Episode 105

22nd April – 28th April 2024

Sanctions

A busy one for sanctions this week, and we’ll start in the United States since that seems to have been the source of most of it. First, designations have been made in order to hinder the proliferation of ballistic missiles. The four entities – three of which are in China, and one in Belarus, have supplied relevant technology to Pakistan’s ballistic missile programme, which also includes long-range missiles. The entities are Minsk Wheel Tractor Plant; Xi’an Longde Technology Development Company Limited; Tianjin Creative Source International Trade Co Ltd; and Granpect Co. Ltd. These entitles have ‘engaged in activities or transactions that have materially contributed to, or pose a risk of materially contributing to, the proliferation of weapons of mass destruction or their means of delivery, including any efforts to manufacture, acquire, possess, develop, transport, transfer or use such items, by Pakistan.’ Secondly, the Office of Foreign Assets Control (‘OFAC’) has designated two entities for the part they have played in supporting extremists in the West Bank. ‘Mount Hebron Fund and Shlom Asiraich generated tens of thousands of dollars for extremists responsible for destroying property, assaulting civilians, and violence against Palestinians,… [undermining] …peace, security, and stability of the West Bank.’ In news allied to this, it is understood that the Department of State has sanctioned the IDF’s Netzah Yehuda battalion, which is believed to have carried out human rights violations against Palestinians, and that other police and military units are also under consideration. Finally on new sanctions activity by OFAC this week, designations have been made in respect of two companies and four individuals ‘involved in malicious cyber activity on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (‘IRGC-CEC’). These actors targeted more than a dozen U.S. companies and government entities through cyber operations, including spear phishing and malware attacks …[including]… attacks against critical infrastructure.’

Before moving on in relation to new sanctions, coordinated sanctions against Iran have been announced by the US, UK, and Canada. This action is taken after initial sanctions on the drone programme last week. The Office of Financial Sanctions Implementation (‘OFSI’) in the UK has also issued an updated licence in relation to the Russia sanctions regime for Legal Services. It comes into effect on Monday 29th April @00:01.

On enforcement news from the US, first, two steel traders from Florida have been sentenced for violations of the Russia sanctions regime, as well as allied money laundering activity. ‘John Can Unsalan, aka Hurrem Can Unsalan, the president of … steel trading firm Metalhouse LLC, was sentenced to six years … for conspiracy to commit money laundering to promote violations of U.S. sanctions against Sergey Kurchenko, a pro-Russian Ukrainian oligarch. Unsalan’s former business associate, Sergey Karpushkin, a Belarusian national residing in Miami, was sentenced to 21 months in prison for his role in the scheme. Unsalan pleaded guilty and was ordered to forfeit $160 million in proceeds from the offense. Karpushkin pleaded guilty to conspiring to violate the International Emergency Economic Powers Act (IEEPA) and to commit international promotional money laundering and was ordered to forfeit $4.7 million in criminal proceeds.’ The second piece of enforcement action is a settlement with Thai plastics company, SCG Plastics Co Ltd. The company has agreed to pay $20m to settle its potential civil liability for 467 violations of Iranian sanctions.

To Europe now, where the European Union (‘EU’) members have agreed sanctions against Iran following its recent attacks on Israel. The sanctions will limit the exportation of EU-made components which could be used in the production of unmanned aerial vehicles (UAVs), or drones, and ballistic missiles. Finally in news from the EU, there is a genuinely handy policy explainer page on the Council of the European Union sanctions explaining Why the EU adopts sanctions. Well worth a read, even if a seasoned sanctions expert.

