This week’s pattern was one of enforcement against the human and digital infrastructure of industrial-scale fraud. OFAC sanctioned Nobitex and three other Iranian digital asset exchanges, severing, at least at the secondary-sanctions level, the rails Iran has built to evade financial isolation. The DOJ’s Scam Centre Strike Force ran its first cross-industry “Disruption Week” against Southeast Asian scam compounds, with Apple, Google, Meta, Microsoft and Coinbase voluntarily disabling 1.4 million accounts and freezing $3.8 million in crypto. Amnesty International published a 150-page report concluding Cambodia’s high-profile crackdown on scam compounds has failed in almost every meaningful respect. The FCA released the findings of its review of 150 firms’ sanctions controls – material improvement since 2022, persistent and consequential gaps. The European AMLA opened consultation on the ongoing monitoring obligation under Article 26(5) of the AML Regulation, and the FinCEN AML/CFT programme rule comment period closes today. Europol’s Operation KRATOS 2 dismantled nine organised crime groups behind illegal streaming. And FinCEN, with the federal banking agencies, issued a joint advisory recasting the unlawful-employment risk surface in BSA terms. Read together, the week is a reminder that the operational substrate of financial crime, exchanges, accounts, infrastructure, controls, monitoring guidance, is now the dominant arena of contestation. The discrete victim case has been displaced by the platform, the perimeter and the rulebook.

1. OFAC designates Nobitex and three Iranian crypto exchanges

The US Department of the Treasury designated Nobitex, Iran’s largest digital asset exchange, along with Wallex, Bitpin and Ramzinex on 2 June, together with Nobitex’s chairman, two co-founders and its current CEO. The action proceeds under Executive Order 13902 (Iranian financial sector) and Executive Order 13224 (counter-terrorism). Chainalysis analysis confirms Nobitex’s designation under counter-terrorism authorities for facilitating widespread sanctions evasion, including ties to the IRGC. Elliptic notes the SDN listing triggers secondary sanctions on non-US persons and foreign financial institutions, and that stablecoin issuers and offshore exchanges now have clear legal grounds to freeze related assets. OFAC’s published FAQs confirm Iranian digital asset exchanges are blocked as Iranian financial institutions under E.O. 13902.

This is the most consequential extension of US digital asset sanctions enforcement since the Garantex and Bitzlato actions, and it operationalises a doctrinal point that has been latent in the sanctions architecture for several years: a domestic crypto exchange that serves as an arms-length payment rail for a state sanctioned for terrorism financing is not, structurally, a different category from a designated bank. Under a capable guardianship frame, the action’s value is in the secondary-sanctions exposure it creates for foreign VASPs and stablecoin issuers – converting the entire downstream ecosystem of foreign exchanges, custodians and on/off-ramps into an extended enforcement perimeter without OFAC having to designate each one individually. The structural test, as ever, is displacement. Iranian users and counterparties will migrate. The question is whether the friction OFAC has now imposed on the remaining alternatives is high enough, sustained for long enough, to compress the operational utility of the workaround channels, and whether US partners follow with parallel listings.

2. DOJ Scam Center Strike Force runs cross-industry “Disruption Week”

The Department of Justice announced on 4 June the results of its first-of-its-kind “Disruption Week”, combining government and private-sector action against scam compounds operating in Southeast Asia. Reporting from The Hacker News details the operational results: more than 1.4 million social media, email and Starlink accounts disrupted by Apple, Coinbase, Google, Meta, Microsoft, Silent Push, SpaceX/Starlink, TRM Labs and Zenlayer; over $3.8 million in cryptocurrency voluntarily frozen by private-sector partners; servers, colocation environments and hosting infrastructure decommissioned; and seven arrests in Thailand alongside new cases opened by the Royal Thai Police Anti-Cyber Scam Center. The Strike Force was launched in November 2025 to address Chinese organised crime syndicates running cryptocurrency investment fraud, pig-butchering, human trafficking and money laundering from Southeast Asian compounds.

