We blogged earlier this year about Attorney General Pam Bondi’s February 5, 2025 memorandum focusing the U.S. Department of Justice’s attention squarely on Mexican cartels, and about subsequent steps the Trump Administration has taken to follow through on that prioritization.  In the latest such effort, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has issued a Notice of Proposed Rulemaking (NPRM) pursuant to Section 311 of the USA PATRIOT Act, which would prohibit U.S. financial institutions from processing any transactions which involve any of ten specific Mexican casinos (referred to collectively in the NPRM as the “Gambling Establishments”).  The casinos in question, spread across four Mexican states, are owned by three separate Mexican companies; however, FinCEN states in the NPRM it “assesses that the Gambling Establishments are ultimately controlled by a criminal group with a longstanding and transactional financial relationship in which the Gambling Establishments facilitate money laundering for the benefit of the Cartel de Sinaloa (Sinaloa Cartel)” – a drug trafficking organization which President Trump designated as a terrorist group on the first day of his second term, and which the Drug Enforcement Administration (DEA), in its 2024 National Drug Threat Assessment, characterized as being one of two cartels “at the heart” of the U.S. synthetic opioid crisis.

In the NPRM, FinCEN declares that “reasonable grounds exist for concluding that transactions involving the Gambling Establishments are of primary money laundering concern” after considering certain relevant factors – that the casinos allegedly make monthly disbursements to the Sinaloa Cartel, as well as additional illicit payments to senior cartel members carefully arranged (in amounts and timing) “to prevent documentable connections” between the casinos; and that the money laundering allegedly facilitated by the casinos benefits the Sinaloa Cartel, which is (as framed in the NPRM) a major driver of the U.S. opioid crisis – thus constituting, in the words of the NPRM “a significant threat to U.S. national security.”

The “meat” of the NPRM is Section 1010.665(b) of the proposed rule, imposing a “special measure” to combat the instant problem. Section (b)(1) would impose a prohibition on covered financial institutions (e.g. banks, securities brokers and dealers, and mutual funds) “opening or maintaining in the United States any correspondent account for or on behalf of a foreign banking institution if such correspondent account is used to process a transaction involving any of the Gambling Establishments.” Section (b)(2) would require that a covered financial institution go beyond basic due diligence when assessing its foreign financial institution clients, as it calls for “apply[ing] special due diligence to its correspondent accounts that is reasonably designed to guard against such accounts being used to process transactions involving the Gambling Establishments[,]” and specifies that such enhanced due diligence must include both sending written notice to foreign financial institution customers that they must not provide the casinos with access to their correspondent accounts and implementing screening mechanisms to identify correspondent account transactions involving the casinos.

FinCEN notes in the NPRM that various alternatives were considered to the blanket prohibition on the opening or maintaining of correspondent accounts, but that “[b]ecause of the nature, extent, and purpose of the obfuscation engaged in” by the casinos, any efforts to require additional information collection – e.g., reporting obligations, beneficial ownership identification, or enhanced know-your-customer (KYC) requirements – would ultimately be inadequate in addressing the paired goals of (a) protecting the U.S. financial system from risk and (b) impacting the Sinaloa Cartel’s ability to profit from its illicit activities.

The press release announcing the NPRM stated that it was being promulgated “in coordination with the Government of Mexico” – importantly for cross-border relations, as implementation of this rule may severely deplete willingness of U.S. financial institutions to do business with Mexico-based financial institutions and businesses in light of the heightened scrutiny required.

            If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. And please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

On November 4, 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated eight individuals and two entities for their involvement in laundering funds derived from illicit schemes originating in the Democratic People’s Republic of Korea (DPRK).  These activities included cybercrime operations and information technology (IT) worker fraud, both connected to revenue streams supporting North Korea’s nuclear weapons and ballistic missile programs.

North Korean Cybercrime, IT Worker Sanctions Evasion

The OFAC announcement identified cybercrime as a major mechanism for DPRK-affiliated actors to obtain funds outside legitimate financial channels.  Reports estimate that these actors have stolen over $3 billion—primarily in cryptocurrency—using, among other methods, advanced malware techniques and social engineering tactics.  OFAC’s November 4th announcement identified sanctioned individuals and financial entities pursuant to its authority under Executive Orders 13694 (as amended), 13810, as well as other relevant orders, for providing material assistance or support for illicit cyber activities, engaging in commercial conduct that generates revenue for the DPRK, and/or facilitating transactions involving the property or interests in property of designated entities.

Additionally, OFAC noted ongoing fraudulent activities involving North Korean IT workers operating abroad.  Despite prohibitions outlined in Paragraph 17 of United Nations Security Council Resolution 2375 against granting work authorizations to DPRK nationals absent UN approval, these individuals reportedly continue to earn income globally by obfuscating their identities when engaging with freelance platforms and employers.  According to the Multilateral Sanctions Monitoring Team report titled, “The DPRK’s Violation and Evasion of UN Sanctions Through Cyber and Information Technology Worker Activities,” at least a portion of the earnings generated by the IT teams are used in support of  DPRK objectives, including weapons development and production, domestic infrastructure projects, and the procurement of consumer goods.

Blocking Requirements and Financial Networks Targeted by OFAC Sanctions

Under the new sanctions, all property or interests in property belonging to the designated parties that are within the United States or under possession or control of U.S. persons are blocked and must be reported to OFAC.  Entities directly or indirectly owned (individually or collectively at least fifty percent) by one or more blocked persons also become subject to blocking requirements.  Unless specifically authorized by an OFAC license or exempted by regulation, transactions involving sanctioned individuals or entities are generally prohibited if conducted by U.S. persons or occur within, or transit through, the United States.

Financial institutions and other organizations may face secondary sanctions risk if they engage in certain transactions with sanctioned parties, including providing funds, goods, services (or receiving such contributions from those individuals or entities) even if not intentionally facilitating sanctionable conduct.

