Embedded Files
13th June – 15th June 2025
Sanctions
Tribunal Affirms OFSI's NCND Approach to Protect Sanctions Licence Confidentiality
The Information Tribunal upheld HM Treasury's reliance on the "Neither Confirm Nor Deny" (‘NCND’) response to protect the confidentiality of financial sanctions licence applications processed by the Office of Financial Sanctions Implementation (‘OFSI’). In Hinkel v Information Commissioner & HM Treasury [2025] UKFTT 00611 (GRC), the Tribunal ruled that revealing whether named legal professionals or entities had applied for licences would disclose sensitive personal data and undermine the integrity of the sanctions regime. The judgment reinforces the fundamental confidentiality of sanctions licensing and rejects attempts to use the Freedom of Information Act for litigation purposes, warning that unauthorised disclosure could constitute an actionable breach of confidence.
Strengthening UK Sanctions Enforcement: The Case for Whistleblower Protections
The UK’s sanctions regime, critical in responding to Russia’s invasion of Ukraine, faces enforcement challenges due to resource constraints and sophisticated evasion tactics, according to a blog post by the Royal United Services Institute (‘RUSI’). While the EU has recently introduced criminal penalties to bolster whistleblower disclosures, the UK lags behind in fully integrating whistleblower protections into sanctions enforcement. The recent amendment to the Public Interest Disclosure Act 1998 expands protections for whistleblowers reporting sanctions violations, but limitations remain—particularly regarding individuals outside direct employment relationships. Lessons from the US, where financial incentives have led to a surge in whistleblower-driven sanctions enforcement, highlight the potential benefits of a broader UK framework. To enhance its effectiveness, the UK must rethink its approach by expanding protections and considering incentives for whistleblowers, ensuring its sanctions regime remains a credible deterrent.
EU Strengthens Sanctions on Russia Amid Calls for Ceasefire
The European Union (‘EU’) has announced its 18th package of sanctions against Russia, aiming to further pressure Moscow amid its ongoing war in Ukraine. The measures target Russia’s energy and banking sectors, reinforcing restrictions on oil exports and financial transactions.
Key sanctions include:
Energy sector: A ban on transactions related to Nord Stream pipelines, a reduction in the oil price cap from $60 to $45 per barrel, and restrictions on Russian crude oil-based refined products entering the EU.
Banking sector: An expanded transaction ban covering 22 additional Russian banks, including financial operators in third countries circumventing sanctions, and new limits on the Russian Direct Investment Fund.
Export restrictions: A ban on €2.5 billion worth of critical industrial and technological goods, including machinery, metals, and dual-use items used in weapons production.
Enforcement improvements: New listings of 22 Russian and foreign companies supporting Moscow’s military-industrial complex.
EU leaders emphasise that these measures aim to force Russia towards a real ceasefire and peace negotiations. The package follows growing concerns over Russian circumvention tactics and sustained military aggression.
EU Strengthens Sanctions Compliance: Seminars in India
The European Union (‘EU’) is hosting sanctions seminars in New Delhi (17th June 2025) and Mumbai (19th June 2025) to deepen understanding of EU sanctions, particularly those imposed on Russia due to its aggression against Ukraine. Led by experts from the European Commission, EU Member States, and the private sector, the sessions aim to enhance cooperation and mitigate sanctions circumvention. Open to Indian private operators, the seminars are supported by the Federation of Indian Chambers of Commerce and Industry and the International Science and Technology Centre. Registration is required, and the venue details will be shared with confirmed participants.
UK Treasury Amends Licence which authorises Insolvency Payments for GTLK Companies
The UK Treasury’s Office of Financial Sanctions Implementation (‘OFSI’) has amended general licence (INT/2023/3263556) permitting insolvency-related payments and activities for GTLK Europe and GTLK Capital, subsidiaries of Russia's GTLK. The licence allows financial transactions connected to insolvency proceedings while ensuring funds remain frozen where required. Strict reporting and record-keeping obligations apply, and the licence remains valid until 31st July 2030, unless revoked or amended.
Two Designations Removed
Finally from the UK this week, there have been two removals from the Consolidated List. One is from the Russia Financial Sanctions Regime, and the other is from the ISIL (Da’esh) and Al-Qaida Financial Sanctions Regime. Both individuals are no longer subject to asset freeze.
