Ahead of the anniversary of Russia’s invasion of Ukraine, US Treasury Deputy Secretary Wally Adeyemo this week met with a group of sanctions and foreign policy experts to discuss the unprecedented sanctions and export controls imposed on Russia in the aftermath of the incursion. Adeyemo flagged that Treasury in the months ahead will increase its focus on enforcement, countering sanctions evasion to continue hampering Russia’s ability to fund its military, procure equipment, and use technology in its war effort.

The readout of the meeting confirmed our assessment in a recent white paper that simple list screening will no longer be enough. Regulators expect robust compliance programs that research, monitor, and take risk-appropriate actions to ensure that malign actors do not access US tools, technologies, and the financial system writ large.

To download a FREE copy of the white paper, click here

---

Compliance and Due Diligence

The United States—not unexpectedly—is considering sanctions for entities that manufactured the Chinese spy balloon, which Washington says had multiple antennas for intelligence gathering purposes. Congress this week passed a nonbinding resolution condemning China, and US officials believe the balloon is part of a wider fleet of surveillance balloons that has been seen over various countries. The unnamed company that manufactured the balloon is apparently an approved Chinese military vendor.

OFAC this week sanctioned five Bulgarian individuals and five entities under Global Magnitsky (GLOMAG) authorities. Nikolay Malinov—a former Bulgarian presidential candidate—in 2021 was accused of spying for Russia. He’s a member of the now-designated Russophiles For The Revival Of The Fatherland political party. A former Bulgarian Finance Minister—Vladislav Goranov—who served in that role until July 2020, is also on the list.

The United States has announced an initial $85 million aid package for Turkey and Syria in the aftermath of a massive earthquake that killed thousands of people. OFAC also issued a general license, granting sanctions relief for Damascus. According to the Treasury press release, the new license expands upon broad humanitarian exemptions already in effect.

The United States will not impose sanctions on India for its oil purchases from Russia. The Assistant Secretary of State for European and Eurasian Affairs this week said the relationship with India is based on “commitment to uphold international rules and respecting territorial integrity and sovereignty despite policy differences.”

The United States and the UK this week sanctioned members of the Russian Trickbot cyber criminal organization, which targeted hospitals and medical facilities around the world during the peak of the Covid pandemic. Current members of the Trickbot gang are linked to Russian intelligence services, and their activities in 2020 were aligned with Russian state objectives. OFAC this week also sanctioned two MS-13 gang leaders.

The United States this week also targeted companies involved in the production, sale, and shipment of Iranian petrochemicals. The sanctions mainly targeted East Asian companies that purchase Iranian petrochemicals, including in Singapore and Malaysia.

The G-7 countries are discussing imposing sanctions on companies in China, Iran, and North Korea believed to be providing Russia with military equipment.

There’s been (uncorroborated) reporting from the Ukrainian government that Gazprom Neft (Газпром нефть) is creating its own military company à la Wagner, and that the order was signed by Russian Prime Minister Mishustin. The document establishes that the founders of the organization will be PJSC Gazprom Neft, which will have a 70 percent stake in the company. Gazprom Neft is currently under financial restrictions, pursuant to executive orders (EOs) 13662 and 14024, and it likely would be included on the SDN list should it send mercenaries to Ukraine.

The European Parliament has adopted a nonbinding resolution urging the EU to sanction Russia’s nuclear energy. The resolution also calls for an immediate and full embargo on imports of fossil fuels and uranium from Russia and for Nord Stream 1 and 2 pipelines to be completely abandoned. Hungary and Bulgaria both oppose sanctions on the nuclear sector, and both have threatened vetoes.

South Korea has announced its first independent cryptocurrency theft and cyber attacks sanctions. Four North Korean individuals and seven businesses have been designated, including US-sanctioned Park Jin-hyok, who works in information technology for the Chosun Expo Joint Venture—a front company connected to the Lazarus Group. Park is well known for participating in the WannaCry ransomware attack in 2017 and the attack on Sony Pictures Entertainment in November 2014.

Human Rights Watch this week called for targeted sanctions against Eritrea, accusing the government of forcing thousands of people, including minors, into military service and punishing the families of draft dodgers. Eritrean troops have been accused by the United States and human rights groups of atrocities, including the massacre of hundreds of civilians in Tigray.

The UK this week designated 15 Russian individuals and entities for providing military equipment, such as drones, for Russia’s invasion of Ukraine. We expect OFAC to mirror at least some of these designations in the coming days. One of the entities—Moscoms LLC—is connected to a financial network that hides and protects assets for Kremlin elites, including Putin.

OFAC will lift sanctions imposed on a former Russian Sberbank subsidiary that is now wholly owned by a Kazakh firm. Sberbank sold its Kazakh subsidiary in August to state-owned financial holding company Baiterek.

Iran is helping Russia circumvent western sanctions by having its “ghost fleet” carry Russian oil. At least 16 vessels that formed part of the “ghost” network that allowed Iran to breach US sanctions have begun to ship Russian crude oil during the past two months. Ghost ships evade sanctions by disguising ownership and movements.

Federal regulators are not the only ones ramping up enforcement efforts. New York authorities have issued subpoenas to three leading auction houses: Christie’s, Sotheby’s, and the Russian-owned Phillips Auctioneers in hopes of accessing records linked to sanctioned Russian oligarchs. Andrey Melnichenko, Viktor Vekselberg, and Roman Abramovich were among the high-profile Russian moguls named in the investigation.

German authorities this week raided the premises of three companies as part of an investigation into EU sanctions violations. One of the companies, Smart Impex GmbH, is a German wholesaler of IT products that is suspected by authorities of evading sanctions on electronic components via an intermediary company in Turkey.

