[House Hearing, 117 Congress]
[From the U.S. Government Publishing Office]
SCHEMES AND SUBVERSION: HOW BAD
ACTORS AND FOREIGN GOVERNMENTS
UNDERMINE AND EVADE SANCTIONS REGIMES
=======================================================================
VIRTUAL HEARING
BEFORE THE
SUBCOMMITTEE ON NATIONAL SECURITY,
INTERNATIONAL DEVELOPMENT
AND MONETARY POLICY
OF THE
COMMITTEE ON FINANCIAL SERVICES
U.S. HOUSE OF REPRESENTATIVES
ONE HUNDRED SEVENTEENTH CONGRESS
FIRST SESSION
__________
JUNE 16, 2021
__________
Printed for the use of the Committee on Financial Services
Serial No. 117-32
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
__________
U.S. GOVERNMENT PUBLISHING OFFICE
45-357 PDF WASHINGTON : 2021
-----------------------------------------------------------------------------------
HOUSE COMMITTEE ON FINANCIAL SERVICES
MAXINE WATERS, California, Chairwoman
CAROLYN B. MALONEY, New York PATRICK McHENRY, North Carolina,
NYDIA M. VELAZQUEZ, New York Ranking Member
BRAD SHERMAN, California FRANK D. LUCAS, Oklahoma
GREGORY W. MEEKS, New York PETE SESSIONS, Texas
DAVID SCOTT, Georgia BILL POSEY, Florida
AL GREEN, Texas BLAINE LUETKEMEYER, Missouri
EMANUEL CLEAVER, Missouri BILL HUIZENGA, Michigan
ED PERLMUTTER, Colorado ANN WAGNER, Missouri
JIM A. HIMES, Connecticut ANDY BARR, Kentucky
BILL FOSTER, Illinois ROGER WILLIAMS, Texas
JOYCE BEATTY, Ohio FRENCH HILL, Arkansas
JUAN VARGAS, California TOM EMMER, Minnesota
JOSH GOTTHEIMER, New Jersey LEE M. ZELDIN, New York
VICENTE GONZALEZ, Texas BARRY LOUDERMILK, Georgia
AL LAWSON, Florida ALEXANDER X. MOONEY, West Virginia
MICHAEL SAN NICOLAS, Guam WARREN DAVIDSON, Ohio
CINDY AXNE, Iowa TED BUDD, North Carolina
SEAN CASTEN, Illinois DAVID KUSTOFF, Tennessee
AYANNA PRESSLEY, Massachusetts TREY HOLLINGSWORTH, Indiana
RITCHIE TORRES, New York ANTHONY GONZALEZ, Ohio
STEPHEN F. LYNCH, Massachusetts JOHN ROSE, Tennessee
ALMA ADAMS, North Carolina BRYAN STEIL, Wisconsin
RASHIDA TLAIB, Michigan LANCE GOODEN, Texas
MADELEINE DEAN, Pennsylvania WILLIAM TIMMONS, South Carolina
ALEXANDRIA OCASIO-CORTEZ, New York VAN TAYLOR, Texas
JESUS ``CHUY'' GARCIA, Illinois
SYLVIA GARCIA, Texas
NIKEMA WILLIAMS, Georgia
JAKE AUCHINCLOSS, Massachusetts
Charla Ouertatani, Staff Director
Subcommittee on National Security, International
Development and Monetary Policy
JIM A. HIMES, Connecticut, Chairman
JOSH GOTTHEIMER, New Jersey ANDY BARR, Kentucky, Ranking
MICHAEL SAN NICOLAS, Guam Member
RITCHIE TORRES, New York PETE SESSIONS, Texas
STEPHEN F. LYNCH, Massachusetts ROGER WILLIAMS, Texas
MADELEINE DEAN, Pennsylvania FRENCH HILL, Arkansas
ALEXANDRIA OCASIO-CORTEZ, New York LEE M. ZELDIN, New York
JESUS ``CHUY'' GARCIA, Illinois TOM EMMER, Minnesota
JAKE AUCHINCLOSS, Massachusetts WARREN DAVIDSON, Ohio
ANTHONY GONZALEZ, Ohio
C O N T E N T S
----------
Page
Hearing held on:
June 16, 2021................................................ 1
Appendix:
June 16, 2021................................................ 29
WITNESSES
Wednesday, June 16, 2021
Garces, Ivan A., Principal and Chair, Risk Advisory Services,
Kaufman Rossin................................................. 6
Kumar, Lakshmi, Policy Director, Global Financial Integrity (GFI) 8
Lorber, Eric B., Senior Director, Center on Economic and
Financial Power, Foundation for Defense of Democracies......... 12
Spiro, Jesse, Chief, Government Affairs, Chainalysis............. 10
Taliaferro, Jeffrey W., Professor, Department of Political
Science, Tufts University...................................... 5
APPENDIX
Prepared statements:
Garces, Ivan A............................................... 30
Kumar, Lakshmi............................................... 38
Lorber, Eric B............................................... 52
Spiro, Jesse................................................. 70
Taliaferro, Jeffrey W........................................ 89
Additional Material Submitted for the Record
Himes, Hon. Jim A.:
Written responses to questions for the record submitted to
Ivan A. Garces............................................. 96
Written responses to questions for the record submitted to
Jesse Spiro................................................ 103
Davidson, Hon. Warren:
THE FINCEN FILES............................................. 128
Wall Street Journal article, ``Untraceable Bitcoin Is a
Myth''..................................................... 149
SCHEMES AND SUBVERSION:
HOW BAD ACTORS AND FOREIGN
GOVERNMENTS UNDERMINE AND
EVADE SANCTIONS REGIMES
----------
Wednesday, June 16, 2021
U.S. House of Representatives,
Subcommittee on National Security,
International Development
and Monetary Policy,
Committee on Financial Services,
Washington, D.C.
The subcommittee met, pursuant to notice, at 2:03 p.m., via
Webex, Hon. Jim A. Himes [chairman of the subcommittee]
presiding.
Members present: Representatives Himes, Gottheimer, Lynch,
Dean, Auchincloss; Barr, Williams of Texas, Hill, Davidson, and
Gonzalez of Ohio.
Chairman Himes. The Subcommittee on National Security,
International Development and Monetary Policy will come to
order.
Without objection, the Chair is authorized to declare a
recess of the subcommittee at any time.
Also, without objection, members of the full Financial
Services Committee who are not members of this subcommittee are
authorized to participate in today's hearing.
And as a reminder, I ask all Members to keep themselves
muted when they are not being recognized by the Chair. The
staff has been instructed not to mute Members, except when a
member is not being recognized by the Chair and there is
inadvertent background noise.
Members are also reminded that they may only participate in
one remote proceeding at a time. If you are participating
today, please keep your camera on, and if you choose to attend
a different remote proceeding, please turn your camera off.
Before we get started with the substance of the hearing, I
want to welcome--those who are observing will note that we have
a new ranking member on this subcommittee, my friend, Andy Barr
of Kentucky. I am sorry to see French Hill go, but I have a
long-standing and valuable friendship and relationship with
Representative Barr. So Representative Barr, welcome. And I
look forward to working with you as do the rest of the members
of the subcommittee.
Today's hearing is entitled, ``Schemes and Subversion: How
Bad Actors and Foreign Governments Undermine and Evade
Sanctions Regimes.''
I now recognize myself for 5 minutes to give an opening
statement.
Sanctions are an important instrument in foreign policy,
designed to be both a carrot and a stick in persuading an
entity, an individual, a group, or a country to change its
behavior. A step beyond traditional diplomacy, it also avoids
the downsides of kinetic action. We have seen the success of
our sanctions regimes in bringing the Iranians to the table,
and isolating human rights violators through the global
Magnitsky Act, amongst others.
Our sanctions programs can only be as impactful as they are
effective. When designated entities evade our sanctions, we
lose an important tool from our diplomatic toolbox increasing
the likelihood that military action would be necessary to
maintain international order.
Our hearing today will focus on those methods of sanctions
evasion ranging from physically changing the name painted on
the back of a ship, the stern of a ship, to the use of shell
companies to cyber-enable crime like the ransomware attacks
that have been so prevalent in the news recently.
This committee has worked to address some of these issues
through the passage of the Corporate Transparency Act, authored
by Chairwoman Carolyn Maloney, and the Anti-Money Laundering
Act, sponsored by Chairman Emanuel Cleaver as part of the 2021
National Defense Authorization Act (NDAA). These bills give law
enforcement the resources and authority to better track money
launderers, including sanctions evaders, and their success will
depend in large part on this body adequately funding their
implementation.
In addition, the Office of Foreign Assets Control (OFAC)
and the Financial Crimes Enforcement Network (FinCEN) continue
to do the extremely important work of educating market
participants and putting out guidance on the newest typologies
of sanctions evasion; however, serious threats to the efficacy
of our sanctions programs are just on the horizon and are
approaching quickly.
Although, the launch of the Venezuelan ``Petro'' was an
unambiguous failure, widespread use of alternative financial
platforms could make sanctions evasion trivially simple. And
although the Federal Bureau of Investigation was able to
recover a portion of the ransom paid by Colonial Pipeline, we
are likely to see continued growth in ransomware attacks from
sanctioned entities as a way to raise funds.
With that, I would like to, again, thank our panel of
witnesses. We very much appreciate you being here and your
expertise. You represent that expertise in a wide variety of
issues we are here to discuss today, and I sincerely appreciate
your assistance in tackling them, and I look forward to your
testimony.
