skip to main content
FIU-the Netherlands

Joint financial intelligence advisory: illegal procurement of dual-use goods by Russian end-users

In the aftermath of the unjustified invasion of Ukraine by the Russian Federation (Russia), the financial intelligence units[1] of the Netherlands (FIU-NL) and Canada (FINTRAC) received reports from a variety of sources describing the suspected illegal export, or attempted export, of dual-use goods to Russian end-users in violation of current sanctions or export control-related legislation.


Simultaneously, reporting entities in our respective jurisdictions have sought additional guidance on reporting suspicious transactions, or in the case of the Netherlands unusual transactions, related to this activity and on conducting client risk assessments.

An assessment by our respective financial intelligence units found that our jurisdictions are not only confronted with similar challenges, but that the individuals and entities engaging in activities to evade sanctions and export control measures also deploy similar tactics. As such, this joint Advisory has been developed by the above-referenced FIUs, and in consultation with the FIU of the United States (the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN)).[2]


The purpose of this Advisory is to support reporting entities in recognizing financial transactions and other related activity that is suspected of being related to the purchase of dual-use goods for illegal export, and the laundering of the criminal proceeds generated by this activity and includes:

  • A description of how threat actors and products might be identified.
  • An overview of financial and contextual indicators relevant to the illicit dual-use trade.
  • Case studies illustrating common dual-use good sanction evasion and/or export control evasion typologies.

This Advisory reinforces ongoing multilateral engagements and initiatives[3] between our respective jurisdictions designed to further constrain and prevent the Russian Federation from accessing needed technology and goods to supply and replenish its military and defense industrial base. 

How to identify sanction evasion and/or export control evasion with dual-use goods

When attempting to identify whether your customers engage in sanctions evasion or export control evasion with dual-use goods, it can be helpful to look at the products, at the actors involved in the transactions, and at their financial behavior.

Identification of relevant products

Guidance published on September 26th, 2023 by the “Export Enforcement Five” or “E5” (collectively Australia, Canada, New Zealand, the United Kingdom, and the United States) provides a list of controlled items in 45 Harmonized Systems codes[4] that the Russian Federation is using in its weapon systems which E5 countries have prioritized along with international partners, including the European Union.

These items have been divided into four tiers, with tiers one and two containing particularly sensitive items:

  • Tier 1: Integrated circuits (also referred to as microelectronics).
  • Tier 2: Electronics items related to wireless communication, satellite-based radio navigation, and passive electronic components.
  • Tier 3: This tier is divided into electronic and non-electronic items to provide greater clarity to the different industries that may work with these items.
  • Tier 4: Manufacturing, production and quality testing equipment of electric components and circuits.

Tier 1 items and applicable Harmonized System Description and Representative Part are detailed in Figure 1 below.

Specific to the European Union, Annex I of Declaration 2021/821 and Annex VII of Regulation 833/2014 contain general and specific lists with dual-use goods and items that are sanctioned, and which require a special permit and need to meet a number of qualifications before they can be exported to Russia.[5]

In Canada, as of February 24, 2022, Global Affairs Canada has stopped the issuance of new permits under the Export and Import Permits Act for the export and brokering of controlled strategic, dual-use, and military goods and technology to Russia. Exporters with valid permits for the export or brokering of items to Russia prior to this date have had their permits cancelled. Only permits and applications related to specific end-uses such as medical supply and humanitarian needs may be considered for exception, on a case-by-case basis. Further to Canada’s broader export controls architecture, Canada has also imposed export restrictions by imposing sanctions against Russia.  Under Canada’s Special Economic Measures (Russia) Regulations, it is prohibited for any person in Canada and any Canadian outside Canada from exporting, selling, supplying or shipping any good, wherever situated, or to provide any technology, to Russia or to any person in Russia, if it is listed under the Restricted Goods and Technologies List. In addition, Canada has also sanctioned numerous goods for export to and import from Russia; these prohibited goods are listed under various Schedules under the Russia Regulations. Of note, the aforementioned Tier 1 priority goods are prohibited for export to Russia under Schedule 7 of the Russia Regulations.

FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security issued two alerts in June 2022 and May 2023 regarding the Bureau of Industry and Security export control restrictions related to Russia, as well as evasion typologies and efforts by individuals and entities seeking to evade the Bureau of Industry and Security export controls implemented in connection with Russia’s further invasion of Ukraine.[6]

Whilst conducting client risk assessments, restricted dual-use goods can be identified both through their Harmonized System code and through the product descriptions.

