Embedded Files
27th June – 29th June 2025
Sanctions
UK Sanctions Reform Urged: Civil Society Pushes for Expert Panel, Transparency Tracker, and Stronger Oversight
Spotlight on Corruption and the International Lawyers Project (‘ILP’) have submitted joint evidence to the Foreign Affairs Committee’s sanctions inquiry, outlining nine key recommendations to strengthen the UK’s sanctions regime. Their proposals include establishing an independent expert panel to advise on designations, launching a public sanctions transparency tracker, and expanding the Global Anti-Corruption regime to cover a broader range of corrupt conduct.
The submission also calls for improved parliamentary oversight through cross-committee collaboration, greater coordination with law enforcement tools, and innovative measures such as restricting designated individuals from accessing UK-based professional services. Additional recommendations include requiring the government to consider sanctions suggestions from parliamentary committees and conducting a full review of the UK’s Magnitsky-style sanctions regimes by their fifth anniversary.
OFSI amends Consolidated List
On Thursday 26th June, the Office of Financial Sanctions Implementation (‘OFSI’) made 16 administrative amendments to the Russia Sanctions Regime, and one administrative amendment to the Isil (Da'esh) and Al-Qaeda Regime. The Russia Notice is here.
Whistleblowing Law Expanded to Bolster UK Sanctions Oversight
On 26th June 2025, the UK government implemented amendments to whistleblowing legislation under the Public Interest Disclosure (Prescribed Persons) (Amendment) Order 2025. The changes:
- Expand the scope of protected disclosures related to UK sanctions enforcement.
- Formally designate the Treasury as a prescribed person for whistleblowing.
- Extend the remit of the Secretaries of State for Business and Trade, and for Transport, to include sanctions-related matters.
- Enable whistleblowers to benefit from legal protection when reporting issues concerning financial, trade, and transport sanctions.
These adjustments aim to strengthen accountability and improve the effectiveness of the UK’s sanctions regime by encouraging disclosures to the appropriate authorities. The whistleblower guidance is here.
Money Laundering
MONEYVAL Progress Reports: North Macedonia Strengthens Framework, Romania Faces Ongoing Challenges
The Council of Europe’s MONEYVAL committee has released follow-up evaluations on North Macedonia and Romania, assessing their technical compliance with Financial Action Task Force (‘FATF’) standards on anti-money laundering and counter-terrorist financing.
North Macedonia shows clear progress, with enhanced legal and institutional frameworks in areas like wire transfers, internal controls, and transparency of beneficial ownership in trusts. It now meets 31 out of 40 FATF recommendations as compliant or largely compliant.
By contrast, Romania has made limited improvement in addressing key gaps, especially concerning targeted financial sanctions, virtual assets, and data collection. It remains partially compliant on 15 recommendations and fully/largely compliant on 25.
Both countries remain under enhanced follow-up, indicating continued international scrutiny of their reforms.
FATF Warns of Escalating Illicit Finance Risks in Virtual Assets Sector
The Financial Action Task Force (‘FATF’) has issued its sixth targeted update urging global action to close regulatory gaps in the virtual asset (‘VA’) sector. While many jurisdictions have made progress in implementing anti-money laundering and counter-terrorist financing measures, significant challenges remain—particularly in identifying offshore virtual asset service providers (‘VASP’s) and enforcing the "Travel Rule" to enhance transparency in cross-border transfers.
The update highlights growing threats from stablecoin misuse, including by actors linked to North Korea and global fraud networks. With $1.46 billion stolen in a single VA heist this year and only a fraction recovered, FATF stresses the need for improved asset recovery and cross-border cooperation. It also notes an estimated $51 billion in fraud-related on-chain activity in 2024, underscoring the urgency of adopting stronger supervisory frameworks.
FinCEN Cracks Down on Mexico-Based Banks in Landmark Action Under Fentanyl Sanctions Law
In a first-of-its-kind move under the Fentanyl Sanctions Act and the FEND Off Fentanyl Act, the US Treasury’s Financial Crimes Enforcement Network (‘FinCEN’) has designated three Mexico-based financial institutions—CIBanco, Intercam Banco, and Vector Casa de Bolsa—as primary money laundering concerns linked to illicit fentanyl trafficking. The orders prohibit specific US-bound transactions involving these institutions and will take effect 21 days after publication in the Federal Register.
This unprecedented enforcement leverages newly granted powers to disrupt financial channels used by synthetic opioid traffickers, particularly targeting networks tied to transnational criminal organisations. For its part, Mexico has asked for evidence from the US following the move.
Textile Trader Jailed for Laundering £1.9m in Romance Scam Proceeds
Ahmed Ali Suleman, 63, has been sentenced to four years and three months for laundering nearly £1.9 million gained through a West Africa-based romance fraud network. Suleman used his Nottinghamshire textile business, Savanna Rags, as a front to process victim payments, fabricating invoices to mask transactions. The scam exploited 77 vulnerable individuals—mostly older, widowed, or divorced—manipulated into sending large sums under false pretences.
The Crown Prosecution Service, working with the National Crime Agency, built its case using chat logs, financial records, and victim testimonies. Confiscation proceedings are under way. The UK government vowed stronger action through its forthcoming Fraud Strategy.
