www.rusi.

org

Special Resources

Challenges for Counter-

Proliferation Finance
and Sanctions Control
in Banking
Noémi També and Fatima Busra Alsancak

Special Resources
193 years of independent thinking on defence and security

The Royal United Services Institute (RUSI) is the world’s oldest and the UK’s leading defence and security think
tank. Its mission is to inform, influence and enhance public debate on a safer and more stable world. RUSI is
a research-led institute, producing independent, practical and innovative analysis to address today’s complex
challenges.

Since its foundation in 1831, RUSI has relied on its members to support its activities. Together with revenue
from research, publications and conferences, RUSI has sustained its political independence for 193 years.

The views expressed in this publication are those of the authors, and do not reflect the views of RUSI or any
other institution.

Published in 2024 by the Royal United Services Institute for Defence and Security Studies.

© RUSI, 2024

This work is licensed under a Creative Commons Attribution – Non-Commercial – No-Derivatives 4.0
International Licence. For more information, see <http://creativecommons.org/licenses/by-nc-nd/4.0/>.

RUSI Special Resources, May 2024.

Cover image: Courtesy of adam121/Adobe Stock. Edited by RUSI.

Royal United Services Institute

for Defence and Security Studies
Whitehall
London SW1A 2ET
United Kingdom
+44 (0)20 7747 2600
www.rusi.org
RUSI is a registered charity (No. 210639)
Contents
Acknowledgements iii

Executive Summary 1

Introduction 4
Scope, Methodology and Limitations 6

I. Challenges to Effective CPF and Sanctions Control Implementation 8

A Disconnect Between Regulatory Expectations and Practical
Implementation 8
Limited Data Access and Quality 14
Limited Subject Matter Expertise 18
Disparity Across the Banking Sector With Regard to PF and
Sanctions Risk Assessments 22

II. Recommendations 28

Conclusion 31

About the Authors 32

Annex 1: Proliferation-Related Sanctions in Relation to North Korea,

Iran and Russia and Russian Sanctions             33

Annex 2: Defining Key Concepts 43

ii
Acknowledgements
The authors would like to thank the RUSI Publications team for its diligent
support and guidance. The authors would also like to thank the peer reviewers
for their review and helpful comments of an earlier version of this paper.

iii
Executive Summary
In light of the increasingly complex sanctions landscape, measures are required
to strengthen the financial system against proliferation finance (PF) and sanctions
evasion activity. While governments have a role to play in setting the regulatory
and legal landscape to fight PF and preserve the integrity of the global financial
system, they rely on the global cooperation of the financial sector to achieve
effective counter-proliferation finance (CPF) and sanctions implementation.
This report provides support to the financial sector by identifying the challenges
that financial institutions (FIs) face when implementing CPF and sanctions
controls and giving recommendations for tackling such challenges.

Informed by the authors’ interviews with experts in the field of CPF and sanctions,
the four key challenges to effective CPF and sanctions implementation are:

1. A disconnect between regulatory expectations and practical implementation.

2. Limited data quality and integrity.
3. Limited subject matter expertise.
4. Disparity across the banking sector with regard to PF and sanctions risk
assessments.

To tackle these challenges, the authors identify the following recommendations:

1. A disconnect between regulatory expectations and practical implementation

For competent authorities:

• Informed by public–private partnership, competent authorities should publish

guidance to support FIs on the interpretation of legislation and the practical
application of international and, where relevant, national export control
regimes.
• The document should illustrate best and bad practice and contain known
country-specific scenarios with step-by-step guidance to minimise interpretation
and reflect what banks can realistically achieve within the scope of their
commercial activities and responsibilities.

For the banking sector:

• A cross-jurisdictional roundtable for FIs that implement unilateral sanctions

while based in jurisdictions that have not adopted unilateral sanctions into
national legislation should be organised. The purpose of this roundtable
should be to explore challenges faced by FIs across jurisdictions and identify
best practice in relation to managing regulators while operationalising
unilateral sanctions.

1
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

2. Limited data access and quality

For competent authorities:

• Competent authorities should ensure that organisations such as freight

forwarders, insurers, customs brokers, shipping companies and FIs are
adequately trained and have robust compliance support. This would enable
all institutions to have oversight of trade transactions and a better understanding
of elevated risk factors to detect PF and sanctions evasion. Furthermore,
export and customs regulators should consider mandating the use of distributed
ledger technology (DLT) and the digitisation of trade data enabling information
to be mutually verified, to enhance transparency and trust. This blockchain
platform should be used by all relevant stakeholders such as shipping
companies, intermediaries, FIs and customs; with those choosing to exist
outside of this platform seen as anomalies.
• Competent authorities should consider adopting Harmonised System codes
in their dual-use goods lists to support and facilitate the detection of suspicious
shipments of dual-use, military and sensitive goods.
• Competent authorities should continue to enhance and maintain a national
central register of complete, accurate and up-to-date information relating to
ultimate beneficial ownership.
• To encourage robust and effective public–private partnership initiatives,
competent authorities should fund regional workshops on PF and sanctions
evasion as well as regional risk assessments to enhance international
cooperation between jurisdictions, exchange information, and share best
practice at government as well as institutional level.

For the banking sector:

• FIs should consider adopting and combining machine learning, network

analysis solutions and commercial data dictionaries to facilitate complying
with regulatory requirements relating to CPF and sanctions evasion risks.
• Greater use of SWIFT discretionary data fields should be encouraged as best
practice across the banking industry to tackle and identify ‘pinch points in
the flow of payments and help illuminate payments related to circumvention’.

2
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

3. Limited subject matter expertise

For competent authorities:

• Competent authorities should support the development of subject matter

expertise across the banking sector. When new regulations are introduced,
governments and regulators should provide briefings and access to data, as
well as observed typologies and emerging trends to best support the banking
sector with CPF and sanctions implementation. This should also include:

◦ Providing sector-specific guidance and assistance on the interpretation

and implementation of relevant legislation.
◦ Providing sector-specific guidance and assistance on managing and tracking
the volume of legislative changes and updates.

• Competent authorities, supervisors or banking associations should perform

a review and benchmarking exercise of FIs’ transaction monitoring tools’
calibration and tuning. Regulators, supervisors or banking associations should
then publish their findings and circulate best practice observed across the
banking sector to support the industry.

For the banking sector:

• FIs should enhance the due diligence on clients, counterparties, controlled

products and activities through training on how to perform open-source
intelligence research.

4. Disparity across the banking sector with regard to PF and sanctions risk
assessments

For competent authorities:

• Competent authorities should provide guidance on how to conduct an

institutional PF and sanctions risk assessment. This guidance should also
include support for a customer risk scoring questionnaire that accounts for
PF and sanctions risk. This would enable FIs to better understand and identify
the nexus between money laundering, terrorist financing, PF and sanctions
violations.
• Competent authorities should conduct a thematic review of PF and sanctions
risk assessment processes and methodologies across the banking industry
to identify whether the industry faces challenges and gaps that may have
wider repercussions on the robustness of CPF and sanctions regimes at the
national level. Where relevant, root cause should be identified alongside
remedial actions.

3
Introduction
W
hile governments have a role to play in setting the regulatory and
legal landscape to fight proliferation finance (PF) and preserve the
integrity of the global financial system, they rely on the relatively
recent global cooperation of the financial sector to achieve an effective counter-
1

proliferation finance (CPF) and sanctions implementation and control framework.

However, the banking sector is under increasing pressure to become the enforcer
of sanctions evasion prevention,2 especially in light of funds that ‘appear to be
moving unchallenged through the international financial system, and through
accounts set up and/or held by major financial institutions’.3 This is occurring
while financial institutions (FIs) struggle to ‘find, hire and keep senior-level staff
with the experience, knowledge and skills to manage ever-more complex,
scrutinised and liability-laden fincrime compliance programmes’.4

Indeed, sanctions implementation used to involve screening clients and

transactions against sanctions lists. The 2014 sanctions against Russia ‘introduced
sector-specific sanctions, which for the first time required financial institutions
– and others from the private sector such as oil services companies – to have a
deeper understanding of their clients and, critically, their activities’.5 The
subsequent 2022 full-scale invasion of Ukraine led to additional unilateral
sanctions imposed on Russia, resulting in an increasingly complex sanctions
landscape.

Furthermore, with some jurisdictions not aligned with the US announcement

on the expired UN Security Council Resolution6 concerning Iran, additional

1. For instance, in the UK, the Economic Crime and Corporate Transparency Act became law in October
2023. UK Government, ‘Economic Crime and Corporate Transparency Act’, 2023, <https://www.
legislation.gov.uk/ukpga/2023/56/enacted>, accessed 10 April 2024. Similarly, the EU is just starting to
focus on public–private partnerships. See European Data Protection Board, ‘Letter to the European
Parliament, the Council, and the European Commission on Data Sharing for AML/CFT Purposes in Light
of the Council’s Mandate for Negotiations’, 28 March 2023, <https://edpb.europa.eu/system/files/2023-04/
edpb_letter_out2023-0015_aml_cft_ep_en.pdf>, accessed 18 March 2024.
2. Alice Ross, ‘Banks Adopt AI to Manage Sanctions and Compliance Risk’, Financial Times, 30 January 2020.
3. Tom Keatinge, ‘Developing Bad Habits: What Russia Might Learn from Iran’s Sanctions Evasion’, RUSI
Occasional Papers (June 2023), p. 28.
4. Brian Monroe, ‘Banks Struggling on Compliance Staffing Due to Soaring Sanctions’, Association of
Certified Financial Crime Specialists, 24 June 2022, <https://www.acfcs.org/banks-struggling-on-
compliance-staffing-due-to-soaring-sanctions-hot-competition-for-smes-examiners-more-tightly-linking-
esg-financial-aml-risks-in-specter-of-new-climate-related-financial-risk-exams-occ>, accessed 9
November 2023.
5. Tom Keatinge and Gonzalo Saiz, ‘Euro SIFMANet: The Role of Data in Sanctions Implementation:
Barcelona Report’, RUSI Conference Report, p. 1.
6. The US statement declared: ‘Resolution 2231 (2015) was based on the assumption that Iran would take the
necessary steps towards restoring confidence in the exclusively peaceful nature of its nuclear

4
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

complications for FIs expected to abide by unilateral sanctions7 (while operating

in jurisdictions that do not implement them) are likely to arise. In sum, the
current regulatory uncertainty and complexity surrounding sanctions
implementation is a challenge for FIs’ CPF and sanctions implementation efforts.8

Finally, the absence of an internationally agreed definition of PF,9 along with

some jurisdictions expanding its definition to include risks from other potential
proliferation states, entities and individuals, has resulted in heterogeneous
domestic legislations and non-uniform implementation. This, in turn, drives
FIs’ respective understanding of PF. More particularly, ‘the most common
interpretation among relevant stakeholders in many countries is that proliferation
financing controls equate to the implementation of targeted financial sanctions
against Iran and North Korea’.10 It should, however, be noted that Russia sanctions
include both blanket measures, such as sectoral sanctions, and targeted sanctions,
such as trade sanctions. Both include a PF component to prohibit Russia from
acquiring military products and the technology required to renovate its military.11

While the authors acknowledge that other sectors are subject to sanctions regimes
and CPF obligations, this report aims to provide support to primarily national
and regional banking institutions by identifying and documenting challenges

programme. This has not happened’. See US Virtual Embassy Iran, ‘US Embassy Joint Statement on UN
Security Council Resolution 2231 Transition Day’, <https://ir.usembassy.gov/joint-statement-on-un-
security-council-resolution-2231-transition-day/>, accessed 9 November 2023.
7. This may be to maintain a correspondent banking relationship with a US institution, for instance.
8. Cherie Spinks and Bruce G Paulsen, ‘Navigating Conflicting Sanctions Regimes’, Global Investigations
Review, 8 July 2022, <https://globalinvestigationsreview.com/guide/the-guide-sanctions/third-edition/
article/navigating-conflicting-sanctions-regimes>, accessed 9 November 2023.
9. According to the Financial Action Task Force (FATF), the global anti-money-laundering and CTF standard
setter, ‘proliferation financing’ (PF) refers to the act of ‘providing funds or financial services which are
used, in whole or in part, for the manufacture, acquisition, possession, development, export,
transhipment, brokering, transport, transfer, stockpiling or use of nuclear, chemical or biological
weapons and their means of delivery and related materials (including both technologies and dual-use
goods used for non-legitimate purposes), in contravention of national laws or, where applicable,
international obligations’. See FATF, ‘Combating Proliferation Financing: A Status Report on Policy
Development and Consultation’, February 2010, p. 5.
10. Togzhan Kassenova and Bryan R Early, ‘Countering the Challenges of Proliferation Financing’, University
at Albany, July 2023, p. 13, <https://www.albany.edu/rockefeller/news/2023-countering-challenges-
proliferation-financing>, accessed 20 January 2024.
11. Sectoral sanctions target specific industries within a sanctioned country and identify persons and entities
operating in these sectors to prevent their access to sender country’s industries and financial systems.
Trade sanctions are primarily concerned with prohibiting the trade of specific items through restrictions
and bans. These include strategically important goods such as military, defence, security and dual-use
goods and technology. The primary distinction is that trade sanctions mainly place restrictions on the
import and export of products, whereas sectoral sanctions list individuals and organisations that are
operating in a particular industry for a sanctioned country. See Office of Foreign Assets Control (OFAC),
‘’Ukraine-/Russia-Related Sanctions’, <https://ofac.treasury.gov/sanctions-programs-and-country-
information/ukraine-russia-related-sanctions>, accessed 18 March 2024; European Commission,
‘Sanctions Adopted Following Russia’s Military Aggression Against Ukraine’, <https://finance.ec.europa.
eu/eu-and-world/sanctions-restrictive-measures/sanctions-adopted-following-russias-military-
aggression-against-ukraine_en>, accessed 18 March 2024.

