OFAC this week announced a nearly $3 million settlement with Microsoft for violations of Iran, Cuba, Syria, and Russia sanctions between 2012 and 2019. The settlement is less than 1 percent of the maximum civil monetary penalty applicable in this case and reflects the company’s efforts to remediate and widely improve its compliance program. Microsoft’s significant efforts to enhance its already-robust compliance program was a considerable mitigating factor in the settlement, and Treasury flagged the company’s notable efforts to strengthen its compliance processes to avoid future violations. Numerous mitigating factors helped Microsoft avoid much more significant penalties.

• Microsoft voluntarily disclosed its violations and actively cooperated with investigators.

• The company enhanced its compliance program, increased resources dedicated to screening out sanctioned entities and individuals, and implemented additional compliance oversight.

• It also improved its research methods and worked with contractors and full-time employees to review and research potential restricted-party matches.

• Microsoft either terminated or otherwise disciplined the Microsoft Russia employees involved in the violations.

The settlement demonstrates the need for every US firm and financial institution to increase compliance efforts to avoid significant fines and even possible criminal charges. Foreign-language capabilities, jurisdictional knowledge, and sanctions expertise are a must, as is enhanced screening and engagement with counsel and trade teams to ensure process consistency.

FiveBy’s expert, certified analysts can supplement companies’ compliance efforts with in-depth research and consistent monitoring, issuing alerts about possible challenges and regulatory changes on the horizon.

Click below for a free consultation.

IntelSentry

---

Compliance and Due Diligence

OFAC this week sanctioned two individuals and three entities under its Lebanon program. Two of the entities are located in Lebanon, and one is in the UAE. The two individuals are brothers and are profiting from public corruption and contributing to the breakdown of the rule of law in Lebanon, according to the Treasury press release.

OFAC this week designated a former president of Haiti’s Chamber of Deputies for his extensive corruption. The agency also sanctioned Genesis Market—the illicit marketplace whose domains were also seized by the FBI this week. According to the Treasury press release, Genesis Market is believed to be located in Russia, and it sells access to stolen data to cybercriminals for further exploitation.

Treasury this week released the world’s first illicit finance risk assessment aimed specifically at decentralized finance (DeFi). The report flags illicit actors like North Korea, ransomware attackers, scammers, and others using DeFi services to transfer and launder illicit proceeds, exploiting frequent failures to uphold their AML/CFT obligations. We judge that Treasury’s report almost certainly is a shot across the bow for DeFi and that regulators likely will increase enforcement efforts against these services.

Coinbase-backed plaintiffs are asking the government to remove sanctions imposed by OFAC against Tornado Cash. The plaintiffs claim that sanctions against Tornado Cash are not appropriate because OFAC’s authorities permit action against a foreign “national” or “person,” while Tornado Cash is software.

Lithuania is renewing its efforts to impose sanctions on Russia’s nuclear energy industry. Budapest has vowed to block all EU efforts to sanction Rosatom, which is expanding the Paks nuclear plant in Hungary, but Lithuania’s latest proposal includes exemptions for the country.

A new FATF report says that Venezuela has limited legislative and regulatory capacity to effectively combat money laundering and terrorist financing. Among the problems listed by the watchdog are the country’s corruption, drug trafficking, illegal exploitation of natural resources, smuggling, human trafficking, and the high level of informal economy, which permits the excessive use of cash outside the regulated financial system.

Lithuania this week banned Russian nationals from purchasing real estate in the country. The Lithuanian government also banned new visas from being issued to Russian and Belarussian nationals.

Russia’s Sovcombank plans to challenge the sanctions Japan imposed against it over the conflict in Ukraine. Japan’s foreign ministry in late February denied Sovcombank permission to appeal the sanctions, so Sovcombank has now hired local Japanese lawyers through a Russian law firm to represent it and intends to appeal the ministry’s decision.

The UAE Central Bank last week cancelled the banking license of Russia’s MTS Bank Abu Dhabi citing “sanctions risk.” The Russian bank’s operations will end within six months from the date of the decision, and the MTS branch will not be allowed to open new accounts and conduct transactions, except to clear prior obligations during that time.

US-designated chemical companies in China are evading the US crackdown on illicitly manufactured fentanyl by using connected entities to ship potential precursors to the United States. New companies established after designations are released against Chinese companies exploit the sanctioned firms’ branding and operations to continue shipping chemicals and alter potential precursors further on the supply chain to avoid detection.

Crypto exchange Bittrex is shutting down its US operations, citing a regulatory environment that prevents it from operating. Bittrex in October was fined roughly $53 million for violating sanctions and failing to prevent customers in Iran, Cuba, and other sanctioned jurisdictions from using its platform. Before that, in 2019, New York regulators forced Bittrex to cease operations in the state, citing concerns over its ability to detect money laundering and comply with sanctions.

China this week sanctioned the Washington-based think tank the Hudson Institute and the Ronald Reagan Presidential Library in response to Taiwanese President Tsai Ing-wen’s visit. The Reagan Library this week hosted a meeting between Tsai and a US Congressional delegation led by House Speaker Kevin McCarthy, and the Hudson Institute last week honored her with the Global Leadership Award.

Bulgaria will close its ports to any ship certified by the Russian Maritime Register of Shipping, regardless of the flag under which they are sailing. Sofia last year banned Russian-flagged ships from entering its ports, and the ban is now extended to Russian vessels that fly the flags of other countries. Bulgaria recently identified Russian aggression as a direct threat to global peace.

Democratic Republic of the Congo (DRC) president Felix Tshisekedi has directly intervened with the Biden administration on behalf of sanctioned Israeli businessman Dan Gertler, asking that Treasury remove sanctions against Gertler, who has agreed to return to the DRC an estimated $2 billion in mining and oil-drilling rights secured over the past two decades. In exchange, the Congolese government agreed to pay Gertler’s companies $260 million and help him lobby in Washington to have him removed from the SDN list.

