The Ghost in the Shell

Shell companies: how they are misused in illegal trade 

Shell companies—businesses that have legal structures but no real operations or assets—have been extensively used in money laundering, proliferation financing, sanctions evasion, tax evasion and other types of financial crime, according to the Financial Action Task Force (FATF), the US Financial Crimes Enforcement Network (FinCEN) and Europol. Although shell companies have legitimate uses and are not by definition illegal, they are often used in attempts to obscure the sources, destinations, purposes and beneficiaries of illicit financial flows. 

Shell companies are appealing to criminal organizations because they involve minimal resources to set up and operate—and when authorities identify one company as being linked with illicit activity, a new one can be quickly opened, frequently with the same owner or at the same address. Often, a corporate-services provider will assist with setting up and administering the company, permitting multiple companies to be registered at the service provider’s address. 

There is now evidence that shell companies are increasingly being used for strategic trade-control violations, too. An investigation by The New York Times identified that since 2022, nearly $4 billion of restricted semiconductor chips have entered Russia from more than 6,000 companies, many through a group of shell companies in Hong Kong. 

This is good news for financial institutions. Why? It indicates that strategic trade-control evasion activities flow through the same financial channels and use the same methodologies as other illicit financing. And the implications of this are that existing controls—configured to detect the misuse of shell companies for other financial crimes—will also catch export-control-related activities in their nets. 

A landmark step: targeting shell companies’ addresses 

On August 23, 2024, the United States’ Bureau of Industry and Security (BIS) announced that it would target the use of shell companies to evade export controls. This reinforced the Bureau’s earlier announcement in June targeting shell companies and its increasing regulatory trend of focusing on financial institutions’ responsibilities to prevent and detect the financial flows associated with export-control violations. 

“The BIS [Bureau of Industry and Security] is targeting the shell company service industry by creating a new regulatory framework for listing addresses on the Entity List that present a high risk of involvement in unlawful diversion… BIS is adding eight addresses in Hong Kong to the Entity List and, going forward, any company that uses the addresses identified in this new rule… will be faced with restrictions.” – Bureau of Industry and Security, June 2024 

The BIS maintains an entity list that specifies foreign persons, entities and governments that are subject to licensing requirements for controlled items. 

In a landmark step, recognizing the transmutability of shell companies, the BIS listed addresses on its entity list for the first time in June 2024—specifically, eight addresses in Hong Kong that have been widely used for shell companies involved in export-control violations. The objective is to make it harder for shell companies, which can easily change their names or use multiple corporate identities, to find corporate-services providers willing to allow their addresses to be used for unlawful trade. The BIS reinforced its targeting of shell companies with a subsequent announcement on August 23, 2024, adding shell companies’ addresses in Türkiye to its entity list. 

The BIS’s landmark focus on shell companies’ addresses, rather than only their names, represents a model for other regulatory authorities and businesses involved with international trade to identify illegal trade and other types of financial crime. 

What actions must financial institutions take? 

In the context of unlawful trade, financial institutions may have limited information about the trade being financed. However, intersections between the methods used to evade trade controls—such as the use of shell companies—mean that existing financial-crime measures can detect strategic trade-control evasion, too. This detection is just the first step in effective action. 

To ensure that these initial “red flags” are actioned appropriately, investigators must be trained on strategic trade controls and typologies, which are often different from more well-known indicators of money laundering or sanctions evasion. 

For example, an investigation or enhanced due diligence for trade-control violations should include a review of entities against publicly available lists, such as the Trade Integrity Project (TIP). The TIP is built on global trade data, filtered to show transactions involving “common high priority”⁸ (CHP) items. These are items identified through multilateral agreements between the United States, the United Kingdom, the European Union and Japan as critical to Russia’s military production of precision-guided weapons. Entities that trade in CHPs—or have done so in the past—could be at higher risk for strategic trade-control violations. A closer analysis of the customer’s profile, products, markets and transactions will be required to identify any reasons for concern—or determine that its trade is legitimate. 

Additionally, measures such as the BIS’s use of addresses—rather than only entity names—should be incorporated into financial institutions’ screening and due-diligence processes. An address identified as associated with an illegal procurement network may be a useful red flag that other entities at the address are involved in money laundering, sanctions evasion or other financial crimes. 

The measures above comprise a starting point for the required enhancements to a firm’s compliance program to ensure that it encompasses strategic trade-control violations, and they provide a foundational step in ensuring a firm does not unintentionally finance illegal trade.