Bribery and Corruption

This week’s bribery and corruption news starts in Uzbekistan, where an Action project has been launched under the banner of ‘Improving Governance in Uzbekistan’ with the principal aim of enhancing anti-corruption efforts in the Republic. ‘Funded by the European Union, the Action will be carried out by two projects in close cooperation: “Inclusive corruption prevention” will be implemented by an EU consortium under the leadership of GIZ in partnership with Regional Dialogue and the Central Finance and Contracting Agency of Latvia with a budget of €4,550,000, co-funded by the German government. “Strengthening the National Anti-Corruption Ecosystem in Uzbekistan” will be implemented by UNDP with a budget of €2,500,000. With a duration spanning from 2024 to 2026, the projects target all 14 regions of Uzbekistan.’ The project aims to ‘address critical challenges such as weak institutionalization of anti-corruption efforts and the gap between national and regional levels of implementation.’

Now, to China. Indeed, we seem to be covering some story on bribery and corruption in China every week at the moment. This time, it is news that Wang Yongsheng, former vice president of China Development Bank (‘CDB’), has been indicted by Chinese authorities on charges of accepting bribes. This is the second recent story concerning a former V-P of the CDB. In episode 93 of the FCWP, we reported the news that He Xingxiang, had been sentenced to 20 years imprisonment for taking bribes, the illegal issuance of financial instruments, illegally making loans, and the concealment of overseas deposits over a 15-year period from 2006 until 2021. The Chinese authorities are going hard on bribery and corruption, so none of these stories can come as a surprise to anyone. Sticking with news relating to China, but from its membership of the BRICS (Brazil, Russia, India, China, and South Africa). Russia has the presidency of the BRICS this year and it has committed to the promotion of an anti-corruption agenda over the next year. We’ll see what happens on that front, but maybe things are already taking shape since it has been announced this week that Deputy Defence Minister, Timur Ivanov, has appeared in court following a corruption investigation alleging that he diverted funds from military contract to fund his lifestyle.

In Poland, the new government of Prime Minister Donald Tusk, former President of the European Council, has announced plans to replace the Central Anti-Corruption Bureau with a new institution to fight corruption, the Central Bureau for Combating Corruption. The claim is that the previous body had been broadly ineffective, but where action had been taken it was politically-biased in its pursuit of alleged corruption. The focus of an institution seeking to police corruption should be the government to see that the Executive’s operations are not, in any sense, influenced by factors other than the merits of the decision.

To Ukraine now, and yet more allegations of corruption among Ukrainian officials. It is being widely reported that the Agriculture Minister, Mykola Solsky, is under investigation by the National Anti-Corruption Bureau of Ukraine (‘NABU’) as part of a broader investigation into the unlawful acquisition of state-owned real estate. The scheme is alleged to involve the acquisition of land with a value of 291m hryvnia ($7.36m). Solsky was not named in the release from NABU, but there were sufficient identifying features in the information to lead many to identify Solsky, who has agreed to provide his full cooperation with the investigation.

In the US this week, the former Comptroller General of Ecuador, Carlos Ramon Polit Faggioni, has been convicted by a Miami federal court for soliciting and receiving over $10 million in bribe payments from Odebrecht S.A., the Brazil-based construction conglomerate.

And, finally on bribery and anti-corruption news this week, in the UK, the prominent anti-corruption campaigner, and former Labour government minister, Lord Peter Hain, has called on the National Audit Office to investigate what he describes as the ‘national scandal’ of arms sales to Saudi Arabia.

Money Laundering

The money laundering news this week starts with news that air travel is helping global money laundering by unwittingly facilitating the movement of funds around the world. The Wall Street Journal reported that the move has come as a result of tighter compliance obligations on banks requiring the reporting of suspicious activity. The news that cash is being taken around the world by mules will come as no surprise to those who listen to this podcast. In episode 56, which was released at the end of April last year, we reported the news that the National Crime Agency had successfully prosecuted a network of money mules who had couriered over £100m from the UK to Dubai in 83 separate trips between November 2019 and October 2020. Now, the important question is the scale of the action which is being taken to respond to the matter, especially since the United Nations Office on Drugs and Crime and the Financial Action Task Force (‘FATF’) have both reported on the ability of air travel to be used in this way. Indeed, a report jointly issued this month by the South African government and private sectors partners on terrorist financing risk assessment for the non-profit organisation (‘NPO’) sector, provided a range of interesting case studies. For example, in Case Study 11 relating to NPOs funding, ‘students were given cash (amounting to R100,000 per person) to take with them in their suitcases and on their person and told to pay the religious institution upon their arrival [in Syria].’ So, it is on the agenda, and something about which policymakers are looking to take action.

