Examining Evasion

Sanctioned actors often use common tactics to attempt to evade restrictions. The methods they use are constantly changing in tandem with increased crackdowns on sanctions evasion.

The following are three examples illustrating some of the most common methods illicit actors have embraced to evade U.S. and multilateral sanctions. Understanding them is an important starting point for private sector firms in assessing and responding to their exposure.

Russian Oligarch’s Use of Shell Companies and a Close Associate

Vladimir Voronchenko, a Russian citizen and legal permanent resident of the United States, in February 2023 was indicted for conspiring to evade sanctions, among other charges, by making more than $4 million in payments from his Bahamas-based shell company to maintain four properties owned by his close friend—sanctioned Russian oligarch Victor Vekselberg.

• Prior to his designation in 2018, Vekselberg used a series of shell companies to acquire luxury real estate worth roughly $75 million in the United States.
• Voronchenko, a close friend and business associate of Vekselberg, retained an attorney who practiced in New York to facilitate the acquisition of the properties and to manage the finances of the properties, including by paying common charges, property taxes, insurance premiums, and other fees.
• Prior to Vekselberg’s designation the shell companies owned by Vekselberg sent approximately 90 wire transfers totaling roughly $18.5 million to the lawyer’s account for the attorney to make payments to maintain the properties.
• Immediately after Vekselberg’s designation, the source of the funds used to maintain and service the properties changed, and the attorney’s account began to receive wires from a bank account in the Bahamas held in the name of a shell company controlled by Voronchenko, “Smile Holding Ltd.”

Iran’s Use of Front Companies, Documentary Fraud, and Jurisdictions with Lax Illicit Finance Controls

In March 2019, the U.S. disrupted an extensive sanctions evasion network that had transferred over a billion dollars and euros to, and procured vehicles for, U.S.-designated Iranian government institutions. The network involved a network of front companies in jurisdictions with lax illicit finance controls that relied on fraudulent records to conceal transactions and misrepresent beneficiaries.

• Through a bank controlled by the Iranian Revolutionary Guard Corp (IRGC), the Iranian regime established a layered network of front companies based in Iran, Türkiye, and the UAE to circumvent sanctions, gain access to the international financial system, and exchange devalued Iranian rials for dollars and euros. The bank also used international free zones to establish front companies.
• At the time, Türkiye and the UAE had lax illicit finance controls. The Financial Action Task Force (FATF) in 2019 included the UAE on its Grey List because of illicit finance concerns, and highlighted concerns about Türkiye’s money laundering and terrorism financing shortcomings.

North Korea’s Use of Digital Assets, Front Companies, and Jurisdictions with Lax Illicit Finance Controls

North Korea has used digital assets and cryptocurrency mixers to evade sanctions and help finance its nuclear weapons program, in some cases also utilizing front companies and personnel stationed in China and Russia.

North Korea has utilized cybercriminal groups, such as the infamous Lazarus Group, to conduct large-scale hacks on cryptocurrency exchanges worldwide, stealing millions in digital assets. These assets are then laundered through a series of complex transactions across various blockchain platforms to obscure the funds’ origin. These laundered assets help North Korea finance its nuclear weapons program and evade international sanctions.

• The Lazarus Group uses cryptocurrency “mixers” like Tornado Cash and Blender.io to mask the origin and destination of stolen funds. Mixers blend multiple transactions, making it difficult to trace assets back to their original source. Both Tornado Cash and Blender.io have been designated by the U.S. and called out as tools frequently used in sanctions evasion, specifically by North Korean actors.
• Cyber security researchers have found that the Lazarus Group has used front companies to help deceive victims. For example, in 2019 Lazarus Group hackers created a fake company, “JMT Trading,” along with a website, to convince victims to install what appeared to be a cryptocurrency trading platform. When unwitting users clicked on the link to the “JMT Trading” page to supposedly download the trading software, hackers installed the malware.

According to the U.S. Treasury Department, proceeds from North Korean cyber activities often end up at Chinese financial institutions after being layered using various schemes. In 2021 three Lazarus Group hackers who were at times stationed by Noth Korean government in China and Russia were indicted by U.S. authorities for their alleged involvement in a broad array of criminal cyber activities.