The Chair now recognizes the ranking member of the
subcommittee, Mr. Barr, for 5 minutes for an opening statement.
Mr. Barr. Thank you, Mr. Chairman, for holding the hearing
today. And thank you to our witnesses for your participation.
Before we begin, I would like to say that I am very excited
to be back on the National Security, International Development
and Monetary Policy Subcommittee. And I appreciate the generous
words of welcome from my good friend, Jim Himes, our chairman.
And as we discussed, there is a whole lot of opportunity on
this subcommittee for bipartisan work and work that is very
important in the interest of our country and the national
security interests of our country.
This subcommittee plays a crucial role in maintaining U.S.
national security through economic channels and ensuring robust
international development. China continues to pose a threat to
U.S. competitiveness, and American sanctions policy is more
important than ever. Additionally, the impact of monetary
policies is becoming increasingly evident to the everyday
consumer as increased costs are hitting their wallets.
This subcommittee plays a crucial role at the intersection
of the financial system and national security, and provides
meaningful oversight over the Federal Reserve's monetary policy
activities. I look forward to working with members of this
subcommittee on both sides of the aisle to preserve a fair
international financial system and ensure that the Federal
Reserve remains independent and focused on its congressionally-
directed mandate.
During my time on this subcommittee in previous Congresses,
including as its chairman, we accomplished a great deal of
significant, important work. The issues we discuss on this
subcommittee transcend party lines, and I look forward to
working closely with Chairman Himes and all of the members on
both sides of the aisle on our shared priorities.
The U.S. employs a robust sanctions program to deny
adversaries the funding, logistics, and resources to conduct
illicit behavior or to compel them to change misguided
behaviors. Economic and trade sanctions are enforced by the
Office of Foreign Asset Control and are largely effective
deterrents for bad actors; however, criminals and foreign
adversaries continue to evolve and adapt and are able to evade
U.S. sanctions through high- and low-tech efforts alike.
It is imperative that this subcommittee understand how bad
actors are currently evading sanctions and ways that we can
mitigate their continued evasion in the future. That is why I
am so grateful to our chairman for calling this hearing, which
I believe will help serve that purpose, as each of our
witnesses brings a unique and insightful expertise to the
discussion.
The U.S. maintains four major sanctions programs against
Iran, North Korea, Russia, and Venezuela. These sanctions are
as a result of actions by those nations that are in direct
conflict with U.S. national security and global economic
stability. Despite the government's focus in coordination with
our international partners on sanctions enforcement, our
adversaries are able to skirt the restrictions put in place.
Traditional methods of sanctions evasion include trade-
based money laundering, through which bad actors move money
through trade transactions; illicit shipping, including
altering vessel physical identifications or corrupting other
internationally-mandated identification systems; or utilizing
front companies to mask the true origin and recipient of funds.
Bad actors have utilized these sanctions evasion techniques
for years and have recently amplified their sanctions evasion
techniques through the use of technology. As technology
develops and adapts to changing threat frameworks, our
adversaries change their playbooks. For example, in the early
years of the widespread use of cryptocurrency, bad actors would
cash out their financing on major crypto exchanges.
However, exchanges have increased their focus on regulatory
compliance including anti-money laundering (AML) and Know Your
Customer (KYC) requirements, and this has chased criminals out
of major exchanges into unlicensed exchanges such as Russia's
Hydra marketplace.
Transaction volumes at Hydra and other unlicensed exchanges
have skyrocketed in recent years as criminals identified and
exploited vulnerabilities. I hope this hearing will shed light
on how Congress can address these and other similar challenges.
The instances of high-profile ransomware attacks, including
on elements of U.S. critical infrastructure, signify the need
for improved security and coordination between the private
sector and the government.
In the past year alone, victims have paid nearly $350
million in cryptocurrency to satisfy the demands of hackers
using ransomware. That is a 311-percent year-over-year
increase. Congress and the Administration must keep pace with
the changes in advances in technology as our adversaries find
new ways to evade enforcement.
I look forward to hearing from our witnesses today. Again,
I thank the chairman, and I look forward to working with all of
my colleagues on this new assignment.
And I yield back.
Chairman Himes. The gentleman yields back.
Today, we welcome the testimony of our distinguished
witnesses: Jeffrey Taliaferro, a professor in the Department of
Political Science at Tufts University; Ivan Garces, the
principal and chair of risk advisory services at Kaufman
Rossin; Lakshmi Kumar, the policy director at Global Financial
Integrity; Jesse Spiro, the chief of government affairs at
Chainalysis; and Eric Lorber, a senior director at the Center
on Economic and Financial Power at the Foundation for the
Defense of Democracies. A big welcome to all of our witnesses.
Witnesses are reminded that their oral testimony will be
limited to 5 minutes. You should be able to see a timer on your
screen that will indicate how much time you have left, and a
chime will go off at the end of your time. I would ask that you
be mindful of the timer, and quickly wrap up your testimony if
you hear the chime, so that we can be respectful of both the
witnesses' and the subcommittee members' time.
And without objection, your written statements will be made
a part of the record.
With that, Professor Taliaferro, you are now recognized for
5 minutes to give an oral presentation of your testimony.
STATEMENT OF JEFFREY W. TALIAFERRO, PROFESSOR, DEPARTMENT OF
POLITICAL SCIENCE, TUFTS UNIVERSITY
Mr. Taliaferro. Thank you, Chairman Himes and Ranking
Member Barr, for the opportunity to testify this afternoon. It
is a privilege to speak to this subcommittee and to be on this
distinguished panel of witnesses.
Let me state at the outset that I am a scholar of
international security. I am not an economist nor am I a
scholar of political economy. And my scholarship and teaching
focuses primarily on U.S. national security and intelligence,
the grand strategies of the great powers, both past and
present, alliance politics, nuclear nonproliferation, and, more
recently, cybersecurity.
My fellow witnesses are more qualified to testify about the
design and implementation of sanctions, about the various
strategies and tools that targeted actors employ to evade and
undermine them, and to offer recommendations to Congress and to
the Administration so that they might craft more effective
sanctions in the future. My role on this panel is to provide a
broad overview of the geopolitics of the United States' use of
sanctions against a variety of actors.
Sanctions have long been an important non-kinetic tool of
coercive diplomacy. The Office of Foreign Assets Control notes
that sanctions are based, ``on U.S. foreign policy and national
security goals against targeted foreign countries and regimes,
terrorists, international narcotics traffickers, those engaged
in the proliferation of weapons of mass destruction, and other
threats to the national security, foreign policy, and economy
of the United States.''
The primary aim of sanctions, whether unilateral or
multilateral, whether comprehensive or targeted, is to induce a
change in the cost-benefit calculations of the target and thus
a change in the target's behavior. But as with other tools, of
course, of diplomacy, including kinetic force, the use of
sanctions to secure a target's compliance is inherently
difficult.
My fellow witnesses will discuss some of the newer tools
and technologies used to facilitate sanctions evasion, such as
cryptocurrencies, central bank digital currencies, and
ransomware; however, I would like to highlight how shifting
geopolitical dynamics are making it more difficult for the
United States to credibly threaten and enforce sanctions, while
also giving targets additional means and opportunities to evade
and subvert them.
Having won the Cold War and forced the crumbling Soviet
Union out of the ranks of the great powers, the United States
emerged as the uni-pole, the only great power left standing in
1990, 1991. And for better or worse, for 2 decades, weak
systemic, that is, international constraints and the
availability of opportunities to further improve its strategic
position afford the United States wide latitude in the
definition and in the pursuit of its foreign policy and
national security objectives.
This extreme imbalance of international power, however, had
several consequences which are relevant to the subject of
today's subcommittee hearing.
First, the United States imposed sanctions and even waged
wars against recalcitrant states such as Iraq, Syria, Libya,
and Afghanistan, and non-state actors such as al-Qaida, and
later the Islamic State, with relative impunity.
And even when confronting state adversaries against whom
the use of kinetic force would have been prohibitively costly,
such as North Korea and Iran, the imposition of sanctions
became a preferred tool of state-crafted successive
Administrations and Congresses.
Second, U.S. military command of the commons, along with
American economic and technological dominance, gave various
state and non-state actors an incentive to pursue asymmetric
strategies, for example, the clandestine employment of cyber
criminal organizations and individual hackers by the forward
intelligence services of Russia, China, North Korea, and other
states.
Third, this unipolar distribution of power gave targeted
states and other disaffected actors an incentive to collaborate
with one another to evade or subvert U.S. sanctions. And
finally, as the Biden Administration's interim national
security strategic guidance acknowledges, the distribution of
power across the world is changing creating new threats.
The United States now faces two great power adversaries, a
rising China and a declining and revanchist Russia, along with
two regional power adversaries, Iran and North Korea. All four,
including their respective clients and allies, will seek to
evade sanctions in the future.
In this changing geopolitical landscape, it might behoove
policymakers to perhaps lower their expectations about what
coercive economic diplomacy alone can achieve.
Thank you, Chairman Himes, and Ranking Member Barr.
[The prepared statement of Dr. Taliaferro can be found on
page 89 of the appendix.]
Chairman Himes. Thank you, Dr. Taliaferro.
Mr. Garces, you are now recognized for 5 minutes.
STATEMENT OF IVAN A. GARCES, PRINCIPAL AND CHAIR, RISK ADVISORY
SERVICES, KAUFMAN ROSSIN
Mr. Garces. Thank you, Chairman Himes, Ranking Member Barr,
and distinguished members of the subcommittee. I thank you for
the opportunity to appear before you today to talk about what I
see banks doing to identify, block, reject, and report
transactions subject to the U.S. sanctions.
