Embedded Files
18th May – 21st May 2026
Sanctions
UK Foreign, Commonwealth and Development Office Updates Russia Sanctions List Following Official Reviews
On 15th May 2026, the UK Foreign, Commonwealth and Development Office (FCDO) issued administrative updates to the UK Sanctions List under the Russia (Sanctions) (EU Exit) Regulations 2019. These updates comprise three variations and one correction affecting both individuals and entities suspected of contributing to the destabilisation of Ukraine. The variations involve the Germany-based entity EKC.AG and two of its senior executives, Vladimir Viktorovich Platunov and Evgeny Viktorovich Porokhnya, who remain subject to measures including asset freezes, travel bans, and director disqualifications. Additionally, a correction was applied to the entry for Limited Liability Company "Zhemchuzhina," an organisation identified by the FCDO for its role in facilitating the forced deportation and militarisation of Ukrainian children. All designated parties are required to comply with various financial and trust service restrictions, and the FCDO reminded that failure to adhere to these measures may constitute a criminal offence.
Blind Spots and Back-End Ownership: Deutsche Bank Fined for Russia Sanctions Slip-Up
The Office of Financial Sanctions Implementation (OFSI) has recently finalised a £165,000 penalty against Deutsche Bank AG’s London Branch for what it describes as a "serious" breach of the Russia (Sanctions) Regulations. It is a case which highlights how even major global players can trip over the shifting sands of corporate ownership in Moscow.
At the heart of the issue are two payments totalling just over £635,000 sent to Okko LLC, a Russian app developer and streaming platform. While the developer itself was not explicitly named on a sanctions list at the time, it had recently been sold to JSC New Opportunities, which is a firm the UK blacklisted in late June 2022. This transition appears to have created a lag in the bank's defence systems. Although Deutsche Bank relied on a third-party vendor to flag high-risk names, that vendor’s data failed to capture the change in ownership, allowing the funds to slip through the SWIFT network undetected.
The enforcement action leans heavily on "strict liability," where the firm was held responsible for a breach regardless of whether it intended to breach the Regulations. One of the payments was processed on the very day the parent company was designated, leaving a window of time for cancellation which was likely too narrow for any human to catch. Nevertheless, OFSI officials seemed less than impressed with the bank’s initial reaction. While Deutsche Bank did eventually come forward to disclose the errors, the regulator noted that the reporting lacked the granular detail and "limited insight" they expect from a large, regulated institution.
There is a subtle critique here of the industry's reliance on automated filters. OFSI pointed out that while the bank’s vendor was silent, multiple media reports in May 2022 had already publicised the ownership shuffle between Sberbank and JSC New Opportunities. This suggests that a more proactive approach to open-source intelligence might have prevented the fine. The final penalty was significantly reduced from a potential £1 million baseline after the bank agreed to a settlement and disclosed several improvements to its screening framework, including a much lower risk appetite for Russian transactions. For the wider financial sector, the lesson is that knowing a customer is no longer enough; the real risk often hides in the ownership layers behind the screen.
UK Department for Business and Trade Authorises New Licences for Processed Oil and LNG Transportation
On 19th May 2026, the UK government issued two general trade licences under the Russia (Sanctions) (EU Exit) Regulations 2019, which appear to refine the scope of current energy-related restrictions. The first measure, Licence GBSAN0004, permits the trade of specific diesel and jet fuel products which, while originating from Russian crude oil, have undergone processing in a third country. This indefinite authorisation is joined by a time-limited licence, which expires in January 2027, which facilitates the maritime transport of liquefied natural gas (LNG) from the Sakhalin-2 and Yamal terminals to third-party nations. While both licences grant permission for associated financial and brokering services, they include strict record-keeping requirements and remain subject to variation or revocation by the Secretary of State at any time. These updates likely reflect a targeted effort to manage the complexities of global fuel distribution, particularly regarding refined products and short-term LNG contracts, while maintaining the broader framework of the UK's sanctions regime. The Regulations are here.
