Financial Compliance Guidelines

😱 A U.S. VC fund with only $120M under management was just fined $216M for violating sanctions — potentially wiping out the investments of all its LPs. This is GVA Capital, and we need to talk about why this is such a big deal for both GPs and LPs. What happened: From 2018 to 2021, GVA Capital — based in San Francisco and domiciled in the Cayman Islands — knowingly handled tens of millions for sanctioned Russian oligarch Suleiman Kerimov. Even after Kerimov was blacklisted, they allegedly routed investments through his nephew as a proxy. The U.S. Treasury called this a “blatant violation of sanctions law” and hit the firm with a $216M penalty... nearly DOUBLE its AUM. This means almost certain ⚰️ for the firm. Once tied to sanctions violations, raising future funds becomes nearly impossible. What this means for LPs invested in GVA Capital: 💸 Massive Capital Erosion – A $216M fine against a $120M fund means there’s not enough money in the pot. LPs could see their capital essentially wiped. 🚫 Liquidity & Operations Risk – Paying the fine could choke off cash flow for follow-ons, operations, and distributions. 📉 Regulatory Compliance Exposure – Being an LP in a fund tied to sanctioned individuals can create your own compliance headaches — especially for institutional investors. Why this matters for GPs: 🔸 Compliance infrastructure is a non-negotiable. Basic AML/sanctions screening isn’t optional; it’s the foundation that prevents fund-destroying penalties. 🔸 Fund ops, AML, and sanctions screening should be institutional-grade from day one, regardless of fund size. 🔸 Weak operational discipline can undo years of portfolio work in a single enforcement action. Why this matters for LPs: 🔸 Limited liability doesn’t protect investment value. While your personal assets are safe, your committed capital can still be completely wiped out by GP misconduct. 🔸 Always diligence how a fund operates, not just what it invests in. 🔸 Know the back-office provider. Audit AML, sanctions screening, and regulatory compliance processes. Great deal flow means nothing if your compliance foundation is weak. One preventable mistake in the back office can end your career before Fund I is even fully deployed. Institutional-grade compliance isn’t a “nice to have.” It’s the cost of admission if you want to survive in this industry.   —   ✍️ Myrto Lalacos Follow for more on launching, running, and investing in VC firms.

🚨 OFAC Issues Alert on Sanctions Risks for Institutions Joining Russia’s SPFS As compliance professionals, staying informed on geopolitical risks and sanctions updates is critical. On November 21, 2024, the Office of Foreign Assets Control (OFAC) issued a significant warning targeting foreign financial institutions considering participation in Russia’s System for Transfer of Financial Messages (SPFS). SPFS, designed by the Central Bank of Russia as an alternative to SWIFT, is now under increased scrutiny. OFAC has flagged participation in SPFS as a potential sanctions risk, emphasizing its role in facilitating the operations of sanctioned entities and evading international restrictions. Key Points; • Joining SPFS could trigger penalties under Executive Order 14024, targeting harmful foreign activities. • OFAC considers SPFS participation a red flag and warns of aggressive enforcement against entities supporting it. • Financial institutions are advised to evaluate their exposure to SPFS-related activities to avoid being inadvertently used as conduits for sanctions evasion. What Does This Mean for Compliance? This alert underscores the need for enhanced due diligence and robust risk assessments when engaging with counterparties in regions subject to U.S. sanctions. Institutions must ensure their operations and partnerships align with global regulatory frameworks to avoid reputational and financial consequences. How are your organisations preparing for these heightened sanctions risks? Are your due diligence systems ready for the increased scrutiny? #Compliance #AML #Sanctions #OFAC #FinancialCrime #RiskManagement #SPFS #regulation #kyt #crossborderpayments #blockchain