Among those recently designated by OFAC are key North Korean financial institutions along with several senior representatives. These include:

  • Jang Kuk Chol and Ho Jong Son, bankers at U.S.-designated First Credit Bank, managed funds, including $5.3 million in cryptocurrency, on behalf of the designated institution;
  • Korea Mangyongdae Computer Technology Company along with its current president U Yong Su, organizing IT worker delegations to China and employing Chinese nationals as banking proxies;
  • Ho Yong Chol facilitated $2.5 million transfer in U.S. dollars (USD) and Chinese yuan (CNY) on behalf of the U.S.-designated Korea Daesong Bank;
  • Han Hong Gil, employee at U.S.-designated Koryo Commercial Bank, facilitated $630,000 in transactions on behalf of U.S.-designated Ryugyong Commercial Bank;
  • U.S.-designated Foreign Trade Bank (FTB) chief representative Jong Sung Hyok;
  • Ri Jin Hyok, also a representative of FTB, facilitated transactions worth over $350,000 in USD, CNY, and euros through a front company;
  • Choe Chun Pom, official at U.S.-designated Central Bank of DPRK, facilitated transactions worth over $200,000; and
  • Ryujong Credit Bank engaged in sanctions evasion activities, including remitting North Korea’s foreign currency earnings, money laundering, and conducting financial transactions for overseas North Korean workers.

These designations illustrate methods employed by DPRK-linked networks such as deploying front companies abroad, leveraging international proxies for banking activity intended to obscure transaction originators/beneficiaries, moving earnings from overseas IT workforces into state channels via complex cross-jurisdictional arrangements, as well as utilizing digital assets for sanctions evasion purposes.

Compliance Implications for Financial Institutions and AML Practices

For industry practitioners focused on anti-money laundering compliance, including banks and fintech providers, this regulatory action highlights continued expectations regarding enhanced due diligence practices around high-risk geographies and typologies associated with state-sponsored illicit finance activity.  Monitoring customer onboarding processes for indicators like frequent use of freelance hiring platforms under suspicious circumstances is among several areas cited by authorities where vigilance is warranted given current trends.

In summary: The November 2025 designations reflect evolving approaches used in DPRK-related money laundering schemes across digital asset ecosystems and traditional financial systems alike.  Regulatory compliance teams should evaluate existing frameworks governing exposure risk assessment relative to updated guidance while ensuring processes align with current reporting/blocking obligations where applicable under U.S., UN-sanctioned measures, or similar regimes implemented elsewhere internationally.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

On November 6, 2025. Keonne Rodriguez, the co-founder of the cryptocurrency mixer Samourai Wallet, was sentenced for to 60 months in federal prison for the crime of conspiring to operate an unlicensed money-transmitting business in violation of 18 U.S.C § 371. The two-count indictment, filed on February 14, 2024, alleged that Defendants Rodriguez and William Lonergan Hill developed, marketed, and operated a cryptocurrency mixing service know as Samourai Wallet, an unlicensed money transmitting business that earned millions of dollars by laundering over $100 million dollars of crime proceeds originating from illegal dark web markets.

Defendant Rodriquez pled guilty to Count II (Conspiracy to Operate a Money transmitting Business) on July 29, 2025. The next day, Defendant Hill plead guilty to Count II. The defendants both entered to preliminary orders of forfeiture and money judgment to forfeit $237,832,360.55 (representing the amount of property involved in Count II of the indictment) and make a payment to the United States in the amount of $6,367,139.69 before the sentencing date. Count I (Conspiracy to Commit Money Laundering) was dismissed as a part of the plea deals.

At the sentencing, Defendant Rodriguez’s right, title and interest in $6,367,139.69 in U.S. currency, samouraiwallet.com and Samourai Wallet Google Play Application was forfeited to the United States. In addition to the 60 months prison sentence, the Court fined Defendant Rodriquez $250,000. Defendant Hill is scheduled to be sentenced on November 19, 2025.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

On October 23, 2025, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) issued a Financial Trend Analysis (“FTA”), identifying $9 billion of potential Iranian shadow banking activity in 2024, based on reporting from U.S. financial institutions. Treasury issues FTAs periodically with threat pattern and trend information derived from Bank Secrecy Act (BSA) filings, pursuant to section 6206 of the Anti-Money Laundering Act of 2020 (AMLA).

Background on Iranian Illicit Activity

The latest FTA expands on information in a June 6 FinCEN Advisory, which urged U.S. financial institutions to be vigilant in detecting the Iranian regime’s illicit activities and attempts to exploit the U.S. financial system. Replacing FinCEN’s 2018 Advisory on the Iranian regime’s illicit activities, the June Advisory provided updated red flags and current trends and typologies for Iranian sanctions evasion, oil smuggling, shadow banking networks, and weapons procurement, to assist financial institutions in identifying, preventing, and reporting suspicious activity connected with Iranian illicit financial activity.

The Advisory and recent FTA, which elaborates on how Iran evades sanctions and generates illicit revenue to support nuclear weapons, ballistic missile, and unmanned aerial vehicle (UAV) programs, support the U.S. “maximum pressure campaign” against Iran announced earlier this year in a February 4 National Security Presidential Memorandum (“NSPM-2”).

Concurrent with the June 6 Advisory, Treasury’s Office of Foreign Assets Control (OFAC) designated more than 30 individuals and entities with ties to Iranian brothers Mansour, Nasser, and Fazlolah Zarringhalam, who laundered billions through the international financial system via Iranian exchange houses and foreign front companies under their control as part of Iran’s shadow banking network. The full list of designations made as part of June 6 sanctions action is available here. The June 6 action was the first round of sanctions targeting Iranian shadow banking infrastructure since the issuance of NSPM-2. It was taken pursuant to Executive Order (E.O.) 13902, imposing sanctions on additional sectors of the Iranian economy in January 2020.

The FTA

To develop the recent FTA, FinCEN analyzed BSA information, including Suspicious Activity Reports (SARs), from transactions in 2024 that financial institutions or FinCEN had connected to potential Iranian shadow banking activities. FinCEN restricted the dataset to transactions valued at least $500,000 and removed transactions that BSA data and open source information could not corroborate were linked to Iran. The final data set contained 2,027 transactions, totaling $9 billion in activity.

According to FinCEN, its analysis revealed many aspects of the complex financial and corporate infrastructure that Iran uses to sell sanctioned oil and petrochemicals on the international market, launder the proceeds, and procure export-controlled technology for Iran’s military and nuclear program. The analysis shed further light on how shadow banking networks operate, expanding on prior findings about how Iran’s Ministry of Defense and Armed Forces Logistics (MODAFL) and Islamic Revolutionary Guard Corps (IRGC) gain access to the international financial system, launder billions of dollars, and engage in revenue-generating activities such as sale of oil and petrochemicals. MODAFL was designated most recently in 2019 for assisting IRGC Qods Force (IRGC-QF), which was designated in 2007 for supporting multiple terrorist groups.