US Treasury Allows Sanctions Waiver on Russian Seaborne Oil to Expire, then Resurrects
The US Treasury allowed a sanctions waiver permitting countries, including India, to purchase Russian seaborne oil to lapse after a month‑long extension intended to ease supply pressures caused by Iran’s closure of the Strait of Hormuz, according to Reuters. However, having realised what might well be regarded as an oversight, the government announced that it would extend the waiver for another month. Two Democratic senators had urged the administration not to renew the waiver, arguing it bolstered Russian revenues without reducing US fuel costs. US gasoline prices remain around $4.50 per gallon, the highest since 2022, while global oil prices have hovered near or above $100 per barrel since the war began. India, the largest buyer of Russian seaborne crude, has maintained near‑record import levels in recent months.
Adani Enterprises Reaches $275 Million Settlement with US Treasury Over Iran Sanctions Violations
The US Treasury’s Office of Foreign Assets Control (OFAC) has announced a $275 million settlement with Adani Enterprises Limited after determining the India‑based company caused US financial institutions to process 32 payments linked to liquefied petroleum gas shipments which originated from Iran, according to the agency’s enforcement release. OFAC said the transactions, made between November 2023 and June 2025, totalled more than $192 million and involved a Dubai‑based trader whose documentation should have raised concerns about the cargo’s true origin. The agency classified the apparent violations as “egregious” and noted they were not voluntarily self‑disclosed, while also acknowledging the remedial steps and cooperation provided by Adani Enterprises during the investigation.
US Treasury Expands Sanctions on Iranian Financial and Maritime Networks
The US Department of the Treasury announced new sanctions targeting more than 50 companies, individuals, and vessels alleged to be involved in financial and maritime networks which generate significant revenue for Iran’s government, according to the department’s latest action under the Economic Fury initiative. The measures include designations against a major Iranian foreign currency exchange house, associated front companies operating across multiple jurisdictions, and 19 vessels linked to the transport of Iranian oil, petroleum products, and petrochemicals. Treasury officials stated that the actions aim to restrict Iran’s ability to move and repatriate funds, disrupt sanctions‑evasion mechanisms, and limit revenue streams connected to the country’s financial, petroleum, and petrochemical sectors.
Fraud
Federal Agencies Announce Comprehensive Enforcement Actions Targeting Nationwide Financial Fraud and Abuse
Several United States federal agencies have announced significant enforcement actions and investigations aimed at combating diverse financial fraud schemes, highlighted by a $1 billion nationwide crackdown led by the Department of Justice’s National Fraud Enforcement Division. These efforts include the indictment of a criminal network for romance fraud schemes targeting elderly Americans, the 55-month prison sentencing of a former real estate broker for a $2.4 million investment and tax fraud case, and a US Secret Service operation in Houston which removed illegal skimming devices to prevent an estimated $14.5 million in consumer losses. Additionally, the Federal Communications Commission (FCC) initiated an investigation into the potential misuse of federal E-Rate funds by educational institutions in Minnesota as part of a broader review of the Universal Service Fund. These coordinated activities, involving the FBI, IRS, and local law enforcement, demonstrate a federal priority to prosecute activities ranging from healthcare and securities fraud to the predatory exploitation of government benefit programmes.
Money Laundering
California Man Sentenced to 15 Years for Money Laundering and False Testimony
A California man has been sentenced to 15 years in federal prison for his role in a money‑laundering conspiracy linked to a drug trafficking network and for later providing false testimony, according to court documents. Mohammed Zohair Adi, 58, admitted helping move millions of dollars in proceeds from a marijuana‑distribution operation which transported more than 1,000 kilogrammes of high‑grade cannabis from California to Alabama. Prosecutors said Adi used a network of corporate entities and bank accounts to conceal the funds and, after pleading guilty in 2023, violated a court order by meeting a co‑defendant and giving misleading statements under oath. In addition to the 180‑month sentence, the court imposed a $50,000 fine and three years of supervised release.
US Arrests Alex Saab on Charges Tied to Venezuelan Food Programme Corruption
Alex Nain Saab Moran, a former Venezuelan minister and close ally of the Maduro government, has been arrested and brought before a US court on charges alleging his involvement in a large‑scale international money‑laundering scheme connected to Venezuela’s CLAP food‑distribution programme, according to the Justice Department. Prosecutors say Saab and his associates secured lucrative food‑import contracts through bribery, falsified shipping records, and shell companies, diverting hundreds of millions of dollars intended for vulnerable Venezuelans while routing portions of the proceeds through US banks. The indictment also alleges that the conspiracy later expanded to include illicit sales of Venezuelan oil, with profits again channelled through the American financial system. Saab faces a maximum sentence of 20 years if convicted, and US agencies including the DEA, FBI, and Homeland Security Investigations continue to pursue related financial‑crime networks.
