Sanctions Evasion: The Lessons of Ukraine – Part 2

By Matthew Redhead

Sanctions Evasion - Part 2

    Get the latest news and insights sent straight to your inbox

    Part 2: Implications for the Private Sector 

    In a recent blog post, we looked at how Russia has responded to the ever-growing list of western sanctions, following its invasion of Ukraine in February 2022. As the article noted, Russian elites and businesses have demonstrated considerable agility in working around sanctions. In this follow-up article, we look next at the implications for the private sector. Under national sanctions legislation in the US, EU, UK, Canada, Australia and several other jurisdictions, businesses must not facilitate commercial activity with designated Russian individuals or entities, or outside the permitted boundaries of trade in restricted commodities such as oil. However, the commonly available compliance measures used to prevent this happening – screening and transaction monitoring – are not proving adequate to the task. Although such measures remain necessary, they do not provide high levels of comfort about potential exposure, and as a result, businesses need to consider additional approaches using Open-Source Intelligence (OSINT) and appropriate investigative tools.  

    Regulatory Requirements 

    Regulated firms face a variety of requirements with regard to implementing sanctions. Primarily, they must follow local sanctions laws – in all cases those of the UN, and for a growing number of countries and international organisations, their own regimes. Many international businesses will also follow US measures, due to US influence and the threat of secondary sanctions – designations against third parties which have ignored US restrictions. In addition, as part of the Client Due Diligence (CDD) measures mandated by the Financial Action Task Force (FATF), businesses need to identify clients, businesses’ ‘Beneficial Owners’ or BOs (usually those with 25%+ of ownership or control), and ‘Politically Exposed Persons’, or PEPs, or those with close personal connections to such figures. While these latter CDD requirements are not specifically targeted on sanctions evaders, they are intended to help reveal potential client links to high-risks, which may reveal potential sanctions concerns.  

    The Compliance Approach  

    While these regulations do not set out how they should be implemented, they have led to a common set of compliance processes across financial services. As part of CDD, financial institutions will screen prospective or current client names and BOs against PEP and sanctions lists to find matches, screen international transactions to find designated counterparties, and monitor all transactions for unusual patterns of behaviour. In the case of some very small businesses, these tasks are still done manually, but in most financial institutions, the standard approach has been to use automated solutions, with the most advanced of these platforms showing an improving ability to identify designated names and anomalous activity through machine learning algorithms. However, they remain far from fool proof, and the promises of magic and easy solutions via the use of ‘Artificial Intelligence’ (AI) still need to be taken with caution. 

    Challenges for Compliance 

    Indeed, even the best automated screening and monitoring platforms have their limitations. In the first instance, there are good reasons to believe that many name matches and suspicious transaction hits are missed due to gaps and mistakes in data, as well as problems with platform parameters. In parallel, the problem of false positives – identifying mistaken matches and alerts – continues to generate significant costs for businesses who need to invest staff time and resource in resolving them. Even with the advances of automated platforms, industry standards continue to suggest rates over 90% for larger institutions. 

    Further challenges come from the hidden links of designated individuals and businesses. Under US, EU UK and other sanctions regimes, businesses which are 50% plus owned or controlled by sanctioned BOs either alone or in combination, are themselves sanctioned, even if not named in lists. This means that solutions which cannot see down into the structure of a corporate client are likely to miss implicitly sanctioned entities. And even when they do, it is quite possible that they might not be able to identify ownership or control, because the links between the designated individual or entity and those named is not evident in corporate documents. In theory, an implicitly sanctioned business could look completely unaffected based on BO registries and basic corporate data alone. Current automated solutions will also struggle to identify ‘clean skin’ intermediaries and front companies acting as ‘pop-up’ proxies for Russia conducting banned trade.  

    Networks & OSINT 

    There is no sure-fire solution to this problem; however, there are further techniques that can provide firms with both a broader and more nuanced perspective than the one offered by conventional platforms. One tried-and-tested approach that has recently moved from government agencies to the private sector has been the use of social network analytics platforms to detect hidden risks. Using multiple available streams of OSINT – corporate records, news reports, social media, and much else besides – such platforms enrich the basic material available from sanctions designations and watchlists, creating a much clearer intelligence picture of how a prospect, client or counterparty connects to other individuals, businesses and institutions.  

    Such an approach has obvious applications in the current Russian situation: for example, a financial institution may have concerns about a corporate client where a designated oligarch holds an interest, but well below the 50% threshold. Technically this business is not designated – but what about the other BOs? Using sanctions lists and current corporate data alone, they might seem unconnected to the designated party. But by looking at a wider range of material through the power of network analytics, links to extended family, social and romantic connections, past business relationships and shared political associations can be revealed. While these links might not be direct proof of ownership, they can show scope for the designated party’s ongoing concealed control.  

    Using Social Networks 

    Many financial institutions are thus now exploiting social network platforms to understand their rising potential sanctions exposure from Russian designations. Most commonly, firms are embedding social network analysis into their existing processes during CDD reviews of existing high-risk clients with potential Russian links, clarifying connections that might suggest a nexus to sanctions. Social network analytics is also being used to clarify wider risks around screening and monitoring alerts. In the latter instance, OSINT-based networks are being exploited to flesh out the real risks underlying transactions, which might not be obvious in an alert that only highlights unusual or simple suspicious patterns of behaviour, such as large or complex payments. Using a fuller understanding of the contextual intelligence around the transaction than a bald analysis of numbers and names alone can provide, OSINT-based network analytics platforms are helping firms clarify what type of financial crime they might be looking at, whether it be tax evasion, money laundering, or sanctions evasion.  

    Alongside these techniques – and perhaps more powerfully – firms are also using network tools as a proactive way to analyse their client books and counterparties for potential Russian sanctions evasion risk. One commonly used technique has been to identify high risk segments based on key data points in client profiles – such as political connections to the Putin regime, geographic links to former Soviet Union states, etc. – and then explored their wider networks, to clarify potential levels of exposure and evaluate the danger of a future designation.  

    A further method has been to apply Russian sanctions evasion typologies provided by government agencies (see, for example those from the US and Canada) to transactions data to identify groups of clients and counterparties, and then use social analytics to explore the potential hidden relations and background. Some firms have been even more proactive still, using the detail provided in wide-ranging investigative reports, such as those undertaken by the Organized Crime and Corruption Reporting Project (OCCRP) and the International Consortium of Investigative Journalists (ICIJ) seeking to identify potential ‘crossovers’ with their clients.  

    Although the intelligence provided by these investigations is not always decisive in deciding to freeze an account or make a report, it is helping financial institutions make more prudent risk management decisions. With greater insights on client networks with a potential Russian nexus, firms using these techniques are finding themselves better placed to decide whether to take on a client or limit the relationship, as well as be prepared for rapid action in the event of a designation.  

    Final Thoughts 

    This greater level of comfort is one clear benefit from using OSINT to understand sanctions evasion risks, but it is not the only one.  While some financial institutions still see this kind of forward-leaning approach as a ‘nice to have’, this is increasingly not the view of western authorities, which are now encouraging the private sector to ensure that Russia sanctions are comprehensively implemented. As a recent statement from the western countries’ multilateral Russian Elites, Proxies and Oligarchs (REPO) Taskforce noted, regulated financial entities have “a unique role in the international financial system”, which positions them the forefront of the fight against sanctions evasion. Clearly, the private sector needs to make sure it is doing all it can to tackle Russian activity – and just doing the bare minimum is no longer an option.  

    More insights