Counterproliferation Finance Detection and Deterrence

What Can Financial Institutions Do?

📅 April 23, 2024

Proliferation Financing a National Security Threat

The Justice Department in late 2022 charged two companies and six individuals for allegedly selling and exporting powerful dual-use technologies to Russia, including a high-precision export-controlled item that can be used for Russia’s nuclear proliferation. Some of the electronic components purchased by the network and sold to sanctioned Russian end-users were discovered in Russian weapons platforms on the Ukrainian battlefield. The case highlights how illicit actors use deceptive practices to mislead financial institutions into participating in schemes to send critical military equipment and dual-use technologies to military end-users in Russia.

According to court documents, Germany-based Russian national Yury Orekhov was part-owner, CEO, and Managing Director of Nord-Deutsche Industrieanlagenbau GmbH (NDA GmbH), a privately held industrial equipment and commodity trading company located in Hamburg, Germany. Artem Uss, the other owner of NDA GmbH, is the son of the governor of Russia’s Krasnoyarsk Krai region. Svetlana Kuzurgasheva served as the CEO of one of the scheme’s shell companies and worked for NDA GmbH under Orekhov.
Using NDA GmbH as a front company, Orekhov and Kuzurgasheva sourced and purchased sensitive military and dual-use technologies from U.S. manufacturers, including advanced semiconductors and microprocessors used in fighter aircraft, missile systems, smart munitions, radar, satellites, and other space-based military applications.
The defendants routed funds for NDA GmbH’s illicit activities through U.S. financial institutions and correspondent bank accounts. To facilitate these transactions, Orekhov and his co-conspirators used fictitious companies, falsified “know your customer” documentation, and exploited bank accounts in high-risk jurisdictions, according to the Justice Department press release.

In its 2024 National Proliferation Financing Risk Assessment, the U.S. Treasury identified proliferation networks operating on behalf of Russia, North Korea, China, Iran, Syria, and Pakistan as threats to U.S. national security. These networks exploited the U.S. financial system to finance the proliferation of weapons of mass destruction (WMD), including financing to procure WMD components and raising revenues to support efforts by these state actors to advance their WMD activities. Treasury identified Russia and North Korea as the highest-risk threat actors because of the scope and sophistication of their efforts.

Because of heavy battlefield losses Russia has experienced since it began its full-scale invasion of Ukraine in early 2022, Moscow has engaged with close partners to replenish its stocks of conventional weapons. Those losses have also increased Russia’s reliance on its nuclear, cyber, and space capabilities to maintain deterrence and project power globally, according to the Treasury assessment.

North Korea since 2022 has continued to augment its WMD capability, including testing of multiple types of intercontinental ballistic missiles (ICBMs), according to the Director of National Intelligence (DNI) 2024 Threat Assessment. North Korea remains dedicated to expanding its nuclear capability, as well as enhancing its conventional missile capabilities, and will use both its offensive cyber capabilities and conventional trade control and sanctions evasion methodologies to steal and launder billions of dollars in cryptocurrencies to fund its WMD programs.

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) in concert with the Republic of Korea in late March 2024 designated six individuals and two entities based in Russia, China, and the UAE that generate revenue and facilitate financial transactions for North Korea. The DPRK uses overseas representatives of state-owned entities and banks to access the global financial system, according to the OFAC press release.

Non-state actors, such as terrorist groups are also working to acquire WMD capabilities, according to the Treasury risk assessment. The United States in March 2023 released a National Security Memorandum (NSM) on WMD Terrorism and Advance Nuclear and Radioactive Material Security. The NSM seeks to provide a framework to prevent non-state actors from acquiring WMD and related materials. However, Treasury has not assessed that the efforts of non-state actors to acquire WMDs have involved exploitation of the U.S. financial system.

Taking Action

Given the complex nature of the activities to hide proliferation financing, what can financial institutions do? The Financial Action Task Force (FATF) has provided indicators that could denote illicit activity and help financial institutions and other stakeholders identify high-risk customers and transactions. Some of these red flags are common methodologies used in sanctions and trade control evasion, fraud, and other financial crimes.