Other Financial Crime
Seven‑year ban for director who shifted nearly £200,000 from insolvent cleaning firm
While this is not technically a financial crime, a Leicestershire cleaning company director has been banned for seven years after moving almost £200,000 out of his failing business and into a new venture he controlled, which is activity investigators say appears to have been carried out while he knew the original firm had no realistic chance of survival.
Philip Walker, 44, formerly director of Solus Facilities Limited, used the controversial Atherton scheme in 2023 in an attempt to walk away from more than £500,000 in company debts. The scheme, marketed as a kind of “corporate rescue” alternative to formal insolvency, encouraged struggling directors to sell their companies’ liabilities to Atherton Corporate (UK) Ltd. Walker paid the firm £16,500 for this service, though the arrangement may now look less like a rescue attempt and more like a way to sidestep creditors.
During the same period, Walker set up a new business, namely Carbon White Group Ltd and, despite resigning as director of Solus Facilities, continued accessing its bank account. Between November 2023 and January 2024, he transferred a net £198,100 from the insolvent company into the new one. By that point, Solus Facilities had stopped trading and was already in deep financial distress. It later entered liquidation in September 2024 owing £513,090.
Investigators say the timing of the transfers raises serious concerns. Walker was no longer formally in charge of Solus Facilities when many of the payments were made; the company had been handed to Karen Mortimer, identified by the Insolvency Service as one of Atherton’s key enablers. Mortimer herself has since been banned for seven years for putting the creditors of 138 companies at risk. Her sister, Joanna Seawright, received an identical ban, while another enabler, Neville Taylor, was disqualified for nine years in 2025. Several Atherton‑linked companies have since been wound up in the public interest.
Dave Magrath, Director of Investigation and Enforcement Services at the Insolvency Service, said Walker’s actions left creditors “seriously out of pocket” and highlighted the wider problem of abusive ‘phoenixism’ which is where directors repeatedly abandon failing companies only to start new ones free of old debts. His comments suggest the agency is increasingly willing to pursue those who attempt to exploit such schemes.
Criminal investigations into the Atherton network are still active. Six search warrants have been executed across the UK in recent months, hinting at a broader pattern of suspected misconduct which may yet lead to further action.
Walker’s disqualification, accepted by the Secretary of State for Business and Trade, took effect on 15th May. It prevents him from promoting, forming, or managing a company without court permission.
Government to introduce tougher checks and harsher penalties in bid to curb waste crime
The government has announced a sweeping set of reforms aimed at shutting down long‑standing loopholes in England’s waste‑handling system, a move which appears to signal a more assertive stance against operators who have taken advantage of lax oversight for years. Ministers say the changes, due to take effect in 2027, will make it far harder for unqualified or criminally linked waste carriers to operate, and far easier for regulators to remove them when things go wrong.
Under the new rules, anyone transporting or dealing in waste will need a permit rather than a simple registration. The current system, which relies on minimal checks and has been criticised as outdated, has allowed individuals with histories of fly‑tipping or illegal dumping to continue trading with little scrutiny. Officials argue that the shift to a permit‑based model, complete with identity verification, criminal‑record checks and proof of technical competence, is likely to close off a route which waste criminals have exploited for years.
The reforms also introduce tougher penalties. Those caught illegally transporting or mishandling waste could face up to five years in prison, which represents a significant escalation from the existing regime, which carries no custodial sentences. The Environment Agency will gain stronger powers to revoke permits and issue enforcement notices, a change which may help it act more quickly when rogue operators are identified.
Waste Minister Mary Creagh said the measures were designed to give households confidence that their rubbish will not be dumped “in a field a week later.” Her comments reflect a frustration shared by many local authorities, which have spent millions clearing abandoned waste from lay‑bys, industrial estates and farmland. Creagh described persistent offenders as “waste cowboys” who have “abused the system for too long.”
Philip Duffy, Chief Executive of the Environment Agency, welcomed the reforms but noted that waste crime continues to evolve. His remarks suggest a recognition that enforcement alone may not be enough; the sector has seen increasingly organised criminal activity, including large‑scale illegal waste sites which can cost taxpayers hundreds of thousands of pounds to clean up.
