Are You Leveraging Innovative Tools that Detect Location-Based Sanctions Evasion?

Russia’s invasion of the Ukraine has prompted a flurry of sanctions activity in the past few weeks. On March 7th, the Financial Crimes Enforcement Network (FinCEN) issued an alert advising financial institutions to be on the lookout for potential attempts to avoid Russians sanctions. FinCEN asks all financial institutions to “identify and quickly report suspicious activity associated with potential sanctions evasion” making special mention of convertible virtual currency (CVC) exchangers and administrators and to “consider how the use of innovative tools and solutions may assist in identifying hidden Russian and Belarusian assets.”

FinCEN lists several red flag indicators that could indicate that corrupt actors are attempting to avoid sanctions or hide assets. Red flag indicator 8 is:

A customer’s transactions are initiated from or sent to the following types of Internet Protocol (IP) addresses: non-trusted sources; locations in Russia, Belarus, FATF-identified jurisdictions with AML/CFT/CP deficiencies, and comprehensively sanctioned jurisdictions; or IP addresses previously flagged as suspicious.

Given OFAC’s mention of IP addresses and location intelligence in many of their enforcement actions over the last couple of years, it’s not surprising that FinCEN would include a red flag that mentions the need to evaluate this type of location-based sanctions risk in relation to potential Russian sanctions evasion. The key question is:

Just how effective are traditional IP controls
at detecting attempts to evade sanctions?

While many organizations have implemented IP blocking technology in digital channels to address location-based sanctions risk associated with comprehensively sanctioned jurisdictions. But what happens when entities in comprehensively sanctioned countries or regions evade those IP blocking controls by using technology such as VPN or proxy to make it appear they are connecting from another location? Even typical international travelers who may want to stream their favorite series or movie have access to these technologies and have figured out that a VPN or proxy can often be used to evade IP blocking technology.

Organizations need an innovative way to detect digital evasion
that goes beyond the standard IP blocking methods.

Our new LexisNexis® Financial Crime Digital Intelligence module on LexisNexis® ThreatMetrix® is that innovative tool that allows firms to go beyond traditional methods to effectively address sanctions evasions through digital channels. Powered by the strength of the ThreatMetrix® Digital Identity Network®, Financial Crime Digital Intelligence leverages intelligence gathered from over 75 billion annual transactions and is underpinned by a privacy-by-design architecture. Each transaction captures up to 10 different geolocation signals, allowing for unique triangulation of crowdsourced location intelligence that doesn’t rely exclusively on simple IP address.  Those geolocation signals are attached to the different attributes related to the transaction (device information, user data etc.) so that once a transaction takes place originating from a sanctioned jurisdiction, any other transaction that shares those attributes can be flagged as having been associated with a previous transaction from a sanctioned jurisdiction within a given timeframe specified by a Financial Crime Digital Intelligence policy.

The depth and breadth of the global ThreatMetrix Digital Identity Network – which includes contributions not only from financial transactions, but also from ecommerce, gaming, media, communications and healthcare transactions that take place across multiple use cases such as account opening, logins and payments in more than 185 countries – allows our customers to have more intelligent location insight.  It takes advantage of the fact that potential evaders are often careful to obfuscate their locations when they are amid something nefarious or when they know it may present a problem, but previously, when they were hailing a shared cab ride, playing a mobile game, or accessing a medical journal from another device, they may not have been so careful.

Potential evaders are often careful to obfuscate their locations
when they are amid something nefarious,
but not so careful not when hailing a shared cab ride,
streaming media or playing a mobile game.

If a party operating from a comprehensively-sanctioned jurisdiction connects to the website or app of any member of the Digital Identity Network across multiple industries without obscuring the origin of the transaction through a VPN or proxy, the next time that individual transacts with the Digital Identity Network, even if they’ve connected through a VPN, the Digital Identity Network remembers and reveals to its users that there was a previous transaction by that same identity originating from a sanctioned country. So, if someone wants to make a minor purchase from a digital retailer and because they feel it’s a low-risk transaction and don’t use a VPN when connecting, the next time they want to check their bank balances from a financial institution that follows sanctions regulations, that first, unprotected transaction will inform the financial institution that there is potential sanctions evasion risk. Even if someone always connects through a VPN or uses different devices for different activities, the strength of the Digital Identity Network’s digital identity linking and other geolocation signals, such as mobile GPS or time-zone, can identify that transaction as having potentially originated from a sanctioned jurisdiction.

This is precisely the type of innovative tools and solutions needed to combat financial crime and potential sanctions evasion in the new digital world we’re living in.

For more information
If you have any questions about LexisNexis® Financial Crime Digital Intelligence and how its innovative approach can help your organization more effectively identify potential sanctions evasion through digital channels, you can learn more here: risk.lexisnexis/FCDI