This week, the financial system was treated more openly than usual as a terrain of state contestation. FinCEN issued a major alert on the Islamic Revolutionary Guard Corps’ use of front companies, shadow fleets and stablecoins to evade sanctions. The UK and EU coordinated fresh sanctions packages against Russian state actors involved in the deportation of Ukrainian children. Ukraine charged former presidential chief of staff Andriy Yermak with money laundering through a luxury property scheme. The FCA’s chief executive told a London conference that the separation between financial services and national security has become “outdated and dangerous”. And INTERPOL closed a first-of-its-kind regional operation against cyber-fraud infrastructure across the Middle East and North Africa. Stitched together, the week is a reminder that fraud, money laundering, and sanctions evasion are no longer back-office problems for compliance teams – they are constitutive features of how states project, defend, and contest power. The regulatory tooling is finally catching up to that reality, but the institutional muscle required to enforce it remains uneven.

1. FinCEN issues IRGC sanctions evasion alert; OFAC targets Iranian shadow banking

FinCEN issued an alert on 11 May detailing how Iran’s Islamic Revolutionary Guard Corps uses front companies, exchange houses, shadow-fleet vessels and digital assets, including stablecoin minting and Iran-linked instruments such as USDZ, to launder oil proceeds and finance weapons procurement. The alert provides detailed red flags across maritime concealment, layered third-country corporate structures, money services facilitators, and digital asset routing. Days earlier, OFAC designated three Iranian exchange houses and a network of UAE and Hong Kong front companies under Executive Order 13902. Analysis by Bracewell notes the alert positions financial institutions for exposure under both sanctions law and federal material support statutes for foreign terrorist organisations, with penalties up to life imprisonment.

What is significant is the typology architecture. The alert treats sanctions evasion not as discrete transactional misconduct but as a vertically integrated illicit market – production (oil), trade infrastructure (shadow fleet), settlement (exchange houses and stablecoins), and procurement (defence supply). This is structurally identical to how serious organised crime is mapped in enterprise theory models of trafficking economies. From a routine activity standpoint, the alert is doing the work that the capable-guardian provision requires: lowering the cost to financial institutions of recognising suspicious activity by codifying typologies in advance. The harder question is whether smaller correspondents and non-bank facilitators (UAE free-zone companies, trust and company service providers, P2P digital asset exchangers) have the supervisory architecture to act on the red flags. Without that capacity downstream, the alert becomes a liability allocation device rather than a prevention instrument.

2. UK and EU sanction Russian officials and entities over Ukrainian child deportations

The UK and EU imposed coordinated sanctions on 11 May targeting individuals and institutions involved in Russia’s systematic deportation and indoctrination of Ukrainian children. The EU designated 23 state institutions and individuals; the UK announced a broader package covering 85 targets, including the Centre for Patriotic Training of Youth and 49 employees of the Social Design Agency, a state-funded entity allegedly running pro-Kremlin disinformation operations. Asset freezes and travel bans apply across both jurisdictions; Canada acted in parallel. ICC President Vladimir Putin remains subject to a 2023 arrest warrant for the alleged war crime of unlawful deportation.

Designations against state actors for war-crime-adjacent conduct sit at the intersection of international criminal law and financial crime enforcement. The interesting feature here is the targeting of the administrative apparatus of the alleged offending; the indoctrination centre, the disinformation agency, rather than only its decision-makers. Read through a situational crime prevention lens, this attacks the enablers of the underlying harm rather than only its principals, which is consistent with the broader regulatory shift toward gatekeeper liability. The constraint, as ever with state-actor designations, is enforcement reach: the prohibitions are most binding on Western financial institutions, and the perpetrators’ operating capital is largely Russian-domiciled. The expressive function of the sanction, naming, evidence-building, and eventual ICC proceedings, may matter more than its immediate financial bite.

3. Ukraine charges former Zelensky chief of staff Andriy Yermak with money laundering

Ukraine’s National Anti-Corruption Bureau and Specialised Anti-Corruption Prosecutor’s Office have charged former Presidential Office head Andriy Yermak with money laundering tied to the construction of a luxury residential compound near Kyiv. Al Jazeera reports prosecutors suspect Yermak of involvement in a criminal organisation that allegedly laundered approximately 460 million hryvnias (around $10.5 million). Bail has been set at roughly $3.2–5.4 million and the case carries a potential prison term of eight to twelve years. Yermak was remanded in custody on 14 May.

