Insights: Week of July 10, 2023

Photo by Jay Rembert on Unsplash

Russia’s practice of evading sanctions through trade with third-party countries dominated headlines this week. Western regulators may target third-party countries who enable Russian sanction evasion in upcoming rounds of sanctions related to the war in Ukraine.

Belgian news agency RTBF found that Serbian state-owned arms company Yugoimport has allegedly been sending Western ammunition to Russia, acting as a third-country transit hub enabling Russia to evade sanctions. Through Yugoimport, Belgian company New Lachaussée (NLC) shipped ammunition destined for the Serbian Defense Ministry. However, NLC’s contract with Yugoimport does not include a prohibition on re-export. Despite the EU and Belgium’s official regulations banning arms sales to Russia, NLC’s product ended up in Russian hands. Yugoimport’s transshipment of arms to Russia indicates a heightened risk of transacting with Serbia, particularly as the Serbian government could be supporting it through state-owned companies such as Yugoimport.

Western regulators could turn to sanctioning entities in third countries complicit in evasion schemes to stem the flow of illicit arms and goods to Russia. Regulators may also impose stricter measures on end-use due diligence. Expert analysts with experience navigating risky jurisdiction and end-use research are key in reducing these current and coming risks.

Click below to learn more.

FiveBy IntelSentry

Compliance and Due Diligence

Additional financial sector sanctions on Russia’s energy markets as well as sanctions on entities in third countries could increase the effectiveness of the G7’s price cap on Russian oil. Though the G7 price cap has led to reduced profits for Russia, it is still too high to be effective, as experts at the Peterson Institute for International Economics argue. When coupled with the EU Embargo, Russian oil prices have dropped so far that the price cap has not limited profits for Russian oil producers. To shield the global price of oil from increasing, these experts call for the G7 to adopt additional financial sector sanctions rather than an outright embargo. An additional concern is Russia’s use of third countries to hold its “shadow reserve” of wealth and create networks to evade energy sanctions and capitalize on oil market arbitrage. The Kremlin is developing additional evasion methods, and these will likely become sophisticated as oil is nearing the current $60 price cap.

Despite sanctions, more than one thousand Western companies remain in Russia. Despite some of these companies, such as Nestle, pledging to only sell certain products in Russia, their other products are still coming in. Previously, Nestle pledged to only sell “essentials” such as baby formula, however its chocolate bars and snacks are still being sold in Russia. Yale’s extensive database documents the status of Western companies in Russia.

Ten percent of Western companies have exited Russia since the start of the Ukraine war, with Russian businesspeople taking over the companies for pennies afterwards. These takeovers have resulted Russian businesspeople bringing in more than $2.89 billion in net profits in 2022, an amount that continues to grow as Western companies continue to exit. Among those profiting the most include some from Putin’s inner circle – Vladimir Potanin and Ivan Tyryshkin coming in first and second. Potanin is already sanctioned by OFAC and the UK, but Tyryshkin is only sanctioned by the UK. This report showing Tyryshkin’s profits off of Western companies’ exits could be a basis for him to fall under OFAC sanctions. The takeover of these Western companies is similar to what occurred at the fall of the Soviet Union—a few individuals acquire large assets for pennies and consolidate power by controlling these assets and the large amounts of resulting profits. Even if Western restrictions and sanctions are eventually loosened, the risks of transacting and doing business in Russia will be elevated compared to before it started the Ukraine war, likely for a long time.

Georgia plans to become a transit hub for Russians travelling to Europe and Europeans travelling to Russia. Its plans could lead it to fall under fire from not only the West, but also Georgians who in May came out to protest against the initial resumption of flights from Georgia to Russia. Georgia and the West’s relationship is on the downwards—as indicated by NATO’s decision not to invite Georgian Prime Minister Irakli Garibashvili to its summit after Garibashvili blamed the organization for causing the Ukraine war. These tense relations and Georgia’s decision to become a travel hub for Russia could place it under closer Western regulatory scrutiny.

On Tuesday, OFAC sanctioned Aleksandar Vulin, director of Serbia’s Security Information Agency for his ties to corruption, the illegal drug trade, and arms trafficking. The United States also accused Vulin of supporting the expansion of Russian influence in the Balkans while undermining democracy in the region. OFAC’s designation of Vulin is another indication that regulators are turning towards sanctioning entities and individuals in third countries assisting Russia.

After meeting with US Treasury Secretary Janet Yellen, China is demanding that the United States “cease the suppression of Chinese enterprises, lift bans on Xinjiang-related products, and take concrete steps to respond to China’s major concerns in economic relations between the two countries.” China’s latest move in its chip war with the United States is to restrict exports on gallium and germanium, both elements used in chips, solar panels, and fiber optics. China’s government announced these restrictions on July 3, with a start date set for August 1. Companies in Congo and Russia have said they will increase production of these elements to meet increased demand. This presents an interesting tangle for Western policymakers to unravel to meet demand for these elements, as they will need to decide whether to make concessions with China, or work with entities in Congo and Russia, jurisdictions which also have human rights and sanctions issues.

