Language selection


Joint financial intelligence advisory: illegal procurement of dual-use goods by Russian end-users


In the aftermath of the unjustified invasion of Ukraine by the Russian Federation (Russia), the financial intelligence unitsFootnote 1 of the Netherlands (FIU-NL) and Canada (FINTRAC) received reports from a variety of sources describing the suspected illegal export, or attempted export, of dual-use goods to Russian end-users in violation of current sanctions or export control-related legislation. Simultaneously, reporting entities in our respective jurisdictions have sought additional guidance on reporting suspicious transactions, or in the case of the Netherlands unusual transactions, related to this activity and on conducting client risk assessments.

An assessment by our respective financial intelligence units found that our jurisdictions are not only confronted with similar challenges, but that the individuals and entities engaging in activities to evade sanctions and export control measures also deploy similar tactics. As such, this joint advisory has been developed by the above-referenced FIUs, and in consultation with the FIU of the United States (the U.S. Department of the Treasury's Financial Crimes Enforcement Network (FinCEN)).Footnote 2


The purpose of this advisory is to support reporting entities in recognizing financial transactions and other related activity that is suspected of being related to the purchase of dual-use goods for illegal export, and the laundering of the criminal proceeds generated by this activity and includes:

This advisory reinforces ongoing multilateral engagements and initiativesFootnote 3 between our respective jurisdictions designed to further constrain and prevent the Russian Federation from accessing needed technology and goods to supply and replenish its military and defense industrial base.

How to identify sanction evasion and/or export control evasion with dual-use goods

When attempting to identify whether your customers engage in sanctions evasion or export control evasion with dual-use goods, it can be helpful to look at the products, at the actors involved in the transactions, and at their financial behaviour.

Identification of relevant products

Guidance published on September 26th, 2023 by the "Export Enforcement Five" or "E5" (collectively Australia, Canada, New Zealand, the United Kingdom, and the United States) provides a list of controlled items in 45 Harmonized Systems codesFootnote 4 that the Russian Federation is using in its weapon systems which E5 countries have prioritized along with international partners, including the European Union.

These items have been divided into four tiers, with tiers one and two containing particularly sensitive items:

Tier 1 items and applicable Harmonized system description and representative part are detailed in the table below.

Harmonized system description and representative part
Harmonized system code Harmonized system description and representative part
8542.31 Electronic integrated circuits: Processors and controllers, such as microcontrollers
8542.32 Electronic integrated circuits: Memories, such as SRAM
8542.33 Electronic integrated circuits: Amplifiers, such as op amps
8542.39 Electronic integrated circuits: Other, such as FPGAs

Specific to the European Union, Annex I of Declaration 2021/821 and Annex VII of Regulation 833/2014 contain general and specific lists with dual-use goods and items that are sanctioned, and which require a special permit and need to meet a number of qualifications before they can be exported to Russia.Footnote 5

In Canada, as of February 24, 2022, Global Affairs Canada has stopped the issuance of new permits under the Export and Import Permits Act for the export and brokering of controlled strategic, dual-use, and military goods and technology to Russia. Exporters with valid permits for the export or brokering of items to Russia prior to this date have had their permits cancelled. Only permits and applications related to specific end-uses such as medical supply and humanitarian needs may be considered for exception, on a case-by-case basis. Further to Canada's broader export controls architecture, Canada has also imposed export restrictions by imposing sanctions against Russia. Under Canada's Special Economic Measures (Russia) Regulations, it is prohibited for any person in Canada and any Canadian outside Canada from exporting, selling, supplying or shipping any good, wherever situated, or to provide any technology, to Russia or to any person in Russia, if it is listed under the Restricted Goods and Technologies List. In addition, Canada has also sanctioned numerous goods for export to and import from Russia; these prohibited goods are listed under various Schedules under the Russia Regulations. Of note, the aforementioned Tier 1 priority goods are prohibited for export to Russia under Schedule 7 of the Russia Regulations.