🚨Another useful arrest affidavit for trade compliance teams 🕵️In the attached FBI agent's affidavit, several things jumped out that are useful as a case study for training and communications around U.S. export controls compliance and enforcement risks. ⌛Brent Carlson and I have written and spoken often about the importance of dynamic assessments of risk, i.e., it's important to evaluate export controls enforcement risks by looking at how facts changed over time, not just the facts at a particular moment. ✈️Here, the affidavit contrasts pre-invasion shipments of parts directly from the U.S. to a Russian airline in Moscow with post-invasion transshipment through Armenia, the UAE, and "elsewhere" as evidence that the defendant "knew . . . that the items . . . could not be exported from the United States to Russia without an export license" (p.4). 🔐The FBI agent also considered the defendant's switching from email to encrypted messaging apps as further evidence of the defendant's knowledge of the license requirement (p.5). 🏠In yet another example of how diversion can start close to home, when the defendant switched to indirect procurement and transshipment, orders were placed with U.S. parts suppliers through a New Jersey-based supplier of aircraft components. 🤔There is no allegation that these U.S. suppliers were aware of "red flags" that should have prompted due diligence; for example, there's no allegation that they were previously providing the certain specific parts directly to Moscow and then, post-invasion, were asked to provide the same parts in the same quantities to this New Jersey entity. The defendant's personal involvement was also obscured from the U.S. suppliers. But you could imagine other scenarios where lost orders were quickly replaced by "too good to be true" new purchasers. 👩💻How did the U.S. government uncover the scheme? "In or around December 2022, agents with BIS identified several Electronic Export Information filings . . . from November 11, 2021, through November 30, 2022" that listed an Armenian entity or affiliated persons as the recipients and listed Armenia as the country of ultimate destination. [Note that in August 2022, BIS issued public guidance, "Commodity, End-user, and Transshipment Country Red Flag FAQs," that identified Armenia as one of several countries "especially prone to being used as transshipment points" through "analysis of historical and current trends, relying heavily [on] export and re-export data . . . ." (https://lnkd.in/euCz6d23).] ⚠️The above are all allegations; the defendant, after being extradited from Europe, has entered a plea of not guilty. But the allegations are nonetheless useful windows into what FBI and BIS agents would consider grounds for investigation and arrest. #redflagsrising #exportcontrols #complianceofficers #bis #fbi

The US Treasury did not fine the oligarch. It fined his lawyer. Two weeks ago, OFAC published formal guidance on what it calls “sham transactions,” structures designed to hide a sanctioned person’s continuing interest in property through trusts, proxies, straw owners, and front businesses. An example given was a sanctioned oligarch who transferred his jet to a trust whose sole beneficiary is his unsanctioned wife, then kept flying it. Or a blocked person who moved millions into trusts for his minor children and routed the funds through US banks. Or a blocked company that reincorporated under a new name with new nominal owners and carried on as before. In every instance, OFAC looked past the legal architecture to the question that practitioners should now treat as determinative: who actually controls the assets, who benefits, and who makes the decisions. This pattern is one I encounter constantly. Wealth structured through layers of trusts and nominee arrangements that place the sanctioned individual at removed on paper. In practice, that individual never left the room. The guidance follows enforcement actions where a US lawyer paid $1.09 million for serving as trustee to a Russian oligarch’s family trust and a private equity firm paid $11.49 million for holding investments linked to sanctioned oligarch Suleiman Kerimov through a BVI entity. Both had obtained outside legal advice. Both were told the structures were compliant. The legal opinions did not save them. The 122 transactions the lawyer authorised over four years were each treated as a separate violation. For family offices, trustees, and private client lawyers, the gap between OFAC’s enforcement posture and the compliance assumptions many advisers are still operating under is widening fast. If you are advising clients with any proximity to sanctioned individuals, your own exposure as the professional in the structure is the thing you should be examining first. https://lnkd.in/dZZcvwGW

This Bloomberg News investigative report by Katrina Manson cuts to the core challenges of economic sanctions compliance and, more broadly, identifying potential illicit financial flows. Malign actors exploit legal and business structures to hide their interests in entities and investments. The article describes the use of legal structures like trusts and foundations as well as financial institutions, lawyers, and financial facilitators to obscure the activities of a prominent Russian oligarch, Suleiman Kerimov, an individual sanctioned by the Treasury Department during the first Trump administration in 2018. The article also explains the Treasury Department Office of Foreign Assets Control's (OFAC) systematic civil enforcement actions stemming from this designation, including actions against Heritage Trust (2022), GVA Capital (2025), IPI Partners (2025), and a lawyer and former government official (2025). Thank you to Katrina and Bloomberg News for including my quote in this reporting to contextualize the sustained attention on these activities: "Alex Zerden, a former Treasury official, said the US government historically takes so few enforcement actions that lawyers and compliance experts carefully study each one to understand the implications, particularly given the agency appears to be keeping up its focus on Kerimov." https://lnkd.in/dATp2-Ra