5
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

that FIs face when implementing existing CPF and sanctions controls.12 This
report also aims to identify and document recommendations to both competent
authorities and banking institutions to tackle such challenges. Specifically, it
sets out to:

• Document challenges that national and regional banking institutions may

face when implementing international and unilateral sanctions relevant to
Iran, Russia and North Korea.
• Identify best practice that could contribute to mitigating these challenges.
• Provide recommendations, where pertinent, to competent authorities and
the financial sector.

It provides guidance and support to:

• National and regional FIs and potentially payment service providers (PSPs)
and designated non-financial businesses and professionals (DNFBPs).
• Competent authorities such as regulators, supervisors and/or policymaking
bodies (for example, Financial Action Task Force [FATF]-style regional bodies).

Scope, Methodology and Limitations

This report focuses on international and unilateral sanctions frameworks
regarding the proliferation of WMDs in relation to North Korea, Iran and Russia.
For an understanding of the current regulatory framework pertaining to sanctions
prohibiting state and non-state actors, WMD-related activities and Russia-related
sanctions, see Annex 1, Table 1.

Semi-structured interviews with six sanctions-risk practitioners and experts

operating in European and Middle Eastern FIs informed the research for this
report. More specifically, while this research is not comparative, the authors
interviewed three experts working in three European countries and three experts
working in three Middle Eastern countries (due to sensitivities associated with
sanctions and sanctions risks, the countries and institutions are not named). In
addition, five sanctions-risk practitioners and experts with cross-jurisdictional
experience were interviewed to triangulate the qualitative data that was collected.
Interviews were held between October 2023 and January 2024 and the qualitative
data collated was validated through the review of relevant policy literature,
reports from supervisors across relevant jurisdictions and grey literature.

12. To comply with international and national regulations, FIs have anti-money-laundering, CTF, CPF and
sanctions evasion prevention controls in place. Such controls involve sanctions screening, customer due
diligence (CDD), ongoing due diligence, transaction monitoring and suspicious activity reporting. In
addition, FIs are expected to abide by international and national export control regimes. See Annex 2 for
more details.

6
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

Interviewees were selected for their first-hand knowledge of CPF and sanctions
implementation.

Due to time constraints, the authors could not interview sanctions-risk practitioners
and experts operating in Africa or Asia, which may limit the generalisability of
the data collated. However, the CPF and sanctions implementation framework
offers a global context that provides homogenous conditions across a considerable
number of jurisdictions. While the authors acknowledge the inevitability of
variations within jurisdictions, the international standards and principles set
out by the UN and the FATF nevertheless ensure a considerable degree of
generalisation.

Chapter I discusses the challenges that FIs face when implementing international
and unilateral sanctions relevant to Iran, Russia and North Korea. Informed by
the authors’ research, Chapter II provides recommendations to tackle current
challenges to achieving effective CPF and sanctions implementation. In addition,
Annex 1 provides an overview of PF and sanctions regulation, and Annex 2
briefly defines export controls, anti-money-laundering (AML) processes and
sanctions screening.

7
I. Challenges to Effective
CPF and Sanctions
Control Implementation
I nformed by the authors’ interviews, this chapter documents the four challenges
to effective CPF and sanctions implementation. These are:

1. A disconnect between regulatory expectations and practical implementation.

2. Limited data quality and integrity.
3. Limited subject matter expertise across the banking sector.
4. Disparity across the banking sector with regard to PF and sanctions risk
assessments.

A Disconnect Between Regulatory

Expectations and Practical
Implementation
Multiple CPF and sanctions-evasion and -obfuscation methods are observed by
the banking sector13 and documented in grey literature.14 Such threats to the
integrity of the global financial system, along with regulators’ growing expectations
for FIs to act as gatekeepers of the financial system,15 further complicate the

13. Authors’ interviews with experts 2, 18 October 2023; 3, 6 November 2023; 4, 24 October 2023; and 9, 21
November 2023.
14. Sanctions evasion and obfuscation methods include goods smuggling, the use of gold, the falsification of
information on trade and shipping documents, obfuscation of end use and end user, transhipment,
setting up front and shell companies or the dilution of beneficial ownership. For more information
relating to the typologies, see National Crime Agency (NCA) et al., ‘Red Alert: Financial Sanctions Evasion
Typologies: Russian Elites and Enablers’, July 2022, <https://nationalcrimeagency.gov.uk/who-we-are/
publications/605-necc-financial-sanctions-evasion-russian-elites-and-enablers/file>, accessed 11
December 2023 and FATF, ‘FATF Guidance on Counter Proliferation Financing: The Implementation of
Financial Provisions of United Nations Security Council Resolutions to Counter the Proliferation of
Weapons of Mass Destruction’, February 2018, <https://www.fatf-gafi.org/content/dam/fatf-gafi/guidance/
Guidance-Countering-Proliferation-Financing.pdf>, accessed 4 December 2023.
15. The UK’s NCA recently issued an alert stating that ‘the financial sector plays a critical role in the
procurement cycle. The UK government encourages the financial sector, including banks, credit card
operators, foreign exchange dealers and non-bank payment service providers, to ensure they are
maintaining vigilance against global attempts to circumvent trade sanctions’. See NCA et al., ‘Red Alert:
Exporting High Risk Goods’, December 2023, <https://www.nationalcrimeagency.gov.uk/who-we-are/
publications/687-necc-red-alert-exporting-high-risk-goods/file>, accessed 9 December 2023.

8
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

implementation of CPF and sanctions controls.16 One expert summarises the

current situation as follows: ‘Ultimately, regulators have cloud-based expectations
that do not match FIs’ challenges with regards to practical implementation’17 of
CPF and sanctions requirements.

Indeed, some regulators have stressed FIs’ obligation to screen Harmonised

System (HS) codes,18 with the conviction that such information supports FIs in
complying with CPF and sanctions implementation. One expert stated: ‘Regulators
believe that HS codes are documented in all trade documents that FIs review
and screen in the context of trade finance[19] activities, but this is not the case
[this point is further explored in the following section], with the requirement
creating further delays in customer payments’.20 It is also worth noting that due
to the complexity of goods and products, it may be challenging to determine
which code should be assigned to a specific product, resulting in an erroneous
HS code. Thus, HS code screening could rely on potentially erroneous, missing
or omitted source information, yield high volumes of false-positive alerts, and
require an unrealistic degree of product expertise across the hundreds of
thousands of product types produced around the world in order to correctly
resolve alerts without physical sight of the underlying goods.

Similarly, regulators assume that all institutions have the resources to invest in
and operate sanctions screening tools.21 This remains untrue, particularly for
small to mid-sized FIs22 that still perform manual screening against lists that
are constantly updated. However, even larger FIs voice their concerns.23 For
instance, FIs are required to immediately implement freezing measures within
a maximum of 24 hours from the date of designation,24 but one expert explained
that this is difficult ‘despite tools that promise real time screening’. They note

16. Authors’ interview with expert 9, 24 November 2023.

17. Authors’ interview with expert 10, 27 November 2023.
18. HS codes are used to classify traded goods and products. For more information, see World Customs
Organization, ‘What is the Harmonized System (HS)?’, <https://www.wcoomd.org/en/topics/
nomenclature/overview/what-is-the-harmonized-system.aspx>, accessed 11 December 2023. It is
important to note that the Bureau of Industry and Security (BIS) issued a note in October 2023 publicising
high-priority items that Russia seeks to procure for its weapons programme. See BIS, US Department of
Commerce, ‘Common High Priority List’, 23 February 2024, <https://www.bis.doc.gov/index.php/
all-articles/13-policy-guidance/country-guidance/2172-russia-export-controls-list-of-common-high-
priority-items>, accessed 11 December 2023.
19. Trade finance consists of financial products and services that support the international trade of goods.
Those goods can be used or modified for use in the development of WMDs.
20. Authors’ interview with expert 4, 24 October 2023 and 7, 17 November 2023.
21. Sanctions screening involves checking a name, good, item or entity against a watchlist to identify
potential matches. It is a tool intended to disrupt, detect and prevent financial crime. Sanctions screening
can restrict trade with specific individuals, groups, agencies and individuals in several industries.
22. Authors’ interviews with expert 2, 18 October 2023 and 8, 21 November 2023.
23. Authors’ interviews with expert 8, 21 November 2023 and 9, 24 November 2023.
24. The FATF requires all jurisdictions to implement UN targeted financial sanctions relating to proliferation
without delay.

9
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

that ‘this real-time function is not real in a practical term and as a money-
laundering reporting officer you have no idea what could happen within this
24-hour gap. A new name or entity may be added, and your institution may end
up being exposed [to PF and sanctions risks]’.25

In addition, when implementing CPF and sanctions controls, while some regulators
publish frequently asked questions and guidance, the lack of practical regulatory
guidance and support for interpreting increasingly complex sanctions regulation
is a challenge. This point is not exclusive to Russian sanctions – recognised as
being particularly complex.26 It also concerns Iran. For instance, the UN-imposed
activity-based and other financial prohibitions under United Nations Security
Council (UNSC) Resolution 2231 (2015) related to Iran’s missile and nuclear
programme.27 Prohibitions contained in UNSC Resolution 2231 were lifted on 18
October 2023, but ‘[l]egally under UN Security Council resolution 2231 … the US
or the E3 [Britain, France and Germany] can still snap back and restore older
multilateral penalties on Iran’s nuclear, missile and military program’.28 Thus,
although FIs understand their international requirements, there are uncertainties
as to how they are expected to interpret legislation, what governments and
administrations may decide and how this may impact their processes, systems
and controls. According to one expert, ‘There is too much greyness around
regulation and too much divergence between sanctions authorities. How do I
implement what? When do I report and when do I not report?’.29

Such uncertainty extends to unilateral sanctions such as those of the US Treasury’s

Office of Foreign Assets Control (OFAC).30 For instance, a Middle East-based risk
practitioner stated that in light of the US State Department’s recent push for
greater investments in Iraqi infrastructure (education, energy, finance, health
and technology31), FIs operating across the region and providing financial services
and products to support the initiative need ‘the regulator to be more flexible and
have a greater risk appetite’.32 This will help FIs obtain assurance that they can
support the US State Department’s vision for Iraqi development while managing
PF and sanctions risk exposure, given the strong Iraq–Iran trade ties.33

25. Authors’ interview with expert 5, 10 November 2023.

26. Authors’ interviews with experts 2, 18 October 2023; 5, 10 November 2023; 9, 24 November 2023; 10,
27 November 2023; and 11, 19 December 2023. See Annex 1 for more information relating to Russian
sanctions.
27. The 2231 List contains the names of the persons and entities designated under UNSC Resolution 2231.
28. Iran International, ‘UN Bans on Iran. End, Setting Stage for Missile Proliferation’, 21 October 2023,
<https://www.iranintl.com/en/202310205679>, accessed 9 December 2023.
29. Authors’ interview with expert 10, 27 November 2023.
30. See Annex 1 for more information relating to OFAC sanctions.
31. Arab News, ‘US Businesses Encouraged to do Business in Iraq’, 20 June 2023, <https://www.arabnews.com/
node/2324911/business-economy>, accessed 10 December 2023.
32. Authors interviews with expert 8, 21 November 2023.
33. Arab News, ‘Iran and Iraq Pledge to Forge Stronger Trade Ties During Official Visit’, 1 November 2023,
<https://www.arabnews.com/node/2401446/business-economy>, accessed 10 December 2023.

10
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

A final point raised by risk practitioners is the challenge associated with

implementing unilateral sanctions (such as OFAC, EU or UK sanctions, including
Russian sanctions packages)34 while based in jurisdictions that have not adopted
such packages into national legislation. While some FIs are required to simply
evidence and rationalise their decision-making to local regulators,35 others are
accused by their regulators of derisking and failing to apply the risk-based
approach,36 thus creating friction and increasing exposure to regulatory risk.
Another risk practitioner reported being challenged by their local financial
intelligence unit (FIU) when logging unilateral sanctions related to suspicious
activity reports (SARs): ‘When we log a SAR related to an entity that is designated
under OFAC, for instance, but is not designated by our jurisdiction, it becomes
very difficult for us. For example, it has repercussions on what we can do with
the assets in terms of freezing or not and, when exiting clients, what currency
we can return their funds in’.37 Ultimately, such FIs have conflicting interests:
abiding by unilateral sanctions to maintain correspondent banking relationships
and international licences while maintaining robust relationships with their
local regulators and FIUs.38

Box 1: Case Study: Iranian Sanctions Violation

In 2019, the US District Court of New Hampshire indicted Aiden Davidson for
violating Iranian sanctions. Davidson purchased through his company, Golden
Gate International LLC, motors, pumps, valves and other dual-use and military
items to export them to Iran via Türkiye. He would document Stare Lojistik
Enerji Sanayi Ticaret (hereafter Stare Lojistik) as the end user39 in all relevant
shipping and export filings. However, Stare Lojistik was a freight forwarder
and would re-export goods to the true end user, in this case Babazadeh Trading
Company, which is based in Iran.40

Investigations conducted by US authorities identified that:

34. In order to maintain correspondent banking relationships or operations in relevant jurisdictions.

35. Authors’ interview with expert 10, 27 November 2023.
36. Authors’ interview with expert 1, 3 October 2023.
37. Authors’ interview with expert 8, 21 November 2023.
38. Authors’ interviews with experts 1, 3 October 2023; 6, 13 November 2023; and 8, 21 November 2023.
39. Note that end-user certification typically comes in the form of self-attestations from customers, without a
robust process to verify whether this information is accurate, complete and up to date.
40. Superseding Indictment US District Court District of New Hampshire, ‘United States of America v. Aiden
Davidson and Babazadeh Trading Co.’, p. 5, <https://www.iranwatch.org/sites/default/files/superseding_
indictment_-_davidson_Unitedand_babazadeh.pdf>, accessed 22 January 2024. The 2020 press release
officially names the Igdir-based company, whereas the superseding documents just explain its features
without naming it.

