Blog

You’re a Russian businessman looking to buy European-made drones, but sanctions stand in the way. No need to despair — an industry of sanctions-busting enablers is here to help. 

“There will be no trace of the Russian company, and the payment will be successful,” a representative of one such service provider wrote when approached by an undercover reporter on Telegram. 

Posing as a Russian businessman, the journalist had asked for help making a payment to a German drone supplier. It was important, they said, that the German bank did not realize the funds had originated in Russia.

Under EU sanctions, the export of drones to Russia would be illegal apart from rare exceptions, as would assisting in the circumvention of those sanctions. But the representative, who only gave his name as Dima, did not express any concern about facilitating the payment for such a deal.

“We are ready to select companies and start paying,” he wrote. 

Since its February 2022 invasion of Ukraine, Russia has been hit by waves of sanctions from the EU, U.S., and U.K. covering goods ranging from laptops and luxury watches to oil, liquified natural gas, and arms. Western nations have also severed over 70 major Russian banks from SWIFT, the encrypted messaging system that shares payment instructions for international financial transfers.  

These restrictions have given rise to a shadowy industry of payment providers — some of whom openly advertise their assistance in dealing with sanctions or obscuring Russian involvement in transactions, reporters found.

“When sanctions shuffle the cards, we offer real solutions,” reads the Russian-language ad posted on the Telegram channel of one such payment agent, the now-defunct Fin Platform. Another offered advice on its website on “how to get paid for goods if the client doesn’t want to deal with Russia.”

To discover more about this market and the “solutions” these middlemen offer, OCCRP’s partners SourceMaterial and Delfi went undercover and exchanged messages with eight other apparent payment providers on Telegram, Russia’s most popular social media and messaging platform, where users can communicate anonymously.  

Most of the entities operated websites under trading names that OCCRP could not find listed in Russian or other corporate databases. Others appeared only to exist on Telegram.

While reporters did not go through with the payments, in five cases agents agreed to assist them in transactions that would deliver the money to European companies while obscuring the cash’s Russian origins.

In these conversations, reporters explicitly noted that sanctions were an obstacle — either because the goods the company was supposedly buying from Europe had been blacklisted, or because the Russian company itself was sanctioned. 

In response, the agents offered to route the Russian money to Europe through companies in jurisdictions such as Hong Kong, Dubai, and Indonesia.

One solution, offered by Dima, also involved the use of two companies whose key personnel have been listed as senior figures in firms that served TGR, a business group accused by the U.K. and U.S. of running a money-laundering network that helped Russian elites bypass sanctions.  (When reached for comment, the director of one of the intermediary companies suggested by Dima denied any connection to TGR).

The outfit that Dima represented, CW Group, advertises a slate of vague financial services on Telegram, but does not appear to have a website, and reporters could not obtain corporate filings showing it was a registered business.

When later confronted about findings of the investigation, Dima declined to address the specifics of his offers, saying only that “some of the wording and conclusions in your message are your subjective interpretation,” and that “our activities are focused exclusively on supporting international settlements and selecting relevant payment solutions for specific client needs.”

According to Elise Thomas, of the U.K.-based research group the Centre for Information Resilience, a “cottage industry of shady international payment service providers” has flourished in part due to the rise of sanctions on Russia.

These operators often create “several layers of intermediaries” between legitimate financial institutions and their true clients, she said. And by using financial structures that are spread across borders, they make it “difficult for law enforcement in either country to tackle the operation as a whole.”

Ilia Shumanov, a managing partner at TriTrace Investigations, which works for corporate clients to map ownership structures and expose sanctions breaches, said Russia’s sanctions evasion system is mutating faster than Western authorities’ efforts to contain it.

“From a law enforcement perspective, payment systems are currently one or two years ahead of regulators when it comes to developing mechanisms for sanctions circumvention,” he said. “This is a constantly evolving ecosystem backed by millions of dollars in investment, with clear support from the Russian state.”

New Day, New Structure

In response to undercover reporters’ requests, the Russian-speaking agents operating over Telegram offered an array of “structures” whose particulars shifted depending on the details of the transaction.