My name is Ivan Garces, and I am a principal with Kaufman
Rossin, a top 100 accounting, tax, and advisory firm where I
chair the firm's Risk Advisory Services practice. I am also an
executive committee member of the board of the Florida
International Bankers Association (FIBA), a nonprofit trade
association committed to supporting the international banking
community through education, certification, and advocacy.
My comments today are based on my experience assisting
financial institutions and other organizations to evaluate,
remediate, and optimize risk management and programs, including
those related to anti-money laundering compliance and the OFAC
compliance program.
Financial institutions employ an OFAC compliance program
that is generally risk-based and commensurate with their OFAC
risk profile. OFAC compliance programs typically begin with the
risk assessment of an institution's customer base, products and
services, nature of transactions, geographic considerations,
and identification of higher-risk areas of potential OFAC
sanctions risk.
Based on this risk assessment, financial institutions are
expected to develop and implement policies, procedures, and
internal controls for complying with OFAC. Sanctioned parties
typically utilize complex structures and transactions to secure
their interests in the absence or omit information from
transactions to avoid detection. Two common methods utilized
and discussed earlier are the exploitation of trade finance
transactions and the use of shell companies.
Financial institutions typically use a combination of
sanctions screening and due diligence to identify potential
sanction parties and activity. Financial institutions generally
screen customers against the OFAC list at prejuncture. One is
at account opening, as transactions occur, and periodically, as
the OFAC list is updated.
At account opening, a financial institution will typically
follow their account-opening procedures, which typically
include procedures to comply with the customer identification
program and customer due diligence program requirements, both
of which are intended to enable the financial institution to
form a reasonable belief as to the true identity of each
customer and assess the customer's potential risk.
Financial institutions typically also screen the customer
and other relevant account parties such as account signers and
beneficial owners against OFAC at this time. This process can
become complicated when dealing with clients presenting with
complex corporate structures, particularly offshore vehicles.
Financial institutions also typically screen transactions
in real time, such as wire transfers. Financial institutions
generally utilize automated interdiction systems to screen
transactions and relevant transaction data speed and alert the
financial institution of a potential OFAC match.
For example, wire transfer information that would generally
be screened would include the originator and beneficiary bank's
name, and the originator and beneficiary names and addresses.
Bank identifier codes, for example, and pretext fields would
all be screened for potential matches.
In the case of trade finance, banks also generally screen
relevant parties in the transaction, such as importers and
exporters, that have vessels, shipping companies, freight
companies, freight forward, agents, and brokers. This latter
process, though, is often cumbersome and manually-intensive as
it involves inspection of physical documents and manual
screening as opposed to automated screening.
As I mentioned earlier, the OFAC sanctions list is updated
periodically, and banks generally have controls in place to
ensure their systems are uploaded with the most current list,
and they screen their customer database on a periodic basis.
But there are challenges in complying with OFAC.
Maintaining a robust compliance program requires substantial
resources. Banks must invest in people, in policies,
procedures, and controls, ongoing training, and automated
systems to comply with OFAC. Compliance programs are tested by
independent parties and examined by bank regulators. However,
OFAC-sanctioned screening is not fool-proof, and even the most
well-intentioned OFAC compliance programs may fail to detect
sanctioned activity.
With an increasing number of sophisticated bad actors, and
complexity of transactions, financial institutions can't be
expected to connect all the dots. Sanctions compliance programs
are pretty well ingrained in financial institution risk models,
but evolution of sanctions compliance programs is needed in
other industries susceptible to OFAC-sanctioned risks.
Government outreach and efforts to enhance corporate
transparency and implement a national beneficial ownership
registry is a step in the right direction.
Lastly, we can benefit from increased cooperation between
the public and private sectors, such as is contemplated with
the proposed OFAC Exchange Act, and the Combatting Illicit
Finance Public-Private Partnerships Act legislation noted for
this hearing. Government should be in a position to be able to
take, analyze, and interpret information received not only from
financial institutions, but other industry stakeholders, and
connect the dots identifying trends and relationships across
the financial system.
Thank you, again, for inviting me to appear before you
today. I would be happy to respond to any questions the members
of this subcommittee may have.
[The prepared statement of Mr. Garces can be found on page
30 of the appendix.]
Chairman Himes. Thank you, Mr. Garces.
Ms. Kumar, you are now recognized for 5 minutes.
STATEMENT OF LAKSHMI KUMAR, POLICY DIRECTOR, GLOBAL FINANCIAL
INTEGRITY (GFI)
Ms. Kumar. Thank you, Chairman Himes, Ranking Member Barr,
and other esteemed members of the subcommittee for the
opportunity today to testify on behalf of Global Financial
Integrity at this hearing.
GFI has worked tirelessly over the last decade with allies
both domestically and internationally to address the gaps and
vulnerabilities in the global trade and financial systems that
serve as a safe haven for criminal actors. The U.S. sanctions
regime is expansive and currently includes more than 30
different sanctions programs. Despite the ever-increasing reach
of sanctions, with evidence showing that the number of
sanctioned vessels in ports rose at an annual rate of 6
percent, oil exports by Iran and Venezuela and oil imports by
North Korea keep increasing every year.
Because much of the sanctions program is targeted at
curtailing the ability to conduct international commerce,
sanctions evasion techniques play an international game of
hide-and-seek, exploiting regulatory weaknesses both in the
U.S. and globally assisted by a network of gatekeepers and
facilitators.
Because of this close connection to trade, it is
unsurprising that a leading mechanism to evade sanctions
involves the use of Trade-Based Money Laundering (TBML)
techniques. TBML is the process of disguising the proceeds of
crime and moving value to trade transactions. It includes
techniques like falsifying the origins of a commodity of good,
over-invoicing, under-invoicing, and phantom invoicing, where
no goods really move, but just money moves. TBML is
particularly challenging because there are no international
standards, even at the level of the Financial Task Force and
little regulation internationally. It is, therefore, the
perfect ally for sanctions evaders.
Unsurprisingly, some of the largest sanctions evasion
schemes most recently involving Iran used TBML techniques and
the Iranian government was able to pocket $100 billion by
falsifying trade records.
Similarly, the Venezuelan government, to get around U.S.
sanctions on its gold sector, has flown its gold all over the
world, changing its origins. So, the gold is now supposedly
from the Caribbean, from Colombia, from Uganda, from Dubai,
really anywhere but Venezuela. This comes at a time when U.S.
imports of gold during the pandemic have increased
exponentially, by some measures over 600 percent.
Erasing its history in this way means that the U.S. has no
way of knowing whether the gold it imports is the same gold
that it is seeking to sanction. Sanctioned entities continue to
look at the U.S. as a safe haven to get around sanctions and
other weaknesses of the real estate sector and the investment
industry.
Professionals that have helped Iran and North Korea evade
sanctions, invested their lucrative commissions in real estate
so the EB-5 investor program would invest in commercial real
estate and buying real estate in States like Alaska. Both
commercial real estate and many of the jurisdictions where
these investments take place are not part of the geographic
targeting or this real estate.
Similarly, vehicles like private equity, hedge funds, and
venture capital funds that are exempt from carrying out
customer due diligence obligations are also involved in
sanctions evasion schemes. A recent FBI leak showed that London
and New York hedge funds purport using a scheme to sell
prohibited items from sanctioned countries to the United
States.
Finally, sanctions evasion does not just exploit the gaps
in regulation; it exploits the lack of resources that
enforcement agencies need to detect. The ``FinCEN FILES,''
while problematic, revealed two different sanctions evasion
schemes tied to Russia and Syria that were filed as suspicious
activity reports (SARs) by financial institutions, but did not
necessarily receive the treatment they should have, given the
resource constraints of the agency.
The way forward, therefore, is two-pronged, addressing
regulatory gaps but also providing the requisite support to
enforcement, supervision, and oversight agencies. Towards that
end, we strongly urge four key recommendations to be
considered.
First, on FinCEN, create within FinCEN a national anti-
money laundering datacenter that can carry out advanced data
collection and analysis, and facilitate increased public-
private partnerships. On beneficial ownership, continue to
prioritize the implementation and the creation of a robust
beneficial ownership registry.
The sanctions evasion schemes or really any other illicit
finance schemes that have stopped us is because complex legal
structures and anonymous shell companies continue to remain at
the heart of it, but real collection should also be extended to
include other asset classes, like collecting BUA information on
real estate and art, as well as shipping vessels that are key
for sanctions evasion.
Third, customer due diligence should be required for
invested vices that are money towards vehicles like private
equity venture capital and also for all real estate
transactions.
Finally, on TBML, it is necessary that we create a relevant
set of red-flag indicators in the use of TBML, highlighting the
risks of free zones and vulnerable sectors like gold.
Thank you, again, for your time today, and I look forward
to any questions you may have.
[The prepared statement of Ms. Kumar can be found on page
38 of the appendix.]
Chairman Himes. Thank you, Ms. Kumar.
Mr. Spiro, you are now recognized for 5 minutes.
STATEMENT OF JESSE SPIRO, CHIEF, GOVERNMENT AFFAIRS,
CHAINALYSIS
Mr. Spiro. Thank you, Chairman Himes, Ranking Member Barr,
and distinguished members of the subcommittee. Thank you for
inviting me to testify before you today on this very important
topic.
