Episode 254

29th May – 31st May 2026

Sanctions

US Treasury Sanctions Iranian Entity Accused of Extorting Ships in Strait of Hormuz

The US Department of the Treasury has designated Iran’s so‑called Persian Gulf Strait Authority, alleging it operates an extortion scheme which requires commercial vessels to pay illicit tolls and follow Iranian‑directed routes when transiting the Strait of Hormuz. According to the announcement, the authority works with the Islamic Revolutionary Guard Corps and its naval units to collect fees and vessel information, with the funds allegedly supporting the IRGC’s activities. The action, which has been taken under Executive Order 13224, blocks any property the entity holds in the United States and warns that both US and non‑US persons could face sanctions exposure for facilitating related transactions. Treasury officials said the move forms part of a broader effort to restrict Iran’s ability to generate revenue through oil sales, shadow‑fleet operations and digital‑asset channels, while reiterating that violations may result in civil or criminal penalties.

US Expands Sanctions on Iran’s Illicit Oil Network

The US State Department announced new sanctions targeting entities, individuals, and vessels involved in Iran’s clandestine oil trade, aiming to restrict revenue flows which Washington says support the Islamic Revolutionary Guard Corps (IRGC) and Iran’s military activities. The measures, coordinated with the Treasury Department, focus on networks accused of moving millions of barrels of Iranian oil through Hong Kong-based intermediaries, while a separate Rewards for Justice offer of up to $15 million seeks information on financial mechanisms linked to the IRGC.

UK Financial Watchdog Flags Lingering Gaps as Sanctions Net Tightens Around £37 Billion in Frozen Assets

The UK’s financial regulator has delivered a mixed report on sanctions, acknowledging some progress while warning that systemic flaws still leave the door open to illicit activity. This assessment follows an extensive review by the Financial Conduct Authority (FCA), which has scrutinised the internal systems of over 150 firms since the start of 2022. The stakes are remarkably high; by last year, the value of assets frozen across the UK had reached a total of £37 billion.

While some institutions are catching potential violations before they occur, a pattern of "root cause" weaknesses appears to persist. Basic slip-ups in due diligence and name screening remain common, which might suggest that the rapid expansion of global sanctions lists is stretching manual compliance processes to their limit. It is likely that the sheer volume of data involved in monitoring regimes, particularly those targeting Russia and Iran, has created a backlog which even advanced software is struggling to clear.

Trade sanctions seem to be presenting a unique set of challenges for the sector. Unlike simple asset freezes, these rules often involve the export of sensitive technologies and engineering services, requiring a level of technical oversight which many banks were not originally built to handle. To help bridge this divide, the FCA signed a new intelligence-sharing agreement on 28th May with the Office of Trade Sanctions Implementation (OTSI). This Memorandum of Understanding (MoU) establishes a direct pipeline for swapping data on everything from suspicious transaction patterns to company ownership structures.

The MoU functions as a framework for cooperation rather than a strict enforcement tool. However, the message to the industry is clear: the siloed approach to financial and trade oversight is coming to an end. As the regulator moves toward sharing its "REP-CRIM" financial crime data with OTSI, firms which rely on "weaknesses in due diligence" as an excuse for breaches may find the regulatory environment increasingly unforgiving. The press release is here, the findings here, and the Memorandum of Understanding is here.

EU Sanctions Four Groups and Three Individuals Linked to Settler Violence

The Council of the European Union has imposed new restrictive measures on four organisations and three individuals identified as extremist Israeli settlers or supporters responsible for serious and systematic human rights abuses against Palestinians in the West Bank, according to an official announcement. The listings include groups accused of facilitating violent outposts, coercive displacement, and the demolition of Palestinian property, as well as leaders said to have directed or enabled these activities. The sanctions, which include the typical range of asset freezes, funding prohibitions, and travel bans, expand the EU’s Global Human Rights Sanctions Regime, which now covers 136 individuals and 41 entities across multiple countries.

