Episode 189

29th September – 2nd October 2025

Sanctions

US Treasury Sanctions DPRK Arms Network Tied to Burmese Military Deals

The US Treasury’s Office of Foreign Assets Control (‘OFAC’) sanctioned five individuals and one entity for facilitating illicit arms sales which fund North Korea’s weapons of mass destruction and ballistic missile programmes. The action targets overseas operatives of KOMID and the Reconnaissance General Bureau, which are two key DPRK agencies, who used front companies and covert networks to channel foreign currency back to Pyongyang. Notably, the Burmese firm Royal Shune Lei brokered deals for aerial bomb guidance kits and other weaponry for Myanmar’s military regime, which has been implicated in deadly airstrikes against civilians. The sanctions aim to disrupt these financial lifelines and signal consequences for entities aiding DPRK’s proliferation efforts. The State Department press release is here.

OFSI Updates Utility and Bank Fee Licences, Issues New Revenue Authority Licence, and Adds Clarifying FAQs

On 26th September 2025, the UK’s Office of Financial Sanctions Implementation (‘OFSI’) amended three General Licences covering payments by Designated Persons for gas, electricity, water, sewage, and bank fees, to clarify that such payments need not originate from frozen UK bank accounts. Reporting timelines were standardised to quarterly submissions, and all three licences now reference the newly added Global Irregular Migration and Trafficking in Persons Sanctions Regulations 2025. Additionally, OFSI issued a new General Licence (INT/2025/7328184) permitting Revenue Authorities to make payments into frozen UK bank accounts held by DPs. To support these changes, three new FAQs (Q165–167) were published to clarify scope and compliance expectations.

UK Imposes Asset Freeze on 71 Entries Under Iran (Nuclear) Sanctions Regulations

OFSI has announced an expansion of financial sanctions against Iran. The sanctions, under The Iran (Sanctions) (Nuclear) (EU Exit) Regulations 2019, impose asset freezes on 71 persons involved in the proliferation or development of nuclear weapons or nuclear weapon delivery systems in, or for use in, Iran. The Annex lists various banks, including Bank Melli Iran and Bank Mellat, energy sector companies, such as the National Iranian Oil Company and the Ministry of Petroleum, organisations associated with nuclear activity, like the Nuclear Fuel Production and Procurement Company, and individuals like Reza Aghazadeh, the former president of the Atomic Energy Organisation of Iran.

OFSI Issues New Licences and Guidance on Reimposed Iran Sanctions

On 29th September 2025, the Office of Financial Sanctions Implementation (‘OFSI’) issued four new General Licences and one FAQ to help UK businesses adapt to the reimposition of sanctions on Iran. One licence (INT/2025/7363752) allows for the continuation of the Shah Deniz Project, while the other three (INT/2025/7345264, INT/2025/7345664, and INT/2025/7345464) permit the winding down of transactions involving UK firms, Iranian banks worldwide, and UK-based Iranian banks. Additionally, FAQ 168 clarifies that specific licences issued prior to 2015 are no longer valid for persons who have been delisted, necessitating new applications where needed.

OFSI Fines Colorcon £152,750 for Breaching Russia Sanctions via Payments to Designated Banks

OFSI has imposed a £152,750 penalty on Colorcon Limited, a pharmaceutical supplier and UK subsidiary of Colorcon Inc., for breaching Russia-related financial sanctions. The violation stemmed from payments made by its Moscow office to accounts at sanctioned Russian financial institutions, contravening measures linked to Russia’s 2022 invasion of Ukraine. OFSI emphasised that firms remain accountable for sanctions breaches, even when third parties are involved, and emphasised the importance of robust internal compliance controls. The Notice is here.

EU Reimposes Sanctions on Iran Following Snapback Trigger Over Nuclear Non-Compliance

On 29th September 2025, the Council of the European Union reinstated sanctions against Iran after France, Germany, and the UK triggered the “snapback” mechanism under the 2015 Joint Comprehensive Plan of Action, citing Iran’s significant non-compliance with its nuclear commitments. The reimposed measures include UN-backed and EU-autonomous sanctions targeting Iran’s trade, financial, and transport sectors, and also asset freezes, travel bans, restrictions on crude oil and petrochemical exports, and bans on sensitive technology transfers. Despite the escalation, EU officials emphasised that diplomatic channels remain open. The UK, as stated, has done the same in respect of 78 entities and 43 individuals. That Notice is here.