My name is Jesse Spiro and I am the chief of government
affairs at Chainalysis. Chainalysis is the first blockchain
analysis company. We provide data, software, services, and
research to government agencies and companies in over 60
countries. We follow the money through human analysis,
heuristics, and cutting-edge technology. Our tools have been
used to successfully investigate and prosecute a number of
high-profile criminal and civil cases. We have also enabled the
safe growth of the legitimate cryptocurrency ecosystem.
Our private-sector customers use Chainalysis technology to
comply with their regulatory obligations, to combat money
laundering, and to adhere to sanctions requirements. I am
honored to be here today to speak about sanctions evasion in
this ecosystem.
Today, I would like to address some common misconceptions
about cryptocurrency. Cryptocurrency is one way that illicit
actors evade sanctions, but the vast majority of cryptocurrency
transactions are legitimate. According to our analysis, in 2020
the illicit activity was just .34 percent of all transaction
volume. This was a decrease from 2019, when illicit activity
represented 2.1 percent of transaction volume.
In fact, the transparency and traceability provided by the
public blockchain ledger used by cryptocurrency like bitcoin
allows us to understand much more than in traditional financial
crime investigations.
Through blockchain analytics, investigators can follow the
money. Bad actors who thought they successfully evaded
detection in the past now find they have left a permanent trail
for law enforcement and regulators to follow. This forensic
technology, coupled with good regulatory oversight, is working.
With that foundation laid, let me highlight a few examples.
Through blockchain analysis, we can confirm that adversarial
nations, terrorist organizations, malicious-enabled cyber
actors, and transnational criminal organizations under U.S.
sanctions have used cryptocurrency in an attempt to weaken the
impact or fully circumvent sanctions just as they have done
through traditional banks, trade-based money laundering, and
cash. Detailed examples can be found in my written testimony.
In this challenging environment, OFAC and FinCEN have both
made progress in targeting these actors. FinCEN, through their
Bank Secrecy Act (BSA) oversight and prescriptive crypto
advisories, and OFAC, through enforcement actions and the
addition of cryptocurrency wallet identifiers, two
designations, has provided significant intelligence that
investigators need to understand this issue and for financial
institutions to properly screen for sanctions risk beyond named
screening in the digital onboarding space.
Using blockchain analysis, we can see the effectiveness of
including digital currency addresses in designation. Our data
demonstrates that after digital currency identifiers are
included, financial flows cease to these addresses, indicating
a positive impact of blacklisting wallet addresses.
By adding digital currency addresses, OFAC creates
awareness and adds intelligence value for investigators and the
private sector due to the immutable providence of the
blockchain. Additional research can identify other cyber
activities related to designated actors and entities.
I would like to recommend several ways to further
strengthen the current sanctions regime, including, one,
encouraging collaboration and information-sharing with
international partners. To date, OFAC is the only sanctioning
body that has listed digital currency addresses in designation.
Cryptocurrency is global and through collaboration we expect
for successful investigations and seizure of funds.
Two, increasing public-private partnerships through
proposed legislation like the Combatting Illicit Finance
Public-Private Partnerships Act, and the proposed OFAC Exchange
Act.
Three, increasing funding to OFAC to support more
comprehensive targeting and designation packages.
And four, the creation of a national crypto targeting
center that would enable interagency collaboration to combat
the illicit use of cryptocurrencies. This organization would
provide training, intelligence, and policy support, and would
facilitate information-sharing across law enforcement and
regulatory agencies.
In closing, I encourage you to consider the impact any
potential legislation could have on technical innovation. Our
adversaries have quickly embraced cryptocurrency.
Thoughtful regulation that promotes American innovation
while supporting law enforcement and financial regulators will
be crucial for the United States to maintain its position as
leader of the global financial system.
Thank you.
[The prepared statement of Mr. Spiro can be found on page
70 of the appendix.]
Chairman Himes. Thank you, Mr. Spiro.
Mr. Lorber, you are now recognized for 5 minutes for a
summary of your oral testimony.
STATEMENT OF ERIC B. LORBER, SENIOR DIRECTOR, CENTER ON
ECONOMIC AND FINANCIAL POWER, FOUNDATION FOR DEFENSE OF
DEMOCRACIES
Mr. Lorber. Thank you, Chairman Himes, Ranking Member Barr,
and distinguished members of the subcommittee. I am honored to
appear before you today to discuss how bad actors and foreign
governments undermine and evade sanctions regimes.
I come before this committee as an economic sanctions and
compliance professional, having worked at the U.S. Department
of the Treasury and advised financial institutions,
corporations, and humanitarian organizations on ensuring they
operate in compliance with U.S., EU, and UN sanctions
obligations. While sanctions can be a powerful tool for
achieving foreign policy objectives, our adversaries are
continually developing strategies and tactics to blunt their
impact.
These adversaries use a range of sanctions evasion
techniques, many of which rely on obfuscation and opacity to
surreptitiously move funds and goods across the world,
frustrating the impact of U.S. sanctions. Countering these
efforts is critical to ensuring that U.S. sanctions remain
effective in pressuring terrorist organizations, rogue regimes,
human rights abusers, and the corrupt. At its core, sanctions
evasion is about hiding the identity of the sanctioned parties
involved. Many companies and individuals understand that they
are prohibited from conducting transactions with sanctioned
persons or in sanctioned jurisdictions, and that they face
significant risks for doing so.
As a result, sanctions evaders undertake substantial
efforts to hide their identities and access global markets.
While U.S. adversaries have developed myriad approaches for
evasion, over the last few years the U.S. Government has
focused on a number of key circumvention methods, including in
the maritime and financial sectors, as already discussed.
One area of concern in addition is the cryptocurrency space
where we have seen rogues like Iran, Venezuela, North Korea,
Hamas, al-Qaida, and the Islamic State increasingly utilize
crypto assets to evade sanctions. Understanding and mitigating
the risks that these cryptocurrencies may pose and, in
particular, innovations like decentralized finance will be
important in stopping sanctions evasion.
The U.S. Government, its allies and partners, and the
private sector must adopt a multilayered defense in-depth
approach to effectively counter sanctions evasion. Each layer
of defense decreases the chances that a terrorist organization
or rogue regime can access global markets, and while each layer
may not be foolproof, together, they can pose formidable
obstacles.
Elements of this approach include effective intelligence
collection. Key to countering sanctions evasion is the ability
to detect such activity. The Treasury Department's Office of
Intelligence and Analysis, along with other members of the
intelligence community, as well as FinCEN should be provided
with the tools necessary to identify sanctions evasion.
A legislative proposal under consideration by this
committee, the OFAC Fusion Center Act, could help achieve this.
This legislation would create an interagency group designed to
share data and allow for better detection and disruption of
illicit networks providing the private sector with the right
tools.
In recent years, Treasury has armed the private sector with
information on sanctions evasion tactics and red flags that can
help companies spot such evasion through a series of
advisories. Combined with clearly signaling to the private
sector their compliance obligations and pursuing aggressive
enforcement actions against those who fail to comply, this
additional information can help the private sector more
effectively counter evasion. To that end, the potential
creation of an OFAC exchange which mirrors the FinCEN exchange
designed to help provide the private sector with information on
illicit activity, red flags, and trends could be an effective
way to supplement these advisories and provide additional
information on sanctions evasion.
Also, identifying and tackling cryptocurrency sanction
risks. Treasury has rightly been focused on the opportunities
and risks presented by cryptocurrencies and certain elements of
the crypto sectors, such as decentralized finance (DeFi) that
may pose particular sanctions risk, in part because those
products are designed not to meet traditional gatekeepers such
as centralized exchanges, as Mr. Spiro discussed. These
gatekeepers often understand and implement sanctions compliance
programs and have served as key force multipliers of U.S.
sanctions, ensuring that a wide range of individuals and
companies abide by their obligations. Determining how to ensure
that new crypto market players are complying with U.S.
sanctions while not stifling innovation will be an important
step in combating sanctions evasion and ensuring a robust
crypto marketplace.
Congress, the Administration, and the private sector must
all work together to help identify, disrupt, and deter
sanctions evasion. While this is a challenging task, an
approach that emphasizes aggressive designations, clear
communication to the private sector, and efforts to ensure
regulations and guidance that effectively address risks with
new innovative products will best position the United States to
continue to have powerful sanctions tools.
I look forward to your questions and thank you, again, for
the opportunity to testify.
[The prepared statement of Mr. Lorber can be found on page
52 of the appendix.]
Chairman Himes. Thank you, Mr. Lorber. I will now recognize
myself for 5 minutes for questions. I would like to start,
actually, with you, Mr. Lorber, and maybe ask Mr. Spiro to
chime in here.
This subcommittee is particularly interested in
understanding and evaluating cryptocurrency. You talked about
it. Is there any way to quantify the amount of sanction evasion
that is occurring in all of the various cryptocurrency
mechanisms that are out there? Question number one.
Question number two, is there a way to get a sense for the
rate at which sanction evaders are migrating to those
platforms?
And then, finally, what would you recommend beyond what is
in your written testimony or what would you highlight as ways
of mitigating the risk of cryptocurrency used for this purpose?
Mr. Lorber. Okay. Thank you, Mr. Chairman. It is a great
series of questions, and I will also turn to the other witness
for his thoughts on this as well.
In terms of quantification, I do think that--in fact,
Chainalysis has a recent report that they put out which
suggests that the number of transactions which are illicit that
use bitcoin or blockchain technology is actually fairly low
percentagewise. It is in, I believe, the low 1 percent or
somewhere around there. So, it is fairly small.
