Embedded Files
12th August – 18th August 2024
Sanctions
This week’s sanctions news starts in the US, where in coordination with action taken by the UK and EU last week, the Office of Foreign Assets Control (‘OFAC’) has taken ‘action against 19 individuals, 14 entities, and one aircraft pursuant to Belarus-related Executive Order (E.O.) 14038. This action targets persons involved in supporting Russia’s war in Ukraine through military resource production and transshipment of goods to Russia, sanctions evasion on behalf of Belarusian defense entities, and revenue generation for Belarusian oligarchs in Alyaksandr Lukashenka’s inner circle. OFAC is concurrently designating five of these targets—three individuals and two entities—pursuant to Russia-related E.O. 14024.’ The Department of State also imposed ‘visa restrictions on 19 regime officials and their affiliates for their involvement in undermining democracy in Belarus. These individuals include those involved in efforts to misuse Interpol systems to target Belarusian dissidents abroad, the physical abuse and reported torture of pro-democracy activists, disbarring attorneys for representing pro-democracy activists, tracking and arresting citizens who subscribe to social media sites that carry content criticizing the regime, and granting permission for armed servicemen to violently disperse peaceful protests in 2020.’ The Department of Justice has also targeted a Russo-German national for offences ‘related to export control violations, smuggling, wire fraud and money laundering. [Arthur] Petrov allegedly participated in a scheme to procure U.S.-sourced microelectronics subject to U.S. export controls on behalf of a Russia-based supplier of critical electronics components for manufacturers supplying weaponry and other equipment to the Russian military.’ Petrov, who was extradited from Cyrus to face the music following his arrest last year. No date is yet set for the trial. And finally from the US this week, an individual has been arrested in Tennessee ‘for his efforts to generate revenue for the Democratic People’s Republic of Korea’s (DPRK or North Korea) illicit weapons program, which includes weapons of mass destruction (WMD). Matthew Isaac Knoot, participated in a scheme to obtain remote employment with American and British companies for foreign information technology (IT) workers, who were actually North Korean actors. Knoot allegedly assisted them in using a stolen identity to pose as a U.S. citizen; hosted company laptops at his residences; downloaded and installed software without authorization on such laptops to facilitate access and perpetuate the deception; and conspired to launder payments for the remote IT work, including to accounts tied to North Korean and Chinese actors.’ Late in the week, the Department of State and OFAC announced further sanctions against the Houthi and Hizballah trade networks.
Before we take a look at Russian fossil fuel sales for July, just one update from the Office of Financial Sanctions Implementation (‘OFSI’) in the UK, which has announced the addition of 20 Frequently Asked Questions (‘FAQ’s) to its FAQs page. FAQs 100 – 119 are in the Russia section in the central FAQs page having previously been in OFSI's Russia guidance.
And, finally, on sanctions news this week, the Centre for Research on Energy and Clean Air has published its monthly analysis of Russian fossil fuel exports and sanctions for July 2024. The headline is that Russian fuel export revenues fell by three per cent to €656mn per day, which it reports are the lowest levels so far for 2024. In relation to imports into the EU, where there are some sanctions’ exemptions, the five largest importers in the bloc paid Russia €1.2bn in July. In descending order, these were Hungary, Italy, Slovakia, Belgium, and the Czech Republic. Interestingly, the report also indicates that a price cap of $30 per barrel would have reduced Russian oil export revenues by 26 per cent, with a value of €3.51bn. ‘Since introducing sanctions until the end of July 2024, thorough enforcement of the price cap would have slashed Russia’s revenues by 8% (€20.91 bn). In July 2024 alone, full enforcement of the price cap would have slashed revenues by 10% (approximately €1.31 bn).’ In terms of global buyers of crude oil products, during the period of the imposition of the price cap in 2022 up to last month, China and India have been the principal markets for the product, with 84 per cent of Russian exports.
Bribery and Corruption
This week’s bribery and corruption starts this week, as the Paris Olympics fade into memory, with news that the Sport Integrity Global Alliance (‘SIGA’) has ‘...announced the launch of a large-scale Anti-Corruption in Sport Campaign which builds upon the New York Declaration on Financial Integrity and Transparency in Sport that was formalised during the recent SIGA FITS Forum in New York in June. The global campaign,... articulates the main issues that are deeply impacting and threatening the future of contemporary Sport, namely Corruption, Money Laundering, and Tax Evasion and it charts a path that can be followed to address them. The proposed resolutions, solutions and strategies formed the cornerstone of the recent SIGA FITS Forum, which gathered leading experts from around the globe, and directly influenced and contributed to the New York Declaration on Financial Integrity and Transparency in Sport.’
Money Laundering
The money laundering news this week is a bit thin on the ground, but in the US, the Deputy Director of FinCEN (‘Financial Crimes Enforcement Network’), Jimmy Kirby, gave opening remarks at the ‘Beneficial Ownership Information Reporting Event’ held this week. In emphasising the need for reporting of this kind, Kirby provided examples drawn from recent cases where the use of shell companies allowed the proceeds of bribery and fraud to be laundered by the perpetrators, including how US-designated Russian national, Suleiman Kerimov, ‘used a complex series of legal structures to continue to retain an interest in, and benefit from, his over $1 billion in assets in the United States.’ These changes aim to address such misuse of the corporate structure.