This is a clear articulation of guardianship at the layer on which the offending actually depends on. Scam compound operators cannot easily substitute for Meta-scale social platforms, Google-scale email, Microsoft-scale productivity infrastructure, Starlink-scale connectivity or US-licensed cryptocurrency rails. By bringing the platforms and the rails into a coordinated operational tempo with the Strike Force, DOJ has constructed, at least episodically, exactly the layered guardian that routine activity theory identifies as necessary to suppress offending in an environment that cannot be policed by jurisdictional law enforcement alone. The criminologically important point is that Disruption Week was voluntary. The legal architecture supporting it is fragmentary; the operational rhythm depends on the platforms’ willingness to participate. That dependency is the regime’s central vulnerability. Whether the next Disruption Week is held, and whether the same private-sector partners participate at the same intensity, will tell us whether this becomes a sustained capability or a one-off.

3. Amnesty: Cambodia’s scam compound crackdown has failed

Amnesty International published Falling Through the Cracks on 8 June, a 150-page report assessing the effectiveness of Cambodia’s high-profile crackdown on scamming compounds. The accompanying press release identifies 33 additional scamming compounds beyond the 53 documented in Amnesty’s 2025 report and includes testimony from 73 survivors from 16 countries held in compounds during the crackdown. Of 86 compounds identified, Amnesty found evidence of state intervention at only 24. None of the 73 survivors had been recognised as a victim of human trafficking by Cambodian authorities, despite Amnesty assessing that they all met the international definition. Four additional casinos submitted plans showing they owned buildings that were scamming compounds. Reporting by JURIST confirms the report’s conclusions on enforcement and victim protection.

This is selective enforcement as a stable equilibrium rather than a transitional state. Cambodia’s response to international and US pressure has been a high-visibility law enforcement performance overlaid on a substantially unchanged operational substrate. The architecture is intelligible: compound operators, casino owners, intermediaries, recruiters and local officials are embedded in a dense network of mutually reinforcing relationships in which the techniques, rationalisations and protection structures of compound operation are continuously transmitted. A crackdown that does not disrupt those associations, that, on Amnesty’s evidence, leaves more than two-thirds of identified compounds operational and fails to recognise any of 73 interviewed survivors as trafficking victims, does not break the differential. It merely demonstrates to the network that periodic visible action is the cost of doing business. The structural implication for international partners is uncomfortable: the Scam Center Strike Force’s voluntary, infrastructure-layer approach is now, on the evidence, more operationally consequential than the host state’s enforcement.

4. FCA publishes findings on firms’ sanctions systems and controls

The Financial Conduct Authority published its review of 150 authorised firms’ sanctions systems and controls on 28 May, concluding that while firms have materially improved since the 2022 baseline, significant gaps remain that continue to drive sanctions breaches. Analysis from WilmerHale sets out the principal findings: enterprise-wide risk assessments insufficiently revisited to reflect geopolitical exposure beyond Russia; controls effectiveness inadequately tested; poor screening calibration with both false-positive overload and missed hits; outdated lists, feed delays and large alert backlogs; weak SMF ownership of sanctions risk and inadequate management information; insufficient trade sanctions capability at firms with relevant exposure; over-reliance on group and third-party screening systems without independent challenge; and inadequate stress-testing of incident response and reporting processes to FCA, OFSI and OTSI.

The review is, on its face, a familiar inventory of sanctions-control weaknesses. Its structural significance is in the explicit framing that sanctions risk has decoupled from the Russia attack surface. Firms that built out their controls in 2022 against a Russian sanctions baseline have, on the FCA’s findings, not consistently reconfigured for the more diffuse perimeter now characterising Iran, the Middle East, scam-compound networks and crypto-linked counterparties. Under trust exploitation, the predictable consequence is that the residual controls weaknesses now sit precisely at the exposure surfaces where determined evaders are concentrating their effort. The FCA’s signalling, explicitly raising the prospect of deep-dive supervisory engagement with evidence of remediation, should be read by SMFs as setting up enforcement action against firms whose 2026 controls remediation does not credibly evidence movement past the 2022 baseline.

5. AMLA consults on ongoing monitoring of business relationships

The European Anti-Money Laundering Authority published a consultation paper on 3 June on draft guidelines on ongoing monitoring of business relationships under Article 26(5) of the AML Regulation. The draft guidelines set out AMLA’s expectations on keeping customer documents, data and information up to date and on how relevant firms should design, implement and test monitoring frameworks to detect unusual or suspicious transactions and activities. The consultation runs until 3 September 2026, with the final guidelines expected in Q4 2026. The same week, AMLA’s separate consultation on draft Regulatory Technical Standards on pecuniary sanctions, administrative measures and periodic penalty payments that closed earlier in the spring continues to crystallise. Jones Day’s analysis of AMLA’s sanctioning powers sets out the three-tier enforcement toolkit (administrative measures, pecuniary sanctions of up to €10 million or 10% of annual turnover, periodic penalty payments) and the procedural protections, with draft RTS expected to be submitted to the European Commission by 10 July 2026.