In terms of specific recommendations, it is interesting to
think about. There are two sort of sets of recommendations that
I would focus on. One relates to ensuring that things like
centralized exchanges are actually developing and employing
sanctions compliance programs so that they can identify and
stop sanctions evasion activity that is going through those
centralized exchanges and data analytic firms like Chainalysis
that do that type of work.
In addition, though, there is a series or a set of types of
activities that are outside the scope of what the centralized
exchanges are seeing and that is where you also have a risk for
sanctions evasion activity like I was mentioning with
decentralized financial products. There it is going to be
partly a focus on regulation, but it will also be partly
focused on education to make sure that those actors who are
working in those spaces understand that if they are U.S.
persons, they, too, have sanctions obligations and can be held
to account if they violate them.
Mr. Spiro. Mr. Chairman, I will hop in, and I appreciate
that question. In relation to specific volumes, we do produce
data explicitly in relation to both illicit and implicit that
we see. And in relation to sanctions, while I don't have that
information directly available now, I can provide it via
written testimony after conferring with my colleagues.
In relation to recommendations, I believe that my fellow
witness hit the nail on the head. When we talk about this
ecosystem more broadly, the choke points are these exchanges,
these centralized exchanges that provide the on-ramps and off-
ramps in relation to conversion. And so, these are critical in
relation to any of the other kinds of activity that happens
within the ecosystem.
In relation to effective investigations being able to
determine via blockchain analysis and analytics when illicit
activity transacts with those choke points, that is how the
information behind those bad actors and individuals is
obtained, and that is how successful investigations, in turn,
are prosecuted.
Chairman Himes. Thank you, Mr. Spiro.
Mr. Garces, you have noted that even with banks that have
robust compliance programs, once there is a match between a
customer and somebody who is on the specially designated
national list, at that point it becomes very, very human and
intensive figuring out what is going on and ensuring that
illicit activity doesn't take place.
What can you tell us about what the barriers are to further
automation, the use of artificial intelligence (AI), and what
should we be doing to help in that regard?
Mr. Garces. Thank you, Chairman Himes. That is an excellent
observation and question. The challenge is that automated
systems can only do so much, and what they do is detect
potential matches. It is then up to a human to investigate the
particular transaction and determine whether the potential
match is, in fact, a true match or perhaps a false positive.
Advances in the technology, in the screening systems is
definitely needed, and I believe artificial intelligence can
help in that respect. Most systems today rely on matching
algorithms and fuzzy logic to determine potential matches at
certain sensitivity levels.
What happens at the next level, what the human does is to
collect additional information about the parties involved in
the transaction to determine ultimately whether the transaction
parties are a match or not. Having systems that can automate
some of that process would certainly relieve some of the
efforts by the banks.
Chairman Himes. Thank you, Mr. Garces. My time has almost
expired.
So with that, I will yield back the balance of my time, and
recognize Ranking Member Barr for 5 minutes of questions.
Mr. Barr. Great. Thanks, Mr. Chairman. And I appreciate the
testimony of all of our witnesses on how we can improve our
sanctions enforcement and prevent this evasion.
I want to first ask about North Korea. Mr. Lorber, I
sponsored the Otto Warmbier North Korea Nuclear Sanctions and
Enforcement Act, which became law as part of the Fiscal Year
2020 National Defense Authorization Act (NDAA).
The bill imposed some of the toughest mandatory sanctions
ever on North Korea, yet in your testimony you detail how North
Korea continues to evade sanctions. We have heard about the way
they use shipping sometimes as sanctions evasion and front
companies. Given their track record, including those front
companies, hacking, and other tools, how can we better shut
down North Korea's efforts to obtain hard currency or otherwise
evade sanctions?
Mr. Lorber. Thank you, Ranking Member Barr. It is a great
question. This goes to, in many ways, what I was speaking about
in both my written and oral testimony about a defense in-depth
approach. Because if there is one target out there which is
incredibly sophisticated when it comes to sanctions evasion, it
is North Korea, because they use front shell companies,
shipping, cyber attacks, so on and so forth.
In many ways, though, the best method for combating North
Korea evasion activity is information provisions to financial
institutions, getting financial institutions clear typologies
that the North Koreans are using in order to help them identify
what looks to be potential evasion activity, as well as
providing information to financial institutions not just about
typologies, but also about specific entities that are
associated with North Korea that appear to be front or shell
companies as a way to roll them up.
And I know that historically, the Treasury has done this
through a series of outreach programs to financial
institutions. In addition to that, there needs to be political
pressure put on those who are supporting and continue to
support North Korea. It is not a secret that, for example,
China has created at least a permissive environment for North
Korean operatives to work in the country. That was detailed,
most recently, I believe in the UN DPRK panel of experts report
from, I believe, it was March 2021, as well as North Korea
maintains a series of financial facilitators throughout the
world, including, I believe, in Russia and China and other
jurisdictions that help North Korea evade U.S. and UN
sanctions. And these individuals need to be shut down, need to
be targeted, and pressure needs to be put on the governments
that are hosting them to kick them out of the country.
Mr. Barr. Yes. The tough part is that our sanctions bill
was the secondary sanctions that applied to Chinese banks, and
how effective that has been, I am not sure; providing
information to Chinese banks may not be the total answer.
Mr. Lorber. I agree with that. I think that is correct. Let
me clarify what I mean by providing information to banks, in
many instances by providing information to U.S. and European
financial institutions where the North Koreans are trying to
access those institutions through, for example, Chinese banks.
There have been a number of court cases which have detailed
this activity.
Mr. Barr. Great. Thanks for that. And then, in terms of the
effectiveness of sanctions, we have long emphasized that
sanctions should ideally bring about behavioral change on the
part of bad actors. The Administration is largely responsible
for determining how this works and implementing the directives
of Congress.
Mr. Lorber, based on your experience at Treasury, how
effective are we, generally speaking, in tying our sanctions
and the lifting of sanctions to clear goals and results?
Mr. Lorber. I do think we are good at it. We are much
better at it certainly than we used to be. And that is
something that we tried to do, and I tried to do while I was at
Treasury, to clarify very clearly to sanctions targets that if
you change the behavior you are engaged in, these sanctions
will be lifted.
In fact, if you look back at all of the Treasury OFAC press
releases that were designation activities for the last few
years, you will see that language very clearly included in
there. So, it is a message that we have seen and it has been
followed up by action certainly during the last Administration
when there were sanctions which were lifted.
For example, sanctions that were imposed on Turkey were
lifted when, in our estimation, the Turks changed their
activities that we found objectionable and were the reason for
the sanctions being imposed in the first place.
Mr. Barr. And last question, what type of feedback does
OFAC and Treasury provide to banks with respect to implementing
and enforcing sanctions? And are there ways the government can
do more to strengthen or improve that public-private
partnership with banks?
Mr. Lorber. Yes. That is a great question. I do like the
OFAC Exchange idea, which I believe this committee has taken
under consideration. The idea is that OFAC would get together
with a series of financial institutions to address a specific
illicit issue, in this case, maybe a sanctions evasion issue.
They would pick a number of banks or insurance companies
that they believe may be seen as activity or potentially have
exposure to this activity and provide them with unclassified
and scrubbed information to get them to harden their systems.
That is the type of information, the public-private
information-sharing, that I think would be particularly
effective, and I think the other witnesses may agree. I don't
want to put words in their mouths, but they may agree with that
approach as well.
Mr. Barr. Thank you. I yield back.
Chairman Himes. The gentleman's time has expired. Before I
recognize the gentleman from New Jersey, I need to step away
for a brief meeting, so I will thank Mr. Auchincloss for
assuming the gavel in my, hopefully, brief absence.
And with that, we will recognize Mr. Gottheimer for 5
minutes.
Mr. Gottheimer. Thank you, Chairman Himes, and thank you to
our witnesses for being here today. Just last month, the
terrorist group Hamas fired thousands of rockets into Israel
[inaudible] Cutting off their funding streams. The Department
of the Treasury's Office of Foreign Assets Control (OFAC) works
to accomplish just that. Still, we have a lot more work to do
to enhance and strengthen our sanctions.
My bipartisan legislation, the Hamas International
Financing Prevention Act, requires that the President submit to
Congress an annual report over the next 3 years identifying
entities, including foreign persons and governments, which
knowingly and materially assist Hamas or the Palestinian
Islamic Jihad and impose at least two or more crippling
sanctions.
Mr. Spiro, in an effort to fundraise for its military
operations and skirt sanctions, Hamas has reportedly received
an uptick in bitcoin donations since the terrorist group's
conflict with Israel last month. What do we know about the
volume of cryptocurrency being solicited by groups like Hamas,
and is law enforcement equipped to track and prevent these
payments?
Mr. Spiro. Congressman, I appreciate that question. It is
obviously very timely. And, in short, what I can say is, we
know a significant amount of information about those payments.
We know volumes. It is around $140,000 or the equivalent since
September of 2020. We know additionally some of the
connectivity in relation to services, the services that were
used in relation to those donors. And all of that information
comes, again, from the power of the data, from the power of the
blockchain, and the blockchain forensics.
When it comes to law enforcement, we work with both the
public and private sectors, meaning they will both have access
to anything that has been attributed to terrorist financing,
which is the highest risk and will support directly
investigations and mitigation efforts.
Mr. Gottheimer. And we know that cryptocurrency is used,
particularly by Hamas, in terms of [inaudible]
Mr. Spiro. Yes. There is legacy information in relation to
solicitation of donations by Hamas going back a number of
years.
