Follow the Money: Why Wire Transfer Regulation Is Failing Banks on Sanctions Compliance

Sanctions are a cornerstone of economic statecraft. They aim to disrupt illicit behaviour, limit strategic capabilities, and constrain the international reach of malign actors. When effectively enforced, sanctions sever access to global markets, financing, and logistical networks. Yet enforcement is only as strong as the weakest link. In practice, sanctioned entities continue to exploit the international financial system, with correspondent banking and cross-border wire transfers providing one of the most effective and least visible routes for evasion.

This paper examines how correspondent banking is used to mask the origin and destination of funds, identifies the core typologies of sanctions evasion through wire transfers, and sets out practical red flags and compliance strategies. It also explores emerging threats, systemic vulnerabilities, and regulatory expectations that financial institutions cannot afford to overlook.

The Global Web of Correspondent Banking

Correspondent banking is the connective tissue of the global payments system. It enables banks to conduct international transactions on behalf of their customers, settle foreign exchange trades, and provide access to jurisdictions where they do not operate directly. This structure relies on chains of trust, often involving multiple intermediaries across different regulatory regimes.

The very characteristics that make correspondent banking so effective - scale, reach, and operational decentralisation - also make it an attractive target for abuse. In many cases, the correspondent bank has no direct relationship with the originator or beneficiary. It relies on the due diligence performed by its respondent counterparties and often processes payment instructions with minimal visibility into the purpose or parties involved.

These gaps are not theoretical. In its 2023 mutual evaluation report, the Financial Action Task Force (FATF) reiterated that correspondent banking remains one of the highest-risk areas for sanctions evasion, particularly where there is insufficient transparency, a lack of data sharing, or inadequate risk assessment of downstream clients.

Typologies of Sanctions Evasion via Wire Transfers

Sanctioned actors use an array of techniques to bypass controls in wire-based payment systems. These include concealment, misdirection, layering, and deliberate exploitation of regulatory and jurisdictional loopholes. The most frequently observed typologies include the following:

• Nested Correspondent Relationships

Nested banking occurs when a financial institution provides services to another bank that itself offers correspondent services to downstream clients. This arrangement creates additional degrees of separation between the originator and the funds' ultimate destination. Sanctioned parties take advantage of this structure by inserting themselves into the lower tiers of the chain, often through regional or poorly supervised financial institutions.

In one documented case, a Syrian petrochemical firm sanctioned under EU and US measures used a nested relationship between a Lebanese regional bank and a major European bank to process payments for raw materials. Because the European bank’s direct customer was the Lebanese institution, and not the Syrian company, the transaction evaded detection until investigative journalists revealed the chain.

• Third-Country Intermediaries & Jurisdictional Arbitrage

A classic technique used to bypass restrictions involves routing payments through third countries not party to the relevant sanctions regime. This form of transshipment exploits jurisdictional gaps and delays in regulatory alignment. For instance, companies operating from the UAE, Turkey, and parts of Africa have frequently acted as intermediaries for Iranian and Russian entities seeking to disguise the origin of funds.

A recent OFAC enforcement action highlighted the role of Dubai-based trading companies in facilitating purchases of dual-use goods for Iranian military-linked organisations. Payments were routed through Southeast Asian and European correspondent banks using carefully disguised commercial justifications, such as industrial maintenance or consultancy services.

• Front Companies & Shell Structures

Sanctioned actors often create or co-opt seemingly legitimate front companies, typically incorporated in jurisdictions with low beneficial ownership transparency. These entities carry out real or fabricated commercial activities and serve as vehicles for moving funds through the formal banking system.

Wire transfers associated with these companies frequently contain vague descriptions of goods or services, making it difficult for banks to assess the true nature of the transaction. In one high-profile case, front companies linked to sanctioned Russian oligarchs channelled tens of millions of pounds through the UK banking system to purchase luxury property, yachts, and artwork. The payments passed through multiple jurisdictions, each adding a layer of obfuscation.

