Following Russia’s invasion of Ukraine, the Financial Crimes Enforcement Network (“FinCEN”) and the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) issued a joint alert and a supplemental alert (the “Joint Alerts”) urging U.S. financial institutions (“FIs”) to be attentive to attempts by Russia to evade U.S. sanctions and export controls. The Joint Alerts also reminded FIs of their obligations to file suspicious activity reports (“SAR”s) detailing suspected export control evasion.  We blogged on the Joint Alerts here and here.

FIs complied, and on September 8, 2023, FinCEN published a Financial Trend Analysis (“FTA”) describing insight it gained from those SARs into Russian procurement activities potentially in violation of the Export Administration Regulations. FinCEN issued the FTA right before the Office of Foreign Asset Control (“OFAC”) announced on September 14, 2023 another wave of related sanctions by adding to the list of Specially Designated Nationals more than 150 foreign companies and individuals accused of aiding Russia, including by shipping American or other Western technology.

The FTA is based on 333 SARs filed between June 28, 2022 and July 12, 2023. The SARs—96% of which were filed by U.S.-based depository institutions—detailed nearly 1 billion dollars in suspicious activity. 

The FTA highlights the following trends found in the SARs:

• Despite sanctions, U.S.-origin goods are going to end-users in Russia. In some instances, U.S.-based companies sold goods directly to entities in Russia. In other instances, U.S.-based companies sold to entities in intermediary countries who appear to have purchased the U.S.-origin goods on behalf of Russian end-users. These companies were largely located in China and Hong Kong, but also in the United Kingdom, Belgium, Germany, Singapore, the United Arab Emirates (UAE) and Turkey.
• Companies in China, Hong Kong, Turkey and the UAE are likely supplying sensitive items—including dual-use goods subject to U.S. export restrictions—to end users in Russia. Payments for the items are often flowing through U.S.-based correspondent accounts.
• The majority of companies within the dataset are connected to the electronics industry and located in the U.S. and Hong Kong, with the Hong Kong companies maintaining bank accounts in China, Hong Kong and Russia. These companies are potentially associated with—or directly facilitating—Russian export control evasion.
• The data also identified companies in the industrial machinery industry operating in the U.S., China, Hong Kong and Singapore as potentially supplying Russia with equipment.
• Entities located in the U.S. are potentially providing professional services to Russia, potentially in support of Russia’s war efforts.

Key Takeaways

While Russia’s war against Ukraine rages, FIs must remain vigilant for potential attempts by Russia to evade U.S. export controls. To aid in doing so, FIs should familiarize themselves with the transactional and behavioral red flags listed in the Joint Alerts, including:

• Whether the nature of a customer’s underlying business (in particular military or government-related work), type of service(s) or product(s) offered, and geographic presence pose additional risks of unintentional involvement in the evasion of export controls for Russia;
• A customer acquires new vessels for no apparent purpose or for use in shipping corridors involving one or more of the identified transshipment countries, including Armenia, Brazil, China, Georgia, India, Israel, Kazakhstan, Mexico, Serbia, Singapore, South Africa, Turkey and the UAE;
• Transactions involve entities with little to no web presence;
• Transactions involve a change in shipments or payments that were previously scheduled to go to Russia but that are now going to a different country;
• Last-minute changes to transactions associated with an originator or beneficiary in Russia;
• Parties to transactions with addresses that do not appear consistent with the business or are otherwise questionable (e.g., either the physical address does not exist, or it is residential);
• Rapid shifts to new purchasers of transactions involving restricted luxury goods;
• Transactions involving freight-forwarding firms that are also listed as the product’s final end customer;
• Transactions associated with atypical shipping routes for a product and destination;
• When combined with other derogatory information, large dollar or volume purchases, including through the use of business credit cards, of items designated as EAR99 (or large volume or dollar purchases at wholesale electrical/industrial merchants, electrical parts and equipment providers, or electronic parts providers), in the United States or abroad, especially if paired with purchases at shipping companies;
• Companies or individuals with links to Russian state-owned corporations (including shared ownership, as well as branches of, subsidiaries of, or shareholders in such state-owned corporations) involved in export-related transactions or the provision of export-related services;
• Export transactions identified through correspondent banking activities involving non-U.S. parties that have shared owners or addresses with Russian state-owned entities or designated companies; and
• Use of business checking or foreign exchange accounts by U.S.-based merchants involved in the import and export of electronic equipment where transactions are conducted with third-country-based electronics and aerospace firms that also have offices in Russia or Belarus.

The government continues to expect FIs to play a key role in disrupting Russia’s efforts to acquire critical commodities and technology to support its war efforts. Thus, FIs must take a risk-based approach to identifying attempts by Russia to evade U.S. sanctions and export controls and continue to file SARs in response to the Joint Alerts.