Transaction involves a person or entity in a foreign country of proliferation concern or that is known for diversion activities.
The customer or counterparty or its address is similar to a party found on publicly available lists of “denied persons” or has a history of export control evasion.
Customer activity does not match business profile, or end-user information does not match end-user’s business profile.
A freight forwarding firm is listed as the product’s final destination.
Order for goods is placed by firms or persons from foreign countries other than the country of the stated end-user.
Transaction involves shipment of goods incompatible with the technical level of the country to which it is being shipped, (e.g. semiconductor manufacturing equipment being shipped to a country that has no electronics industry).
Transaction involves possible shell companies or complex webs of ownership and control structures.
Misleading shipping documentation is provided for the transaction.

Although many of the indicators provided by FATF are also red flags that may denote trade-based money laundering, sanctions evasion, and other financial crimes, when coupled with the involvement of entities in jurisdictions at high risk of diversion or WMD proliferation, these red flags should be closely examined for possible proliferation concerns. The more indicators are present, the riskier the transaction. Financial institutions should monitor these transactions to detect and deter possible proliferation financing.

Conclusion

The size and sophistication of the U.S. financial system makes it particularly vulnerable for exploitation by illicit proliferation networks, and new technologies continue to enable illicit money transfers by malign actors. These actors use a combination of tried-and-true techniques and innovative strategies and technologies to transfer sensitive goods to restricted actors.

To disguise their activity as legitimate commerce, proliferation networks, such as Orekhov’s and Uss’s, use corporate entities to gain access to financial services, including correspondent banking. They also often create multiple front or shell companies in the United States and third-country jurisdictions and falsify documents to move goods and money.
An Iranian and a Chinese national in late 2023 were indicted and charged with a scheme to procure U.S.-manufactured dual-use microelectronics for the Islamic Revolutionary Guard Corps (IRGC) Aerospace Force Self Sufficiency Jihad Organization’s (ASF SSJO) one-way attack unmanned aerial vehicle (UAV) program. According to the DOJ press release, the defendants allegedly used a web of foreign front companies to illegally purchase and export from the United States to Iran dual-use microelectronics that are commonly used in UAV production. The defendants allegedly used entities based in Iran, Malaysia, Hong Kong, and Indonesia to obfuscate the end-destination for the goods. An unwitting French company purchased components from a U.S. company and shipped the components to Hong Kong, where they were reexported to Iran.
Treasury’s assessment also notes DPRK cyber actors target a variety of organizations in the blockchain technology and virtual asset industry, including virtual asset exchanges, decentralized finance (DeFi) protocols, blockchain bridge developers, virtual asset trading companies, venture capital funds investing in virtual assets, and individual holders of large amounts of virtual assets or non-fungible tokens (NFTs). They also seek to exploit CVC mixing activities.

Financial institutions and virtual currency service providers must be aware of the emerging trends used by illicit actors—especially Russia and North Korea—to access restricted technologies and raise revenues for their WMD programs. Closely monitoring risky transactions, researching new proliferation financing methodologies, and putting together pieces of the counterproliferation puzzle will help avoid enforcement actions and secondary sanctions.

Recorded Webinar

Over the past six months, the Russian Federation has vetoed a renewal of UN sanctions against Iran’s ballistic missile and UAV program, as well as a resolution extending the mandate of the UN Panel of Experts monitoring the sanctions on North Korea, while at the same time importing Iranian and North Korean UAVs and ballistic missiles for use in its war against Ukraine.

Russia’s vetoes have effectively dismantled the multilateral sanctions framework on Iran and abolished multilateral sanctions monitoring capabilities for North Korea. Russia’s procurement of North Korean ballistic missiles and Iranian UAVs in Ukraine further heighten proliferation finance and sanctions risk for the private sector.