In the European Union, a possible conflict has been generated following a vote in the Parliament this week not to approve a motion from the Commission to remove the United Arab Emirates and Gibraltar from the countries on its watchlist. The Commission had proposed the removed of the UAE and Gibraltar from the list last month following the decision of the Financial Action Task Force to remove them from its Jurisdictions under Increased Monitoring – the so-called ‘grey list’ – which was made at the Paris Plenary in late February. At the Plenary, Gibraltar, along with Barbados, Uganda, and the UAE, were ‘congratulated’ for their ‘significant progress in addressing the strategic AML/CFT deficiencies previously identified during their mutual evaluations.’ Removed from the EU’s watchlist were Panama, Barbados, and Uganda, but UAE and Gibraltar remain sticking points. It may be that the Parliament needs more time to be satisfied of progress since in the case of Panama, was removed from the FATF’s ‘grey list’ at the October 2023 Plenary, but only removed at the vote on Tuesday. Certainly worth watching this one, but the idea that more time might be needed is borne out this week by an article from Transparency International (‘TI’) which claims that while the UAE may have been removed from the FATF’s ‘grey list’, it still has much to prove despite its keenness to remove itself from the list with legislative, compliance, and enforcement moves which allowed the FATF to see safety in removal. Nevertheless, while all that goes on in the background, the European Parliament’s decision does create a bit of an issue in the short-term for those countries with membership of both the EU and the FATF. As a footnote to this story, it will come as no surprise that the British government has criticised the decision. Right, that’s enough of that story. One final story concerning the FATF now, and it is understood that it will complete its review of India by June 2024, but that no red flags have apparently been identified at the moment.

More money laundering news this week, sticking with the European Parliament, which has agreed to adopt a new set of rules to aimed at combating money laundering. Principal among the agreed rules are that, first, authorities, journalists and civil society organizations will be able to have access to new registers and sources of information; secondly, large cash payments will be limited to €10,000 in the EU; thirdly, due diligence rules will be applicable to football clubs and agents from 2029; and, finally, a new European agency will be responsible for directly supervising the riskiest entities.

And, finally, on money laundering this week, I’d like to direct you to a bit of light reading in the form of a blog post on the website of the World Bank highlighting the importance of beneficial ownership registers in promoting accountability and transparency. Focusing on the experience of four countries implementing beneficial ownership transparency, the post highlights eight actionable recommendations which arose from the analysis.

Fraud

On fraud news this week, the big story was the release of the US Government Accountability Office (‘GAO’) report on annual financial losses to the government from fraudulent activity. The estimate made by the GAO report is staggering in that it states that the federal government could lose between $233bn and $521bn annually to fraud, and that this is spread across government departments with no agency being immune. The report urges the Office of Management and Budget to develop guidance to improve fraud-related data—providing a more uniform approach to what data is collected and how. The report makes three recommendations. First, the ‘Director of the Office of Management and Budget, in collaboration with the Council of the Inspectors General on Integrity and Efficiency, should develop guidance on the collection of Office of Inspector General (OIG) data to support fraud estimation. The guidance should (1) identify and establish consistent data elements and terminology for use across OIGs; (2) include a timeline for implementation and key milestones; and (3) leverage existing data systems and processes, as appropriate.’ Secondly, the ‘Director of the Office of Management and Budget, with input from executive branch agencies, should develop guidance on the collection of executive agency data to support fraud estimation. The guidance should (1) identify and establish consistent data elements and terminology for use across agencies; (2) include a timeline for implementation and key milestones; and (3) leverage existing data systems and processes, as appropriate. Thirdly, the Secretary of the Treasury, in consultation with the Office of Management and Budget, should establish an effort to evaluate and identify methods to expand government-wide fraud estimation to support fraud risk management. This effort should (1) initially prioritize program areas at increased risk of fraud; (2) be responsive to changes in the availability or quality of data; and (3) leverage data-analytics capabilities, such as within the Office of Payment Integrity, which includes the Do Not Pay program.’

