Cryptocurrency exchange Kraken will pay $362,158 to settle its civil liability for apparent violations of US sanctions on countries like Iran, the Treasury Department’s Office of Foreign Assets Control said.
Part of its settlement deal with OFAC, Kraken will also invest $100,000 into sanctions compliance controls.
“Due to Kraken’s failure to timely implement appropriate geolocation tools, including an automated internet protocol (IP) address blocking system, Kraken exported services to users who appeared to be in Iran when they engaged in virtual currency transactions on Kraken’s platform,” said OFAC.
Earlier in July, New York Times reported that Kraken was under investigation by US authorities for a possible breach of sanctions. The Treasury was investigating whether Kraken allowed users in sanctions-hit countries to buy and sell cryptocurrencies.
The San Francisco-based firm declined to comment but said it is cooperating with the Justice Department and the Treasury Department’s Office of Foreign Assets Control, which enforces US economic sanctions.
The authorities probed Kraken’s transactions with Iranian users since 2019. In addition, the company failed to inform OFAC about these transactions and did not voluntarily disclose the violations of US sanctions.
The firm’s systems failed to analyze all data required for compliance with OFAC sanctions and therefore did not implement control measures to prevent such users of countries comprehensively sanctioned by the US government from accessing its service.
Nevertheless, the news sends an important message to crypto businesses. OFAC itself reiterated that digital asset institutions should take a risk-based approach to sanctions compliance to detect flaws in internal controls.
In 2021, crypto payment provider BitPay paid $507,375 to settle violations of sanctions rules administered by the US Treasury’s Office of Foreign Assets Control. OFAC said the violations occurred because BitPay, in 2,102 instances, allowed people located in sanctioned regions to conduct transactions with merchants in the United States and elsewhere using cryptocurrencies on its platform. The company was aware that based on the IP address data it collects, users from Ukraine, Cuba, Iran, Sudan and Syria logged into BitPay platform.
While BitPay screened its direct customers and conducted due diligence to ensure they were not located in sanctioned jurisdictions, it failed to screen location data that it obtained about its merchants’ buyers.