• Trade Finance Abuse & Falsified Invoices

Trade-based sanctions evasion relies on fake or misleading documentation, including invoices, bills of lading, and certificates of origin. Wire transfers support these activities by facilitating the payments attached to the documentation. Banks that process such payments often do so without access to or verification of the underlying documents.

A well-documented case involved North Korean procurement networks that used shell companies in Malaysia and Singapore to send and receive wire payments related to machinery and parts. The equipment was classified as civilian-grade on invoices, but open-source analysis confirmed it could be used in missile development. Correspondent banks in Europe and the US processed the associated payments, unaware of the real end-use.

• Use of Weak Links & High-Risk Financial Institutions

Sanctioned actors frequently choose financial institutions that lack robust compliance frameworks. These institutions may be located in jurisdictions with poor record-keeping, outdated technology, or minimal regulatory oversight. Payments processed through such banks are often deliberately structured to remain below reporting thresholds or to mimic routine business transactions.

In recent years, OFAC and the EU have named several banks and money services businesses in Central Asia and the Caucasus that served as channels for evasion. The complexity and fragmentation of these payment chains make detection and enforcement difficult, especially where information-sharing between regulators is limited.

Red Flags in Wire-Based Transactions

Detecting sanctions evasion requires vigilance across the entire transaction lifecycle. The most common red flags associated with wire transfers involving correspondent banking include vague or missing beneficiary information, repeated use of newly incorporated companies with no business footprint, and payment instructions that contradict the customer’s known profile.

Transfers involving multiple intermediary banks, particularly those in high-risk jurisdictions, should be subject to enhanced scrutiny. So too should transactions structured just below reporting thresholds, which may indicate deliberate evasion of controls. Other indicators include inconsistent or generic payment justifications, unexplained changes to standard settlement patterns, and counterparties with known links to trade in sensitive goods or embargoed regions.

A particularly dangerous blind spot exists when originator or beneficiary information is stripped from the wire transfer at some point in the chain. This often happens during message formatting for SWIFT or due to technical limitations in local banking systems. Financial institutions must ensure that screening tools cover all available fields, not just primary identifiers.

Regulatory Expectations & Enforcement Trends

Regulators are increasingly focused on the role of correspondent banks in sanctions evasion. Both the European Commission and the United Kingdom’s Office of Financial Sanctions Implementation (OFSI) have called for greater scrutiny of correspondent relationships, particularly where the institution serves banks from high-risk jurisdictions. OFSI has also published guidance encouraging UK-based institutions to apply a risk-based approach, taking into account not only the direct customer but also the potential exposure to sanctioned parties through nested and indirect relationships.

In the US, OFAC has issued several enforcement actions against banks that failed to detect evasion through correspondent channels. In one case, a major European bank was fined hundreds of millions of dollars for processing payments for Cuban and Iranian clients through its New York branch. The transactions were deliberately structured to omit identifying information, and compliance teams lacked sufficient training and systems to detect the anomalies.

The Basel Committee and FATF also emphasise the need for transaction monitoring systems to incorporate behavioural analysis, allowing institutions to spot deviations from expected customer activity. This includes tracking payment corridors, counterparties, and commercial activity over time. Traditional rules-based systems are no longer sufficient to manage the complexity of modern sanctions evasion tactics.

In June 2025, the FATF implemented a pivotal amendment to Recommendation 16 (R16) to enhance payment transparency and strengthen global efforts against money laundering, terrorist financing, and sanctions evasion. Under the revised standard, financial institutions processing cross-border payments or value transfers above a de minimis threshold of USD/EUR 1,000 must now ensure that the date of birth of the originator accompanies the payment message, where the originator is a natural person. This requirement applies alongside existing obligations to transmit accurate information on the originator’s name, address, and account number. Where the full date of birth is unavailable, the FATF clarified that the year of birth alone is sufficient.

