On March 10, 2026, FinCEN issued a renewed and expanded Geographic Targeting Order (GTO) imposing enhanced reporting and recordkeeping requirements on certain money services businesses (MSBs) operating along the Southwest border. According to FinCEN, the action is intended to support law enforcement efforts to disrupt money laundering and bulk‑cash movement tied to Mexico‑based drug cartels and other criminal networks. The new GTO is effective March 7, 2026, through September 2, 2026, and expands the geographic footprint of prior orders issued in March and September 2025.

Access the new GTO here. Read FinCEN’s press release here. This is a topic on which we previously have blogged extensively.

Scope of the Expanded Order

The GTO requires MSBs located in designated counties and ZIP codes in Arizona, California, New Mexico, and Texas to report cash transactions between $1,000 and $10,000. These reports must be filed on a Currency Transaction Report (CTR) within 30 days, an extension from the standard 15‑day CTR deadline. The GTO also requires MSBs to verify customer identity consistent with 31 C.F.R. § 1010.312 and to retain all related records for five years.

The Federal Register notice explains that FinCEN has determined additional reporting and recordkeeping requirements under this GTO are necessary to fulfill the objectives of the Bank Secrecy Act (BSA) and prevent attempts to evade its rules. The GTO also makes clear that it does not alter existing BSA obligations, including CTR and SAR filing requirements, but encourages voluntary SAR filings where activity appears designed to evade the new $1,000 threshold.

Expanded Coverage Area:

  • Arizona: Maricopa, Pima, Santa Cruz, and Yuma Counties
  • California: ZIP codes in Imperial County (92231, 92249, 92281, 92283) and San Diego County (91910, 92101, 92113, 92117, 92126, 92154, 92173)
  • New Mexico: Bernalillo, Doña Ana, and San Juan Counties
  • Texas: Cameron, El Paso, Hidalgo, Maverick, and Webb Counties

As with prior iterations, MSBs subject to ongoing injunctions remain temporarily exempt.

Why This Is Happening

FinCEN’s expanded GTO is part of a broader strategy to disrupt money laundering and other financial crimes tied to drug cartels and criminal organizations operating along the Southwest border. The agency views these enhanced reporting requirements as a practical way to give law enforcement better visibility into cash‑heavy transactions in areas known for elevated risk.

The Treasury Department has emphasized that addressing cartel‑related money flows remains a top priority. According to Treasury Secretary Scott Bessent, these efforts reflect the Administration’s commitment to removing drug‑trafficking profits from the U.S. financial system and equipping law enforcement with more timely information to target those responsible.

FinCEN anticipates that collecting more detailed transaction data through this order will help investigators uncover new leads and strengthen future prosecutions involving suspicious cash movements in vulnerable regions.

How This GTO Differs from Prior Orders

Compared to earlier Southwest border GTOs, the 2026 expansion introduces several notable updates. The most visible change is geographic: by adding Bernalillo, Doña Ana, and San Juan Counties in New Mexico, along with Maricopa and Pima Counties in Arizona, FinCEN has broadened its focus beyond the areas covered in past orders. Expanding the covered region likely reflects evolving patterns in cash movement or emerging law‑enforcement concerns along the border.

FinCEN’s explanation for the update also references cartel‑related financial flows more directly than in some previous orders. The agency links the expansion to risks associated with fentanyl trafficking and criminal organizations based in Mexico, offering a level of specificity that suggests these issues remain central to ongoing investigations.

Operationally, the GTO maintains the core reporting requirements of past iterations but places additional emphasis on communication and oversight. MSBs are now explicitly required to distribute the GTO to all business locations operating within affected counties or ZIP codes and to ensure that senior leadership is informed. This reinforces FinCEN’s continued focus on supervisory responsibility. For businesses with multiple locations or representatives in the covered areas, this may require renewed attention to consistent implementation, comprehensive training, and thorough documentation of compliance across all operations.

Key Requirements for MSBs

The GTO imposes several obligations on covered businesses, including:

  • Filing CTRs within 30 days for cash transactions between $1,000 and $10,000
  • Verifying customer identity in line with 31 C.F.R. § 1010.312
  • Retaining related records for five years after the GTO’s effective period ends
  • Ensuring that all business locations in the covered areas, and senior leadership, are informed about the requirements
  • Overseeing compliance across all levels of staff

FinCEN also advises MSBs to disregard any system warnings about transactions being “below $10,000” when submitting CTRs required under this GTO.