OFAC Imposes Over $215 Million Penalty on GVA Capital for Ukraine/Russia Sanctions and Reporting Violations
The Office of Foreign Assets Control (‘OFAC’) has issued a $215,988,868 penalty against GVA Capital Ltd., a venture capital firm based in San Francisco, California. This significant penalty was imposed for violating OFAC's Ukraine-/Russia-related sanctions and for failing to comply with an OFAC subpoena.
Key aspects of the enforcement action include:
Sanctions Evasion: Between April 2018 and May 2021, GVA Capital knowingly managed an investment for sanctioned Russian oligarch Suleiman Kerimov, even though they were aware of his blocked status. GVA Capital officials had met with Kerimov in France in 2016 to secure his approval for investments. After Kerimov was sanctioned in April 2018, GVA Capital continued to manage these investments through his nephew, Nariman Gadzhiev, whom they knew was Kerimov's proxy. Kerimov's interest was held through Heritage Trust, a Delaware-based vehicle that OFAC later issued a Notification of Blocked Property against, preventing the transfer of its approximately $1.3 billion in assets.
Prohibited Dealings: OFAC determined that GVA Capital engaged in prohibited dealings and services related to Kerimov's blocked property. This included a 2018 assignment agreement and multiple attempted sales and distributions of shares from 2019 to 2021, all of which would have benefited Kerimov. GVA Capital's senior management knew that the funds came from Kerimov and that he retained a property interest.They also received legal advice in May 2018 cautioning that any direct or indirect involvement of Kerimov in the sale or transfer of assets would violate sanctions, yet they continued to work through Gadzhiev.
Reporting Violations: GVA Capital also violated OFAC regulations by failing to fully and timely respond to an administrative subpoena issued by OFAC in June 2021. This prolonged failure to produce responsive records led to 28 months of non-compliance, resulting in 28 violations of the Reporting, Procedures, and Penalties Regulations.
Aggravating Factors: OFAC identified several aggravating factors, including GVA Capital's wilful violation of U.S. sanctions and their actions being contrary to U.S. foreign policy interests by facilitating a sanctioned Russian national's access to the U.S. financial system. GVA Capital's maintenance of the shares allowed Kerimov's investment to appreciate significantly, reaching as high as $436 million in April 2021, undermining U.S. sanctions and policy objectives.
No Mitigation: While GVA Capital had no prior OFAC penalty notices in the five years preceding the violations, OFAC determined that no reduction in penalty was warranted given the totality of the circumstances.
This enforcement action highlights the critical role of "gatekeepers" like investment professionals in preventing sanctions evasion and the importance for non-bank financial institutions to develop and maintain effective, risk-based sanctions compliance controls. It also underscores the risk of relying on formalistic ownership arrangements that obscure the true parties in interest and the necessity of fully complying with OFAC subpoenas.
Legal Challenges and Effectiveness of Sanctions Against Russia
A new blog post by the ICLG looks at the legal implication of sanctions against Russia. Sanctions have remained central to Western foreign policy since Russia’s 2022 invasion of Ukraine, with the US, UK, and EU implementing extensive restrictions on Russian entities, financial institutions, and trade sectors. These measures aim to weaken Moscow’s war effort but have also created significant compliance burdens and legal disputes.
Key concerns include regulatory uncertainty, difficulties in business divestment, and litigation by sanctioned individuals seeking procedural clarity. While sanctions have disrupted Russia’s economy—limiting access to global markets and weakening high-tech military production—Moscow has adapted through alternative trade routes and shadow banking systems. The debate continues over whether sanctions are achieving their intended strategic goals or creating unintended economic and legal consequences.
Money Laundering
Dutch Senate Approves Ban on Large Cash Transactions
The Netherlands has adopted a "Money Laundering Action Plan", aimed at improving anti-money laundering compliance and enforcement. The proposal originally contained multiple measures, but the final version focuses solely on banning professional or commercial traders from carrying out cash transactions of €3,000 or more within or from the Netherlands. The restriction does not apply to private individuals conducting personal transactions. The legislation shall become effective on a date specified by Royal Decree.