FinCEN and the U.S. Department of Commerce's Bureau of Industry and Security issued two alerts in June 2022 and May 2023 regarding the Bureau of Industry and Security export control restrictions related to Russia, as well as evasion typologies and efforts by individuals and entities seeking to evade the Bureau of Industry and Security export controls implemented in connection with Russia's further invasion of Ukraine.Footnote 6

Whilst conducting client risk assessments, restricted dual-use goods can be identified both through their Harmonized System code and through the product descriptions.

To verify that your client risk assessments remain up-to-date, it is important to keep track of the latest sanctions and/or export restrictions in your jurisdiction. During such assessments it can be useful to:

Identification of actors

Besides the dual-use goods themselves, focusing on a specific group of actors can lead to the identification of dual-use procurement channels as well. This could include persons or companies that are qualified as Russian military end-users, who are known to have engaged in the procurement of dual-use items for the Russian Federation, or who are expected to engage in such procurement activities. For such actor-based detection, you could:

Whilst conducting your client risk assessments, keep in mind that:

Contextual indicators

In previous cases of dual-use goods related sanction evasion and/or export related criminal offences, one or more of the following indicators were identified:

Person- and entity-based indicators:

Financial indicators

Another way to identify cases of dual-use good sanction and/or export control evasion is by focusing on the financial behavior of your clients:

Financial indicators and transaction patterns:

How to use this advisory


The indicators provided in this advisory reflect types and patterns of contextual and financial factors that may lead to suspicion of the illegal export, or attempted export of dual-use goods to Russian end-users in violation of current sanctions, and the laundering of funds potentially linked to this criminal and threat-related activity. Indicators should not be treated in isolation; on their own, they may not be indicative of money laundering, terrorist financing or other suspicious activity. They should be assessed by reporting entities in combination with what they know about their client, and other factors surrounding the transaction to determine if there are reasonable grounds to suspect that a transaction or attempted transaction is related to the commission or attempted commission of a criminal or, in the case of Canada, specifically, a money laundering offence and terrorist financing. Several indicators may reveal unknown links that, taken together, could lead to reasonable grounds for suspicion. It is a constellation of factors that strengthens the determination of suspicion. These indicators aim to help reporting entities in their analysis and assessment of suspicious financial transactions.

In Canada, all reporting entities that fall under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act must submit a suspicious transaction report to FINTRAC in respect of a financial transaction that occurs or is attempted, and for which there are reasonable grounds to suspect that the transaction is related to the commission or attempted commission of a money laundering or terrorist activity financing offence. Exports of dual-use goods to Russian end-users may, in some circumstances, be violations of the Export and Import Permits Act and as a result generate proceeds that would then be laundered or attempt to laundered, triggering suspicious transaction reporting obligations. The activities described in this advisory, may give rise to additional offences under the Canadian Criminal Code, such as fraud-related offences, that could also generate proceeds of crime.

Client risk assessment

Reporting entities should also consider that several or all of the listed financial and contextual indicators may be used as part of their Compliance Program's Risk Assessment of new and current clients. For instance, indicators could be used as part of the determination to either onboard or refuse new clients, and to maintain or cease pre-existing client relationships. Understanding and applying these indicators can help mitigate against the money laundering and terrorist financing exploitation of a reporting entity's business. Business-client relationship risk factors evolve over time and fall into the following categories:

Contact information

Questions or comments on this advisory may be directed to the financial intelligence unit in your jurisdiction.


Telephone: 1-866-346-8722 (toll-free)
Facsimile: 613-943-7931
Mail: FINTRAC, 24th Floor, 234 Laurier Avenue West, Ottawa ON K1P 1H7, Canada

Additional resources


Netherlands/European Union

United States

Appendix 1 – Case examples


Sanctioned entity within a larger conglomerate

Figure 1 demonstrates a likely attempt to evade sanctions in which the bill for the delivery of the goods was backdated to a moment prior to the sanctioning of the goods. Several months after the beginning of the Russian invasion an European Union-based company (Organization 1) received funds from a Russia-based company (end-user). Shortly after receiving the funds they were forwarded to another company (Organization 2) of the same ultimate beneficial owner. That company had purchased sanctioned dual-use goods in South Korea (the Producer) which were to be delivered directly to the end-user in Russia.

