Financial Compliance Guidelines

😱 A U.S. VC fund with only $120M under management was just fined $216M for violating sanctions — potentially wiping out the investments of all its LPs. This is GVA Capital, and we need to talk about why this is such a big deal for both GPs and LPs. What happened: From 2018 to 2021, GVA Capital — based in San Francisco and domiciled in the Cayman Islands — knowingly handled tens of millions for sanctioned Russian oligarch Suleiman Kerimov. Even after Kerimov was blacklisted, they allegedly routed investments through his nephew as a proxy. The U.S. Treasury called this a “blatant violation of sanctions law” and hit the firm with a $216M penalty... nearly DOUBLE its AUM. This means almost certain ⚰️ for the firm. Once tied to sanctions violations, raising future funds becomes nearly impossible. What this means for LPs invested in GVA Capital: 💸 Massive Capital Erosion – A $216M fine against a $120M fund means there’s not enough money in the pot. LPs could see their capital essentially wiped. 🚫 Liquidity & Operations Risk – Paying the fine could choke off cash flow for follow-ons, operations, and distributions. 📉 Regulatory Compliance Exposure – Being an LP in a fund tied to sanctioned individuals can create your own compliance headaches — especially for institutional investors. Why this matters for GPs: 🔸 Compliance infrastructure is a non-negotiable. Basic AML/sanctions screening isn’t optional; it’s the foundation that prevents fund-destroying penalties. 🔸 Fund ops, AML, and sanctions screening should be institutional-grade from day one, regardless of fund size. 🔸 Weak operational discipline can undo years of portfolio work in a single enforcement action. Why this matters for LPs: 🔸 Limited liability doesn’t protect investment value. While your personal assets are safe, your committed capital can still be completely wiped out by GP misconduct. 🔸 Always diligence how a fund operates, not just what it invests in. 🔸 Know the back-office provider. Audit AML, sanctions screening, and regulatory compliance processes. Great deal flow means nothing if your compliance foundation is weak. One preventable mistake in the back office can end your career before Fund I is even fully deployed. Institutional-grade compliance isn’t a “nice to have.” It’s the cost of admission if you want to survive in this industry.   —   ✍️ Myrto Lalacos Follow for more on launching, running, and investing in VC firms.

⁉️Sanction Russia - Great resource⁉️ The Wisconsin Project on Nuclear Arms Control issued a fantastic report all #complianceofficer should have on her/his desk. The "Red Flags in real cases, enforcement and evasion of Russia sanctions" is capturing all the regulations in a very pragmatic way. 📌 Red flags aren’t just guidelines – they also have legal implications. Exporters or financial institutions who encounter red flags are obligated to investigate and verify the transaction by “Know Your Customer” requirements within the U.S. Export Administration Regulations (EAR) or “Suspicious Activity Reporting” (SAR) requirements under by the Bank Secrecy Act. 📌 Ignoring red flags, or worse, “self-blinding” by discouraging customers from sharing information about the ultimate end use or destination of the transaction, does not protect the exporter against liability. 📌 Red flags can arise in connection with many aspects of an export transaction, including (1) the product to be exported, (2) the customer buying the product, (3) the network or corporate structure of the customer, (4) the export destination, (5) the logistics of the transaction, and (6) the alleged end use. This report reviews the evolution of U.S. sanctions and trade restrictions since Russia’s 2014 invasion of Ukraine and annexation of Crimea. It then illustrates common red flags using examples from ten recent U.S. enforcement cases (Appendix I) involving illicit exports or financial transfers to Russian entities, as well as several other investigations. What emerges is both a picture of the growing complexity of sanctions evasion and the corresponding importance of export compliance by exporters and financial institutions. #duediligence #BIS #OFAC #FINCEN #sanctions #trade #customs #exportcontrols Cercle K2 George Voloshin, CAMS CGSS, perhaps in view of your next presentation :-) C5 Communications, looking forward addressing it on Monday

🚨 OFAC Issues Alert on Sanctions Risks for Institutions Joining Russia’s SPFS As compliance professionals, staying informed on geopolitical risks and sanctions updates is critical. On November 21, 2024, the Office of Foreign Assets Control (OFAC) issued a significant warning targeting foreign financial institutions considering participation in Russia’s System for Transfer of Financial Messages (SPFS). SPFS, designed by the Central Bank of Russia as an alternative to SWIFT, is now under increased scrutiny. OFAC has flagged participation in SPFS as a potential sanctions risk, emphasizing its role in facilitating the operations of sanctioned entities and evading international restrictions. Key Points; • Joining SPFS could trigger penalties under Executive Order 14024, targeting harmful foreign activities. • OFAC considers SPFS participation a red flag and warns of aggressive enforcement against entities supporting it. • Financial institutions are advised to evaluate their exposure to SPFS-related activities to avoid being inadvertently used as conduits for sanctions evasion. What Does This Mean for Compliance? This alert underscores the need for enhanced due diligence and robust risk assessments when engaging with counterparties in regions subject to U.S. sanctions. Institutions must ensure their operations and partnerships align with global regulatory frameworks to avoid reputational and financial consequences. How are your organisations preparing for these heightened sanctions risks? Are your due diligence systems ready for the increased scrutiny? #Compliance #AML #Sanctions #OFAC #FinancialCrime #RiskManagement #SPFS #regulation #kyt #crossborderpayments #blockchain

