The publication by WikiLeaks on the 12th of November of the first batch of documents known as “Fishrot files” was quickly picked up by various media outlets. This has been a hot topic in Norwegian media since mid-November, given the heavy involvement of DNB, the largest bank in Norway. The second batch of documents released was centered on DNB’s Anti-Money Laundering (“AML”) and Know-Your-Customer functions (“KYC”). A quick look at those documents left us with many unanswered questions. Therefore, we decided to analyze them as we would do if we were analyzing those for one of our clients and try to find out whether all of this could have been spotted earlier.
The case: Samherji, a multinational fishing company based in Iceland, used a network of offshore companies to transfer funds, presumably to be used for less-than-ethical purposes connected to its establishment in Namibia. According to WikiLeaks, Samherji “has now become the biggest single recipient of fishing quotas in the country.”
The documents published include an email exchange between the bank’s KYC function, the client, and the CDD (Customer Due Diligence) questionnaires. These documents appear to be connected to two companies, “Cape Cod FS Ltd” and “JPC Shipmanagement (Cyprus) Ltd”. While they kept JPC Shipmanagement as a client until the Bank of New York Mellon flagged and reported one of the transactions as suspicious in 2018, DNB took the decision to terminate the relationship with Cape Cod FS Ltd in 2018. Looking in more detail at the risk indicators’ table (i.e. the criteria DNB seems to be using for assessing), we see that one of the evaluation criteria is whether a customer has a “complex ownership structure”. There, it appears that the DNB’s employee crossed “no” for Cape Cod FS Ltd, based in the Marshall Islands, owned by a Cypriote company, owned by a German company, whose shares were owned by 3 individuals – as disclosed to the bank by the client’s representatives. What are the parameters to define what falls under the definition of “complex”? And what sort of training do employees get in that respect?
Below is the ownership diagram for Cape Cod FS Ltd, as disclosed by the client in an attachment to the email correspondence with DNB during the KYC procedure.
Additionally, WikiLeaks published a 15-page pdf printout of a spreadsheet with some selected transactions to and from accounts of companies supposedly connected to Samherji.
The screenshot below is taken from the spreadsheet printout with the transactions:
The account nr 1503 07 59505 pertains to the company “Esja Seafood Limited”. The counterparties’ names appear in the column “Tekstlinje_1”. The first detail which got our attention was the proportion of round amounts among all these payments, either in NOK or in EUR. This does by no means imply illicit activities, yet it is one of the typical red flags we look at when doing these sort of analysis for our clients: indeed peculiar that there should be only 5 non-round transactions out of 18, from Dec 31st, 2008 to December 12th, 2018. The payments from “Katla Seafood Ltd” are a good illustrative example.
A second interesting detail is how some transactions appear to be simply moving the same amount from an entity to another entity, going through Esja Seafood Ltd’s accounts. On March 23rd, 2018, 46 million NOK were paid by SAMHERJI HF to Esja’s account, then moved 3 days later to an account belonging to “Nergard Invest Samherji AS”. Something similar happened between Nov 27, 2008, and Dec 2nd, 2008, involving another one of Esja’s accounts: 3.1 million EUR were paid in by Seagold Ltd, and then paid out to SEAGOLD LTD EURP. Again, this doesn’t necessarily imply that something “fishy” was going on (pun intended), yet it should raise some questions, especially given the similarity in the names of payers and payees.
A further item that caught our attention is the presence of “duplicate transactions” (another typical indicator we look at in our reviews): occasions where the same amount of money was transferred, within a short time frame, between two entities, as shown in the screenshot above, also taken from the printout of the selected transactions. Under other circumstances, we have seen this technique used as a preferred method to circumvent limits on transaction size.
The invoice below is the one behind a USD 325,000 payment from Esja Seafood Ltd to Tundavala Invest Limited. The red flags which we typically would train our customers about and which we believe should have been noticed if the transaction had been flagged by an AML procedure and the backing documentation had been requested are highlighted in red.
This brief piece of analysis took us roughly 30 minutes. So, this leaves us with the question: how come that these activities went unnoticed for over 10 years, right under the surveillance of KYC and AML experts? How many more cases like this are happening as we unravel the details of this one?