Episode 110

27th May – 2nd June 2024

Sanctions

This week’s sanctions news starts in the US with news of a guilty plea from a Ukrainian national resident in Estonia for money laundering offences relating to violation of US export laws. From 2018, Stanislav Romanyuk conspired with others ‘to violate U.S. export laws and regulations to smuggle a 500 Series CPWZ Precision Jig Grinder that was manufactured in Connecticut to Russia. A jig grinder is a high-precision grinding machine system that does not require a license to export to European Union countries, but does require a license for export and reexport to Russia because of its potential application in nuclear proliferation and defense programs. Romanyuk and his co-conspirators knew that the jig grinder could not be exported from the U.S. to Russia or any country outside the European Union, and they did not apply for, receive, or possess a license of authorization from the U.S. Department of Commerce to export or reexport the jig grinder to Russia, as required by the Export Control Reform Act of 2018 and the Export Administration Regulations (“EAR”), which restrict the export of items that could make a significant contribution to the military potential of other nations or that could be detrimental to U.S. foreign policy and national security.’ Sentencing has not yet been scheduled. Staying in the US, the Office of Foreign Assets Control (‘OFAC’) has made amendments to the Counter Terrorism and Iran-related designations.

In other news from the US, a joint agency approach has been taken in relation to the Wagner Group’s operations in the Central African Republic. Mining Industries SARLU and Logistique Economique Etrangere SARLU have been designated pursuant to Executive Order (E.O. 14024) for enabling Wagner Group security operations and Wagner Group-linked illicit mining operations in the country.

In the UK, a range of sanctions news this week. First, news that the Office of Financial Sanctions Implementation (‘OFSI’) has issued a general licence and amended another. The first, subject to conditions, allows a designated person to make use of the retail banking services of a designated Credit or Financial Institution provided that the payments made or received are intended for the personal use of that person; the amended licence is to that which permits a scheme of arrangement prepared by the Joint Administrators of VTB Capital plc. Secondly, OFSI has updated the Russian Oil Services ban. Thirdly, the designation of Russian socialite, Tatiana Evtushenkova, has been amended, as well as that of Russian businessman, Dmitry Vladimirovich Konov, though both remain subject to sanctions. Fourthly, three designations have been corrected under the Somalia financial sanctions regime. Finally, amending regulations have been issued in relation to a range of the sanctions regimes in place by the UK.

The big sanctions news from the EU this week is that the Council of the European Union has announced the establishment of a ‘new framework for restrictive measures against those responsible for serious human rights violations or abuses, repression of civil society and democratic opposition, and undermining democracy and the rule of law in Russia…. The new regime will allow the EU to target also those who provide financial, technical, or material support for, or are otherwise involved in or associated with people and entities committing human rights violations in Russia. Furthermore, the new sanctions regime introduces trade restrictions on exporting equipment, which might be used for internal repression, as well as on equipment, technology or software intended primarily for use in information security and the monitoring or interception of telecommunication.’ The Council announced the designation of one entity and 19 individuals under the new regime.

And, finally, on sanctions news this week, and staying in the EU, the General Court has annulled the sanctions designation of Farkhad Akhmedov on the basis that the evidence which supported his designation was not credible.

Bribery and Corruption

This week’s bribery and corruption news starts in Nigeria, which is understood to have reached agreement with global conglomerate, Glencore, whereby Glencore will pay $50m to Nigeria in recognition of illegal activities carried out in the country while operating in the region. You’ll recall that Glencore Energy UK Ltd agreed a deferred prosecution agreement of over £280m in November 2022 after a Serious Fraud Office investigation revealed it paid US $29m in bribes to gain preferential access to oil across Africa.

In Australia, it has been reported that the Attorney-General of Queensland has announced that the state’s anti-corruption commission will be prevented from publishing its opinion in relation to an individual, but that it will be limited to making only factual statements about them. The announcement came after a decision to implement the findings from the independent review of the Crime and Corruption Commission’s reporting powers headed by Honourable Catherine Holmes AC SC, the former Chief Justice of Queensland. Legislation will be introduced to implement the changes in the near future.

And, finally, on bribery and anti-corruption this week, the Group of States Against Corruption (‘GRECO’) has warned about the threat posed by corruption from ‘the slow implementation of its recommendations on preventing corruption among parliamentarians, compared to other professional groups. It also underlines that several judicial systems must be further reformed to guarantee the independence of judges and prosecutors, and to strengthen the integrity rules that are applied to them.’