Dima himself noted the fluid nature of the work: “One structure might be in place today, and another tomorrow,” he wrote.

“This is because banks and jurisdictions regularly change requirements, and it’s important to work with current, ‘clean’ companies that process transactions without delays.”

The goal, he later added, was to find “up-to-date solutions that work seamlessly and allow you to complete the transaction without any unnecessary questions from banks.”

Instead of transferring money directly to Europe, he and another agent suggested diverting the payments through companies in other jurisdictions that would issue invoices to disguise Russian involvement or any trade in sanctioned items.

In some cases, the agents sent reporters the banking details of such intermediary firms, including for companies based in Dubai, Indonesia, Canada, and Germany. OCCRP received a reply from three of the proposed intermediary companies that were approached for comment, all of which denied involvement in any sanctions-evasion scheme.

Several of the payment brokers also touted their use of cryptocurrencies, a technology that Russia has become increasingly reliant upon for its international transactions, according to the latest EU and U.K. sanctions targeting the Kremlin’s use of “shadow financial systems.”

‘No Visible Connection to Russia’

In a separate transaction request an undercover reporter discussed with Dima, the agent suggested the use of several intermediary companies to help ensure there was “no visible connection to Russia.”

In this back-and-forth, the journalist posed as a Russian businessman seeking help receiving money from a Chinese buyer. The reporter explained that the Chinese buyer believed they were purchasing equipment from a firm with bank accounts in Europe, and could not know they were in fact buying from a Russian company.

Although China has not leveled sanctions against Russia, major Chinese banks are increasingly limiting transactions with Russia out of fear of triggering secondary sanctions from the West.

Dima outlined a few options in response to the request. One option was to use companies in Hong Kong to issue an invoice to the Chinese company making the payment, he said..

“To avoid too much attention, you should pay no more than $200,000 per day,” Dima advised.

Later in the conversation, Dima proposed a different route, and provided banking details for a test payment directing the funds to an account that a Canadian company called Grata Payments Ltd held at a Lithuanian electronic money institution named TeslaPay.

By searching corporate records in Lithuania and Canada, as well as archived websites, reporters found that key figures in both entities were also listed as executives in companies ultimately owned by the TGR network’s alleged leaders: Ukrainian George Rossi and Russian national Elena Chirkinyan.

The pair was sanctioned by U.S. authorities in December 2024 for allegedly using TGR companies to provide a “range of services to place, layer, and integrate illicit financial schemes into the global financial system.” (Chirkinyan did not respond to requests to comment, while OCCRP’s emails to Rossi bounced back.)

According to the sanctions notice, TGR’s “extensive sanctions evasion and money laundering network” maintained “touchpoints around the world” that worked to “obfuscate the illicit activities of its clients.”

Records show that the director of the Canadian company that Dima suggested would receive the payment, Estonian lawyer Aleksei Ratnikov, was also listed as director of One Remit, a U.K. company that handled international money transfers for a now-sanctioned TGR Partners, , according to an archived version of the latter’s website.

One Remit was dissolved in 2024, before TGR Partners and other TGR-affiliated companies were sanctioned.

At the time that Ratnikov was appointed One Remit’s director, the TGR group’s alleged second-in-command, Chirkinyan, was the owner of the firm’s holding company registered in Cyprus.

When reached for comment, Ratnikov said he and Grata Payments had no knowledge of CW Group, “are not aware of any activities taking place on Telegram,” and had no connections with the TGR group. He also said the bank details that Dima provided for the test payment were not associated with Grata.

He added that he had been the victim of a fraud by being named as a One Remit director without his consent, though he acknowledged he had been in discussions about taking a director role in the company.

Despite his claim of non-consent, official U.K. company records show he was listed as a director for three years from June 2021 until the firm was dissolved in May 2024.

The digital banking institution where Grata purportedly held an account that would receive the payment, per Dima’s instructions, also has links to the TGR network, records show.

Known as TeslaPay, the Lithuanian firm was established in 2017, with Russian businessman Philipp Larin listed on a corporate document as the chairman of its supervisory board for four months the following year. Larin is also described in an online profile as TeslaPay’s co-founder.