Mr. Gottheimer. Thank you. Can you discuss the evolution
for terror financing through the use of digital assets and how
it may be used by illicit actors to evade terrorism-related
sanctions?
Mr. Spiro. Yes, Congressman. And I also appreciate that
question. As with any other illicit activity within this
ecosystem, you do see incremental growth in relation to the
illicit economy as well, and as it pertains to terrorism
financing, we have seen incremental adoption.
It is relatively small, or I would even posit, extremely
small comparatively not only to the other activity within the
ecosystem, but to the illicit activity, but we have seen
instances of it.
I would cite the fact that law enforcement domestically has
been capable and able to take down multiple campaigns connected
to that kind of activity, utilizing blockchain forensics and
their investigative capabilities, but we have seen this
technology abused by a number of terrorist organizations.
Mr. Gottheimer. To that point, are there other tools that
we could provide you with to help stay ahead of the activity to
evade sanctions?
Mr. Spiro. Congressman, that is also a good question, and I
think, from the private sector, we are continually enhancing
and advancing and adopting new technologies to combat the
illicit activities that we see in this ecosystem.
I think the tools should be provided and applied to the
public sector to those investigators to ensure that they have
the resources so that they can produce the intelligence and the
information. And to Mr. Lorber's point, when that is
distributed, it makes it far more difficult for the bad actors
to exploit.
Mr. Gottheimer. [inaudible] Ignore congressionally-mandated
sanctions. For instance, despite the Iran [inaudible], many
companies continue to do business with Iran with impunity.
Today, China continues to buy large quantities of Iranian oil.
Mr. Lorber, how can Congress better ensure that the
Executive Branch enforces existing sanctions and, in
particular, addresses China's purchase of oil from Iran and
Venezuela?
Mr. Lorber. Thank you, Congressman. It is a great question.
One of the biggest challenges of many of our sanctions
campaigns is that there are, in effect, sanction-busting
countries. China comes to mind in terms of purchase of Iranian
origin crude. There are ways to do it and we actually have seen
China respond in certain situations, and they have responded to
aggressive designation activity of Chinese companies.
The quintessential example of this is the--I think, it was
the September 2019 designation of COSCO Dalian and COSCO Dalian
management, the Chinese shipping companies, huge Chinese
shipping companies, which were designated for transporting
Iranian origin crude. They apparently stopped transporting that
crude following designation and aggressive negotiations with
the U.S. State Department and with the Treasury Department. So,
I do think there is--
Mr. Auchincloss. [presiding]. Mr. Lorber? The gentleman's
time has expired.
Mr. Gottheimer. Thanks, Mr. Chairman.
Mr. Auchincloss. The Chair now recognizes the distinguished
gentleman from Texas, Mr. Williams, for 5 minutes.
Mr. Williams of Texas. Before I start my questions, I want
to congratulate Mr. Barr on his appointment to ranking member
of this subcommittee and also thank my friend, Mr. Hill, for
all of his leadership through the years. I am glad we have both
of you on this subcommittee, working through these important
issues that are critical to the national security of our great
nation.
Last week, the Biden Administration rolled back sanctions
against some former senior national Iranian company officials
and several companies involved in shipping and trading petrol
chemical products.
I am very concerned that these actions will allow Iran an
easier path to avoid sanctions and further engage in trade-
based money laundering. I would much prefer President Biden
continue the Trump Administration's maximum pressure campaign
against the hostile regime.
So, Mr. Lorber, can you give us your thoughts on, if you
think these actions by the Biden Administration open up the
door for greater sanctions evasion, or do you believe we still
have tools at our disposal to monitor and influence the hostile
regimes' behavior?
Mr. Lorber. Thank you, Representative Williams. I do think
we still have many tools at our disposal to stop Iranian
sanctions evasion activity. The Iran sanctions program is one
of the most comprehensive in terms of both the primary and the
secondary sanctions authorities. So, there is quite a range of
authorities in place to stop Iranian activity.
The bigger question is, what is this Administration's
appetite for using those tools in order to stop that activity,
particularly as they continue negotiations indirectly with
Iranians over a potential return to the Joint Comprehensive
Plan of Action (JCPOA)? And there, it is a much more open
question as to whether or not the Administration will
aggressively go after Iranian activity outside of the nuclear
docket right now during negotiations.
Mr. Williams of Texas. Okay. We have seen an increase in
ransom attacks on American businesses this past year. And I
have spoken with some small business startups around my
district who have expressed concern that they will never be
able to protect themselves if a hostile actor attempts this
type of attack on their business. They see companies with
entire teams of people dedicated to cybersecurity being
compromised and feel hopeless if they become the next target,
Mr. Spiro, is there anything we can be doing at the Federal
level to help these businesses, small businesses that may not
have the resources to put towards cybersecurity or some more
established companies to defend against ransomware and other
cyber attacks?
Mr. Spiro. Congressman, I appreciate that question. And,
obviously, that is top of mind given some of the recent
critical infrastructure attacks that we have seen via
ransomware. I would say that my recommended approach to
mitigating this kind of activity is twofold. The first is to
improve domestic cyber hygiene because, in fact, ransomware has
been occurring since 1989, in fact, in some form or fashion.
But given our data and what we saw as of 2020, there has been a
significant increase which I believe was cited earlier.
The other piece is disrupting the supply chain. And what I
mean by that is because we have that visibility into the
payments in relation to ransomware, when that information is
identified, a lot of additional intelligence is born. We are
able to see not only the money laundering networks, we are able
to make connectivity between strains, identify the
administrators and the affiliates in relation to these attacks,
as well as the procurement vehicles used in relation to things
like bulletproof hosting and VPN services.
So, by collectively utilizing this kind of information, a
targeted approach can be taken to arresting different
components and making this kind of activity less viable for the
bad actors and the ransomware operators and groups. In fact, I
believe today there was a takedown in relation to a ransomware-
related network wherein one of the money laundering networks
was disrupted. That would be a recommendation I would make, and
that comes through law enforcement.
Mr. Williams of Texas. Thank you.
Banks in the private sector played a critical role in
keeping hostile actors out of the financial system. As this
process gets more complicated, banks are investing more and
more into machine learning and automated intelligence as they
try to scan for bad actors.
So my final question, Mr. Garces is, can you discuss some
of the benefits or pitfalls of machine learning in trying to
automate this process compared to a manual screening?
Mr. Garces. Thank you, Representative Williams. That is a
great question. There is much to gain from automation in this
process. Banks are already utilizing systems to help in their
monitoring of transactions, their screening of transactions for
potential illicit activity.
But there is still a large human burden in the
investigative process. I would encourage or I would hope that
the government can continue to encourage innovation amongst the
private sector in terms of its compliance programs.
Mr. Auchincloss. Mr. Garces, the gentleman's time has
expired.
Mr. Garces. Thank you.
Mr. Auchincloss. The Chair now recognizes the gentlewoman
from Pennsylvania, Ms. Dean, for 5 minutes.
Ms. Dean. I thank the Chair, and I congratulate the new
ranking member. And I thank all of you who have testified
before us today for your thoughtfulness in your answers.
Ms. Kumar, I would like to start with you. In your
testimony, I read with interest how you discussed the role that
United States real estate, especially commercial real estate,
plays in sanction evasion regimes. You specifically mentioned
the Geographic Targeting Order (GTO) issued by FinCEN, which I
might note includes 12 metropolitan areas only, to require U.S.
title insurance companies to identify natural persons behind
shell companies used in all cash purchases of residential real
estate.
Given the limited metropolitan list covered by the GTO, and
the fact that commercial real estate is not covered, can you
speak to both of those problems; number one, the limited number
of metropolitan areas, my own suburban Philadelphia or
Philadelphia [inaudible] And also the fact that it is
residential, not commercial. Where does this fall short in
terms of our regulating evasion?
Ms. Kumar. Thank you. That is an excellent question, and it
goes to sort of understanding that sanctions evasion doesn't
just--the sanctions program doesn't just target big actors like
Iran and North Korea. The sanctions program also targets other
individuals involved in drug trafficking.
And what we see is a lot of those individuals often evade
sanctions, including former officials of the Venezuelan
administration. All move or hide assets and move into real
estate, and the U.S. real estate market is a popular avenue.
Now, when we talk about commercial real estate, you are
absolutely right in that these sort of often find an example of
the Iranians owning a massive sky scraper in New York was a
purchase of commercial real estate. It continues to be
unrecognized. The EB-5 investor program is investments that
ultimately go into commercial real estate.
Now, a lot of this is particularly complex because
commercial real estate involves multiple investors. It is not
as simple as a residential purchase by a homeowner. To that
end, we have to sort of--what is necessary is sort of a rethink
of how we are going to apply the GTO, since the title insurance
agents may not be the most relevant actors.
However, to identify gatekeepers that do continue to play a
critical role in sort of putting together these transactions
because commercial real estate transactions always take place
through legal structures. They are never in the name of an
individual.
So identifying actors like lawyers, who often play a
critical role in this as sort of the pressure point at which
you can conduct due diligence to know who is behind these
transactions, is one way forward.
You also rightly said that it only covers 12 metropolitan
areas. And a lot of the evasion schemes that we often see tied
to individuals, but also generally, more generally, the use of
real estate. You often see an equal split between cases that
occur in GTO areas versus cases that occur in non-GTO areas.