Based on the latest trend analysis, Iranian shadow banking networks operate across continents to connect Iranian front companies, including oil, shell, shipping, investment, and technology procurement companies, which transact billions of dollars amongst themselves and with other companies. Iranian shadow banking has a prominent presence in United Arab Emirates (UAE), Hong Kong, and Singapore. The Iranian regime relies on these networks, which also include exchange houses, to gain access to the U.S. dollar and U.S. financial system through U.S. correspondence accounts. This access allows Iran to export oil and other commodities, launder the proceeds, and generate funds to advance its military weapons programs and support terrorist groups.

FinCEN made several significant findings as part of its analysis. Here are the key takeaways:

  • Foreign shell companies appear to play the largest role in Iranian shadow banking activities. Likely shell companies—exhibiting multiple indicators of shell activity like no verifiable business activity, little internet presence, or use of a shared address—transacted approximately $5 billion in 2024. These companies sent $4.2 billion, mostly from China-based non-resident accounts (NRAs) operated by Hong Kong-based entities. Likely shell companies received $4.3 billion, which was mostly received by UAE-based shell companies.  
  • FinCEN found dozens of oil companies to be likely Iranian front companies, which transacted $4 billion in 2024, potentially for illicit oil sales. These were primarily based on UAE and Singapore.  
  • Potential technology procurement companies received funds from Iran-linked entities. Companies suspected of facilitating Iran’s procurement of export-controlled technology engaged in an estimated $413 million in transactions in 2024.
  • International shipping companies may have transported sanctioned Iranian oil. FinCEN found that dozens of shipping companies transacted approximately $707 million, potentially to transport sanctioned Iranian oil and petrochemicals. Most of these companies were based in Iraq, UAE, or Hong Kong.
  • Foreign investment companies potentially gave Iran access to international investment markets. Based on its analysis, FinCEN determined that UK and UAE investment companies transacted about $665 million, potentially to provide Iranian entities with access to international investment trading.
  • Iranian entities potentially exploited U.S. financial institutions. FinCEN found that the approximately $9 billion of shadow banking funds in 2024 passed though correspondent accounts maintained at U.S.-based financial institutions. FinCEN identified two foreign companies that transferred $534 million from U.S. bank accounts to Iran-linked entities. It also found that foreign companies, including Iran-linked entities, transacted $361 million using accounts with foreign branches of U.S.-based financial institutions and $174 million using accounts with foreign subsidiaries of U.S.-based financial institutions.
  • FinCEN also found that the UK and Switzerland financial systems are potentially vulnerable to Iranian shadow banking. It found UK-based companies transacted $540 million using accounts at UK- or Switzerland-based financial institutions, and that Switzerland-based companies transacted $115 million and foreign companies transacted $503 million using accounts at Switzerland-based financial institutions and Swiss branches of foreign financial institutions.

FinCEN’s analysis also provides case studies and infographics to illustrate its findings, and can be accessed online here: https://www.fincen.gov/system/files/2025-10/FTA-Iranian-Shadow-Banking.pdf.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

On October 15, 2025, the Financial Crimes Enforcement Network (FinCEN) issued a final rule under Section 311 of the USA PATRIOT Act that prohibits U.S. financial institutions from conducting business with the Cambodia-based Huione Group, a financial services conglomerate based in Phnom Penh, Cambodia.  Huione Group is the parent company of, or otherwise controls, several subsidiaries, affiliates, and components, including, but not limited to: Haowang Guarantee, Huione Pay PLC, and Huione Crypto.  The rule targets all these entities as Huione Group for laundering proceeds of virtual currency scams on behalf of malicious cyber actors, among other criminal wrongdoing.  The final rule can be found here: https://www.fincen.gov/news/news-releases/fincen-issues-final-rule-severing-huione-group-us-financial-system.

In addition, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed sweeping sanctions on 146 targets within the Prince Group Transnational Criminal Organization (Prince Group TCO), a Cambodia-based network led by Cambodian national Chen Zhi that operates a transnational criminal enterprise through online investment scams targeting Americans and others worldwide.  Prince Group TCO is composed of Cambodia-based Prince Holding Group, Chen Zhi, his close associates and business partners, and their core commercial interests, all of which operate in furtherance of Prince Group TCO’s criminal enterprise.  Treasury’s news release can be found here: https://home.treasury.gov/news/press-releases/sb0278.

FinCEN’s Key Findings and Final Rule

FinCEN found that Huione Group is a foreign financial institution of primary money laundering concern, and its final rule imposes a prohibition on covered financial institutions from opening or maintaining a correspondent account for, or on behalf of, Huione Group.

  • Prohibition: Covered financial institutions are prohibited from opening or maintaining correspondent accounts for, or on behalf of, the Huione Group.  Such institutions much take reasonable steps to not process a transaction for the correspondent account of a foreign banking institution in the United States if that transaction involves Huione Group.
  • Enhanced Due Diligence: Covered financial institutions must employ special due diligence to all foreign correspondent accounts to prevent those accounts being used to process transactions involving Huione Group and provide notice to such account holders regarding these prohibitions.
  • Effective date: The final rule is effective November 17, 2025. 

Detailed Grounds for Action

Huione Group served as a crucial hub for laundering billions of dollars from a variety of illegal activities.  These activities include: 

  • North Korean cybercrimes: Laundering proceeds from cybercrimes carried out by the Democratic People’s Republic of Korea (DPRK), including the Lazarus Group.
  • Transnational fraud: Processing hundreds of millions of dollars in illicit proceeds from transnational criminal organizations, particularly those in Southeast Asia.
  • “Pig butchering” scams: Laundering funds from virtual currency investment scams that targeting individuals across the world.
  • Online marketplace for crime: Operating an online marketplace that offered illegal financial services and tools for trafficking.

Huione Group combined its substantial participation in worldwide criminality with an absence of, or a highly ineffective, anti-money laundering program, along with recent changes that served to further obscure Huione Group’s involvement in illicit activity.

