October 11, 2018: FinCEN issues Iran advisory – and OFAC promotes it

Yesterday, FinCEN issued an advisory about Iran’s “illicit and malign activities” – and, for some reason, OFAC sent out an email promoting it.

Here is FinCEN’s press release:

FinCEN Issues Advisory on the Iranian Regime’s Illicit and Malign Activities and Attempts to Exploit the Financial System 

Steve Hudak
Immediate Release
October 11, 2018

WASHINGTON—The Financial Crimes Enforcement Network (FinCEN) issued an advisory today to help financial institutions better detect and report potentially illicit transactions related to the Islamic Republic of Iran. The advisory is also intended to help foreign financial institutions better understand the obligations of their U.S. correspondents, to avoid exposure to U.S. sanctions, and to address the Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) risks that Iranian activity poses to the international financial system. The advisory provides information on the threats the Iranian regime poses to the U.S. financial system as well as to institutions that have correspondent banking relationships with U.S. financial institutions, describes deceptive financial strategies that the Iranian regime uses to evade sanctions, and provides red flag indicators related to specific malign activities and typologies.

“This advisory lays out in great detail the extent to which the Iranian regime uses deceptive practices, including front companies, fraudulent documents, exchange houses, seemingly legitimate businesses and government officials, to generate illicit revenues and finance their malign activities. Iran’s deceptive practices have been orchestrated not only by elements of their government such as the IRGC-Qods Force, but also by Central Bank of Iran officials who were at the highest levels. Any country that allows its Central Bank to be involved in deception in support of terrorism requires the highest levels of scrutiny, particularly when the country itself is the world’s largest state sponsor of terrorism,” said Sigal Mandelker, Under Secretary of the Treasury for Terrorism and Financial Intelligence. “Governments, financial institutions of all types around the world, and other companies need to be on high alert to the types of schemes described in this advisory. More than that, as we expect Iran to continue to attempt to engage in wide scale sanctions evasion while simultaneously using its resources to fund a broad array of malign activity, financial institutions should continue to sophisticate their compliance programs to keep these actors from exploiting them.”

On June 5, 2018, Under Secretary Mandelker delivered extensive remarks on the surreptitious means by which the Iranian regime finances itself.

“Crucial insight provided through Suspicious Activity Reports (SARs) and other valuable information conveyed by the financial sector have been instrumental in identifying money laundering and other financial schemes associated with the Iranian regime,” added FinCEN Director Kenneth A. Blanco. “This advisory focuses financial institutions’ attention on the current risks associated with transactions involving the Iranian regime. It also provides concrete red flags and typologies to help them identify potentially illicit Iran-linked activity. In so doing, this advisory not only increases industry awareness; it also enhances the future value of related SAR reporting and ultimately strengthens the safety and security of the U.S. financial system.”

The advisory details how the Iranian regime has abused the international financial system through illicit means. For example, the Iranian regime has masked illicit transactions using senior officials of the CBI, who used their official capacity to procure hard currency and conduct transactions for the benefit of the Islamic Revolutionary Guard Corps-Qods Force (IRGC-QF) and its terrorist proxy group, Lebanese Hizballah. Accordingly, financial institutions are advised to exercise appropriate due diligence when dealing with transactions involving exchange houses that may have exposure to the Iranian regime and/or designated Iranian persons, and the advisory details examples of exchange house-related schemes. Iran-related actors use front and shell companies around the world in procurement networks through which the Iranian regime has gained goods and services related to currency counterfeiting, dual-use equipment, and the commercial aviation industry.

The advisory further warns financial institutions to be on the lookout for possible evasive practices involving Iranian shipping companies. Financial institutions should also be aware of possible Iranian abuses of virtual currency and precious metals to evade sanctions and gain access to the international financial system and to conceal their nefarious actions.

In order to help financial institutions identify deceptive activity potentially linked to the Iranian regime, FinCEN has included red flags in its advisory. For example, CBI officials’ routing transactions to personal accounts rather than central bank or government-owned accounts, and individuals or entities with no central bank or government affiliation withdrawing funds from such accounts, may be a red flag for financial institutions to investigate. Similarly, wire transfers or deposits that do not contain any information on the source of funds, contain incomplete information about the source of funds, do not match the customer’s line of business, or that involve jurisdictions where there is a higher risk of dealing with entities linked to the Iranian regime may be red flag indicators of illicit Iranian attempts to gain access to the U.S. financial system or evade sanctions.

Following the full re-imposition on November 5, 2018 of sanctions lifted under the Joint Comprehensive Plan of Action (JCPOA), FinCEN expects that Iranian financial institutions, the Iranian regime, and its officials will increase their efforts to evade U.S. sanctions to fund malign activities and secure hard currency for the Government of Iran. Treasury and the U.S. Government are interested in information related to the Iranian regime’s efforts outlined in this advisory, as well as information pertaining to how the Iranian regime or Iranian entities subject to sanctions, including the CBI, otherwise evade the sanctions and access the U.S. financial system.

