The U.S. Treasury Office of Foreign Assets Control (OFAC) has entered into a $98,830 settlement with an institutional crypto custodian service and wallet operator BitGo, Inc. for apparent violations of multiple sanctions programs related to digital currency transactions.
Apparent violations occurred due to BitGo not identifying the country from which users virtually accessed their accounts and relied solely on the information provided by the users themselves. This caused 183 processed digital currency transactions, totaling $9,127.79, on behalf of individuals who, based on their IP addresses, were located in sanctioned jurisdictions – Crimea, Cuba, Iran, Sudan, and Syria.
At the time of the apparent violations, BitGo tracked its users’ IP addresses for security purposes related to account logins, however, it did not use these IP addresses for sanctions compliance purposes. As a result, users located in Crimea, Cuba, Iran, Sudan, and Syria were able to create and use digital currency wallets on BitGo’s platform and engage in digital currency transactions, despite BitGo’s ability to identify the location of these users. OFAC stated that having the ability to know users’ location but still failing to prevent persons apparently located in sanctioned jurisdictions to open accounts and send digital currencies via the company’s platform is an aggravating factor when deciding on the severity of violations.
OFAC also stated that the maximum civil monetary penalty in this matter is $53,051,675, as the company failed to inform OFAC about said transactions and did not voluntarily self-disclose violations of apparent sanctions.
This case illustrates the importance for crypto firms to be able to monitor and block their users’ IP addresses in AML/CTF processes and, more generally, the necessity of having a tailored, risk-based sanctions compliance program.