11
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

• Aiden Davidson is an Iranian citizen who changed his Iranian name when
he obtained US citizenship.41

• There is no evidence that Aiden Davidson or Golden Gate LLC had applied
for an export licence to Iran for shipments of relevant dual-use goods.

• Golden Gate LLC was registered at Davidson’s home address.42

• Davidson had declared to competent authorities that his annual income

was $55,00043 but this was not commensurate with the activities that were
observed on his company’s US bank account between 2013 and 2017.44

• Emails by [masked]azadeh-corp.com indicated that SWIFT45 payments had

been made to Golden Gate LLC via bank accounts held in Armenia, Cyprus
and Hong Kong. Remittance information documented ‘educational and
living expenses’ and ‘payment for tools’ under purpose of payment.46

• Stare Lojistik’s website was registered to a hotmail.com email address.47

It is not possible to establish from publicly available information whether FIs

that provided financial services and products to Golden Gate LLC and their
associates performed or failed to perform adequate sanctions and PF risk
mitigation controls. However, the following controls could have indicated that
the case had elevated PF risk factors:

Elevated Risk Factors

• Involvement of companies based in high-risk PF and sanctions-evasion

jurisdictions.

• Import/export of dual-use and military items.

41. US Attorney’s Office District of New Hampshire, ‘Massachusetts Man Sentenced to 46 Months for
Smuggling Goods from the United States to Iran’, 16 July 2020, <https://www.justice.gov/usao-nh/pr/
massachusetts-man-sentenced-46-months-smuggling-goods-united-states-iran>, accessed 24 January
2024.
42. David Albright et al., ‘Illicit Trade Networks Vol.1: Connecting the Dots’, Institute for Science and
International Security, February 2020, p. 141, <https://isis-online.org/books/detail/illicit-trade-networks-
connecting-the-dots-volume-1>, accessed 22 January 2024.
43. Criminal Complaint, ‘United States District Court United States of America v. Aiden Davidson aka Hamed
Aliabadi’, p. 8, <chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://www.iranwatch.org/sites/
default/files/criminal_complaint_-_davidson.pdf>, accessed 22 January 2024.
44. Indictment US District Court of New Hampshire, ‘Indictment United States of America v. Aiden Davidson
aka Hamid Aliabadi’, p. 5, <https://www.iranwatch.org/sites/default/files/indictment_-_davidson.pdf>,
accessed 22 January 2024.
45. Society for Worldwide Interbank Financial Telecommunication.
46. Criminal Complaint, ‘United States District Court for New Hampshire, United States of America v. Aiden
Davidson aka Hamed Aliabadi’, p. 25, <chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://
www.iranwatch.org/sites/default/files/criminal_complaint_-_davidson.pdf>, accessed 22 January 2024.
47. Ibid., p. 7.

12
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

• Unusual elements relating to the company’s counterparties when performing

open-source intelligence research.

• Dual citizenship including Iranian nationality.

With these inherent risks identified, it might have been expected that the
following controls would have been applied by the FI providing banking
services to Golden Gate LLC.

Mitigation Measures and Controls

• An employee training programme to ensure there is robust CPF and sanctions

risk awareness within the FI, including import/export controls and relevant
policy and procedure.

• A customer due diligence (CDD) and know your customer (KYC) framework
to establish the ultimate beneficial owner (UBO) and/or other controlling
person(s) of the US trading company and any elements (such as geographical)
that may indicate elevated risk factors.

• A CDD and KYC framework to identify and assess the geographic spread
of the company’s activities and establish the purpose and nature of the
account, including expected activities.

• Ensuring, as part of CDD and KYC, that the customer has been registered
and/or licensed by competent authorities if involved in the import/export
of sensitive goods.48

• Transaction monitoring and sanctions screening of incoming and outgoing

payment to detect unusual or suspicious activities aligned with known PF
and sanctions-evasion typologies.49

• Open-source intelligence, adverse media search on the company and all

relevant counterparties.

48. In addition, with regard to Russian sanctions, OFAC recommends that FIs communicate compliance
expectations to customers, such as ‘informing them that they may not use their accounts to do business
with designated persons operating in the specified sectors or to engage in any activity involving Russia’s
military-industrial base. This may include sharing the list of specified items with clients, particularly
those involved in import-export, manufacturing, or any other relevant business lines’. See OFAC
Sanctions Advisory, ‘Guidance for Foreign Financial Institutions on OFAC Sanctions Authorities Targeting
Support to Russia’s Military-Industrial Base’, 22 December 2023, <https://ofac.treasury.gov/media/932436/
download?inline>, accessed 8 January 2024.
49. For instance, although it is not unusual to have vague or ambiguous payment descriptions on SWIFT
messages, the cumulation of elevated risk factors will drive risk analysts to investigate payments further
in order to perform additional due diligence. For further information, see Wolfsberg Group, International
Chamber of Commerce (ICC) and BAFT, ‘The Wolfsberg Group, ICC and BAFT Trade Finance Principles:
2019 Amendment’, 2019, p. 70, <https://2go.iccwbo.org/the-wolfsberg-group-icc-and-baft-trade-finance-
principles.html>, accessed 11 April 2024.

13
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

• On-site customer visit to verify and validate information collated during

CDD and KYC.

Limited Data Access and Quality

The RUSI-led European Sanctions and Illicit Finance Monitoring and Analysis
Network (SIFMANet) identified ‘that all stakeholders – whether private sector
actors seeking to improve their implementation or governments monitoring for
circumvention and evasion – need better data’.50 Authors’ interviews with experts
confirm this point: limited functionality of beneficial ownership registries,
limited data quality in trade documentation and limited data availability for
open account transaction screening are challenges to effective CPF and sanctions
implementation. Those points are discussed in turn.

Limited data quality and accessibility of beneficial ownership were highlighted

as being challenges for FIs,51 especially in light of sanctioned entities diluting
beneficial ownership, transferring assets and holding company shareholdings
to trusted proxies, or surrendering previous controlling stakes to evade sanctions.52
In addition, there is no consistency across jurisdictions in relation to the
methodology for identifying beneficial ownership, the types of entities that
should be in scope, record keeping, data validation process, sanctions (in case
of non-compliance) and registry access for non-governmental agencies.53 For
example, according to the latest international business registers report, ‘only
nine of the 29 registries that collect beneficial ownership data make it available
outside of government’.54 Furthermore, the FATF’s 2022 report identified that
‘just about half (52%) of countries, on average, have the necessary laws and

50. Keatinge and Saiz, ‘Euro SIFMANet: The Role of Data in Sanctions Implementation Barcelona Report’.
51. Authors’ interview with expert 5, 10 November 2023.
52. NCA et al., ‘Red Alert, Financial Sanctions Evasion Typologies’, p. 3. For more information relating to
beneficial ownership, see HM Government, ‘Global Advisory on Russian Sanctions Evasion Issued Jointly
by the Multilateral REPO Task Force’, 9 March 2023, <https://www.gov.uk/government/publications/
russian-elites-proxies-and-oligarchs-taskforce-statement-and-advisory/global-advisory-on-russian-
sanctions-evasion-issued-jointly-by-the-multilateral-repo-task-force-accessible-version>, accessed 20
December 2023. Note also that while banks can freely offboard any customer whose ownership structure
or recent reassignment in ownership is considered suspect, they are exposed to civil liability risks and
can face potential accusations of unfair treatment or de-risking.
53. Global Forum on Transparency and Exchange of Information for Tax Purposes, ‘Building Effective
Beneficial Ownership Frameworks: A Joint Global Forum and IDB Toolkit’, 2021, <https://www.oecd.org/
tax/transparency/documents/effective-beneficial-ownership-frameworks-toolkit_en.pdf>, accessed 12
December 2023. Also see European Business Registry Association, ‘The International Business Registers
Report’, 2019, <https://ebra.be/wp-content/uploads/2020/03/IBR-Report-2019.pdf>, accessed 12 December
2023.
54. Farley Mesko, ‘Finding UBO Without Beneficial Ownership Registries: Data Driven Solutions to the
Challenges of Beneficial Ownership Compliance’, NiceActimize, 16 September 2020, <https://www.
niceactimize.com/blog/aml-finding-ubo-without-beneficial-ownership-registries-data-driven-solutions-
to-the-challenges-of-beneficial-ownership-compliance-662/>, accessed 12 December 2023.

14
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

regulations to understand, assess the risks of, and verify the beneficial owners
or controllers of companies (legal persons and arrangements – Recommendations
24 and 25). Only 9% of countries are meeting the effectiveness requirements of
this immediate outcome’.55

Ultimately, according to Darya Dolzikova and Daniel Salisbury:

data on corporate registrations is critical information that

needs to be made more readily available to the private sector.
Trying to identify criminal elements within the complex webs
of corporate infrastructure they hide behind is difficult enough.
Doing so without access to verified, up-to-date, and easily
accessible data on company ownership—as remains the case in
many jurisdictions—is tantamount to looking for a needle in a
haystack while wearing a blindfold.56

Experts also highlighted the vagueness of goods descriptions available on bills

of lading, invoices and shipping documents,57 as well as limited correlation to
HS code descriptions.58 This makes it challenging for FIs to identify goods and/
or activities which may be indicative of PF and sanctions violations. Indeed,
‘dual-use goods frequently pose screening challenges due to the multiple designs
or material properties of a particular item. For example, the many different
properties and uses of aluminium can lead to vague goods descriptions on trade
documents, offering little insight as to its end use, whether it be in the nuclear
industry or in bicycle manufacturing’.59 Unfortunately, as more emphasis is put
on HS codes screening,60 further pressure is applied to the private sector, including
the banking industry, to screen and decipher HS codes. As one expert said, ‘The
point is, if you do not have good data to work with, you will be struggling’.61

Unsurprisingly, limited data and information also impacts the quality of checks
and controls that can be performed when reviewing open account transactions,

55. FATF, ‘Report on the State of Effectiveness and Compliance with the FATF Standards’, 2022, p. 32, <https://
www.fatf-gafi.org/content/dam/fatf-gafi/reports/Report-on-the-State-of-Effectiveness-Compliance-with-
FATF-Standards.pdf>, accessed 21 December 2023.
56. Darya Dolzikova and Daniel Salisbury, ‘It is the Player, but Mostly the Game’, Lawfare, 25 August 2022,
<https://www.lawfaremedia.org/article/it-player-mostly-game>, accessed 11 December 2023.
57. Authors’ interview with expert 4, 24 November 2023.
58. Byron McKinney, ‘U.S. FinCEN & BIS High Priority Items List – Trade Patterns for Russian Battlefield
Electronics’, S&P Global, 28 August 2023, <https://www.spglobal.com/marketintelligence/en/mi/research-
analysis/us-fincen-bis-high-priority-items-list-russian-trade-patterns.html>, accessed 7 December 2023.
59. IHS Markit, ‘Is the Trade Finance and Supply Chain Industry Equipped to Manage Sanctions Screening
for Military and Dual-Use Technologies?’, 2021, <https://cdn.ihsmarkit.com/www/pdf/0821/IHS-Markit-
MT-DualUseGoods-Kharon-ResearchPaper-December-2020.pdf>, accessed 29 November 2023.
60. The BIS issued a note in October 2023 publicising high-priority items that Russia seeks to procure for its
weapons programme. See BIS, US Department of Commerce, ‘Common High Priority List’.
61. Authors’ interview with expert 4, 24 November 2023.

15
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

which is a key concern for the experts that were interviewed.62 While trade
finance-related transactions offer opportunities for banks to carry out due
diligence,63 open account transactions are simply accompanied by SWIFT MT103
messages, which typically provide little information on the underlying transaction,64
especially when FIs have limited visibility of the end-to-end transaction.

Box 2: Open Account Trade, PF and Sanctions Evasion

As global trade in goods and services has expanded over the years, so has
open account trade:

Open account terms [are where] the buyer and seller agree to
the terms of the contract and goods are delivered to the buyer
followed by a clean or netting payment through the banking
system. Under such open account terms, unless the FI is
providing credit facilities, the FI’s involvement will be limited
to the clean payment, and it will not generally be aware of the
underlying reason for the payment. As the FI has no visibility
of the transaction, it is not able to carry out anything other than
the standard AML and sanctions screening on the clean or
netting payment.