US-Israeli citizen Gal Luft is on the lam after being accused of multiple counts of violating US sanctions. Luft allegedly attempted to broker arms deals with customers in China, Libya, the UAE, and Kenya. Accusations also include Luft meeting with Chinese and Iranian companies to discuss oil deals, both of which would violate US sanctions. Luft claims to have evidence of corruption by President Joe Biden, charges which Biden’s family denies.

The Taliban is asking that sanctions be lifted on more than a dozen of its leaders, blaming the sanctions for the poverty in Afghanistan and also saying that the sanctions do not allow government officials to travel. Due to extensive human rights issues, it is unlikely that these sanctions will be lifted, though if necessary, sanctioning entities such as the UN might issue temporary travel waivers for these officials as they did in 2022.

Caribbean Community (Caricom) is urging US lawmakers to end the trade embargo on Venezuela. Caricom said that ending these sanctions would allow Caribbean states to benefit from the PetroCaribe initiative in which Venezuela would provide these states with discounted natural gas. The group also said it will enable them to pursue additional cross-border exploration projects. At a conference in Trinidad and Tobago last week, US Secretary of State Anthony Blinken did not comment on Venezuela and focused on climate change issues.

On Wednesday, OFAC sanctioned ten individuals and one entity linked to the Sinaloa Cartel fentanyl trafficking network. Many of the individuals were linked to Joaquin “El Chapo” Guzman. Import-export company, REI Compania Internacional also fell under sanctions for importing fentanyl precursor chemicals from China. The sanctions coincided with Treasury sanctions official Brain Nelson’s visit to US-Mexico border to meet with officials and learn more about “patterns and connections they’re seeing with financial institutions, as well as discuss further ways the federal government can partner with the private sector to better spot red flags and identify illicit financial networks.”

Fraud and Abuse

Photo by FLY:D on Unsplash

RomCom, a threat actor, has been targeting organizations participating in the NATO summit. The threat actor has a Hungary-based IP address and a history of targeting pro-Ukraine organizations. In its attacks on NATO affiliates, it sent emails with fake lobbying documents containing malware. Its attacks also included tricking victims into clicking a malicious domain, which used typosquatting techniques exploiting misspellings to appear legitimate.

AI systems such as ChatGPT have been driving a 464 percent surge in phishing emails in the first half of 2023 compared to 2022. Acronis reported that so far in 2023, phishing has been the primary method for threat actors to steal credentials and was used in 73 percent of attacks.

E-commerce fraud increased by more than fifty percent in the past year. A survey of 1900 global fraud professionals found that these professionals saw significant increases in fraud through online payment, account takeovers, and promotion and refund abuse. A majority of online merchants, also surveyed, responded that they plan to grow their anti-fraud teams this year.

Bank of America has been fined $250 million by the Consumer Financial Protection Bureau (CFPB) for opening credit card accounts for customers without their consent and double-charging fees. Bank employees opened credit card accounts using illegally obtained credit reports. Employees also withheld credit card rewards and charged multiple overdraft fees for the same transaction. The move is part of a push by the CFPB to eliminate “junk fees” bank charge customers.

HCA Healthcare confirmed a data breach affecting eleven million patients after its information was leaked on a hacking forum. Healthcare operates 182 hospitals and 2,200 care centers in the United States and United Kingdom. The hacker claims the information contains records from 2021 to 2023 and initially demanded a ransom from HCA Healthcare. HCA Healthcare did not pay the ransom by the hacker’s deadline, and so the hacker decided to put the data up for sale. The data does not contain sensitive health information but does include patient contact information which could be used in phishing campaigns.

Scammers are increasingly targeting cryptocurrency owners holding their tokens on physical hardware called cold wallets. Hot wallets, which do not use physical hardware, are less secure than cold wallets and have in the past been more commonly targeted by scammers. One cold wallet scam starts with an email claiming to be giving away free tokens from Ripple cryptocurrency exchange. To join the giveaway, victims are instructed to connect their cold wallet to the computer, which compromises the hardware. To prevent this scam, Kaspersky Labs advises verifying email authenticity before clicking, purchasing only official hardware, scanning newly purchased hardware for tampering, and securing seed phrases and passwords.

The EU fined US company Illumina $476 million for acquiring cancer-test developer Grail prior to EU antitrust approval. The EU was investigating the merge when Illumina acquired Grail, which the cites as grounds for the fine. The case is unusual as Grail does not have an EU presence, which indicates the EU aims to expand its jurisdictional reach on financial transactions.

Facebook parent company Meta is under fire for digital payment scams in the UK. UK Finance, a lobby group which represents more than 300 financial companies, is urging UK lawmakers to take measures forcing Meta to take more responsibility for authorized push payment fraud, which is when a scammer tricks a victim into making money transfers out of the victim’s bank account to the scammer. UK Finance claims that 61 percent of these fraud incidents in the UK are linked to Meta.

Massachusetts is considering a law completely banning the sale of cell phone location data. If passed, this law would be the first of its kind in the United States. The proposed legislation shows an increasing concern about consumer data privacy in the United States, which could fall under more regulations and require more robust privacy compliance measures.

  FiveBy provides a weekly roundup of relevant news and insights to help readers keep abreast of regulatory developments and reputational risks. We hope you find the insights useful. Please feel free to contact us at if you have any questions or suggestions.

Leave a Reply

Your email address will not be published. Required fields are marked *