Photo of Jack Hayes

Jack Hayes has extensive experience providing clients with advice and assistance under ITAR and EAR, as well as US economic sanctions and anti-boycott regulations. Jack frequently handles complex export control matters, including voluntary disclosures, internal investigations of apparent export control violations, pre-closing and post-closing acquisition export compliance due diligence, export control audits, and assessments of compliance obligations and risks in accordance with relevant international trade regulations. He also provides guidance on brokering requirements and reporting obligations for certain fees, commissions, and political contributions related to sales of defense articles and defense services, prepares export and reexport license and agreement applications for submission, undertakes commodity jurisdiction and export classification analyses of items and services under the ITAR and EAR, drafts registration material change notifications, and develops compliance policies, programs, and training materials.

Read Jack's full bio.

On August 8, 2022, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced the imposition of sanctions on the decentralized digital asset mixer Tornado Cash. The action marks the first time OFAC has targeted an on-chain decentralized protocol. To date, OFAC has not issued any guidance specific to decentralized finance (DeFi) as part of its broader sanctions guidance for the “virtual currency” industry, but the Tornado Cash action lays down an important marker and makes clear that OFAC will target projects or protocols engaged in illicit activity regardless of their centralized or decentralized status. (Our prior blog post on OFAC’s general virtual currency guidance is available here).

According to OFAC, Tornado Cash was “used to launder more than $7 billion worth of virtual currency since its creation in 2019,” including over $455 million stolen by the Lazarus Group, a North Korean-backed hacking group that was previously targeted by OFAC sanctions. In announcing the action, Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian Nelson explained, “Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks.”

Continue Reading OFAC Designates Tornado Cash in First Action Against a Decentralized Platform

On March 7, 2022, the Financial Crimes Enforcement Network (FinCEN) of the US Department of the Treasury published guidance (Guidance) for US financial institutions warning about: (1) efforts of foreign actors to evade expanding US economic sanctions and trade restrictions related to the Russian Federation and Belarus and (2) increased risk of malicious cyber-attacks and related ransomware campaigns, following the invasion of and continued military action in Ukraine. The Guidance provides instructive red flags and related advice for all US financial institutions to evaluate, and provides information of particular relevance for Money Services Businesses (MSBs) and other FinCEN-regulated institutions undertaking transactions in what the agency calls “convertible virtual currency” (CVC).

Most notably, FinCEN strongly encourages US financial institutions that have information about CVC flows, including exchangers or administrators of CVC to: (1) be mindful of efforts to evade expanded US sanctions and export controls related to Russia and Belarus, summarized by Steptoe here; (2) submit Suspicious Activity Reports (SARs) as soon as possible regarding such conduct; (3) undertake appropriate risk-based due diligence of customers, and where required, enhanced due diligence; (4) voluntarily share information with other financial institutions consistent with Section 314(b) of the USA PATRIOT Act; and (5) consider using tools to identify assets that must be blocked or frozen under applicable sanctions.

Continue Reading What US Financial Institutions Need to Know about FinCEN’s Russian Sanctions Evasion and Ransomware Guidance

On November 1, 2021, the President’s Working Group on Financial Markets (PWG), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) issued a joint report that, among other things, calls on Congress to adopt legislation to enable federal oversight of stablecoin issuers, custodial wallet providers that hold stablecoins,

On October 15, 2021, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued anticipated Sanctions Compliance Guidance for the Virtual Currency Industry and updated two related Frequently Asked Questions (FAQs 559 and 646). OFAC has published industry-specific guidance for only a handful of other industries in the past two decades; the new guidance demonstrates the agency’s increasing focus on the virtual currency (VC) sector. It also clarifies US sanctions compliance practices in ways that could lay a foundation for future OFAC enforcement actions.

OFAC’s guidance was announced as part of broader US government enforcement priorities to combat ransomware, money laundering, and other financial crimes in the virtual currency sector, as noted in the Department of Justice’s recent announcement of a National Cryptocurrency Enforcement Team. The OFAC guidance was published in tandem with a Financial Crimes Enforcement Network (FinCEN) analysis of ransomware trends in suspicious activity reporting, but the guidance is directed at the VC industry in general and is not specific to ransomware. A ransomware actor who demands VC may or may not be a target of OFAC sanctions, and sanctioned actors may engage in a wide variety of VC transactions that do not involve ransomware. The recommended compliance practices in OFAC’s new guidance are focused on the full range of sanctions risks that arise from virtual currencies.

The guidance maintains OFAC’s longstanding recommendation for risk-based compliance programs, and builds on the May 2019 Framework for OFAC Compliance Commitments. The guidance also provides notable examples of compliance controls that are tailored to the unique risk and control environments of the VC sector.