State Street Bank and Trust Company Settled with OFAC for $7,452,501!! Why? For violating U.S. sanctions - more specifically the Ukraine-/Russia-Related Sanctions Regulations (URRSR). What happened: State Street's subsidiary, Charles River Systems, Inc., between December 2016 and May 2020: ↳ Reissued or redated invoices to make them appear recent, despite knowing certain payments were under sanctions restrictions. ↳ They accepted multiple late payments from clients associated with Russian financial institutions Sberbank and VTB Bank. Noteworthy details: 👉 There were 38 instances of apparent violations over four years. 👉 At least 18 Charles River staff members were aware of or involved in these violations. 👉 Despite receiving sanctions-related payment guidance from a U.S. financial institution, Charles River continued to disregard these controls. OFAC (Office of Foreign Assets Control) determined these violations as serious. Consequently, the statutory maximum civil monetary penalty could have been $13,550,002. However, considering State Street's cooperation during the investigation and subsequent remedial measures, the final settlement was reduced to $7,452,501. Lessons learned: Sanctions compliance is not optional. Institutions must: ↳ Implement and maintain robust compliance policies. ↳ Ensure all staff are adequately trained and aware of sanctions-related obligations. ↳ Regularly review and update compliance procedures to address identified risks. The question is: Is our organization is adequately prepared to handle such compliance issues?

🚨Another useful arrest affidavit for trade compliance teams 🕵️In the attached FBI agent's affidavit, several things jumped out that are useful as a case study for training and communications around U.S. export controls compliance and enforcement risks. ⌛Brent Carlson and I have written and spoken often about the importance of dynamic assessments of risk, i.e., it's important to evaluate export controls enforcement risks by looking at how facts changed over time, not just the facts at a particular moment. ✈️Here, the affidavit contrasts pre-invasion shipments of parts directly from the U.S. to a Russian airline in Moscow with post-invasion transshipment through Armenia, the UAE, and "elsewhere" as evidence that the defendant "knew . . . that the items . . . could not be exported from the United States to Russia without an export license" (p.4). 🔐The FBI agent also considered the defendant's switching from email to encrypted messaging apps as further evidence of the defendant's knowledge of the license requirement (p.5). 🏠In yet another example of how diversion can start close to home, when the defendant switched to indirect procurement and transshipment, orders were placed with U.S. parts suppliers through a New Jersey-based supplier of aircraft components. 🤔There is no allegation that these U.S. suppliers were aware of "red flags" that should have prompted due diligence; for example, there's no allegation that they were previously providing the certain specific parts directly to Moscow and then, post-invasion, were asked to provide the same parts in the same quantities to this New Jersey entity. The defendant's personal involvement was also obscured from the U.S. suppliers. But you could imagine other scenarios where lost orders were quickly replaced by "too good to be true" new purchasers. 👩💻How did the U.S. government uncover the scheme? "In or around December 2022, agents with BIS identified several Electronic Export Information filings . . . from November 11, 2021, through November 30, 2022" that listed an Armenian entity or affiliated persons as the recipients and listed Armenia as the country of ultimate destination. [Note that in August 2022, BIS issued public guidance, "Commodity, End-user, and Transshipment Country Red Flag FAQs," that identified Armenia as one of several countries "especially prone to being used as transshipment points" through "analysis of historical and current trends, relying heavily [on] export and re-export data . . . ." (https://lnkd.in/euCz6d23).] ⚠️The above are all allegations; the defendant, after being extradited from Europe, has entered a plea of not guilty. But the allegations are nonetheless useful windows into what FBI and BIS agents would consider grounds for investigation and arrest. #redflagsrising #exportcontrols #complianceofficers #bis #fbi

The US Treasury did not fine the oligarch. It fined his lawyer. Two weeks ago, OFAC published formal guidance on what it calls “sham transactions,” structures designed to hide a sanctioned person’s continuing interest in property through trusts, proxies, straw owners, and front businesses. An example given was a sanctioned oligarch who transferred his jet to a trust whose sole beneficiary is his unsanctioned wife, then kept flying it. Or a blocked person who moved millions into trusts for his minor children and routed the funds through US banks. Or a blocked company that reincorporated under a new name with new nominal owners and carried on as before. In every instance, OFAC looked past the legal architecture to the question that practitioners should now treat as determinative: who actually controls the assets, who benefits, and who makes the decisions. This pattern is one I encounter constantly. Wealth structured through layers of trusts and nominee arrangements that place the sanctioned individual at removed on paper. In practice, that individual never left the room. The guidance follows enforcement actions where a US lawyer paid $1.09 million for serving as trustee to a Russian oligarch’s family trust and a private equity firm paid $11.49 million for holding investments linked to sanctioned oligarch Suleiman Kerimov through a BVI entity. Both had obtained outside legal advice. Both were told the structures were compliant. The legal opinions did not save them. The 122 transactions the lawyer authorised over four years were each treated as a separate violation. For family offices, trustees, and private client lawyers, the gap between OFAC’s enforcement posture and the compliance assumptions many advisers are still operating under is widening fast. If you are advising clients with any proximity to sanctioned individuals, your own exposure as the professional in the structure is the thing you should be examining first. https://lnkd.in/dZZcvwGW

