Episode 202

14th November – 16th November 2025

Sanctions

US Treasury Sanctions Burmese Armed Group and Criminal Network Behind Cyber Scams Targeting Americans

On 12th November 2025, the US Treasury sanctioned the Democratic Karen Benevolent Army, its senior leaders, and affiliated companies for operating cyber scam centres in Burma which defraud Americans through fraudulent investment schemes. These operations, often linked to Chinese organised crime, rely on trafficked workers and generate illicit revenue which fuels Burma’s civil conflict. The sanctions, coordinated with multiple federal agencies, are part of a broader crackdown which includes the newly formed Scam Centre Strike Force, targeting transnational scam networks across Southeast Asia through enforcement, infrastructure protection, and victim support.

US Treasury Sanctions Global Network Supporting Iran’s Missile and UAV Programs

On 12th November 2025, the US Treasury’s Office of Foreign Assets Control (‘OFAC’) sanctioned 32 individuals and entities across Iran, the UAE, Türkiye, China, Hong Kong, India, Germany, and Ukraine for operating transnational procurement networks which support Iran’s ballistic missile and UAV development. These networks facilitated the acquisition of missile propellant ingredients and UAV components for sanctioned Iranian defence organisations, including the IRGC and its affiliates. The action, taken under Executive Orders 13382 and 13224, aims to disrupt Iran’s access to critical materials and financial systems, enforce UN snapback sanctions, and counter threats to regional stability and global shipping.

OFSI Issues General Licence for Lukoil Bulgaria Business Operations

On 14th November 2025, the Office of Financial Sanctions Implementation (‘OFSI’) issued General Licence INT/2025/7895596 under regulation 64 of the Russia (Sanctions) (EU Exit) Regulations 2019, which allows for the continuation of business operations with the Lukoil Bulgaria Entities. Any persons intending to use this General Licence should consult the full copy of the licence for complete details regarding its definition, permissions, and usage requirements. To support this update, FAQ 173 has also been added to address whether business operations with Lukoil Bulgaria EOOD and Lukoil Neftochim Burgas AD can continue as normal with regard to UK financial sanctions.

UK Export Licensing Decisions Fall Amid Transition to New Digital System

Between April and June 2025, the UK’s Export Control Joint Unit made 2,716 licensing decisions for standard individual export licences, a 5 per cent drop from the previous quarter, with 96 per cent approved and 4 per cent refused. The decline reflects the ongoing transition from the legacy SPIRE system to the new LITE platform, which has temporarily slowed processing as officials support exporters and embed new procedures. Licence values also fell sharply to £2.7 billion from £4.8 billion in Q1, while refusals remained above historic averages, largely linked to military end-use controls and China-related applications.

UK Amber Alert Exposes Global Shadow Fleet Networks Driving Sanctions Evasion

The UK’s National Crime Agency (‘NCA’), in partnership with OFSI and the FCDO, has issued an Amber Alert highlighting how state-backed networks and shadow fleets enable sanctioned regimes such as Russia, Iran, and North Korea to evade restrictions and sustain revenue streams. These operations exploit opaque corporate structures, deceptive maritime practices, and complex financial systems, using tactics like vessel reflagging, AIS manipulation, ship-to-ship transfers, and shell companies to disguise the movement of oil and gas. The alert outlines typologies and red flags including rapid commercial expansion, dubious corporate identities, and falsified documentation, urging financial and maritime institutions to strengthen detection and reporting to disrupt these illicit networks.

Fraud

US Launches Strike Force to Combat Southeast Asian Crypto Scams Targeting Americans

The US Department of Justice has unveiled the Scam Centre Strike Force, a multi-agency initiative aimed at dismantling Southeast Asian cryptocurrency investment scams orchestrated by Chinese transnational criminal organisations. These scams, often referred to as “pig butchering,” exploit US infrastructure and social media to defraud Americans of nearly $10 billion annually. The Strike Force is actively pursuing foreign perpetrators, seizing assets, and partnering with private companies to disable domestic platforms used in these schemes. Early operations have already recovered over $400 million in stolen crypto and led to prosecutions across Southeast Asia.

Sydney ‘Fortune Teller’ Duo Charged in $46m Fraud Syndicate

Australian police have arrested a mother-and-daughter pair in Sydney accused of running a highly sophisticated fraud and money laundering scheme which scammed nearly A$70m ($46m) from vulnerable members of the Vietnamese community. The mother, who posed as a fortune teller and feng shui master, allegedly convinced victims to take out loans by promising a “billionaire” benefactor in their future, while police seized luxury goods, gold, and casino chips during the raid. She now faces 39 charges including directing a criminal group, while her daughter faces seven offences. The arrests form part of Strike Force Myddleton’s wider probe into the so-called Penthouse Syndicate, which is believed to have defrauded Australian banks of up to A$250m through large-scale loan fraud and corrupt facilitation.

London Startup Falkin Secures $2M to Combat 'Escalating' AI Financial Crime Threat

The UK government and its key financial and security agencies have recently issued urgent warnings regarding the escalating threat of artificial intelligence in financial crime. Senior officials, including the Minister for Fraud, have stated that AI is set to "dominate" the fraud landscape, enabling criminals to create scams of unprecedented sophistication and scale. Agencies like the National Cyber Security Centre (‘NCSC’) and the Financial Conduct Authority (‘FCA’) have echoed this, highlighting that generative AI is already being used to create highly convincing deepfakes, sophisticated phishing campaigns, and realistic fake websites, leading to a projected increase in cyber-attacks and identity fraud.