In sum, open account trade enables goods to be shipped and delivered before
payment is due, with the exporter sending shipping documents directly to
the exporter. This process does not involve the bank. As a result, while the
bank has access to the CDD files of its direct customers – reviewing information
regarding beneficial owners, business activities and past transactions – it
does not have key information relating to the goods being shipped, the identity
and jurisdiction of either buyer or seller, the vessel name, the shipping
company, or the shipping routes. This is also the case for intermediary banks
that only have payer and payee information in a wire payment message. The
importer and exporter of goods will only use a bank as a means of transmitting
money.

FIs offering open account trade may not:

62. Authors’ interviews with experts 4, 24 November 2023; 5, 10 November 2023; 7, 17 November 2023; 9,
24 November 2023; and 10, 27 November 2023.
63. Banks involved in trade finance typically require copies of relevant documents, such as invoices, bills of
lading and export licences relating to the shipments concerned. Information in these documents can be
checked against trade-related risk indicators such as sanctions and PF.
64. ‘SWIFT MT103 payment messages are used specifically for cross-border payments. Although Field 70 of
MT103s can be used to include remittance information, it is not mandatory and so in practice SWIFT 103
messages contain little information that could be used to screen for proliferation financing’. See Ibtissem
Lassoued and Michael Matossian, ‘Trade Based Financial Crime - Middle East and North Africa: A
Reference Guide for the Anti-Financial Crime Community’, Global Coalition to Fight Financial Crime,
2022, <https://gfintegrity.org/wp-content/uploads/2022/10/TBFC-in-MENA-Report-English.pdf>, accessed
17 October 2023.

16
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

• Understand whether the merchandise being shipped consists of dual-use

listed goods.

• Know who is transporting or facilitating the movement of the goods.

• Know whether the vessels or persons involved in the trade are sanctioned.

• Know whether the shipment is stopping in or routed through a sanctioned

or high-risk jurisdiction.

As such, although the importer and/or exporter may be proliferators,

transactions may not be flagged as suspicious and might appear to be legitimate.

Unlike open account trade, letters of credit require banks to obtain

documentation, including information relating to the goods being shipped,
details of counterparties (for example, the identity and jurisdiction of both
buyer and seller), consignees and shipping information such as vessel name,
the shipping company and shipping routes. This enables FIs to use this
information to conduct thorough due diligence, extract information and
screen the transaction and associated data points.

Source: Wolfsberg Group, ICC and BAFT, ‘The Wolfsberg Group, ICC and BAFT Trade Finance
Principles’, 2019 amendment, p. 9, <https://www.wolfsberg-principles.com/sites/default/files/wb/
Trade%20Finance%20 Principles%202019.pdf>, accessed 11 April 2024; Noémi També, ‘Institutional
Proliferation Finance Risk Assessment Guide’, RUSI, 8 June 2023. p. 12, <https://static.rusi.
org/proliferation-finance-risk-assessment-special-resource.pdf>, accessed 2 October 2023;
A letter of credit is a bank’s guarantee that the correct payment will be received within the agreed
timeframe. If the paying entity cannot make the payment to the selling entity, the bank agrees to
pay the full amount.

One expert confirmed this point, explaining that ‘open account trading is
extremely challenging because there’s no access to the underlying activity. Also,
you may have companies that are based in your country and are conducting
business here, but the actual trade may not even be occurring within your
jurisdiction’.65 Another echoes this point, saying that open account trading ‘is a
challenge that no one truly has an answer for. Some screening may be possible
and will be a control that is more effective than customer due diligence and
enhanced due diligence, but ultimately these are the only controls in place to
protect institutions that are engaged in delivering open account products’.66

While intelligence data and the use of open-source intelligence may support FIs
in their controls and due diligence on suppliers, vendors, ownership, potential

65. Authors’ interview with expert 10, 27 November 2023.

66. Authors’ interview with expert 5, 10 November 2023.

17
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

patterns and networks,67 the risk associated with providing such products is
clear: ‘We try to avoid open account trades, there are no adequate controls for
such products’.68

Limited Subject Matter Expertise

An additional challenge is the shortage of sanctions-evasion specialists across
the industry. The root cause may be FIs’ overreliance on screening tools, resulting
in high investment costs69 at the expense of adequate investment in high-quality
recruitment and training. Similarly, it could be the erroneous belief that sanctions
operationalisation remains a list-based exercise, indicative of the failure to
understand the purpose of obfuscation techniques.70 Nonetheless, limited subject
matter expertise, especially in smaller institutions,71 is reported as a key weakness
in CPF and sanctions implementation. Discussion with experts indicated that
compliance analysts lack knowledge of export-control regimes and dual-use
items.72 However, this gap in knowledge also extends to understanding the
complexity of sanctions packages (particularly with regard to Russia) and
performing adequate tuning and calibration of screening tools.73

Specifically, experts indicated that the gap in subject matter expertise is palpable,
considering the increase in the number of unilateral sanctions,74 as well as the
complexity of such packages. Indeed, interviews highlight that while sanctions
on North Korea and Iran are relatively straightforward to operationalise, Russian
sanctions are not. For example, one element of those sanctions is adherence to

67. Authors’ interviews with expert 7, 17 November 2023 and 10, 27 November 2023.
68. Authors’ interview with expert 9, 24 November 2023.
69. Authors’ interview with expert 8, 21 November 2023.
70. Authors’ interview expert 7, 17 November 2023 and 10, 27 November 2023. For more detail on obfuscation
techniques, see the case studies in this report.
71. Authors’ interviews with experts 2, 18 October 2023; 5, 10 November 2023; and 6, 13 November 2023. Note
that experts reported that smaller institutions struggle with beneficial ownership variations across
jurisdictions and ownership thresholds.
72. Dual-use goods are goods, software and/or technologies that can be used for both commercial and
military purposes. Such goods include nuclear materials, electronics, computers, sensors and lasers, for
example. The export, transit and brokering of dual-use items is controlled to preserve international
peace and security and prevent the proliferation of WMD. For more on dual-use goods, see Anagha Joshi,
Emil Dall and Dolzikova, ‘Guide to Conducting a National Proliferation Financing Risk Assessment’, RUSI,
13 May 2019, <https://www.rusi.org/explore-our-research/publications/special-resources/guide-
conducting-national-proliferation-financing-risk-assessment>, accessed 9 April 2024; John Varesi,
‘Wassenaar Arrangement Control Lists’, presentation to BIS 2018 Annual Conference on Export Controls
and Policy, 2018.
73. Authors’ interview with experts 6, 13 November 2023; 9, 24 November 2023; and 10, 27 November 2023.
74. A Deloitte report indicates that the number of sanctions targeting Russia increased by 311% after
February 2022. See Sanna Järvenpää, Rosa Karppinen and Yifan Wang, ‘The Threats and Possibilities for
Companies Navigating in Complex and Evolving Sanctions Landscape’, Deloitte, <https://www2.deloitte.
com/fi/fi/pages/risk/articles/navigationg-in-complex-and-evolving-sanctions-landscape.html>, accessed
14 December 2023.

18
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

the oil ban, which aims to reduce the revenues Russia earns from oil. However,
mechanisms of the oil ban are particularly technical, due to the oil price cap,
bi-monthly reviews of the oil price cap mechanism, exemptions and country-
specific updates.75

In addition, subject matter experts need to keep up to date with geopolitical

events to ensure they can anticipate trends and emerging risks. For example,
while grains such as wheat and barley are not sanctioned commodities under
the EU 11th Russian sanctions package,76 international traders and freight
companies are less willing to engage with Moscow, and Russia increasingly relies
‘on a “shadow fleet” of older vessels typically operated by companies based in
Turkey and China’.77 Similarly, reports of Ukrainian grain stolen by Russia and
smuggled to Türkiye, Lebanon and other jurisdictions to raise revenue is another
threat to FIs who need to calibrate their due diligence, controls and checks to
ensure they can identify such typologies and mitigate the risk of facilitating
grain smuggling.78 One expert confirmed: ‘Screening tools cannot screen all
Russian sanctions because of the layers and complexity in relation to barley,
wheat, luxury goods, and levels of oil. This means that some financial institutions
have simply decided to unbank Russian entities’.79

Furthermore, the tuning and calibration of transaction monitoring, trade

documentation and sanctions screenings tools are also a key element driven by
the expertise of risk practitioners, which is not homogeneous across the industry.
In the case of trade documentation screening, ‘a gun, for instance, could be a
glue gun. It could be a nail gun. It could be a water gun and will be picked up
by a tool that is not adequately calibrated’.80 Thus, while some organisations face
a high rate of false positives,81 others have implemented processes that provide
context to data (this could be geographical or business activity-related context)
or enable network analytics to improve screening accuracy and drive down the
rate of false positives: one expert explained that their payment screening tools’

75. Authors’ interview with experts 3, 6 November 2023; 5, 10 November 2023; and 9, 24 November 2023. For
further information on the oil ban, see European Council, ‘EU Sanctions Against Russia Explained’,
<https://www.consilium.europa.eu/en/policies/sanctions/restrictive-measures-against-russia-over-
ukraine/sanctions-against-russia-explained/>, accessed 12 December 2023; US Department of State.
‘Ukraine and Russia Sanctions’, <https://www.state.gov/ukraine-and-russia-sanctions/>, accessed 14
December 2023. Also see Annex 1 for further details concerning Russian sanctions.
76. See Annex 1 for more information relating to Russian sanctions.
77. Jonathan Saul and Nigel Hunt, ‘After Attacking Ukraine Wheat Exports, Russia Faces Own Shipping
Challenge’, Reuters, 8 August 2023.
78. Michael Biesecker, Sarah El Deeb and Beatrice Dupuy, ‘Russian Smuggling Ukrainian Grain to Help Pay
for Putin’s War’, AP News, 3 October 2022, <https://apnews.com/article/russia-ukraine-putin-business-
lebanon-syria-87c3b6fea3f4c326003123b21aa78099>, accessed 14 December 2023.
79. Authors’ interview with expert 9, 24 November 2023.
80. Authors’ interview with expert 4, 24 November 2023.
81. Authors’ interview with expert 6, 13 November 2023.

19
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

false positive rate decreased from 34% to 21% through the use of advanced
analytics.82

Furthermore, regulators now expect sanctions specialists to have a sound

understanding of their tools’ algorithm and data-matching process which, with
growing regulatory and industry expectations for the use of sophisticated AI
tools, may become an increasing challenge.83 Indeed, ‘the ability to explain what
happens “in the box”, from input to output, ensures transparency of decision-
making, which in turn preserves the institution’s credibility – an imperative for
any organisation’.84 Unfortunately, not all risk practitioners, including across
supervisory bodies, have this level of understanding and expertise.

A final element that was raised by experts is the fact that compliance teams
operate in silos, which exacerbates FIs’ ability ‘to identify the nexus between
ML [money laundering], TF [trade finance], PF and sanctions violations. Some
analysts assume that there will be a direct correlation between screening and
designated entities and that sanctions risk is separate from other types of illicit
finance-related crimes’.85 This compartmentalised approach to financial crime
and sanctions risk is, unsurprisingly, reflected in control frameworks and
mechanisms in place across FIs. Thus, ‘further difficulties are potentially created
by the internal operational “split” within banks between sanctions screening
and transaction monitoring. The identification of a sanctions match will lead to
the suspension of a transaction and a report to a national sanctions administrator,
but this relies on screening revealing a link to a designated individual or entity.
If no such link is identified, transactional activity might be identified separately
as unusual or suspicious, but not necessarily sanctions related’.86 FIs would
welcome understanding best practice for better identifying the nexus between
ML, TF, PF and sanctions violations.

82. Authors’ interviews with experts 9, 24 November 2023 and 10, 27 November 2023.
83. Authors’ interview with expert 9, 24 November 2023. It is important to note that the sophistication of
screening tools selected will be driven by many factors, including compliance budget and risk appetite.
84. Noémi També, ‘Risk-Based and Data-Led. Can The UK’s Financial Conduct Authority Meet its Ambition?’,
RUSI Commentary, 28 September 2021.
85. Authors’ interviews with expert 7, 17 November 2023.
86. Tom Keatinge, ‘Developing Bad Habits, What Russia Might Learn from Iran’s Sanctions Evasion’, RUSI
Occasional Papers (June 2023), p. 29.

20
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

Box 3: Case Study: North Korean Sanctions Violation

North Korea needs to raise revenue to fund ‘political patronage networks that
keep the existing regime in power. It also needs to pay for nuclear weapons
and missile programmes’.87 In April 2023, OFAC announced that Sim Hyon
Sop, a representative of the Foreign Trade Bank (a North Korean FI) was
charged alongside Wu Huihui and Chen Hung Man for North Korean sanctions
violation. The three individuals were supporting North Korea’s WMD
programmes by converting stolen virtual currency into fiat currencies. More
specifically, Wu and Chen were over the counter (OTC) brokers based in China
and Hong Kong. The OTCs held accounts at large cryptocurrency exchanges
which were used to ‘off ramp’ (convert crypto assets into fiat money) stolen
assets and send them to bank accounts across traditional FIs. This was
performed ‘under cover of high-volume OTC trades, or other trading activity’.88
Once the money had been integrated into the traditional financial system, it
was sent to front companies used to purchase items such as tobacco or
communication devices89 on behalf of North Korea.

