Navigating the Convergence of Sanctions Evasion, Export Control Evasion, and Money Laundering

Illicit actors and their methodologies do not divide neatly into distinct categories such as “money laundering,” “sanctions evasion,” or “export control evasion.” Instead, the networks involved intersect, establishing the illicit equivalents of service provider relationships, informal alliances, and joint ventures. Similarly, there are commonalities in the methodologies used to advance multiple types of illicit activity, such as the use of shell and front companies.

This is not surprising given that the objectives of money launderers, sanctions evaders, and export control evaders are similar: to obscure the real individuals and entities behind financial activity, to disrupt the transactional trail to make it more difficult to follow, and to avoid detection of the individuals and networks involved.

These convergences not only impact the financial system; they involve adversary states and non-state actors. An integrated approach from regulators and financial institutions to protect financial integrity therefore also directly contributes to defense and national security, enabling organizations to respond strategically to hybrid geopolitical threats.

Russia’s procurement of drone components

In Russia’s ongoing war against Ukraine, drones have emerged as critical weapons. Russia has sought western-made components for their quality and reliability. In 2022, analysis by the UK-based think tank Royal United Services Institute (RUSI) found that of 450 components found in Russian military systems, such as drones, 318 (71 percent) appeared to have been made by U.S. companies, many of them subject to export controls.¹

More recently, in 2024, a New York Times investigation found that since Russia’s further invasion of Ukraine 2022, nearly $4 billion in export-controlled semiconductor chips had flowed into Russia from more than 6,000 companies including U.S. manufacturers such as Advanced Micro Devices and Intel.² In response, OFAC has designated Russian entities and individuals involved in drone and weapon production.³ To support Russia’s illicit procurement activities, shell companies are often used, along with distributors in countries such as China, Hong Kong, Turkey, and India, and transshipment hubs in the UAE, Turkey, and Morocco.

This unlawful acquisition is not just a concern for exporters; the transactions that finance this unlawful trade are often processed through American financial institutions. In July 2024, Denis Postovoy, a Russian national and resident of Sarasota, FL, was charged with procurement and illicit export of microelectronics to Russia.⁴ The microelectronics had both civil and military applications, including use in drones. U.S.-based companies and distributors of semiconductors and electronic components were also charged.

Banks servicing clients in industries that are at a higher risk of being targeted by illicit procurement networks need to ensure their compliance programs effectively detect and manage the risks.

The U.S. Departments of the Treasury, Commerce, State, and Justice have issued joint advisories with red flags for disrupting illicit procurement networks and abuse of the U.S. financial system.⁵ These red flags indicate the intersection of money laundering, evasion of export controls and sanctions, and those identified during due diligence, ongoing monitoring, or investigations include:

Customer received low volumes or no restricted exports prior to February 2022 (Russia’s further invasion of Ukraine and the imposition of sanctions) but restricted exports commence or increase after that date.
Customer address is on the BIS Entity List (which includes addresses as well as entity names), matches the address of a sanctioned entity, or is associated with money laundering or illicit activity – even if the client entity name is not specifically sanctioned or listed.
Entities that are newly established shortly after either another company in the same corporate group, or the same associated individuals, were added to a sanctions or export controls list. Update: For more details on the BIS 50% (Affiliates) Rule and how it applies to subsidiaries and related entities, refer to The BIS 50% Rule: Closing a Gap in Our Export Control Defenses.
As sanctions and export controls have increasing effect, supply chains for Russian weapons and components are increasingly pivoting towards Iran and China.⁶

Iran’s evasion networks

Iran has strong economic and military ties with both Russia and China. Its role in supplying UAVs to Russia for its war on Ukraine was recognized in a Financial Crimes Enforcement Network (FinCEN) Advisory issued on June 6, 2025.⁷ Iran sources key components for its UAV program from China, funding them with revenues from oil smuggling and other illicit activities. China is also the largest importer of Iranian oil. As with Russian procurement networks, there are touchpoints with the U.S. financial system, particularly correspondent banks.

In April 2025, the Department of Justice indicted Iranian nationals Hossein Akbari and Reza Amidi, as well as an Iranian company, Rah Roshd Company, for conspiring to procure U.S. technology for use in Iranian UAVs.⁸ The charges allege that the individuals used front and shell companies to acquire components in Mohajer-6 drones, which are used by Russia against Ukraine. These cases highlight Iranian illicit procurement methodologies, including the use of shell and front companies, links to high risk geographics, and repeated and systematic attempts to evade sanctions. Red flags for financial institutions include:

The shell companies were based in the UAE, and payments were processed through U.S. correspondent bank accounts.
Other Iranian procurement networks used front companies based in Hong Kong and China to procure U.S.-origin components used in UAVs in breach of sanctions.⁹
When one group of companies is sanctioned, new companies are set up to continue the illicit acquisitions.¹⁰

To evade sanctions, Iran also uses third-country exchange houses and trading companies. The exchanges houses convert foreign currency into U.S. dollars, relying on correspondent banking relationships to access the U.S. financial system. The dollars are delivered to regime personnel or proxies outside Iran to facilitate movement of commodities or procurement of restricted components.¹¹ These laundered funds provide the financing for sanctions and export control evasion, as well as being the direct evasion of economic sanctions.