Bribery and Anti-Corruption
Tackling Low-Scale Corruption: North Macedonia's Judicial Reforms
In North Macedonia, the UN Office on Drugs and Crime has collaborated with the Judicial Academy to develop an anti-corruption training program targeting low-scale corruption—the everyday abuse of power by public officials for small bribes. Judge Aleksandar Kambovski, President of the Judicial Council of North Macedonia, emphasises the importance of equipping judicial actors with the skills to detect, prosecute, and adjudicate such cases. The program has led to a shift in perception, with law enforcement and the judiciary recognising that even petty corruption erodes public trust. Notable successes include the prosecution of corrupt officials, reinforcing accountability. The Judicial Academy has now institutionalised the training to ensure its continuity, aiming to prepare future generations to combat corruption effectively.
Market Abuse
ESMA’s April & May 2025 Newsletter: Strengthening EU Financial Markets
The European Securities and Markets Authority (‘ESMA’) has released its latest newsletter, covering key developments in EU financial regulation. This edition highlights ESMA’s consultation on the retail investor journey under MiFID II, the adoption of EMIR 3 to enhance clearing services, and new supervisory guidelines to prevent market abuse under MiCA. Additionally, ESMA urges social media platforms to combat unauthorised financial advertising and reports on increasing data usage across the EU. The newsletter also provides updates on ESG rating regulation, SME Growth Markets, and the Listing Act's technical advice, emphasising regulatory convergence and market efficiency.
MAS Blocks Unlicensed Trading Platforms
The Monetary Authority of Singapore (‘MAS’) has taken action against unlicensed online trading platforms targeting Singapore residents. Effective 20th June 2025, access to the websites of Octa and XM will be blocked within Singapore. The MAS, in conjunction with the Singapore Police Force, found that both platforms were offering leveraged foreign exchange trading, as well as trading in commodities, indices, and equities, to customers in Singapore without possessing the required Capital Markets Services licence. Investigations revealed that Octa and XM had marketed their services locally despite not being licenced by MAS. The platforms are reportedly operated by entities incorporated in jurisdictions such as the Union of Comoros, Mauritius, and Belize.
This enforcement action by MAS, involving the blocking of websites, is a direct intervention aimed at curbing access to unregulated financial service providers and protecting investors. However, the overseas incorporation of these platforms in jurisdictions often associated with lighter regulatory oversight highlights a persistent challenge for national regulators: effectively policing online financial services offered from abroad. While website blocking is one tool available, determined users might find alternative means of access, such as using Virtual Private Networks (VPNs). This situation underscores the critical importance of consumer education, with MAS advising the public to trade only with platforms listed in its official Financial Institutions Directory. It also emphasises the need for robust international cooperation among regulators to address the pervasive issue of unlicensed cross-border financial services, as enforcement against entities located entirely offshore can be exceedingly difficult.
The MAS's warning about the inherent risks associated with unregulated platforms—including higher risks of fraud, financial loss, and unauthorised transactions on credit or debit cards —connects directly to broader financial crime concerns. Platforms operating outside the established regulatory perimeter may lack adequate security measures, robust AML/CFT controls, and proper segregation of client funds. This lack of oversight can make them attractive targets or tools for scam operators. Furthermore, such platforms could potentially be used for laundering the proceeds of other criminal activities, or the platforms themselves could be structured as fraudulent schemes designed to defraud investors. Thus, while the primary concern of MAS in this instance is investor protection related to unlicensed trading activities, there is an implicit and significant underlying financial crime risk associated with the operation of such unregulated entities.
Other Financial Crime News
AI-Powered Payment Analytics Boost Financial Crime Detection in Retail Transactions
Project Hertha, a collaboration between the BIS Innovation Hub and the Bank of England, explored AI-driven transaction analytics to identify financial crime patterns in real-time retail payment systems. The study found that payment system analytics helped banks and payment service providers detect 12% more illicit accounts and improved the identification of novel financial crime patterns by 26%. Using a synthetic dataset of 1.8m bank accounts and 308m transactions, the project demonstrated the potential of AI in financial crime prevention while highlighting regulatory and practical challenges.