Money Laundering

European Commission Takes Action Against 11 Member States for Delays in Anti-Money Laundering Directive Implementation

The European Commission has initiated infringement procedures against Belgium, Denmark, Germany, Estonia, Greece, Italy, Cyprus, Croatia, Poland, Slovakia, and Sweden for their failure to fully implement the Sixth Anti-Money Laundering Directive. These member states did not meet the 10th July 2025 deadline to ensure complete access to information on the beneficial ownership of legal entities, which is a critical measure to combat money laundering and the financing of terrorism. The countries in question have been given two months to comply and notify the Commission of their implemented measures. Failure to provide a satisfactory response may lead to the Commission issuing a reasoned opinion, escalating the infringement process.

FinCEN Proposes Survey to Assess AML/CFT Compliance Costs for Non-Bank Financial Institutions

The US Treasury’s Financial Crimes Enforcement Network (‘FinCEN’) is inviting public and federal agency comments on a proposed survey aimed at quantifying the direct costs of Anti-Money Laundering and Countering the Financing of Terrorism (‘AML/CFT’) compliance among non-bank financial institutions, which covers casinos, money services businesses, insurance firms, and precious metals dealers. The survey seeks to distinguish AML/CFT-specific expenses from overlapping activities like fraud monitoring. Insights will inform potential deregulatory proposals aligned with Trump Administration executive orders, and responses will not be used for enforcement. Comments are due by 1st December 2025.

Bribery and Corruption

Nathan Gill Admits Bribery Over Pro-Russian Statements as MEP

Nathan Gill, former leader of Reform UK in Wales and ex-MEP for the Brexit Party, pleaded guilty to eight counts of bribery at the Old Bailey for accepting cash in exchange for making pro-Russian statements in the European Parliament and media outlets between 2018 and 2019. Prosecutors revealed Gill was directed by Ukrainian political operative Oleg Voloshyn to promote narratives favourable to Russia regarding the Ukraine conflict. The case, described by the judge as a serious breach of democratic integrity, has prompted calls for stronger transparency and enforcement against foreign interference. Gill was granted conditional bail ahead of sentencing in November.

GRECO Calls for Stronger Access-to-Information Systems to Combat Corruption Across Europe

To mark the International Day for Universal Access to Information, the Council of Europe’s anti-corruption body, GRECO, has released a thematic paper urging member states to strengthen systems for accessing official documents. Based on its fifth-round evaluations, GRECO identified widespread shortcomings, including delays, vague legal restrictions, and weak oversight, which hinder transparency and accountability. The report highlights promising practices like appointing trained information officers and establishing independent oversight bodies, while stressing the vital role of journalists in exposing corruption. GRECO also called on states to ratify the Tromsø Convention, the first binding international treaty guaranteeing public access to official information.

Fraud

The $175 Million Illusion: How a Student Start-Up Fooled Wall Street

Charlie Javice, once hailed as a rising star in fintech, has been sentenced to over seven years in prison for defrauding JPMorgan Chase during its $175 million acquisition of her student aid start-up, Frank. By fabricating a customer list which inflated the user base from 300,000 to four million, Javice misled the bank into believing it had acquired a goldmine of student data. The fraud only became known after the deal closed, prompting JPMorgan’s CEO to call the purchase a “huge mistake.” Alongside her co-defendant, Javice now faces over $287 million in restitution and forfeiture.

Other Financial Crime

Unlocking Financial Truths: The Expanding Reach of Disclosure Orders

In a bid to sharpen the fight against financial crime, the UK Home Office has issued Circular 006/2025 to clarify and standardise the use of disclosure orders under the Proceeds of Crime Act 2002. These powerful legal tools allow investigators to compel individuals or entities to provide information, documents, or access to materials throughout the life of an investigation, which is far beyond the one-off scope of traditional production orders. The circular outlines who can apply for these orders, the legal thresholds required, and the human rights considerations courts must weigh due to their intrusive nature. With their enduring reach and strategic value in cases like money laundering and asset recovery, disclosure orders are fast becoming a cornerstone of modern financial enforcement.

