The Professional
Confirmed - Breach Data Confirmed - Corporate Records
Sergey Grigoryan, born 1964, is not the kind of person who loses $6.9 million by accident. His career was built in international finance -- the kind of career where you learn exactly how money moves across borders, through shell companies, and past regulators.
He worked at Pioneer Investments, the asset management arm of UniCredit that would later merge into Amundi -- today managing $2.2 trillion. This was not a back-office job at a provincial bank. Pioneer Investments was a global operation spanning 27 countries. The people who worked there understood financial infrastructure at an institutional level.
Grigoryan's corporate email at Pioneer was sergey.grigoryan@pioneerinvestments.com. His password was profit.
It is almost too perfect a metaphor. A man whose password was literally "profit" would go on to oversee a public office that spent $6.9 million with no paperwork whatsoever.
The Digital Footprint
Confirmed - Breach Data Pattern Analysis
Breach data tells us things corporate biographies never will. Here is what the data reveals about the people at the center of this story.
| Password | What It Tells Us | |
|---|---|---|
sergey.grigoryan@pioneerinvestments.com | profit | Pioneer Investments (now Amundi) employee. Password = motive as metaphor. |
sergey.grigoryan@adc.am | gry1964 | ADC.AM domain. "gry1964" = surname + birth year. Born 1964. |
gevorgyan.susanna@bk.ru | hayastan | Wife Susanna Gevorgyan. "hayastan" = Armenia in Armenian. Russian mail.ru service. |
evatech@orange.fr | ev220599 | French email, Evatech name. "220599" = possible date (May 22, 1999). Papazian-France connection. |
The passwords are biographical. gry1964 is Grigoryan's surname abbreviation plus his birth year. hayastan -- "Armenia" in Armenian -- is his wife's password on a Russian email service. The evatech@orange.fr account connects to France, where Papazian studied and maintained connections, and shares the Evatech name with Grigoryan's post-ANIF company.
ADC.AM -- The Armenian Domain
Confirmed - Breach Data Confirmed - DNS Records
The domain ADC.AM -- where Grigoryan had his second email -- is itself revealing. Five employees from this domain appear in breach databases. The site was hosted on Hetzner Online GmbH servers in Germany.
| Detail | Finding |
|---|---|
| Domain | ADC.AM |
| Employees breached | 5 |
| Hosting | Hetzner Online GmbH, Germany |
| Grigoryan's password | gry1964 (surname abbreviation + birth year) |
| Pattern | Small Armenian operation with German hosting -- typical for entities wanting EU data jurisdiction without EU-level security |
A company hosting in Germany but operating from Armenia, with five employees whose credentials ended up in breach databases, suggests an organization that understood the value of European server jurisdiction but did not invest in basic cybersecurity. This is the kind of technical infrastructure you see in companies designed for financial intermediation -- enough sophistication to look legitimate, not enough to actually be secure.
The Pre-Existing Offshore: Marathon S.A.
Confirmed - BVI Records Confirmed - Trident Trust Records
This is the fact that transforms everything. Before ANIF existed -- before Papazian was appointed director, before Grigoryan was named Moscow office chief -- the two men already had a shared corporate vehicle: Marathon S.A., registered in the British Virgin Islands.
Both were serviced by Trident Trust, one of the world's largest offshore corporate service providers. Trident Trust has appeared in multiple international money laundering investigations, including the Panama Papers and various FATF reports.
| Entity | Jurisdiction | Service Provider | Directors/Beneficiaries |
|---|---|---|---|
| Marathon S.A. | British Virgin Islands | Trident Trust | Papazian + Grigoryan |
When Papazian then appointed Grigoryan to ANIF in July 2019, this was not a hiring decision. It was the activation of a pre-existing partnership. The offshore architecture was already in place before a single dram of public money was allocated.
The question is not whether they planned to siphon funds. The question is when -- before the fund was created, or after.
The Wife's $1.8 Million: Global Connect CJSC
Confirmed - Corporate Registry Confirmed - Breach Data
Susanna Gevorgyan -- Grigoryan's wife -- owned Global Connect CJSC, the company that received $1.8 million from ANIF's subsidiary fund. The stated purpose: purchasing "17 trucks."
