All eyes have been on Russia this week, as talks between Washington and Moscow and NATO and Russia did not produce the desired result of deescalating the tensions on Ukraine’s border. The United States is preparing for escalation, and US intelligence agencies are assessing that Russia is “laying the groundwork to have the option of fabricating a pretext for an invasion.” A few weeks ago, Russian Defense Minister Shoigu claimed that the United States trucks filled with chemical compounds to eastern Ukraine in preparation for a chemical attack and that US paramilitary companies were training Ukrainian troops. Russia’s Pravda propaganda outlet is beating the drums of war, claiming that a nuclear submarine has been spotted near Norway as “provocation” against Russia. Meanwhile–maybe coincidentally and maybe not–Kyiv late last night reported a massive cyberattack against its government websites, featuring a threatening message to the Ukrainian people in Ukrainian, Russian, and Polish:

Ukrainian! All your personal data was uploaded to the public network. All data on the computer is destroyed, it is impossible to restore it. All information about you has become public, be afraid and expect the worst. This is for your past, present and future.

While all this is happening, Ted Cruz’s bill to sanction the natural gas pipeline, Nord Stream 2, has failed in the Senate, as projected, given the Biden administration’s opposition and claims that the legislation would have  endangered transatlantic unity, just as Russia increases its threat posture against Ukraine. Cruz’s legislation garnered support from 55 senators, short of the 60 votes necessary for passage. Democratic leaders, with the backing of the White House, proposed a competing package of sanctions on Wednesday, but that bill does not mandate sanctions against the pipeline, directing instead that the Biden administration periodically reexamine the waiver issued last year for both Nord Stream 2 AG and its CEO, Mattias Warnig. The Democrats’ proposal also seeks to impose a wide array of sanctions on top Russian government and military officials, including President Putin, Russia’s Foreign Minister Lavrov, and banks that until now the US government has avoided blocking, such as Sberbank, Alfa, VTB, and others. The Kremlin claims that sanctions on Putin would be a step too far and would completely break down relations between the two nations, which is why the United States does not normally designate heads of state.

We assess that the Treasury and State Departments have already prepared sanctions packages in anticipation of a Russian invasion. The White House did not telegraph options, but possible sanctions include ejecting Russia from the Society for Worldwide Interbank Financial Telecommunication (SWIFT) international payments system, prohibiting transactions involving Russian sovereign debt, and imposing an embargo on US-produced or designed technology needed for defense-related and consumer industries, just to name a few.

The Biden administration will need to be cautious to ensure coordination with allies. EU nations are concerned about the economic fallout should a split develop with the United States on how strongly to sanction Russia, which we assess is exactly what Putin is counting on—a rift between the United States and our closest allies. The bloc is especially concerned about the impact of even higher energy prices should more significant sanctions against Russia be implemented.

In other sanctions compliance and due diligence news…

Compliance and Due Diligence

The EU will impose sanctions on Mali in line with measures already taken by the ECOWAS group of West African states after China and Russia blocked sanctions against the African country in the UN. The EU move is also a response to the arrival of private military contractors from the US and EU-designated Russian Wagner Group. Russia and China are seeking a stronger foothold in Africa and backing Mali’s junta, which deposed the country’s civilian government last year.

The Biden administration this week imposed sanctions on six North Koreans, one Russian individual, and a Russian firm the White House says are responsible for supporting North Korea’s weapons programs after North Korea fired two short-range ballistic missiles in an apparent reprisal for fresh sanctions imposed by the White House this week. South Korea’s military says the missiles were fired from an inland area in western North Pyongan province, where North Korea is known to operate key missile bases and from which it has been conducting test launches. Hours earlier, North Korea issued a statement threatening stronger and more explicit action if Washington maintains its “confrontational stance.” The United States also proposed that five of those individuals be blacklisted by the UN Security Council, which would need consensus by all 15 members of the North Korea sanctions committee. We assess the UN designation will be challenging, given the fact that Russia and China have been pushing to lift UN sanctions against the hermit kingdom.

The United States has imposed additional sanctions on Bosnian Serb leader Milorad Dodik, as well as two other officials and a television station Dodik controls for “significant corruption and destabilizing activities.” These are the first designations under executive order (EO) 14033, building on the White House’s commitment to hold those who undermine the stability of Western Balkans through corruption and threats to longstanding peace agreements accountable.

In an effort to continue punishing corruption and promoting democracy, the United States and EU have imposed new sanctions on Nicaraguan officials, including the country’s Defense Minister, right before Daniel Ortega, and his wife, Rosario Murillo, were sworn in as president and VP respectively this week, accusing both of human rights abuses and undermining democracy and the rule of law. Treasury accuses the Ortega regime of state acts of violence, disinformation, and targeting of independent media. The State Department also imposed visa restrictions on 116 individuals in Nicaragua, including mayors, prosecutors, university administrators, and police, prison, and military officials.

A UK research group is pushing the government to expand the country’s AML laws to prevent financial institutions from facilitating environmental crimes. Finance for Biodiversity (F4B) says that currently banks and investors enabling illegal deforestation and other crimes are rarely held liable. The nonprofit says expanded AML regulations would force the finance industry to apply more stringent due diligence practices to prevent environmental harm. 