Fraud and Abuse

An Estonian national has been charged with helping Russia’s military acquire US electronics, including radar components. An 18-count indictment unsealed this week charged Andrey Shevlyakov with conspiracy and other charges related to procuring US-made electronics on behalf of the Russian government and military.

An investigation into the attempted smuggling of a dual-use export-controlled item to Russia has resulted in the forfeiture of approximately $826,000. Beginning in 2018, operators of a Latvia-based corporation conspired with the operator of Estonia-based company, By Trade OU, and individuals in Russia and a Russia-based company, to smuggle a jig grinder that was manufactured in Connecticut to Russia in violation of export regulations. A jig grinder is a high-precision grinding machine system that does not require a license to export to the EU but does require a license for export and reexport to Russia because of its potential application in nuclear proliferation and defense programs.

STYX is becoming popular as a dark-web marketplace for buying and selling illegal services or stolen data. Among the services provided are money laundering, bypassing multi-factor authentication, fake or stolen IDs and other personal data, renting malware, and much more. STYX supports payments with multiple cryptocurrencies and works to increase trust in its platform by featuring a special section reserved for vetted vendors.

A network of companies used by eastern European oligarchs to launder millions of dollars used ordinary Armenian citizens as proxy directors to transfer assets from closed banks abroad and pay for lobbying services in the United States. Nearly all the companies have similar websites and own each others’ shares, and some of them were directly involved in the Russian Laundromat scandal from 2010 to 2014. These companies are registered in Central Europe and Southeast Asia, and the funds are moved using fake invoices for goods or services that do not exist.

Europol has published a joint analysis report examining the risks and challenges for law enforcement posed by criminal networks in EU ports. These criminal networks are increasingly using misappropriated container reference codes to extract illicit goods from ports, and they infiltrate and gain control of ports by coordinating local networks of corrupt port officials.

Who owns and controls financial institutions in Lebanon? This investigation uncovers the connections between politicians and banks, as well as other actors. Lebanon’s First National Bank lists US-designated Mohammad Bazzi as a 4.77 percent shareholder through his company Africa Middle East Investment Holding SAL. Bazzi was arrested in Romania in February on global terrorism charges. UPDATE: the publishers of the report issued a correction. The company with a 4.77 percent share at the bank is Africa Investment Holding, and not Mohammed Bazzi ‘s company Africa Middle East Investment Holding.

The Justice Department this week charged Charlie Javice, who founded the student-aid assistance app, Frank, with fraud for allegedly lying about having access to the data of more than 4 million clients in an acquisition deal with JPMorgan. The banking giant was willing to pay $175 million for the data, and the SEC also has filed a fraud complaint against Javice, alleging that she misled the JPMorgan into buying her company.

Krebs on Security deconstructs a UK-based software development company CodesToYou, which appears to have been founded by John Clifton Davies, a UK conman who fled the country in 2015 before being sentenced to 12 years in prison for fraud. The article looks at incorporation records and the company’s officers, as well as other entities to which the chairman is connected. It examines the website and the company’s marketing team, whose lead appears to be connected to a private office belonging to an individual who uses a known pseudonym used by Davies. This article demonstrates the in-depth research required today to detect fraud, sanctions evasion, and other financial crimes.

The Justice Department this week announced that it has seized an estimated $112 million in virtual currencies linked to “pig butchering” scams. Six virtual currency accounts were allegedly used to launder proceeds of various crypto scams in which criminals would cultivate long-term relationships with victims met online, eventually enticing them to make investments in fraudulent cryptocurrency trading platforms. Scammers often target their victims through social networking and online communications platforms, dating websites, and phone calls and text messages that are meant to appear to have been misdialed.

A Dubai Court has authorized the extradition of a British hedge fund trader accused of massive fraud to face charges in Denmark. Sanjay Shah, who was arrested last June, is wanted over an alleged 1.7 billion euro scam to help companies fraudulently claim Danish tax refunds.

Ernst & Young has been banned in Germany from taking on any new listed audit clients for two years after the failures in its work in the Wirecard fiasco. The country’s audit watchdog also announced a fine of €500,000 for EY and of between €23,000 and €300,000 for each of five current and former employees of the firm.

Thousands of pages of secret documents reveal how Russian cyber firm NTC Vulkan’s engineers have supported Russian hacking operations, trained operatives, spread disinformation, and engaged in other cyber activities for Russian military and intelligence agencies. Vulkan’s work is linked to the FSB, the GRU, and the SVR. The company does not appear to be sanctioned, but regulators almost certainly will begin focusing their attention on the adverse media reports about the company for possible designations.

Zimbabwe’s central bank has frozen the assets of four individuals alleged to be involved in a gold smuggling and money laundering ring recently exposed by al-Jazeera. Cleopas Chidodo, David Chirozvi, Mehlululi Dube, and Fredrick Kunaka, admitted to al-Jazeera that they accepted money to assist a gold-smuggling and money laundering ring that has operated in the country for the past 23 years.

South Korean prosecutors have identified $314.2 million in illicit assets associated with Terraform Labs co-founder Do Kwon and his associates. Kwon apparently converted most of his illicit funds into Bitcoin using overseas crypto exchanges. South Korean authorities have requested that Binance block any withdrawal request associated with Kwon, and Binance is cooperating with prosecutors.

Robinhood will pay more than $10 million in penalties “for operational and technical failures that harmed main street investors.” The multistate settlement stems from an investigation into the platform outages of March 2020, when hundreds of thousands of investors were relying on the Robinhood app to make trades and were unable to do so.