Her email appears in breach databases: gevorgyan.susanna@bk.ru with password hayastan. She used Mail.ru's BK service -- a Russian email platform. Her password, "hayastan," means "Armenia" in Armenian.
| Detail | Finding |
|---|---|
| Company | Global Connect CJSC |
| Owner | Susanna Gevorgyan (wife of Sergey Grigoryan) |
| Amount received | $1.8 million |
| Stated purpose | "17 trucks" |
| Husband's role | Head of ANIF Moscow Office (controlled $6.9M) |
| Status | Under investigation |
The pattern is textbook: the husband controls the spending office, the wife's company receives the funds. The $1.8 million is separate from the $6.9 million that disappeared from the Moscow branch. Together, the Grigoryan family circle accounts for $8.7 million in public funds -- more than a third of ANIF's entire $27.3 million budget.
The Career: Following the Money Expertise
Confirmed - Corporate Records Pattern Analysis
Grigoryan's career was not random. Every position gave him deeper access to the infrastructure of international money movement.
| Period | Position | What He Learned |
|---|---|---|
| Pre-ANIF | Pioneer Investments (now Amundi, $2.2T AUM) | How global asset management works. Cross-border fund flows. Institutional-grade financial plumbing. |
| 2007-2018 | Executive VP, Association of Russian Banks | How the Russian banking system operates. Relationships with every major Russian bank. |
| 2009-2019 | Advisor to Chairman, Ardshinbank (Armenia) | Armenian banking system. How Armenia-Russia financial corridors function. |
| 2014 | Board Member, Unistream Bank | Money transfer systems. How remittances and wire transfers cross borders. |
| Pre-2019 | Director, Marathon S.A. (BVI) | Offshore company management. Already partnered with Papazian via Trident Trust. |
| Jul 2019 | ANIF Deputy Director | Access to the fund's entire operation. Appointed by Papazian. |
| Dec 2019 | Head, ANIF Moscow Office | $6.9M in spending authority. Zero oversight from Yerevan. |
| Post-2024 | Evabeta JSC + Evatech LLC | Private companies. Moved into ANIF's former Moscow office at Ostozhenka 37/7. |
Pioneer Investments taught him global fund management. The Association of Russian Banks gave him the network. Ardshinbank gave him the Armenia-Russia corridor. Unistream taught him money transfers. Marathon S.A. gave him the offshore toolkit. And ANIF gave him the money.
After ANIF: Moving Into the Empty Office
Confirmed - Corporate Registry Pattern Analysis
When ANIF collapsed and Papazian became a fugitive, Grigoryan did not disappear. He did something more revealing: he created new companies -- Evabeta JSC and Evatech LLC -- and moved them into the same physical office space at Ostozhenka 37, Building 7, Moscow, that ANIF had previously occupied.
The Evatech name connects to the evatech@orange.fr email found in breach data -- a French Orange telecom email with password ev220599. The digits suggest a date: possibly May 22, 1999. The French connection links back to Papazian, who studied at Sciences Po Paris and ESSEC Business School.
| ANIF Era (2019-2024) | Post-ANIF Era (2024+) |
|---|---|
| ANIF Moscow Office | Evabeta JSC + Evatech LLC |
| Address: Ostozhenka 37/7, Moscow | Address: Ostozhenka 37/7, Moscow |
| Head: Sergey Grigoryan | Director: Sergey Grigoryan |
| Funded by: Armenian taxpayers ($6.9M) | Funded by: Unknown |
| Status: Zero documentation | Status: Active |
The same man. The same office. The public fund is dissolved, the director is a fugitive, $6.9 million is unaccounted for -- and the person who oversaw it all simply continues operating from the same desk, under a private corporate name.