Publicly available information does not reveal whether FIs that provided
financial services and products to the central exchanges performed or failed
to perform adequate sanctions and PF risk mitigation controls to ensure that
the latter had robust AML, CTF and CPF controls. However, the following
could have indicated that the central exchanges had elevated PF risk factors:

Elevated Risk Factors

• Involvement of high-risk PF and sanctions-evasion jurisdictions.90

• Provision of services to OTC brokers91 which form part of North Korea’s

revenue-raising activities.92

With these inherent risks identified, it might have been expected that the FIs
banking the central exchanges would have applied the following controls:

87. King Mallory, North Korean Sanctions Evasion Techniques (Santa Monica, CA: RAND Corporation, 2021).
88. TRM Insights, ‘North Korean Foreign Trade Bank Rep Charged for Role in Two Crypto Laundering
Conspiracies’, 26 April 2023, <https://www.trmlabs.com/post/north-korean-foreign-trade-bank-rep-
charged-for-role-in-two-crypto-laundering-conspiracies>, accessed 24 January 2024.
89. US Department of the Treasury, ‘Treasury Targets Actors Facilitating Illicit DPRK Financial Activity in
Support of Weapons Programs’, 14 April 2023, <https://home.treasury.gov/news/press-releases/jy1435>,
accessed 24 January 2024.
90. See Darya Dolzikova and Anagha Joshi, ‘The Southern Stratagem: North Korean Proliferation Financing
in Southern and Eastern Africa’, RUSI Occasional Papers (April 2020).
91. Noémi També and Allison Owen, ‘Institutional Virtual Asset Service Providers and Virtual Assets Risk
Assessment Guide’, RUSI, August 2023.
92. Ibid.; Noémi També, ‘Institutional Proliferation Finance Risk Assessment Guide’, RUSI, 8 June 2023.

21
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

Mitigation Measures and Controls

• An employee training programme to ensure there is robust CPF and sanctions

risk awareness within the FI, including import/export controls and relevant
policy and procedure.

• Evidence CPF and sanctions framework with a customer relationship

questionnaire which will address:

◦ Use of privacy tokens.

◦ Client business type (ISIC code93).

◦ Complex ownership.

◦ Country risk.

◦ Product offering (custody, settlement, trading, investment, etc.).

◦ Sanctioned individuals/PEPs.

• Review of relevant internal policies, including credentials of chief compliance

officer and money-laundering reporting officer.

• Completed correspondent relationship-type questionnaire to ensure that:

◦ OTC traders have robust systems and controls in place, including

payment screening, to identify, assess and manage their PF and
sanctions risks.

◦ Users identified as OTC traders fill out a CDD questionnaire that

specifies anti-financial crime checks.

Disparity Across the Banking Sector

With Regard to PF and Sanctions Risk
Assessments
The final challenge to effective CPF and sanctions implementation that was
identified is the disparity across FIs with regard to PF and sanctions risk
assessments.

Indeed, some experts explained that their organisations have not implemented
a PF and sanctions-specific risk assessment, stating that instead some elements

93. The international Standard of Industrial Classification (ISIC) system is used to group businesses by their
primary economic activities. For more information, refer to <https://ilostat.ilo.org/resources/concepts-
and-definitions/classification-economic-activities/#:~:text=ISIC%20is%20a%20basic%20tool,of%20
sound%20national%20statistical%20systems>, accessed 10 April 2024.

22
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

of PF and sanctions risks are incorporated in existing risk assessments94 or at

onboarding, through customer risk assessments and risk-profile questionnaires.95
Others, however, discussed their PF and sanctions-focused risk assessments,96
explaining that they perform three types that enable their institution to identify,
assess and target PF and sanctions risk:97

• The enterprise-wide risk assessment combines sanctions, PF, ML and TF as

well as control frameworks to determine residual risks.98
• The targeted risk assessment is performed when a trigger event occurs. It
aims to evaluate the impact of a specific sanctioned country or activity on
customers, the institution or the jurisdiction in which they are based.
• The PF risk assessment is a CPF-specific risk assessment looking at controls,
threats and vulnerabilities.

In sum, the process of identifying and assessing sanctions-evasion and PF risks

within the banking sector lacks uniformity. The root causes may be PF risk
indicators overlapping with other ML and TF risk indicators and an immature
CPF framework still adapting to the FATF’s relatively recent requirement to
assess PF risk.99 Hence, heterogenous approaches to risk assessments are likely
to have wider repercussions on the robustness of CPF and possibly sanctions
implementation. Indeed, risk assessments support the financial sector in
identifying activities that may be higher risk, determining the levels of PF and
sanctions risks the sector faces, and developing strategies and robust controls
to tackle such risks. With the private sector failing to conduct consistent and
robust institutional risk assessments, national authorities will fail to obtain a
thorough understanding of PF and sanctions risk at the national level and vice
versa. Furthermore, sanctions and PF risk assessments help institutions better
evaluate their controls and understand and define their risk appetite while being
aligned to sanctions and CPF laws and regulations. Having a homogeneous
approach to PF and sanctions risk assessments is therefore essential.

94. Authors’ interview with expert 5, 10 November 2023. PF and sanctions elements such as jurisdictional
risk, customer type, nature of business and product risks are assessed.
95. Authors’ interview with expert 3, 6 November 2023.
96. Authors’ interview with expert 6, 13 November 2023.
97. Authors’ interview with expert 10, 27 November 2023.
98. For further information on risk assessments and how to determine residual risk, see També,
‘Institutional Proliferation Finance Risk Assessment Guide’, p. 12.
99. FATF, ‘Guidance on Proliferation Financing Risk Assessment and Mitigation’, June 2021, <https://www.
fatf-gafi.org/en/publications/Financingofproliferation/Proliferation-financing-risk-assessment-
mitigation.html>, accessed 16 March 2024.

23
 Box 4: Case Study: Russian Sanctions Violation

In May 2022, the US Grand Jury indicted seven individuals, including Russian
national Boris Livshits for his alleged involvement in the Serniya network.
His function was allegedly to procure highly sensitive and heavily regulated
electronic components100 while concealing the involvement of Russian
authorities such as its intelligence services.101 Once dual-use and sensitive
goods were acquired, they were first sent to various locations such as Estonia,
Finland, Germany, and Hong Kong102 and then sent to Russia. Livshits contests
the allegations.

Investigations conducted by US authorities subsequently led to allegations

that:

• Livshits operated a group of representatives and nominees to create shell

companies and open bank accounts on behalf of these legal entities.

• When ordering dual-use and/or sensitive goods, Livshits ensured that large
orders were broken into smaller orders to avoid raising suspicion and
potential detection from competent authorities.

• When engaging with US suppliers, Livshits lied about items’ end use,
counterparties and end users.

• Relevant shipping documentation misrepresented export value to avoid

relevant reporting requirements and, thus, scrutiny.

• In some instances, shipping documents had a residential address as a

company address.103

In addition, analysis of some of Livshits’ banking activities allegedly indicate

that transaction velocity was high, with funds quickly moving in and out of
his accounts. More specifically, it is alleged that:

100. Some of these components can be used in the development of nuclear and hypersonic weapons, quantum
computing and other military applications. See US Department of Justice Office of Public Affairs, ‘Russian
Military and Intelligence Agencies Procurement Network Indicted in Brooklyn Federal Court’, 13
December 2022, <https://www.justice.gov/opa/pr/russian-military-and-intelligence-agencies-
procurement-network-indicted-brooklyn-federal>, accessed 8 January 2024.
101. US Department of Justice Office of Public Affairs, ‘Russian Military and Intelligence Agencies
Procurement Network Indicted in Brooklyn Federal Court’.
102. Estonia, Finland, Germany and Hong Kong were popular transhipment points for the network. See US
Attorney’s Office, Eastern District of New York, ‘Five Russian Nationals Including Suspected FSB Officer,
and Two U.S. Nationals Charged with Helping the Russian Military and Intelligence Agencies Evade
Sanctions’, press release, 13 December 2022, <https://www.justice.gov/usao-edny/pr/
five-russian-nationals-including-suspected-fsb-officer-and-two-us-nationals-charged>, accessed 9 April
2024.
103. US District Court for the Eastern District of New York, ‘United States of America v. Yevgeniy Grinin et al.’,
<https://www.justice.gov/usao-edny/press-release/file/1557531/download>, accessed 8 January 2024.

24
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

• $44,400.84 was deposited into one of Livshits’ company accounts with $9,353
and $34,000 rapidly transferred to two separate entities, also created and
controlled by Livshits. The rest of the balance was withdrawn in cash.

• In September 2018, a company that was part of the Serniya network sent
$43,900 to another account belonging to one of Livshits’ companies. Within
five days, a total of $43,295 was sent from this account to five separate
individuals and entities, including other accounts with Livshits as signatory.

• In January 2019, a company (Strandway LLC) controlled by Livshits received

$18,300 from another Livshits-controlled entity (Majory LLP). Within three
days, $18,158 had been transacted, with one payment to a Florida-based
spectroscopy company104 and two separate payments totalling $8,450 made
to Livshits.

• In July 2019, Strandway LLC received $39,900 from Majory LLP. Within two
days, $26,500 was sent to a dual-use technology company and $13,150 were
transferred to another account.

• At the end of July 2019, Strandway LLC’s account ‘received $18,550 from
Majory LLP. That same day, Livshits sent $18,500 to a Colorado-based
technology and research development company’.105

• In December 2020, Livshits made a $9,900 payment (below the typical

wholesale price106) for the purchase of an oscilloscope (a controlled dual-
use good). No export licence was applied or issued for this purchase.

It is not possible to establish from publicly available information whether FIs

that provided financial services and products to Livshits, his associates and
the Serniya network performed or failed to perform adequate sanctions and
PF risk mitigation controls. However, the following controls could have
indicated that Livshits had elevated PF risk factors:

Elevated Inherent Risk Factors

• High-risk or sanctioned country nationals who are involved in exports to

known transhipment countries.

104. ‘Spectroscopy equipment was heavily regulated by the U.S. government to Russia and other countries due
to its potential use in nuclear weapons development’. See US District Court for the Eastern District of New
York, ‘United States of America v. Yevgeniy Grinin et al.’, p. 21.
105. Ibid.
106. ‘The IRS maintained a transaction reporting requirement providing that any person who, during trade or
business, received more than $10,000 in a single transaction was required [to] report the transaction to
the IRS’. See US District Court for the Eastern District of New York, ‘United States of America v. Yevgeniy
Grinin et al.’, p. 22.

25
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

• Legal entities incorporated by a sanctioned country national whose

companies conduct business with dual-use goods manufacturer.

With these inherent risks identified, it might have been expected that the FIs
providing banking products and services to Livshits would have applied the
following controls:

Mitigation Measures and Controls

• Ensuring as part of CDD and KYC that the customer has been registered
and/or licensed by competent authorities if the customer is involved in the
import/export of dual-use and/or sensitive goods.

• A CDD and KYC framework to assess the customer risk profile and perform
risk-based due diligence.

• A CDD and KYC framework to ensure that the customer has a robust internal
compliance programme and abides by the revised customer and jurisdictional
risk assessments.107

• Implementing enhanced due diligence if the customer is identified as high

risk. This may be due to their nationality or the industry they are involved
in (for example, high technology, military and defence sectors).

• A CDD and KYC framework to establish the UBO and/or other controlling
persons and detect direct or indirect ownership and control of legal entities
by sanctioned countries and/or entities.

• If the customer is a legal entity, a CDD and KYC framework to identify

whether personal email addresses or home addresses are used in the context
of business activities and ascertain robust justification for such behaviour.

• A CDD and KYC framework to identify and assess the customer’s geographic
activities and establish the purpose and nature of the account, including
expected activities.

• A CDD and KYC framework to identify companies involved in the production,

import or export of dual-use/sensitive goods but with opaque, limited
business history or little-to-no web presence.

• Transaction monitoring and screening of incoming and outgoing payment

to detect unusual or suspicious activities aligned to known PF and sanctions-
evasion typologies:

107. See OFAC Sanctions Advisory, ‘Guidance for Foreign Financial Institutions on OFAC Sanctions Authorities
Targeting Support to Russia’s Military-Industrial Base’, 22 December 2023, <https://ofac.treasury.gov/
media/932436/download?inline>, accessed 8 January 2024.

26
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

◦ Transactions involving the sale or purchase of dual-use/sensitive

goods slightly under the reporting threshold.

◦ High-velocity transactions.

• An employee training programme to ensure there is robust understanding

of overlapping typologies between trade-based ML and PF and sanctions
evasions, including the monitoring, review and screening of relevant
shipping and trade documents to determine whether the legal entity is
engaged in under/over valuation and/or under/over invoicing of goods.

With a better understanding of the four key challenges to effective CPF and
sanctions implementation and an overview of sanctions and PF risk mitigation
strategies documented in the three case studies, Chapter II identifies key
recommendations to better support smaller FIs in the banking sector with regard
to CPF and sanctions control implementation and risk management.

27
II. Recommendations
C hapter I documented the four challenges to effective CPF and sanctions
implementation. These are:

1. A disconnect between regulatory expectations and practical implementation.

2. Limited data quality and integrity.
3. Limited subject matter expertise.
4. Inconsistency across the financial sector with regard to PF and sanctions risk
assessment processes and methodology.

Recommendations relevant to each challenge are discussed in turn.