Bribery and Corruption
TD Bank Employee Admits Taking Bribes to Open 140 Fraudulent Accounts
Jhonnatan Steven Rodriguez, a former TD Bank employee based in Florida, has pleaded guilty to accepting bribes for opening over 100 fraudulent bank accounts, some of which were later used in scams. Operating under the alias “Jorge,” Rodriguez charged $200–$250 per account and often forged customer signatures to bypass verification. The scheme, which began in late 2022, led to charges of bribery and falsifying bank records—each carrying up to 30 years in prison and heavy fines. Sentencing is set for November 2025. Multiple federal agencies contributed to the investigation, including the IRS, DEA, and FDIC.
SFO Joins Global Anti-Corruption Alliance to Tackle Cross-Border Bribery
The UK’s Serious Fraud Office (‘SFO’) has joined the International Anti-Corruption Coordination Centre (‘IACCC’), strengthening its global reach in tackling corruption involving politically exposed persons. The move follows the SFO’s recent creation of a tri-national taskforce with France and Switzerland, aimed at confronting international bribery and grand corruption.
By joining the IACCC—housed within the National Crime Agency—the SFO gains access to a network of specialist law enforcement agencies worldwide, boosting its intelligence-sharing and investigative capabilities. The IACCC has already helped identify over £1.8 billion in suspected stolen assets since its inception in 2017.
SFO Director Nick Ephgrave hailed the partnership as a vital step in confronting global illicit finance, while the NCA welcomed the move as a boost to international cooperation in high-profile investigations.
The IACCC is a global intelligence hub which brings together specialist law enforcement agencies to tackle grand corruption—particularly cases involving politically exposed persons (‘PEP’s) and cross-border bribery.
Other Financial Crime News
Volume One, Post Office Horizon IT Inquiry to be published
This is an interesting story. In episode 142, I speculated whether we were due to get some outcome from the Horizon IT Inquiry with the publication of the report in June or July. I based this on some reflections by the Solicitors’ Regulation Authority (‘SRA’) which announced in January that it was hopeful it ‘can launch prosecution action in some cases in the summer of this year.’ Well, it has been announced that Volume One of the Final Report will be published on Tuesday, 8th July 2025. The report will be made available to the public at 12:00 (midday) on the Inquiry’s official website. Shortly after the publication, at around 12:30pm, Inquiry Chair Sir Wyn Williams will deliver a live statement, which will be streamed on the Inquiry’s YouTube channel.
This initial volume focuses specifically on two major aspects of the Horizon scandal: the human impact on those affected and the processes surrounding compensation and redress. It aims to document the lived experiences of individuals involved and assess how effectively justice and reparations have been pursued to date.
In line with Rule 17 of the Inquiry Rules 2006, Core Participants in the Inquiry will be granted access to the report prior to its public release. Additional arrangements for these participants will be communicated in due course. The findings from this volume will be followed by future instalments covering subsequent phases of the Inquiry, culminating in a comprehensive final report which includes full recommendations.
Cyber Crime
BT: Nearly Half of UK Small Businesses Hit by Cyber Attacks in Past Year
A new BT study reveals that 42% of small businesses and 67% of medium-sized enterprises in the UK faced cyber attacks in the past 12 months. Despite these high figures, 39% of SMEs have yet to implement cybersecurity training. Common threats include phishing (targeting 85% of firms), ransomware (now impacting 1 in 100 businesses), and a surge in QR code scams (up 1,400% in five years).
In response, BT has launched targeted training for SMEs, covering AI and quantum threats, account takeovers, and practical defences. Citing a government survey, BT warns the average breach costs small firms nearly £8,000—underscoring cybersecurity as a business necessity, not a luxury.
16 Billion Credentials Exposed in Largest-Ever Cyber Breach, Affecting Major Platforms
Researchers have uncovered a data breach exposing over 16 billion login credentials from platforms including Facebook, Gmail, Apple, and even government websites—making it the largest known credential leak to date. The stolen data was sourced using infostealer malware and spans previously unreported datasets containing usernames and passwords for messaging apps, developer tools, and VPNs.
Unlike older leaks, most of the stolen data is newly harvested and not yet circulated, increasing the risk of account takeovers and identity theft. Experts advise users to change passwords immediately, enable multi-factor authentication, and check for compromises using tools like HaveIBeenPwned.com.. The breach underscores the accelerating scale and sophistication of cyber threats.
Ransomware Shifts Tactics: Encryption Declines as Extortion-Only Attacks Rise
Ransomware attacks are evolving, with only 50% now involving data encryption—down sharply from 70% last year, according to a new Sophos report. Instead, extortion-only attacks, where attackers steal but don’t encrypt data, have doubled to 6%, disproportionately affecting smaller organisations.
While ransom demands and payments have fallen (by 34% and 50% respectively), threat actors continue to exploit vulnerabilities, although use of stolen credentials is declining. Sophos also notes rising emotional tolls: 41% of cybersecurity staff reported increased anxiety post-incident. The findings underscore how ransomware remains a moving target—technically and psychologically—for businesses.
US on Alert for Iranian Cyber Retaliation After Military Strikes
Following recent US airstrikes on Iranian nuclear sites, the Department of Homeland Security has warned of an elevated risk of cyber-attacks from Iranian state-backed hackers and pro-Iranian hacktivist groups. Issued via a National Terrorism Advisory Bulletin, the alert highlights likely low-level attacks on poorly secured networks, along with heightened risks for critical infrastructure and individuals linked to US-Iran policy.
Iran has previously targeted telecoms, critical infrastructure, and political figures, often combining espionage with disruptive tactics. Experts urge vigilance and caution against amplifying psychological impact, as Iran tends to exaggerate the outcomes of its cyber operations.
Individuals and organisations are advised to strengthen defences and watch for social engineering targeting personal and organisational accounts.
Page updated
Report abuse