Ongoing monitoring is the AML obligation that, in practice, most frequently fails. Periodic refresh cycles produce technically compliant CDD files that are operationally stale at the moment of an actual suspicious-transaction event. AMLA’s draft guidance is significant because it shifts the baseline from periodic refresh to event-triggered update, with explicit expectations on the design and testing of monitoring frameworks. If we consider this a form of situational crime prevention, this is the right structural move: it closes the window in which the offender can rely on a controlled-counterparty environment that no longer corresponds to the operational reality of the relationship. Combined with the prospective sanctioning regime of pecuniary penalties up to 10% of turnover for serious or systematic breaches, AMLA is constructing a supervisory architecture whose deterrent value lies in the interaction of obligation design and consequence weight, rather than in either alone.

6. FinCEN AML/CFT programme rule comment period closes today

The FinCEN Notice of Proposed Rulemaking to fundamentally reform AML/CFT programmes closes its public comment period today, 9 June. Analysis from Corporate Compliance Insights emphasises the rule’s shift toward outcomes-based effectiveness and the move from periodic review of risk assessment processes to ongoing review triggered by material changes. Foundation for Defense of Democracies analysis published this week sets out the policy stakes for the final-rule process to come.

We covered the doctrinal architecture of this rule in Lab Report #8. The point to surface this week is the comment-process posture. The volume and character of submissions in the closing days of the comment window, particularly from community banks, broker-dealers, money services businesses and the trade associations representing them, will materially shape the final rule. A consequential design risk identified by practitioners is the 30-day FinCEN-banking-agency consultation gate before federal banking agencies can take significant supervisory action. In a future administration with a more aggressive enforcement posture, this notice-and-consultation gate is a meaningful procedural brake. The interpretive question for the final rule is whether FinCEN tightens the consultation framework to preserve federal-banking-agency operational latitude, or whether it consolidates the supervisory primacy implied in the NPRM. Worth watching closely between now and the final-rule publication.

7. Europol’s Operation KRATOS 2 dismantles streaming piracy networks

Europol announced on 3 June the results of Operation KRATOS 2, a seven-month operation coordinated by Bulgaria with Europol’s support, targeting the criminal infrastructure behind illegal streaming. The operation ran from September 2025 to April 2026 and resulted in 29 arrests, 148 house searches, 9 organised crime groups dismantled, 59 cases referred to judicial authorities, 27,332 URLs removed and 722,961 infringing objects identified. CyberScoop’s coverage emphasises that the operation targeted the wider criminal ecosystem supporting the streaming services, including 18,331 IP addresses tied to illegal services and 4,370 new domains linked to piracy, with private-sector partners (AAPA, ACE/MPA, LALIGA, UEFA, Friend MTS, beIN Media Group, Irdeto) supplying intelligence used to identify and disrupt the underlying infrastructure.

Streaming piracy is not, in the popular framing, a financial crime story. It is, operationally, exactly the same architecture. The relevant offending units are crime-as-a-service infrastructure providers: hosting, domain administration, payment processing, customer support, and technical operation. The criminologically interesting feature of KRATOS 2 is its explicit target prioritisation of the wider criminal ecosystem rather than the customer-facing streaming front-ends. This is operationally consistent with the IOCTA 2026 service-economy framing and with the First VPN takedown covered in Lab Report #8. The implication for AML supervisors is that the laundering layer downstream of streaming piracy, typically operating through low-friction payment processors and cryptocurrency on/off-ramps, is now visible in a way that creates investigative leads for cross-border FIU exchange. AMLA’s incoming FIU-to-FIU ITS will be tested on whether intelligence from operations like KRATOS 2 actually moves at operational latency across the new architecture.

8. FinCEN and federal banking agencies issue joint advisory on unlawful employment

FinCEN, with the FDIC, OCC and NCUA, and in coordination with the IRS, issued a joint advisory on 5 June on suspicious activity associated with the unlawful employment of non-work authorised populations. The advisory itself sets out red flag indicators connecting illegal employment to broader money laundering networks, transnational criminal organisations, drug trafficking and human trafficking, and requests SAR filings reference the key term “FINANCIALINTEGRITY-2026-A002”. The advisory aligns the supervisory direction with the January 2026 Minnesota benefits-fraud geographic targeting order and the FinCEN March health care fraud advisory referenced in Lab Report #8.

