Episode 237

30th March – 2nd April 2026

Sanctions

UK Government Adds Two to Sanctions List Following UN Decision

The UK Government has announced the designation of Sami Jasim Muhammad Jaata Al-Jaburi and Abd El Hamid Salim Ibrahim Brukan Al-Khatouni under the Isil (Da’esh) and Al-Qaida Sanctions Regime. This action aligns with the UN Security Council Sanctions Committee’s decision, made on 26th March pursuant to Resolutions 1267 (1999), 1989 (2011), and 2253 (2015). The UN designations are here and here. The UK Government has also designated Hamidah Nabagala under the Isil (Da'esh) and Al-Qaida sanctions regime. This designation forms part of ongoing efforts to align with international sanctions targeting individuals associated with terrorist organisations. The Notice is here.

OFSI General Licences INT/2022/2300292 and INT/2022/2009156 amended

On 31st March 2026, amendments were made to two UK General Licences: INT/2022/2300292 now permits all forms of utility payment, including cash, for designated persons owning or renting UK properties, while INT/2022/2009156 allows designated persons to make insurance premium finance repayments to UK intermediaries rather than directly to insurers or brokers. Anyone intending to use these licences should consult the relevant documents for full details of permissions and requirements.

OFSI Fines Apple Distribution International £390,000 for Breaching UK Russia Sanctions

The UK Office of Financial Sanctions Implementation (OFSI) has imposed a £390,000 penalty on Apple Distribution International after determining that the company breached the Russia (Sanctions) (EU Exit) Regulations by instructing and failing to cancel two payments totalling £635,618.75 to Okko LLC, an entity owned by a designated person at the time of the transactions. OFSI assessed the case as “serious,” citing shortcomings in ADI’s sanctions‑screening processes following heightened Russia‑related risks, while also recognising mitigating factors such as voluntary disclosure, cooperation, and subsequent improvements to compliance controls. The penalty, which is OFSI’s first resolved through settlement, enhances the expectation that firms maintain robust due‑diligence frameworks, ensure effective ownership‑screening mechanisms, and promptly report suspected breaches.

EU Extends Iran Human‑Rights Sanctions Regime to April 2027

The Council of the European Union has extended its sanctions regime targeting serious human rights violations in Iran until 13th April 2027, maintaining measures such as travel bans, asset freezes, and restrictions on exporting equipment which could be used for repression. The updated list now includes 262 individuals and 53 entities, with one deceased individual removed. First introduced in 2011 and significantly expanded since 2022, the regime reflects ongoing EU concern over violence, arbitrary detentions, and internet restrictions imposed by Iranian authorities. The EU reiterated its call for the release of unjustly detained individuals and affirmed its support for the Iranian people’s aspirations for fundamental rights and freedoms.

Fraud

Treasury and FinCEN Warn Financial Institutions of Expanding Fraud Scheme

The US Department of the Treasury and FinCEN issued coordinated communications outlining growing fraud schemes targeting Medicare, Medicaid, and other federal and state health care benefit programmes, emphasising the involvement of organised and transnational criminal groups. The advisory details common typologies, which include false reimbursement claims, misuse of beneficiary information, and laundering of illicit proceeds, and urges financial institutions to monitor for red flags and report suspicious activity. Treasury also announced a proposed whistleblower framework to incentivise actionable tips related to fraud and financial crime, positioning these measures within a broader government effort to strengthen detection, reporting, and enforcement against health care–related fraud. The FinCEN press release is here, and the Treasury press release is here.

Money Laundering

AUSTRAC Tightens AML Controls

Australia’s financial crime watchdog is escalating its anti‑money laundering efforts on two fronts, signalling a decisive shift toward tougher oversight and risk‑based regulation.

In new updates, AUSTRAC has revealed that enhanced customer due diligence (ECDD) requirements imposed on cryptocurrency ATM providers are already disrupting serious criminal activity. Since late 2025, providers have been required to cap cash transactions, issue mandatory scam warnings, and apply targeted ECDD triggers. These measures have uncovered large‑scale suspicious behaviour, which include structured transactions exceeding $1 million, unexplained cash flows, and accounts used by suspected scammers, leading to multiple referrals to law enforcement.

At the same time, AUSTRAC is preparing the broader financial sector for sweeping changes to Australia’s AML/CTF laws, which take effect from 31st March 2026. Reporting entities will face updated obligations, new digital enrolment and registration forms, and a regulatory shift which prioritises real‑world risk and harm over box‑ticking compliance. AUSTRAC has warned that entities unable to meet the new requirements must have a documented implementation plan, with regulatory action possible where risks are not properly managed.

Together, the updates reflect a coordinated tightening of Australia’s AML framework. It is one which targets both emerging crypto‑enabled threats and longstanding gaps in the national regime. For businesses, the message is clear: financial crime risks are rising, expectations are increasing, and proactive compliance is no longer optional. The information is here and here.

Accountability Gaps Persist for Professional Enablers of Illicit Financial Flows from Africa

A new Transparency International working paper examines whether professionals implicated in cases of illicit financial flows from Africa faced meaningful accountability, building on the organisation’s earlier Loophole Masters study. Using the same case sample, the analysis finds that only 18 per cent of identified enablers were subject to any form of investigation or administrative action, with successful enforcement proving rare and sanctions often limited in scope or deterrent effect. The paper highlights legal and institutional gaps in both supervisory and criminal frameworks, noting that many professions fall outside anti‑money‑laundering obligations and that existing criminal tools are seldom applied. It concludes that further policy development and research are needed to strengthen oversight and enforcement mechanisms.