China’s acquisition of restricted chips

China supplies components for Iran’s missile and UAV programs, as described above.¹² However, this represents just one focus of China’s procurement and diversion networks. China also seeks high-performance western chips for its own military modernization programs “to improve the speed and accuracy of its military decision making, planning, and logistics, as well as of its autonomous military systems…” and to “improve calculations in weapons design and testing including for WMD [weapons of mass destruction], such as nuclear weapons, hypersonics and other advanced missile systems, and to analyze battlefield effects.”¹³ One particularly significant application of these chips is their use in Artificial Intelligence (AI).

Chips manufactured using U.S. technology have superior performance, a larger supply, and a more mature software ecosystem compared with chips legally available to Chinese AI labs.¹⁴ According to a New York Times investigation in 2025, Chinese State-affiliated entities, including those subject to sanctions, have purchased restricted chips at scale. The investigation identified that of the 136 Chinese companies listed as partners by U.S.-based electronics manufacturer Nvidia, at least 24 have had procurement contracts with the Chinese military or are partly owned by defense contractors or organizations on the BIS Entity List.¹⁵

In October 2022, BIS imposed export restrictions specifically focused on advanced chip acquisition by China. Since then, it has imposed additional restrictions and published guidance for industry. For example, in May 2025, BIS published red flags which can potentially be identified by financial institutions during due diligence, ongoing monitoring, or investigations.¹⁶ These include:

Customer that had not received exports of advanced computing chips and/or commodities containing them prior to BIS imposing export restrictions (October 2022) or they received exports but there was a significant increase after October 2022.
Customers, either domestic or foreign, that have a residential address and provide no alternative location where the advanced computing chips or commodities containing them would be used, and where the quantity is inconsistent with individual/personal use.
Data center that receives chips or commodities containing them either does not or cannot affirm it has the infrastructure (e.g. power/energy, cooling capacity, or physical space) to operate the advanced computing.

The response: convergence of AML, sanctions, and export control regimes

Leading U.S. regulators responsible for AML (FinCEN), sanctions (OFAC), and export controls (BIS) are collaborating increasingly closely, as demonstrated by a marked increase in joint industry guidance and coordinated administrative and enforcement actions.

Over the past five years the Treasury and Commerce Departments have issued joint guidance documents 15 times on national security and foreign policy issues of mutual concern, often jointly with other relevant agencies. Prior to that there are no such joint Treasury and Commerce guidance documents on record. (See Exhibit 1: Joint Guidance Published by the U.S. Departments of the Treasury and Commerce for the table of joint guidance documents published between July 1, 2020 and May 1, 2025.)

Speaking about how BIS is working with Treasury and other federal agencies, Matt Axelrod, former BIS Assistant Secretary for Export Enforcement stated:

“The cooperation with Treasury has been unprecedented. This is especially true with FinCEN. The joint alerts issued by FinCEN and BIS, which I believe is the first time that FinCEN has released a joint alert with another agency, not only contained the key terms, but also provided red flags for financial institutions to monitor. Additionally, we have released several guidance documents in collaboration with OFAC, and in some cases, jointly with both OFAC and the Department of Justice.”

Enforcement is also increasingly a joint action between U.S. regulators. For example:

On August 23, 2024, OFAC and BIS announced¹⁷ coordinated actions to further disrupt Russia’s international supply chain, counter evasion, and degrade Russia’s wartime economy;
On January 17, 2025, OFAC and BIS imposed $2.5 million in combined civil penalties against Haas Automation, Inc. for alleged and apparent violations of U.S. sanctions and export control laws;¹⁸ and
On May 1, 2025, OFAC targeted¹⁹ a major Mexican cartel involved in fentanyl trafficking and fuel theft concurrent with an alert²⁰ published by FinCEN on oil smuggling schemes associated with Mexico-based cartels.

