The Financial Crimes Enforcement Network (FinCEN) and the Commerce Department’s Bureau of Industry and Security (BIS) this week issued a joint alert that Russian and Belarusian entities may attempt to evade export controls that were implemented after Moscow’s invasion of Ukraine. Since the invasion began, BIS imposed a number of export controls that target Russia’s defense, aerospace, maritime, oil, industrial, and commercial sectors. Restrictive measures have also been imposed on Belarus for enabling Russia’s invasion.
The agencies recommend applying a risk-based approach to trade finance to help mitigate vulnerabilities associated with Russian and Belarussian efforts to circumvent US restrictions and highlight some indicators that could be signs of evasion efforts.
Illicit actors often circumvent restrictions by procuring low-tech consumer goods that do not require a license for export, re-export, or transfer to most destinations. They will also engage complicit shippers to obscure either the nature of the goods or their ultimate destinations. Export control evasion tactics could also involve the use of trade corridors known to serve as possible transshipment points for exports to Russia and Belarus, making geographic expertise critical to mitigating vulnerabilities. Other red flags include the purchase of new vessels for no apparent economic or business purpose or vessels or other assets identified as or linked to blocked property under US or partner country sanctions. Changes in shipments or payments that were previously scheduled to go to Russia or Belarus, or a company located in Russia or Belarus, or other changes uncharacteristic of a client’s profile—especially ones involving Russia and Belarus—can also indicate potential illicit activity.
Click below for an expert consultation with the FiveBy analytics team to discuss your risk mitigation needs as regulators increase their focus on stopping sanctions evasion.
Compliance and Due Diligence
After the United States added five companies in China to the BIS Entity List this week for allegedly supporting Russia’s military and defense industrial base, Beijing said it will “take the necessary measures” to protect Chinese firms. Six of the entities added to the blacklist were included specifically for their continued support of Russia’s military efforts, and five of them are based in China.
The United States and its G7 allies this week discussed support to Ukraine and sanctions against Russia over its invasion of its neighbor. The United States proceeded to target Russian defense supply chains by imposing blocking sanctions on major state-owned defense enterprises and defense-related entities and individuals. Other G7 countries have also taken steps to restrict Russia’s access to key industries, particularly those that support its armaments industrial base and technology sector. The United States has also prohibited the import of new Russian gold into the the country. The White House has issued a Fact Sheet detailing additional measures taken against Moscow.
Treasury this week froze more than $1 billion hidden by a Russian oligarch in a Delaware-based trust. OFAC issued a Notification of Blocked Property to Heritage Trust, in which sanctioned Russian oligarch Suleiman Kerimov holds interest, and which is subject to the same restrictions as Kerimov. Heritage Trust was formed in July 2017 to hold and manage Kerimov’s US-based assets. The funds entered the US financial system through two foreign entities controlled by Kerimov before sanctions were imposed, and were subsequently invested into “layers” of US shell companies and other financial entities to conceal his stake.
The UK this week imposed a penalty of roughly $18,200 in pounds sterling against Tracerco Ltd., a provider of oil-and-gas measuring products and services, which made two payments to a sanctioned company, Syrian Arab Airlines, for an employee to fly home between May 2017 and August 2018. The regulator said the company voluntarily disclosed the breach and got its fine cut in half, but the penalty is almost seven times the amount of business that was actually done by Tracerco in violation of UK sanctions. This is likely OFSI’s shot across the bow to bigger companies that breach sanctions. The UK this week also sanctioned Russian oligarch and the country’s second richest man, Vladimir Potanin and Putin’s cousin, Anna Tsivileva. London is also introducing more measures to prevent Russia from accessing UK trust services.
EU negotiators this week reached a provisional agreement on AML rules for cryptocurrencies that would obligate crypto firms to perform customer due diligence on their clients. The rules would also require crypto firms to report suspicious transactions to regulators to help crack down on dirty money.
In a new report the Council of Europe’s AML body, MONEYVAL, called on Bulgaria to improve the regulatory framework and strengthen the practical application of measures to combat money laundering and financing of terrorism. MONEYVAL assessed that the country demonstrates a low level of effectiveness in areas related to the use of “financial intelligence, investigations and prosecutions of money laundering, confiscation of proceeds of crime or property of equivalent value, targeted financial sanctions related to proliferation financing, and the prevention of misuse of legal persons and arrangements.”
Russian private lender Sovcombank has been blocked by western sanctions from purchasing Uzbek state bank, Uzagroexportbank. Sovcombank was designated by OFAC on February 24th – the day Russia invaded Ukraine and a few days after Sovcombank announced that it had agreed to buy Uzagroexportbank for $4 million.
The Atlantic Council describes how to win the sanctions long game against Russia. Targeting oil revenue with price caps or tariffs is one recommendation, along with the use of targeted sanctions to prevent Russia from converting oil revenues from less liquid foreign currencies into the US dollar or the British pound. Additional export restrictions and stricter sanctions enforcement, including actions against those evading sanctions, are also recommended.
After failing in appeal after appeal to get sanctions against him removed, Russian oligarch Oleg Deripaska is now asking the US Supreme Court to lift sanctions against him. In a petition filed this week, Deripaska argued that OFAC acted outside of its statutory authority when it imposed the sanctions against him. A DC federal appeals court in March rejected his request for removal from the SDN list, finding that US officials had sufficient evidence to impose sanctions against him.
