To enhance efforts to prevent sanctioned Russian individuals from accessing the global financial system, the Treasury and Justice Departments, along with international partners, this week held the first meeting of the Russian Elites, Proxies, and Oligarchs (REPO) multilateral task force. The task force will work to ensure the effective implementation of the significant sanctions imposed on Russian individuals, firms, and financial institutions after Russia’s invasion of Ukraine by identifying their assets, freezing them, and sharing intelligence that can help participating jurisdictions limit the ability of sanctioned individuals to conceal them. The newly formed Justice Department KleptoCapture task force and the Financial Crimes Enforcement Network (FinCEN), will support the international effort by helping detect and prosecute criminal conduct associated with the movement of illicit assets, sanctions evasion, and associated unlawful financial activity.

These efforts suggest an increased focus on sanctions violations, efforts to hide assets, and other issues that will undermine efforts to hold Russia accountable for its attack on Ukraine. We advise financial institutions and firms in the real estate, high-value arts, precious metals or gemstones, and other vulnerable sectors, to pay particular attention to transactions that employ complex corporate structures and shell companies, examine third parties involved in financial transactions for connections to Russian elites or government officials, and monitor accounts for sudden changes in business activities without an apparent business reason—especially in risky jurisdictions and where new transactions involve virtual currencies and Russian-linked investments or firms.

Read our alert on the REPO task force here.

---

Compliance and Due Diligence

President Biden’s National Security Advisor Jake Sullivan met with China’s top diplomat in Rome this week and warned Beijing that it will face “consequences” if it helps Moscow evade sanctions or provides Russia with assistance in its invasion of Ukraine. China’s foreign minister this week told his Spanish counterpart that his country does not want to be impacted by Western economic sanctions imposed on Russia.

US officials are investigating the ownership of a $700 million superyacht they believe may be linked to Russian president Putin. The captain of the Scheherazade claims that Putin is not the owner of the vessel, has never been on it, and that the yacht is not owned by anyone on any sanctions list. Separately, under recently published Commerce Department rule changes, if more than 25 percent of a plane or a yacht is made of US-manufactured airplane or marine parts, it cannot go to Russia.

The EU has approved new sanctions against Russia targeting the energy, steel, and defense sectors, including Rosneft, Transneft, and Gazprom Neft. This tranche of sanctions also includes a total ban on transactions with some Russian state-owned enterprises linked to the Kremlin’s military-industrial complex and a ban on Russian steel imports that is estimated to affect $3.6 billion worth of products. The package also prohibits EU credit rating agencies from issuing ratings for Russia and Russian companies, which will further restrict their access to European financial markets. The sanctions also freeze the assets of more business leaders who support the Russian state, including Chelsea football club owner Roman Abramovich.

Japan has imposed sanctions on Russian oligarchs, including US-designated Viktor Vekselberg, freezing his assets and those of 11 members of the Duma, and five family members of Yuri Kovalchuk—known as “Putin’s wallet” and personal banker—as well as defense officials and the state-owned arms exporter, Rosoboronexport. Tokyo has also sanctioned Russia’s central bank and seven private banks, as well as various Belarusian individuals and banks and organizations from the country over its support of Russia’s invasion of Ukraine. Japanese sanctions against Russia now cover 76 individuals, seven banks, and 12 entities. Japan is also preparing to take in Ukrainian evacuees, with 47 having arrived since the outbreak of the war and Japanese authorities this week ordered crypto exchanges not to process transactions involving crypto assets subject to asset-freeze sanctions against Russia and Belarus.

The UK this week announced new sanctions against Russia, aimed at further isolating and pressuring the country’s economy. The measures include a ban on exports of luxury goods to Russia and significant import tariffs on goods like vodka, artwork, and antiques. The UK is also denying Russia and Belarus access to “most favoured nation” tariffs for hundreds of exports, depriving them of key benefits of World Trade Organization membership.

OFAC this week added 15 individuals and one entity to the SDN list—most under Executive Order 14024 targeting Russia’s malign activities, as well as under the Magnitsky Act and EO 13405, which blocks individuals who undermine democratic processes and institutions in Belarus. Belarussian president’s wife Halina Lukashenko is now on the SDN list, along with Russian National Guard Director Viktor Zolotov. The Magnitsky Act targets were involved in concealing events surrounding the death of whistleblower Sergei Magnitsky, or were connected to gross violations of human rights against Russian human rights defender Oyub Titiev, who was arrested in January 2018 by officers from the newly designated Kurchaloi District of the Chechen Republic Branch of the Ministry of Internal Affairs of the Russian Federation and charged with possession of drugs—an allegation that Titiev and international human rights organizations claim is false.

OFAC this week sanctioned Belgian gold trader Alain Goetz and his African Gold Refinery (AGR), Ltd, for allegedly contributing to conflict in the Democratic Republic of Congo (DRC). Treasury says Goetz and AGR are key players in Congo’s illicit gold trade–the largest source of revenue for armed groups in the country.

Chinese technology giant Tencent is facing a potential record fine for violations of central bank regulations by its WeChat Pay mobile network. Financial regulators recently discovered that WeChat Pay had lapses in AML compliance, as well as “know your customer” and “know your business” regulations. Tencent’s mobile payments network was also found to have allowed the transfer and laundering of funds associated with illicit transactions such as gambling. The People’s Bank of China uncovered the breaches during a routine inspection of WeChat Pay last year.

US Customs and Border Patrol is detaining merchandise produced or manufactured by Chinese company Li-Ning Sporting Goods at all US ports of entry, based on an investigation indicating that it uses North Korean labor in its supply chain. The Countering America’s Adversaries Through Sanctions Act (CAATSA) prohibits the entry of goods into the United States that are produced by North Korean nationals or North Korean citizens anywhere in the world, unless clear and convincing evidence is provided that no forced labor was used in their manufacture. Therefore, Li-Ning merchandise may be subject to seizure and forfeiture if the company fails to provide evidence that the goods were not produced with forced labor.

