Shell Companies as an Enabler of Export Control Violations

How Financial Institutions Can Adapt their Money Laundering Controls to Counter Unlawful Trade

📅 January 8, 2025

“On Monday July 8, 2024, a Russian Kh-101 cruise missile struck Kyiv’s largest children’s hospital, Okhmatdyt Children’s Hospital… [These missiles] could not be made or fired without electronics from U.S. manufacturers, including semiconductors… The export of these and other semiconductors to Russia has been subject to a host of increasing restrictions since Russia launched its war in Ukraine in 2022. Yet, more than two years later, they still continue to appear in Russian weapons…” – The U.S. Technology Fueling Russia’s War in Ukraine, United States Senate, September 2024

Shell Companies: History Repeats

Shell companies are incorporated entities without independent operations, significant assets, ongoing business activities, or employees. While shell companies are not illegal, they are a well-established method to obscure the source, destination, and/or purpose of financial flows and traded items, and are used by money launderers, sanctions evaders, tax evaders, and other illicit actors.

The use of shell companies, especially those in Hong Kong, to enable export control violations is not new. It has been the subject of other investigations by the New York Times and the Royal United Services Institute, and was highlighted by the United States Bureau of Industry and Security (BIS) in an advisory in August 2024.

Regulatory Intent

BIS administers the United States’ Export Administration Regulations (EAR), which are the restrictions applicable to “dual-use” items, meaning goods, software, and technology which can be used for both military and civilian applications.

BIS’s jurisdiction is extensive and extra-territorial – and it has shown increasing focus on the responsibility of financial institutions not to finance unlawful trade (EAR General Prohibition Ten). This means that financial institutions globally would be well-advised to ensure they have an effective export control compliance program in place.

One challenge often raised by financial institutions is that, in contrast with an exporter, a bank usually has significantly less information available about the item, the end use, and end user. This results in a “disconnect” between regulatory expectations and the availability of the information banks need to fulfil those expectations.

The use of shell companies by illicit procurement networks provides a foothold for banks to take effective action.

Shell Companies: Actions Financial Institutions Can Take

Since shell companies are an established methodology used by illicit actors, existing financial crime controls – configured to detect the misuse of shell companies for money laundering, for example – can also identify shell companies which are potentially being used for export control evasion.

Red flags that can be used to identify shell companies include:

There are a high number of companies registered at the same address. This may indicate “mass registrations” of companies to use as shells.
The company address is the same as an entity listed on BIS’ restricted parties list, such as the Entity List, or equivalents in other jurisdictions, or other watchlists.
The company does not have a website or other business presence.
The company is registered in a jurisdiction where this is a high risk of misuse of shell companies or is a secrecy jurisdiction. Sources of up-to-date information on risks include advisories issued by national regulators or global standard setters,
The company is dormant for an extended period.
The transactions are unusually large compared with the company’s stated business, or the company’s transactional history consists of isolated large transactions, rather than the ongoing activity expected of a legitimate business.
Directors of the company hold an unusually high number of directorships.
The age of the beneficial owner is improbably young or old. This may indicate that the beneficial owner is a “straw person” rather than a real owner.

When a potential shell company is identified, it should be investigated further. To ensure this investigation includes consideration of potential misuse for export control violations, compliance teams should be provided with training specific to export control typologies and red flags.

This will ensure that a financial institution fulfils its responsibilities to prevent restricted components from being acquired and misused, and also has the advantage of demonstrating the bank’s commitment to fulfilling its regulatory requirements.

“What you find is there’s never just one cockroach in the kitchen when you start looking around.” – Warren Buffett

Upcoming Webinar

Join our upcoming webinar to learn more how export control compliance requirements have intensified in 2024 and the outlook for 2025.

Explore the Agenda and Register

Recommended Blogs

Toward a Financial Integrity Risk Management Program

December 19, 2024

This article explores the commonalities between AML, sanctions compliance, ABC, fraud risk management, and export control compliance programs and recommends that organizations consider using a holistic financial integrity risk management and compliance framework.

Safeguarding Trust – How to Balance Innovation and Security in Gen AI-Powered Compliance

December 12, 2024

This article explores how privacy-first architecture, robust guardrails, and source transparency can build trust while ensuring responsible AI deployment in compliance solutions.

Webinar Recap – The Dos, Don’ts & Expert Insights on Beneficial Ownership

December 10, 2024

In our recent webinar, regulatory, investigative, and anticorruption policy experts discussed some of the nuances relating to the U.S. Corporate Transparency Act (CTA) and its Beneficial Ownership reporting requirement. Explore the highlights in this article.

A Tipping Point

December 5, 2024

Learn how gen-AI is reshaping the industry and how tools like AskFIN, IFI’s gen-AI-powered financial crime assistant, are leveraging authoritative resources and privacy-first architecture to drive meaningful innovation.

Risky Convergences

October 28, 2024

New digital solutions in money laundering and underground banking have facilitated the expansion of the criminal business environment in Southeast Asia, integrate billions of criminal proceeds into the formal financial system and enabling the growth of new criminal organizations.

A PEP Talk

October 24, 2024

Politically exposed persons are individuals who, due to their positions of power, influence, or proximity to government, are susceptible to becoming involved in corruption, bribery, or other financial crimes. And because moving and hiding misappropriated assets often involves money laundering, financial institutions across the globe are tasked with the challenge of identifying and managing these risks.

Beneficial Ownership: Who Owns What?

October 17, 2024

U.S. efforts to curb illicit finance are in full swing, as the requirement to reveal the beneficial owners of certain entities registered or operating in the United States came into effect this year. In this article, we explore key requirements, benefits, and deadlines as well as address some of the concerns organizations may have about the new regulation.

Exploring the Balance of Innovation & Responsibility

September 24, 2024

In our recent webinar, industry leaders examined the intricacies of leveraging AI responsibly to enhance compliance strategies while safeguarding data privacy and ethics. Featuring a panel of industry experts including Shannon Barnes, Ajit Tharaken, and Catherine Woods, this blog post summarizes the key insights shared during the event.

Elevating Defenses

August 22, 2024

Dive into the cutting-edge strategies that financial institutions are implementing to combat the evolving threat of AI-driven fraud. From deploying advanced detection technologies to fostering robust networks of allies, learn how the financial sector is bolstering its defenses against sophisticated scams like deepfakes and biometric fraud.