The Evatech-France-Papazian Thread
Pattern Analysis Confirmed - Breach Data
The evatech@orange.fr email is a thread that ties multiple pieces together.
| Data Point | Connection |
|---|---|
evatech@orange.fr | French email provider (Orange). "Evatech" name matches Grigoryan's post-ANIF company. |
Password: ev220599 | "ev" = Eva/Evatech prefix. "220599" = possible date May 22, 1999. |
| France connection | Papazian: Sciences Po Paris, ESSEC Business School. French-Armenian networks. |
| Evatech LLC (Moscow) | Grigoryan's post-ANIF company at former ANIF office address. |
| Evabeta JSC (Moscow) | Same "Eva" prefix. Same office. Same director. |
The pattern suggests a network that spans Moscow and Paris -- the two cities where Grigoryan and Papazian respectively operated. The "Eva" prefix appears in the French email, the Moscow post-ANIF company, and the associated JSC. Whether this represents a shared business vehicle or simply shared naming conventions, it connects the two men through infrastructure that predates and postdates ANIF.
The Full Financial Picture
Confirmed - Multiple Sources
| Channel | Amount | Method | Status |
|---|---|---|---|
| ANIF Moscow Office (Grigoryan) | $6.9M | Salaries and operations -- zero documentation | Unaccounted |
| Global Connect (Gevorgyan -- wife) | $1.8M | "17 trucks" from subsidiary fund | Under investigation |
| Marathon S.A. (BVI -- with Papazian) | Unknown | Pre-existing offshore via Trident Trust | Unexamined |
| Evabeta JSC + Evatech LLC | Unknown | Post-ANIF companies in same Moscow office | Active |
| Known total through Grigoryan circle: $8.7M+ (32% of all ANIF spending) | |||
What the Passwords Tell Us
Pattern Analysis
In intelligence analysis, passwords are biographical artifacts. People choose passwords that reflect what matters to them, what they remember easily, what defines their identity.
| Person | Password | Reading |
|---|---|---|
| Sergey Grigoryan (Pioneer) | profit | The professional identity. Money is the purpose. |
| Sergey Grigoryan (ADC.AM) | gry1964 | The personal identity. Surname + birth year. Functional, minimal. |
| Susanna Gevorgyan (wife) | hayastan | The national identity. "Armenia" -- patriotism as password, while husband drains public funds. |
| Evatech (France) | ev220599 | The operational identity. Company prefix + date. Links France to Moscow operation. |
A man whose professional password is "profit" ran an office that spent $6.9 million with zero receipts. His wife, whose password is "Armenia," received $1.8 million from Armenia's sovereign fund. The irony is not subtle.
The Network Map
Confirmed - Multiple Sources
| Node | Role | Connection to Grigoryan |
|---|---|---|
| Davit Papazian | ANIF Director (fugitive) | Co-director of Marathon S.A. (BVI). Appointed Grigoryan to ANIF. International arrest warrant. |
| Susanna Gevorgyan | Wife, Global Connect owner | Received $1.8M from ANIF subsidiary. Email: bk.ru, password: "hayastan." |
| Tigran Avinyan | ANIF Board Chairman | Supervised the fund that paid Grigoryan's office $6.9M. Now faces Article 277 charges. |
| Trident Trust | Offshore service provider | Serviced both Papazian and Grigoryan for Marathon S.A. in BVI. |
| Pioneer Investments / Amundi | Former employer | Where Grigoryan learned institutional asset management. $2.2T AUM. |
| ADC.AM | Armenian company | Grigoryan's email domain. 5 employees breached. Hetzner Germany hosting. |
The Question
Sergey Grigoryan had a career that taught him every dimension of moving money across borders. He had a pre-existing offshore company with the man who would become ANIF's director. His wife's company received $1.8 million from the fund. His Moscow office spent $6.9 million without a single receipt. And when it all collapsed, he moved his private companies into the same office and kept working.
This is not the profile of a negligent bureaucrat. This is the profile of a professional who understood exactly what he was doing -- from the moment his password was "profit" at Pioneer Investments to the moment the last dollar left ANIF's accounts.
When a man trained at the world's largest asset manager runs a public office that loses $6.9 million with zero documentation, his wife gets $1.8 million, and he already had an offshore company with the fugitive director -- that is not incompetence. That is a business plan.
Methodology
This investigation is based on publicly available breach databases, BVI corporate records, Armenian corporate registry filings, DNS and WHOIS records, property records, audit documentation, and open-source intelligence. No systems were accessed, penetrated, or tested. All credentials referenced were already publicly exposed in breach compilations at the time of analysis. OWL does not encourage unauthorized access to any system.