The government’s Waste Crime Action Plan, published alongside the reforms, sets out a broader crackdown which includes digital waste‑tracking and new powers under the Policing and Crime Act allowing courts to strip fly‑tippers of their driving licences. While industry groups have generally supported the changes, some observers may question whether the 2027 implementation date risks giving bad actors a long runway to adapt.
Crimestoppers and the Chartered Institution of Wastes Management both urged the public to report suspicious activity, noting that community tip‑offs often play a crucial role in identifying illegal operations. They argue that the reforms could make reporting easier, particularly once permit numbers must be displayed on vans and advertising.
Whether the new system will meaningfully reduce waste crime remains to be seen. But the government’s message is clear: the era of light‑touch registration is ending, and those who continue to exploit the gaps may soon find the consequences far more severe.
Cybercrime
Federal Lawsuits Mount After Cyber Attack Disrupts Canvas During University Final Exams
A recent cyber-attack on Instructure’s Canvas platform, which caused widespread outages during final exams at schools and universities across the US, has prompted more than two dozen federal lawsuits, including a potential class action filed in Texas. The suit, brought by a Baylor University nursing student identified as Jane Doe, alleges negligence and breach of implied contract after the 7th May shutdown locked students and faculty out of assignments, study materials, and communication tools, forcing exam delays and extended campus housing. Instructure said the breach was carried out by the ShinyHunters hacker group, which claimed to have stolen hundreds of millions of records; the company reported reaching an agreement for the deletion of the stolen data but provided no details. While Instructure maintains that no government ID numbers or passwords were taken, the lawsuit argues that compromised messages may include sensitive student communications. The company has declined to comment on the litigation, directing inquiries to its incident response page.
Guardian opinion examines risks and realities of ransom payments after Instructure cyber‑attack
Allied to this news, The Guardian newspaper in the UK has published an opinion piece in the wake of the Instructure cyber-attack, and the fact that a ransom may have been paid. It explores the broader dilemma organisations face when confronted with ransomware demands, noting that governments advise against payment even as many companies ultimately choose to negotiate. Drawing on expert commentary, it outlines how attackers such as ShinyHunters leverage stolen data to pressure victims, why businesses may view payment as a way to limit further harm, and the inherent uncertainty in trusting criminal groups to delete or return compromised information. The article situates the Instructure incident within wider trends in ransomware, including rising extortion, evolving regulatory constraints, and the persistent tension between operational recovery, user privacy, and the risks of incentivising future attacks.
Suspected Iranian Cyber Intrusions Target US Gas Station Monitoring Systems
Federal investigators are examining a series of intrusions into automatic tank gauge systems at gas stations across several US states, where hackers accessed unsecured devices and altered display readings without affecting actual fuel levels. Officials suspect Iranian-linked actors due to the timing of the incidents and Iran’s history of targeting critical infrastructure, though forensic evidence remains limited. Experts warn that unauthorised access to these systems could obscure hazardous leaks or disrupt monitoring, highlighting persistent vulnerabilities in fuel, water, and energy networks. The breaches form part of a broader uptick in Iranian cyber activity during the ongoing Iran–Israel–US conflict, alongside recent attacks on corporate and energy facilities, while geopolitical tensions continue to generate economic strain and divisions among international partners.
UK Financial Authorities Urge Firms to Strengthen Cyber Resilience Amid Rising Frontier AI Threats
The Financial Conduct Authority, Bank of England and HM Treasury have issued a joint statement warning that rapidly advancing frontier AI models are increasing cyber risks for regulated firms and financial market infrastructures, and urging organisations to strengthen governance, vulnerability management, third‑party oversight, and response capabilities. The authorities noted that current AI systems can already identify and exploit vulnerabilities at a speed and scale beyond human capability, heightening threats to operational resilience, market integrity, and financial stability. Firms are advised to ensure boards understand emerging AI‑driven risks, invest appropriately in cyber defences, adopt automated protections where suitable, and prepare for faster, more disruptive attacks. The statement reinforces existing regulatory expectations and directs firms to guidance from the National Cyber Security Centre and the Cross Market Operational Resilience Group.
