This week sharpened a tension that has been building all year. Enforcement is now operating at industrial cadence – the US Department of Justice’s Fraud Division has, for the second time in a matter of weeks, posted roughly a billion dollars in coordinated actions, and the SEC has charged twenty-one individuals in a single decade-long insider trading scheme. At the same time, institutional vulnerability has become impossible to ignore. HSBC took a $400 million “fraud-related” hit on UK private credit exposure. The US Treasury published its 2026 National Money Laundering Risk Assessment, which reads less like a threat list and more like an inventory of the structural surfaces that organised criminal economies now exploit. And a senior anti-financial-crime officer at ABN AMRO publicly told a European conference that bank-led scam prevention is “futile” without platform cooperation. The pattern across the week is consistent: the state can deliver enforcement at scale, but the institutions through which value moves, banks, platforms, and professional services firms, are still generating new attack surfaces faster than enforcement can absorb them. That is a structural problem, not a capacity one.

DOJ Fraud Division posts second ~$1 billion enforcement scorecard

The DOJ’s Fraud Division announced enforcement actions representing nearly $1 billion across the country this week. The headline cases span healthcare, public benefits, education and construction: a former NFL player sentenced to more than 16 years for a $200 million Medicare and VA fraud; sentences of 151 months and 36 months handed down in a $522 million genetic testing fraud; a $59 million Pennsylvania public benefits fraud; a $16 million Michigan student loan scheme; and a $148 million Florida construction payroll and IRS scheme. This is the second comparable scorecard in a short window, suggesting the Fraud Division is deliberately publishing on a cadence rather than waiting for end-of-quarter aggregation.

The cadence matters more than any individual case. Read through a situational crime prevention lens, regular, visible enforcement output increases the perceived certainty of being caught, which is the variable in rational choice models that most reliably suppresses offending, far more than severity of punishment. The Fraud Division appears to be using the publication itself as a deterrence instrument. The risk is displacement: the cases announced are concentrated in well-mapped sectors (federal healthcare programmes, federally backed loans, contractor payrolls) where data infrastructure makes detection tractable. Offenders capable of pricing risk will move toward sectors with thinner data, private credit, opaque corporate structures, cross-border invoicing, which is precisely where the next story sits.

HSBC takes a $400 million “fraud-related” hit on UK private credit

HSBC has absorbed a roughly $400 million charge connected to the collapse of UK mortgage lender Market Financial Solutions, in a hit the bank has described as “fraud-related” and disclosed in its latest quarterly numbers. AML Intelligence reported the loss as a surprise to the market, and HSBC Chairman Brendan Nelson told Bloomberg the bank had conducted a “thorough review” and was updating its risk appetite. Industry commentary by Comsure Group frames the loss as a UK private credit and securitisation exposure – that is, structured lending against UK property loans rather than retail mortgage fraud.

This is the most analytically important story of the week because it sits at the boundary between fraud loss and systemic vulnerability. Private credit and securitisation are precisely the sectors I flagged above as likely displacement targets — they generate value through opacity, valuation discretion, and bilateral arrangements that escape the transactional surveillance routinely applied to retail and corporate banking. The “fraud-related” framing is doing a great deal of work in HSBC’s disclosure: it externalises the problem to a counterparty failure, rather than treating it as a control failure inside a bank that knowingly took exposure to a thin-data, valuation-sensitive instrument. From a routine activity perspective, the suitable target (HSBC capital), the motivated offenders (originators with valuation discretion), and the absence of capable guardians (private credit oversight is materially weaker than bank prudential oversight) were all present. The interesting question is not whether MFS committed fraud — it is why HSBC’s risk appetite permitted the exposure in the first place.

SEC charges 21 in decade-long insider trading scheme sourced from global law firms

The SEC has charged twenty-one individuals in what it describes as a wide-reaching insider trading scheme that allegedly ran for roughly a decade. Material non-public information was misappropriated from multiple major global law firms and traded on by a network of associates; the civil case was filed in the District of Massachusetts and is accompanied by parallel DOJ criminal charges.

A twenty-one-person ring that operated for a decade is, by definition, not a story about one rogue actor – it is an example of differential association: insider trading was learned, transmitted, and normalised within professional networks whose members shared the techniques, the rationalisations and the channels for converting tips into trades. The law firm setting also exemplifies trust exploitation: the information had value precisely because clients trusted these firms with confidential transactional data. From a control standpoint, the scheme reveals the limits of internal compliance regimes at professional services firms – confidentiality undertakings and ethics walls did not detect a decade of leakage. Detection ultimately came through external market surveillance, which suggests that for white-collar offending embedded inside trusted intermediaries, the binding constraint is not behavioural norms but trade-level pattern analysis.

Treasury publishes the 2026 National Money Laundering Risk Assessment

The US Treasury has released its 2026 National Money Laundering Risk Assessment, the fifth iteration of the document and the first to cover the January 2024 to December 2025 assessment period. The top threats identified are fraud, drug trafficking, cybercrime, human trafficking, corruption, and tariff and trade evasion. The assessment names North Korea, Iran and Russia as primary state-actor concerns and flags China’s growing role in sanctions evasion. It explicitly identifies AI exploitation and encrypted communications as enabling vectors. Analytical commentary by Orrick and Thompson Hine frames the assessment as signalling materially expanding institutional exposure.