Now, in light of this, and I know I said I had started to soft-pedal the number of Covid-19 fraud cases, but from time-to-time, along comes a big one, which perhaps helps explain the scale of the government fraud identified in the previous discussion. Anyway, the Department of Justice in the US announced this week the unsealing of an indictment charging three men from Florida with fraud and money laundering ‘that involved submitting false and fraudulent claims for COVID-19 testing to health care benefit programs, including Medicare and the Health Resources and Services Administration (HRSA) COVID-19 Uninsured Program.’ The sum involved in understood to be around $36m.

And, finally, on fraud news this week, the Department for Education in the UK, which applies in this context to England only, has issued a summary of its counter-fraud policy.

Market Abuse

On market abuse news this week, it has been reported that in exchange for dropping investor claims against him, Sam Bankman-Fried has agreed to cooperate with them in action against others who promoted the exchange, which includes some finfluencers. It’ll be interesting to see if that goes anywhere.

Other Financial Crime News

In other financial crime news this week, the Serious Fraud Office (‘SFO’) in the UK has published its strategy for 2024 – 2029 which focuses on, first, ensuring its personnel are ‘highly specialised, engaged and skilled’ in order to assist in successful outcomes. This will involve, amongst other things, providing staff with additional support and benefits, establishing an in-house academy, and putting more into resource planning. Secondly, the SFO will combat crime effectively through intelligence, enforcement and prevention. This will involve the testing of new prevention methods through a pilot programme designed to cut serious fraud, bribery and corruption off at the source, helping corporates more easily to self-report, and the exploration of incentivisation options for whistleblowers. Thirdly, the SFO will seek to harness technology better to respond to its challenges. This will involve, amongst other things, trialling new and innovative tools, and developing the use of machine-learning and AI for more mechanical and administrative tasks so that human input can be focused on that work which requires expert input. Further, in line with its new learning and development strategy, the agency will set expectations for the development of core digital skills across all SFO roles. The final part of the strategy is to be a proactive, authoritative player in the global and domestic justice system. This can be achieved by, amongst other things, bolstering global defences against serious fraud, bribery and corruption by formalising specialist training, by the deployment of new powers such as the new “failure to prevent fraud” offence, and by fortifying international anti-bribery efforts by building its role within the OECD working group on bribery.

And, finally, on other financial crime news this week, the Financial Conduct Authority (‘FCA’) in the UK has issued a consultation document on proposed changes to its Financial Crime Guide: A Firm’s Guide to Countering Financial Crime Risks. The FCA proposes changes to a range of parts. First, on sanctions, it is proposed to update this section to reflect what the regulator and firms have learned from sanctions, particularly imposed following Russia’s invasion of Ukraine. Secondly, on proliferation financing, the guidance is to be updated to ensure that proliferation financing is explicitly referenced throughout the Guide where appropriate, and to highlight a 2022 update to the MLRs which requires firms to carry out proliferation financing risk assessments. Thirdly, on transaction monitoring, it is proposed to set out some key guidance for firms on how they can implement and monitor transaction monitoring systems and support responsible innovation and new approaches, such as use of Artificial Intelligence. Fourthly, on cryptoassets, it is proposed to make explicit reference such that Cryptoasset businesses should consult the Guide. This is following the fact that Cryptoasset businesses registered have been subject to FCA supervision for AML purposes since June 2020. Fifthly, on the consumer duty, it is proposed that the Guide makes clear that firms should consider whether their systems and controls are proportionate and consistent with their obligations under the Duty. Finally, on consequential changes, the FCA is looking to make consequential changes to the Guide, including replacing expired links, outdated references to European Union rules, and refreshed case studies drawing from more recent FCA enforcement notices. The consultation is open until 27th June 2024.