Fraud

Major economies and tech giants back new global partnership to curb rising fraud

A coalition of major governments and some of the world’s largest technology and communications companies has agreed on a new framework aimed at tackling the rapid growth of online fraud, a threat officials say is increasingly intertwined with organised crime. The initiative, published by the UK Home Office, brings together countries including the US, Japan, Australia and EU member states, alongside firms such as Meta, Google, Amazon, Match Group and Virgin Media O2. Their joint statement may not be a binding treaty, but it signals a shared recognition that fraud has become too complex and too transnational for any one sector to manage alone.

The document outlines a set of principles which participants “endeavour” to follow, a choice of wording which appears to acknowledge the political and legal constraints each jurisdiction faces. Even so, the tone suggests a growing impatience with fragmented approaches. Fraud, the group notes, is evolving quickly and often overlaps with crimes such as human trafficking. Officials appear to be nudging both governments and companies to move faster, particularly on prevention and early detection.

One of the clearest expectations falls on private‑sector platforms. Companies commit to strengthening verification checks, classifying money‑muling and related behaviours as rule‑breaking, and improving systems which detect suspicious activity. The text hints at a quiet frustration with digital services which have historically been slow to act, stating that organisations should reduce the reach of domains which repeatedly fail to prevent abuse, while still protecting legitimate infrastructure. That balancing act is likely to be contentious, especially for firms wary of over‑blocking or being accused of policing the internet too aggressively.

Governments, for their part, pledge to remove unnecessary barriers to information sharing and to work more closely with industry when shaping fraud‑prevention policy. The emphasis on “timely, secure and lawful” data exchange may suggest that existing arrangements are too slow or too fragmented to keep pace with fast‑moving scams. The partnership also calls for better reporting channels for law enforcement and more consistent horizon‑scanning to identify emerging threats.

Victim support features prominently. Participants commit to clearer reporting tools, faster reviews of user complaints and more practical guidance for people who have been targeted. The framing implies that victim experience is not only a welfare issue but also a source of intelligence which could strengthen criminal justice responses.

Education and public awareness campaigns are presented as essential, though the document offers few specifics. The same is true for the section on innovation, which encourages the development of new technical solutions, which includes the use of artificial intelligence, but stops short of prescribing how these tools should be deployed. That ambiguity may reflect both the promise and the uncertainty surrounding AI‑driven fraud detection.

While the agreement is not legally enforceable, the signatories describe it as a “decisive step” toward a more unified global response. Whether it becomes a turning point or another well‑intentioned statement will depend on how quickly participants translate these principles into concrete action, and whether they can maintain cooperation across jurisdictions which often diverge on data protection, platform regulation and law‑enforcement powers. Still, the breadth of the coalition suggests that the political appetite for a coordinated approach is stronger than it has been in years.

Bank Employee Admits Role in Multi‑Million‑Dollar Fraud Schemes

Cheungkin “Kelvin” Lam, a former TD Bank employee, has pleaded guilty to participating in schemes which enabled more than $3.4 million in fraud across two financial institutions, according to the US Attorney’s Office for the District of New Jersey. Prosecutors said Lam accepted bribes, misused customer information to help outside conspirators target high‑value accounts, and later bribed an employee at another bank to falsify records used in additional fraud schemes. Lam, who received at least $155,000 in bribes, faces up to 30 years in prison on each of the two charges and is scheduled for sentencing on 15th October 2026.

Bribery and Corruption

The New Era of Global Bribery Settlements: $33 Billion Collected Through Teamwork

Authorities appear to be closing the net on transnational bribery through a growing reliance on coordinated, multi-country settlements. Recent OECD analysis suggests that the era of isolated national investigations is largely over for major global firms. Since 2008, these joint efforts have resulted in over $33.7 billion in total sanctions. This shift appears to reflect a growing realisation that no single sovereign agency can easily untangle the web of shell companies and offshore accounts used in modern corruption schemes.

The data indicates a significant change in who gets a seat at the table. While Western "supply-side" countries like the US and UK dominated the early days, "demand-side" nations, which are those nations where the bribes were actually received, are now playing a much more central role. Since 2019, approximately 85.7% of these coordinated cases have involved an enforcing jurisdiction from the country of the bribed official. This development may suggest a more equitable distribution of recovered funds, with demand-side jurisdictions like South Africa or Brazil recovering an estimated $12.6 billion to date.