1. A disconnect between regulatory expectations and practical implementation

For competent authorities:

• Informed by public–private partnership, competent authorities should publish

guidance to support FIs on the interpretation of legislation and the practical
application of international and, where relevant, national export control
regimes.
• The document should illustrate best and bad practice and contain known
country-specific scenarios with step-by-step guidance to minimise
interpretation and reflect what banks can realistically achieve with limited
visibility of the end-to-end supply chain.

For the banking sector:

• A cross-jurisdictional roundtable for FIs that implements unilateral sanctions

while based in jurisdictions that have not adopted unilateral sanctions into
national legislation should be organised. Its purpose should be to explore
challenges faced by FIs across jurisdictions and identify best practice in
relation to managing regulators while operationalising unilateral sanctions.

2. Limited data access and quality

For competent authorities:

• Competent authorities should ensure that organisations such as freight

forwarders, insurers, customs brokers and shipping companies, in addition
to FIs, are adequately trained and have robust compliance support. This would
enable all institutions to have oversight of trade transactions and a better

28
 understanding of elevated risk factors to detect PF and sanctions evasion.108
Furthermore, export and customs regulators should consider mandating the
use of distributed ledger technology (DLT) and the digitisation of trade data
(including banking, customs and shipping data), enabling information to be
mutually verified, to enhance transparency and trust. This TF blockchain
platform should be used by all relevant stakeholders such as shipping
companies, intermediaries, FIs and customs, with those choosing to exist
outside of this platform seen as anomalies.109
• Competent authorities should consider adopting HS codes in their dual-use
goods lists to support and facilitate the detection of suspicious shipments of
dual-use, military and sensitive goods.
• Competent authorities should continue to enhance and maintain a national
central register of complete, accurate and up-to-date information relating to
UBO.
• To encourage robust and effective public–private partnership initiatives,
competent authorities should fund regional workshops on PF and sanctions
evasion as well as regional risk assessments to enhance international
cooperation between jurisdictions, exchange information and share best
practice at government as well as institutional level.

For the banking sector:

• FIs should consider adopting and combining machine learning,110 network

analysis solutions111 and commercial data dictionaries112 to facilitate compliance
with regulatory requirements relating to CPF and sanctions-evasion risks.
• Greater use of SWIFT discretionary data fields should be encouraged as best
practice across the banking industry to tackle and identify ‘pinch points in
the flow of payments and help illuminate payments related to circumvention’.113

108. For example, if a jurisdiction’s customs office identifies a legal entity that has failed to apply for relevant
licences prior to shipping a dual-use or sensitive good, the legal entity’s banking institution should be
alerted.
109. Blockchain-based trade finance platforms are in operation in China, Singapore and Hong Kong. For more
information, see Corneille, ‘4 Top Organisations Implementing Blockchain in Trade Finance’.
110. Machine learning tools will use data from historical transactions that will contain types of brands,
product names, terms or codes and will remember them for future screening. For instance, a machine
learning tool ‘can refine data output by negative keywords is recommended to handle the many variants
of “gun” – “glue gun,” “toy gun,” “spray gun,” and “nail gun” – that may appear within a trade document’.
See Byron McKinney et al., ‘Is the Trade Finance and Supply Chain Industry Equipped to Manage
Sanctions Screening for Military and Dual-Use Technologies?’, IHS Markit, 2020, p. 35, <https://cdn.
ihsmarkit.com/www/pdf/0821/IHS-Markit-MT-DualUseGoods-Kharon-ResearchPaper-December-2020.
pdf>, accessed 16 December 2023.
111. Network analysis tools help visualise and represent international flows, links and the interdependence
among all participant entities such as individuals, companies and countries.
112. A data dictionary is a web-based interface that allows users to see what data is available within their
organisation.
113. Tom Keatinge and Gonzalo Saiz, ‘Euro SIFMANet: The Role of Data in Sanctions Implementation:
Barcelona Report’.

29
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

3. Limited subject matter expertise

For competent authorities:

• Competent authorities should support the development of subject matter

expertise across the banking sector. When new regulations are introduced,
governments and regulators should provide briefings, access to data, as well
as observed typologies and emerging trends to best support the banking
sector with CPF and sanctions implementation. This should also include:

◦ Providing sector-specific guidance and assistance on the interpretation

and implementation of relevant legislation.
◦ Providing sector-specific guidance and assistance on managing and tracking
the volume of legislative changes and updates.

• Competent authorities, supervisors or banking associations should perform

a review and benchmarking exercise of the calibration and tuning of FIs’
transaction monitoring tools. Regulators, supervisors or banking associations
should then publish their findings and circulate best practice observed across
the banking sector to support the industry.

For the banking sector:

• FIs should enhance due diligence on clients, counterparties, controlled

products and activities through training on how to perform open-source
intelligence research.

4. Disparity across the banking sector with regard to PF and sanctions risk
assessments

For competent authorities:

• Competent authorities should provide guidance on how to conduct an

institutional sanctions and PF risk assessment. This guidance should also
include support for a customer risk scoring questionnaire that accounts for
sanctions and PF risk. This would enable FIs to better understand and identify
the nexus between ML, TF, PF and sanctions violations.
• Competent authorities should conduct a thematic review of sanctions and PF
risk assessment processes and methodologies across the banking industry
to identify whether the industry faces challenges and gaps that may have
wider repercussions on the robustness of CPF and sanctions regimes at the
national level. Where relevant, root cause should be identified alongside
remedial actions.

30
Conclusion
T
his report aims to support traditional FIs wishing to develop a robust CPF
and sanctions framework. To this end, it documents challenges that FIs
face, provides case studies and mitigating controls and strategies to
minimise PF and sanctions risk exposure, and offers recommendations to tackle
vulnerabilities and strengthen CPF and sanctions implementation. This report
is a useful starting point to identify the next steps to strengthening CPF and
sanctions prevention frameworks, proactively addressing gaps in current
frameworks and mitigating the impact of PF and sanctions-violations activities
on the banking sector, the national economy and, more broadly, society.

31
About the Authors
Noémi També is an Associate Fellow at RUSI’s Centre for Finance and Security and an
independent financial crime and sanctions consultant, trainer, author and researcher
with over 20 years of professional experience across the academic, public and private
sectors.

Fatima Busra Alsancak is a Research Fellow at RUSI’s Centre for Finance and Security,
focusing on countering proliferation financing. Prior to joining RUSI, Busra served at
various departments of the Ministry of Treasury and Finance of Türkiye, including the
Financial Intelligence Unit.

32
Annex 1: Proliferation-
Related Sanctions in
Relation to North Korea,
Iran and Russia and
Russian Sanctions
Table 1 is designed to demonstrate FI-related sanctions. For a complete list of
sanctions, see the sources and legislation listed in the footnotes.

Table 1: Proliferation-Related Sanctions in Relation to North Korea, Iran and Russia and
Russian Sanctions (as of 19 March 2024)
Subject Legal Basis Type of Sanctions FI-Related Controls
Iran UN Restrictive measures Financial sanctions: designating persons, asset freeze
in relation to the and prohibition to make funds available,
UNSCR 2231 (2015) non-proliferation of
(expired October 2023) WMD114 Restrictions on trade: goods or services that could
support Iran’s ballistic missile or nuclear programme.

114. United Nations Security Council (UNSC), ‘Resolution 2231 (2015) on Iran Nuclear Issue’, <https://www.
consilium.europa.eu/en/policies/sanctions/iran/#nuclear>, accessed 11 January 2024. UNSC Resolution
2231 expired on October 2023, but the 47 states endorsing the Proliferation Security Initiative (PSI)
declared they will continue to take steps to counter Iran’s destabilising ballistic missile-related activities
through ongoing counterproliferation cooperation. See US Department of State, ‘Joint Statement on UN
Security Council Resolution 2231 Transition Day’, 18 October 2023, <https://www.state.gov/joint-
statement-on-un-security-council-resolution-2231-transition-day/>, accessed 11 January 2024.

33
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

Subject Legal Basis Type of Sanctions FI-Related Controls

Iran EU Measures targeting In addition to UN sanctions:
nuclear proliferation
Decision 2010/413/CFSP activities Financial sanctions; asset freeze and prohibition to
concerning restrictive make funds available121
measures against Iran115
Restrictions in the financial sector:
Regulation (EU) No
267/2012 concerning Freezing the assets of the Central Bank of Iran and major
restrictive measures Iranian commercial banks, laying down notification and
against Iran and authorisation mechanisms for transfers of funds above
repealing Regulation certain amounts to Iranian financial institutions.
(EU) No 961/2010116
Restrictions on the transport sector: prohibition of
Council Decision maintenance and service of Iranian cargo aircraft or
2011/235/CFSP117 vessels carrying prohibited materials or goods.

Council Regulation (EU) Restrictions on certain nuclear-related transfers.

No 359/2011118
Export restrictions: ‘Arms, dual-use goods and goods
Regulation (EU) which could be used in uranium enrichment-related
2023/2196119 activities’.

Council Decision (CFSP) Import restrictions: ‘Crude oil, natural gas,

2023/2195 amending petrochemical and petroleum products’.
Decision 2010/413/
CFSP120 Prohibition on sale or supply: ‘Key equipment used
in the energy sector, gold, other precious metals and
diamonds, certain naval equipment, certain software’.122

115. EU, ‘Restrictive Measures Against Iran’, <https://eur-lex.europa.eu/EN/legal-content/summary/restrictive-

measures-against-iran.html>, accessed 11 April 2024.
116. Council of the European Union, ‘Regulation (EU) No 267/2012 Concerning Restrictive Measures Against
Iran and Repealing Regulation (EU) No 961/2010’, Official Journal of the European Union (L88/1, 23 March
2012).
117. Council of the European Union, ‘Council Decision 2011/235/CFSP of 12 April 2011 Concerning Restrictive
Measures Directed Against Certain Persons and Entities in View of the Situation in Iran’, Official Journal of
the European Union (L100/51, 14 April 2011).
118. Council of the European Union, ‘Council Regulation (EU) No 359/2011 of 12 April 2011 Concerning
Restrictive Measures Directed Against Certain Persons, Entities and Bodies in View of the Situation in
Iran’, Official Journal of the European Union (L100/1, 14 April 2011).
119. Council of the European Union, ‘Council Implementing Regulation (EU) 2023/2196 of 16 October 2023
Implementing Regulation (EU) No 267/2012 Concerning Restrictive Measures Against Iran, Official Journal
of the European Union (17 October 2023).
120. Council of the European Union, ‘Council Decision (CFSP) 2023/2195 of 16 October 2023 Amending
Decision 2010/413/CFSP Concerning Restrictive Measures Against Iran, Official Journal of the European
Union (17 October 2023).
121. All assets belonging to the individuals and entities mentioned in Annexes VIII and IX of Council
Regulation (EU) 267/2012 should be frozen. For the list of persons and entities, see EU Sanctions Map,
<https://www.sanctionsmap.eu/#/main/details/18/
lists?search=%7B%22value%22:%22%22,%22searchType%22:%7B%7D%7D>, accessed 11 January 2024.
122. For further information, see Council of the European Union, ‘Iran: EU Restrictive Measures EU
Sanctions’.

34
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

Subject Legal Basis Type of Sanctions FI-Related Controls

Iran US 123 Nuclear proliferation, Financial sanctions: designating persons, asset freeze
ballistic missile and prohibition to make funds available.128
Executive Orders124 development
Prohibition on foreign assistance.129
Statutes 125

Restrictions on trade: ‘Energy sector, financial sector,

Code of Federal construction, mining, shipping, textiles, automotive,
Regulations126 manufacturing, arms trade to or from Iran.130

Federal Register Sanctions on ‘shadow banking’ network.131

Notices127
Iran UK Nuclear non- Financial sanctions: designating persons, asset freeze
proliferation and prohibition to make funds available.134
The Iran (Sanctions)
(Nuclear) Regulations Trade restrictions: ‘Military goods and technology,
2019132 missile-list goods and technology, nuclear-list goods
and technology, graphite and relevant metals, and
The Iran (Sanctions) enterprise resource planning software’.135
Regulations 2023 133
Prohibitions on arrangements relating to uranium
mining or certain restricted goods and technology136

Restrictions on sectors: unmanned aerial vehicles, ships,

aircraft.