View Recording

Recommended Blogs

Fake News vs. Real News – The Importance of Media in Due Diligence

May 6, 2024

We exist in an age when mass media outlets are criticized for bias and manipulation, and when foreign disinformation efforts further erode trust in traditional journalism. Confidence in media reports not just as a compliance tool, but also as reliable news sources is likely at near record lows as well. However, adverse media reports are a critical compliance tool that can serve as a springboard for more extensive due diligence research and can help identify potential indicators of sanctions evasion and other financial crimes.

2024 National Proliferation Financing Risk Assessment

April 19, 2024

The U.S. Department of the Treasury published the 2024 National Proliferation Financing Risk Assessment in February 2024 providing an in-depth analysis of the threats and vulnerabilities related to proliferation financing (PF) and highlighting key countries and non-state actors working to gain access to weapons of mass destruction (WMDs) and their components and to conventional restricted weapons and technologies.

Liberating Limits: OFAC Licenses

April 8, 2024

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) safeguards national security and helps advance U.S. foreign policy objectives by administering the U.S. sanctions regime. OFAC’s general and specific licenses serve as key mechanisms for authorizing and regulating certain transactions that would otherwise be prohibited under sanctions programs. The exceptions provided by licenses help businesses and individuals navigate international transactions without violating U.S. sanctions policies.

Golden Visas & Global Graft – How Criminal Actors Exploit Citizenship by Investment Programs

April 3, 2024

While special naturalization programs offered in certain jurisdictions to foreign investors intend to attract foreign direct investment and economic and infrastructure development, these programs can be abused by criminals who seek to launder and conceal proceeds of crime or commit new offences, including financial crimes.

Stuck and Seized – Consequences of Forced Labor

March 26, 2024

Global economies are more interconnected than ever, and human rights abuses can have a profound impact on supply chains and disrupt the flow of goods. Recent deliveries of certain luxury vehicles, such as Porsches, Audis, and Bentleys have been delayed because a small component that links those vehicles with computer networks was produced by a Chinese company linked to forced labor and surveillance of Uyghur populations in China.

Russia Sanctions Evasion Case Study: Viktor Labin

March 18, 2024

When conducting customer due diligence and enhanced due diligence, simple screening for names that may be on sanctions lists is no longer sufficient given the increasing complexity of Russia’s sanctions evasion efforts and the volatile regulatory environment because of Moscow’s aggression against Ukraine. Extra research is necessary to ensure compliance with sanctions laws and adherence with your company’s own risk policies. This research, however, can be complex, and structured analytic techniques and tools are necessary for effective due diligence.

Binging Griselda? Let’s Talk Drug Trafficking Sanctions

March 7, 2024

Netflix’s new series Griselda tells the story of Griselda Blanco. Known as the “Godmother of Cocaine,” Blanco trafficked cocaine from Colombia to Miami from the 1970s to the early 2000s. Despite her criminal activities, Blanco managed to evade law enforcement for many years. There were no sanctions against Blanco at the time, since the Kingpin Act, a U.S. law aimed at combating international drug trafficking and organized crime, was enacted in 1999 after Blanco’s sentencing.

Risky Russia – Government Agencies Warn Businesses of Possible Trouble

March 5, 2024

The US Departments of State, Treasury, Commerce, and Labor in late February issued a business advisory warning firms and financial institutions about the serious legal, financial, and reputational risks of doing business in Russia. According to the State Department’s assessment, Russia’s kleptocratic environment undermines fair competition and the rule of law, exposing businesses to the risk of extortion, appropriation of assets, and US law enforcement action.

Thanks to Russia, Cross-Border Sanctions Collaboration at All-Time High

February 28, 2024

Russia's unprovoked invasion and continued aggression in Ukraine has led to an unprecedented level of collaboration by sanctions stakeholders across jurisdictions, agencies, and sectors. IFI is publishing a series of blogs to highlight this increased collaboration. In this first blog, we take a look at cooperation across borders and most notably by the REPO Task Force and Price Cap Coalition.