Compliance Period and Enforcement Considerations

MSBs newly captured by the expanded geographic scope have until April 6, 2026, to begin filing reports. All other covered MSBs must comply immediately.

Takeaways for Financial Institutions and Compliance Teams

The expanded GTO reflects FinCEN’s continued focus on Southwest border cash flows and its willingness to use GTO authority to obtain transaction‑level data outside the standard CTR regime. For MSBs, the GTO presents both operational and supervisory challenges:

  • Increased reporting volume for low‑dollar cash transactions
  • Heightened scrutiny of structuring and evasion indicators
  • Expanded agent‑level oversight obligations
  • Potential need to adjust onboarding, training, and monitoring workflows

For financial institutions more broadly, the GTO offers insight into FinCEN’s current risk priorities and may foreshadow future rulemaking or enforcement activity related to cash‑intensive MSB operations.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. And please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

At ETHDenver 2026, SEC Chairman Paul S. Atkins and Commissioner Hester M. Peirce outlined the agency’s current thinking on investor protection, innovation, and regulatory adaptation for cryptocurrencies and tokenized assets. Their conversation reflected both ongoing SEC priorities and the broader challenges that financial regulators face as technology continues to reshape capital markets.

Prioritizing Investor Protection

The SEC remains firmly committed to its central mission of investor protection. Atkins and Peirce highlighted that ensuring transparency is paramount—investors must have access to critical information needed for informed decisions. While crypto market volatility often grabs headlines, commissioners clarified that their focus is not on prices but on fair disclosure and empowering investors with reliable data. They emphasized the limits of regulatory intervention in market sentiment or valuations while underscoring the importance of providing fair access to information.

Fostering Innovation through Experimentation

The conversation signaled a growing openness at the SEC toward innovative approaches in finance, especially related to digital assets and tokenization. Commissioners discussed potential mechanisms like an “innovation exemption,” which could allow firms to experiment with novel technologies—including decentralized or automated trading platforms—within clear boundaries for limited periods. Pilot programs under such exemptions would keep risks manageable by imposing controls such as transaction volume limits. This approach allows emerging technologies to be tested safely, potentially informing future regulatory frameworks without compromising investor protection.

As an example, Atkins pointed to tokenization as holding significant promise for modernizing financial markets—potentially streamlining settlement cycles, enhancing collateral management efficiency, improving proxy voting processes, and supporting portfolio management innovations. The SEC appears prepared for these changes if they enhance system resilience or yield better outcomes for investors; however, commissioners stress careful development of new technologies alongside flexible but consistent oversight.

Advancing Regulatory Clarity & Interagency Coordination

To address uncertainties around digital asset regulation, the SEC has issued no-action letters, exemptive orders, guidance documents, and convened industry roundtables covering topics from custody solutions to DeFi protocols and privacy issues. The Commission is also collaborating more closely with other agencies—including joint efforts with the Commodity Futures Trading Commission (CFTC)—to harmonize rulemaking where asset classes straddle traditional finance and new digital ecosystems. These coordinated initiatives are designed to provide clearer guidance as innovation accelerates across market sectors.

Balancing Caution with Opportunity

Pragmatic caution underscores the commission’s optimism regarding financial technology advances; regulators acknowledge risks like disruptive shocks or unforeseen regulatory gaps even as they encourage gradual adoption of new tools. By fostering incremental adoption rather than picking technological winners directly, the agency aims to create an environment where responsible experimentation can thrive while minimizing negative side effects.

Adapting Anti-Money Laundering Oversight

New compliance technologies such as zero-knowledge proofs have potential implications for anti-money laundering (AML) efforts within crypto markets—they may enable firms to meet legal obligations without sacrificing user privacy entirely. The SEC indicated openness toward pilot exemptions that preserve essential controls (e.g., whitelisting), thereby helping reduce compliance costs while maintaining effective oversight over illicit activity risks—a balanced approach between personal privacy rights and robust AML enforcement.