When filing a SAR, financial institutions should provide all pertinent available information in the SAR form and narrative. FinCEN requests that financial institutions reference this advisory by including the key term “Iran FIN-2018-A006” in the SAR narrative and in appropriate SAR fields to indicate a connection between the suspicious activity being reported and the persons and activities highlighted in the advisory.

Here’s the intro to the Advisory:

Advisory on the Iranian Regime’s Illicit and Malign Activities and Attempts to Exploit the Financial System

The Financial Crimes Enforcement Network (FinCEN) is issuing this advisory to help U.S. financial institutions (particularly banks; money services businesses (MSBs), such as virtual currency administrators and exchangers; and dealers in precious metals, stones, and jewels) better detect potentially illicit transactions related to the Islamic Republic of Iran (Iran). This advisory will also help foreign financial institutions better understand the obligations of their U.S. correspondents, avoid exposure to U.S. sanctions, and address the Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) risks that Iranian activity poses to the international financial system.1

The Iranian regime has long used front and shell companies to exploit financial systems around the world to generate revenues and transfer funds in support of malign conduct, which includes support to terrorist groups, ballistic missile development, human rights abuses, support to the Syrian regime, and other destabilizing actions targeted by U.S. sanctions.

This advisory highlights the Iranian regime’s exploitation of financial institutions worldwide, and describes a number of typologies used by the regime to illicitly access the international financial system and obscure and further its malign activity. It also provides red flags that may assist financial institutions in identifying these methods.2 Additionally, this advisory is intended to assist financial institutions in light of the United States’ withdrawal from the Joint Comprehensive Plan of Action (JCPOA) and the re-imposition of U.S. sanctions previously lifted under the JCPOA following the 90- and 180-day wind-down periods for certain activities, while also reminding financial institutions of regulatory obligations under the Bank Secrecy Act (BSA) and the Comprehensive Iran Sanctions, Accountability, and Divestment Act of 2010 (CISADA).3

1. For general information on U.S. sanctions on Iran, see the “U.S. Sanctions” section on p.15 of this advisory.

2. While this advisory addresses U.S. sanctions that prohibit U.S. persons and U.S.-owned or -controlled foreign entities from engaging in transactions involving Iran, including persons “ordinarily resident” in Iran, financial institutions should not take this to mean that all transactions involving Iran, Iranian citizens, or persons with connections to Iran are suspicious or prohibited. Institutions should instead regard an Iranian nexus and the typologies listed in this advisory as factors to consider when assessing whether any specific transaction or activity has an illicit nexus or is otherwise prohibited.

3. For more information about the withdrawal of the United States from the JCPOA, please see https://www.treasury.gov/resource-center/sanctions/OFAC-Enforcement/Pages/20180508.aspx and https://www.treasury.gov/resource-center/sanctions/Programs/Pages/iran.aspx.

This is then followed by specific sections on each way that Iran is exploiting the financial system, including through exchange houses, procurement networks, maritime shipping, precious metals and virtual currency. It includes a reminder of regulatory expectations, and has a really nice set of red flags:

Illicit Activity by the CBI or Its Officials

Use of Personal Account. The CBI or CBI officials route transactions to personal accounts instead of central bank or government-owned accounts. Individuals or entities with no central bank or government affiliation withdraw funds from such accounts.

Unusual Wire Transfers. The CBI engages in multiple wire transfers to banks or financial institutions that the CBI would not normally engage in, or that are not related to traditional central bank activity.31

Use of Forged Documents. Front companies acting for or on behalf of designated persons use forged documents to conceal the identity of parties involved in the transactions. For example, as a part of the IRGC-QF’s currency exchange network scheme, documents were forged by an IRGC-QF front company manager to mislead authorities and conceal the true customers of the entities involved in the scheme.
Illicit Activity through Exchange Houses
Use of Multiple Exchange Houses. Customers may have transactions moving through multiple exchange houses, adding additional fees and costs as they progress through the system. The fees, number of transactions, and patterns of transactions are atypical to standard and customary commercial practices.
Multiple Depositors. Account holders that receive deposits—that do not appear to match the customer’s profile or provided documentation—from numerous individuals and entities.
Use of Procurement Networks
Shell or Front Companies. Transactions involving companies that originate with, or are directed to, entities that are shell corporations, general “trading companies”, or companies that have a nexus with Iran. For example, a company has an affiliate in Iran or is owned by individuals known to be loyal to the Iranian regime, and appears to lack a general business purpose. Iran uses front companies incorporated across the world, including in Asia and Europe. Other indicators of possible shell companies include opaque ownership structures, individuals/entities with obscure names that direct the company, or business addresses that are residential or co- located with other companies.
Suspicious Declarations. Declarations of information that are inconsistent with other information, such as previous transaction history or nature of business. Declarations of goods that are inconsistent with the associated transactional information.
Unrelated Business. Transactions that are directed to companies that operate in unrelated businesses, and which do not seem to comport with the Customer Due Diligence (CDD) and other customer identification information collected during client onboarding and subsequent refreshes.
Illicit Procurement of Aircraft Parts
Use of Front Companies and Transshipment Hubs to Source Aircraft Parts. Financial institutions that facilitate commercial aviation-related financial transactions where the beneficial ownership of the counterparty is unknown and the delivery destination is a common transshipment point for onward delivery to Iran. Iran-linked persons have attempted to source U.S.-origin aircraft and related parts from third countries known to be hubs for maintenance, repair, and overhaul operations, and then use front companies located in third-countries to conceal or obfuscate the ultimate Iranian beneficiary of the U.S.-origin aircraft, parts, and aviation-related materials.