$216M OFAC Penalty Exposes Venture Capital's Dark Side The Treasury's Office of Foreign Assets Control just delivered a crushing blow to San Francisco-based GVA Capital Ltd., imposing a staggering $215,988,868 penalty - the statutory maximum - for knowingly managing investments for sanctioned Russian oligarch Suleiman Kerimov. GVA Capital's executives didn't just stumble into this violation. They flew to Kerimov's French estate on his private jet in 2016, spending days showcasing investment opportunities to secure his $20 million commitment. When OFAC sanctioned Kerimov in April 2018, GVA Capital didn't stop—they doubled down, continuing to manage his investments through his nephew Nariman Gadzhiev, whom they knew served as Kerimov's proxy. What started as a $20 million investment ballooned to over $436 million by April 2021. GVA Capital attempted multiple sales and distributions that would have directly benefited the sanctioned oligarch, including a planned $18.5 million distribution that OFAC blocked just in time. GVA Capital received explicit legal advice in May 2018 warning that any transactions involving Kerimov would violate sanctions. They ignored it completely, continuing their coordination with Gadzhiev through 2021. When OFAC issued a subpoena in 2021, GVA Capital initially produced only 173 documents, certifying compliance. Two years later, they "discovered" 1,300 additional responsive records they had somehow missed - a 28-month violation streak that added insult to injury. This case exposes critical vulnerabilities in the venture capital ecosystem. OFAC's enforcement action specifically targets "gatekeepers" - investment professionals, attorneys, and corporate service providers who occupy positions of trust but may unwittingly (or willfully) facilitate sanctions evasion. Key takeaways for financial professionals: - Due diligence must go beyond nominal ownership structures - Ongoing monitoring is essential when existing investors become sanctioned - Professional relationships established pre-sanctions don't create immunity - Subpoena compliance failures carry severe independent penalties The enforcement action blocked Heritage Trust's $1.3 billion in assets in 2022, preventing what OFAC called "the imminent liquidation and flight of the entirety of Heritage Trust's assets out of the United States." This isn't just about one firm's spectacular compliance failure. It's a wake-up call for the entire alternative investment industry about the real-world consequences of sanctions evasion and the critical importance of robust compliance programs in an era of evolving geopolitical risks. #Sanctions #Compliance #VentureCapital #OFAC #RiskManagement #FinancialCrime #RegTech

Office of Financial Sanctions Implementation (OFSI) has issued a penalty notice against Bank of Scotland (part of Lloyds Banking Group ) for processing 24 payments totaling £77,000 to/from a Russia-designated individual in February 2023. The penalty was reduced from £320,000 to £160,000 due to prompt voluntary disclosure. The "Double Miss" Case Study serves as an important lesson for compliance teams regarding failures in both automated and manual controls: - Automated screening failure: The screening system did not reconcile Russian-to-English transliteration variants in the customer's name (Dmitrii Ovsiannikov). While commercial PEP lists detected the individual, the bank relied on a system that overlooked this name variance by not deploying the commercial sanctions list. - Manual review failure: A PEP review identified the designated person around 20–24 February, but human error led to an incorrect assessment that the individual had been removed from UK sanctions. Consequently, the account remained open, processing additional funds before being restricted. Why does this matter? This case reinforces OFSI's strict liability approach and highlights a recurring industry vulnerability: automated systems are failing to catch transliteration variances, and manual teams are misinterpreting complex sanctions data. This is reminiscent of the screening gaps seen in the Wise case (August 2023) and the significant Santander AML fine (2022), which cited similar failures to act on known risk indicators. Three practical takeaways include: 1. List Enhancement: If your commercial PEP list identifies a match that your sanctions filter misses, your sanctions list configuration (particularly fuzzy matching and transliteration logic) may be too loose. 2. PEP & Sanctions Integration: OFSI noted that sanctioned individuals are often PEPs. Escalation procedures should link these workflows— a PEP alert on a high-risk nationality should trigger a secondary sanctions review. 3. Voluntary Disclosure ROI: The 50% discount (£160k saved) validates the business case for prompt self-reporting. LBG disclosed within roughly two weeks of detection. #FinancialCrime #Sanctions #Compliance #RegulatoryCompliance #AML #OFSI