UK Insolvency Service Appoints First Crypto Specialist Amid Surge in Digital Asset Cases
The UK Insolvency Service has appointed Andrew Small, a former police investigator, as its first dedicated crypto intelligence specialist. His role aims to help trace and recover digital assets in bankruptcy and criminal cases, as crypto-related insolvencies have increased by 420% over the past five years. In 2024/25 alone, over £500,000 in cryptoassets were identified in insolvency cases, a dramatic rise from just £1,436 in 2019/20. The agency hopes Small's expertise will improve asset recovery efforts, benefiting creditors affected by insolvency proceedings.
UK Expands Serious Fraud Office Funding to Combat Economic Crime
The UK government has announced an additional £8.3 million investment in the Serious Fraud Office (‘SFO’) over the next three years to strengthen its fight against fraud, bribery, and corruption. This funding will be used to enhance the agency’s intelligence capabilities, allowing it to identify and investigate complex economic crimes more effectively. It will also support the expansion of digital tools used in case disclosure and evidence processing, improving efficiency in tackling financial crime.
Attorney General Lord Hermer KC emphasised that fraud and serious economic crime not only harm individuals but also affect the integrity of doing business in the UK. He stated that the government is committed to modernising the SFO’s operations to safeguard the economy while improving its ability to seize and recover criminal assets, including cryptocurrency.
Nicholas Ephgrave QPM, Director of the SFO, welcomed the long-term funding, highlighting that it recognises the essential role the agency plays in protecting the UK economy. The additional resources will enable the SFO to expand its investigative reach, enhance its intelligence capabilities, and strengthen asset recovery efforts. Overall, the investment reflects the government’s broader strategy to reinforce enforcement mechanisms and combat financial crime more effectively.
Bangladesh Seeks UK Support to Recover Billions Lost to Corruption
Bangladesh’s interim government, led by Nobel Laureate Muhammad Yunus, has accused the former administration of embezzling £11 billion over 15 years, prompting a renewed push for asset recovery. Following the collapse of Sheikh Hasina’s government amid student-led protests, scrutiny has intensified over the wealth allegedly siphoned abroad, including over £400 million in UK properties linked to her allies.
The UK, often criticised as a haven for illicit funds, now faces calls to take decisive action. Transparency International and other anti-corruption groups urge British authorities to freeze assets, expand investigations, and facilitate the return of stolen wealth under international anti-corruption conventions. The UK government has pledged support, with officials stressing the need for accountability and democratic restoration in Bangladesh.
As Professor Yunus meets British officials this week, advocates argue that swift intervention could signal a turning point in the fight against global kleptocracy, reaffirming the UK’s commitment to combating financial crime.
Cybercrime
Academic reflects on HMRC Cyber Attack Highlights Need for Greater Digital Resilience
A recent cyber-attack on HMRC, where criminals stole over £47 million through fraudulent tax rebates, was not just a technical failure but a result of social engineering tactics and misplaced trust, according to a Loughborough University academic. The incident, which compromised around 100,000 taxpayer self-assessment accounts through a phishing campaign, underscores the need for organisations to build digital resilience by focusing on people and processes, not just technology.
Professor Oli Buckley from Loughborough University explained that large organisations are vulnerable to social engineering techniques like phishing, especially when combined with stolen personal data and the public's trust in institutions. While HMRC has since secured the stolen funds and reset the affected accounts, the attack serves as a stark reminder of the scale at which organised cybercrime can operate. The key takeaway from the incident is the need for a collaborative approach between leaders, cybersecurity professionals, and culture specialists to foster a secure environment where employees are naturally inclined to act securely.
Europol Podcast Explores How Crime Thrives in the Digital Age
Europol’s latest podcast episode delves into the evolution of online crime, highlighting how fraud, cyberattacks, and cryptocurrency-based money laundering are growing in sophistication. Experts from Europol discuss the digital footprint of modern criminal networks and the increasing reliance on the internet as a hub for serious and organised crime. The episode features insights from Europol officials, including Burkhard Mühl (European Financial and Economic Crime Centre) and Marijn Schuurbiers (European Cybercrime Centre). The discussion sheds light on how law enforcement is adapting to combat digital crime.