And I will say that we have a report forthcoming in the
next few months that actually looks at a series of reported
cases which show that over the last 5 years, the number of
cases that occur in non-GTO areas is actually slightly
significantly more than in GTO areas. So, there is a whole host
of vulnerabilities that do need to be addressed.
Ms. Dean. Exactly. Those vulnerabilities--we have to take a
look at what are the appropriate metropolitan areas, how do we
include other real estate transactions, including commercial
real estate transactions, how do we make gatekeepers have
accountability, responsibility in their own professional
ethics?
Mr. Garces, following up on these items, how can the United
States Government better communicate with the financial
services industry actors and other industry gatekeepers about
the risks they may encounter or the feedback on how they should
be making decisions in terms of these complex transactions in
order to look for sanctions evasions?
Mr. Garces. Thank you, Representative Dean, for that
question. I think FinCEN--there is a good amount of outreach
that happens where FinCEN puts out, and tries to put out
information in a very general form to the financial
institutions, but that information can be enriched through a
stronger public-private sector type of program like what was
being discussed with the OPEC Exchange Act.
I think that would be very helpful. I think institutions
need the information that is collected at the national level
because institutions only see what they see within the four
walls of their organization.
Ms. Dean. Thank you very much.
And I see my time has just about expired.
Thank you all for your important information today, and I
yield back.
Mr. Auchincloss. The Chair recognizes the distinguished
gentleman from Ohio, Mr. Davidson, for 5 minutes. Is Mr.
Davidson available? I am not sure we have any members on right
now.
The subcommittee will stand in recess subject to the call
of the Chair.
[brief recess]
Chairman Himes. Okay. The subcommittee will come to order.
Again, thank you to the witnesses for your forbearance. I
apologize that we are in the midst of votes.
And with that, the gentleman from Ohio, Mr. Davidson, is
recognized for 5 minutes for questions.
Mr. Davidson. I thank the Chair, and I thank our witnesses.
I first would ask unanimous consent to submit two articles
for the record. The first is the FinCEN FILES that appeared in
Buzzfeed on September 20th of last year, and the second
appeared today in the Wall Street Journal titled, ``Untraceable
Bitcoin Is a Myth.'' We have supplied both of those to the
committee.
Chairman Himes. Without objection, it is so ordered.
Mr. Davidson. Thank you.
Our current sanctions regime contains faulty elements that
often unintentionally harm American citizens and businesses.
Too often, we see bad actors evade our sanctions infrastructure
through trade-based money laundering, illicit shipping or front
companies in third-party countries, and numerous other ways.
Thankfully, as this hearing shows, I am not alone in
recognizing the need to discuss and reform our outdated
systems.
This past April, it was encouraging to see the Deputy
Secretary of the Treasury announce that Treasury would conduct
a top to bottom review of Treasury sanctions programs. Given
the failures in the current BSA, AML, KYC framework and gaps,
we should understand that doubling down on the same tools of
surveillance reporting and control mechanisms in our financial
systems will prove inadequate. The government should stop
trying to control the tool that is money in the financial
system and instead focus on targeting the illicit acts and
actors. We must explore an alternative approach to BSA/AML/KYC
and the sanctions regime so that we can have a flexible,
targeted, and effective approach.
According to the Specially Designated Nationals (SDN) list,
as of yesterday, June 15th, we have 277 aircraft, 3,668
entities, 4,603 individuals, and 406 vessels. Mr. Lorber,
regarding OFAC's specially designated nationals list, are
individuals or entities that are added to that list regularly
monitored? Is there an end goal in mind whenever OFAC
designates someone or something to that list?
Mr. Lorber. Thank you. It is a great question. The end goal
is twofold, or one of two: to prevent them from engaging in
illicit activity, you mentioned aircrafts, so preventing those
aircrafts from shuffling or sending illicit drugs to a
destination; or to get the targets to actually change their
behavior, so to essentially impose possession restrictions on
them to get them to say, this is not worth it, we are no longer
going to engage in material support for terrorism, for example.
So, there are end goals that are put into place, and
Treasury, OFAC does, as a matter of course, review certain
designations to see if they remain current, if the companies
that were designated, for example, are no longer in existence,
things along those lines.
Mr. Davidson. Thank you. And I just wish I had time to
explore how the licensing system tries to minimize collateral
damage to Americans, but due to the--it is an old law, from
1975. We haven't really updated staffing. We have increased our
sanctions by a lot, and it is tedious to try to prevent
collateral damage to American citizens and American companies.
But I do want to highlight some things with Chainalysis, and
particularly, the emphasis on cryptocurrency.
Mr. Spiro, we hear a lot about ransomware attacks.
Cryptocurrency skeptics are always fast to jump on a story
involving a ransomware attack whenever cryptocurrency is used
for the payment. However, the facts speak for themselves, and
we know that crypto does not provide an advantage to illicit
actors. Chainalysis does an excellent job of making this point.
Do you think some people are too easily distracted with an
anti-cryptocurrency narrative?
Mr. Spiro. Thank you, Congressman, for that question, and
thank you for your efforts thus far in your time on the Hill in
relation to the broader adoption and knowledge around
cryptocurrency and this technology.
I think that when you look at kind of the legacy of
cryptocurrency thus far, there has been continual pushback in
relation to the potential threats that have been posed, and the
previous ecosystem when there was less compliance, fewer
regulations around this space, and less of an understanding in
relation to the technology underlying it and the transparency
and traceability.
In relation to ransomware, I cited previously the fact that
the first ransomware attack happened in 1989, and obviously did
not utilize cryptocurrency.
Mr. Davidson. Thanks for that. My time has expired, but you
make great points, as you will undoubtedly throughout the
hearing. The United States seized over $1 billion in crypto
last year, so clearly, there is a way to do it. I yield back.
Chairman Himes. The gentleman's time has expired.
The gentleman from Massachusetts, Mr. Auchincloss, is
recognized for 5 minutes.
Mr. Auchincloss. Thank you to the Chair and to our
witnesses for their thoughtful testimony and also for their
patience as we work out these logistics.
I actually want to build on what my colleague, Mr.
Davidson, was asking about with Know Your Customer and
blockchain. Mr. Spiro, I would like to engage with you on these
questions. And because there might be a few of them, I would
ask with respect that you try to keep your answers relatively
concise.
So, is Know Your Customer harder with blockchain for
technical reasons, for political reasons, or not at all?
Mr. Spiro. Congressman, that is a wonderful question. And
in relation to it, I think that KYC, that kind of collection,
is now a different challenge because we pivoted from the brick-
and-mortar institution into digital finance. As such, fake
identities and fraudulent identities and deepfakes are
problematic. They were cited, in fact, in relation to a recent
designation on second eye solutions. And those kinds of
providers providing that kind of fraudulent information means
that bad actors, including sanctioned actors, could circumvent
those kinds of controls and exchanges.
Mr. Auchincloss. Okay. So you are saying that there are
technical reasons why blockchain would be a good vector for bad
actors to evade KYC. And am I right in saying that there are
also political reasons why it is hard to do KYC, because states
like Russia, for example, are not providing the international
cooperation we need to find these actors?
Mr. Spiro. I think in relation to the regulation in this
space, that different jurisdictions are choosing to apply or
not apply them. Those that have regulatory arbitrage, unclear
regulation, or have chosen to ban cryptocurrency run inherent
risks in that you will see illicit activities bundled into
those jurisdictions.
The Financial Action Task Force conducts mutual evaluations
in relation to money laundering that potentially would impact
mutual evaluation if it would continue. But it is something
that we have seen in different jurisdictions that have either
chosen not to apply regulation to ban cryptocurrency, for
example.
Mr. Auchincloss. You had also mentioned in your
recommendations that getting more sanctioning bodies to list
the digital currency addresses would be a major step forward.
Can you speak more to that? What would be the [inaudible] of
sanctioning bodies that would need to list the digital currency
addresses?
And has there been any kind of progress on that front,
especially with states with whom the United States does not
have a good relationship right now, and where a lot of these
actors are operating from?
Mr. Spiro. I can't speak to progress with other nations or
those that the U.S. may not have such cooperation with, but I
do know that other sanctioning bodies like the U.N. are
becoming more familiar with abuse by countries that are under
sanction, for example, in relation to virtual assets. So, I can
say that.
Mr. Auchincloss. Okay. I want to circle back to the first
question I asked, because I am not sure I totally understood
the answer to it.
If you are a criminal operating in an polity who is
regulating KYC such that you did not think you had an off-ramp
to do a mixed fund or to wash it out, would blockchain offer
you an advantage in obfuscating your identity over a different
type of currency?
Mr. Spiro. No. I would actually posit the complete
opposite, Congressman. What I would say is that the only
vulnerabilities that I would address in relation to KYC are the
fact that people could circumvent them. But even if they were
to, if they are engaged in illicit activity that can be seen in
relation to illicit crypto activity, it is going to be very
difficult for them to do anything within the ecosystem.
Mr. Auchincloss. Got it. Okay. If you were the head of
OFAC, what would be the next step? Or if you were able to
advise Congress to take any steps that would influence OFAC's
measures, what would you advise that we do?
Mr. Spiro. I would just advise you to apply more resources
to that agency specifically in relation to there are risks
associated with cryptocurrency and sanctions evasion wherein
they can produce more designations that include cryptocurrency
wallets. Because as identifiers for the private sector, when
they have access to that information, that is how they can
potentially mitigate the illicit activity.
And because of the activity with cryptocurrency, when a
wallet is put on that designation list, any associated
activity--or within a designation, excuse me, any associated
activity and legacy activity in relation to that look back can
also be--
Mr. Auchincloss. It is all visible, yes. So, you are saying
OFAC can build KYC for the blockchain?