Settling these cases almost exclusively involves "non-trial resolutions," such as deferred prosecution agreements, rather than traditional courtroom battles. This provides a structured exit for companies willing to take responsibility, offering them legal and financial certainty in exchange for cooperating with investigators. To prevent "piling on" or double-charging, regulators now use credit offsets, where a payment in one country is subtracted from the total owed in another. In the ABB case, for instance, the US credited over $150 million to South African and European authorities to ensure the victim nation received the largest portion of the penalty.

However, the path to these global deals is rarely smooth. Differences in national laws often create friction, such as when French "blocking statutes" restrict how much evidence can be shared with foreign partners. Some countries may also find themselves left out of the financial spoils if they lack the legal framework to participate in these settlements. A notable example involves Sweden, which reportedly missed out on over $200 million in the Telia case because it lacked a mechanism to join the coordinated resolution.

Critics might argue that this trend prioritises administrative efficiency over the public accountability of a full trial. While these settlements recover massive sums, they often result in no criminal conviction for the parent company, provided they follow strict compliance mandates. Nevertheless, for agencies with limited budgets and facing increasingly complex financial flows, the coordinated settlement appears to be the most practical tool currently available.

Market Abuse

CFTC Files Insider‑Trading Complaint Against Google Employee Over Prediction‑Market Trades

The Commodity Futures Trading Commission (CFTC) has filed a civil complaint in the Southern District of New York accusing Michele Spagnuolo, a Switzerland‑based Google software engineer, of using confidential information about Google’s 2025 “Year in Search” rankings to trade on Polymarket with near‑perfect accuracy, generating roughly $1.2 million in profits. According to the filing, Spagnuolo, who is alleged to have traded under the handle “AlphaRaccoon”, purchased “Yes” and “No” shares across more than twenty search‑related event contracts while bound by a duty to keep the information private. The CFTC is seeking restitution, disgorgement, civil penalties, trading and registration bans, and a permanent injunction, while a parallel criminal complaint was unsealed by federal prosecutors the same day, reflecting coordinated enforcement efforts between the agency and the US Attorney’s Office for the Southern District of New York.

Other Financial Crime

Justice Department Secures Over $6 Million in Additional Assets Tied to 1MDB Scheme

The Justice Department has recovered more than $6 million linked to the 1MDB corruption scheme after a federal court ordered the forfeiture of a luxury New York condominium and related rental income purchased with misappropriated Malaysian sovereign wealth funds. According to the department, the property was acquired for the benefit of May Ling Catherine Tan, an assistant to fugitive financier Low Taek Jho, whose network is alleged to have diverted billions from 1MDB between 2009 and 2015 through international money‑laundering channels. Investigators say the broader scheme funded high‑value purchases ranging from real estate in Beverly Hills and London to a superyacht and artwork by Monet and Van Gogh, as well as investments in ventures such as the production company behind The Wolf of Wall Street. The latest recovery, pursued through a civil forfeiture action in the Central District of California, forms part of a long‑running multinational effort involving US agencies and authorities in Malaysia, the UK, Singapore, Switzerland, Luxembourg and other jurisdictions to trace and reclaim assets connected to the alleged embezzlement.

Cybercrime

GCHQ Chief Issues Stark Warning at Bletchley Park Over Narrowing Tech Window

Standing in the Fellowship Auditorium where codebreakers once turned the tide of World War II, Anne Keast-Butler, Director of GCHQ, described the present as a "moment of consequence". She suggested that the UK and its allies face a rapidly closing window to maintain a technological lead over adversaries. This inaugural annual lecture marks a rare public outing for a GCHQ head, perhaps reflecting a belief that the current climate of "radical uncertainty" requires more than just behind-the-scenes manoeuvring.