Deepfake Scams Redefine AI-Powered Fraud: Legal and Security Challenges Emerge
AI-driven deepfake technology has enabled increasingly sophisticated scams, where fraudsters impersonate celebrities using synthetic images, videos, and voice clones, which is a theme explored in a recent American Bar Association blog post. A high-profile case involved a French woman being deceived into sending nearly €830,000 to scammers posing as Brad Pitt. The fraud relied on AI-generated visuals and fabricated legal documents to create a convincing illusion, exposing vulnerabilities in existing fraud and impersonation laws. The article highlights pressing legal challenges, including jurisdictional complexities, the need for updated fraud statutes, and the emotional harm inflicted by AI-enhanced deception. Lawyers and policymakers are urged to modernise regulations, enhance fraud detection mechanisms, and ensure cross-border enforcement to combat emerging AI-driven scams. The legal profession must remain vigilant as deepfake technology reshapes trust and authenticity in digital interactions.
Cybercriminals Cash in on Your Data—The Dark Market for Stolen Information Expands
Europol’s 2025 Internet Organised Crime Threat Assessment (‘IOCTA’) reveals a booming black market for stolen data, fueling fraud, ransomware, child exploitation, and extortion. The report underscores:
The rise of data and access brokers selling compromised credentials across encrypted forums.
The increasing use of AI-powered scams for highly targeted fraud.
Cybercrime-as-a-service platforms enabling even non-technical criminals to exploit stolen data.
Ongoing vulnerabilities allowing initial access brokers and ransomware groups to thrive.
Europol calls for stronger EU-wide policies, including lawful access measures for encrypted communications and improved digital literacy. The report emphasises that stolen data is more than just a target—it’s a high-value commodity driving the cybercrime economy.
Outdated Cybersecurity Risks Threaten Financial Services
Financial services organisations (‘FSO’s) face increasing cyber threats, particularly from AI-driven cybercrime, according to Consultancy firm, EY. Many FSOs still rely on aging security information and event management (‘SIEM’) systems that struggle with real-time threat detection and compliance. Regulatory pressures, including GDPR and New York Department of Financial Services (‘NYDFS’) cybersecurity rules, further strain these outdated systems. Experts highlight the need for next-generation SIEMs that integrate AI, automate compliance processes, and improve resilience. Despite the urgency, some leadership teams hesitate to invest, requiring structured business cases to demonstrate cost benefits, risk reduction, and competitive advantages.
Cyber Deterrence in the Digital Age: Rethinking US Strategy
At the 2025 Payne Distinguished Lecture, former Deputy National Security Advisor, Anne Neuberger, emphasised that cyber deterrence is failing in the face of escalating threats. She highlighted how adversaries like China and North Korea are embedding malware in critical infrastructure to weaken military responses and deter intervention in conflicts, such as a potential invasion of Taiwan. Neuberger argued that cyber attacks now shape global security, requiring a new deterrence approach beyond espionage and ransomware. She proposed three pillars of deterrence—denial (strengthening defences), punishment (clear retaliation policies), and entanglement (leveraging mutual dependencies). Key recommendations included developing AI-driven "digital twins" to predict cyber vulnerabilities, defining red lines for retaliation, and allowing regulated private-sector counterattacks against cybercriminals. She warned that cyber conflict is no longer a distant threat—it’s already here, and without urgent reforms, the U.S. risks falling behind in a domain that touches every aspect of modern life.
Guernsey to Establish Cyber Security Centre to Strengthen Defences
Guernsey is launching the Guernsey Cyber Security Centre (‘GCSC’) to combat rising cyber threats, including fraud, ransomware, and hostile activity. The centre will provide expert guidance to individuals, businesses, and public services, enhancing online security across the island. Operated by a local team in collaboration with the Jersey Cyber Security Centre (‘JCSC’), the GCSC is expected to be fully operational within the next 12 months. Authorities emphasise its role in building resilience and providing trusted cybersecurity advice as threats become more sophisticated. JCSC Director Matt Palmer expressed support, stating that joint efforts would reduce cyber risks and boost digital confidence.
Cyber Insurance: A Growing Necessity in Risk Management
A&O Shearman’s latest insurance podcast explores cyber insurance as a critical component of business risk management. Experts from Howden Insurance Brokers and Tokio Marine Kiln discuss key aspects, including policy coverage, underwriting processes, and claims handling. The conversation also addresses emerging challenges such as coverage for widespread cyber events, war exclusions, and potential AI-related losses.
Page updated
Report abuse