Print Article

CASE STUDY & RED FLAGS- IRGC HONG KONG front company trades with PRC, Russia, and Syria IN $$$

Case Study
  1. In February 2024, the U.S. Department of Justice (DOJ)
    • Indicted seven defendants, including a senior Islamic Revolutionary Guard Corps (IRGC) - Qods Force (QF) official and officers of a Turkish energy group, on terrorism, sanctions evasion, fraud, and money laundering charges.
    • In connection with their illicit billion-dollar network that enabled Iran to
      • Sell its oil products to government-affiliated buyers in the PRC, Russia, and Syria and
      • To gain access to foreign currency.
  1. The United States made a significant move by seizing $108 million that China Oil & Petroleum Limited, a Hong Kong-based IRGC front company, attempted to launder through correspondent transaction accounts at U.S. financial institutions in furtherance of the scheme to fund the IRGC-QF’s malign activities through the illicit sale of Iranian oil.
    • Treasury’s Office of Foreign Assets Control (OFAC) sanctioned China Oil & Petroleum Limited on the same day the DOJ unsealed the indictment for its role in arranging contracts, selling hundreds of millions of dollars’ worth of Iranian commodities for the benefit of the IRGC-QF, and using falsified documents to mask the origin of the Iranian commodities.
    • See Treasury, “Treasury Sanctions Transnational Procurement Network Supporting Iran’s Ballistic Missile and UAV Programs” (“Feb. 2, 2024, Treasury Press Release”) (Feb. 2, 2024);
    • DOJ, “Justice Department Announces Terrorism and Sanctions-Evasion Charges and Seizures Linked to Illicit, Billion-Dollar Global Oil Trafficking Network That Finances Iran’s Islamic Revolutionary Guard Corps and Its Malign Activities” (“Feb. 2024 DOJ Press Release”) (February 2, 2024).
  2. In furtherance of this complex scheme, the defendants employed a myriad of deceptive techniques, including:
    • The use of front companies and intermediaries in countries outside of Iran to disguise the IRGC’s role in the oil transactions and the Iranian source of the oil;
    • The use of falsified documentation to misrepresent the source of the oil and deceive unwitting companies and banks to provide services in furtherance of the scheme; and
    • The use of ship-to-ship transfers and
    • The manipulation of location and shipping data for vessels obscures the loading and unloading of Iranian oil cargoes and, therefore, avoids identifying vessels used to facilitate oil smuggling.
  3. Likewise, defendants charged in a related indictment allegedly
    • Negotiated the sale of and sold illicit Iranian oil to buyers in the PRC.
    • Obtained the oil from Iran using surreptitious means and
    • The scheme relied on the use of the U.S. financial system.
  4. According to the indictment, the defendants
    • Created fraudulent documents to mask the oil’s Iranian origin,
    • Used electronic communications to arrange for Chinese buyers,
    • Used shell corporations to launder the proceeds through the U.S. financial system,
    • Provided false information to the U.S. companies about the source of funds generated by the transactions and
    • Used U.S. companies as a “trust” to hold the profits for the IRGC.

Red Flag Indicators Related to the Fundraising and Money Laundering Activities of Iran-Backed Terrorist Organizations:

These crucial red flags, identified by FinCEN, are instrumental in assisting financial institutions in detecting, preventing, and reporting suspicious activity connected to financing Iran-backed terrorist organisations.

These RED FLAGS, in addition to those identified in FinCEN’s advisory notes, remain relevant.

  • 2018 Iran advisory and
  • 2023 Hamas alert,

Given the complexity of the task, it's important to note that no single red flag is determinative of illicit or suspicious activity. Before judging suspicion, financial institutions should comprehensively analyse the facts and circumstances, such as a customer’s historical financial activity, transaction alignment with prevailing business practices, and multiple red flags.

  1. A CUSTOMER or a customer’s counterparty conducts transactions with Office of Foreign Assets Control (OFAC)-designated entities and individuals, or transactions that contain a nexus to identifiers listed for OFAC-designated entities and individuals, including email addresses, physical addresses, phone numbers, passport numbers, or CVC addresses.
  2. CUSTOMER Information included in a transaction between customers or a note accompanying a peer-to-peer transfer includes critical terms associated with terrorism or terrorist organisations.
  3. A CUSTOMER conducts transactions with a money services business (MSB) or other financial institution, including a VASP, that operates in jurisdictions known for, or at high risk for, terrorist activity and is reasonably believed to have lax customer identification and verification processes, opaque ownership, or otherwise fails to comply with AML/CFT best practices.
  4. A CUSTOMER conducts transactions that originate with, are directed to, or otherwise involve entities that are front companies, general “trading companies” with unclear business purposes, or other companies whose beneficial ownership information indicates that they may have a nexus with Iran or other Iran-supported terrorist groups. Indicators of possible front companies include opaque ownership structures, individuals and/or entities with obscure names that direct the company, or business addresses that are residential or co-located with other companies.
  5. A CUSTOMER that is or purports to be a charitable organisation or NPO solicits donations but does not appear to provide any charitable services or openly supports terrorist activity or operations. Sometimes, these organisations may post on social media platforms or encrypted messaging apps to solicit donations, including in CVC.
  6. A CUSTOMER receives numerous small CVC payments from many wallets and then transfers the funds to another wallet, mainly if the customer logs in using an Internet Protocol (IP) based in a jurisdiction known for, or at high risk for, terrorist activity. In such cases, financial institutions can also provide associated technical details such as IP addresses with time stamps and device identifiers that can provide helpful information to authorities.
  7. A CUSTOMER makes money transfers to a jurisdiction known for, or at high risk for, a terrorist activity that is inconsistent with their stated occupation or business purpose with vaguely stated purposes such as “travel expenses,” “charity,” “aid,” or “gifts.
  8. A CUSTOMER account receives large payouts from social media fundraisers or crowdfunding platforms. It is then accessed from an IP address in a jurisdiction known for, or at high risk for, terrorist activity, particularly if the social media accounts that contribute to the fundraisers contain content supportive of terrorist campaigns.
  9. A CUSTOMER company is incorporated in the United States or a third-country jurisdiction. However, its activities occur solely in jurisdictions known for, or at high risk for, terrorist activity and show no relationship to the company’s stated business purpose.


The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more


View our latest imagery from our news and work

Find out more


Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email