Asian energy companies’ continued presence in Myanmar is raising concerns that they could undermine EU sanctions on the country’s state oil and gas company Myanma Oil and Gas Enterprise (MOGE). Pro-democracy forces have urged foreign companies to halt payments to MOGE, which they say help fund military rule in the country. Posco International, the trading arm for South Korean steelmaker Posco, which holds a 51 percent stake in the Shwe gas field off the western coast of Myanmar, claims that halting the gas field would disrupt the fuel supply for power plants in Myanmar and hurt civilians. The United States has not yet imposed penalties aimed at MOGE, but if it were sanctioned, the dollar-based payments to and from the company that now usually pass through US banks would be squeezed. Combined with the EU sanctions, this could prevent MOGE from procuring materials that are necessary to maintain gas fields in the country.

Elizabeth Warren has announced a new bill to block cryptocurrency companies from conducting business with sanctioned companies. The Digital Assets Sanctions Compliance Enhancement Act, introduced with Senators Jack Reed of Rhode Island, Mark Warner of Virginia, Jon Tester of Montana, and others, would allow the President to add non-US-based crypto companies to the SDN list if they support sanctions evasion.

USAA has agreed to pay $140 million after admitting it failed to fix an anti-money laundering (AML) program that authorities said was “rudimentary” and significantly understaffed. FinCEN said USAA’s AML program failed to meet the requirements of the Bank Secrecy Act. The bank in 2018 made a commitment to overhaul its compliance program, including by developing adequate customer due diligence and risk identification processes, but has failed to meet deadlines to do so. USAA also implemented a new compliance system that was too sensitive and flagged an unmanageable number of alerts and cases, creating a backlog of roughly 90,000 alerts and 6,900 cases and highlighting the importance of testing and auditing to ensure a proper, risk-based approach.

Fraud and Abuse

Aleksandr Maslov this week was sentenced for his involvement in a massive international credit card fraud scheme. Between October, 2011 and March 2014, Maslov conspired with several others and worked with Moscow-based hackers to create a credit card billing scheme to fabricate 71 fraudulent online companies to fraudulently charge approximately 119,000 stolen credit cards. To create the fake companies, the members of the scheme obtained more than 200 stolen report cards from the San Juan Unified School District in Sacramento, CA, which had students’ names and social security numbers on them, as well as other personally identifiable information (PII). The defendants used the PII to create fraudulent companies with names designed to sound like real companies, such as “CVS Store,” “Walt Mart,” and “Chevran,” and used those companies to charge stolen American Express credit card account numbers. To transfer the stolen money, they used shell bank accounts held in the names of individuals whose identities had been stolen and accounts in the names of former Russian J-1 Student Visa holders who had returned to Russia after opening multiple bank accounts in California. In total, the members of the scheme billed the stolen credit card numbers for over $3.4 million in unauthorized charges.

Western intelligence agencies are investigating a cyber attack by unidentified hackers that disrupted broadband satellite internet access in Ukraine coinciding with Russia’s invasion last month. Analysts for NSA, French government cyber security organization ANSSI, and Ukrainian intelligence are assessing whether the remote sabotage of a satellite internet provider’s service was the work of Russian-state backed hackers preparing the battlefield by severing communications. The attack on the satellite service began on February 24, just as Russian forces began striking major Ukrainian cities.

Israel experienced the largest ever cyber attack on its government sites this week. The DDos (Digital-denial of service) attack had blocked access to government websites, including the interior, health, justice, and welfare ministries, as well as that of the Prime Minister’s Office. The defense establishment and the National Cyber Directorate have declared a state of emergency in order to study the extent of the damage, while checking strategic Israeli websites and government infrastructure, such as Israel’s electric and water companies, to ensure their security. Iran would be the obvious culprit, but the timing of the attack is conspicuous after Israel stated this week that it would work to ensure Russia does not use the country as a route to evade sanctions.

In addition to relying on bulk cash smuggling, illegal wire transfers, and currency exchange houses, criminals in Mexico are still using one of the oldest ways drug traffickers have used to launder their dirty money: the black market peso exchange (BMPE). The schemes have grown more sophisticated over the decades, but small mom-and-pop operations and stores are still popular BMPE vehicles because they are less sophisticated and more likely to face financial stress, making illicit activities more attractive. They also tend to be more cash intensive, making them attractive means to launder drug proceeds.

The Intercept has reviewed the most recent month of Conti chat logs originating from RocketChat. Russian intelligence services apparently reached out to members of Conti at least once. After the ContiLeaks were published, Christo Grozev, executive director of Bellingcat, tweeted that his organization had been warned that “a global cyber crime group acting on an FSB order has hacked one of your contributors,” and that they were looking for information about Alexey Navalny. Separately, Google’s Threat Analysis Group this week observed a financially motivated threat actor working as an intermediary for the Russian hackers, including Conti. The group, which Google refers to as “Exotic Lily,” sells access to their networks to the highest bidder.

INTERPOL has launched a Financial Crime and Anti-Corruption Center (IFCACC) to fight the increase in sophisticated transnational financial crime. IFCACC will expand and streamline existing initiatives that tackle financial crimes, illicit money flows, and asset recovery by “centralizing the international response to transnational financial crime and corruption.” IFCACC will collaborate closely with the Financial Action Task Force (FATF), FATF-Style Regional Bodies, the Egmont Group of Financial Intelligence Units, law enforcement agencies, and the financial sector to boost joint efforts against financial crime and corruption.