Emerging Signals for the SEC’s Digital‑Asset Rulemaking Agenda

Beyond the broader themes, the ETHDenver remarks also offered a clearer view of the specific regulatory initiatives the SEC is considering. Atkins outlined a prospective set of priorities—including guidance on the lifecycle of token‑based investment contracts, pilot programs for limited on‑chain trading of tokenized securities, and joint SEC–CFTC rulemaking under the expanded “Project Crypto.” Peirce emphasized that any progress will be incremental, likely beginning with targeted relief, no‑action positions, and updates to functions such as transfer‑agent recordkeeping and broker‑dealer custody. For industry participants, the signal is that the SEC is exploring ways to permit controlled experimentation while grounding digital‑asset activity in longstanding securities‑law principles, including disclosure, market integrity, and AML and sanctions compliance. Although none of these items constitute policy, their specificity suggests the Commission is actively shaping a more durable, technology‑neutral framework for tokenized markets.

Conclusion: Responsible Evolution Through Collaboration

As presented by Atkins and Peirce at ETHDenver 2026: The SEC remains dedicated first and foremost to protecting investors but is increasingly coupling this mandate with support for measured experimentation in capital markets innovation. Today’s strategy emphasizes clarity across rulemaking bodies—incremental testing—and robust collaboration among regulators in response to rapid change brought by cryptocurrencies and tokenized assets alike. Ultimately, the commission upholds its dual responsibility: enabling responsible industry progress while safeguarding core principles of market integrity. If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

On February 13, 2025, FinCEN issued an order granting exceptive relief for covered financial institutions from certain Customer Due Diligence (“CDD”) requirements for new account openings. The exceptive relief is part of deregulation efforts, consistent with Executive Order 14192, “Unleashing Prosperity Through Deregulation,” and Section 6403(d) of the Corporate Transparency Act (the “CTA”).

What’s Covered by the Exceptive Relief?

The CDD rule requires covered financial institutions to identify and verify the beneficial owners of legal entity customers at account opening. Under the exceptive relief, FinCEN will now require covered financial institutions to obtain and verify the beneficial owners of legal entity customers:

  1. When a legal entity customer first opens an account;
  2. Any time the covered financial institution has knowledge that would reasonably call into question the reliability of beneficial ownership information that was previously provided; and
  3. As necessary for on-going CDD compliance. 

Covered financial institutions must still adhere to other Bank Secrecy Act/Anti-Money Laundering requirements, including all other CDD requirements.

Nothing precludes a covered financial institution from continuing the practice of collecting or verifying beneficial ownership at each new account opening or following the institution’s own risk-based policies and procedures. FinCEN highlights that it is “within the discretion of the covered financial institution” whether to avail themselves of this exceptive relief.

FinCEN’s Previous Guidance and Exceptive Relief Efforts

FinCEN noted that the exceptive relief was due, in part, to the industry’s reactions to previous relief efforts. Ultimately leading FinCEN to provide this broader relief.

FinCEN has previously issued guidance, allowing covered financial institutions to utilize previous beneficial ownership forms or information obtained from legal entity customers at new account openings, provided that the customer certified or confirmed that the information was still accurate and the financial institution had no knowledge calling into question the accuracy of the information. In addition, FinCEN previously provided exceptive relief to legal entity customers who open new accounts as a result of: a certificate of deposit rollover; a renewal, modification, or extension of a loan where there was no underwriting requirement or approval; a renewal, modification, or extension of a commercial line of credit or credit card account that does not require underwriting review and approval; or a renewal of a safe deposit box rental. This current exceptive relief supplements FinCEN’s previous guidance and exceptive relief.

Looking Ahead at the CDD Rule

The CTA promised revisions to the CDD rule to account for the changes made by the beneficial ownership information and access rules. FinCEN’s current rulemaking agenda lists a notice of proposed rulemaking slated for this Spring. Given the changes to the scope of the CTA, it is unclear how the CDD rule will be revised.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

As a reminder, the Financial Crime Enforcement Network’s (FinCEN) Residential Real Estate rule (the “Real Estate Rule”) is effective March 1, 2026. The Real Estate Rule was originally to take effect December 1, 2025, but FinCEN’s subsequently announced a temporary exemptive relief, extending the effective date until March.  We have previously blogged about the Real Estate Rule here and here.  

To recap, the Real Estate Rule institutes a new reporting form, the “Real Estate Report” which imposes a nation-wide reporting requirement for certain non-financed transfers of residential real estate to legal entities or trusts. Beginning March 1st, the “reporting person” must file the Real Estate Report electronically through FinCEN’s BSA E-Filing System. The Real Estate Rule provides a “cascading” reporting structure that requires at least one person involved in the real estate transaction to file the Real Estate Report.  