Exhibit 1 – Joint Guidance Published by the U.S. Departments of the Treasury and Commerce

Date	Government Entity	Guidance Document
July 1, 2020	– Treasury Department – Commerce Department – State Department – DHS	Xinjiang Supply Chain Business Advisory
September 1, 2020	– Treasury Department – Commerce Department – State Department	North Korea Ballistic Missile Procurement Advisory
July 16, 2021	– Treasury Department – Commerce Department – State Department – DHS	Risks and Considerations for Businesses Operating in Hong Kong
January 26, 2022	– Treasury Department – Commerce Department – State Department – Labor Department – DHS – USTR	Burma Business Advisory
June 28, 2022	– FinCEN – BIS	FinCEN and BIS Issue Joint Alert on Potential Russian and Belarusian Export Control Evasion Attempts
March 2, 2023	– Treasury Department – Commerce Department – Department of Justice	Cracking Down on Third-Party Intermediaries Used to Evade Russia-Related Sanctions and Export Controls
May 19, 2023	– FinCEN – BIS	Supplemental Alert: FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security Urge Continued Vigilance for Potential Russian Export Control Evasion Attempts
June 9, 2023	-Treasury Department – Commerce Department -Justice Department -State Department	Guidance to Industry on Iran’s UAV-Related Activities
July 26, 2023	– Treasury Department – Commerce Department – Department of Justice	Voluntary Self-Disclosure of Potential Violations
September 26, 2023	– Treasury Department – Commerce Department – State Department – USTR – Labor Department – DHS	Xinjiang Supply Chain Business Advisory Addendum
November 6, 2023	– FinCEN – BIS	FinCEN and the U.S. Department of Commerce’s BIS Announce New Reporting Key Term and Highlight Red Flags Relating to Global Evasion of U.S. Export Controls
December 11, 2023	– Treasury Department – Commerce Department – Justice Department – DHS – State Department	Know Your Cargo: Reinforcing Best Practices to Ensure the Safe and Compliant Transport of Goods in Maritime and Other Forms of Transportation
January 26, 2024	– Treasury Department – Commerce Department – State Department – Labor Department – USTR	Supplemental Burma Business Advisory
March 6, 2024	– Treasury Department – Commerce Department – Department of Justice	Obligations of foreign-based persons to comply with U.S. sanctions and export control laws
July 16, 2024	– FinCEN – OFAC – FBI	FinCEN, OFAC, and FBI Joint Notice on Timeshare Fraud Associated with Mexico-Based Transnational Criminal Organizations
September 6, 2024	– Treasury Department – Commerce Department – State Department – Agriculture Department – DHS	Amendment to the July 2021 Business Advisory on Risks and Considerations for Businesses Operating in Hong Kong
May 1, 2025	– FinCEN – Alert issued in coordination with OFAC, DEA, FBI, and HSI	FinCEN Alert on Oil Smuggling Schemes on the U.S. Southwest Border Associated with Mexico-Based Cartels

Best practices for financial institutions

As the methods used by illicit actors intersect and regulators take an increasingly joint approach, financial institutions must equally adapt their internal organizational structures to align with this direction. AML, sanctions, and export controls, can be more effectively be managed with a unified approach:

Sanctions compliance programs, which have traditionally been defined by absolutes such as published lists to be screened, frozen assets, trade restrictions, and strict liability for those who do not comply, are now encouraged by OFAC to be implemented using a risk-based approach²¹ similar to that used to manage financial crime risks.
AML frameworks, which were accelerated by post 9/11 law enforcement and regulatory requirements, are based on principles of transparency, accountability, and traceability — and now encompass national and financial security.
Export regulators, who have historically focused on exporters and traders rather than financial institutions, now expect banks to integrate export control compliance into controls such as customer diligence, post-transaction monitoring, and real-time screening — traditionally elements of AML and sanctions compliance.²²

According to regulations and guidance from FinCEN, OFAC, and BIS, the essential elements of effective AML, sanctions compliance, and export compliance programs overlap significantly. These commonalities exist despite the different origins, purposes, and evolution of each field. Many financial institutions already apply unified controls to identify and manage illicit finance risks. For example, the client due diligence process applied during onboarding should assess and measure money laundering, sanctions, export control, and other illicit finance risks.

When developing the financial crime compliance program, institutions should integrate consideration of AML, sanctions, export controls and other illicit finance risks rather than considering each as a separate program. In addition to more effectively countering financial crime and complying with sanctions and export controls there can also be operational efficiency and cost advantages by avoiding duplication.