Fraud

The fraud news this week comes from the US, where the Office of the Comptroller of the Currency has issued a notice regarding fictional regulatory notices. This follows reports from consumers that they have been targeted by ‘fictitious correspondence via email, Google Chat, and the U.S. Postal Service related to up-front fee scams involving fictitious inheritance or beneficiary payouts. The notifications appear to be initiated by senior officials of the Office of the Comptroller of the Currency (OCC) regarding funds purportedly held by the OCC. Scam correspondence may include the names of other governmental agencies who are purportedly involved in the fake transaction. In all instances, victims are initially contacted regarding funds being held on their behalf by the OCC and are asked to provide the scammers general personal information including name, address, and telephone number. Follow-up correspondence from the scammers includes requests for more specific personal information including, but not limited to Social Security number, bank account details, and copies of driver’s licenses and passports. Correspondence is generally poorly written with typographical and grammatical errors and may include instructions for the victim to pay thousands of dollars in required fees or taxes for the release of the supposedly held funds….’

Money Laundering

The money laundering news this week starts with more news of desperate attempts by those on the FATF’s Jurisdictions Under Increased Monitoring – its so-called ‘grey list’ – to free themselves from it. First, more from Turkey, where the Turkish parliament this week debated a draft law relating to increased compliance for crypto asset service providers (‘CASP’s). This is part of continuing efforts on the part of the Turkish government to get Turkey off the FATF’s grey list by the next plenary. Whether that will happen, of course, is never a straightforward matter. You may recall that the mood music earlier this year was that Philippines would be off the ‘grey list’ at the February plenary, but when the results were announced, it was still languishing on it. In money laundering terms, this is getting borderline exciting.

In Europe, the Council of Europe’s Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism (‘MONEYVAL’), has provided an update on efforts made by Bulgaria, the Vatican City, and San Marino in their implementation of the FATF40 recommendations. In relation to Bulgaria, it ‘has improved its compliance with ten FATF Recommendations, namely those on national cooperation and coordination, politically exposed persons, money or value transfer services, internal controls and foreign branches and subsidiaries, designated non-professional business and professions customer due diligence, transparency and beneficial ownership of legal arrangements, regulation and supervision of financial institutions, powers of supervisors, on cash couriers, as well as on statistics.’ On the Vatican, it ‘has made amendments to its Anti-Money Laundering and combating the financing of terrorism Law and introduced new legislation covering legal persons.’ Finally, San Marino ‘has improved its compliance with the Financial Action Task Force’s Recommendation 35, which concerns sanctions. The amendments introduced in 2023 to its anti-money laundering legislation have largely addressed the deficiencies previously identified regarding the sanctions’ regime.’

In the European Union, the Council of the European Union has this week adopted new anti-money laundering rules, namely the Regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (2021/0239(COD)) (AML Regulation); the Regulation establishing the Anti-Money Laundering Authority (AMLA) (2021/0240(COD)) (AMLA Regulation); and the Sixth Money Laundering Directive (2021/0250(COD)) (MLD6).

Europol has announced the outcome of joint action led by Italian and Portuguese authorities ‘against two networks of money-mule recruiters working for a criminal organisation carrying out cryptocurrency scams….’ This action ‘resulted in 11 detentions, including the mastermind behind the money laundering scheme.’

In other money laundering news this week, HM Treasury published a Policy Paper following the Joint EU-UK Financial Regulatory Forum. ‘On AML, both sides emphasised the importance of close cooperation, including within the Financial Action Task Force, to raise the bar globally. The EU updated on the swift progress made on AML reforms. The EU’s AML package introduces, inter alia, detailed and directly applicable rules at Union level, as well as a new EU Anti-Money Laundering Authority (AMLA) which will act as the centre of the Union’s integrated supervisory system involving AMLA and all national authorities and will support and coordinate the work of the Financial Intelligence Units. The UK updated on work to further improve the effectiveness of the UK regime, including on potential options for supervisory reform in the UK and the consultation on improvements to the AML rules set out in the UK Money Laundering Regulations.’

And, finally, on money laundering news this week, following the fine issued by the German financial regulator, BaFin, against N26 following compliance failings in its anti-money laundering processes, the regulator has lifted the growth restriction on the number of new customers whom N26 can onboard per month from 50,000 to 60,000. This took effect on the 1st June 2024.

Market Abuse

On market abuse news this week, the European Securities and Markets Authority (‘ESMA’) has published a statement reminding ‘issuers about the applicable legislative framework to “pre-close calls” and encouraging them to follow good practices when engaging in such calls, with the goal of contributing to maintain fair, orderly, and effective markets.’ The publication of the statement follows media speculation connecting high share price volatility and ‘pre-close calls’. The statement recommends three elements of good practice in relation to ‘pre-close calls’.