Restrictions on financial services and funds relating to

restricted goods and restricted technology.137

123. For further information, see OFAC, ‘Sanctions Programs and Country Information Iran Sanctions: Legal
Framework for Iran Sanctions’, <https://ofac.treasury.gov/sanctions-programs-and-country-information/
iran-sanctions>, accessed 11 January 2024.
124. OFAC, ‘Iran Sanctions’, <https://ofac.treasury.gov/sanctions-programs-and-country-information/iran-
sanctions>, accessed 4 April 2024.
125. Ibid.
126. Ibid.
127. Ibid.
128. For the list, see OFAC, ‘Specially Designated Nationals and Blocked Persons List’,
<https://sanctionssearch.ofac.treas.gov/>, accessed 11 January 2024.
129. Clayton Thomas, ‘U.S. Sanctions on Iran’, Congressional Research Service, 20 July 2023,
<https://crsreports.congress.gov/product/pdf/IF/IF12452>, accessed 11 January 2024.
130. OFAC, ‘Iran Sanctions’; ibid.
131. US Department of State, ‘Designating Iran Sanctions Evasion Networks’, press statement, 9 March 2023,
<https://www.state.gov/designating-iran-sanctions-evasion-networks/>, accessed 11 January 2024.
132. UK Statutory Instruments 2019 No. 461, ‘The Iran (Sanctions) (Nuclear) (EU Exit) Regulations 2019’,
<https://www.legislation.gov.uk/uksi/2019/461/introduction/made>, accessed 11 January 2024.
133. Ibid.
134. For the list of designated persons and entities, see Office of Financial Sanctions Implementation, HM
Treasury, ‘Consolidated List of Financial Sanctions Targets in the UK’, <https://assets.publishing.service.
gov.uk/media/6564953e1524e6000da1010c/Iran__Nuclear_.pdf>, accessed 11 January 2024.
135. Explanatory Memorandum To The Iran (Sanctions) (Nuclear) (EU Exit) Regulations 2019, No. 461,
<https://www.legislation.gov.uk/uksi/2019/461/pdfs/uksiem_20190461_en.pdf>, accessed 11 January 2024.
136. ‘Acceptance of a loan from an Iranian person, for example, to enable that person to participate in a
commercial operation involving uranium mining or specific goods and technology, such as missile-
related goods’. Explanatory Memorandum to the Iran (Sanctions) (Nuclear) (EU Exit) Regulations 2019
No. 461.
137. For further details, see Foreign Commonwealth & Development Office (FCDO), ‘Statutory Guidance Iran
Sanctions: Guidance’, updated 21 December 2023, <https://www.gov.uk/government/publications/iran-
sanctions-guidance/iran-sanctions-guidance>, accessed 11 January 2024.

35
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

Subject Legal Basis Type of Sanctions FI-Related Controls

North UN Restrictive measures Financial sanctions; designating persons, asset freeze
Korea in relation to the and prohibition to make funds available.148
UNSCR 1718 (2006)138 non-proliferation of
the weapons of mass Trade prohibition: ‘arms, coal, iron and iron ore, gold,
UNSCR 1874 (2009)139 destruction (WMD)147 titanium ore, vanadium ore, copper, nickel, silver, zinc
and rare earth minerals, lead and lead ore, food and
UNSCR 2087 (2013)140 agricultural products, machinery, electrical equipment,
earth and stone including magnesite and magnesia,
UNSCR 2094 (2013)141 wood and vessels, aviation fuel, jet fuel and rocket fuel,
seafood, textiles, luxury goods.149
UNSCR 2270 (2016)142
Exports prohibition: ‘Condensates and natural gas,
UNSCR 2321(2016)143 all refined petroleum products, crude oil,150 statues,
helicopters and vessels, condensates and natural gas
UNSCR 2371 (2017)144 liquids, all refined petroleum products.

UNSCR 2375 (2017)145 Financial measures: ‘Prevent the provision of financial

services, including bulk cash and gold, the opening of
UNSCR 2397 (2017)146 banking subsidiaries, the provision of public and private
financial support, new commitments for grants, and
financial assistance or concessional loans that could
contribute to the North Korea’s prohibited programmes/
activities, close existing branches, subsidiaries and
representative offices, prohibition from opening any
new branches, subsidiaries and representative offices
of North Korean banks, terminate any joint ventures
and cooperative entities, ownership interests or
correspondent banking relationships, limit the number
of bank accounts to one per North Korean diplomatic
mission and consular post, and one per accredited DPRK
diplomat and consular officer, ban on arms related
financial transaction, provision of insurance or re-
insurance services to vessels.151

138. UNSCR 1718, 14 October 2006, S/RES/1718 (2006).

139. UNSCR 1874, 12 June 2009, S/RES/1874 (2009).
140. UNSCR 2087, 22 January 2013, S/RES/2087 (2013).
141. UNSCR 2094, 7 March 2013, S/RES/2094 (2013).
142. UNSCR 2270, 2 March 2016, S/RES/2270 (2016).
143. UNSCR 2321, 30 November 2016, S/RES/2321 (2016).
144. UNSCR 2371, 5 August 2017, S/RES/2371 (2017).
145. UNSCR 2375, 11 September 2017, S/RES/2375 (2017).
146. UNSCR 2397, 22 December 2017, S/RES/2397 (2017).
147. UNSC, ‘Security Council Committee Established Pursuant to Resolution 1718 (2006)’, <https://www.un.org/
securitycouncil/sanctions/1718>, accessed 11 January 2023.
148. For the sanctions list, see UNSC, ‘Sanctions List Material: 1718 Sanctions List’, <https://www.un.org/
securitycouncil/sanctions/1718/materials>, accessed 11 January 2024.
149. UNSC, ‘Security Council Committee Established Pursuant to Resolution 1718 (2006) Sanction Measures’,
<https://www.un.org/securitycouncil/sanctions/1718>, accessed 11 January 2024.
150. The limit is 4 million barrels or 525,000 tonnes per 12-month period.
151. UNSC, ‘Security Council Committee Established Pursuant to Resolution 1718 (2006) Sanction Measures’,
<https://www.un.org/securitycouncil/sanctions/1718>, accessed 11 January 2024.

36
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

Subject Legal Basis Type of Sanctions FI-Related Controls

North US152 WMD Proliferators Financial sanctions: designating persons, asset freeze
Korea Sanctions and prohibition to make funds available who is engaged
Proclamation 8271153 in the transportation, mining, energy, and financial
services industries of the North Korean economy.160
Executive Orders154
Prohibition on the exportation and re-exportation
Determination Pursuant of goods, services (including financial services) and
to the Executive Order technology to North Korea;161 prohibition on new
of March 16, 2016 investment in North Korea.162
Statutes155
Setting the amount of personal remittances transferred
Regulations and Federal to North Korea at $5,000.163
Register Notices156

Countering America's
Adversaries Through
Sanctions Act157

31 CFR Part 510158

Federal Register
Notices159

152. OFAC, ‘North Korea Sanctions’, <https://ofac.treasury.gov/sanctions-programs-and-country-information/

north-korea-sanctions>, accessed 11 January 2024.
153. OFAC, ‘Proclamation 8271 – Termination of the Exercise of Authorities Under the Trading With the Enemy
Act With Respect to North Korea’, 27 June 2008, <https://ofac.treasury.gov/media/7736/download?inline>,
accessed 17 April 2024.
154. US Department of State, ‘Executive Orders’, <https://www.state.gov/democratic-peoples-republic-of-korea-
sanctions/#:~:text=March%2016%2C%202016-,Executive%20Orders,-SEPTEMBER%2021%2C%202017>,
accessed 17 April 2024.
155. OFAC, ‘Statutes’, <https://ofac.treasury.gov/sanctions-programs-and-country-information/north-korea-
sanctions#:~:text=March%2016%2C%202016)-,Statutes,-Antiterrorism%20and%20Effective>, accessed 17
April 2024.
156. US Department of State, ‘Regulations and Federal Register Notices’, <https://www.state.gov/democratic-
peoples-republic-of-korea-sanctions/#:~:text=Regulations%20and%20Federal%20Register%20Notices>,
accessed 17 April 2024.
157. US Congress, ‘Countering America’s Adversaries Through Sanctions Act’, 2 August 2017, <https://congress.
gov/115/plaws/publ44/PLAW-115publ44.pdf>, accessed 17 April 2024.
158. Code of Federal Regulations, ‘31 CFR Part 510’, <https://www.ecfr.gov/current/title-31/subtitle-B/chapter-V/
part-510?toc=1>, accessed 17 April 2024.
159. OFAC, ‘Federal Register Notices’, <https://ofac.treasury.gov/sanctions-programs-and-country-information/
north-korea-sanctions#:~:text=Federal%20Register%20Notices>, accessed 17 April 2024.
160. For the list, see OFAC, ‘Specially Designated Nationals and Blocked Persons List’.
161. OFAC, ‘North Korea Sanctions’.
162. Ibid.
163. Ibid.

37
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

Subject Legal Basis Type of Sanctions FI-Related Controls

North EU Restrictive measures Financial sanctions: designating persons, asset freeze
Korea on financing of and prohibition to make funds available.168
Council Decision (CFSP) nuclear programme
2016/849164 Export ban: ‘All refined petroleum products, crude oil, all
industrial machinery, natural gas liquids, transportation
Regulation (EU) vehicles, iron, steel, coal, iron ore, seafood, lead, lead
2017/1509165 ore and other metals, helicopters, vessels, luxury
goods.169
Council Regulation
(EU) 2017/1509 of 30 Import ban: ‘Food and agricultural products, textiles,
August 2017 concerning machinery, electrical equipment, earth and stone, wood,
restrictive measures copper, nickel, silver, zinc, statues, luxury goods’.
against the Democratic
People's Republic of A total ban on EU investment in North Korea in all
Korea and repealing sectors, prohibition of all investment by North Korea in
Regulation (EC) No the EU.
329/2007166
Restrictions on financial support for trade:
Council Decision
(CFSP) 2023/2540 of Setting the amount of personal remittances transferred
13 November 2023 at €5,000.
amending Decision
(CFSP) 2016/849
concerning restrictive
measures against the
Democratic People’s
Republic of Korea167
North UK170 Financial sanctions: freezing assets and prohibition to
Korea make funds available.171
Sanctions and Anti-
Money Laundering Act Export restrictions: military, dual-use and other arms,
2018 WMD-related goods, technology and military.

The Democratic This sanctions regime gives effect to the UK’s obligations
People's Republic of under UNSCR 1718 (2006) and further resolutions that
Korea (Sanctions) (EU extended its scope. For further details, see UN sanctions
Exit) Regulations 2019 on North Korea.172

164. EUR-Lex, ‘Council Decision (CFSP) 2016/849’, 28 May 2016, <https://eur-lex.europa.eu/legal-content/EN/

TXT/?uri=celex%3A32016D0849>, accessed 17 April 2024.
165. EUR-Lex, ‘Council Regulation (EU) 2017/1509’, 31 August 2017, <https://eur-lex.europa.eu/legal-content/
EN/TXT/?uri=celex%3A32017R1509>, accessed 17 April 2024.
166. EUR-Lex, ‘Council Regulation (EU) 2017/1509’.
167. EUR-Lex, ‘Council Decision (CFSP) 2023/2540’, 13 November 2023, <https://eur-lex.europa.eu/legal-
content/EN/TXT/?uri=OJ:L_202302540>, accessed 17 April 2024.
168. All assets belonging to the individuals and entities mentioned in Annexes VIII and IX of Council
Regulation (EU) 267/2012 should be frozen. For the list of persons and entities refer to EU Sanctions Map,
see <https://www.sanctionsmap.eu/>, accessed 11 April 2024.
169. Council of the European Union, ‘Timeline – EU Restrictive Measures Against North Korea’, <https://www.
consilium.europa.eu/en/policies/sanctions/north-korea-sanctions/timeline-eu-restrictive-measures-
against-north-korea/>, accessed 11 January 2024.
170. For the details related to legislation, see HM Treasury and Office of Financial Sanctions Implementation,
‘Financial Sanctions, Democratic People’s Republic of Korea’, <https://www.gov.uk/government/
publications/financial-sanctions-north-korea-democratic-peoples-republic-of-korea>, accessed 19 March
2024.
171. All assets belonging to the individuals and entities listed should be frozen. For the list of persons and
entities, see Office of Financial Sanctions Implementation, ‘Consolidated List of Financial Sanctions
Targets in the UK’.
172. UNSC, ‘Security Council Committee Established Pursuant to Resolution 1718 (2006) Sanction Measures’,
<https://www.un.org/securitycouncil/sanctions/1718>, accessed 11 January 2024.