What is significant is not the list of threats but the typology shift. Earlier risk assessments treated AI and encryption as horizon issues; the 2026 NMLRA treats them as embedded operational features of the threat environment. This is consistent with a routine activity update in which the offender’s “tools of trade” have moved from accessory to constitutive – synthetic identity, voice cloning, and end-to-end encrypted coordination are now part of the baseline offending toolkit. The naming of tariff and trade evasion alongside drugs and human trafficking is also notable: it reflects the politicisation of money laundering risk in a tariff-heavy policy environment and creates an enforcement surface where economic statecraft and financial crime regulation overlap. Practitioners should expect trade-based money laundering examinations to intensify.

ABN AMRO: bank scam crackdowns are “futile” without social media giants

At the European Anti-Financial Crime Summit, Jaap Van der Molen, head of anti-financial crime at ABN AMRO, told delegates that bank-led scam prevention is “futile” without buy-in from social media platforms. The remarks reflect a sharpening industry view that the harm is generated upstream of the payments system.

This is the clearest articulation yet from a major European bank that the burden of scam prevention has been misallocated. Under routine activity theory, payment rails are the moment of harm crystallisation, but the offender-victim convergence happens on platforms – through advertising, search results, marketplaces, and direct messaging. Banks can act as last-line capable guardians, but a guardian placed at the end of the harm pathway cannot displace offending; it can only price the losses. The political question this raises is the allocation of the duty of care. UK and EU policy is moving in this direction, the SCAM Act in the US, the Online Crime Centre in the UK, FCA finfluencer takedowns, but the structural argument from an ABN AMRO platform is significant: industry is now publicly contesting the equilibrium in which platforms host the harm, and banks absorb the loss.

Clifford Chance: UK 2026 enforcement is fewer cases, higher stakes

The Clifford Chance Financial Crime Enforcement: Key Issues to Watch in the UK 2026 report confirms a directional shift at both the Serious Fraud Office and the Financial Conduct Authority toward fewer, higher-impact prosecutions and away from volume enforcement. The report flags the Ethical Forestry directors’ guilty pleas in a Costa Rica forestry fraud case, with sentencing expected in May 2026, and notes the corporate compliance guidance published in November 2025 as a material shift in expected control standards.

The “fewer, bigger” prosecution model is a deterrence bet – the assumption being that a small number of high-profile convictions raises perceived certainty enough to displace offending. The risk is that, in the gap between cases, the signalling decay is significant: a marquee SFO prosecution every eighteen months is a weaker behavioural intervention than the DOJ Fraud Division’s weekly rhythm. The compensating mechanism in the UK is corporate compliance guidance, which moves enforcement leverage into the supervision relationship rather than the courtroom. This is a defensible model, but it places enormous weight on supervisor capability and on the willingness of senior accounting officers and money laundering reporting officers to escalate internally.

FCA 2026 fines pass £16 million; Dinosaur Merchant Bank fined for market abuse

The FCA’s 2026 fines table now shows £16,087,723 in penalties imposed year-to-date, with Dinosaur Merchant Bank receiving a £338,000 fine for a Market Abuse Regulation breach. The aggregate is modest compared with US enforcement totals.

The FCA total, sitting at around £16 million year-to-date, is what the DOJ Fraud Division is now delivering roughly twice a month. The disparity is partly structural, different remits, different sanction architectures, but it is also strategic. The FCA is leaning more heavily on its supervisory tooling than its punitive tooling, in line with the Clifford Chance reading above. The Dinosaur Merchant Bank action is a useful reminder that market abuse remains a live enforcement priority: smaller penalties, but targeted at the trading desk control failures that, left unchecked, become twenty-one-defendant insider rings.

New Research Worth Reading

• Asiama, B. K. (2026), Pathways of Intention: Narratives of Future Withdrawal from Cyber Fraud Among Ghanaian Youth, in the Journal of Developmental and Life-Course Criminology. A qualitative study reframing online fraud offenders as actors with structured desistance trajectories rather than static deviants. Aligns with desistance literature and complicates pure deterrence framings.
• Garkavaya, V. et al. (2026), AI as a Tool for Preventing Economic Crimes, in Economic and Industrial Updates. Synthesises supervisory technology (suptech) applications. A useful counterweight to AI-as-threat framings now dominant in policy documents like the NMLRA.
• Kashyap, V., Priyanka & Gupta, S. (2026), Do cyber fraud experiences matter? An exploration of customer satisfaction and continuance intention in FinTech, in the Journal of Financial Crime. Finds that fraud exposure does not moderate the satisfaction–continuance relationship. The implication, that consumers normalise fraud risk rather than exit the platform, has significant policy consequences for any framework that relies on user choice to discipline operators.
• Lyanawati et al. (2026), Miscarriage of Justice in Corporate Fraud Cases: The Herlambang Gold Transaction in Indonesia, in the Indonesian Journal of Jurisprudence. A case study in how high-profile corporate fraud prosecutions can over-extend in the absence of clear evidentiary frameworks. Relevant to the UK’s “fewer, bigger” enforcement model.

What I Am Watching

• The next DOJ Fraud Division scorecard – whether the roughly $1 billion cadence becomes the new baseline.
• Disclosure of which private credit and securitisation positions in HSBC’s UK book are being repriced and whether other UK lenders take similar marks.
• The DOJ criminal case running parallel to the SEC’s twenty-one-defendant insider trading action, and whether the indictment names the law firms whose information was misappropriated.
• Implementation guidance accompanying the 2026 NMLRA, particularly on trade-based money laundering and tariff evasion typologies.
• Whether other major European banks publicly echo ABN AMRO’s argument on platform responsibility, and whether the EU Commission picks up the framing.
• Sentencing in the Ethical Forestry case and any further SFO indictments under the corporate compliance guidance regime.