How Sanctions Evasion Works: Typologies and Red Flags

Sanctioned parties rarely show up under their real names asking to do business. They hide, and your job is to recognize the hiding. This domain, sanctions evasion techniques, is about how targets get around the rules and how you detect them.

It's the bridge between sanctions and money laundering: both depend on concealment, layering, and misdirection. The crucial mindset shift is that screening a clean name proves very little, because evasion is built precisely to pass a name screen. You catch evasion through typologies and red flags, patterns of behavior, not just list matches.

Expect the exam to give you a scenario full of suspicious signals and ask what's going on.

Almost every evasion scheme does one or more of four things. It conceals the true party, putting a clean front in place of the designated person. It conceals the true goods, route, or destination, so a prohibited end-user or embargoed country never appears on the paperwork.

It conceals the money trail, breaking a payment into pieces, swapping currencies, or pushing it through intermediaries. And it exploits gaps between regimes, doing through a non-U.S.

entity what a U.S. one can't, or routing around a jurisdiction that screens harder.

If you can spot which of these four a scenario is using, you can name the typology and choose the right response. The exam rewards that structured eye.

Let's get concrete with red flags, because the exam loves them. Watch for unexplained third parties inserted into a transaction, and for last-minute changes to a beneficiary, a route, or a destination. Watch for opaque ownership, layers of shell companies, nominee directors, and entities formed in secrecy jurisdictions with no real business there.

Watch for routing or currency choices that make no commercial sense, payments that detour through a third country, or a deal that strangely insists on a particular intermediary bank. And watch for reluctance to provide basic information, a customer who won't disclose the real beneficial owner, the end-user, or the ultimate destination of goods. No single flag proves evasion, but a cluster of them should drive escalation and enhanced diligence rather than a quiet clearance.

An important nuance the exam tests: complexity is not the same as evasion. Plenty of legitimate cross-border trade is genuinely complicated, with multiple parties, currencies, and intermediaries. The signal of evasion isn't complexity itself, it's concealment without a credible business rationale, structure that seems designed to obscure who, what, or where.

So when red flags appear, the right move is to resolve them, ask for the beneficial owner, the end-user, the reason for the routing, before you clear the transaction, not to assume the worst and not to assume the best. And whichever way you conclude, document the reasoning. An examiner reviewing the file later will want to see that you saw the flags and explained how you cleared or escalated them.

Over the next two lectures we'll get specific about the two evasion families that dominate sanctions work. First, hiding ownership and control, the shells, fronts, and nominees that let a blocked person operate behind a clean entity, which is exactly where the 50 Percent Rule and beneficial-ownership analysis earn their keep. Second, trade- and payment-based evasion, vessels going dark, transshipment, dual-use diversion, and wire stripping, where the deception lives in shipping documents and payment messages.

As we go, notice that each typology maps to a control you already know from the governance domain, due diligence catches concealed ownership, screening and investigation catch concealed routing.

One more thing about how this domain is tested, because it shapes how you should study it. The exam rarely says here is an evasion scheme; instead it hands you a cluster of facts, a last-minute beneficiary change, a payment routed oddly, a vessel that went quiet, and asks what's going on or what you should do. So your job is to recognize the pattern, name the typology, and pick the right response.

And notice the right response is usually to escalate and resolve the red flags, not to reflexively block or to wave the transaction through, because a red flag raises a question, it doesn't by itself prove a breach. The deeper point is that detection isn't a separate activity bolted onto compliance; it's your program working as designed, due diligence, screening, and investigation catching what evasion tries to hide. Keep that reasoning lens on as we go.

Next up, ownership concealment.