Episode 191

6th October – 9th October 2025

Sanctions

EU Extends Sanctions Against Russian Hybrid Threats Through October 2026

The Council of the European Union has extended individual sanctions targeting Russian actors responsible for hybrid threats, including disinformation, cyber-attacks, and sabotage, until 9th October 2026. These restrictive measures affect 47 individuals and 15 entities, imposing asset freezes, travel bans, and prohibitions on EU financial support. Originally adopted in October 2024, the framework was broadened in May 2025 to include media licence suspensions and asset targeting. The move reflects the EU’s ongoing response to Russia’s systematic interference and destabilising actions across member states and international partners, particularly since the onset of its aggression against Ukraine.

The Office of Financial Sanctions Implementation (‘OFSI’) in the UK has updated the UK financial sanctions lists. Under the Iran (Nuclear) regime, the status of Post Bank of Iran and Sina Bank was amended, and both entities remain subject to an asset freeze due to their involvement in providing financial services which could contribute to the proliferation of nuclear weapons in, or for use in, Iran. Simultaneously, OFSI published amendments to the ISIL (Da’esh) and Al-Qaida sanctions list, updating the entries for seven designated individuals, including Ibrahim Ali Abu Bakr Tantoosh and Shafi Sultan Mohammed Al-Ajmi. All regulated firms are reminded that they must check their records, freeze any funds or economic resources related to these designated entities and individuals, and report all findings to OFSI.

Fraud

Daniel Pugh Jailed for £1.3 Million Ponzi Scheme Run from Bedroom

Daniel Pugh, 35, has been sentenced to seven and a half years in prison for orchestrating a £1.3 million Ponzi scheme through the fraudulent Imperial Investment Fund. Operating from his bedroom in Devon, Pugh lured 238 investors via Facebook ads with promises of implausibly high returns, ultimately pocketing £96,000 to fund a lavish lifestyle. Despite knowing the scheme was collapsing, he continued soliciting funds. The FCA, which led the prosecution, is pursuing confiscation proceedings to compensate victims and has disqualified Pugh from serving as a company director for eight years post-release.

Bribery and Corruption

Guinea-Bissau’s Health Sector Gains Integrity Boost Through UNDP-Led Anti-Corruption Training

The TAG Project, funded by Japan and led by UNDP, has wrapped up a transformative training cycle aimed at enhancing transparency and accountability in Guinea-Bissau’s health sector. Key achievements include the creation of an internal audit unit, pioneering field audits, and the launch of the Health Integrity Network. Civil society played a pivotal role, with new organisations and voices reinforcing the fight against corruption. Digital innovations were also proposed to improve drug traceability and public communication. A follow-up initiative with Instituto Marquês de Valle Flôr (‘IMVF’) will further embed citizen oversight into governance reforms.

Other Financial Crime

Met Police Secure Landmark Convictions in £5.5 Billion Bitcoin Laundering Case

In a historic crypto crime case, the Metropolitan Police secured convictions against Zhimin Qian and Hok Seng Ling for laundering billions in Bitcoin, part of the world’s largest cryptocurrency seizure, valued at over £5.5 billion. Qian, who defrauded more than 128,000 victims in China between 2014–2017, fled to the UK and attempted to launder the proceeds through property purchases. The Met’s seven-year investigation, aided by Chinese law enforcement, uncovered encrypted devices, gold, and crypto assets, culminating in guilty pleas and a powerful message: the UK will not be a safe haven for illicit wealth. Sentencing is scheduled for November.

New UK Guidance Empowers AML Firms to Share Customer Data in Fight Against Economic Crime

The UK government has issued detailed guidance under the Economic Crime and Corporate Transparency Act 2023, enabling anti-money laundering regulated firms to share customer information more freely to prevent, detect, or investigate economic crime. Effective from January 2024, the measures disapply confidentiality and civil liability for firms sharing data directly or via third-party intermediaries, provided they meet specific “warning” or “request” conditions. The guidance outlines compliance with UK GDPR, safeguards against misuse, and encourages sector-led approaches and technological solutions like Application Programming Interfaces (‘API’s). Firms are urged to maintain audit trails and uphold customer complaint processes to ensure transparency and accountability.

Bosnia and Herzegovina Judges and Prosecutors Trained to Trace Illicit Funds in Financial Crime Crackdown

In early October 2025, the Council of Europe hosted a specialised training in Neum, Bosnia and Herzegovina, equipping judges and prosecutors with advanced skills to combat financial crime, corruption, and money laundering. The programme, part of the Council’s 2022–2025 Action Plan, focused on forensic techniques, asset recovery, and inter-agency cooperation, drawing on real case analyses to highlight investigative challenges and propose reforms. By strengthening institutional capacity and legal expertise, the initiative aims to bolster transparency, accountability, and democratic resilience across Bosnia and Herzegovina.

Cybercrime

US Cybersecurity Law Expires, Threatening Critical Information Sharing

The Cybersecurity Information Sharing Act (‘CISA’), a cornerstone of US cyber defence policy, expired on 1st October 2025 amid a government shutdown, raising concerns about a sharp decline in threat data exchange. CISA enabled collaboration between private firms and federal agencies by offering legal protections for good-faith sharing of non-private cyber threat information, with the Department of Homeland Security serving as the central hub. Despite DHS pledging to maintain the platform, legal experts warn that without CISA’s liability and antitrust safeguards, voluntary sharing could plummet by up to 80%, weakening national cyber resilience.

Europol Cybercrime Conference Urges Lawful Data Access to Counter Evolving Threats

At Europol’s 4th Annual Cybercrime Conference, leaders from law enforcement, policy, and industry warned that criminals are outpacing regulators by exploiting encryption, anonymisation, and emerging tech. Executive Director Catherine De Bolle emphasised that lawful data access is vital to protecting lives, while Commissioner Magnus Brunner called for mainstreaming security across EU policies. Under the theme “Dissecting data challenges on the digital frontlines,” the event spotlighted five urgent priorities, from balancing privacy to cyber diplomacy, and showcased operations like Eastwood and Ratatouille which disrupted major Russian-speaking cybercrime networks. The conference marked the launch of Europol’s Cyber Week, reinforcing cross-border collaboration and digital resilience.

Cyberattacks Spur Corporate Spending Surge, But Confidence in Defences Remains Low

In response to a wave of high-profile cyberattacks, including breaches at Ascom and Jaguar Land Rover, 60% of major firms are ramping up cybersecurity investment, yet only 6% feel fully confident in their defences, according to PwC’s global survey. Despite increased spending, vulnerabilities persist across supply chains, legacy systems, and cloud infrastructure, with AI-enabled threats compounding the challenge. Companies are reshaping infrastructure, policies, and vendor relationships, but PwC warns that without executive alignment and empowered CISOs, efforts may fall short. The report urges firms to embed cyber strategy into core business decisions and prioritise upskilling to stay ahead of evolving risks.