets are putting in place in response to the FTX fallout, including proof of reverse disclosure.
Watch the whole discussion: Discussing sanctions breach regulation