This development reflects increasing regulatory emphasis on improving the quality of originator information to prevent sanctioned or high-risk actors from exploiting gaps in wire transfer records. In particular, the requirement to include date of birth helps resolve common challenges with name-matching and enhances the reliability of transaction monitoring and screening processes.

Financial institutions are expected to review and update their payment systems and sanctions screening tools to capture and utilise this additional data field. This is especially relevant for correspondent banking relationships, where the absence of direct relationships between institutions and originators has historically limited the effectiveness of due diligence and sanctions controls.

The FATF’s update underscores the principle that effective compliance is predicated on the integrity and granularity of data available throughout the payment chain. Firms must now treat the capture and transmission of date of birth as a baseline expectation in their cross-border payments compliance frameworks, ensuring they remain aligned with evolving global standards and supervisory scrutiny.

Emerging Threats: Digital Currencies & Hybrid Structures

While wire transfers remain the dominant channel for sanctions evasion, the emergence of digital assets and new financial technologies adds a further layer of risk. Hybrid typologies are now appearing that blend fiat wire transfers with cryptocurrency transactions. For example, funds may be moved from a sanctioned jurisdiction to an offshore exchange using a shell company’s bank account, then converted into digital assets, obfuscating the trail.

In some instances, cryptocurrency is used to settle portions of a trade transaction, while wire transfers are used to pay third-party logistics or intermediary firms. These mixed-mode typologies require financial institutions to develop cross-channel detection capabilities and to integrate sanctions screening across both fiat and digital environments.

Systemic Vulnerabilities & Sector-Wide Recommendations

To close the gaps in correspondent banking, several structural reforms are needed. First, there must be stronger international alignment on beneficial ownership transparency, allowing financial institutions to identify the true parties behind corporate structures. Second, improvements in cross-border data sharing and legal cooperation are vital. Sanctions enforcement requires timely, actionable intelligence, which can be impeded by legal and jurisdictional barriers.

Third, banks must invest in upgrading their sanctions screening and transaction monitoring technologies. This includes the use of artificial intelligence and natural language processing to identify suspicious behaviour, non-standard documentation, or unusual payment flows. Institutions should also conduct regular scenario testing to assess whether current systems can detect the types of evasion outlined in this report.

Finally, internal governance matters. Sanctions compliance must be treated as a board-level priority. This includes clear policies on onboarding, escalation procedures, training, and internal audit. Correspondent banking should never be approached as a low-risk revenue stream. It is a high-risk service that requires robust oversight, especially in the context of an increasingly fragmented and multipolar sanctions landscape.

Conclusion: From Compliance Obligation to Strategic Defence

Wire transfers routed through correspondent banking networks remain one of the most powerful tools available to sanctioned actors seeking to access the global financial system. The typologies outlined in this paper demonstrate that evasion methods are becoming more sophisticated, multi-jurisdictional, and embedded in legitimate commercial activity. Financial institutions, regulators and international partners must respond with equal sophistication, applying intelligence-led approaches, cross-border collaboration, and continuous vigilance.

The risks posed by sanctions evasion are not abstract. They directly undermine foreign policy objectives, enable the proliferation of weapons, and fund organised crime and corruption. As geopolitical tensions rise and the use of sanctions becomes more targeted and frequent, the burden on the financial sector will only increase. The FATF’s 2025 amendment to Recommendation 16, mandating the inclusion of date of birth for originators in cross-border payment messages, exemplifies how international standards are tightening to close longstanding gaps in payment transparency.

Strengthening compliance in wire transfers is no longer just a matter of regulatory necessity but of strategic defence and global security. Institutions that invest in the integrity and granularity of their payment data will be better positioned not only to meet emerging regulatory expectations but to protect the financial system itself from exploitation by malign actors.

Is Your Bank Ready for the Next Sanctions Evasion Tactic?

OpusDatum supports banks with expert-led white papers on wire transfer regulation and targeted tools like WireCheck, our transaction risk diagnostic. Get ahead of regulatory expectations and strengthen your wire transfer compliance today.

Download our insights or speak to an expert now.