The Real Estate Rule has been subject to various lawsuits, including one case in Florida that argues the constitutionality of the rulemaking. In that Florida case a recent Magistrate Judge’s Report and Recommendation concluded that the Real Estate Rule was statutorily authorized by the Bank Secrecy Act and recommended summary judgment be granted to the Department of the Treasury. The Plaintiff has objected to the Magistrate Judge’s Report. Despite the pending lawsuits, and as of now, the Real Estate Rule appears to be on track for the March effective date.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

In response to the continued rise of payment card skimming, the United States Secret Service conducted one of its most expansive enforcement efforts to date, launching a nationwide initiative aimed at identifying and removing illicit skimming devices before stolen data could be used for fraud.

What is Card Skimming and How Does it Work?

The Federal Bureau of Investigation (FBI) describes card skimming as the use of “devices illegally installed on or inside ATMs, point-of-sale (POS) terminals, or fuel pumps [to] capture card data and record cardholders’ PIN entries.” Skimmers may be inserted inside the card reader, placed over the point-of-sale terminal as an overlay, or concealed along internal wiring. Because many of these devices allow the compromised payment terminals to function normally, victims often have no idea that their information has been stolen.

Once obtained, the Secret Service notes that the stolen card data is encoded onto another magnetic-stripe card, enabling unauthorized purchases and withdrawals using the victim’s account information. The FBI estimates that skimming costs U.S. consumers and financial institutions more than $1 billion annually.

EBT Fraud as a Primary Target

Electronic Benefits Transfer (EBT) cards have become a particular focus of skimming operations. Unlike most consumer credit cards, EBT cards generally lack chip technology, making them significantly easier for criminals to compromise. As of early 2024, the FBI reported that no state had implemented chip-enabled EBT cards.

The lack of robust security features and predictable monthly deposit schedules make EBT cards especially vulnerable. According to the FBI, scammers often withdraw EBT cash benefits shortly after funds are loaded, often between midnight and 6 a.m. the day the benefits become available. Low-income households that rely on these benefits are disproportionately affected, and reimbursement for lost funds is often limited.

Inside the Secret Service’s 2025 Nationwide Crackdown

To address the escalating threat, the Secret Service partnered with federal, state and local law enforcement agencies to conduct a series of coordinated enforcement and outreach operations throughout 2025. According to the agency, the initiative resulted in:

  • 22 operations conducted nationwide
  • More than 9,000 businesses visited
  • Nearly 60,000 ATMs, gas pumps, and point-of-sale terminals inspected
  • 411 illegal skimming devices identified and dismantled
  • An estimated $428.1 million in potential fraud losses prevented

Operations spanned major metropolitan areas as well as smaller cities, including: Los Angeles, New York City, Washington, D.C., Anchorage, Boston, Orlando, Charlotte, Buffalo, San Diego, San Antonio, Baltimore, Tampa, Atlanta, Savannah, Memphis, Miami and Pittsburgh. Several cities saw multiple rounds of inspections.

Rather than waiting for fraud reports to surface, this initiative relied on proactive, in-person inspections. Agents frequently uncovered skimming devices even when business owners believed their terminals were secure. 

Investigators noted that skimmers can be installed in seconds, sometimes as a store clerk briefly turns their attention away from payment terminals. The FBI has warned that fraudsters may intentionally divert employees’ attention, such as by requesting items from behind the counter. Much of this activity is linked to transnational criminal groups, and store employees are typically unaware that devices have been installed.

In addition to removing skimmers, agents also educated business owners on identifying signs of tampering. In some cases, scammers returned to reinstall devices within days, or even hours, of an inspection.  Because of the outreach component, however, owners were able to detect and report the new devices quickly.

Consumer Protection: What to Watch For

Both the Secret Service and the FBI emphasize that basic vigilance can significantly reduce the risk of falling victim to a fraudulent skimming scheme. Recommended precautions include:

  • Inspection of card readers for loose, crooked, damaged or scratched components
  • Use tap-to-pay or chip-enabled cards whenever possible
  • When using a debit card, run it as credit to avoid entering a PIN; if a PIN is required, shield the keypad
  • Be especially alert in tourist areas with high transaction volume
  • Prefer indoor, well-lit ATMs, which are less susceptible to tampering

What Comes Next?

The Secret Service made clear that its 2025 initiative represents the beginning of an expanded and ongoing effort. The agency plans to continue enforcement and outreach into 2026 and beyond, working with domestic law enforcement partners to dismantle the criminal networks enabling these schemes.