Major UK Corporations Report Substantial Profit Declines Following 2025 Cyber-Attacks
Both Marks & Spencer (M&S) and Jaguar Land Rover (JLR) are reporting significant financial impacts as they navigate the recovery phase following major cyber-attacks which occurred during the 2025 financial year. M&S expects to reveal a 25% drop in annual pre-tax profit to £654 million, attributed to a six-week suspension of online sales and logistics disruptions which caused widespread stock shortages. Similarly, JLR faced a six-week production shutdown following an August 2025 attack linked to the ShinyHunters collective, contributing to an 82% decrease in full-year pre-tax profits to £2.5 billion. While both organisations report that production and specific business units have largely returned to normal operations, they continue to face external pressures such as inflation and shifting market competition. The systemic nature of the JLR breach, which impacted nearly 3,000 organisations and necessitated a £1.5 billion government loan guarantee, has led industry experts to emphasise the necessity of making cybersecurity a priority at the board level to mitigate future financial risks.
ICO warns organisations to brace for rise in AI‑driven cyber attacks
The UK’s data protection regulator has issued a fresh warning that cyber criminals are rapidly adopting artificial intelligence to supercharge attacks, creating a threat landscape which appears to be shifting faster than many organisations can reasonably match.
In a recent blog post, Ian Hulme, the ICO’s Interim Executive Director for Regulatory Supervision, said AI‑generated phishing emails, deepfake impersonation attempts and automated vulnerability‑scanning tools are already making attacks “faster, more advanced and harder to detect.” His comments suggest a growing concern that traditional security habits, such as patching, password policies, and basic monitoring, may no longer be enough on their own.
The ICO set out five steps organisations should take now, emphasising that cyber security is “a shared responsibility” rather than something which can be outsourced to a single team or vendor. Hulme noted that while the regulator can offer guidance, businesses must be prepared to act early if they want to avoid being caught out by attackers who increasingly use AI to mimic colleagues, exploit weak access controls or poison data used to train internal AI systems.
One of the most striking warnings relates to deepfake social‑engineering attempts. Criminals can now generate convincing audio or video which imitates an employee’s voice or mannerisms, potentially tricking staff into resetting credentials or granting access. The ICO hints that this kind of manipulation is likely to become more common, particularly in organisations where staff are already stretched and may not question an urgent‑sounding request.
The regulator also highlighted the growing risk of indirect prompt‑injection attacks, where malicious instructions are hidden inside external content, sometimes buried in metadata, so that an organisation’s AI tools misinterpret them as legitimate commands. While this may sound abstract, the ICO points out that such attacks can compromise systems quietly, without the obvious red flags associated with more traditional breaches.
To counter these threats, the ICO is urging organisations to strengthen their “layers of defence.” That includes timely patching, multi‑factor authentication on all remote and admin accounts, and tighter control over privileged access. The blog also stresses the importance of mapping what third‑party suppliers can access, which is an area which has repeatedly been exploited in high‑profile breaches.
Monitoring and incident response remain central. The ICO advises organisations to watch for unusual login patterns, unexpected data transfers or abnormal API activity, and to test incident‑response plans regularly. Hulme also acknowledges that AI can support defenders too, flagging suspicious behaviour at speed, though he cautions that such tools must operate under clear human oversight.
Personal data remains a prime target. The ICO reminds organisations that under UK GDPR they must minimise the data they hold, audit where it sits, and train staff to recognise AI‑powered scams such as voice cloning or highly personalised phishing attempts. For organisations using AI systems which process high‑risk personal data, the regulator says data‑protection impact assessments and safeguards are essential.
While none of the advice is entirely new, the ICO argues that AI’s accelerating role in cyber-crime gives these measures renewed urgency. The message is blunt: organisations which fail to adapt may find themselves facing threats which evolve faster than their defences.
EU Crackdown Targets 14,200 Online Links Tied to Iran’s Revolutionary Guard Propaganda Network
European investigators have carried out what appears to be one of the most sweeping online crackdowns yet against Iran’s Islamic Revolutionary Guard Corps (IRGC), identifying 14,200 pieces of content linked to the group’s propaganda and fundraising ecosystem. The operation, coordinated by Europol’s EU Internet Referral Unit, unfolded quietly between February and late April, and involved 19 countries working in coordination.