Fraud
On fraud news, we start in the US, where the Securities and Exchange Commission (‘SEC’) has charged a number of individuals, and an entity with ‘...operating a fraudulent scheme that raised more than $650 million in crypto assets from more than 200,000 investors worldwide, including many in the Haitian-American community.... According to the SEC’s complaint, the [scheme operated] as a multi-level marketing (MLM) and crypto asset investment program from 2019 through 2023. They lured investors by claiming [the company] would invest their funds on crypto asset and foreign exchange markets. [Investors were assured] ...their investments would be safe and [were] promised that “[i]n this program, you are in profit from day one, because again you have access to that capital.” In reality, ... the majority of investor funds [were used] to make payments to existing investors and to pay commissions to promoters, using only a fraction of investor funds for trading.’ The complaint further alleges that funds were siphoned off for the private use of certain of the alleged perpetrators. ‘When [the company] ultimately collapsed, most investors were not able to withdraw their investments, resulting in substantial losses, according to the complaint.’
Other Financial Crime News
In other financial crime news this week, in the UK, hot-on-the-heels of the Serious Fraud Office (‘SFO’), the National Crime Agency (‘NCA’) has now published its Annual Report and Accounts for 2023 – 2024. Some of the highlights for the last year include a total number of 4,740 disruptions to criminal activity, with 376 being disruptions of ‘high impact … against the most harmful organised crime groups.’ The report estimates that 260,000 frauds were prevented by NCA disruptive activity. The disruption to the most harmful organised crime groups aligns with the NCA’s 2023 – 2028 Strategy, as well as the Home Secretary’s strategic objectives, which are also listed in the Report. The Report goes into thematic detail on its work in a range of areas including drugs, firearms, and border security. In respect of Cybercrime, the report provides that the overall threat from cyber crime has increased, with an acute threat from ransomware, typically dominated by Russian-speaking organised crime groups providing ‘Ransomware-as-a-Service’. ‘Ransomware incidents impacting both the UK and countries globally increased in 2023. The under-reporting of cybercrime incidents, including ransomware, continues to be an issue. Most of the cyber threat to the UK comes from abroad, with a small number of offenders having a disproportionately high impact on the threat. The online cybercriminal ecosystem enables and supports cybercrime, and other serious and organised crime threats; including, money laundering,… and online fraud. The cybercrime ecosystem is comprised of a collection of products, goods and services available on the open and dark web; which has lowered the barrier to entry and proliferated high-end cyber capabilities. The Agency has developed its approach, with Team Cyber UK and international partners to focus on the disruption and degradation of the cybercrime ecosystem, balancing the requirement to provide an improved response for victims, with an ambition to deliver even more strategic impact.’ The Report goes on to highlight the success of investigations and disruption over the period, the trial of a new operating model, and efforts to improve individual behaviour online so that there are fewer victims. The NCA has also highlighted its international collaborative efforts in the area.
On fraud, the Report reminds us that it is the most common crime in the UK, with it accounting for 37% of all crime experienced by the public, though ‘overall volumes of fraud appear to be dropping’. Of those reports, 70% have overseas ties, and 89% are cyber-enabled. Certain typologies do appear to be on the rise, including romance and investment frauds. On its anti-fraud approach, the NCA ‘pivoted significantly towards higher impact disruptions, including targeting the pillars of the online criminal ecosystem that lower the barrier to entry for fraudsters.’
Finally, on illicit finance and money laundering, the Report provides that the UK economy ‘continues to be attractive to those wanting to launder the proceeds of crime,’ and that the threat is an evolving one where corporate structures and the banking sector are chiefly exploited. There is an increase in misuse of crypto-assets and e-money as favoured means of moving illicit finance. These issues have been addressed in a range of ways, including by the integration of Companies House into the law enforcement governance structure, with Companies House staff having been significantly upskilled.
In not entirely unrelated news to that just discussed, Companies House (‘CH’) in the UK had published its Business Plan for 2024 – 2025. It opens with a bold assurance that CH is ‘hugely excited’ about the implementation of those aspects of the Economic Crime and Corporate Transparency Act 2023 which relate to it. (A copy of the statute and factsheets on the statute are at these links.) The Plan reminds of the four new objectives for registrars to promote which are central to CH’s implementation of the 2023 Act:
ensure any person who is required to deliver a document to the register does so (and that the requirements for proper delivery are complied with)
ensure information on the register is accurate and that the register contains everything it ought to contain
ensure records kept by the registrar do not create a false or misleading impression to members of the public
prevent companies and others from carrying out unlawful activities or facilitating the carrying out by others of unlawful activities.
