Embedded Files
22nd September – 25th September 2025
Sanctions
EU Proposes 19th Sanctions Package to Cripple Russia’s War Economy and Defend Ukraine
On 19th September 2025, EU High Representative Kaja Kallas unveiled the European Union’s 19th sanctions package against Russia, aimed at intensifying pressure over its ongoing war in Ukraine. The new measures target critical sectors which sustain Russia’s military and economic capabilities, with the goal of cutting off funding sources and isolating the Kremlin further.
A major component of the package is a full transaction ban on Russian banks and financial institutions, including those operating in third countries. The EU also seeks to sanction large economic operators which help Russia circumvent existing sanctions or support its military industry. This includes targeting Russia’s credit card and fast payment systems, as well as banning investments in Special Economic Zones linked to the war effort.
Energy remains a central focus, as Russia’s primary revenue stream. The EU proposes a complete ban on Russian liquefied natural gas imports by January 2027, the removal of exemptions for Rosneft and Gazprom Neft, and sanctions on 118 vessels in Russia’s shadow fleet. Additionally, the package restricts access to advanced technologies like AI and geospatial data, and critical resources sourced from countries such as China and India.
In response to human rights violations, the EU plans to sanction individuals involved in the abduction and indoctrination of Ukrainian children. Mechanisms are also being streamlined to enable faster future sanctions against perpetrators of war crimes and abuses.
Kallas emphasised that despite diplomatic efforts, Russia continues to escalate its aggression, even breaching EU borders. The EU remains committed to applying tougher sanctions and providing military support to Ukraine until Russia agrees to a just and lasting peace. This is the statement of President of the Commission, von der Leyen.
UK Drops Measures Against Russian Tycoon's Daughter
The UK government has officially removed Tatiana Evtushenkova, daughter of Russian billionaire and Sistema founder Vladimir Evtushenkov, from its Russia sanctions list. Evtushenkova was originally sanctioned in April 2023 due to her links with her father, who was deemed a person of strategic importance to the Kremlin. The Foreign Office stated that following a review, she is no longer considered to meet the criteria for designation, a decision which typically follows a legal challenge or a reassessment of an individual's circumstances and influence. The Notice is here. OFSI has also varied the designation of Yuri Olegovich Denisov. Denisov is a senior official of the Public Joint Stock Company Moscow Exchange Group and an “involved person” under the Russia (Sanctions) (EU Exit) Regulations 2019 because he has been involved in obtaining a benefit from or supporting the Government of Russia by acting as a director of an entity, namely the Moscow Exchange Group, which operates in a sector of strategic significance to the Russian government: the financial services sector.
UK Issues New Licence for News Media Services and Updates Telecommunications Licence
On 19th September 2025, the UK’s Office of Financial Sanctions Implementation (‘OFSI’) issued General Licence INT/2025/7159960, enabling individuals and entities involved in News Media Services to carry out necessary activities, including making or receiving permitted payments. On the same day, OFSI amended General Licence INT/2022/1875276 by removing News Media Services permissions, narrowing its scope to Civilian Telecommunications Services under Regulation 64 of The Russia (Sanctions) (EU Exit) Regulations 2019. This licence now has indefinite validity. Users are advised to consult the full licences for detailed terms and conditions.
HM Treasury Debt Exception
OFSI has updated section 6.21 of its UK financial sanctions general guidance to clarify that the HM Treasury debt exception also covers obligations owed by others to a UN DP regarding HM Treasury debt, applying the exception to all stages of a payment chain. The updated guidance is here.
UK Government Launches Online Service for Reporting Sanctions Breaches
On 22nd September 2025, the UK government introduced an online platform to streamline the reporting of suspected sanctions breaches, including circumvention attempts and identification of designated persons. The service, accessible to anyone, aims to uphold the integrity of UK sanctions regimes and support law enforcement efforts. Certain firms, such as financial institutions and transport operators, have specific legal obligations to report under relevant regulatory guidance. Users are encouraged to seek independent legal advice if unsure of their responsibilities.
US Sanctions Brazilian Justice’s Support Network Over Human Rights Abuses
On 22nd September 2025, the US Treasury’s Office of Foreign Assets Control sanctioned the Lex Institute and its managing partner Viviane Barci de Moraes for materially supporting Brazilian Supreme Court Justice Alexandre de Moraes, who was previously designated for human rights abuses including arbitrary detentions and censorship. The Lex Institute, which holds the de Moraes family's assets and properties, was found to facilitate his activities, including the conviction of former President Jair Bolsonaro. These sanctions were issued under Executive Order 13818, aligned with the Global Magnitsky Human Rights Accountability Act.
