CLOSE

close

CLOSE

EN

The shadow fleet that would not die: how OFAC finally caught up with the “Kunlun legacy” network

Recommended
The shadow fleet that would not die: how OFAC finally caught up with the “Kunlun legacy” network

The shadow fleet that would not die: how OFAC finally caught up with the “Kunlun legacy” network
Compliance lessons from the first FCPA Deferred Prosecution Agreement of Trump’s second term

Compliance lessons from the first FCPA Deferred Prosecution Agreement of Trump’s second term
What AMLA’s new risk methodology means for compliance professionals

What AMLA’s new risk methodology means for compliance professionals

There is a temptation to treat the “shadow fleet” as something new. It is often discussed as a Russia-era phenomenon, but the same methods have long been associated with Iran and Venezuela too. In reality, it is often the same playbook, reused for years, with different company names, different flags, and a slightly different corporate story each time.

 

One of the clearest examples of this long game is Kunlun Legacy fleet, a tanker network linked to Bank of Kunlun and Kunlun Holdings Group, and repeatedly reshaped to survive sanctions pressure, and which was hit in OFAC’s latest designations, with four vessels sanctioned on the day. 

 

The recycling matters because most compliance failures in maritime sanctions are not caused by a lack of screening. They happen because organisations screen the “now”, not the “history”.

 

What is a shadow fleet, in plain English?

 

A shadow fleet is a set of vessels used to move sanctioned cargo, typically oil or petroleum products, by hiding who owns the ship, where the cargo came from, and which sanctioned actor is ultimately being served.

 

The concealment is not subtle. OFAC and partners have repeatedly warned that sanctions evasion at sea often involves:

 

  • ship-to-ship transfers (often to disguise origin)

 

 

  • AIS manipulation, including going dark and spoofing

 

 

  • complex ownership and management chains using front companies

 

 

  • falsified trade documentation and data manipulation

 

The goal is to create plausible deniability for everyone downstream: charterers, brokers, insurers, agents, port operators, and banks.

 

The origin story: Bank of Kunlun and the “burner bank” problem

 

The “Kunlun legacy” label starts with a financial institution, not a ship. A “burner bank” is the financial equivalent of a disposable phone: a channel designed to handle the riskiest transactions so others do not have to.

 

In 2012, the US Treasury sanctioned Bank of Kunlun under CISADA, describing it as having provided significant financial services to designated Iranian banks, including transactions involving very large sums.

 

Kunlun appears to have served as an early, deliberate workaround: a channel for Iran-linked business that could absorb sanctions risk while keeping other parts of the system cleaner.

 

When one part of the system is built to take the heat, everything around it gets better at staying out of sight. The names change, the paperwork changes, and the network adapts, but the underlying purpose stays the same.

 

From bank to vessels: how the fleet kept changing its skin

 

The network did not stay anchored to one owner or one corporate structure. Over time, at least seven tanker vessels were associated with the Kunlun-linked group, and four were later caught in OFAC designations tied to the same cluster.

 

The pattern is familiar. Sanctions pressure hits an original actor. Assets shift to a new owner or manager with a cleaner profile. The fleet grows, and the same behaviours continue under a different set of names.

 

In this case, vessels linked to the network later appeared under COSCO Shipping Tanker (Dalian), which OFAC designated in September 2019 in connection with Iran-related sanctions, a move that briefly disrupted shipping markets.

 

COSCO Dalian was later delisted, but the broader lesson is that delisting does not erase the history. The risk often persists in the surrounding ecosystem, reshuffled across management companies, paper owners, and successor entities.

 

From there, the vessels shifted again, moving into new front-company structures, and the network expanded further.

 

The October 2025 crackdown: OFAC starts targeting the ecosystem, not only the ship

 

OFAC’s more recent posture has been increasingly explicit: sanctions enforcement is not only about naming a vessel, it is about dismantling the enabling chain.

 

A good example is the Treasury action on 9 October 2025, which it described as targeting:

 

  • a network moving hundreds of millions of dollars in Iranian LPG

 

 

  • nearly two dozen shadow fleet vessels

 

 

  • a China-based crude oil terminal

 

 

  • an independent “teapot” refinery

 

The same release is unusually detailed about the mechanics of evasion, noting cargo transfers between shadow fleet vessels and activity off Singapore and Malaysia intended to disguise cargo origin.

It also shows how wide the enforcement net can go. Beyond vessels, it names (among others) shipping agents, front companies, and even tugboats alleged to support ship-to-ship operations. 

 

Separate industry analysis of that October 2025 designations package explicitly notes that older dark fleet actors, including the “Kunlun legacy” fleet, appeared within the broader tranche of designations, alongside actions against terminals such as Rizhao Shihua. 

 

Why this network survived for so long

The key point is not that the fleet was invisible. It is that it was visible in fragments.

 

It appears to have survived for years by repeatedly changing ownership and management, which is why investigators increasingly focus on clusters and patterns, looking at sister ships and connected entities rather than a single vessel in isolation.

 

That approach mirrors long-standing guidance from OFAC and partners, which urges organisations to look beyond one-time screening and treat deceptive shipping behaviour as a signal for deeper scrutiny.

 

Practical takeaways for compliance teams

 

If you support maritime trade in any way (shipping, commodities, insurance, finance, logistics, port services), the story points to a few hard requirements for 2026.

 

1) Treat vessel checks as a history exercise, not a tick-box

 

Screening should incorporate:

 

  • IMO number history (names change, IMO does not)

 

  • prior ownership and management chains

 

 

  • repeated links to the same clusters of associated vessels (sister-ship analysis)

 

 

  • past AIS anomalies and ship-to-ship behaviour

2) Make spoofing and “going dark” a stop-and-review event

 

AIS manipulation is not a quirky edge case anymore. Guidance and industry reporting increasingly treat spoofing, blackouts, and implausible positions as high-signal indicators of sanctions risk. 

 

3) Focus on the enablers around the ship

 

OFAC’s October 2025 action is a reminder that risk sits across the chain, including:

 

  • brokers and intermediaries
  • port terminals and discharge points
  • shipping agents
  • support services such as tug operators
  • documentation and data integrity points

If your controls only trigger on “is the vessel on a list today?”, you will miss the operational reality.

 

4) Train the commercial teams, not only compliance

 

Shadow fleet risk is often created by routine commercial decisions: a charter, a change of counterparty, an unusual routing request, a rushed deal with weak paperwork.

OFAC’s shipping guidance is built around scenarios for a reason. It is trying to change operational behaviour, not only compliance language.

 

VinciWorks’ online sanctions compliance training courses give your staff the tools they need to understand and comply with sanctions requirements in these volatile times.