Since the integrity of the Registers is central to much of its work, CH plans to see this is achieved by requiring companies to provide a registered email and an appropriate registered office, stopping ‘the use of Royal Mail PO Boxes and equivalent services as an appropriate registered office address by the end of March 2025.’ CH has indicated it will take a more sceptical approach to information provided to it and use its newly-acquired powers to reject information and annotate the Register where appropriate. It will also expedite the striking off of companies more quickly than was previously the case, and introduce a ‘registration process for third party agents to become authorised corporate service providers (‘ACSP’s).’ CH also plans to ensure it is ‘ready for the introduction of identity verification which will become mandatory for anyone setting up, running, owning or controlling a company in the UK, and those who file on behalf of companies.’ In terms of its plan to meet its strategic objective of combatting economic crime through active use of analysis and intelligence, CH plans, thanks to the 2023 Act, to use its powers to ‘gather, analyse and proactively share more intelligence’; ‘request data from other partners’; and, ‘pursue collaborative working opportunities across government and with law enforcement organisations to disrupt and take action against criminal activity.’ Plenty of plans, and doubtless much activity in the coming months, but the proof will be in next year’s annual report.
Cyber Crime
We end this week’s financial crime news with a round-up of cyber-attack news, and we start in the US where it is understood that Iran has started to increase its online activity with more attacks as the US presidential election moves into its final phase. It is understood that fake websites and other media have been created, in addition to the use of targeted phishing attacks, designed to achieve maximum disruption. To be frank, I’m not sure whether any of the candidates currently standing in the election would necessarily be pro-Iran, so it is difficult to see who might be their least favoured candidate. Whoever it might be, cyber-attacks during elections have become a fact of life, and just as in the UK where the Electoral Commission is alive to the threat, I would certainly hope that similar agencies in the US are equally well-prepared for any possible disruption. In other news relating to Iran, it is reported this week that the Central Bank has been the subject of a cyber-attack, disrupting the country’s banking system. No claims of responsibility at the moment, but if I were a gambling man, I know where my money would be.
In the UK, the National Crime Agency (‘NCA’) has announced the results of an internationally-coordinated operation to take down what it describes as ‘of the world’s most prolific Russian-speaking cybercrime actors.’ In parallel with the United States Secret Service, the FBI, and the NCA, ‘JP Morgan’ – as the individual is styled – ‘…and his associates are elite cyber criminals who practiced extreme operational and online security in an effort to avoid law enforcement detection. Cybercrime specialists … identified the real-world individuals responsible for several high-profile online monikers – including JP Morgan – and successfully tracked and located them as they sought to avoid detection across Europe. Investigators established that these individuals were responsible for the development and distribution of notorious ransomware strains, including Reveton and most recently Ransom Cartel, as well as exploit kits, including Angler, which have extorted tens of millions from victims worldwide.’ The principal individual concerned has been extradited from Poland to the US to face a range of cybercrime charges. In other news on a similar theme, the FBI in the US has announced that a ransomware group has been shutdown. The ‘Radar/Dispossessor’ group, operating since August 2023, ‘quickly developed into an internationally impactful ransomware group, targeting and attacking small-to-mid-sized businesses and organizations from the production, development, education, healthcare, financial services, and transportation sectors. Originally focused on entities in the United States, the investigation discovered 43 companies as victims of the attacks, from countries including Argentina, Australia, Belgium, Brazil, Honduras, India, Canada, Croatia, Peru, Poland, the United Kingdom, the United Arab Emirates, and Germany. During its investigation, the FBI identified a multitude of websites associated with ‘Brain’ – the leader – and his team.’
Now, as the Paris Olympics begin to lapse into memory, the authorities have reported that despite the predictions of cyber chaos in advance of the games, only 140 cyberattacks were reported during the Olympics. I think they’ll probably take that as a win.
Russia has featured prominently in this podcast for its malicious cyber activity, and a new report indicates that its phishing attacks are developing into a more sophisticated form of product. A new report by Citizen Lab, Munk School of Global Affairs & Public Policy, University of Toronto, and Access Now indicates that the ‘combination of the attack modalities, the profile of the victims, and other technical evidence points to the perpetrators being threat actors close to the Russian regime.’ The key findings are:
Two spear phishing campaigns targeted members of civil society from Eastern Europe and international NGOs working in the region. The campaigns are the work of two different threat actors, COLDRIVER and COLDWASTREL.
The attacks used Proton Mail email addresses to impersonate organizations or individuals that were familiar or known to the victims.
The attacks used PDF documents that appeared locked and provided a malicious link purporting to unlock them, but which instead led to fake login pages.
The attacks were intended to mimic everyday scenarios regularly encountered by the targeted organizations, which work to defend and uphold human rights, thus underscoring the highly targeted nature of the campaign.
The report makes valuable recommendations to avoid becoming a victim. ‘The main safeguard … is high awareness of the risks, as well as careful treatment of all communications received.’ The Report urges the correct use of two-factor authentication, but also that high-risk users be enrolled in programmes for those at higher digital risk. The Report is a valuable read for anyone, but especially for those who think that they may be at high risk.
And finally this week, at the United Nations, the pithily named ‘Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes’ has finished its work and agreed a draft United Nations Convention Against Cybercrime. The draft is the culmination of three years’ work by the Committee and it is expected to be adopted by the General Assembly later in 2024. When it is adopted, it will be the ‘first global legally binding instrument on cybercrime.’
Page updated
Report abuse