The threat landscape appears increasingly cluttered. Keast-Butler pointed to Russia’s escalating hybrid tactics, which range from cyber incursions to the monitoring of undersea energy pipelines. While she noted that intelligence suggests nearly half a million Russian soldiers have died in the Ukraine conflict, the Kremlin’s appetite for "brazen behaviour" in the grey zone shows little sign of waning. Some analysts might observe that focusing on such high casualty figures serves to bolster the narrative of Western intelligence success, though the Director balanced this by highlighting the sophisticated cyber and military capabilities of a rising China.

Technology is no longer just a supporting tool; it has become a "transformational force" which is reconfiguring modern warfare. GCHQ is currently developing a new national cyber defence blueprint intended to integrate "agentic AI" to match the speed of machine-led attacks. However, the shift toward AI and quantum computing brings significant peril. Keast-Butler warned that quantum computers might soon be capable of unravelling the encryption which currently protects everything from fighter jets to the nuclear deterrent. This potential vulnerability likely explains her urgent plea for businesses to ditch passwords in favour of passkeys and prepare for future quantum-based threats.

Beyond the digital realm, space has emerged as a critical front. Since Keast-Butler took the helm three years ago, more than 10,000 new objects have been launched into orbit. This congestion is likely to complicate national security, especially as satellite imagery has allegedly been linked to Iranian attacks in the Gulf. While the Director celebrated the 80th anniversary of the UKUSA intelligence-sharing agreement, she hinted that Western teamwork, which has been built on trust, remains a primary advantage over the "strained, transactional" partnerships seen among adversaries. Critics, however, might point out that maintaining such trust in a "contested" geopolitical era is often more easily said than done. The press release is here, and the lecture transcript is here.

The Compliance Trap: How Overlapping Cyber Rules May Be Making Us Less Safe

Governments are churning out cybersecurity regulations at a record pace, yet this tidal wave of rules might actually be undermining the very security it aims to protect. A new OECD report paints a picture of a "complex patchwork" of siloed measures which often clash across borders, creating a regulatory landscape whose sheer complexity is itself becoming a major hurdle. While few would argue against the need for better digital defences, the current trajectory may suggest that the world is trading actual protection for administrative theatre.

The price of staying legal is becoming staggering for many firms. Complying with the EU’s NIS2 directive alone carries an estimated annual price tag of €31.2 billion across the bloc. For a mid-sized engineering firm or a regional tech provider, the cost of full compliance can reach up to €500,000. It appears that many organisations, perhaps one in three smaller enterprises, simply do not have the spare cash or specialised staff to keep up with these shifting requirements. This leads to a troubling paradox where the more rules we have, the less time security teams have to actually stop hackers because they are buried in documentation.

National sovereignty remains a significant driver of this chaos. Many governments appear reluctant to adopt international standards, preferring "homegrown" approaches which reflect domestic priorities or industrial policy goals. This drive for "strategic autonomy" is likely to harden these regulatory silos, making it nearly impossible for a business to operate globally without hitting a wall of conflicting mandates. Subtle protectionism also plays a role, as some rules act as digital trade barriers which favour domestic suppliers under the guise of national security.

This fragmentation may trigger a "race to the bottom." In a bid to escape the most suffocating red tape, some companies might strategically move their data centres or product development to jurisdictions with the lightest oversight. Such "regulatory arbitrage" does not just distort the market; it could leave entire regions more vulnerable by slowing down the spread of high-level security practices. Furthermore, when incident reporting rules differ wildly between countries, international cooperation during a crisis becomes a slow-motion disaster as agencies struggle to share data across incompatible frameworks.

There are glimmers of a more coordinated future. The European Commission is currently floating a "Digital Omnibus" approach to simplify overlapping rules and create a single-entry point for reporting cyberattacks. Across the Atlantic, the United States is attempting to streamline federal incident reporting through new legislation, though these efforts are mostly focused on domestic harmonisation rather than global alignment. The OECD, positioning itself as a neutral ground, hopes to steer these fragmented efforts toward a more coherent future before the window for cooperation closes. Without timely action, the report suggests these counterproductive effects are only likely to compound over time.