As Assistant Director of the U.S. Secret Service’s Office of Field Operations, Kyo Dolan, noted, these actions are designed to remove skimmers “before criminals can recover the stolen card numbers they contain,” while also targeting the organizations behind the schemes.

Although skimming fraud remains a pervasive threat, proactive and coordinated enforcement can meaningfully disrupt it. For consumers and businesses alike, awareness, vigilance and early detection remain the first line of defense.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. And please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

In December, the Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) announced a $3,500,000 civil penalty against Paxful, Inc. and Paxful USA, Inc. (“Paxful”), pursuant to a consent order.

Paxful is an exchanger of convertible virtual currencies (“CVC”), operating both a CVC wallet service and a marketplace for peer-to-peer (“P2P”) buyers and sellers of CVC. The company describes itself as “the world’s largest P2P marketplace,” enabling users to buy and sell digital currencies across 140 markets with hundreds of payment methods, send cash or cryptocurrency instantly, and “become a peer-to-peer market maker.” According to the consent order, between February 2015 and April 2023, Paxful conducted transactions with over 4 million users, including over 50 million trades valued at a total of several billion dollars. These transactions ranged across products including CVC, prepaid access cards, and fiat currencies. In that time period, Paxful’s customers engaged in over 20 million external crypto transactions worth more than $10 billion.

In the order, Paxful admitted to three types of violations. First, Paxful failed to maintain its registration with FinCen. Second, it failed to implement an effective AML program. Third, it failed to identify and report suspicious activity. Paxful agreed to pay a $3,500,000 civil penalty for these violations, which FinCEN described as “egregious” and having “caused extensive possible harm to the public.”

Failure to Register as a Money Services Business

The Bank Secrecy Act (“BSA”) requires all “money services businesses” to register with FinCEN as an MSB within 180 days of beginning operations, and to renew its registration every two years. Paxful is treated as an MSB because it is a “money transmitter,” one of seven categories of businesses required to register as MSBs. While Paxful initially registered with FinCEN in July 2015, it allowed its registration to lapse. MSBs are required to renew their registrations by the last day of the calendar year before two-year renewal period—here, Paxful was required to re-register by December 31, 2016. It failed to do so until September 3, 2019, and therefore operated as an unregistered MSB for 974 days.

Failure to Develop, Implement, and Maintain an Effective AML Program

Much of the consent order details Paxful’s failure to implement a compliant AML program. At the outset, Paxful did not have any AML program in place for its first four years of operation, only implementing a program for the first time in February 2019. The program Paxful eventually implemented still fell short of FinCEN’s requirements in numerous respects, including:

  • Know your customer protocols. The know your customer (“KYC”) protocols Paxful put in place only applied to users whose activity exceeded $1,500, and Paxful made no effort to prevent users from evading controls by structuring transactions around this minimum.
  • Customers acting as unregistered MSBs. While Paxful identified a risk that smaller P2P exchangers could use Paxful, it did not implement controls to identify unregistered MSBs.
  • Geographic spoofing. Paxful did not assess customers’ locations, or take any action to identify circumstances where users used geographic spoofing to hide their true location—in many cases concealing activity from locaitons the government considers high-risk jurisdictions. 
  • Transaction monitoring. Although Paxful’s products and services could be used for money laundering, its AML program provided no mechanism for the company to identify and report suspicious activity, as required by law.
  • Prepaid access transactions. Paxful operates a prepaid access program, which was a substantial portion of its business. Between May 2015 and December 2019, the top payment methods on the platform were iTunes and Amazon prepaid access cards. Despite knowing that illicit actors were exploiting this market, Paxful prioritized its development, and failed to implement controls to monitor and illicit activity taking place within it.
  • North Korean, Iranian, and terrorist finance transactions. One result of Paxful’s failure to implement sufficient internal controls is that it facilitated transactions with what the consent order describes as hostile nation-states and state-sponsored cybercriminals, including from Iran and North Korea. The Lazarus Group, which is designated a North Korean state-sponsored cyber-criminal group, conducted thousands of trades on Paxful’s platform. Paxful took no steps to address this for several years after receiving law enforcement inquiries about it.
  • Compliance Officer. Although MSBs are required to designate a person ensure compliance with internal compliance programs and the BSA, Paxful operated without any designated compliance officer. When it did begin listing a compliance officer, that individual had never received any BSA or AML training, and during that person’s tenure, Paxful still had what the government describes as “egregious lapses in compliance.”
  • Independent Testing. MSBs must obtain independent reviews of their compliance program, with the scope and frequency depending on the risks associated with the MSB’s services. Paxful only conducted one test in the multi-year period at issue on the consent order, which the government described as “not even remotely commensurate with the volume of transactions processed or risks associated with the products and services offered by Paxful.”