Some of the key steps an institution can take to specifically address convergence include:

Establish a “culture of cooperation” alongside a “culture of compliance” to ensure that the compliance department coordinates and communicates internally, between specialists in different illicit finance domains.
Educate stakeholders, including senior stakeholders, on convergence i.e. that networks intersect and that red flags for one type of illicit finance may be used as “entry points” into wider networks, and ensure that organizational structures are unified rather than siloed.
Adapt and apply existing controls to address new risks, while maintaining efficiency. For example, add addresses and entities from the BIS Entity List to existing screening tools, using either internally developed or commercial datasets — while also recognizing the differences. An example of these differences are that transactions with OFAC-listed sanctioned entities are generally prohibited whereas BIS-listed entities require a more nuanced assessment of the end use, end user, and license requirements for exports.
Provide training on AML, sanctions, and export controls across the institution to provide a consistent baseline of knowledge. For each illicit finance domain, the training should be customized by team and function to increase relevance and improve the effectiveness of the team. For example, a trade finance team would be well-positioned to identify red flags for sanctions and export control evasion in trade documents, whereas a branch staff member would be able to identify attempts by cartel money mules to structure transactions to launder money and evade sanctions.
Ensure the program remains integrated rather than fragmented when responding to new threats and typologies. For instance, when reviewing a sanctions-related advisory, alert, or enforcement action to enhance the institution’s controls and processes, consider whether there are implications for AML and export compliance.
Embrace innovative compliance solutions: Adopt data analytics and technology solutions to enhance forward-looking identification of unusual activity of all types, rather than relying solely on backward-looking indicators. Share outcomes and lessons learned across industry and sectors.

Conclusion

As illicit actors and their activities increasingly intersect, and as regulators adopt an increasingly joint approach to regulation and enforcement, institutions must also engage with this convergence and adapt their counter illicit finance programs accordingly. This will ensure they effectively and efficiently counter money laundering, sanctions evasion, export control evasion, and other illicit financing – minimizing gaps in financial integrity protections, while also minimizing duplications and associated inefficiencies. By doing this, institutions will not just protect the integrity of the financial system, they will also fulfill their national and collective security responsibilities.

Endnotes

Danny McGlynn is the President and Chief Integrity Officer of the Institute for Financial Integrity (IFI), a Washington, DC.-based entity dedicated to protecting the financial system from illicit use and combating threats to collective security through cutting-edge research, education, and training. Prior to IFI, Danny was a senior managing director at K2 Integrity’s DC office (formerly known as Financial Integrity Network) for nearly four years, responsible for leading the company’s online training business. Prior to joining K2 Integrity, Danny served for more than 20 years with the U.S. Department of the Treasury, where he held a variety of positions at the Office of Foreign Assets Control(OFAC) and the Office of Intelligence and Analysis (OIA), including as the Principal Deputy Assistant Secretary (PDAS) of OIA. He holds a J.D. from George Mason University School of Law and an M.A. in International Studies from Florida International University.

Catherine M. Woods is an Associate Managing Director at the Institute for Financial Integrity where she leads capacity-building initiatives on countering narcotics and fentanyl trafficking, illicit procurement networks and export controls, and emerging technologies including digital assets. Catherine has more than 20 years of experience in senior and specialist positions in global banks and fintechs where her roles have included financial crime intelligence, public-private partnerships, due diligence, and client engagement. She has spoken at Interpol, the National War College, and the Irregular Warfare Initiative, as well as client and industry events. She holds a J.D., certifications in AML and blockchain, and aviation qualifications. For more information, please contact cwoods@finintegrity.org.

Recommended Blogs

OFAC’s 50 Percent Rule

November 12, 2025

This article delves into OFAC’s 50 Percent Rule, common pitfalls, and best practices for avoiding costly mistakes.

October 2025 Sanctions and Export Controls Update

November 5, 2025

Explore this month’s Sanctions and Export Controls Update, highlighting IFI’s take on key developments from Ocotober 2025.

The BIS 50% Rule

October 2, 2025

Under the new BIS Affiliates Rule, any entity at least 50% owned by a listed party is subject to the same export control restrictions as the parent. The objective of the rule is to close a loophole and more effectively counter diversion of sensitive and restricted items.

September 2025 Sanctions and Export Controls Update

October 1, 2025

Explore this month’s Sanctions and Export Controls Update, highlighting IFI’s take on key developments from September 2025.

Laundering Luxury

September 17, 2025

‘Daigou’ buyers purchasing luxury items in the U.S. for sale in China are often funded by Chinese Money Laundering Networks using financial proceeds of cartel activities. Learn how these methods operate, the red flags financial institutions can identify, and the actions to take in response.

Terrorist Drug Trafficking Organizations

September 11, 2025

This article provides background on designated cartels — their geographic reach, how they raise and move money, the risks they pose to financial institutions, and common red flags that may help financial institutions to identify suspicious activity.

FATF’s Recent Risk Map Update

September 5, 2025

FATF’s June 2025 update—new grey list additions and unchanged high-risk jurisdictions mean updated risk scores, stronger due diligence, and sharper monitoring for compliance teams. Here are three actions to take now.