Cyber Crime

The cyber-attack news this week starts in the US. Now, certainly for the last few weeks, but in stories going back well into last year, we have identified the issue of state-backed cyber-attacks on critical infrastructure. Well, the FBI Director, Christopher Wray, has stated that Chinese state-backed hackers are sleeping in US critical infrastructure and waiting for the right moment to attack. The affected areas are believed to be companies involved with telecommunications, energy supply, water and treatment works, as well as other critical sectors. This is a matter which has been deemed so serious that, certainly in relation to water supply and treatment, Governors of individual states have been warned to protect and provide in the event of an attack. Now, as if to provide immaculate timing, a Russia-linked hacking group has claimed responsibility for targeting a wastewater treatment plant in Tipton, Indiana. The plant has claimed that it has not been compromised, but it acts as a timely reminder of the threat, not just to the US, but that this is an issue to which all nations states need to be alert. The war in Ukraine has demonstrated the significance of defending critical infrastructure from cyber warfare, and this podcast has also recorded stories of Israeli critical infrastructure being impacted by what are believed to be Iranian-backed cyber-attacks. Anyone working in risk management and critical infrastructure needs to be alive to this risk and sharpen their systems and controls to ensure that few significant problems arise should the worst happen.

Staying in the US, Frontier Communications Parent Inc has alerted the Securities and Exchange Commission (‘SEC’) to the detection of unauthorised access to its IT systems. The company has initiated its cyber-response plan in an effort to see that the attack was contained. No claim of responsibility as yet. One more story from the US, and it is that the ‘G7 Cyber Expert Group has completed a cross-border coordination exercise … to ensure they can effectively coordinate and communicate their response in the event of a widespread cyber incident affecting the financial system…. To optimize coordination among G7 financial authorities, the exercise assumed a large-scale cyber attack on financial market infrastructures and entities in all G7 jurisdictions. The exercise brought together 23 financial authorities, including ministries of finance, central banks, bank supervisors, and market authorities, as well as private industry participants.’

Before this week’s final story, a bit of a legacy story has come out this week from the chairperson of the Belgian Parliament's Foreign Affairs Committee, Els Van Hoof, who claims that Chinese spies hacked her laptop in 2021. Given current levels of alleged Chinese espionage, this would be nothing new, and it should come as no surprise that attempts have been made as far back as 2021, but I think we might even safely look further back than that. The threat from China to western democracies is well-established, but legacy and sleeper incursion may well become a live issue as more investigations are undertaken, especially into vulnerable parts of critical infrastructure. It almost goes without saying that the hacking has been denied by the Chinese authorities.

And, finally, on this week’s FCWP, two pieces from the National Cyber Security Centre in the UK. First, it has issued a security advisory detailing a vulnerability affecting the GlobalProtect feature of Palo Alto Networks PAN-OS software (CVE-2024-3400). Secondly, it has published a blog post about updates to the Cyber Essentials Certification Scheme.

References

Council of the European Union, Why the EU adopts sanctions.

Delegation of the European Union to Uzbekistan, European Union, EU Consortium and UNDP join efforts to support the anti-corruption effort of the Government of Uzbekistan.

Department for Education, Policy paper – DfE counter-fraud policy: summary.

European Parliament, Adoption of new rules to combat money laundering.

European Parliament, New EU rules to combat money-laundering adopted.

Financial Conduct Authority, Consultation Paper CP24/9***: Financial Crime Guide Updates.

National Cyber Security Centre, Exploitation of vulnerability affecting Palo Alto GlobalProtect Gateway.

National Cyber Security Centre, Pathways: exploring a new way to achieve Cyber Essentials certification.

Office of Financial Sanctions Implementation, Financial Sanctions Notice: Iran.

Office of Financial Sanctions Implementation, Guidance: Legal Services General Licence.

Serious Fraud Office, SFO Strategy 2014 – 2019.