Broader United States Government Activity

The FinCEN rule is part of a broader, coordinated enforcement action by United States and United Kingdom authorities to combat large-scale criminal networks operating in Southeast Asia.

  • Prince Group sanctions: OFAC and the U.K. Foreign, Commonwealth, and Development Office announced sanctions against the Cambodia-based Prince Group, which is accused of running a criminal empire through online investment scams and scam compounds that rely on human trafficking and forced labor.
  • Criminal charges: The United States Attorney’s Office in the Eastern District of New York unsealed an indictment against Chen Zhi, the founder of the Prince Group, on charges of wire fraud and money laundering conspiracy. The Department of Justice’s press release on the indictment can be found here: https://www.justice.gov/opa/pr/chairman-prince-group-indicted-operating-cambodian-forced-labor-scam-compounds-engaged.
  • Largest-ever bitcoin seizure: As part of the action, the Department of Justice seized approximately $15 billion in bitcoin, alleged proceeds of Chen Zhi’s fraud schemes.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

On October 9, 2025, the Financial Crimes Enforcement Network (“FinCEN”) jointly issued updated Frequently Asked Questions (“FAQs”) with the Federal Reserve Board of Governors, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency, clarifying the circumstances under which financial institutions must file suspicious activity reports (“SARs”).

Background

            For decades, SARs have been a useful tool for law enforcement agencies to detect money laundering and counter the financing of terrorism. However, regulatory guidance regarding when and how financial institutions must file these reports has at times been unclear. Financial institutions often expended significant organizational resources meeting supervisory expectations or best practices from examination manuals, even where not strictly required by law. The FAQs seek to clarify and simplify what is required of financial institutions under the Bank Secrecy Act (“BSA”).

Recent regulatory updates indicate a shift in philosophy regarding SARs, emphasizing efficiency and effectiveness in suspicious activity reporting. FinCEN has signaled an intent to pivot away from blanket expectations that can lead to duplicative work and information overload for both financial institutions and law enforcement. This marks a notable departure from previous practices where compliance obligations often resulted in substantial resource expenditures with limited incremental value for investigators.

What Do These FAQs Say?

            FinCEN and its partners identify four key areas: structuring SARs; continuing activity reviews; timelines for continuing activity SARs; and documentation requirements, clarifying both legal standards and practical expectations within the SAR regulatory scheme.

  1. SAR Filings for Potential Structuring-related Activity

    FinCEN writes that financial institutions are not required to file SARs for a transaction or series thereof with a value at or near the $10,000 Currency Transaction Report (“CTR”) threshold solely because it meets that amount, unless there is knowledge or suspicion that such transactions are designed specifically “to evade BSA reporting requirements.” In absence of any knowledge, suspicion, or reason to suspect, a financial institution is not required to file SARs simply because a transaction is at or above the CTR threshold.

    Similarly, financial institutions must file a SAR only when they know, suspect, or have reason to suspect transactions aggregating $5,000 or more are designed specifically “to evade BSA reporting requirements” such as CTRs.

    The FAQ also addresses structuring – an unlawful attempt to evade CTR reporting requirements under 31 C.F.R. § 103.18. FinCEN regulations define structuring as “a person, acting alone, or in conjunction with, or on behalf of, other persons, conducting or attempting to conduct one or more transactions in currency, in any amount, at one or more financial institutions, on one or more days, in any manner, for the purpose of evading CTR reporting requirements.” This definition is inclusive of attempts to evade requirements by breaking sums of currency above the CTR threshold into smaller sums below the threshold. The FAQs make clear that financial institutions should operate and maintain anti-money laundering and CFT protocols to detect and report structuring. The FAQs reflect FinCEN’s intention that institutions focus their efforts on high-value information rather than routine filings based solely on transaction amounts.

        2. Continuing Activity Reviews

    The FAQs also address ongoing or continuing suspicious activity by a single customer or account. Prior FinCEN guidance suggested that financial institutions are expected or required to monitor whether suspicious activity is ongoing after a SAR has been filed. This guidance expressly states that financial institutions are not required to independently review a customer or account to evaluate whether suspicious activity continues after the filing of a SAR. Financial institutions can fulfill their SAR compliance obligations by relying on their standard policies and protocols for monitoring suspicious activity, and reporting it as appropriate, provided that those internal policies are reasonably designed to identify and report suspicious activity.

    FinCEN stated in a prior guidance that financial institutions should file SARs for continuing suspicious activity after a 90-day period, with a filing deadline of 120 calendar days following the filing of a previous, related SAR. This FAQ now clarifies that financial institutions are not required to do so.

    The revised FAQs address longstanding industry concerns about ongoing reviews of customer activity after initial SAR filings. Historically, examiners have interpreted prior advisories as requiring frequent re-evaluations of previously flagged accounts on a set timetable. The new FAQs clarify that separate, post-SAR investigations need not be conducted unless dictated by risk-based internal processes or relevant facts emerge during routine monitoring. This move encourages institutions to leverage their own protocols rather than defaulting to rigid mandates, potentially allowing compliance teams greater flexibility while still meeting regulatory expectations.

        3. Timing of Reports

    If a financial institution elects to file a continuing activity SAR in accordance with FinCEN’s continuing suspicious activity guidance, they should do so within 120 calendar days of the filing of an initial SAR. This provides financial institutions a 90-day period after the filing of an initial SAR to evaluate continuing suspicious activity, and a 30-day period to file the subsequent SAR if the institution detects ongoing suspicious activity. In such a case, the institution should mark the date range of suspicious activity to include the entire 90-day period immediately following the filing of an initial or most recent SAR, on Item 30 of the SAR form. If a financial institution elects further reporting due to continued suspicion, the revised timeline allows up to 150 calendar days following detection, providing additional flexibility compared with prior practice.

        4. SAR Documentation

    FinCEN clarifies that neither the BSA nor its implementing regulations require a financial institution to document a decision not to file a SAR. Prior FinCEN guidance had encouraged financial institutions to document such a decision, but there is no requirement for them to do so. If a financial institution chooses to document the decision not to file a SAR, a short, concise statement documenting the decision, consistent with internal policies and procedures, is likely sufficient, though institutions may consider additional documentation in complex investigations.

