By Samantha Sheen, AML Director Europe, ACAMS
24 April, 2017

Practitioner’s Note
Stripping is the deliberate act of changing or removing material information from payments or instructions, making it difficult to identify payments or to connect them to sanctioned parties, individuals or countries.

Most of you who work in the area of sanctions screening and/or investigations will be familiar with the term “stripping”.  For those less familiar, I’ve provided a definition above.

Several financial institutions have been accused of engaging in stripping to circumvent restrictions imposed by economic sanctions. As a result, they’ve paid some substantial penalties, along with being required to comply with additional restrictions, like the appointment of monitors.

What makes stripping so problematic is that it’s an evasion strategy coming from within the financial institution itself.  These cases involved staff inside the institution itself who, for whatever reason, formulated strategies to strip payment messages of customer information for which the institution’s sanction screening tool would have raised an alert.

The real risk in these types of cases is that stripping requires a level of knowledge and intent by the individuals involved. This conduct is the very opposite of what is expected in a financial institution with effective compliance culture. It sends the message to other staff that some rules are meant to be broken or even that compliance controls are a necessary evil, unless you can find a way to get around them.

Now since the cases I’ve mentioned occurred, there has been a tremendous amount of work undertaken in the banking sector to reduce the risk of stripping and to bolster their overall compliance cultures, especially in relation to economic sanctions.

However, it seems that stripping continues to be a concern. But this time the risk arises from customers who may be engaging in this conduct.

Case Study

In March 2017, ZTE Corporation (“ZTE”), a Chinese telecommunications goods company, agreed to an historic combined USD$1.19 billion settlement with various US regulatory authorities. ZTE was found to have knowingly sold and shipped US-originating goods to Iran and North Korea, in breach of export controls and sanction restrictions, and then lying about it to the authorities. Of the total payment, USD$661 million was imposed for ZTE’s breach of export control restrictions imposed on telecom equipment, which is considered to be a dual-use good.

ZTE used a variety of means to conceal both its sale and shipment of these goods. This included using “isolation” or “cut-off” companies.

Practitioner’s Note
Isolation” or “cut-off” companies are used to obscure or conceal the activities which another company or legal entity may engage in. These can be both “shell” and “shelf” companies.

ZTE also co-mingled the restricted goods with other non-restricted goods and omitted to declare the restricted goods on the packing lists.

ZTE took these measures in lieu of applying for a license to lawfully sell and ship these goods, as it was aware that the likelihood of being granted a licence (the goods were restricted for both national security and anti-terrorism reasons) was highly unlikely.

An investigation by authorities into ZTE’s exporting activities was commenced in 2012. Despite, or perhaps because of, the ongoing investigation (which lasted 5 years) – and rather than discontinuing its evasive conduct – ZTE decided to take the concept of “stripping” to a whole new level.

Measures, summarised in a memo signed off by several senior members of ZTE’s management, were introduced to remove all traces of ZTE’s continuing export activities to Iran and North Korea, despite the above investigation being started. The scheme involved the creation of a special team of 13 employees. The team was called the “Contract Data Induction Team”; this team was responsible for facilitating the necessary agreements and arrangements for the continued sale and shipment of the telecom equipment. 

However, the team also:

  • Destroyed, removed or sanitised all transactions materials and other activities relating to ZTE’s Iran business;
  • Deleted on a nightly basis all of the team’s emails; and
  • Was required to sign a non-disclosure agreement covering the transactions and activities the team was tasked with hiding. 

Under the non-disclosure agreement, team members would be subject to a penalty of about $150,000 if a disclosure occurred.

Despite these efforts, ZTE’s conduct was discovered and, on top of the huge settlement payment, they are now subject to a series of strict controls and restrictions imposed by the authorities involved.

Conclusion

I first spoke about the ZTE case as part of a compliance culture panel I moderated at the ACAMS Hollywood Conference this year. Since then, I’ve been thinking more about this case from the context of the controls that both banks and insurers use when dealing with companies like ZTE.

What is the most effective way to determine whether a customer whose business involves dual-use goods, is complying with sanction and export-related restrictions?

For example, ZTE first used a company set up by two of its employees for a totally different business as its “isolation company”. That company wouldn’t have initially appeared to have any connection to ZTE. When this evasion tactic was discontinued and ZTE tried to establish other “isolation” company, they spotted a problem – any new company they established would not be able to show (presumably if asked as part of the investigation) that it had a commercial track record as a shipping business and might possibly raise red flags. And so ZTE moved to what I like to call the “super stripping” option.

I’m obviously condensing an otherwise complicated case here, but it becomes apparent that customer due diligence or CDD is an integral part an effective sanctions program, not only to facilitate focused screening but to also identify anomalies where corporate structures, business arrangements or even correspondence does not “make sense”.

If you can find the time, I’d encourage you to read the factual resume and consider what red flags you can spot, and how a financial institution such as yours might deal with a company like this, especially in relation to dual-use goods. Then assess to what extent you and your staff are confident in your understanding of dual use items, how they are traded and transported and what measures are used to verify their lawful sale, shipment and use.

For more information about the ZTE case see:
https://www.justice.gov/opa/pr/zte-corporation-agrees-plead-guilty-and-pay-over-4304-million-violating-us-sanctions-sending

For the factual resume go to:
https://www.justice.gov/opa/press-release/file/946281/download