This case is consequential precisely because of who the defendant is. NABU and SAPO acting against the immediate former second-in-command of a wartime president is an unusual test of institutional autonomy. Read through a trust exploitation frame, the alleged offending leverages exactly the political capital that the office of chief of staff confers: proximity, signature authority, and informal influence over construction permitting and procurement. The structural significance is whether the prosecution survives politically; under Sutherland’s differential association, elite political-economic networks tend to socialise around shared rationalisations for self-dealing, and what disrupts them is not improved compliance training but credible, costly prosecution of insiders. The case is being closely watched by the EU as a marker of Ukraine’s accession-relevant rule of law trajectory.

4. FCA chief: Financial crime is now a national security issue

In a keynote at the FCA’s financial crime conference on 14 May, Chief Executive Nikhil Rathi told delegates that separating financial services from national security is “outdated and dangerous”, warning that tech-enabled criminal networks exploit gaps between policy silos. Mortgage Solutions reports the framing represents the most explicit articulation yet of the FCA’s repositioning of financial crime as core to its statutory remit.

Rathi’s message may seem to be a reframing, if the way it is being reported it to be taken at face value, but anyone working in the financial crime prevention industry will tell you that it has been true for some time. The government formally grouped financial and serious economic crime alongside traditional threats to national security in 2013, thirteen years ago, leading to the launch of the National Crime Agency(NCA) to disrupt high-end money laundering.

Despite this, financial crime supervisory work has historically been resource-light compared with prudential and conduct work, because losses sit primarily with consumers and counterparties rather than with systemic stability. Perhaps the FCA’s message may remind the current Government and the FCA itself that defining the harm as national security raises the political opportunity cost of under-investment?

Threat to national-security framing licences the use of intelligence-grade information sharing, restricted access to certain controls, and treatment of professional enablers (trust and company service providers, accountants, lawyers, payments firms) as components of an adversarial network rather than as discrete regulated firms. It has traditionally been used by governments both in the UK and globally as a justification for narrative and political campaigns such as ‘the war on drugs’ or ‘the war on terror’. It places enormous practical weight on the Public-Private Partnership infrastructure that the UK has been piecemeal building since 2015. But we have yet to see a ‘war on financial crime‘.

5. INTERPOL Operation Ramz: 201 arrests in first regional MENA cybercrime operation

INTERPOL announced the results of Operation Ramz, the first regional cybercrime operation across the Middle East and North Africa. Thirteen countries participated between October 2025 and February 2026, resulting in 201 arrests, 382 further suspects identified, 3,867 victims identified, and 53 servers seized. The Hacker News reports that Algerian authorities disrupted a phishing-as-a-service operation and Jordanian police seized infrastructure running fraudulent investment-platform scams. Group-IB confirmed it provided cyber-threat intelligence supporting the operation.

The MENA region has been a recognised gap in the international cybercrime enforcement architecture, despite being a major source and target geography. From a displacement perspective, the question is whether Ramz creates a durable cost on regional offenders or whether infrastructure migrates to non-participating jurisdictions. The phishing-as-a-service finding is the most analytically important detail: it confirms a market structure for cyber-fraud capability in which the infrastructure layer (kits, hosting, social engineering scripts) is sold to a wider downstream offender population. That maps neatly onto a crime-as-service model and means enforcement against operators of the service layer yields disproportionate suppression of the offender population it supplies.

6. FATF places Singapore on Regular Follow-up

The Financial Action Task Force published its mutual evaluation of Singapore on 6 May, placing the country on Regular Follow-up, the top monitoring tier, and an upgrade from its 2016 Enhanced Follow-up status. Seven of eleven Immediate Outcomes were rated Substantial and four Moderate, with none rated Low or High. Priority recommendations include strengthening beneficial ownership verification, prioritising complex money laundering investigations, and introducing more dissuasive sentencing guidelines.

The substance of the result matters less than the methodological evolution. FATF’s fifth-round assessments are explicitly effectiveness-led rather than technical-compliance-led; that is, the question is whether the system actually catches and punishes laundering, not whether the statute book and registers exist. Singapore is among the first jurisdictions evaluated against that revised framework, and Substantial across most Immediate Outcomes is a meaningful endorsement. The moderate rating on proliferation financing, and the recommendation to introduce more dissuasive sentencing, reflects the recurring criminological finding that certainty and severity of punishment for high-end laundering are still well below the threshold required to disturb rational-choice calculations among elite offenders.