    Documentation standards surrounding decisions not-to-file have shifted from “best practice” recommendations toward an explicitly optional stance. For many years, documenting “no-file” determinations was encouraged, and became ingrained as best practice, but this has now been reframed as optional rather than required by law. Financial institutions are advised that concise recordkeeping aligned with their risk-based policies will generally suffice; extensive narrative explanations should be reserved for especially complex matters or when warranted by specific circumstances.

    Conclusions and Practical Steps

    The recently issued FAQs clarify supervisory expectations without changing existing legal or regulatory requirements for suspicious activity reporting. They respond to feedback from financial institutions while streamlining prior guidance. By clarifying ambiguous areas and prioritizing efficiency, regulators aim to align compliance efforts with national security priorities while minimizing unnecessary operational burdens for filers. Financial institutions should monitor how this new guidance is implemented during examinations, including any changes to supervisory manuals, and proactively adjust their reporting policies as needed to leverage efficiencies without compromising vigilance against illicit finance.

    If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

    On October 9, 2025, the Financial Crimes Enforcement Network (“FinCEN”) issued a renewal of its Geographic Targeting Order (“GTOs”), which require U.S. title insurance companies, including their subsidiaries and agents, to collect, retain, and report specified information regarding certain non-financed residential real estate transactions involving legal entities. The new GTO is effective from October 10, 2025 through February 28, 2026.

    Access the new GTO here.  Read FinCEN’s press release here.  Read FinCENs FAQs about the GTOs here.  This is a topic on which we previously have blogged extensively.

    Context and Regulatory Background

    The renewal of the GTOs follows FinCEN’s September 30, 2025 announcement postponing implementation of its forthcoming Anti-Money Laundering Regulations for Residential Real Estate Transfers Rule (“RRE Rule”) until March 1, 2026. During this interim period, FinCEN states that the GTOs are intended to maintain transparency in residential real estate markets considered at higher risk for misuse by illicit actors. According to FinCEN’s accompanying press release, these orders continue to provide data on property purchases by persons who may be involved in various unlawful activities.

    Scope of Coverage

    There are no changes in geographic or monetary thresholds compared with previous orders. Covered transactions must meet all of the following criteria:

    • The property is located within designated metropolitan areas or counties that include locations such as Los Angeles County, Miami-Dade County, Cook County, King County and Seattle, New York City boroughs, and others.
    • The purchase price meets or exceeds $300,000 in most covered jurisdictions; Baltimore City and County retains a lower threshold at $50,000.
    • The buyer is a “legal entity” defined as a corporation, limited liability company, partnership or similar business structure not listed on an SEC-regulated exchange.
    • The transaction does not involve external financing from regulated financial institutions subject to Bank Secrecy Act (“BSA”) anti-money laundering obligations.
    • Payment is made using currency or cash equivalents, including checks, money orders, wire transfers and funds transfers or virtual currency.

    Reporting Requirements

    Title insurance companies handling covered transactions must file a Currency Transaction Report with FinCEN within thirty days after closing. Required data includes:

    • Identity details for both:
      • The individual primarily responsible for representing the purchasing entity;
      • Each beneficial owner holding at least twenty-five percent equity interest; and
      • Government-issued identification documents must be collected/described.
    • Confirmation that buyer qualifies under relevant “legal entity” definitions;
    • Property address(es);
    • Date(s) of closing;
    • Total purchase price(s);
    • Method(s) used for payment; and
    • Reporting party details, including notation “REGTO1025” indicating this specific GTO filing.

    When multiple properties are included in one transaction, both total purchase price and per-property addresses and prices must be reported individually.

    Record Retention & Compliance

    The Order requires retention of all relevant records, including identity documents collected, for five years from expiration date. They must be accessible promptly upon request by regulators such as FinCEN.

    Responsibility for compliance extends throughout each covered organization to officers, directors employees and agents alike; covered businesses are required to notify relevant personnel including executive management about these obligations. Noncompliance may result in civil or criminal penalties regardless of intent.

    Key Definitions

    Some important definitions under this Order include: 

    • Beneficial Owner: Any individual directly or indirectly owning twenty-five percent or more equity interests in a purchasing legal entity; and
    • Legal Entity: Includes corporations, limited liability companies, and partnerships, formed domestically or abroad; excludes those publicly listed with Securities Exchange Commission regulation.

    No Modification to Broader BSA Obligations

    This GTO supplements, but does not modify, other existing responsibilities imposed by the BSA.

    As the real estate industry awaits broader anti-money laundering regulations, compliance with FinCEN’s renewed GTOs remains essential for title insurance companies and their agents. By continuing to collect and report detailed transaction data on non-financed purchases by legal entities, FinCEN proports that these measures aim to strengthen market transparency and deter criminal abuse of residential real estate. Staying informed on these developments will be critical as regulatory expectations evolve ahead of the RRE Rule’s full implementation in 2026.

    If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team. 

    On September 29, 2025, FinCEN issued a Notice and Request for Comment (the “Notice”) on a proposed information gathering exercise – A Survey of the Costs of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Compliance (the “Survey”).  Specifically, the Survey is intended to gather information on direct compliance costs incurred by non-bank financial institutions in AML/CFT compliance and, to the extent those costs overlap with other obligations, the amount directly attributable to AML/CFT compliance.

    The Notice is directed to specific categories of non-bank financial institutions: Casinos and Card Clubs; Money Services Businesses; Insurance Companies; Dealers in Precious Metals and Stones; Operators of Credit Card Systems; and Loan or Finance Companies. 

    In total, FinCEN estimates there will be 279,715 respondents falling into these categories, with the vast number – approximately 230,000 – being Money Services Businesses.  Given FinCEN’s assumption that the survey will take approximately 8 hours to complete, FinCEN estimates subject non-bank financial institutions to expend well north of 2 million hours providing the information sought.  While compliance with the survey will be voluntary, FinCEN notes that “information gathered will help assess the cumulative impact of AML/CFT regulations and may inform efforts to adjust regulatory obligations and advance deregulatory proposals consistent with the Executive Orders of the Trump administration.”  It also states that “the data may also support the development of deregulatory rulemakings or guidance to reduce compliance burden without compromising the effectiveness of current AML/CFT frameworks.”  And, FinCEN makes clear that no information submitted will be used for any supervisory or enforcement purposes.