The Financial Action Task Force may soon add the UAE to its “gray list,” subjecting the Emirates to more oversight for shortcomings in combating money laundering and terrorist financing. This is despite the recent UAE government push to enhance the fight against illicit transactions. The designation would be significant given the UAE’s position as the main financial hub in the Middle East. If added, the Emirates would join 23 other countries on the list, including Albania, Syria, Panama, and others that require closer scrutiny because of deficient AML/CFT regimes.

US and European lawmakers this week gathered on Capitol Hill for the inaugural meeting of the Inter-Parliamentary Alliance against Kleptocracy (IPAK), whose objective is to harmonize the West’s approach to countering corruption. Members view corruption as “the uniting force of dictators” — a systemic threat undermining trust in democracy and siphoning trillions of dollars in stolen funds from the global financial system. IPAK was officially formed in December, riding the momentum from the Summit for Democracy and the Biden administration’s recognition of corruption and kleptocracy as core national security interests. The current anti-corruption efforts indicate that US firms and financial institutions should be proactive in examining potential clients and business partners for indicators of misappropriated funds or adverse media reporting about human rights abuses.

Fraud and Abuse

Forty suspects in Turkey have been arrested for allegedly participating in a money laundering scam on the Twitch streaming platform that involved using stolen credit cards to buy Bits–essentially the platform’s virtual currency. The Bits were allegedly sent to streamers, who then refunded the scammers 70-80 percent of the amounts using real money, keeping the rest for themselves. This appears to have been a long-running operation, with an email paper trail going back two years, highlighting the importance of due diligence research on any transactions involving either virtual or real assets and transaction monitoring to prevent tech platforms being used for money laundering and fraud schemes.

More than 1,700 tons of teak have been exported to the United States from Myanmar during the past year, likely in violation of US sanctions on Myanmar’s largest state-owned lumber company, Myanma Timber Enterprise, after Myanmar’s ruling military after seized power in a coup last year. The teak is a highly prized hardwood used in luxury yachts, and the timber trade helps finance human rights abuses and repression in Myanmar, according to Justice for Myanmar, an advocacy group that investigates the business dealings of the nation’s military, the industry . Last year the Tatmadaw, held several auctions to sell hardwood, including teak, from a stockpile of illegally harvested timber seized by the former government. Some of that lumber is believed to have been shipped to the United States through intermediaries.

Privacy platform Signal is working on integrating cryptocurrency payments, starting with MobileCoin, and had announced a test of the integration in the UK scheduled for this spring. Signal is not alone in efforts to add crypto payments to its messaging platform; Facebook has been working for several years to create a new currency and integrate it with WhatsApp and Messenger. What sets Signal’s effort apart, however, is the combination of end-to-end encryption in messaging and a cryptocurrency with privacy features designed to make any transactions anonymous, presenting a significant illicit finance risk and possible secure way to launder money.

Financial institutions are still struggling to spot signs of human trafficking because of resource constraints and the nature of the AML compliance environment. Compliance staff can easily miss the nuances of human trafficking activity because it can appear innocent to the untrained eye. A young woman staying in multiple low-cost hotels around the country, mostly eating late at night at fast food restaurants, and visiting pharmacies several times a week can appear innocent, but coupled with other red flags and individual profiling, suspicious activity indicative of human trafficking can become clear. Compliance staff also need feedback on suspicious activity reports to determine what red flags can be useful for regulators to detect possible human trafficking, highlighting the importance of engaging with expert compliance analysts to help guide these efforts.

The son of notorious radical Muslim cleric Abu Hamza has been jailed for more than three years for his involvement in a money-laundering plot in the UK. Ti-to Ibn-Sheikh created false identities for HSBC bank account holders using information passed to him by an insider at the bank and used those accounts to launder the proceeds from theft and fraud. Ibn-Sheikh (previously known as Mustafa Hamza Kamel) is the son of radical Muslim cleric Abu Hamza, who led the militant Finsbury Park Mosque in the 1990s, was previously jailed in the UK for inciting violence, and was later extradited to New York to serve a life sentence in the United States for terrorism offenses.

Synthetic identity fraud and identity fraud writ large were the costliest kinds of fraud that victimized both e-commerce customers and merchants during the past year. This kind of fraud not only harms merchants, but also creates serious problems for the victims whose identities are stolen to create fictitious accounts. A recent Javelin Research report finds that increasingly, identity-theft victims are children and can involve significant remediation costs. For merchants whose stores are targeted, synthetic identity fraud creates reputational risks, because 84 percent of respondents to a recent survey say they would never transact again with a merchant whose website subjected them to fraud.

In a recent address to the American Bankers Association, Acting FinCEN Director Him Das provided a few clues about how the agency plans to update the country’s AML/CFT regime. FinCEN plans to focus on new threats, reflecting modern national security needs, including strategic corruption; new innovations to understand and leverage new technologies in efforts to update the agency’s tools to battle illicit finance and address the Biden administration’s priorities; and new partnerships, including those in the private sector and local, state, and tribal law enforcement. What does this strategy mean for US firms and financial institutions? Engagement with expert analysts can help determine priorities based on individual risk appetites.

Apparently some criminals are stealing paper checks from post office and personal mail boxes and selling them for Bitcoin. The criminals find filled-out paper checks and sell them for Bitcoin either on the dark web or on social media platforms. The purchasers then use nail polish remover to delete the original payee name and replace it with their own, as well as increase the amount on the checks, stealing thousands of dollars from victims’ accounts. Not only have many banks suffered already, by reimbursing the lost sums, but the identities of victims are also compromised.