That’s not all: Larin is a shareholder, head of the board, and one of the beneficial owners of another money transfer agency, the Latvian-registered Eastern European Payment System SIA, that listed TGR’s alleged chiefs, Rossi and Chirkinyan, as its beneficial owners between 2020 and 2023.

According to an old website for TGR Partners, Eastern European Payment System was part of the network’s financial plumbing, operating a payments card system for the group.

Larin and TeslaPay did not respond to reporters’ request for comment.

According to Thomas, the expert from the Centre for Information Resilience, networks like TGR represent an evolution in illicit finance.

She said they have been blending new and sophisticated methods of money laundering — such as the use of cryptocurrency — with “age old methods” like trust-based hawala-style networks, a reference to informal transfer systems that remain popular in many parts of the world.

“These kinds of highly diversified operations present a major challenge for law enforcement and investigators,” she said.

Just a day after the Iraqi government abruptly canceled a $764 million contract to overhaul Baghdad’s international airport amid mounting allegations of corruption, the International Finance Corporation (IFC) told OCCRP on Tuesday that it nevertheless remains committed to fostering economic development in the country.

The IFC is the the development financing arm of the World Bank. It had been advising the government on the project since September 2023, alongside the U.S. law firm DLA Piper, overseeing also the multi-million-dollar tendering process.

In it’s statement to OCCRP, the IFC said that its role was to develop a Public-Private Partnership (PPP) to rehabilitate, expand, finance, operate, and maintain the airport and that this was “carried out in accordance with rigorous due diligence and internationally recognized best practices and standards that promote transparency, integrity, and fairness.”

The cancellation of the project represents a severe blow to one of Iraq’s most high-profile public-private partnerships, a deal intended to modernize the capital’s aging and heavily scrutinized airport. The IFC declined to comment on whether it was notified of the cancellation in advance or had any prior knowledge of the corruption allegations. It did say, however, that it remains committed to continuing its engagement with both the Iraqi government and the private sector “in support of Iraq’s economic growth.”

The termination of the project was made public by Communications Minister Mustafa Sanad over the weekend, but he did not mention the graft allegations. The state-run Iraqi News Agency later cited anonymous government sources as saying that the deal had been heavily clouded by “corruption allegations in the past.” 

Unnamed Iraqi officials also told Reuters that the decision followed suspicions of “potential irregularities” within the bidding process and final contract terms.

The decision to scrap the contract underscores the aggressive anti-corruption stance adopted by Prime Minister al-Zaidi, who assumed office promising to root out entrenched graft within the state apparatus. His administration has moved quickly to signal a departure from past practices; earlier this term, anti-corruption forces raided the home of Adnan Mohamed Mahmoud, the deputy minister of oil and refining affairs, arresting him and seizing a massive cache of assault rifles alongside roughly $10 million in cash and gold jewelry.

Baghdad International Airport itself has long been a flashpoint for scrutiny. In 2023, OCCRP exposed severe labor and procurement irregularities at the facility involving Biznis Intel, a Canadian security firm that allegedly pressured employees to waive outstanding salaries totaling hundreds of thousands of dollars.

The ongoing instability within major state contracts highlights the persistent challenges facing Iraq, which currently ranks 136th out of 182 nations on Transparency International’s Corruption Perceptions Index.

Two months ahead of the World Cup, Mexico’s financial intelligence agency asked banks, brokerage firms, and other financial entities in the country to increase surveillance of transactions that could be linked to terrorism financing and the profiliation of weapons of mass destruction.

The non-public directives were sent to financial institutions in April. OCCRP obtained a copy of the document that outlines risk indicators designed to flag illicit money flows. 

Experts consulted by OCCRP pointed out the timing of the instruction and the fact that the World Cup context is propitious for the increase of risk levels in financial operations.

The massive arrival of visitors, the increase in cross-border operations, the growth of activities related to lodging, transportation, entertainment, and sports betting, as well as the intensive use of physical and digital payment methods, generate an exceptionally dynamic financial environment, indicated Paola Medellín Cervantes and Mónica Villarreal Medel from the Advanced Compliance Laboratory, a think tank focused on the subject.