    Plainly, and expressly, FinCEN is setting the stage for efforts to scale back non-bank financial institutions’ compliance obligations, seeking comment on: the practical utility of compliance obligations, whether assumptions concerning compliance time-costs are accurate, ways to add efficiencies to the compliance process, ways information technology or other automated techniques can reduce manpower expended on compliance.

    Comments will be accepted until December 1, 2025. 

    For ease of reference, we reproduce the proposed survey here:

    1. What was the total estimated direct cost in calendar year 2024 for your institution for compliance with all programs mandated by the BSA and its implementing regulations?
    2. Please specify which of the following areas your institution uses technological resources, including software, to assist with, as applicable:
      • customer identification and verification procedures;
      • identifying suspicious activity;
      • currency transaction reporting or reports relating to currency in excess of $10,000 received by a trade or business;
      • 314(a) information sharing
      • Office of Foreign Assets Control (OFAC) compliance
    3. Approximately what percentage of the total direct cost of AML/CFT compliance is attributable to the production of Suspicious Activity Reports (SARs), if applicable.  These direct costs include costs associated with AML/CFT staff reviewing alerts, maintaining a transaction monitoring system, and investigating cases arising from alerts, whether or not they lead to the production of a SAR, among other things.
    4. (OPTIONAL) If your institution is able to provide the following information without significant burden, please provide approximately what percentage of the total cost of AML/CFT compliance is directly attributable to, as applicable:
      • Customer identification and verification procedures;
      • Reporting requirements for suspicious activity reporting;
      • Reporting requirements for currency transaction reporting and exemptions or reports relating to currency in excess of $10,000 received by a trade or business;
      • Internal controls related to AML/CFT compliance program;
      • Independent testing for compliance by internal personnel or an outside party;
      • Training and staffing employees;
      • 314(a) information sharing;
      • Funds transfer record keeping;
      • Monetary instrument recordkeeping;
      • Special measures;
      • Software;
      • Additional financial institution-specific BSA recordkeeping obligations (e.g., monetary instrument logs, also known as negotiable instrument logs, for casinos; extension of credit, for casinos; additional records that dealers in foreign exchange must retain);
      • MSB registration;
      • Other third-party activities
    5. What approximate percentage of the total cost of AML/CFT compliance is attributable to complying with OFAC regulations?
    6. Does your institution conduct anti-financial crime activities or maintain systems designed to combat financial crime that are not directly required by the BSA or its implementing regulations?  Examples include additional customer due diligence programs or the development and operation of a Financial Intelligence Unit.  If so, what is the direct cost (not included in question 1) of these additional activities across all business lines of your institution in calendar year 2024.  Separately, approximately what percentage of your institution’s total operating expenses did these direct costs represent in calendar year 2024?
    7. Please provide any available date or narrative comments for your institution regarding the extent to which the non-BSA driven expenditures (i.e., the costs referenced in question (6)) generate a substantial portion of either the overall suspicious activity, and/or of national AML/CFT priorities related threat activity, that is described in SARs, if applicable.
    8. Please provide any available data or narrative comments on whether there are particular types of products, services, customers or delivery channels where AML/CFT-required monitoring, reviews or investigations that have generated limited useful information from your institution’s perspective.

    If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

    On August 28, 2025, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) released an advisory (FIN-2025-A003) alongside a comprehensive Financial Trend Analysis (“FTA”), shining a spotlight on one of today’s most significant illicit finance risks: the integration of Chinese Money Laundering Networks (“CMLNs”) into the operations of Mexico-based transnational criminal organizations, better known as cartels. This pairing not only illustrates an evolution in global money laundering typologies but also presents new compliance challenges for financial institutions and multinational businesses alike.

    The CMLN–Cartel Partnership

    FinCEN’s latest analysis highlights how two very different regulatory environments have fostered an unlikely alliance:

    1. Mexican cartels, flush with U.S.-dollar drug proceeds but restricted by Mexican currency controls that limit dollar deposits into local financial institutions (See related blog posts herehere and here.)
    2. Chinese nationals, facing strict capital controls at home that cap annual foreign currency conversions at $50,000 per person.

    These pressures have produced what FinCEN describes as “a mutualistic relationship”: CMLNs purchase dollars from cartels desperate to move cash out of reach; they then sell this cash to Chinese clients seeking ways around China’s capital controls, effectively weaving together criminal proceeds with ostensibly legitimate wealth migration.

    As professional money launderers operating globally, including within U.S. borders, CMLNs have become vital intermediaries capable of handling vast sums quickly while minimizing risk for their cartel clients by offering both speed and sophistication at scale.

    Mutual Interests

    This alliance operates on simple logic: Cartels need to move large volumes of cash out of Mexico without attracting law enforcement scrutiny or breaching currency controls. Chinese individuals want access to overseas dollars beyond China’s annual conversion limits for investments or personal spending abroad.

    CMLNs buy cash from cartel operatives at discounted rates, then sell this cash to Chinese clients seeking U.S. dollars outside formal channels, effectively blending criminal proceeds with legitimate wealth migration.

    By operating globally, including within U.S borders, CMLNs serve as professional intermediaries who can rapidly move millions while minimizing risk for their cartel partners through fast settlements and advanced tradecraft.

    Core Money Laundering Methods Used by CMLNs

    FinCEN identifies three primary money laundering methodologies employed by CMLNs in support of cartel operations:

    1. Mirror Transactions

    Mirror transactions are at the heart of CMLN operations:

    • These transactions resemble informal value transfer systems (“IVTS”), where one member receives illicit cash in one country while another delivers an equivalent value, often in pesos or yuan, to a recipient abroad.
    • A hypothetical example: A U.S.-based operator collects dollar proceeds from a cartel contact. Simultaneously, an associate pays pesos directly to cartel representatives in Mexico without physically moving funds via formal banks.
    • Increasingly, mirror transactions rely on convertible virtual currencies such as Bitcoin for swift settlement outside traditional banking channels. This system allows participants to evade detection by avoiding official remittance routes altogether, a key reason why these schemes continue thriving despite heightened regulatory scrutiny worldwide.