OFSI has published its 2025 Legal Services Threat Assessment, sending a clear message: the legal sector plays a critical role in identifying, preventing, or facilitating sanctions breaches. As enforcement ramps up following the Russia #sanctions regime, this publication provides detailed insight into how legal professionals—including solicitors, barristers, notaries, and trust and company service providers (TCSPs)—are directly exposed to #financialcrime risks linked to sanctioned entities and individuals. 1. Since February 2022, legal services providers accounted for 16% of all suspected breach reports submitted to OFSI—second only to the financial sector. OFSI notes that 98% of these reports came from solicitors and barristers, while TCSPs and other legal intermediaries remain under-reporting despite significant exposure. 2. Breaches of OFSI Licences Are the Most Common Form of Non-Compliance OFSI outlines several critical #compliance failings: • Receiving payments above the limits permitted by OFSI #licence • Continuing transactions after a licence has expired. • Delayed or missing reporting of payments under general or specific licences. • Improper handling of frozen assets, such as transferring them to unauthorized accounts. 3. Russian DPs Are Using Complex Structures to Evade Sanctions The report outlines how Russian elites exploit: • Trusts in offshore jurisdictions • Nominee directors, family proxies, and asset-holding companies. • Deeds of exclusion and share restructuring, to obscure beneficial ownership. OFSI makes it clear that legal professionals can no longer rely on legal privilege to shield them from scrutiny when facilitating such structures. Instead, firms are expected to conduct lookback reviews, report suspicious client activity, and identify DP-linked red flags, such as name similarities, unexplained wealth, and obfuscated trust arrangements 4. Approximately 23% of all breach reports submitted by the legal sector involve one or more intermediary jurisdictions. OFSI flags the following as frequently appearing in reports: • 🇻🇬 , 🇨🇾 , 🇬🇬 , 🇨🇭 • 🇦🇪 🇯🇪 , 🇮🇲 , 🇰🇾 , 🇦🇹 Legal services providers are warned that clients using these jurisdictions without legitimate business justification may be attempting to bypass sanctions—particularly in cases involving high-value assets like UK property, luxury goods, and art. 5. OFSI categorizes enablers into 3 groups: • Complicit: Those knowingly breaching sanctions. • Willfully blind: Professionals failing to conduct proper due diligence. • Unwittingly involved: Those who enable breaches through negligence. The report draws attention to litigation-related exposure, where sanctioned 🇷🇺 businesses may attempt to restructure debt or engage in legal proceedings in the UK, requiring licensed legal support. Even routine #legalservices such as billing, asset transfers, and trustee appointments are now recognized as high-risk touchpoints for sanctions evasion.

When 25% Changes Everything – A Governance Lesson   As I like to learn from history and mistakes (preferably not mine 😉), I treat export controls enforcement actions as a great occasion to do so. Recent publication by US BIS on another administrative settlement (link in the comment) naturally caught my attention.   On the surface, it’s a $1M case involving multiple violations. But what makes it interesting is again not the penalty.   Case involved thermal imaging cameras classified under ECCN 6A003. But many companies may use them in entirely civilian contexts like manufacturing process monitoring, industrial inspections, or fire prevention systems. So what are the lessons here?   Takeaway no 1 De minimis - valuation methodology is as critical as technical classification A central element of the case was the application of the 25% de minimis rule. It was not misclassification. It was valuation methodology. When US origin content is not valued in line with regulatory expectations, jurisdictional conclusions can shift. De-minimis is not just a figure.   Takeaway no 2 Pricing strategy may create export compliance exposure Another aspect of the settlement involved pricing architecture that influenced controlled content percentages. A “market collaboration fee” was introduced in a way that pushed US controlled content below 25%. So be careful, because your commercial structuring may cross into export control circumvention. And, as I am pointing so often, export control exposure does not only arise from shipments, it may arise from pricing strategy and business model design, not mentioning other strategic decisions.   Takeaway no 3 Do not relay solely on your compliance tools providers This case also included exports to an address listed on the Entity List (address-only entry). The company had contacted its screening vendor for confirmation that address-only entries were covered, so all probably looked good, but in the end it turned out these addresses were not properly flagged. Automated screening tools do not replace internal verification and control testing. And I am far away from advertising here any manual, burdensome checks. But compliance systems need to be properly governed and periodically tested. Technology (also AI automations 😉) supports compliance, but it does not replace accountability. The more advanced the systems we build, the more disciplined our governance structures must become.   And of course takeaway no 4 Never ever assume dual use regulations or US nexus are “not your issue”, unless you have checked that 😉   This case strengthens my view that export controls are entering a new era where: (1) experts cannot be replaced by software or AI solutions; (2) those experts should sit at the table where strategic, technological and commercial decisions are made; (3) export controls can no longer operate quietly in the background as they are not a back-office function; and finally #ExportControlsMatter 😉