Other Financial Crime News

In other financial crime news this week, G7 Finance Ministers and Central Bank Governors met in Stresa, Italy, discussing a range of topics relevant to the geo-political and economic system. Over the course of the meeting, views were exchanged on the global implications of Artificial Intelligence, support for Ukraine, international tax cooperation, ongoing initiatives for development and cross-border payments, and agreement to continue working in close cooperation in relevant multilateral fora, such as the G20. As the international community faces multiple challenges that require a coordinated response, they renewed a commitment to multilateral cooperation to foster sustainable development. Discussions were informed by valuable contributions from the Heads of the African Development Bank, Gavi, the Vaccine Alliance, the Committee on Payments and Market Infrastructures’ Secretariat and the Financial Action Task Force.

Cyber Crime

We end this week’s financial crime news with a round-up of cyber-attack news, which starts in the European Union, where the head of the European Union Agency for Cybersecurity (‘ENISA’), Juhan Lepassaar, has highlighted the rise in cyber-attacks on the bloc is increasing. This will come as no surprise given, first, the reported levels of cyber-attacks generally, but, secondly, it would have come about as a response to the European Union’s support for Ukraine in its defence against Russian invasion. Lepassaar has indicated that there has been a doubling of the number of attacks between the final quarter of 2023 and the first quarter of 2024, with the threat level being compounded by AI-enabled cyber-criminality.

In other news from Europe this week, Europol has announced action with the aim of disrupting botnets and the criminal proceeds derived from them. ‘Between 27 and 29 May 2024 Operation Endgame, coordinated from Europol’s headquarters, targeted droppers including, IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. The actions focused on disrupting criminal services through arresting High Value Targets, taking down the criminal infrastructures and freezing illegal proceeds. This approach had a global impact on the dropper ecosystem. The malware, whose infrastructure was taken down during the action days, facilitated attacks with ransomware and other malicious software. Following the action days, eight fugitives linked to these criminal activities, wanted by Germany, …[were]… added to Europe’s Most Wanted list on 30 May 2024. The individuals are wanted for their involvement in serious cybercrime activities. This is the largest ever operation against botnets, which play a major role in the deployment of ransomware.’

In the US, the Department of the Treasury has sanctioned a cybercrime network associated with the 911 S5 Botnet. ‘The 911 S5 botnet was a malicious service that compromised victim computers and allowed cybercriminals to proxy their internet connections through these compromised computers. Once a cybercriminal had disguised their digital tracks through the 911 S5 botnet, their cybercrimes appeared to trace back to the victim’s computer instead of their own. The 911 S5 botnet compromised approximately 19 million IP addresses and facilitated the submission of tens of thousands of fraudulent applications related to the Coronavirus Aid, Relief, and Economic Security Act programs by its users, resulting in the loss of billions of dollars to the U.S. government. The 911 S5 service enabled users to commit widespread cyber-enabled fraud using compromised victim computers that were associated to residential IP addresses. The IP addresses compromised by the 911 S5 service were also linked to a series of bomb threats made throughout the United States in July 2022.’ Allied to this news is the announcement by the Department of Justice that ‘YunHe Wang,… a People’s Republic of China national and St. Kitts and Nevis citizen-by-investment, was arrested on May 24 on criminal charges arising from his deployment of malware and the creation and operation of … “911 S5.” According to an indictment … Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide…. Wang then generated millions of dollars by offering cybercriminals access to these infected IP addresses for a fee.’

In news of an actual cyber-attack this week, it has been announced that around 25,000 current and former employees of the BBC in the UK have had their personal information compromised. Specifically, the attack targeted the occupational pension scheme of the individuals. The incident has been reported to the Information Commissioner’s Office and the Pensions’ Regulator. There has yet to be a claim of responsibility.

And, finally, on cyber-attack news this week, the National Cyber Security Centre in the UK has published a blog post on the topic of raising the cyber resilience of software ‘at scale’.

References

Council of Europe, Stricter regulation is needed to prevent corruption in top executive functions of central governments, says the Council of Europe’s GRECO.

Council of Europe, GRECO Annual Report.

Council of the European Union, Russia: EU sets up new country-specific framework for restrictive measures against those responsible for human rights violations, and lists 20 persons.

Council of the European Union, G7 Finance Ministers and Central Bank Governors’ Communiqué, Stresa, 23-25 May 2024.

Council of the European Union, Anti-money laundering: Council adopts package of rules.

Eurojust, Major operation to take down dangerous malware systems.

European Securities and Markets Authority, ESMA reminds on rules for sharing information during pre-close calls.

Europol, Largest ever operation against botnets hits dropper malware ecosystem.

General Court of the European Union, Farkhad Teimurovich Akhmedov v Council of the European Union.

Europol, Crackdown on money mule service providers laundering over EUR 10 million.

HM Treasury, Policy paper: Joint EU-UK Financial Regulatory Forum.