    2. Trade-Based Money Laundering

    Trade-Based Money Laundering (“TBML”) remains central within this threat landscape:

    • Illicit funds are used within the United States to purchase bulk quantities of high-value goods, such as smartphones or luxury handbags, which are exported through complicit companies based often in Hong Kong or Latin America.
    • Shell entities facilitate shipments overseas. These goods may be resold for local currency or serve directly as stores of wealth among Chinese buyers seeking alternatives to mainland investment restrictions. Layered export-import flows obscure both originators and ultimate beneficiaries across multiple jurisdictions. Frequently involved are “daigou” buyers, agents familiar throughout Chinese diaspora communities who use credit cards funded from laundered proceeds before shipping inventory home for resale on popular e-commerce platforms.

    3. Use and Exploitation of Money Mules

    Money mules play a crucial role:

    • Large-scale recruitment targets vulnerable populations, including students on temporary visas (especially those restricted from lawful employment), retirees with modest means but clean credentials, or anyone willing to participate for compensation. These individuals may knowingly accept small fees or be misled under false pretenses via social media connections.  Facilitators within  CMLN structures may provide counterfeit passports for opening bank accounts. After the accounts are opened,  substantial deposits, often inconsistent with the account holder’s declared income sources, are made and quickly wired onward or converted into cashier’s checks used later for real estate acquisitions across desirable markets.

    In addition,

    • FinCEN has documented extensive misuse of retail credit card systems, with laundered funds being used to finance shopping sprees that do not fit established customer profiles;
    • Outstanding balances are settled using fresh infusions from network-controlled accounts; and
    • Reward points earned through spending cycles become additional vehicles for offshore payments, all facilitated using promotional platforms that are popular among Peoples Republic of China (“PRC”) nationals.

    Key Red Flags and Compliance Vulnerabilities

    To assist financial institutions in learning how money launderers exploit gaps across KYC processes and transaction monitoring frameworks, FinCEN has identified the following red flags:

    1. Accounts opened with Chinese passports plus student or visitor visas, followed immediately by high-volume activity unrelated to customer profiles
    2. Frequent large-dollar cash deposits closely followed by wire-outs or cashier’s check purchases
    3. Multiple wire transfers originating abroad where legitimate business relationships cannot be substantiated
    4. Reluctance, or outright refusal, to explain sources behind incoming transfers when questioned during onboarding or enhanced due diligence reviews
    5. Shell companies focused on electronics or export trades reporting income inconsistent with typical business size, type, or geography
    6. Businesses receiving repeated credits from online marketplaces but rarely engaging suppliers or purchasing needed inventory

    Legacy rules-based monitoring tools frequently fail to detect suspicious activity unless multiple red flags appear together over time. This highlights the importance of adding contextual behavioral analysis to existing AML programs for more effective detection.

    Five-Year Data Trends: SAR Insights (2020–2024)

    The FTA supporting FinCEN’s advisory analyzed more than 137,000 Suspicious Activity Reports (“SAR”s) filed between January 2020–December 2024 under Bank Secrecy Act (“BSA”) obligations, with roughly $312 billion flagged as activity possibly tied back toward CMLN involvement.

    Major Takeaways:

    1. Depository Institutions are Prime Gateways

    • Banks accounted for nearly 85% of all relevant filings, from national chains down through community branches serving immigrant-heavy metro areas where bulk-cash placement occurs largely undetected via traditional surveillance alone
    • About 9% came from money services businesses reflecting vulnerability among smaller operators less equipped with modern anti-money laundering controls

    2. TBML Schemes Remain Prevalent

    • Over $9 billion cited specifically involved trade-based methods characterized by unusual funding behind exports/imports routed East Asia, Mexico, and Middle East corridors

    3. Daigou Buyers and Credit Card Abuse Feature Prominently

    • Only twenty SARs flagged daigou buyers explicitly, but associated retail or luxury typologies driven mainly through serial credit card spending cycles accounted collectively upwards $19 billion

    4. Human Trafficking and Elder Fraud Crossovers Noted

    • More than sixteen hundred filings implicated human trafficking or smuggling flows representing about $4+ billion transferred directly into massage parlors, spas, or restaurants owned ultimately via proxy structures linked back toward PRC and U.S dual residents (See related blog post here.)
    • Adult daycare and healthcare fraud centered around New York facilities reflected hundreds more filings totaling nearly three quarters-of-a-billion dollars

    5. Real Estate Remains Favored Integration Channel

    • Over $53 billion in illicit funds were laundered through property acquisitions. These transactions were either conducted directly using accounts, wire transfers, or check payments held by money mules and falsely described as coming from “relatives abroad,” or indirectly routed through shell companies set up for single transactions and then abandoned after the deals closed.

    6. Students Frequently Serve as Account Openers or Mules

    • Roughly fourteen percent ($13+ billion) cited account holders listing status only as students, with patterns showing repeat openings, multiple bank links, or spending behavior well beyond background justification

    Banks remain frontline defenders against this evolving threat ecosystem, yet also risk becoming unwitting conduits if robust internal practices lag rising sophistication exhibited among laundering networks themselves.

    Regulatory Responses and Risk Mitigation Strategies

    The evolving legal environment reflects increased regulatory attention and a growing focus on industry compliance obligations:

    • FinCEN guidance aligns closely with broader policy developments including Executive Order 14157 which now designates major cartels and transnational crime organizations (“TCO”s) under Foreign Terrorist Organization statutes.
    • The Department of Justice view even indirect facilitation, such as what could occur unwittingly through correspondent banking and remittance partnerships, as grounds not merely technical BSA breaches, but also as potential material support violations.
    • In June 2025, FinCEN invoked new authority barring certain Mexican financial institutions labeled primary money laundering concerns from interacting with the U.S. financial system (See related blog post here).

    For practitioners tasked daily with managing exposure amid rising complexity several actionable steps stand out:

    Practical Steps Forward:

    1. Revisit transaction monitoring and risk rating models by integrating the latest red flag indicators and placing greater emphasis on behavioral surveillance, especially in situations where multiple risk vectors converge over time;
    2. Intensify customer due diligence especially regarding beneficial ownership verification and source-of-funds tracing;
    3. Ensure that escalation protocols and internal reporting lines facilitate prompt legal and compliance review of any linkages, even circumstantial, to sanctioned entities, TCOs, and CMLNs;
    4. Where third-party exposure exists overseas, including logistics providers, supply chain partners, freight forwarders, and export-import brokers operating out of affected regions, embed contract language granting audit rights and requires proof of adequate AML/CFT program compliance; and
    5. Educate staff routinely regarding current threat typologies, new sanctions lists, and red flag scenarios, ensuring awareness extends to non-financial operational units likely exposed day-to-day interactions.