“There is going to be a lot of cash flow and that cash flow is going to enter through different sources,” Villarreal warned. Experts believe that events of this magnitude do not necessarily imply a concrete terrorist threat, but they do increase the volume of operations susceptible to being used to hide or disperse illicit resources among thousands of legitimate transactions.

Among the activities that could require reinforced surveillance are betting, temporary lodging services, digital payment platforms, virtual assets, and some schemes linked to human trafficking. “Illegal betting is daily bread in these scenarios,” affirmed Medellín.

Mexico, according to the specialists, has built a financial system that pays special attention to money laundering, but terrorism financing obliges observing other elements. According to Villarreal and Medellín, the first seeks to hide the illicit origin of the resources but the second focuses on the destination of those resources. “In laundering, you have to watch out for the entry; in financing, it is the exit, where the money goes,” commented Medellín, who is the coordinator of the Laboratory.

While experts agree that Mexico possesses the foundational regulatory framework to combat these threats, they emphasize that existing safeguards must be significantly tightened, particularly regarding “know-your-customer” protocols and beneficial ownership transparency.

“I believe that we are ready, but we need to have tighter controls and strengthen the system,” said Mónica Villarreal, a financial compliance specialist.

The directive acknowledges that Mexico has no current record of terrorism financing or the proliferation of weapons of mass destruction but that its  institutions still need to keep a heightened state of alert, particularly when it comes to high-risk geographic regions, like tax havens, and suspicious transactional patterns that need to be monitored.

Particular scrutiny is directed at jurisdictions under the influence or control of terrorist groups as well as countries facing international sanctions.

Under the new rules, higher-risk accounts require deeper background checks into primary business activities and more rigorous monitoring of transactions.

“The application of the know-your-customer policy must be based on the degree of transactional risk that a client represents,” the document states. 

Critical red flags also include transactions involving non-profit organizations that cannot adequately account for the destination of their funds, frequent transfers to conflict zones, and name matches with international terrorism registries. 

Financial institutions are required to freeze assets if a suspicious transaction is detected and report it to authorities. 

Financial institutions were given until June 7 to submit the new compliance frameworks to their internal communication and control committees. Following internal approval, institutions have 15 days to notify the National Banking and Securities Commission (CNBV) and an additional 60 days to fully implement the mandatory controls.

As a result, Mexican banks, fintech startups, and other financial participants have spent the months leading up to the 2026 World Cup scrambling to overhaul their internal policies and risk matrices. 

In 2025, the Financial Action Task Force (FATF) warned that terrorist organizations seek to adapt their financing mechanisms through the combined use of traditional and digital tools, cross-border transfers, and increasingly sophisticated financial structures.

In January 2025, the United States government initiated the process to designate various Mexican cartels as Foreign Terrorist Organizations (FTO), an event that shook the financial ecosystem and its compliance areas.

Experts highlighted that this decision implied for the entities to analyze if certain financial services could facilitate the administration, preservation, investment, or mobility of resources linked to organizations designated as FTOs.

“Today because of that designation it seems to me that the risk is real and puts financial entities at a greater risk, with the need for them to establish greater controls,” indicated Mónica Villarreal.

The regulatory push follows a rapidly shifting threat landscape. In 2025, the Financial Action Task Force (FATF) warned that terrorist organizations were increasingly blending traditional banking with digital assets and sophisticated cross-border networks to move illicit funds.

For Mexico, the issue assumed a new urgency in January 2025, when the United States government initiated the process to designate several Mexican drug cartels as Foreign Terrorist Organizations—a move that sent shockwaves through the region’s compliance sectors.

Analysts noted that the U.S. designation forced Mexican financial institutions to aggressively re-evaluate whether everyday banking services were inadvertently facilitating the preservation, investment, or mobility of cartel wealth.

“Because of that designation, the risk is real,” Villarreal said. “It places financial entities in a far more vulnerable position, making stronger internal controls absolutely essential.”