ShapeShift AG Fined $750,000 for Sanctions Violations Involving Cuba, Iran, Sudan, and Syria
On 22nd September 2025, the US Department of the Treasury’s Office of Foreign Assets Control (‘OFAC’) announced a $750,000 settlement with ShapeShift AG, a Swiss-incorporated digital asset exchange operating from Denver, Colorado. The penalty addresses 17,183 apparent violations of US sanctions programmes, where ShapeShift facilitated digital asset transactions involving users in Cuba, Iran, Sudan, and Syria. OFAC determined the conduct was non-egregious and not voluntarily self-disclosed, leading to civil liability under multiple sanctions regimes.
Money Laundering
FinCEN Proposes Two-Year Delay for Investment Adviser AML Rule Amid Industry Readiness Concerns
On 19th September 2025, the US Department of the Treasury’s Financial Crimes Enforcement Network (‘FinCEN’) announced a proposed rule to postpone the implementation of its Investment Adviser Anti-Money Laundering (‘AML’) regulation. Originally scheduled to take effect on 1st January 2026, the rule would now be delayed until 1st January 2028, giving firms additional time to prepare for compliance and allowing FinCEN to refine its rollout strategy.
The IA AML Rule requires Registered Investment Advisers and Exempt Reporting Advisers to establish robust AML and Countering the Financing of Terrorism programmes. These programmes must include mechanisms for detecting and reporting suspicious activity through Suspicious Activity Reports, as well as maintaining records in accordance with the Bank Secrecy Act. The rule also formally designates investment advisers as “financial institutions,” aligning them with other regulated entities under US law.
This regulatory shift stems from FinCEN’s 2024 Investment Adviser Risk Assessment, which revealed vulnerabilities in the sector. The report highlighted how illicit actors, including sanctioned individuals and corrupt officials, have exploited investment advisers to funnel dirty money into US assets such as securities and real estate. By extending AML obligations to this group, FinCEN aims to close a critical gap in the financial system’s defences.
The proposed delay follows an exemptive relief order issued in August and reflects FinCEN’s effort to balance enforcement with industry readiness.
Three Plead Guilty in €6.5M EU-Wide Tax Evasion and Money Laundering Case
As part of the European Public Prosecutor’s Office’s (‘EPPO’) “Admiral 2.0” investigation, three individuals have pleaded guilty to large-scale tax evasion and money laundering totalling nearly €6.5 million, damaging the budgets of Austria, France, Germany, Italy, and Spain. The case marks the first criminal proceedings in Latvia involving multiple EU member states as victims. Scheduled for court approval on 26th September 2025, the plea agreements include prison time, over €1 million in fines, and confiscation of luxury assets. The broader scheme, linked to consumer electronics sales and suspected of laundering proceeds from drug trafficking and cybercrime, has inflicted an estimated €297 million in tax losses across six EU countries.
Companies House Issues 2025 Rules for Register of Overseas Entities Submissions
Companies House has released the Register of Overseas Entities Rules 2025, establishing mandatory procedures for submitting documents linked to the Register. The rules define the required format, delivery method, and authentication standards for both electronic and paper submissions. Standard documents must be filed online via the Companies House Service using prescribed templates, while verification statements may be submitted by email in PDF format. Documents containing protected personal data must be delivered in hard copy using colour-coded templates sourced from the Registrar and authenticated under stringent criteria. This framework ensures that all documentation is managed securely, consistently, and in full compliance with legal obligations. The Registrar rules are here.
Fraud
HKMA Urges Smarter Defences as Digital Fraud Surges Amid Financial Innovation
In a keynote speech at the International Symposium on Digital Fraud Prevention and Detection, Raymond Chan of the Hong Kong Monetary Authority (‘HKMA’) emphasised the urgent need for a more adaptive and tech-driven approach to combating digital fraud. As Hong Kong’s financial system rapidly digitalises, with over 50% of bank accounts opened online and over 400 million FPS transactions in the first half of 2025, the risks of fraud have escalated. Despite a four per cent rise in deception cases, total losses have dropped by 21 per cent, thanks to improved fraud detection systems and early intervention by banks.
Chan outlined HKMA’s multi-pronged strategy, including mandatory dynamic monitoring systems, expanded use of the Police’s Scameter database, and stronger public-private collaboration. He also highlighted the push for artificial intelligence in anti-money laundering (‘AML’) frameworks and the legal reforms enabling banks to share personal account data to detect mule networks. With digital assets and new payment systems introducing fresh vulnerabilities, HKMA is taking a cautious, risk-based approach to regulating stablecoin issuers and enhancing transaction monitoring.
The speech underscored the importance of balancing innovation with robust safeguards to maintain trust and integrity in Hong Kong’s financial ecosystem.
Nicholas Harper Fined for Data Breach, Cleared of Fraud in FCA Case
Nicholas Harper, 26, was fined £100 and ordered to pay a £30 victim surcharge after pleading guilty to encouraging a breach of the Data Protection Act. However, following a retrial at Southwark Crown Court, he was acquitted of conspiracy to defraud and of conducting regulated financial activity without FCA authorisation. The case stemmed from a wider scam which defrauded at least 65 investors of over £1.5 million, for which two other individuals received lengthy prison sentences. A fourth suspect remains at large. The FCA has not disclosed further details about Harper’s specific data protection breach.