Misrepresentation of Sanctions. Misrepresenting to suppliers, dealers, brokers, re-insurers, and other intermediaries that sanctions against Iran have been lifted or are no longer applicable as a result of the JCPOA, or falsely claiming without supporting documentation that an OFAC license has been obtained.

Iran-Related Shipping Companies’ Access to the U.S. Financial System

Incomplete and Falsified Documentation. Transactions and wire transfers that include bills of lading with no consignees or involving vessels that have been previously linked to suspicious financial activities. Documentation, such as bills of lading and shipping invoices, submitted with wire and payment requests that may appear to be falsified, or with key information omitted, in an attempt to hide the Iranian nexus.

Inconsistent Documentation for Vessels Using Key Ports. Inconsistencies between shipping- related documents and maritime database entries that are used for conducting due diligence. For example, the maritime database may indicate that a vessel docked in an Iranian port, even though this information is not included in the shipping documents submitted to financial institutions for payment processing. Major ports in Iran are Bandar Abbas, Assaluyeh, and Bandar-e Emam Khomenyi, which is also known as Abadan. Port cities on the Gulf include: Ahvaz, Bushehr, Bandar-e Lengeh, Bandar-e Mahshahr, Chabahar, Kharg Island, and Lavan Island. Kharg Island and Lavan Island are major oil and gas ports.

Previous Ship Registration to Sanctioned Entities. Vessels whose ownership or operation is transferred to another person—following OFAC’s designation of its owner or operator—on behalf of the designated person, but the designated owner or operator maintains an interest in the vessel.

Suspicious Funds Transfers

Lack of Information Regarding Origin of Funds. Wire transfers or deposits that do not contain any information about the source of funds, contain incomplete information about the source of funds, or do not match the customer’s line of business.

Unusual or Unexplainable Wire Transfers. Multiple, unexplained wire transfers and transfers that have no apparent connection to a customer’s profile. For example, individuals may claim that the unusually high-value wire transfers they receive from one or more foreign countries are merely funds sent from relatives in Iran. In addition, wire transfers to accounts in the United States from high-risk jurisdictions that have no apparent connection to the customer’s line of business.

Using Funnel Accounts. Third parties from across the United States who deposit funds into the accounts of U.S.-based individuals with ties to Iran.32 The deposits and associated transactions do not match the account holder’s normal geographical footprint, and the source of the funds is unknown or unclear.

Structuring Transactions. U.S. persons send or receive money to or from Iran by structuring the cash portion of the transactions to avoid the currency transaction reporting threshold of $10,000. Individuals returning to the United States from Iran also may make large deposits of monetary instruments rather than cash.

Gold. Given Iran’s prior use of gold as a substitute for cash to evade U.S. sanctions, financial institutions should consider conducting additional due diligence on transactions related to precious metals, particularly in geographic regions in close proximity to Iran (such as Turkey) that engage in significant gold-related transactions. Additionally, financial institutions may notice transactions not obviously linked to Iran, but related to the purchase of unusually high volumes of gold.

Virtual Currency

Logins from Iranian Internet Protocol Addresses or with Iranian Email. Internet Protocol (IP) login activity from entities in Iran or using an Iranian email service in order to transact virtual currencies through a virtual currency exchange. In such cases, financial institutions may also be able to provide associated technical details such as IP addresses with time stamps, device identifiers, and indicators of compromise that can provide helpful information to authorities.33

Payments to/from Iranian Virtual Currency Entity. A customer or correspondent payment to or from virtual currency exchanges that appear to be operating in Iran.

Peer-to-Peer (P2P) Exchangers. Unexplained transfers into a customer account from multiple individual customers combined with transfers to or from virtual currency exchanges. Wire transfers are usually associated with funding an account or withdrawing value, especially with foreign exchanges that may operate in multiple currencies.


FinCEN Advisory

FinCEN Press Release

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s