The timing was not accidental. The EU formally designated the IRGC as a terrorist organisation in February, a move which opened the door to more aggressive action against its online footprint. Officials say the group, which has been responsible for severe harm, violence, and human rights abuses, has built a sprawling multilingual network across mainstream social platforms, streaming sites, blogs, and even standalone domains. Some of the material blended religious martyrdom themes with political messaging; other posts included AI‑generated videos glorifying the IRGC or calling for revenge on behalf of Iran’s leadership. It is the kind of content which spreads fast, especially when it is packaged to look slick and modern.
Investigators did not just stumble across a few rogue accounts. They traced activity across languages ranging from Arabic and Persian to Bahasa Indonesia and Spanish, which may suggest a deliberate attempt to reach audiences far beyond Iran’s borders. One of the more visible targets, namely the IRGC’s main X account with more than 150,000 followers, was withheld in the EU as part of the action. Thousands of other links were either removed or flagged for further investigation.
What stood out to analysts was how the IRGC appears to be evolving its tactics. The network relied on hosting providers scattered across jurisdictions as different as Russia and the United States, a setup which makes takedowns slower and more complicated. Authorities also spotted cryptocurrency transactions being used to support online operations, a method which is increasingly common among groups trying to dodge traditional financial scrutiny. It is not hard to see why: crypto can move quickly, quietly, and across borders without the usual paperwork.
Europol framed the operation as part of a longer‑term effort to keep pace with terrorist organisations adapting to a digital environment which rewards speed and anonymity. Officials hinted that the threat landscape is becoming more fluid, and not necessarily larger, but certainly harder to pin down. The upcoming EU Terrorism Situation and Trend Report is expected to shed more light on how these networks are shifting, though early signs point to a mix of old‑school ideology wrapped in increasingly sophisticated online packaging.
Whether this coordinated sweep meaningfully disrupts the IRGC’s online reach is still unclear. Groups like this tend to reappear under new names, new domains, or new social accounts. But for now, European authorities seem intent on signalling that the digital space is no longer a free‑for‑all, and that even sprawling propaganda networks can be pushed back when enough countries decide to move at the same time.
A Controlled Silence: How Anthropic’s Mythos AI is Shaking Global Financial Defences
In an unusual move for the tech sector, Anthropic has decided to withhold its "Claude Mythos Preview" from the general public, citing security risks which appear to outweigh commercial gains. This model has reportedly shown a knack for finding unknown software flaws and writing working code to exploit them with very little human help. Testing suggests that Mythos can identify vulnerabilities across every major operating system, a capability which has put global banks on high alert. Major financial hubs including the US and Japan are currently scrambling to patch weaknesses that this tool has brought to light. The International Monetary Fund warns that if these AI-driven offensive tools outrun current defences, the resulting "macro-financial shock" might trigger funding strains or market-wide liquidity issues.
While larger banks have early access to share findings, smaller firms are being pushed by the European Central Bank to prepare regardless of their own technical limitations. It seems that the traditional "patch cycle" of several weeks may no longer be fast enough when an AI can find and hit a flaw in mere hours. OpenAI is reportedly taking a different path with a restricted version of GPT-5.5, aiming to give defenders the upper hand through specialised, governed access. The World Economic Forum’s latest report, Empowering Defenders, points out that adopting AI for defence involves a difficult choice regarding autonomy. Giving a machine the power to act at lightning speed might stop an attack, but it also makes it harder for humans to catch a mistake before it causes its own set of problems. Beyond the technical fixes, the real challenge appears to be a lack of global rules for who gets to use these strategic assets and how they should be governed.
201 Arrested in Coordinated Cybercrime Operation Across MENA Region
INTERPOL has announced that 201 people were arrested and 382 additional suspects identified following a large cybercrime operation across 13 Middle East and North Africa countries. Operation Ramz, which ran from October 2025 to February 2026, targeted phishing networks, malware infrastructure and online investment scams, resulting in 3,867 victims being identified and 53 servers seized. Authorities in countries including Qatar, Jordan, Morocco, Oman and Algeria carried out actions ranging from dismantling phishing‑as‑a‑service platforms to securing compromised devices and uncovering human‑trafficking victims coerced into running fraud schemes. INTERPOL said the operation demonstrated the value of cross‑border intelligence sharing, with nearly 8,000 pieces of data exchanged to support investigations.
Page updated
Report abuse