Continue Reading OFAC Issues Compliance Guidance for the Virtual Currency Industry

On February 18, 2021, the US Department of the Treasury’s Office of Foreign Assets control (OFAC) announced a $507,375 settlement with BitPay, Inc. (BitPay). This civil settlement resolved apparent violations of multiple sanctions programs related to digital currency transactions, and is the second OFAC enforcement case brought against a business in the blockchain industry. This

On January 1, 2021, the United States enacted the National Defense Authorization Act for Fiscal Year 2021 (NDAA) after the US House of Representatives and US Senate voted to override a presidential veto of the law. Included within the NDAA are a significant number of provisions related to anti-money laundering (AML) and countering the financing of terrorism (CFT), including provisions reforming the Bank Secrecy Act (BSA), a collection of statutes underpinning most of the current AML regulatory framework. These amendments, many of which have been under consideration for years, represent the most substantial AML-related reforms enacted since at least the USA PATRIOT Act of 2001. Below, we outline ten of the most significant AML provisions contained in the NDAA. Given the breadth of the reforms, it is particularly important for US “financial institutions” – including money services businesses (MSBs) and other non-traditional financial institutions subject to the BSA – to carefully review the Act to understand how their compliance obligations may have changed or may change in the future as the Act is implemented via regulation.

Continue Reading Ten Key Takeaways from the NDAA’s AML Reforms

On December 30, 2020, the US Department of the Treasury’s Office of Foreign Assets control (OFAC) announced a $98,380 settlement with BitGo, Inc. (BitGo). This civil settlement, regarding apparent violations of multiple sanctions programs related to digital currency transactions, is the first published OFAC enforcement action against a business in the blockchain industry.

BitGo, based in Palo Alto, California, is an “institutional digital asset custody, trading, and finance” company. The apparent sanctions violations relate to 183 instances in which BitGo failed to prevent individuals and/or entities located in Crimea, Cuba, Iran, Sudan, and Syria from using its non-custodial secure digital wallet management service. All of these jurisdictions were subject to comprehensive embargoes under OFAC regulations during at least part of the time that the transactions occurred. OFAC stated that BitGo had reason to know that users in these comprehensively sanctioned jurisdictions were using its services through Internet Protocol (IP) address data collected for security purposes, and allegedly had failed to implement controls to prevent users in such jurisdictions from accessing its services. (The violations and settlement did not involve enterprise or custodial services provided by BitGo Trust Company, Inc., an affiliate of BitGo, Inc.)

According to OFAC, between approximately March 10, 2015, and December 11, 2019, BitGo processed 183 digital currency transactions totaling $9,127.79 using its hot wallet management service for users in the comprehensively sanctioned jurisdictions who had signed up for hot wallet accounts.

Continue Reading OFAC Announces First Ever Enforcement Action Targeting a Digital Asset Company

On April 3, the US Securities and Exchange Commission (SEC) provided important guidance for token issuers. The SEC Division of Corporation Finance issued a No-Action Letter dated April 3 regarding TurnKey Jet, Inc. (the “TurnKey No-Action Letter”) in which the SEC staff confirmed that it would take no action against Turnkey Jet, Inc. (TKJ) for selling tokens without registration. This guidance is most relevant to token issuers who are focused on commercial utility and record-keeping benefits in a centrally controlled network and are willing to minimize or eliminate the profit elements of the token. The TurnKey No-Action Letter, taken together with the Framework for “Investment Contract” Analysis of Digital Assets (“Framework”) issued by the SEC’s Strategic Hub for Innovation and Financial Technology on the same date, offers guidance for structuring the elements of a private, permissioned, centralized blockchain token and network.[1] 
Continue Reading TurnKey Token Gets to Fly: SEC Issues First No-Action Letter for Token Sale

Long awaited guidance from the US Securities and Exchange Commission (SEC) on application of the Howey test to digital assets came on April 3 in the form of a Framework for “Investment Contract” Analysis of Digital Assets (“Framework”) and a No-Action Letter regarding TurnKey Jet, Inc. (the “TurnKey No-Action Letter”). These two documents are best understood as part of a trilogy with the June 2018 Hinman speech.

The Framework offers the clearest indication yet of the SEC staff’s thinking on the Howey test, with the TurnKey No-Action Letter and the Hinman speech providing examples of where a digital asset fails to meet a necessary element of the test. For purposes of clarity, it helps to think of the Howey test as having four elements:  (1) an investment of money (2) in a common enterprise (3) with a reasonable expectation of profits (4) derived from the efforts of others.[1]

The first two prongs are essentially throwaways inasmuch as the Framework devotes only three sentences to them in total. SEC staff note that these prongs are “typically satisfied” in evaluating digital assets. On the other hand, the Framework pays significant attention to the third and fourth elements.
Continue Reading SEC Smooths Out Digital Assets Turbulence With Further Guidance

The Global Blockchain Business Council (GBBC) recently published its 2019 Annual Report, “Beyond the Hype: Building Blockchains for Real World.” The report provides a comprehensive update on the global regulatory landscape surrounding blockchain technology along with an overview of some of the blockchain solutions being built by GBBC members.

Steptoe authored an overall insights piece,