To verify that your client risk assessments remain up-to-date, it is important to keep track of the latest sanctions and/or export restrictions in your jurisdiction. During such assessments it can be useful to:

  • Check whether the transactions are related to trade in goods and/or items as mentioned in the above-referenced lists and regulations.
  • Match the flow of goods with the flow of funds.
  • Keep track of the current export exceptions.
  • Request supporting evidence from your customer (e.g. invoices, contracts, bills-of-lading, customs declarations).
  • Cross-check the information your customer provided with the documentary standards that your customer is required to meet.

Identification of actors
Besides the dual-use goods themselves, focusing on a specific group of actors can lead to the identification of dual-use procurement channels as well. This could include persons or companies that are qualified as Russian military end-users, who are known to have engaged in the procurement of dual-use items for the Russian Federation, or who are expected to engage in such procurement activities. For such actor-based detection, you could:

Whilst conducting your client risk assessments, keep in mind that:

  • Your customers could be part of larger company structures that include sanctioned entities/persons.
  • Your customer’s clients could engage in trade with sanctioned entities/persons.

Contextual indicators
In previous cases of dual-use goods related sanction evasion and/or export related criminal offences, one or more of the following indicators were identified:

Person- and entity-based indicators:

  • A dormant company, linked to the trade of dual-use goods, suddenly increases its transaction activity.
  • A company, linked to the trade of dual-use goods, substantially increases its transaction activity leading up to or after the start of the Russian invasion of Ukraine (February 2022).
  • A company introduces complexity into its existing owernship structure shortly after sanctions are imposed.
  • A company, its beneficial owners, or directors have a strong connection with the Russian Federation and/or Commonwealth of Independent States members.
  • A company, linked to the trade of dual-use goods, changes its company activities after the Russian invasion of Ukraine.
  • A company, linked to the trade of dual-use goods, has changes in ownership and/or control structure shortly before or after the adoption of sanctions.
  • A company, linked to the trade of dual-use goods, transfers its ownership and/or control to third parties without appropriate compensation (e.g. family members, friends, known business associates, or known employees of sanctioned individuals take over a company and do not appear to compensate the previous owner).
  • A company, linked to the trade of dual-use goods, transfers its ownership and/or control to third parties, but the transfer is being funded by the sanctioned individual.

Financial indicators
Another way to identify cases of dual-use good sanction and/or export control evasion is by focusing on the financial behavior of your clients:

Financial indicators & transaction patterns:

  • Entities involved in the shipment of goods are not the same as those transferring funds to pay for the goods.
  • Payment is handled by a third party not involved in the trade transaction.
  • The goods are shipped through the sanctioned jurisdiction (e.g. by using a fictive end-user in another country).
  • The goods are shipped to countries bordering the Russian Federation. In these countries, middlemen can re-export the goods to the sanctioned jurisdiction (e.g. via Commonwealth of Independent States-members Armenia, Azerbaijan, Belarus, Kazakhstan, Kyrgyzstan, Tajikistan, and Uzbekistan).
  • The goods are shipped to countries such as Türkiye, China, Hong Kong, and the United Arab Emirates. These countries are known to be used as re-export conduits for the Russian Federation.
  • Invoices are backdated to suggest the trade was part of older contracts for which restriction-exemptions can requested.
  • The payments are conducted via non-resident accounts and/or via accounts of newly established and/or newly acquired companies in Türkiye, China, Hong Kong, and the United Arab Emirates.
  • The payments for business deals with companies located in sanctioning jurisdictions (for example, Canada) are routed through accounts in Türkiye, China, Hong Kong, and the United Arab Emirates.
  • A company with previously large export volumes to Russia shows no decline in transaction activity post-invasion (February 2022).
  • A company which previously had large export volumes to Russia in business activities/sectors that are now subject to sanctions, suddenly engages in trade with countries bordering Russia, and/or with Türkiye, China, Hong Kong, and the United Arab Emirates.
  • Transactions that previously were paid for from Russia, which are now funded by countries bordering Russia, and/or with Türkiye, China, Hong Kong, and the United Arab Emirates.
  • Transactions that previously were conducted from the accounts of subsidiaries are now conducted from the accounts of a holding company/apparent shell company.
  • Obfuscation of the beneficial ownership by a company (i.e. through listing corporate entities as director, officers, or shareholders and/or the seeming use of nominees) engaged in the trade of dual-use goods and/or operating in a known transhipment hub/high-risk jurisdiction such as Türkiye, China, Hong Kong, and the United Arab Emirates.