$216M OFAC Penalty Exposes Venture Capital's Dark Side The Treasury's Office of Foreign Assets Control just delivered a crushing blow to San Francisco-based GVA Capital Ltd., imposing a staggering $215,988,868 penalty - the statutory maximum - for knowingly managing investments for sanctioned Russian oligarch Suleiman Kerimov. GVA Capital's executives didn't just stumble into this violation. They flew to Kerimov's French estate on his private jet in 2016, spending days showcasing investment opportunities to secure his $20 million commitment. When OFAC sanctioned Kerimov in April 2018, GVA Capital didn't stop—they doubled down, continuing to manage his investments through his nephew Nariman Gadzhiev, whom they knew served as Kerimov's proxy. What started as a $20 million investment ballooned to over $436 million by April 2021. GVA Capital attempted multiple sales and distributions that would have directly benefited the sanctioned oligarch, including a planned $18.5 million distribution that OFAC blocked just in time. GVA Capital received explicit legal advice in May 2018 warning that any transactions involving Kerimov would violate sanctions. They ignored it completely, continuing their coordination with Gadzhiev through 2021. When OFAC issued a subpoena in 2021, GVA Capital initially produced only 173 documents, certifying compliance. Two years later, they "discovered" 1,300 additional responsive records they had somehow missed - a 28-month violation streak that added insult to injury. This case exposes critical vulnerabilities in the venture capital ecosystem. OFAC's enforcement action specifically targets "gatekeepers" - investment professionals, attorneys, and corporate service providers who occupy positions of trust but may unwittingly (or willfully) facilitate sanctions evasion. Key takeaways for financial professionals: - Due diligence must go beyond nominal ownership structures - Ongoing monitoring is essential when existing investors become sanctioned - Professional relationships established pre-sanctions don't create immunity - Subpoena compliance failures carry severe independent penalties The enforcement action blocked Heritage Trust's $1.3 billion in assets in 2022, preventing what OFAC called "the imminent liquidation and flight of the entirety of Heritage Trust's assets out of the United States." This isn't just about one firm's spectacular compliance failure. It's a wake-up call for the entire alternative investment industry about the real-world consequences of sanctions evasion and the critical importance of robust compliance programs in an era of evolving geopolitical risks. #Sanctions #Compliance #VentureCapital #OFAC #RiskManagement #FinancialCrime #RegTech

🚨 Critical Export Control Lessons from Recent OFAC Settlement: A Wake-Up Call for Aviation Suppliers As an export compliance professional, I wanted to share some crucial insights from a recent OFAC enforcement action that highlights the increasing complexity of global trade compliance, particularly in the aviation sector. SkyGeek Logistics recently settled with OFAC for $22,172 over six apparent violations of Russian sanctions. While the settlement amount might seem modest, the case offers valuable lessons for companies operating in sensitive industries. Key Takeaways for Export Professionals: Enhanced Due Diligence in High-Risk Sectors The aviation industry, particularly when dealing with parts and equipment, requires heightened scrutiny. SkyGeek's case demonstrates how seemingly routine transactions - like processing refunds or shipping basic goods like paints and coatings - can lead to sanctions violations when dealing with restricted parties. The Importance of Continuous Screening One of the most significant lessons from this case is the need for continuous screening throughout the entire transaction lifecycle. SkyGeek's initial screening missed recent SDN designations, highlighting why one-time screening isn't sufficient in today's rapidly changing regulatory environment. Geographic Risk Factors The case underscores the particular challenges when operating in jurisdictions known for potential sanctions evasion. The UAE's role as a hub for Russian aviation-related activities means companies need to implement additional due diligence measures when dealing with entities in such regions. Practical Recommendations: 👉 Implement robust rescreening protocols, especially for long-standing customers and pending transactions 👉 Utilize advanced screening software with fuzzy logic capabilities 👉 Develop specific procedures for high-risk jurisdictions and industries 👉 Create clear protocols for handling refunds and returns, including mandatory rescreening Industry Impact: This enforcement action demonstrates OFAC's continued focus on Russia's aerospace and technology sectors. Companies in these industries should note that even small-value transactions can trigger enforcement actions if they potentially contribute to Russian military capabilities. Risk Mitigation Steps: SkyGeek's remedial measures provide a blueprint for other companies: 🚅 Comprehensive business review of sales in high-risk jurisdictions 🚅 Enhanced screening protocols with improved search logic 🚅 Regular screening throughout the order fulfillment process 🚅 Updated controls for refund processing 🚅 Enhanced employee training What are your thoughts on these compliance challenges? How does your organization handle continuous screening in high-risk sectors? #ExportCompliance #InternationalTrade #Sanctions #RegulatoryCompliance #Aviation #SupplyChain #OFAC #RiskManagement