Hijacked Homes: Fighting Fraud in Property Sales

The National Crime Agency and The Law Society have launched a joint campaign to combat payment diversion fraud in property transactions, which is a crime which costs victims an average of £82,000 and erodes trust in the legal system. Criminals impersonate solicitors or buyers to intercept funds during house purchases, often targeting younger adults at critical moments. Backed by the Home Office’s “Stop! Think Fraud” initiative, the campaign equips solicitors and conveyancers with practical tools to verify account details, test transfers, and prevent devastating losses. As fraudsters grow more sophisticated, this awareness drive positions legal professionals as the first line of defence in safeguarding clients and restoring confidence in property deals.

Tracing the Money: US–Indonesia Team Up to Tackle Financial Crime

In a show of international cooperation, the US Department of Justice and Indonesian National Police hosted the 16th Asset Tracing and Recovery Workshop in Makassar, training investigators and prosecutors from across Indonesia to combat financial crimes. Backed by the US State Department, the programme equips participants with innovative skills in forensic digital techniques, money laundering laws, and inter-agency coordination. With over 350 officials trained since 2023, the initiative reflects a growing commitment to dismantling transnational criminal networks by “following the money” and recovering illicit assets. As financial crime grows more sophisticated, this partnership strengthens both nations’ ability to protect public trust and economic stability.

Cybercrime

Interpol’s Pan-African Cybercrime Sweep Nets 260 Suspects in Romance Scam and Sextortion Crackdown

In an operation across 14 African nations, Interpol’s “Operation Contender 3.0” led to the arrest of 260 suspected cybercriminals and the dismantling of 81 digital infrastructures linked to romance scams and sextortion schemes. The crackdown, conducted between July and August 2025, uncovered 1,463 victims and nearly $2.8 million in estimated losses. Authorities seized over 1,200 electronic devices and forged documents, with Ghana, Côte d’Ivoire, Senegal, and Angola among the hardest-hit regions. The operation was bolstered by private sector partners Group-IB and Trend Micro, highlighting the growing need for international collaboration to combat emotionally manipulative online fraud.

Harrods Targeted in Major Data Breach Affecting 430,000 Customers

Luxury retailer Harrods has confirmed that hackers stole data linked to 430,000 customer records in a breach involving a third-party provider. The compromised information includes names, contact details, loyalty card data, and marketing preferences, but not passwords or payment details. Harrods stated it will not engage with the “threat actor” and has notified authorities while reassuring customers that the breach affects only a small portion of its clientele. The incident is part of a wider surge in cyber-attacks on UK businesses, with recent victims including M&S, Co-op, and Jaguar Land Rover.

Britain May Already Be at War with Russia, Warns Former MI5 Chief

Eliza Manningham-Buller, former head of MI5, has warned that Britain may already be engaged in a form of warfare with Russia, citing a surge in cyber-attacks and covert hostile actions allegedly orchestrated by Moscow. Her remarks follow revelations about a 2024 arson attack on a London warehouse storing supplies for Ukraine, which UK officials believe was ordered by Russian intelligence. Manningham-Buller argues that the scale and intent of these operations blur the line between peace and war, challenging traditional definitions of conflict and demanding a reassessment of national security strategy.

80% of Ransomware Victims Pay Hackers, But Many Face Repeat Demands and Data Loss

According to Hiscox’s 2025 Cyber Readiness Report, 27% of surveyed SMEs experienced ransomware attacks in the past year, and a striking 80% of those paid the ransom, yet only 60% recovered their data fully or partially. Nearly a third of paying firms were hit with additional demands, underscoring the financial and operational risks of cyber extortion. The report also reveals that 59% of SMEs faced some form of cyber-attack, with many citing AI vulnerabilities and suffering reputational damage, fines, and even staff burnout.