How to use this advisory


The indicators provided in this advisory reflect types and patterns of contextual and financial factors that may lead to suspicion of the illegal export, or attempted export of dual-use goods to Russian end-users in violation of current sanctions, and the laundering of funds potentially linked to this criminal and threat-related activity. Indicators should not be treated in isolation; on their own, they may not be indicative of money laundering, terrorist financing or other suspicious activity. They should be assessed by reporting entities in combination with what they know about their client, and other factors surrounding the transaction to determine if there are reasonable grounds to suspect that a transaction or attempted transaction is related to the commission or attempted commission of a criminal or, in the case of Canada, specifically, a money laundering offence and terrorist financing. Several indicators may reveal unknown links that, taken together, could lead to reasonable grounds for suspicion. It is a constellation of factors that strengthens the determination of suspicion. These indicators aim to help reporting entities in their analysis and assessment of suspicious financial transactions.

In Canada, all reporting entities that fall under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act must submit a suspicious transaction report to FINTRAC in respect of a financial transaction that occurs or is attempted, and for which there are reasonable grounds to suspect that the transaction is related to the commission or attempted commission of a money laundering or terrorist activity financing offence. Exports of dual-use goods to Russian end-users may, in some circumstances, be violations of the Export and Import Permits Act and as a result generate proceeds that would then be laundered or attempt to laundered, triggering suspicious transaction reporting obligations. The activities described in this advisory, may give rise to additional offences under the Canadian Criminal Code, such as fraud-related offences, that could also generate proceeds of crime. 

Client risk assessment
Reporting entities should also consider that several or all of the listed financial and contextual indicators may be used as part of their Compliance Program’s Risk Assessment of new and current clients. For instance, indicators could be used as part of the determination to either onboard or refuse new clients, and to maintain or cease pre-existing client relationships.  Understanding and applying these indicators can help mitigate against the money laundering and terrorist financing exploitation of a reporting entity’s business. Business-client relationship risk factors evolve over time and fall into the following categories:

  • Products, services and delivery channels that create anonymity and obscure source or destination of funds;
  • Geographical location of the client and their transactions related to high-risk jurisdictions;
  • New developments and technologies made available to clients; and
  • Client characteristics and the purpose of their relationship with a business that define expectations for what are normal or suspicious patterns of activity or transactions.

Contact information
Questions or comments on this advisory may be directed to the financial intelligence unit in your jurisdiction.

Additional resources


Netherlands/European Union

United States

Appendix 1 – Case examples

Sanctioned entity within a larger conglomerate

Figure 1 demonstrates a likely attempt to evade sanctions in which the bill for the delivery of the goods was backdated to a moment prior to the sanctioning of the goods. Several months after the beginning of the Russian invasion an European Union-based company (Organization 1) received funds from a Russia-based company (end-user). Shortly after receiving the funds they were forwarded to another company (Organization 2) of the same ultimate beneficial owner. That company had purchased sanctioned dual-use goods in South Korea (the Producer) which were to be delivered directly to the end-user in Russia.

Figure 1: One sanctioned entity within a larger conglomerate


  • Use of backdated bills
  • Use of middlemen
  • Direct delivery of goods from a non-European Union based producer to an end-user in the Russian Federation
  • Flow of funds that does not match the flow of goods, which also does not match the factual contract

United States
Greek national charged with procuring sensitive U.S. dual-use technologies for Russian military using Netherlands-based defense and technology companies

On May 16, 2023, the U.S. Department of Justice unsealed a criminal complaint against a Greek national for federal crimes in connection with allegedly acquiring more than 10 different types of sensitive technologies on behalf of the Russian government and serving as a procurement agent for two Russian Specially Designated Nationals operating on behalf of Russia’s intelligence services.

As alleged in the complaint, the defendant, Dr. Nikolaos “Nikos” Bogonikolos, headed the Aratos Group (Aratos), a collection of defense and technology companies in the Netherlands and Greece, which are both member countries of the North Atlantic Treaty Organization. According to Aratos’s website, the companies’ areas of expertise included space technologies, homeland security, blockchain, and counter-drone systems.

However, as alleged in the complaint, since 2017 the defendant has been involved in smuggling U.S.-origin military and dual-use technologies to Russia in violation of U.S. law. These highly regulated and sensitive components included advanced electronics and sophisticated testing equipment used in military applications, including quantum cryptography and nuclear weapons testing, as well as tactical battlefield equipment. The defendant claimed that these items were to be used by Aratos, when in reality they were reshipped and sent to Russia in violation of U.S. law. Some of the Russian end users included nuclear and quantum research facilities, as well as Military Unit 33949, part of the Russian Foreign Intelligence Service, known as the SVR.