The advisory is significant as a supervisory instrument: it explicitly extends the BSA red-flag architecture to a category of activity that has historically sat outside the AML programme rule. From a capable guardianship perspective, framing employment-status compliance through the BSA SAR regime constructs an additional reporting surface, and a meaningful one, given the volume of small-cash deposits and payroll structures involved. The harder question, which any analytical reading of this instrument must engage, is the unintended consequence surface. Vulnerable populations who are both victims of labour exploitation and proximate to the suspicious-activity indicators the advisory describes may, under operational supervision, end up disproportionately captured by SAR filings that surface them to enforcement before any predicate offence is established. That is exactly the trade-off Maguire and Demetis examined in their Journal of Financial Crime article cited in Lab Report #8. The structural test of this advisory is whether the SAR architecture is operationalised toward the employer networks the advisory explicitly names, or whether the practical incidence falls disproportionately on the worker side of the relationship. That is the empirical question to which compliance and policy actors should now attend.

New Research Worth Reading

• Pal Singh, A., Bansal, N., Sengupta, S., Sanyal, S. and Sandeep Reddy, B. (2025), Cyber Slavery Infrastructures: A Socio-Technical Study of Forced Criminality and Trafficking in Cybercrime. A hybrid qualitative-computational study introducing a five-tier victimisation framework – from deceptive employment fraud through trafficking, forced criminality, multi-level victimisation and trace-based misattribution prosecution. Directly relevant to the Amnesty Cambodia findings and to the broader policy question of how the forensic and legal architecture should distinguish coerced from voluntary participation in cyber-enabled offending.
• Sack, J., ed. (2026), The Bulletin of the International Academy of Financial Crime Litigators, Sixth Issue. The “Women of the Academy” issue features articles examining US Foreign Terrorist Organisation designations of Brazilian criminal groups, the UK government’s Fraud Strategy, unexplained wealth and asset forfeiture in Ireland, and insider trading risks facing US Big Law firms. Useful operational reading alongside Lab Report #7’s UK Fraud Strategy coverage.
• Maglietta, M. and others (2026), The Unresolved KK Park Saga on Human Trafficking, Cyber Scams and Modern Slavery: Adapting the Non-Punishment Principle as a Solution, Indiana International & Comparative Law Review 36(1). Develops the non-punishment principle as applied to victims of forced criminality in Southeast Asian scam compounds – the legal-doctrinal counterpart to the cyber slavery framework above.
• Bjelajac, Ž. and Filipović, A. (2024), Ransomware: Why It’s Growing and How to Curb Its Growth, in Applied Cybersecurity & Internet Governance. Systematic review of the criminological and economic literature on ransomware ecosystem growth, framed through governance, ethical, legal and social implications. Useful theoretical grounding for the IOCTA 2026 service-economy account of cybercrime.

What I Am Watching

• The downstream secondary-sanctions response of foreign VASPs and stablecoin issuers to the OFAC Nobitex designation, and whether non-US exchanges proactively freeze related assets.
• The cadence and participant breadth of the next Scam Center Strike Force “Disruption Week”, and whether the operational rhythm with private-sector platforms is sustained or episodic.
• The Cambodian government’s response to the Amnesty Falling Through the Cracks report, particularly on victim identification and protection processes, ahead of any further US or UK sanctions action against compound-affiliated entities.
• The character of submissions to the FinCEN AML/CFT programme rule ahead of today’s comment-window close, particularly community-bank and trade-association positions on the 30-day banking-agency consultation framework.
• The volume and direction of FCA supervisory engagement with firms identified as having gaps in their sanctions controls, and whether the next public statement from the Authority signals enforcement action.
• The submissions to AMLA’s ongoing monitoring consultation ahead of the 3 September close, and how the draft RTS on pecuniary sanctions submitted to the Commission by 10 July intersect with the monitoring obligation in operational supervision.
• The practical incidence of SAR filings under the FinCEN joint advisory on non-work-authorised populations, and whether the operational pattern surfaces the employer networks the advisory explicitly identifies.