Market Abuse

FCA fines Dinosaur Merchant Bank £338,000

The FCA has fined Dinosaur Merchant Bank Limited £338,000 after the firm failed to ensure its market abuse surveillance systems captured a surge in contracts‑for‑difference (CFD) trading triggered by a new order system introduced in June 2024. Over four months, clients executed around $3.05 billion in CFD trades which were never reviewed by the automated monitoring tools, leaving potential insider dealing or manipulation undetected. Although the bank identified the issue in October 2024, it did not fully remediate the weaknesses until May 2025, limiting its ability to flag suspicious activity. The FCA said the failures risked undermining market integrity; the firm received a 30 per cent discount for cooperation and has since exited the CFD business.

Other Financial Crime

Eurojust‑led operation arrests two suspects and freezes millions in assets

An international operation coordinated by Eurojust has led to the arrest of two individuals suspected of large‑scale economic and financial crimes, including bankruptcy fraud, embezzlement and breaches of accounting obligations, with losses running into the tens of millions of euros. The main suspect, a Düsseldorf‑based real estate developer, allegedly hid significant personal assets by transferring them to others before declaring insolvency. On 26th March, authorities across six countries, including Germany, Austria, Luxembourg, the Netherlands, Spain and Switzerland, searched 49 properties simultaneously, seizing extensive evidence and freezing high‑value assets such as cash, artworks, luxury goods and a sports car. The coordinated action, involving more than 400 investigators, was organised through multiple Eurojust meetings, and German authorities will now analyse the collected evidence as investigations continue.

EU Anti‑Corruption Drive Stalls as Member States Ignore Key Reforms

Across the European Union, anti‑corruption efforts have largely flatlined. According to the Civil Liberties Union for Europe 2026 Rule of Law Report, most Member States made little to no progress on the European Commission’s 2025 anti‑corruption recommendations, with 20 out of 33 showing zero movement. Many of these reforms have been sitting untouched since 2022.

A handful of countries improved, namely Czechia, Slovenia, and Sweden, but others actively regressed. Slovakia dismantled major anti‑corruption bodies, prompting action from the Council of Europe and eventually the European Commission. Greece saw a major subsidy fraud case diverted into a parliamentary committee rather than a criminal investigation, while whistleblower systems required by law still don’t exist. In Hungary, a €600 million embezzlement probe fizzled out, campaign finance limits were removed, and high‑level corruption remains officially unacknowledged.

Malta and Romania introduced or maintained legal loopholes which make accountability harder, from restricting citizens’ ability to request criminal inquiries to allowing serious corruption cases to expire.

The broader picture is one of systemic stagnation. Weak lobbying rules, poorly controlled revolving doors, fragile whistleblower protections, and slow or compromised judicial processes continue to undermine enforcement across the EU. Only Estonia and Lithuania received no recommendations at all.

The report’s conclusion is blunt: the EU’s anti‑corruption framework is only as strong as Member States’ willingness to implement it, and at this moment, that political will is largely absent.

FinCEN Proposes Rule to Establish Full Whistleblower Incentive and Protection Framework

The US Treasury’s Financial Crimes Enforcement Network (FinCEN) has issued a proposed rule fully to implement its whistleblower programme, outlining procedures, eligibility criteria, and award structures for individuals who report violations related to the Bank Secrecy Act, sanctions programmes, and other illicit finance laws. The proposal includes awards of 10–30 per cent of collected penalties for actionable tips and introduces protections for whistleblowers, marking a significant step toward operationalising mandates from recent anti‑money‑laundering legislation. Public comments will be accepted for 60 days following publication in the Federal Register.

Cybercrime

European Commission probes cyberattack which breached EU institutional websites

The European Commission is investigating a cyberattack which struck the cloud infrastructure hosting the Europa.eu platform, affecting websites of the Commission, Parliament, Council and other EU bodies. Discovered on Tuesday, the intrusion was quickly contained, but early findings indicate that some data was taken, though the Commission’s internal systems were not compromised. Officials have not identified the perpetrators, amid a broader surge in state‑backed and criminal hacking targeting European institutions. The Commission is now notifying potentially affected bodies and will analyse the incident to strengthen future cyber‑defences.

AI Supercharges Global Cyber Fraud, Forcing a Shift Toward System‑Wide Defence

AI is transforming cyber fraud into a hyper‑scalable, highly profitable global threat, with AI‑enhanced schemes now 4.5 times more lucrative than traditional cybercrime. According to the World Economic Forum’s latest analysis, generative tools enable criminals to automate phishing, deepfakes, synthetic identities and large‑scale deception, eroding trust across financial systems, public services and digital identity frameworks. Fragmented defences and weak cross‑border coordination allow transnational fraud networks to flourish, prompting calls for a systemic, ecosystem‑wide response. The Forum outlines a roadmap with three layers: prevention, protection and mitigation, while emphasising public‑private collaboration, integrated intelligence sharing and unified anti‑fraud and cybersecurity functions to counter increasingly sophisticated attacks.