Market Abuse
Swedbank Faces New Market Abuse Probe Amid Ongoing Money Laundering Scandal
Swedbank, one of Sweden’s largest banks, is under investigation by the Swedish Financial Supervisory Authority for suspected market abuse linked to its broader money-laundering scandal. The probe focuses on the bank’s handling of insider information between September 2018 and February 2019, particularly around disclosures related to suspicious transactions. This follows previous fines and international investigations, including a record four billion kronor penalty in Sweden. Swedbank has pledged cooperation and is implementing corrective measures, though its shares dropped sharply following the announcement.
AI Algorithms in High-Frequency Trading Raise Concerns Over Market Manipulation
AI has dramatically reshaped high-frequency trading, boosting speed, efficiency, and profitability by analysing vast datasets and executing trades in milliseconds. But as these algorithms grow more complex, experts warn they may also contribute to market manipulation, either unintentionally or by design. The 2010 “Flash Crash” serves as a stark example of how AI-driven strategies can destabilise markets. Ethical and systemic risks are mounting, with fears that synchronised algorithmic responses could trigger volatility. Regulators now face the challenge of overseeing opaque, fast-evolving AI systems which may outpace traditional oversight mechanisms.
Other Financial Crime
DOJ Highlights Aggressive White-Collar Enforcement in Landmark Year for Fraud Prosecutions
In remarks at the Global Investigations Review Annual Meeting, Acting Assistant Attorney General Matthew R. Galeotti outlined the US Department of Justice’s intensified crackdown on white-collar crime, spotlighting record-breaking health care fraud prosecutions, corporate accountability, and cross-border financial schemes. Key actions included charging over 300 individuals in a $14.6 billion health care fraud sweep, targeting Chinese-linked securities fraud which wiped out investor savings, and resolving foreign bribery cases under revised corporate enforcement policies. Galeotti emphasised the DOJ’s commitment to protecting American taxpayers and investors through swift, fair, and data-driven enforcement across sectors like procurement, trade, and market integrity.
The Confidence Dividend: FCA’s Strategic Fight Against Financial Crime to Bolster UK Markets
In her 2025 speech at AFME’s European Compliance and Legal Conference, Therese Chambers of the FCA outlined a bold, multi-pronged strategy to tackle financial crime and restore public trust in UK financial markets. Emphasising that enforcement alone is not enough, she detailed the FCA’s efforts to accelerate investigations, support consumer tools like Firm Checker and ScamSmart, and reform financial advice through Targeted Support. Chambers also highlighted innovations such as the PISCES platform and international regulatory cooperation, positioning financial crime prevention not just as a compliance issue but as a growth imperative. The overarching message: confidence is the currency of thriving markets, and the UK must invest in it deliberately and collaboratively.
Eurojust Cracks €100m Cryptocurrency Fraud Spanning 23 Countries
Eurojust coordinated a European operation to dismantle a sophisticated cryptocurrency investment fraud which defrauded over €100 million from victims across 23 countries. Initiated by Spanish and Portuguese authorities, the action led to five arrests, including the alleged ringleader, and the freezing of assets in Spain, Portugal, Italy, Romania, and Bulgaria. The fraud, active since at least 2018, lured investors with promises of high returns via polished online platforms, only to vanish after extracting additional fees. Eurojust facilitated a joint investigation team and supported cross-border legal actions, while Europol deployed crypto experts to assist in asset seizures.
AI Fraud-Buster Recovers £500M for UK Government in Record Year
A cutting-edge AI tool has been developed which has helped UK agencies recover nearly £500 million in fraudulently claimed public funds over the past year, which is the largest annual haul ever by government anti-fraud teams. Over a third of the reclaimed money stemmed from Covid-related frauds, including fraudulent Bounce Back Loans and illegal subletting. The AI, dubbed the Fraud Risk Assessment Accelerator, cross-referenced data across departments and flagged policy vulnerabilities before exploitation. Now set to be licensed internationally, the tool’s success will be announced at a joint anti-fraud summit with the US, Canada, and Australia.
Cybercrime
ICO Urges Small Businesses to Strengthen Cyber Defences Amid Rising Threats
In response to a surge in cyber-attacks, estimated at 7.7 million incidents over the past year, the Information Commissioner’s Office (‘ICO’) in the UK has issued practical guidance to help small businesses safeguard personal data. Executive Director Ian Hulme stressed that while attacks are growing more sophisticated, many firms still overlook basic security measures. The ICO’s tips include using strong passwords and multi-factor authentication, securing devices and Wi-Fi connections, limiting data access, and disposing of old equipment safely. The advice aims to boost resilience and public trust in how businesses manage sensitive information.
Page updated
Report abuse