I yield back my time to the Chair.
Chairman Himes. The gentleman's time has expired.
The gentleman from Arkansas, Mr. Hill, is recognized for 5
minutes of questions.
Mr. Hill. I thank the Chair, and I appreciate our
witnesses. It is a great panel. I appreciate their patience as
we go through our Constitutional duty of running back and forth
to vote.
And, Mr. Lorber, I really enjoyed reading your testimony. I
thought your outline of America's sanction regimes was very
helpful to members, particularly new members on the committee,
in terms of the different kinds of sanctions that are imposed
by the Legislative and Executive Branches.
You referenced a U.N. report from March, and this is, I
assume, looking back at the U.N. sanctions on North Korea. Is
that correct?
Mr. Lorber. That is correct, yes. It is a 1718 committee.
Mr. Hill. And what is your view of, have we held together
on this topic of the United Nations? Would it be good if the
Biden Administration's new Ambassador asked for a Security
Council meeting on this particular topic to assess where we are
on it, or will they do that automatically, having issued that
report?
Mr. Lorber. The panel of experts reports on that committee.
They issue a report and brief member states. I am not sure if
there is an automatic Security Council meeting to discuss it. I
will say in response to your first question, though I think it
is fairly evident, based on the report itself, that members of
the Security Council, in particular, China and Russia, don't--
at best, don't appear to be enforcing U.N. sanctions related in
particular to North Korean financial facilitators that are
operating in those jurisdictions.
Mr. Hill. And is that equal land-based and maritime or
mostly maritime?
Mr. Lorber. It is a combination. As I mentioned before,
North Korea is extremely sophisticated in how they conduct
sanctions evasion. They all combine strategies. They all do
maritime obfuscation along with the use of front and shell
companies with foreign financial facilitators. It is oftentimes
packaged into sort of one extremely complex and sophisticated
evasion network.
Mr. Hill. And are we not doing an adequate job? When I say,
``we,'' I mean the United States and other major financial
jurisdictions that have good AML/BSA work. Most of these things
can pass through a European or an American touching
institution, for example, somehow, somewhere. Are we not doing
a good enough job on the secondary punishment, secondary
sanction arena with those Russian and Chinese actors?
And if so, I know we don't have much clout to get them, to
punish them, but tell me where you think that your point of
weakness is aside from the fact that North Korea is great at
using front companies and shell players.
Mr. Lorber. Yes. I think it is two separate choke points.
One choke point is the access that the North Koreans actually
oftentimes try to get to the U.S. financial system. There is a
kind of myth out there that they are a hermit kingdom, and they
have no access to the U.S. financial system. Recent cases
suggest that is actually not the case. So, providing as much
information, including typologies but also very specific
information that is quietly provided to U.S. and European
financial institutions, can be really impactful and helpful in
helping them identify activity.
But in addition to that, the second choke point is actually
focused on Russia and China who continually provide
assistance--or let me rephrase that. It will at least provide
extremely permissive environments in which North Korean trade-
based money laundering and front and shell companies can
operate without penalty or fear of retribution.
Mr. Hill. I take it that the maritime aspects are really a
needle in the haystack situation in terms of, I know, during
the Trump Administration, as we attempted--the Treasury did a
good job, I think, trying to name flag vessels and increase the
heat on that. President Trump was not always on the same page
with Secretary Mnuchin on that, but we deployed Coast Guard
cutters to South Korean waters. But that is not really not
effective, is it?
Mr. Lorber. It is effective in limited cases, but I will
say one thing, that State and Treasury and the U.S. Coast Guard
did do is in early 2020, they issued a global maritime
sanctions advisory that was extremely detailed and long, which
basically signaled to the maritime sector that have sanctions
compliance obligations. And if they don't follow those through,
they may be at the point where they end up with an OFAC
enforcement action or designation.
And frankly, and candidly, that sent a significant chill
through the maritime sector to say, hey, we actually need to do
a much better job bolstering our sanctions compliance or else
we are going to be in bad shape with U.S. regulatory
authorities.
Mr. Hill. So, that is a potential place through the
Financial Action Task Force meetings and through our work with
Treasury and our colleagues. That is a place we could put more
emphasis. Is that a good thought?
Mr. Lorber. Yes. I think that is right. Figuring out how
financial institutions are actually working to reduce trade
finance-related sanctions, evasions in--
Mr. Hill. Thank you for your testimony.
I yield back, Mr. Chairman.
Chairman Himes. The gentleman's time has expired.
The gentleman from Ohio, Mr. Gonzalez, is recognized for 5
minutes.
Mr. Gonzalez of Ohio. Thank you, Mr. Chairman, and
congratulations to my friend, now Ranking Member Barr. I know
he is down on the House Floor, but I'm excited for him in this
new role.
I want to start my questions with Mr. Spiro, and I want to
talk specifically about DeFi. So, there is a sentiment and a
fear that DeFi, by design, does not allow for monitoring
sanctions compliance.
One, is that true? That is sort of the first question. And
the second one is, if not, how can we build that capability
into OFAC as more transactions move into the DeFi space?
Mr. Spiro. Thank you for that question, Congressman. It is
a very good one. And it pertains to the emerging technology
that we see on top of the preexisting technology that we see in
the cryptocurrency space. Admittedly, I am not a DeFi expert,
but what I can say is that DeFi provides software or claims to
provide software which can then be used in a peer-to-peer
capacity by those users in relation to trade.
And, as such, in relation to issues of accountability or
sanction screening or transaction monitoring, vulnerabilities
exist. And you can see how sanctions evasion could occur
outside of other kinds of sanctions-related illicit activity
like extraction attacks that could be executed by hackers, for
example.
I believe that DeFi, given the nature of that model, does
not fall under some regulatory regimes. But the Financial
Action Task Force has taken the position and said that these
kinds of services are, in fact, virtual asset service
providers, or has taken a position that is pending this summer,
I should say, that these kinds of providers are, in fact,
virtual asset service providers or exchanges and are,
therefore, subject to AML/CFT controls which would include KYC,
which is not currently happening in much of the space and
transaction monitoring and oversight.
Mr. Gonzalez of Ohio. Okay. So sort of building on that,
what sort of questions should we be asking of OFAC to make sure
that they can, in fact, monitor sanctions via DeFi? Because the
promise of DeFi--I think DeFi is a really cool concept, but
obviously, it has its challenges. The promises you don't have--
you don't have the central intermediary, you just go peer-to-
peer? So I guess, what should we be asking OFAC to make sure
they have this properly on their radar and are developing the
capabilities?
Mr. Spiro. That is a great question also, Congressman. I
think in relation to the different kinds of activity from what
I have heard, OFAC and certainly FinCEN, who coordinates with
OFAC and other agencies within the Treasury, is studying this
kind of activity, is reviewing any potential illicit activity
in the space, so I do believe that is happening.
But again, in relation to what degree the focus is applied
and the kind of information intelligence that is being built in
relation to potential additional designations and packages is
something to certainly consider because the advancement of that
technology right now in DeFi is rapid.
Mr. Gonzalez of Ohio. It is very rapid.
Mr. Lorber, do you have any thoughts on this?
Mr. Lorber. Yes. It is a great question, Congressman. I
think Mr. Spiro really spoke well to it. In my mind, to a
certain extent, it is a question of education as well as a
specific regulatory approach. One thing that I've seen quite a
significant amount of is firms who are operating in the DeFi
space, or are coming into the DeFi space, or thinking about
investing in the DeFi space, don't have a sense of what their
OFAC obligations are. Not that they don't know that they are
U.S. persons who are subject to sanctions. They know that, but
they don't necessarily know how that is operationalized or what
they should be doing for screening or for KYC and how they are
supposed to do it.
I do think that in addition to some regulator clarity,
there is a need to go out there and do some education once that
clarity is provided to make sure that everybody knows that this
is what is expected of you. And if you don't do it, then there
may be enforcement activity that follows.
Mr. Gonzalez of Ohio. Thank you for that. I think my time--
well, my time is about up. Mr. Lorber, I am going to ask you
one more question. Do you think we should be adding China to
the list of countries that we currently sanction? And if so,
how would you structure those sanctions?
Mr. Lorber. I think there are many differences we have with
the Chinese and many activities they engage in which I think
are where sanctions can be impactful. I would not recommend
putting in place essentially a comprehensive embargo like the
U.S. has on Iran and Syria and North Korea and Cuba, et cetera,
on China. I think--for all sorts of different reasons--that
would be a mistake. I think the targeted way--I realize the
time is up. I think the targeted way that both the Trump
Administration and the Biden Administration are approaching
sanctions towards China is prudent right now.
Mr. Gonzalez of Ohio. Great. Thank you.
I yield back.
Chairman Himes. The gentleman's time has expired. It
appears that we have no further Members with questions, so I
would like to thank our witnesses for their testimony today.
And thank you for your patience around the vote-induced chaos.
The Chair notes that some Members may have additional
questions for this panel, which they may wish to submit in
writing. Without objection, the hearing record will remain open
for 5 legislative days for Members to submit written questions
to these witnesses and to place their responses in the record.
Also, without objection, Members will have 5 legislative days
to submit extraneous materials to the Chair for inclusion in
the record.
With that, this hearing is adjourned.
[Whereupon, at 4:02 p.m., the hearing was adjourned.]
A P P E N D I X
June 16, 2021
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
[all]