Fraud and Abuse
FiveBy’s Director of Risk Intelligence, was recently quoted in an article by the Organized Crime and Corruption Reporting Project (OCCRP) on the network of proxies and middlemen that are used to obscure involvement in Syrian phosphate imports into Europe. Security firms linked to sanctioned war profiteers and senior figures from US-designated Russian oligarch, Gennady Timchenko’s, Stroytransgaz benefit from the trade. Stroytransgaz denies its companies are involved, but OCCRP and its partners found evidence of several links between Stroytransgaz and firms connected to the Syrian phosphate trade.
In late May, Project Nemesis—a group of “patriotic” Russian hackers—engaged in a campaign to doxx members of the Ukrainian military, secret services, volunteers, and international trainers assisting Ukraine in its fight against Russia’s invasion by publishing photographs and personal details of hundreds of individuals fighting against Russia. The project publishes personal details on social media and uses a Telegram channel which posts multiple times a day, highlighting particular individuals who have been doxxed on the site and encouraging their thousands of followers to mock or harass them.
Russian intelligence operatives were likely responsible for a recent breach of an unnamed organization, resulting in the theft of data that wound up in the hands of XakNet, a pro-Russian “hacktivist” group that has previously denied its government affiliation but has claimed credit for several cyber incidents targeting Ukraine, spreading disinformation and propaganda. Mandiant believes XakNet and a similar group, known as Killnet, which claimed responsibility for the cyber attack on Lithuania this week, have directly coordinated on some of their activities, although whether Killnet is backed by Russian authorities is unclear. Hacktivists are often motivated by political or social causes, rather than financial gain or personal interest, but Russian malign cyber actors’ connections with Russia’s intelligence services are well documented and supported.
A Financial Times report describes a sanctions evasion method using Black Sea commerce to smuggle goods out of Ukraine. According to Ukrainian reports, embargoed Crimean ports—including Sevastopol—are being used to export grain looted from the country. In early June, Russian state media acknowledged that grain was being sent from Melitopol, in the occupied south of Ukraine, to be exported from Crimea.
The FBI has warned of an increase in “deepfakes” using stolen personal information to apply for jobs in the United States, including fake video interviews. Complaints describe the use of voice spoofing, or potentially voice deepfakes, during online interviews, exhibiting deepfake red flags, such as a lack of synchronization between the actions and lip movement of the person seen interviewed on-camera. Europol also warned in April, that deepfakes could soon become a tool that cybercrime organizations will regularly use in CEO fraud, to tamper with evidence, and to create non-consensual pornography.
Gazprombank is being used to pay Russian soldiers deployed to Ukraine their wages and bonuses. The bank is connected to state-controlled natural gas monopoly Gazprom and is the third-biggest bank in Russia, after Sberbank and VTB. It is also the only bank of the three that has not been sanctioned because EU countries continue to use the bank to pay Russia for natural gas—a major source of revenue for the assault on Ukraine.
An online influence campaign that is attempting to use Facebook and Twitter to stoke environmental protests against companies in the West that mine and process rare-earth elements is being executed by a group that promotes China’s political interests, code-named Dragonbridge. China is working to hinder US and other western efforts to better and more efficiently mine and process the minerals to maintain its dominance in the rare-earth minerals market, but so far analysts say Dragonbridge’s efforts have not been successful.
LockBit ransomware affiliates are tricking victims into infecting their devices by disguising their malware as copyright claims. The recipients of these emails are warned about a copyright violation, allegedly having used media files without the creator’s license, demanding that the recipient remove the content from their websites, or face legal action. The emails tell the recipient to download and open an attached file to view the infringement content.
A report on Putin’s “dacha” on Lake Ladoga shows involvement by companies closely tied to LLCInvest—a group of firms built around US-designated Bank Rossiya that holds numerous assets linked to Putin. An investigation by media channel, Dozhd, in 2016 revealed that the building and surrounding land belonged to several companies owned by US designated oligarch and close Putin ally, Yuri Kovalchuk, who is also the major shareholder of Bank Rossiya. OCCRP obtained thousands of leaked emails from two construction companies in charge of developing the land surrounding the building, which detail how the LLCInvest companies work together.
Prince Charles has apparently accepted suitcases and shopping bags filled with cash from Sheikh Hamad bin Jassim bin Jaber Al Thani of Qatar. Clarence House insisted that “all the correct processes were followed” in terms of the cash deposits, but Charles was believed to have used his influence to get the Qataris to pull out of the redevelopment of a high profile site in Chelsea called Chelsea Barracks, making the “donations” somewhat suspicious. The Prince promises to stop accepting cash donations on behalf of his charities.
Switzerland’s Federal Criminal Court has convicted Credit Suisse and its former employee of failing to prevent money-laundering. The judges ruled on whether Credit Suisse and the former employee did enough to prevent an alleged Bulgarian cocaine trafficking gang from laundering profits through the bank from 2004 to 2008. Both the bank and the employee denied any wrongdoing.
Wealth manager and banking group UBS will pay $25 million to settle fraud charges relating to its options trading strategy, “Yield Enhancement Strategy (YES).” YES was marketed to about 600 investors from February 2016 through February 2017, but UBS did not provide its financial advisers with adequate training and oversight in the strategy. Although UBS recognized and documented the possibility of significant risk in those investments, it failed to share this data with advisers or clients.