Figure 1: One sanctioned entity within a larger conglomerate
 Flow chart displaying a likely attempt to evade sanctions by a Conglomerate receiving funds from a Russia-based company.


United States

Greek national charged with procuring sensitive U.S. dual-use technologies for Russian military using Netherlands-based defense and technology companies

On May 16, 2023, the U.S. Department of Justice unsealed a criminal complaint against a Greek national for federal crimes in connection with allegedly acquiring more than 10 different types of sensitive technologies on behalf of the Russian government and serving as a procurement agent for two Russian Specially Designated Nationals operating on behalf of Russia's intelligence services.

As alleged in the complaint, the defendant, Dr. Nikolaos "Nikos" Bogonikolos, headed the Aratos Group (Aratos), a collection of defense and technology companies in the Netherlands and Greece, which are both member countries of the North Atlantic Treaty Organization. According to Aratos's website, the companies' areas of expertise included space technologies, homeland security, blockchain, and counter-drone systems.

However, as alleged in the complaint, since 2017 the defendant has been involved in smuggling U.S.-origin military and dual-use technologies to Russia in violation of U.S. law. These highly regulated and sensitive components included advanced electronics and sophisticated testing equipment used in military applications, including quantum cryptography and nuclear weapons testing, as well as tactical battlefield equipment. The defendant claimed that these items were to be used by Aratos, when in reality they were reshipped and sent to Russia in violation of U.S. law. Some of the Russian end users included nuclear and quantum research facilities, as well as Military Unit 33949, part of the Russian Foreign Intelligence Service, known as the SVR.

As described in the complaint, many of these orders were solicited by Serniya Engineering and Sertal LLC (the Serniya Network), Moscow-based companies that operate under the direction of Russian intelligence services. Following Russia's invasion of Ukraine in February 2022, the U.S. Department of the Treasury's Office of Foreign Assets Control and the U.S. Department of Commerce (DOC) Bureau of Industry and Security levied sanctions against Serniya, Sertal, and several individuals and companies used in the scheme, calling them "instrumental to the Russian Federation's war machine."

As alleged in the complaint, the defendant was recruited as a procurement agent for Russia in 2017. In an email message with a Serniya affiliate, on Dec. 27, 2017, the defendant was told to come to Moscow alone "since the agenda will be a very sensitive one." Regarding one subsequent order, the defendant advised that he would falsify an export license, saying "I sign that the items are only for Netherland;) . . . Sensitive case . . . For the same reason I cannot press the [U.S.] supplier." The defendant also signed several false end use statements and provided them to U.S. companies, certifying that Aratos was the end user of the requested items, that Aratos would not reexport the goods elsewhere, and that the goods would not be used for weapons development.Footnote 7


Controlled dual-use goods exportation

In 2017, FINTRAC received voluntary information from Canadian law enforcement indicating that a Canadian electronics company was suspected of being involved in the shipping of controlled dual-use integrated circuits.

Suspicious transaction reports indicated that the company's transactional activity was consistent with some of the key attributes indicative of the Russian and Eastern European Laundromat Schemes.Footnote 8 One suspicious transaction report listed:

A suspicious transaction report indicated that the company received electronic funds transfers from possible intermediary jurisdictions for the transshipment of dual-use goods or other illicit financial activity (including Cyprus, Estonia, Latvia, Liechtenstein, and Switzerland). In some instances, the country of origin did not match the listed address for the entities responsible for ordering the electronic funds transfers. Additionally, the company was the beneficiary of electronic funds transfers ordered by individuals and entities with addresses listed in Russia.

A suspicious transaction report noted that the company's funds were depleted through multiple outgoing cheques to shareholders, and through outgoing electronic funds transfers to an online payment processing company.

When asked about the impact of FINTRAC's intelligence disclosures pertaining to the company, Canadian law enforcement indicated that the disclosed information triggered a new investigation and provided them with additional and unknown subjects. They specified that FINTRAC's disclosures and collaboration were key factors in their understanding of the networks involved and of the overall enforcement success of their cases. They added that the information provided by FINTRAC contributed to the seeking of formal indictments in a partner country.

Date Modified: