Embedded Files
5th May – 11th May 2025
Sanctions
EU prepares 17th sanctions package
The European Union is preparing its 17th sanctions package against Russia, aligning its efforts with the United States. French Foreign Minister Jean-Noël Barrot confirmed that the EU’s measures will be coordinated in both substance and timing with US initiatives, following discussions with US officials. This move comes as US President Donald Trump advocates for ceasefire talks between Kyiv and Moscow, though Russia continues its aerial bombardment of Ukrainian civilian infrastructure.
US Senator Lindsey Graham has gained bipartisan congressional support for additional sanctions and tariffs targeting nations which purchase Russian energy. Meanwhile, Ukraine has agreed to an unconditional ceasefire and signed an agreement with the US on critical minerals, with France potentially pursuing a similar deal. Ukraine views these agreements as crucial steps toward securing American security guarantees amid ongoing Russian aggression.
Barrot stressed that Vladimir Putin remains the sole obstacle to peace, highlighting the lack of Russian engagement with ceasefire proposals. He also underscored Europe's strategic autonomy and its growing role within NATO, echoing French President Emmanuel Macron's calls for European defence independence.
OFAC sanctions cyber scam operators
The US Department of the Treasury’s Office of Foreign Assets Control (‘OFAC’) has sanctioned the Karen National Army (‘KNA’), a militia group in Burma, along with its leader Saw Chit Thu and his two sons. The KNA has been designated a transnational criminal organisation due to its involvement in cyber scams targeting American citizens, human trafficking, and cross-border smuggling. The militia operates in Burma’s Karen State and has leveraged its ties to Burma’s military to facilitate large-scale financial fraud, primarily through cryptocurrency investment scams.
These scams are sophisticated, often exploiting victims' emotional vulnerabilities, leading to financial losses of billions of dollars. The KNA profits by leasing land to criminal syndicates and providing security at scam operations. Survivors from scam compounds have reported that KNA forces were directly involved in guarding the facilities. Saw Chit Thu, already sanctioned by the UK and EU, has been instrumental in these operations, with his sons actively engaged in key financial and military roles.
As a result of these sanctions, all property and financial interests tied to the KNA and the designated individuals in the US are blocked, and transactions with them are prohibited. The Treasury aims to disrupt these networks and prevent further harm to victims.
OFAC ups ante for firms importing Iranian oil
The US Treasury’s Office of Foreign Assets Control (OFAC) has intensified sanctions on firms involved in importing Iranian oil, targeting a key teapot refinery—Hebei Xinhai Chemical Group Co., Ltd.—and three port terminal operators in Shandong Province. The sanctions extend to multiple shipping companies, vessels, and captains operating within Iran’s "shadow fleet," which facilitates covert oil shipments.
This latest action, carried out under Executive Orders 13902 and 13846, aims to cut Iran's ability to generate revenue from oil exports, which the US government alleges contribute to destabilising activities. Several Chinese entities have been sanctioned, including oil traders and logistics firms associated with Iranian petroleum imports.
Iran's shadow fleet employs complex tactics such as ship-to-ship transfers to evade detection, with vessels flagged under Panama, São Tomé and Príncipe, and San Marino playing a key role in facilitating illicit oil shipments to China and the Persian Gulf. The sanctions also target individuals directly involved in these operations, including ship captains who have overseen oil transfers for years.
As a result, all assets belonging to the designated entities within US jurisdiction are blocked, and financial institutions or individuals engaging with them may face penalties. The Treasury emphasises that these sanctions are intended not to punish but to incentivise behavioural change in compliance with international regulations.
Human Rights First sues US administration
Human Rights First has filed an action against the Trump administration, challenging US sanctions placed on International Criminal Court (ICC) Prosecutor Karim Khan. These sanctions put American ICC prosecutor Eric Iverson, a US Army veteran, at risk of legal penalties for continuing his work on war crimes cases, including investigations into atrocities in Darfur.
The lawsuit argues that the sanctions violate Iverson’s First Amendment rights and undermine international justice efforts. Human Rights First is seeking a temporary restraining order and preliminary injunction to prevent the US government from penalising Iverson. The organisation warns that these sanctions obstruct ICC operations and set a troubling precedent for global accountability efforts.
UK amends export controls
The UK government has amended certain export controls regulations. The Export Control (Amendment) Regulations 2025 modify the Export Control Order 2008 and the assimilated Dual-Use Regulation. These amendments focus on:
- Fines: Increasing the maximum fine for certain offences from £1,000 to £2,500.
- Military Goods: Updating the control list for conventional weapons as part of the Wassenaar Arrangement.
- Dual-Use Items: Revising export control parameters for various dual-use goods, software, and technology.
- Technical Adjustments: Refining administrative control entries based on international agreements.
The new regulations will take effect on 20th May 2025, and they aim to align UK export controls with international standards.
OFSI imposes monetary penalty
The Office of Financial Sanctions Implementation (‘OFSI’) has imposed a £5,000 monetary penalty on Svarog Shipping & Trading Company Limited for failing to respond to an official request for information within the required timeframe. This breach falls under regulation 74(1)(a) of The Russia (Sanctions) (EU Exit) Regulations 2019.
Svarog, a UK-registered fuel transportation company operating in Cyprus, did not provide a timely response to OFSI’s enquiry related to transactions with a subsidiary of Sovcomflot. Despite reminders, Svarog only addressed the request after auditors were involved and did not provide a reasonable excuse for the delay.
OFSI deemed the case “serious” and highlighted that such failures impede enforcement efforts and waste resources, reinforcing the importance of timely responses. The penalty aims to encourage compliance and prevent delays in future sanctions investigations.
New Special Tribunal and action against Russia’s shadow fleet
The UK and its international partners have reaffirmed their support for the establishment of a Special Tribunal for the Crime of Aggression against Ukraine, marking a significant step toward holding Russia accountable for its invasion. Foreign Secretary David Lammy visited Lviv alongside European ministers to discuss securing a lasting peace in Ukraine.
During the visit, the UK announced sanctions on 100 ships in Russia’s shadow fleet, which has been used to transport oil in violation of international restrictions. These sanctions aim to cripple Russia’s ability to fund its war efforts. The UK government emphasised that securing peace in Ukraine is vital for global security and stability.
Additionally, the UK pledged £25 million in new funding to support Ukrainian organisations assisting civilians affected by the conflict. This includes £10 million for HAVEN to evacuate civilians from frontline areas, £5 million for Mercy Corps to provide emergency relief, and £9.4 million for the Ukrainian Red Cross to strengthen humanitarian response efforts.
The UK also continues to support Ukraine’s grain exports, with £3 million allocated to the World Food Programme to distribute Ukrainian produce to vulnerable populations, including in Syria. This contrasts with Russia’s repeated attacks on Ukrainian port infrastructure.
The Special Tribunal meeting in Lviv marks a milestone in international legal efforts, following two years of negotiations among at least 37 states. The next phase will involve finalising the legal framework within the Council of Europe. Once operational, the Tribunal will complement the International Criminal Court’s investigations and Ukraine’s domestic efforts to prosecute war crimes.
Money Laundering
International anti-money laundering action
An international operation involving France, Ukraine, and Monaco has uncovered a large-scale money laundering scheme linked to illicit arms sales and the illegal transfer of defence company shares. Authorities arrested a Ukrainian entrepreneur suspected of laundering hundreds of millions of euros through real estate purchases in France and Monaco. His father, a prominent defence company owner, is already on trial in Ukraine for crimes against national security and is now suspected of money laundering as well.
Investigators froze €57 million in illicit profits in France, intending to return the funds to Ukraine. The operation was facilitated by a joint investigation team (JIT) coordinated through Eurojust, enabling judicial cooperation among the involved nations. The suspect was arrested in Monaco on 28 April, where authorities discovered valuable documents for the investigation. The probe continues, with officials questioning the suspect and assessing further financial trails.
Philippines notes its FATF exit
The Philippines has marked its successful exit from the Financial Action Task Force (‘FATF’) grey list, marking it as a significant victory against money laundering and terrorism financing. President Ferdinand R. Marcos Jr. announced that this achievement will lead to simpler, more affordable financial transactions for Filipinos, including lower remittance costs for Overseas Filipino Workers and fewer barriers for businesses seeking international financing.
The FATF initially placed the Philippines on its grey list in June 2021 due to concerns over casino-related money laundering and weak terrorism financing prosecutions. To address these issues, the government implemented reforms under the International Cooperation Review Group Action Plan, culminating in the country’s removal from the list on 21st February 2025.
JFSC consults on beneficial ownership data
The Jersey Financial Services Commission (‘JFSC’) has launched a consultation aimed at expanding the collection of beneficial ownership data from legal entities. This initiative seeks to enhance Jersey's transparency measures in line with international Financial Action Task Force (‘FATF’) standards while balancing financial crime prevention with privacy considerations.
Under the proposed framework, the extent of a beneficial ownership interest will be categorised into four tiers: holdings below 25%, between 25% and 50%, between 50% and 75%, and above 75%. Additionally, beneficial ownership will be classified into six distinct categories, including shareholding, voting rights, control through positions held, and indirect control.
The amendments to the Financial Services (Disclosure and Provision of Information) (Jersey) Law are scheduled to take effect on 1st January 2026. Newly established entities must comply immediately, whereas existing entities will be required to report the necessary data in their annual confirmation statements by February 2026.
Regarding accessibility, Jersey and other Crown Dependencies will restrict access to beneficial ownership data to individuals or entities demonstrating a "legitimate interest," though the criteria for this have yet to be defined. The consultation remains open for stakeholder feedback until 30th May 2025.
These changes are designed to align Jersey's regulatory framework with evolving global transparency expectations while preserving its reputation as an international finance centre.
Bribery and Anti-Corruption
ITIA suspends three tennis players
The International Tennis Integrity Agency (ITIA) has suspended three tennis players for breaching the Tennis Anti-Corruption Program (TACP):
- Alexandra Iordache (Romania): Admitted to match-fixing in exchange for payment, approaching another player with a corrupt proposal, and attempting to destroy evidence. She has been suspended for two years and fined $15,000 ($5,000 suspended). Her ineligibility runs from 11 March 2025 to 10 March 2027.
- Anapat Timangkul (Thailand): Admitted to fixing five matches between September 2023 and February 2024. He has received a three-year, nine-month suspension and a $30,000 fine ($21,000 suspended). His ban is backdated to 8 October 2024 and will end on 7 July 2028.
- Wang Chukang (China): Denied allegations of soliciting another player to fix a match in May 2022, but was found guilty after a hearing. He has been suspended for eight months and fined $1,500, with his ban effective from 26 March 2025 to 25 November 2025.
During their suspensions, all three players are prohibited from participating in, coaching at, or attending any sanctioned tennis events. The ITIA reinforces its commitment to safeguarding the integrity of professional tennis.
CPS announced outcome of bribery prosecution
Former senior staff members at E.ON and British Gas have been jailed for accepting over £2 million in bribes in exchange for commercial contracts. Mark Baker and Matthew Heyward, who held key roles at both companies, took bribes from subcontractors between 2011 and 2015, including cash payments, luxury vehicles, false references, and hotel stays.
The bribery scheme involved RK Civil Engineering Ltd and Priddy Engineering Services Ltd, with Baker and Heyward funnelling payments through business accounts and issuing fake invoices to conceal the transactions. Baker also arranged for his wife, Angela Baker, to be employed at E.ON in a fraudulent role, earning £109,000 over 21 months without performing any work.
Sentences handed down at Winchester Crown Court on 1st May 2025, include:
- Mark Baker – 3 years, 10 months in jail
- Matthew Heyward – 2 years, 6 months in jail
- Timothy Paterson – 4 years in jail
- Richard King – 2 years, 5 months in jail
- Angela Baker – 13-month suspended sentence
- Andrew Blunsdon – 12-month suspended sentence
The Crown Prosecution Service (‘CPS’) emphasised the seriousness of the corruption, stating that Baker and Heyward abused their positions of trust for personal gain. The CPS also intends to pursue financial recovery through the Proceeds of Crime Division.
OECD publishes Anti-Corruption Review of Ukraine
The Organisation for Economic Cooperation and Development (‘OECD’) has published its Integrity and Anti-Corruption Review of Ukraine. The Review acknowledges Ukraine’s progress, particularly in public integrity regulations, political financing oversight, and corruption risk management. However, further improvements are needed, including better implementation of compliance programs, enhanced whistleblower protections, and improved tracking of audit recommendations. Strengthening policy-making transparency through lobbying laws and reinforcing business integrity measures will help sustain confidence in Ukraine’s economic recovery.
Fraud
UK-Nigeria Fraud Combat Agreement
The United Kingdom and Nigeria have entered into a formal partnership aimed at combating fraud, which has increasingly affected UK citizens, sometimes originating in Nigeria. UK Minister for Fraud, Lord Hanson, met with Nigerian officials, including Attorney General Lateef Fagbemi and National Security Adviser Nuhu Ribadu, to sign a Memorandum of Understanding and establish a Joint Action Plan.
A significant aspect of this agreement is intelligence sharing and operational coordination, which could involve joint law enforcement efforts between the UK's National Crime Agency (NCA) and Nigeria’s Office of the National Security Adviser. The plan also focuses on fraud detection and prevention, aiming to intervene earlier and disrupt cross-border criminal networks before they cause harm. Additionally, the agreement includes capacity-building initiatives, such as targeted training for Nigerian prosecutors by the UK’s Serious Fraud Office, to enhance legal enforcement capabilities.
Public awareness campaigns will be launched to educate individuals about fraud risks and preventative measures. Furthermore, the partnership emphasises regulatory collaboration to strengthen financial and cybersecurity protections. Fraud is the most common crime in the UK, with over 4.1 million incidents recorded in 2024, accounting for nearly 43% of all reported crimes. Victims not only face financial losses but also emotional distress, as scams have become increasingly sophisticated, utilising artificial intelligence and other technologies.
This partnership builds on the UK-Nigeria Fraud Dialogue, which was initiated in November 2024. The agreement underscores both nations’ commitment to tackling financial crimes through intelligence sharing and joint performance monitoring. By fostering stronger cooperation, the UK and Nigeria aim to enhance fraud prevention measures and ensure better protection for victims.
Other Financial Crime News
FCA consults on cryptoasset regulation
The Financial Conduct Authority (‘FCA’) in the UK is seeking feedback on the future regulation of cryptoasset trading platforms as part of its broader roadmap for crypto regulation. The discussion paper focuses on key areas such as intermediaries, staking, lending and borrowing, and decentralised finance, with additional consideration for restrictions on credit purchases of crypto.
David Geale, FCA’s executive director for payments and digital finance, emphasised the goal of establishing a regulatory framework which ensures market integrity, consumer protection, and sustainable growth. The consultation aligns with draft legislation from the UK Treasury that aims to bring specific crypto activities under FCA oversight.
The discussion paper reflects industry insights gathered through FCA-led roundtables, forming part of the FCA’s 2025-2030 strategy, which prioritises smarter regulation, economic growth, consumer financial literacy, and combating financial crime. The deadline for feedback is 13 June 2025, with a formal consultation on the final regulatory framework expected later this year. The Discussion Paper is available here.
Europol podcast on the changing DNA of crime
As recently seen from Europol’s EU Serious and Organised Crime Threat Assessment (EU-SOCTA) 2025, serious and organised crime is changing. It is evolving beyond traditional street-level operations into cyberspace, artificial intelligence labs, dark-web markets, and geopolitical conflicts. To follow-up, Europol has published a podcast which features insights from Europol Executive Director Catherine De Bolle, European Commissioner Magnus Brunner, and Deputy Executive Director Jean-Philippe Lecouffe, who discuss how the EU is responding to these emerging threats both strategically and operationally.
Credit Suisse Services AG pleads guilty to tax evasion conspiracy
In the US, Credit Suisse Services AG pleaded guilty to conspiring with US taxpayers to conceal more than $4 billion in offshore accounts, violating US tax laws. The Swiss corporation had previously entered into a plea agreement in 2014 but breached its commitments by continuing to facilitate tax evasion. The guilty plea follows a lengthy investigation into financial fraud and misconduct.
The bank also signed a non-prosecution agreement regarding undeclared US taxpayer accounts in Credit Suisse AG Singapore, committing to cooperation with ongoing investigations. Between 2014 and June 2023, Credit Suisse Singapore held undeclared accounts worth over $2 billion for US clients, failing to identify beneficial owners properly. UBS, which merged with Credit Suisse, later discovered these accounts, froze some, and voluntarily disclosed their existence to authorities.
Under the resolution, Credit Suisse Services AG—now under UBS—must fully cooperate with investigators and disclose any additional findings related to US taxpayer accounts. The financial penalties total approximately $510 million in fines, restitution, and forfeiture.
Cybercrime
UK government responds to recent retail cyber-attacks
The British government has warned all UK companies that cyber security must be an "absolute priority" following recent cyberattacks on major retailers Marks & Spencer, the Co-op Group, and Harrods. Cabinet Office Minister Pat McFadden led a briefing with national security officials and the National Cyber Security Centre (‘NCSC’) to discuss support for affected businesses.
McFadden used his speech at the CyberUK conference in Manchester to emphasise that these attacks serve as a "wake-up call" for businesses. He highlighted efforts to strengthen national cyber defences, including the introduction of the Cyber Security Bill.
Marks & Spencer, one of the UK's most recognised retailers, halted online clothing and home orders on 25th April due to disruptions in its payment and collection services. Reports suggest the attack was carried out by the "Scattered Spider" hacking group, which encrypted M&S's servers in a ransomware attack.
The Chair of the Joint Committee on the National Security Strategy (‘JCNSS’) has responded to these attacks. Committee Chair Matt Western MP emphasised the broader risks posed by ransomware, warning that such attacks could disrupt the UK’s food supply chain and harm local communities. He urged the government to take the threat seriously as it finalises its ransomware countermeasures. The JCNSS plans to scrutinise the government's response closely, ensuring that cybersecurity remains a priority in protecting critical sectors of the economy.
As a follow-up, the NCSC published a blog post concerning the incidents. The post highlights the growing threat of cybercrime, particularly ransomware and extortion, which affects organisations of all sizes indiscriminately. The post discusses how cybercriminals are evolving their tactics, increasingly relying on "ransomware as a service" to launch sophisticated attacks with minimal technical expertise. These incidents can be highly disruptive, leading to prolonged recovery periods and significant financial costs for businesses and individuals alike.
Recent cyberattacks have specifically targeted the retail sector, prompting the NCSC to collaborate with affected organisations to mitigate damage and investigate the nature of these incidents. While authorities are working to determine whether these attacks are part of a coordinated effort, speculation suggests that the group known as "Scattered Spider" may be involved, using social engineering techniques to manipulate IT helpdesks into resetting passwords and multi-factor authentication protections. The blog post emphasises that although many details remain uncertain, organisations can take proactive steps to enhance their resilience and minimise risk.
The NCSC advises businesses to strengthen their cybersecurity practices by implementing multi-factor authentication, monitoring accounts for suspicious activity, and reviewing IT helpdesk procedures for password resets. Security teams should also improve detection mechanisms to identify atypical logins and rapidly process threat intelligence to respond to emerging risks. Ultimately, the NCSC underscores the urgency of preparedness, as cyber threats continue to rise and impact businesses across various sectors.
In relation to updates on those retail cyber-attacks, more is now known about how the cyber criminals gained access. Hackers from the Scattered Spider network targeted Marks & Spencer (M&S) and Co-op using social engineering tactics to trick IT help desk workers into granting them access to company systems. The attack on Co-op allowed cybercriminals to reset an employee’s password and breach the network, while a similar method was used against M&S.
Europol disrupts DDoS-for-hire organisation
Authorities in Poland have arrested four individuals accused of operating six separate DDoS-for-hire platforms which facilitated thousands of cyberattacks worldwide. These services, including Cfxapi, Cfxsecurity, and jetstress, allowed users to pay as little as EUR 10 to disrupt websites and servers effortlessly.
The crackdown was part of Operation PowerOFF, an international law enforcement initiative involving Europol and agencies from Germany, the Netherlands, Poland, and the United States. The US seized nine domains linked to these services, while Dutch authorities deployed fake booter sites to deter potential users.
Stresser and booter services, often disguised as legitimate security tools, industrialise cyberattacks by enabling customers to flood websites with malicious traffic, rendering them inaccessible. This coordinated effort aims to dismantle the infrastructure enabling commercialised DDoS attacks.
Page updated
Report abuse