38
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

Subject Legal Basis Type of Sanctions FI-Related Controls

Russia EU173 Restrictive measures Financial sanctions and measures: designating persons
in respect of actions and entities, freezing assets and prohibition to make
Council Decision (CFSP) undermining or funds available.179
2016/849174 threatening the
territorial integrity, Economic sanctions: financial sector,180 energy,181
Council Regulation (EU) sovereignty and transport,182 military and defence.183
No 269/2014175 independence of
Ukraine. Export ban: ‘goods and technology related to defence
Council Decision and security sector,184 luxury goods, dual-use goods and
2014/145/CFSP176 technology for military use, semiconductor materials,
electronic and optical components.
Council Decision
2014/512/CFSP177 Navigational instruments, drone engines, arms, direct
current motors and servomotors for drones, arms
Council Regulation and civilian firearms and their parts, ammunition,
(EU) 2023/1214 of 23 maritime navigation, military vehicles and paramilitary
June 2023 amending equipment, chemicals, lithium batteries and
Regulation (EU) No thermostats.
833/2014178
Other goods which could enhance Russian industrial
capacities, list of common high-priority items.185

173. EU Sanctions Map, ‘Russia Legal Acts’.

174. EUR-Lex, ‘Council Decision (CFSP) 2016/849’, 27 May 2016, <https://eur-lex.europa.eu/eli/dec/2016/849/>,
accessed 17 April 2024.
175. EUR-Lex, ‘Council Regulation (EU) No 269/2014, 17 March 2014’, <https://eur-lex.europa.eu/legal-content/
EN/TXT/?uri=celex%3A32014R0269>, accessed 17 April 2024.
176. EUR-Lex, ‘Council Decision 2014/145/CFSP’, 17 March 2014, <https://eur-lex.europa.eu/legal-content/EN/
TXT/?uri=celex%3A32014D0145>, accessed 17 April 2024.
177. EUR-Lex, ‘Council Decision 2014/512/CFSP’, 31 July 2014, <https://eur-lex.europa.eu/legal-content/EN/
TXT/?uri=CELEX%3A32014D0512>, accessed 17 April 2024.
178. Council of the European Union, ‘Council Regulation (EU) 2023/1214’, 23 June 2023, <https://eur-lex.
europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32023R1214>, accessed 17 April 2024.
179. All assets belonging to the individuals and entities mentioned in Annexes VIII and IX of Council
Regulation (EU) 267/2012 should be frozen. For the list of persons and entities, see EU Sanctions Map,
<https://www.sanctionsmap.eu/>, accessed 11 April 2024.
180. Council of the European Union, ‘Economic Sanctions: Financial Sector’, <https://www.consilium.europa.
eu/en/policies/sanctions/restrictive-measures-against-russia-over-ukraine/#:~:text=and%20defence%20
sectors.-,Financial%20sector,-SWIFT%20ban%20for>, accessed 11 January 2024.
181. Council of the European Union, ‘Economic Sanctions: Energy’.
182. Council of the European Union, ‘Economic Sanctions: Transport’.
183. Council of the European Union, ‘Economic Sanctions: Defence’.
184. Annex VII of Regulation (EU) 833/2014, ‘Council Regulation (EU) 2024/745 of 23 February 2024 Amending
Regulation (EU) No 833/2014 Concerning Restrictive Measures in View of Russia’s Actions Destabilising
the Situation in Ukraine’, 24 February 2024, <https://eur-lex.europa.eu/legal-content/EN/
TXT/?uri=OJ:L_202400745>, accessed 14 March 2024.
185. List of High-Priority Items, <https://finance.ec.europa.eu/document/download/5a2494db-d874-4e2b-bf2a-
ec5a191d2dc0_en?filename=list-common-high-priority-items_en.pdf>, accessed 14 March 2024.

39
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

Subject Legal Basis Type of Sanctions FI-Related Controls

Russia Export restrictions: dual-use goods and technologies186
to designated entities.187

Prohibition on re-exportation to Russia and re-

exportation for use in Russia of a limited number of
goods.188

Import ban: ‘Diamonds, steel, iron, pig iron and specular

pig iron, cement and asphalt, copper and aluminium
wires, foil, tubes and pipes, wood, paper, synthetic
rubber and plastics, seafood, spirits, cigarettes and
cosmetics, gold, arms.189

Oil price cap $60 per barrel.190

186. European Commission, ‘Exporting Dual-Use Items’, <https://policy.trade.ec.europa.eu/help-exporters-

and-importers/exporting-dual-use-items_en>, accessed 11 January 2024.
187. Annex IV to Decision 2014/512/CFSP.
188. Article 12g (1) of Regulation (EU) 833/2014 prohibits the buyers of certain goods from re-exporting them
to Russia. See Council of the European Union, ‘EU Sanctions Against Russia Explained No Russia Clause’,
<https://www.consilium.europa.eu/en/policies/sanctions/restrictive-measures-against-russia-over-
ukraine/sanctions-against-russia-explained>, accessed 11 January 2024.
189. Council of the European Union, ‘What Goods Cannot be Imported from Russia to the EU?’, <https://www.
consilium.europa.eu/en/policies/sanctions/restrictive-measures-against-russia-over-ukraine/sanctions-
against-russia-explained/#:~:text=What%20goods%20cannot%20be%20imported%20from%20Russia%20
to%20the%20EU%3F>, accessed 11 January 2024.
190. Council of the European Union, ‘What Does the Oil Ban Mean in Practice?’, <https://www.consilium.
europa.eu/en/policies/sanctions/restrictive-measures-against-russia-over-ukraine/sanctions-against-
russia-explained>, accessed 11 January 2024.

40
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

Subject Legal Basis Type of Sanctions FI-Related Controls

Russia US191 Violation of the Financial sanctions: freezing assets and prohibition to
sovereignty and make funds available.199
Sectoral Sanctions territorial integrity of
Identifications (SSI) Ukraine197 Restrictions on sectors: ‘Financial sector, trade, energy,
List192 transport, technology, aerospace, defence, marine, and
Russian Harmful electronics sectors’.200
Executive Orders193 Foreign Activities
Sanctions198 Import ban: ‘Diamonds, gold and seafood, crude oil
Determinations194 and petroleum products, coal, nonindustrial diamonds,
alcoholic beverages’201 Service export ban: ‘Accounting,
Statutes195 trust and corporate formation, management consulting,
and quantum computing.202
Code of Federal
Regulations196 Suspension on credit finance that encourages exports
to Russia and financing for economic development
projects in Russia.203

Prohibition on the provision, exportation, or re-

exportation of goods, services.204

191. OFAC, ‘Ukraine-/Russia-Related Sanctions’, updated 22 December 2023, <https://ofac.treasury.gov/

sanctions-programs-and-country-information/ukraine-russia-related-sanctions#:~:text=LEGAL%20
FRAMEWORK%20FOR%C2%A0THE%C2%A0UKRAINE%2D/RUSSIA%2DRELATED%20SANCTIONS,>,
accessed 11 January 2024; OFAC, ‘Russian Harmful Foreign Activities Sanctions’, updated 11 January 2024,
<https://ofac.treasury.gov/sanctions-programs-and-country-information/russian-harmful-foreign-
activities-sanctions,>, accessed 11 January 2024.
192. OFAC, ‘Sectoral Sanctions Identifications (SSI) List’, <https://ofac.treasury.gov/sanctions-programs-and-
country-information/ukraine-russia-related-sanctions#:~:text=SECTORAL%20SANCTIONS%20
IDENTIFICATIONS%20(SSI)%20LIST>, accessed 17 April 2024.
193. OFAC, ‘Executive Orders’, <https://ofac.treasury.gov/sanctions-programs-and-country-information/
ukraine-russia-related-sanctions#:~:text=the%20Federal%20Register.-,Executive%20Orders,-14065%20
%2D%C2%A0Blocking%20Property>, accessed 17 April 2024.
194. OFAC, ‘Determinations’, <https://ofac.treasury.gov/sanctions-programs-and-country-information/ukraine-
russia-related-sanctions#:~:text=March%206%2C%202014)-,Determinations,-Determination%20
Pursuant%20to>, accessed 17 April 2024.
195. OFAC, ‘Statutes’, <https://ofac.treasury.gov/sanctions-programs-and-country-information/ukraine-russia-
related-sanctions#:~:text=Related%20Materiel%20Sector-,Statutes,-Countering%20America%27s%20
Adversaries>, accessed 17 April 2024.
196. OFAC, ‘Code of Federal Regulations’, <https://ofac.treasury.gov/sanctions-programs-and-country-
information/ukraine-russia-related-sanctions#:~:text=C.%20%C2%A7%C2%A7%201601%2D1651-
,Code%20of%20Federal%20Regulations,-31%20CFR%20Part>, accessed 17 April 2024.
197. OFAC, ‘Ukraine-/Russia-Related Sanctions’.
198. OFAC, ‘Russian Harmful Foreign Activities Sanctions’, updated 11 January 2024, <https://ofac.treasury.gov/
sanctions-programs-and-country-information/russian-harmful-foreign-activities-sanctions,>, accessed 11
January 2024.
199. For the list, see OFAC, ‘Specially Designated Nationals and Blocked Persons List’ and ‘Sectoral Sanctions
Identifications (SSI) List’, <https://ofac.treasury.gov/consolidated-sanctions-list-non-sdn-lists/sectoral-
sanctions-identifications-ssi-list,>, accessed 11 January 2024.
200. OFAC, ‘Ukraine-/Russia-Related Sanctions’.
201. Thomas, ‘U.S. Sanctions on Iran’.
202. OFAC, ‘Russian Harmful Foreign Activities Sanctions’.
203. US Department of State, ‘Ukraine and Russia Sanctions’.
204. ‘in support of exploration or production for deepwater, Arctic offshore, or shale projects that have the
potential to produce oil in the Russian Federation, or in maritime area claimed by the Russian Federation
and extending from its territory, and that involve five major Russian energy companies’. See OFAC,
‘Ukraine and Russia Sanctions’.

41
 Challenges for Counter-Proliferation Finance and Sanctions Control in Banking
Noémi També and Fatima Busra Alsancak

Subject Legal Basis Type of Sanctions FI-Related Controls

Russia UK Destabilising Ukraine Financial sanctions: freezing assets and prohibition to
or undermining make funds available.209
Russia (Sanctions) (EU or threatening the
Exit) Regulations 2019205 territorial integrity208 Import ban: ‘arms and related material, oil/oil products,
coal and coal products, gold, liquefied natural gas,
Sanctions and Money gold jewellery, iron, steel, metals, diamond, diamond
Laundering Act 2018206 jewellery’ and prohibition on the provision of financial
services and funds and brokering services relating to
Other related these goods’.210
legislation207
Export ban: ‘Energy related goods, luxury goods, jet fuel,
fuel additives’.211

Trade sanctions.212

Sectoral sanctions: financial services and funds related

to goods and technology.213

Prohibition on correspondent banking relationships and

sterling payments.214

Prohibition on granting or entering into any

arrangement to grant a new loan or credit.215

205. UK Government, ‘The Russia (Sanctions) (EU Exit) Regulations 2019’, <https://www.legislation.gov.uk/
uksi/2019/855/contents>, accessed 17 April 2024.
206. UK Government, ‘Sanctions and Anti-Money Laundering Act 2018’, <https://www.legislation.gov.uk/
ukpga/2018/13/contents/enacted>, accessed 17 April 2024.
207. FCDO, ‘UK Sanctions Relating to Russia’, updated 15 December 2023, <https://www.gov.uk/government/
collections/uk-sanctions-on-russia#:~:text=The%20Russia%20sanctions%20regime>, accessed 11 January
2024.
208. Ibid.
209. For the list of designated persons and entities, see Office of Financial Sanctions Implementation HM
Treasury, ‘Consolidated List of Financial Sanctions Targets in the UK’ and FCDO, ‘The UK Sanctions List’.
210. For the full list, see Department of Business Trade, ‘NTI 2953: Russia Import Sanctions’, updated 21
December 2023, <https://www.gov.uk/government/publications/notice-to-importers-2953-russia-import-
sanctions/nti-2953-russia-import-sanctions>, accessed 11 January 2024.
211. For the full list, see ‘Export of Goods’, <https://www.gov.uk/government/publications/russia-sanctions-
guidance/russia-sanctions-guidance#:~:text=terms%20used%20herein.-,Export%20of%20goods,-The%20
concept%20of>, accessed 11 January 2024.
212. For the full list, see Export Control Joint Unit, ‘Russia Sanctions: Guidance’, updated 15 December 2023,
<https://www.gov.uk/government/publications/russia-sanctions-guidance/russia-sanctions-
guidance#:~:text=the%20Russia%20Regulations.-,1.4%20Trade%20sanctions,-The%20Regulations%20
impose>, accessed 11 January 2024.
213. For further detail, see ‘Financial Services and Funds Related to Goods and Technology’, <https://www.gov.
uk/government/publications/russia-sanctions-guidance/russia-sanctions-guidance#:~:text=Financial%20
services%20and%20funds%20related%20to%20goods%20and%20technology>, accessed 11 January 2024.
214. ‘Correspondent Banking Relationships and Sterling Payments’, <https://www.gov.uk/government/
publications/russia-sanctions-guidance/russia-sanctions-guidance#:~:text=Correspondent%20
banking%20relationships%20and%20sterling%20payments,>, accessed 11 January 2024.
215. For the full list, see Export Control Unit, ‘Russia Sanctions: Guidance’.

42
Annex 2: Defining Key
Concepts
Export controls are national policies that restrict the trade of particular goods
or impose limitations on the destination or end user of such goods. Countries
categorise the goods subject to export control regime including dual-use and a
wide range of strategically important goods, technology and software, list
destinations and mandate a licence to be able to export listed items.216 When
authorising trade-related transactions, banks must check the licences issued by
the relevant authority and products based on the descriptions and HS codes
provided.

Anti Financial Crime processes in banking include obtaining customer information

during the onboarding process, monitoring and screening transactions during
the business relationship, including all the parties involved in transactions and
reporting suspicious activity to FIUs if it warrants reporting to authorities. These
controls are often divided into the following steps: KYC; CDD; customer and
transaction monitoring; and suspicious activity reporting.217

Sanctions screening is also an integral procedure in Anti Financial Crime

processes. Banks screen their clients, their clients’ counterparts and inbound/
outbound payments to ensure that they do not conduct business with sanctioned
entities.218

216. Research Innovation, ‘Export Controls: Regulations and Overview’, <https://researchservices.cornell.edu/

policies/export-controls-regulations-and-overview>, accessed 18 March 2024.
217. Jackie Wheeler, ‘Guidance on Anti-Money Laundering (AML) in Banking and Finance for 2023’, 4 April
2023, <https://www.jumio.com/aml-guidance-banking-finance/>, accessed 18 March 2024.
218. Sanctions Screening: Definition, Importance & Risks, <https://www.okta.com/identity-101/
sanctionsscreening/#:~:text=Sanctions%20screening%20involves%20checking%20against,against%20
fraud%20and%20illicit%20activity>, accessed 18 March 2024.

43