Episode 225

16th February – 19th February 2026

Sanctions

UK call for evidence on how ownership and control rules operate in financial sanctions

The British government has opened an eight‑week call for evidence seeking industry views on how ownership and control rules are applied within UK financial sanctions regulations, with a particular focus on the practical impact of “hypothetical control,” compliance burdens, legal risk, and business decisions. OFSI is inviting input from businesses, financial institutions, legal and compliance professionals, civil society, and other stakeholders to assess whether the current framework is clear, effective, and proportionate, ensuring sanctions remain robust while workable for legitimate firms. Responses are accepted until 11:59pm on 13 April 2026 via an online form or email. The blog explaining the call for evidence is here.

FCA Updates Sanctions Evasion Reporting Pages

The FCA has issued a renewed call for firms, professionals and whistleblowers to report any suspected sanctions evasion or weaknesses in sanctions controls linked to entities on its registers or UK‑listed securities. The regulator outlines multiple reporting routes including confidential whistleblowing, SUP 15 notifications for authorised firms, and a dedicated misconduct form for concerns about other firms or individuals, stressing that reporters must still meet their legal obligations under legislation such as POCA and SAMLA. While the FCA cannot disclose any follow‑up action, it says all intelligence helps shape supervisory priorities, inform policy development, and support wider UK sanctions enforcement efforts.

Money Laundering

FATF Plenary Outcomes

The February 2026 FATF Plenary in Mexico City delivered a packed set of outcomes, including the adoption of new mutual evaluation reports for Austria, Italy and Singapore under the FATF’s more results‑focused assessment methodology. Delegates agreed to add Kuwait and Papua New Guinea to the list of jurisdictions under increased monitoring, while updating the public statement on Iran in the high‑risk category. The Plenary also advanced strategic initiatives on cyber‑enabled fraud and virtual assets, approving new reports on offshore VASPs, stablecoins and unhosted wallets. Looking ahead, members set strategic priorities for 2026–2028 and appointed the UK’s Giles Thomson as the next FATF President, demonstrating a continued push for global cohesion across the FATF network.

Pakistan Moves to Strengthen AML/CFT System

UNODC and Pakistan’s Financial Monitoring Unit (‘FMU’) convened a two‑day workshop in Karachi to build structured feedback mechanisms between the FMU and national law‑enforcement agencies, aiming to improve how financial intelligence is used in investigations, prosecutions, and asset recovery. Participants worked on developing Standard Operating Procedures to track the operational impact of FMU intelligence, including initiated cases, convictions, and asset seizures. They also addressed challenges in information sharing, domestic and international cooperation, and the use of financial intelligence to combat corruption, money laundering, migrant smuggling, and online child exploitation. The initiative marks a step toward strengthening Pakistan’s overall AML/CFT effectiveness and responsiveness across agencies.

Fraud

FinCEN Warns Banks to Stay Alert to Rising Relationship‑Investment Scams

FinCEN is urging financial institutions to heighten vigilance around relationship‑investment scams as part of the multi‑agency #DatingOrDefrauding campaign, highlighting how fraudsters exploit emotional trust to move illicit funds through the US financial system. The agency directs firms to a range of existing advisories and alerts, which address topics such as pig-butchering schemes, elder financial exploitation, deepfake-enabled fraud, misuse of FinCEN’s name, and virtual-currency kiosk abuse. It also emphasises that high-quality SAR reporting remains essential for law-enforcement detection and prosecution. FinCEN also flags trend analyses on elder exploitation and mail‑theft‑related cheque fraud, highlighting the growing sophistication and scale of these scams. Here is a Politico piece discussing the issue.

Market Abuse

FCA Fines Former Carillion CEO for Reckless Role in Misleading Markets

The UK Financial Conduct Authority (‘FCA’) has fined former Carillion chief executive Richard Howson £237,700 for his role in the construction giant’s collapse, finding he acted recklessly and was knowingly involved in the company issuing misleading market statements during 2016–17. According to the regulator, Howson failed to disclose serious problems in Carillion’s UK construction business and did not ensure accurate investor communications or adequate internal controls, contributing to significant losses for shareholders and disruption to public sector projects. The penalty follows his withdrawal of an appeal against the FCA’s decision and comes after earlier fines issued to former finance directors Richard Adam and Zafar Khan.

Other Financial Crime

Treasury Launches Confidential Whistleblower Portal

The US Treasury has opened a new FinCEN whistleblower portal confidentially to receive tips on fraud, money laundering, and sanctions violations, expanding its push to combat large‑scale benefits fraud and other financial crimes. The initiative follows Secretary Scott Bessent’s announcement that Treasury will offer financial rewards for actionable information and deploy a suite of measures including investigations into Money Services Businesses, enhanced reporting to accelerate prosecutions, alerts to financial institutions on fraud rings exploiting child‑nutrition programmes, and new law‑enforcement training. Treasury also highlighted an upcoming IRS task force focused on misuse of 501(c)(3) funds, part of a broader strategy to “follow the money” across complex fraud and laundering schemes. More information is provided here.

Gulf States Step Up Fight Against Financial Crime, Says World Economic Forum

New analysis from the World Economic Forum highlights how Gulf nations are rapidly strengthening their defences against financial crime, combining public awareness campaigns, advanced payments technology, regulatory innovation and unified standards to protect consumers and institutions. The report notes that rising digital transactions have increased exposure to scams across the region, prompting governments and banks to collaborate on education initiatives, real‑time fraud monitoring, fintech sandboxes and the adoption of ISO 20022 to improve data quality and cross‑border security. The Forum points to recent progress, including the UAE’s removal from global high‑risk lists, as evidence that coordinated action is reshaping the GCC’s financial resilience.

Cybercrime

UK Organisations Still Facing High Cyber Threat Levels

A major new UK government study has found that cyber incidents remain widespread across UK medium and large businesses and high‑income charities, with more than four in five organisations reporting an attack in the past year. The Cyber Security Longitudinal Survey, now in its fifth year, shows that phishing and impersonation scams continue to dominate, while larger organisations face a broader range of threats and more severe impacts.

Despite the persistent threat, the report highlights a mixed picture on organisational resilience. Uptake of Cyber Essentials has risen significantly since last year, and more organisations now claim adherence to at least one recognised security standard. However, supply‑chain security remains a notable weak point, with fewer than a third of organisations formally assessing supplier cyber risk.

The study also reveals that many organisations still respond reactively rather than proactively. Experiencing a serious incident is one of the strongest drivers of improved security behaviour, from adopting more controls to increasing board‑level engagement. External events, such as high‑profile cyber‑attacks, also act as catalysts, prompting internal reviews and budget discussions.

Budgets are rising overall, but charities in particular report that funding remains insufficient, and they lag behind businesses in board‑level involvement. Meanwhile, staff behaviour continues to be seen as a key vulnerability, driving investment in training, penetration testing, and user‑focused communication.

Longitudinal data shows that more than half of organisations experience similar levels of incidents year‑on‑year, though some appear to be improving their ability to limit the impact of attacks. Still, the unpredictability of when organisations choose to strengthen defences remains a concern for policymakers.