The Biden administration could introduce new restrictions on China’s advanced computing within the next two months. The Executive Order is expected to require US companies to report their planned investments in “certain adversarial countries” to the government and will most likely prohibit investments in sensitive areas that have military or surveillance applications.

The UK is investigating Barclays for alleged “persistent failings” in its compliance and anti-money laundering (AML) systems. The Financial Conduct Authority last year requested an independent review of the bank’s processes and systems in light of concerns about the volume of know-your-customer and AML incidents.

Fraud and Abuse

The EU is launching a new platform to counter disinformation by Russia and China. The Information Sharing and Analysis Center within the EU’s foreign services will work to track information manipulation by foreign actors and coordinate with EU members, as well as share information in real time with NGOs, and cybersecurity agencies.

Relatedly, be careful what sources you trust online. Recently Russian media sources and pro-Russian Telegram channels have been circulating a fake screenshot of a Financial Times article, claiming that two of the Ukrainian pilots training on the Leopards in Germany have asked for political asylum there. The screen cap is fake, which is apparent from the variation in the font in the second paragraph. The original FT article is here, and the second paragraph has no mention of asylum seekers.

A confidential UN report says that North Korea stole the most cryptocurrency assets ever last year, targeting the networks of foreign aerospace and defense companies. Crypto heists writ large totaled as much as $3.8 billion last year alone, with the DPRK getting away with an estimated $1.7 billion of that amount.

Ishan Wahi, a former product manager at Coinbase, this week pleaded guilty to two counts of conspiracy to commit wire fraud in connection with an insider trading scheme. Wahi used insider Coinbase information about which cryptocurrencies would be listed on the exchange to enrich himself and his co-conspirators.

Twenty three individuals have been indicted on charges of money laundering conspiracy, cleaning more than $3.5 million in proceeds of wire fraud. The conspirators would open bank accounts, use assumed business names, and transfer, withdraw, and move proceeds of fraud based on business email compromise, romance scams, unemployment insurance fraud, and Payroll Protection Program (PPP) fraud.

Denis Dubnikov this week pleaded guilty in US court to one count of conspiracy to commit money laundering. The Russian national was extradited to the United States from the Netherlands in August for laundering $400,000 in payments from victims of Ryuk ransomware, which is believed to have extracted $70 million from victims around the world, including in the United States.

US prosecutors this week charged fugitive Russian citizen Vladimir Voronchenko with engaging in sanctions evasion and money laundering to protect the assets of sanctioned Russian oligarch Viktor Vekselberg. The Justice Department has unsealed an indictment charging Voronchenko with making more than $4 million in US dollar payments to maintain four properties belonging to Vekselberg and attempting to sell two of them. Vekselberg bought the properties using a network of shell companies.

Who is helping Putin pals hide their wealth? An investigation by Vazhnye Istorii reveals that the assets of sanctioned oligarch and close Putin friend Gennady Timchenko are handled by the Erie family of professional managers from Liechtenstein, who own a BVI offshore company Jardin Developments and run Sequoia, a Liechtenstein-registered trust company that includes the Luxembourg-based Volga Group, which is a Timchenko investment vehicle that manages the oligarch’s assets. Arkady Rotenberg’s affairs are handled by Ruslan Goryukhin, a former top manager of Budgazmontazh company, who is “technically” the owner of RG Development, whose beneficial owner is almost certainly Rotenberg.

Messaging apps are enabling check fraud—especially Telegram, which has made recruiting, training, organizing, and executing fraud schemes by organized criminal organizations easier. Banks last year saw an 84 percent increase in check fraud, according to FinCEN. A cybersecurity firm was able to find at least 30 channels on Telegram that provide tips and techniques to commit bank fraud, despite Telegram’s claims that their platform is moderated to remove harmful content.

OCCRP has discovered that five of the 10 people the United States sanctioned last week for operating a Russian arms sanctions evasion network in 2016 acquired EU citizenship through Cyprus’s “golden passport” scheme. The program, which was scrapped in 2020 after allegations of exploitation by illicit actors, allowed foreigners to acquire Cypriot—and therefore EU—citizenship in return for investment in Cyprus.

In the wake of the Suisse Secrets investigation released last year, which uncovered how Credit Suisse stored the ill-gotten gains of criminals and kleptocrats across the world, Swiss prosecutors have launched an investigation into the whistleblower who leaked the data. Switzerland’s secrecy laws apply even to individuals who expose criminal behavior, so prosecutors could charge the whistleblower with economic espionage.

Kambiz Attar Kashani, a dual citizen of the United States and Iran, this week was sentenced to 30 months in prison for conspiring to illegally export US  goods and technology to end users in Iran, including the Central Bank of Iran. Kashani and his co-conspirators used two front companies in the UAE to illegally procure electronic goods and technologies from multiple US companies, including tech under export controls, falsely attesting that the UAE companies would be the end users.

Todd Coleman yesterday was sentenced to 33 months in prison for his role in a bribery scheme in which he accepted money from an Afghan company in exchange for helping it deceive the US military into awarding at least 10 contracts at inflated values. Coleman and another contractor registered fictitious companies in Georgia and opened bank accounts to which bribes were wired from Afghanistan. They also created false invoices to make it appear as though they were involved in a car-exporting business in the UAE.

A Luxembourg native who runs a private aircraft company, and who was key in the effort to roll back corporate transparency rules in Europe that would have required companies to disclose their owners, may be trying to protect his multiple ties to wealthy Russian business figures. Patrick Hansen has owned more than 100 companies, many located in secrecy havens, such as the British Virgin Islands, and many of the companies he directed had Russian owners, including one that belonged to the family of a United Russia legislator. Hansen is almost certainly acting as a proxy, helping obscure ownership of the companies.