    Implementing these strategies helps ensure defenses remain dynamic in response to both evolving geopolitical realities and technological advances increasingly exploited criminal actors.

    Conclusion: Adapting Amid Escalating Complexity

    With more than $312 billion flagged suspicious over just four years, and robust government action underway, FinCEN’s message is unmistakable: professionalized global networks will continue adapting rapidly unless private sector vigilance rises correspondingly.

    Financial institutions must evolve beyond box-ticking compliance toward genuinely intelligent risk assessment incorporating current geopolitical shifts, regulatory changes, and emerging technology-enabled evasion tactics deployed alike by the cartels and CMLN brokers.

    As reflected throughout both FIN-2025-A003 advisory and the FTA, a multi-layered defense posture leveraging intelligence-driven detection capabilities will prove indispensable if industry participants aim not simply survive, but thrive, in today’s ever-changing regulatory landscape.

    By implementing comprehensive detection techniques, drawing on international best practices and a nuanced understanding of the specific cross-border risks associated with modern money laundering methods, the financial sector can better protect itself and fulfill regulatory obligations to maintain the integrity of global payment systems.

    If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

    On August 6th, 2025, following a four-week trial, a jury found Roman Storm, the founder of a crypto mixing service called Tornado Cash, guilty of conspiracy to operate an unlicensed money transmitting business. The jury was deadlocked and unable to reach a verdict on the two more serious charges against Storm: conspiracy to commit money laundering, and conspiracy to violate sanctions. The Tornado Cash case has been closely watched due to its implications for cryptocurrency regulation and the use of privacy-enhancing technologies in financial transactions.

    Tornado Cash provides an open-source protocol frequently referred to as a “mixer,” which breaks the link between senders and recipients of cryptocurrency in order to enhance privacy. Essentially, the protocol allows users to anonymize cryptocurrency transactions by obscuring the source, recipient, and general movement of the assets that flow through it. It relies on immutable smart contracts, which are essentially one-party contracts between users and the platform, for the movement of assets. Crucially, neither Tornado Cash nor its founders ever directly took custody of users’ funds, and the creators had no discretionary control over the platform’s use. It was governed by a Decentralized Autonomous Organization (“DAO”), wherein users who own Tornado Cash Tokens vote to make decisions on behalf of the platform.

    Supporters hail Tornado Cash for making great strides in the privacy—and, correspondingly, safety—associated with cryptocurrency. As Storm’s defense team highlighted, this is crucial for various types of users, like high-net-worth individuals, or activists, who have legitimate concerns that their safety may be jeopardized by traceable transactions.

    Law enforcement and regulatory bodies, however, are still trying to figure out what to do with technology that permits substantial amounts of currency to move with minimal, if any, accountability or oversight. Anti-Money Laundering (“AML”) and Know Your Customer (“KYC”) laws and regulations, and Financial Crimes Enforcement Network (“FinCEN”) registration and other requirements, exist to protect against the harms that flow from criminal actors’ use of financial services to prevent enforcement authorities from tracing proceeds of criminal activity. The problem is that the legal and regulatory framework in place now was not designed for today’s technology. As the Tornado Cash verdict demonstrates, this leaves enforcement bodies trying to fit a square peg in a round hole where they perceive that harm has been caused by digital asset technology. The result is further uncertainty regarding what obligations developers have to moderate and regulate users—a function that would not be possible with Tornado Cash’s model—and what liabilities may follow if they fail or refuse to do so.

    In this case, the government sought to hold Roman liable for when criminal actors utilized the platform after he created it, and after he gave up any ability to control or regulate its use. The jury’s inability to reach a verdict on the two more serious charges—conspiracy to commit money laundering and conspiracy to commit sanctions violations—likely reflects a deep divide regarding who should be held responsible for harms perpetuated in the digital assets space. On one hand, it is difficult to prove that Roman conspired to commit money laundering or sanctions violations when there was no relationship between Roman and the illicit actors. Roman developed the platform they later used, but he had no control over it by the time they used it, and neither the platform itself nor its creators ever took custody of the assets at issue. On the other hand, it was reasonably predictable that the platform would be used for illicit purposes. From a prevention-focused perspective, Tornado Cash’s creators were in a better position than anyone else to deter wrongdoers from using the platform. But that does not mean that they could be held criminally liable for failing to do so.

    This month’s jury verdict highlights the challenges in doing so. The one count on which Storm was convicted, conspiracy to operate an unlicensed money transmitting business, did not require the jury to find that Storm had any ties to illicit funds or hackers. Moreover, while Roman was convicted for his decision not to register Tornado Cash as a money transmitting business, there are substantial questions that will surely be raised on appeal. Can Roman actually be liable for “operating” a money transmitting business that he designed in such a way that he had no operational control over it? And, can Tornado Cash itself be considered a “money transmitter” when it never actually takes custody of funds?

    The outcome does not, however, clear creators of mixers like Tornado Cash, or creators in the digital asset space generally, of concerns for regulatory and criminal liability. First, while the count for operation of an unlicensed money transmitting business is the least serious of the counts, it is still a criminal conviction, for which Storm could face up to five years of in prison. Further, the jury did not acquit Storm. It was deadlocked. This means that some members of the jury believed the government had proven its case against Storm on those counts. And the claims were at least determined legally sufficient to go through to trial. The lack of an acquittal indicates that future cases with similar, slightly altered facts, could lead to more serious convictions than we saw here.

    In short, the outcome does little, if anything, to resolve the uncertainty that pervades this space. Individuals or entities involved in the creation or operation of tools for digital asset users should exercise caution and consult counsel regarding whether they should register as a money transmitting business, and what steps they may be required to take with respect to AML or KYC laws and regulations. Unless and until new legislation is passed to address these questions, the law is likely to remain murky regarding how the current rules apply to operators in the digital asset space. The Tornado Cash verdict shows that juries may be willing to accept theories of liability that hold creators of these platforms accountable under traditional financial services regulations when the tools and platforms they create are ultimately used by criminal actors.

    If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.