7. UBS Monaco fined €6 million for AML failures

The Monégasque financial regulator AMSF fined UBS Monaco €6 million on 7 May for multiple anti-money laundering failures, with the enforcement decision to be published for up to five years. ComplyCube notes the decision sits alongside Monaco’s recent FATF grey-listing and continuing pressure on the principality to demonstrate effective supervision of private banking activities concentrated in its jurisdiction.

Private banking in small jurisdictions is one of the cleanest illustrations of trust exploitation in financial crime: confidentiality, relationship managers as gatekeepers, and a structural under-incentive on the institution to question the source of high-net-worth funds. The €6 million quantum will not move UBS’s risk appetite, but the requirement to publish the decision for five years is more consequential. Reputational permanence is the supervisory tool best suited to private banking, where the asset on which the business is built is discretion. Whether peer institutions adjust onboarding and ongoing monitoring of Monaco-domiciled clients in response is the diagnostic question.

8. FinCEN issues human trafficking notice ahead of 2026 FIFA World Cup

FinCEN issued a notice on 11 May on the threat of human trafficking during the upcoming FIFA World Cup, equipping financial institutions with red flags for trafficking-linked transactional activity and reinforcing reporting expectations. Coverage from the ABA Banking Journal frames the notice as a recurring FinCEN intervention around major sporting events.

Major sporting events compress the convergence element of routine activity theory: motivated offenders, suitable victims, and reduced capable guardianship are concentrated in time and place. The pre-event notice is anticipatory situational crime prevention: equipping financial system guardians with the typologies before the offending peaks. The methodological lesson, and one that the human trafficking field has been making for some time, is that proactive, event-based AML pattern matching tends to produce higher-quality suspicious activity reporting than steady-state monitoring, because the typology is sharper and the temporal signal stronger.

New Research Worth Reading

• Kumar, S. (2026), Money Laundering and Financial Instability: Exploring the Nexus in Fragile Economies, in Review of Business and Economic Studies. A mixed-methods study mapping three structural channels by which laundering undermines macroeconomic stability: tax revenue erosion, bad-loan growth and capital flight. Strong companion reading to the FinCEN IRGC alert.
• Hossain, M. (2026), Emerging Trends in Forensic Accounting: Data Analytics, Cyber Forensic Accounting, Cryptocurrencies, and Blockchain Technology for Fraud Investigation and Prevention, in Journal of Advances in Information Technology and Data. Argues forensic accounting is consolidating around four pillars, analytics, cyber-forensics, crypto-investigation and blockchain traceability, and warns against displacing professional scepticism with automation.
• Nurmukhametova, I. F. and Nurmukhametov, E. (2026), Development and testing of a methodology for diagnosing vulnerability to social engineering techniques, in Psychology and Law. An individual-typological model linking specific personality configurations to susceptibility to manipulative techniques, with implications for targeted, rather than population-wide, fraud awareness programmes.
• Sharma, R., Matharu, R. and Sinha, R. (2026), Socio-demographic and Behavioral Determinants of UPI Fraud Vulnerability: A Descriptive Study from Shimla District, Himachal Pradesh, in the Journal of Forensic Sciences Research. Identifies young adults, the middle-aged, lower-income and rural users as disproportionately exposed to UPI scams, and finds both overconfident and underconfident users at heightened risk, a useful complication of the standard “low digital literacy equals vulnerability” framing.

What I Am Watching

• The next round of OFAC and FinCEN actions on Iranian shadow banking, particularly any secondary sanctions on non-US financial institutions and digital asset service providers.
• Whether Andriy Yermak’s money laundering prosecution survives political pressure, and what NABU and SAPO do next on connected procurement cases.
• Operationalisation of the FCA’s national security framing, particularly how it reshapes information sharing with NCA, the Online Crime Centre and intelligence services.
• AMLA’s public hearings on draft Implementing Technical Standards for FIU cooperation on 27 May, which will set the cross-border information-sharing baseline for the new EU supervisory architecture.
• Whether Operation Ramz is repeated with broader MENA participation and what specifically happens to phishing-as-a-service operators identified but not yet arrested.
• Treasury’s forthcoming Customer Identification Programme rulemaking under the GENIUS Act, which will define the AML/CFT perimeter for permitted payment stablecoin issuers.