It should come as no surprise, therefore, that a growing sector of the service economy comes in the form of corporations looking to respond to this threat. In that vein, it has been announced this week that London startup Falkin has secured $2 million in pre-seed funding to help banks protect customers from AI-driven scams before money is lost. As co-founder Boaz Valkin states, “The new battlefield isn’t payments—it’s persuasion. Protection has to move earlier.” Falkin's solution uses AI to analyse signs of deception across communication channels (messages, sale items, payment requests), embedding tools directly into banking platforms. The platform has already been used by tens of thousands of consumers across the US and UK, with 78% reporting increased online confidence. The capital will fund hiring, product development, integrations, and the launch of Safety Labs, an initiative to help community banks easily deploy these customer-facing tools.

This rapidly evolving threat landscape has created a significant challenge for UK financial institutions and law enforcement. The Bank of England has noted that AI increases the capabilities of malicious actors to attack the financial system, while the FCA has warned firms to prepare for disruption "in ways and at a scale not seen before." This official recognition of AI as a primary vector for financial crime reinforces the critical need for new, adaptive, and equally sophisticated defensive technologies to protect assets and consumers.

Money Laundering

FinCEN Targets Mexico Gambling Establishments Linked to Sinaloa Cartel Money Laundering

The US Treasury’s Financial Crimes Enforcement Network (‘FinCEN’) has issued a proposed rule identifying transactions involving ten Mexico-based gambling establishments as a primary money laundering concern due to their ties with the Sinaloa Cartel. The measure, under Section 311 of the USA PATRIOT Act, would prohibit US financial institutions from maintaining correspondent accounts used to process such transactions, effectively cutting these casinos off from the US financial system. FinCEN’s findings highlight that the establishments’ leadership coordinated directly with cartel members to launder illicit proceeds and evade detection, while the action was taken in coordination with Mexico’s government and the Treasury’s Office of Foreign Assets Control, which simultaneously sanctioned individuals involved in laundering cartel funds. The Treasury press release is here.

Bribery and Corruption

INTERPOL Unites Global Efforts on Corruption, Asset Recovery, and Sports Integrity

The INTERPOL Global Conference on Anti-Corruption and Asset Recovery and the 15th Annual Match Fixing Task Force meeting concluded in Abu Dhabi, gathering over 500 experts from 90+ countries to strengthen international cooperation against corruption, financial crime, and sports manipulation. Organised with the UAE government, the events emphasised reforms, financial oversight, and the operational use of INTERPOL’s Silver Notice to trace illicit assets. Delegates highlighted links between corruption, money laundering, and organised crime, while sports integrity discussions addressed emerging threats in e-sports, illegal betting, and competition manipulation. Joint workshops with the IOC reinforced global capacity-building efforts, underscoring the importance of multi-agency collaboration to safeguard both financial systems and the credibility of sports competitions.

Market Abuse

Trump Pardons British Billionaire Joe Lewis After Insider Trading Conviction

British billionaire Joe Lewis, whose family trust owns Tottenham Hotspur, has been pardoned by President Donald Trump more than a year after pleading guilty to insider trading and conspiracy charges in New York. Lewis, 88, admitted to sharing confidential corporate information with friends, employees, and romantic partners between 2019 and 2021, leading to a $5 million fine and over $50 million in penalties for his company. He avoided prison due to poor health and a record of philanthropy, and sought the pardon to access medical care and visit family in the US.

Cyber Crime

UK Announces Cyber Security and Resilience Bill to Protect Critical Services from Growing Threats

The UK government has unveiled the Cyber Security and Resilience Bill to bolster protections for essential services such as healthcare, energy, water, and transport against rising cyber threats. The legislation introduces tougher regulations for digital and managed service providers, mandates rapid incident reporting, and empowers regulators to enforce security standards across supply chains. With cyberattacks costing the UK economy nearly £15 billion annually, the Bill aims to prevent disruption, safeguard national infrastructure, and enhance economic stability. It also grants new powers to the Technology Secretary to intervene in high-risk scenarios, reinforcing the UK’s commitment to national security and digital resilience. The Information Commissioner’s Office has welcomed the announcement.

UK to Regulate Medium and Large Managed Service Providers Under New Cyber Security Bill

The UK government has announced that it will bring medium and large managed service providers (‘MSP’s) into scope of the Network and Information Systems Regulations 2018 through the Cyber Security and Resilience Bill, defining them as “relevant managed service providers” (‘RMSP’s). These providers, which deliver ongoing IT management and security services, will be required to register with the Information Commissioner’s Office, report significant incidents, and implement proportionate measures to secure networks and data. The move follows high-profile cyber-attacks, including Operation Cloud Hopper and the 2024 Ministry of Defence payroll breach, and aims to strengthen resilience against “one-to-many” risks posed by MSPs’ trusted access to client systems.

Europol’s Operation Endgame Dismantles Major Cybercrime Infrastructure Across 11 Countries

Between 10th and 13th November 2025, Europol coordinated a sweeping international crackdown on cybercrime infrastructure, targeting the infostealer Rhadamanthys, Remote Access Trojan VenomRAT, and the botnet Elysium. The operation led to the takedown or disruption of over 1,025 servers and the seizure of 20 domains, with one key suspect arrested in Greece. These networks had infected hundreds of thousands of devices worldwide, compromising millions of credentials and over 100,000 crypto wallets. Supported by law enforcement and private partners from 11 countries, Operation Endgame marks a significant blow to ransomware enablers and continues to expose criminal services and users through its dedicated website and Telegram channel.