This post has already been read 523 times!
Avoiding OFAC/UN sanctions is like a game of cat and mouse played out on the world stage. The players are office-bound analysts checking transactions for sanctioned individuals/nations, shipping lines trying to disguise their routes, customs and excise on both sides of the trade and the regulators honing in on troubled states.
Currently we have Iran and North Korea trying to peddle their wares through international trade. Oil from Iran and Coal from ‘Rocketman’ Kim Jong-un.
In this post we will describe how the two nations sneak their trades past banks and regulators using nefarious and devious tactics to avoid detection, focusing on oil from Iran.
In any deceptive activity one of the core methods is the art of disguise. And no matter what crime type, all crimes present opportunities to detect through Locard’s law. That is to say, in every crime a criminal will leave behind evidence, be that trace, physical or nowadays digital.
With that last paragraph established, any good ML analyst or Compliance Officer needs to consider how Iran is disguising activity and what can be used to link North Korea and Iran to sanction offences.
Going further, who else in the chain is culpable? What other international actors are involved in the chain – the financial chain or the customs chain?
I’m going to focus on the movement of 2 million barrels of oil, at today’s prices about $64 million.
The Strait of Hormuz is a busy shipping lane. 21 million barrels of oil move through the strait every day – at least when we’re not in the middle of a pandemic anyway.
You would think moving a hulking great tanker full of oil would be impossible to do stealthily. Yet not so fast. In the image you can see the shipping traversing the strait on a busy day. Those markers are satellite tracking markers, tracking every ship on its route. The first step to break the link is to switch the tracker off.
This clearly hides the ship from satellite tracking and means the ship can go literally anywhere. So long as it stays out of the way of any military assets that will be able to spot the ship through a much more human way – the eye-ball!
So the next step is to obfuscate further by re-badging the ship to a neutral country, like the British Virgin Islands. Registering it with a ‘one ship’ company that has no place in the BVI other than to hide identity. Changing the ships name to further confuse what the tanker is doing in the strait.
Then the ship can simply meet up with another tanker and transfer the load, ship to ship out at sea or even in the strait itself. The re-badged ship will be on a bogus journey between two innocent states, making it look like the oil is coming from a legitimate source. And so the oil is transferred to the ship that then transports the oil to its destination.
An analyst searching the ships name for adverse inference will now find nothing – the new ships name can even replicate another ship on international registers further confusing the picture.
The focus now is on the paperwork. A credit letter from a credible bank to confirm buyer funds for transfer to the seller – usually from affiliate branches to large western banks and you are halfway through the financial trail. Of course not providing links to any individual or entity that is sanctioned. Credible explanation of goods in transit and value raise no flags – neither does the pick up port of the re-badged ship, nor the drop off port, which of course are both false.
Weeks later and the bill of laden offers no further insight, matching details of the credit letter and the beneficiary bank see’s no reason to suspect, so again the transaction is approved while the ship is in transit.
No alerts have flagged about the ship, the cargo nor the owners on either side as to sanctioned lists. The crime is complete.
Or is it?
There are more detailed checks that could go on to uncover this activity. A review of the historical shipping data would see the tracking switched off for significant periods. It would show the ship not following a course that indicates the identified journey is being taken, more that the ship is off track or offline altogether. The fact the ship has changed name and registration data, the fact it failed to visit ports as frequently as it ought to have, the fact its draft is wrong; these are all good red flags to something being awry.
So much so, the recipient bank should have refused the transaction and reported the activity to their local FIU.
The problem we have is putting the right tools in the hands of the Compliance Officer. Imagine a tool that identified automatically the tracking history of the ship, tracking days offline, days out of port, cargo transited and more. Imagine draft data to show the ship laden or not. Imagine data to indicate registration of the ship and identifying recent changes in ownership, name or locality. Imagine data that identifies the ship in red flag zones, like the strait.
That is all possible with the right IT provision. Now imagine it embedded with other more traditional checks, so the system flags automatically when things are not quite right. Reducing the foot-work of staff to only alert when flags are alerted collectively.
This is the provision we are planning. Building a networked solution, integrating software already in place, to facilitate one solution, one check, one result. Reducing false positives and focusing with a laser to uncover the real activity.