As described in the complaint, many of these orders were solicited by Serniya Engineering and Sertal LLC (the Serniya Network), Moscow-based companies that operate under the direction of Russian intelligence services. Following Russia’s invasion of Ukraine in February 2022, the U.S. Department of the Treasury’s Office of Foreign Assets Control and the U.S. Department of Commerce (DOC) Bureau of Industry and Security levied sanctions against Serniya, Sertal, and several individuals and companies used in the scheme, calling them “instrumental to the Russian Federation’s war machine.”

As alleged in the complaint, the defendant was recruited as a procurement agent for Russia in 2017. In an email message with a Serniya affiliate, on Dec. 27, 2017, the defendant was told to come to Moscow alone “since the agenda will be a very sensitive one.” Regarding one subsequent order, the defendant advised that he would falsify an export license, saying “I sign that the items are only for Netherlands . . . Sensitive case . . . For the same reason I cannot press the [U.S.] supplier.” The defendant also signed several false end use statements and provided them to U.S. companies, certifying that Aratos was the end user of the requested items, that Aratos would not reexport the goods elsewhere, and that the goods would not be used for weapons development.[8]


Controlled dual-use goods exportation

In 2017, FINTRAC received voluntary information from Canadian law enforcement indicating that a Canadian electronics company was suspected of being involved in the shipping of controlled dual-use integrated circuits. 

Suspicious transaction reports indicated that the company’s transactional activity was consistent with some of the key attributes indicative of the Russian and Eastern European Laundromat Schemes.[9] One suspicious transaction report listed:

  • “Funds originated from high ranking individuals;
  • Individuals located in countries like Russia, Azerbaijan, as well as other Eastern European Countries;
  • High ranking individuals opened shell companies for the purpose of laundering funds;
  • Shell companies registered in tax haven jurisdictions; 
  • Funds remitted via shell companies in tax haven jurisdictions.” 

A suspicious transaction report indicated that the company received electronic funds transfers from possible intermediary jurisdictions for the transshipment of dual-use goods or other illicit financial activity (including Cyprus, Estonia, Latvia, Liechtenstein, and Switzerland).  In some instances, the country of origin did not match the listed address for the entities responsible for ordering the electronic funds transfers.  Additionally, the company was the beneficiary of electronic funds transfers ordered by individuals and entities with addresses listed in Russia. 

A suspicious transaction report noted that the company’s funds were depleted through multiple outgoing cheques to shareholders, and through outgoing electronic funds transfers to an online payment processing company.

When asked about the impact of FINTRAC’s intelligence disclosures pertaining to the company, Canadian law enforcement indicated that the disclosed information triggered a new investigation and provided them with additional and unknown subjects.  They specified that FINTRAC’s disclosures and collaboration were key factors in their understanding of the networks involved and of the overall enforcement success of their cases.  They added that the information provided by FINTRAC contributed to the seeking of formal indictments in an allied country.


[1] A financial intelligence units is a central, national government agency responsible for receiving (and, as permitted, requesting), analyzing, and disseminating to the competent authorities disclosures of financial information concerning suspected proceeds of crime and potential financing of terrorism or required by national legislation or regulation in order to combat money laundering and terrorism financing.   
[2] FinCEN issued two products on Russian export control evasion for U.S. financial institutions.  See FinCEN Alerts, “FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security Urge Increased Vigilance for Potential Russian and Belarusian Export Control Evasion Attempts” (June 28, 2022) (June 2022 Alert), and “Supplemental Alert: FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security Urge Continued Vigilance for Potential Russian Export Control Evasion Attempts” (May 19, 2023) (May 2023 Alert).
[3] See European Commission, REPO Global Advisory on Russian Sanctions Evasion (March 9, 2023).
[4] Harmonized System Codes are used globally to classify goods for export and are used by customs authorities when assessing duties and gathering statistics. The Harmonized System is administrated by the World Customs Organization and is updated every five years. The priority items identified by the E5 are primarily based on the HS code classification of Russian weapons system components recovered on the battlefield in Ukraine. Further, the E5 guidance is not an exhaustive list of all items the Russian Federation is attempting to procure but provides prioritized targets for customers and enforcement agencies around the world.
[5] To find more information about these criteria and the required documentation, see the following website in Dutch:; for further information in German, see 
[6] See June 2022 Alert and May 2023 Alert, supra note 2.
[8] See U.S. Department of Justice Press Release, “Justice Department Announces Five Cases as Part of Recently Launched Disruptive Technology Strike Force” (May 16, 2023)
[9] In March 2017, the Organized Crime and Corruption Reporting Project published an investigative report regarding the “Russian Laundromat”. Source: