- Coinlist has settled a $1.2 million fine with OFAC for sanctions violations
- The failures related to OFAC’s sanctions against Russia, with Russian users able to trick Coinlist’s registration controls into joining
- Coinlist’s lapses in preventing sanctioned users highlight challenges in compliance during geopolitical events.
Crypto exchange Coinlist has agreed to a $1.2 million settlement with the US Office of Foreign Assets Control (OFAC) over sanctions violations. The fine reflects Coinlist’s inability to prevent users from sanctioned countries from using the service despite having measures in place to achieve this. The failures relate to Russian users being able to register with Coinlist since the invasion of Ukraine which breached OFAC’s policy, made in the wake of the invasion.
Coinlist Had Controls in Place
OFAC explained that Coinlist users undergo a KYC process upon registration, supplying personal details such as residence, address, and identification. Coinlist implements sanctions compliance measures, screening customers against OFAC lists, conducting transaction monitoring, and utilizing blockchain analytics, which, until OFAC updated its policy to sanction Russian users, seemed to be effective. It also enforces controls like IP address restrictions for sanctioned jurisdictions.
From 2021, Coinlist took steps to prevent transactions involving high-risk jurisdictions, instituting holds on users’ wallets for review and implementing further IP controls. By spring 2021, automated rejection protocols were introduced for users presenting identification cards or addresses from comprehensively sanctioned jurisdictions.
Users Able to Trick the System
Despite these measures, OFAC reports that Coinlist’s screening procedures had shortcomings. Notably, users falsely claiming residence in non-embargoed countries provided Crimea addresses, circumventing detection. Approximately 89 accounts were opened with users stating “Russia” as their residence but providing Crimean addresses, creating a blind spot in Coinlist’s screening protocols.
The discrepancy arose from the country-of-residence field indicating “Russia,” while users specified Crimea in other data fields. Consequently, Coinlist’s screening failed to identify likely Crimean residence due to this misalignment in user-provided information.
OFAC noted that this lapse in screening protocols highlights challenges in addressing nuanced data inputs and the need for enhanced measures to identify potential risks accurately.