Failure to Report Suspicious Activity

The consent order states that Paxful “facilitated transactions involving over $500 million in suspicious activity[.]” These transactions were associated with ransomware attacks, darknet and other illicit marketplaces, unregistered MSBs, child sexual abuse material, elderly financial exploitation, terrorist financing, high-risk jurisdictions, and stolen funds or other illicit proceeds. Despite this, Paxful did not file a single suspicious activity report before November 2019, and its reporting after that date remained deficient.

BSA Violations and Penalty

The consent order noted that Paxful employees had identified and discussed many of these deficiencies with senior leadership, who in some instances dismissed the concerns, and in other instances claimed that the concerns would be addressed. In some circumstances, the consent order states that Paxful leadership instructed employees not to raise or report issues, and that Paxful employees actively worked to build its relationships with and presence on high-risk platforms. For example, Paxful actively sought to be utilized on Backpage.com, a platform well-known for its role in promoting sex trafficking, including child sexual abuse, even after its widespread illicit activity was made public by a government investigation.

Based on these actions and deficiencies, FinCEN found that Paxful willfully violated the BSA and associated regulations, specifically finding:

  1. Paxful willfully failed to register as an MSB in violation of 51 U.S.C. § 5330 and 31 C.F.R. § 1022.380;
  2. Paxful failed to develop, implement, and maintain an effective AML program reasonably designed to prevent its programs from being used to facilitate money laundering and the financing of terrorist activities in violation of 31 U.S.C. § 5318(h)(1) and 31 C.F.R. § 1022.210; and
  3. Paxful willfully failed to accurately, and timely, report suspicious transactions to FinCEN, in violation of 31 U.S.C. § 5318(g)(1) and 31 C.F.R. § 1022.320.

In discussing its decision to impose a civil money penalty, FinCEN noted the “egregious” nature of the violations, which it determined “caused extensive possible harm to the public.” FinCEN further discussed that it determined there was a “culture of noncompliance throughout” Paxful, whose leadership were aware of their obligations under the BSA and still failed to comply. Based on these, and other factors, FinCEN imposed a $3.5 million civil penalty.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. And please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

On January 9, 2026, U.S. Treasury Secretary Scott Bessent announced a series of new federal actions  focused on schemes to defraud federal aid programs. Treasury’s announcement follows a series of high-profile investigations involving alleged fraud tied to federally funded programs, such as the Feeding Our Future scheme to defraud the Federal Child Nutrition Program in Minnesota. That scheme relied on sophisticated financial activity, including rapid movement of funds, use of nonprofit and shell entities, and international transfers designed to conceal the source and use of government money.  The government estimates that the Feeding Our Future scheme cost taxpayers an estimated $250 million.

Treasury’s initiative signals an enhanced approach to fraud enforcement that places banks squarely on the front lines to detect and deter financial fraud.  As a result, financial institutions should expect heightened regulatory scrutiny, increased information requests, and closer coordination between bank examiners and law enforcement—particularly where institutions serve nonprofits or customers engaged in high-volume or cross-border transactions. 

What does Treasury’s fraud initiative entail?

A central feature of the initiative is intensified oversight of financial institutions’ Bank Secrecy Act (BSA) and anti-money laundering (AML) compliance. FinCEN has already issued investigative demands to money services businesses in Minnesota and has indicated that banks serving nonprofits, tax-exempt organizations, and other customers that receive or distribute government-related funds may also face closer examination.

In addition, FinCEN has issued targeted alerts identifying red flags associated with fraud involving government programs. Treasury is specifically targeting international wires and similar pass-through bank transfers that move government or nonprofit-related funds quickly out of accounts in amounts or patterns inconsistent with the bank customer’s stated purpose. Treasury has made clear that these alerts are intended to inform transaction monitoring and examiner expectations.

Treasury is also expanding training for federal, state, and local law enforcement on the use of financial intelligence, including Suspicious Activity Reports (SARs), in fraud investigations.

What are the implications for financial institutions?

Treasury has emphasized that institutions are expected not only to file SARs, but to identify emerging fraud typologies early and adjust controls accordingly.

Financial institutionsshould confirm that systems and procedures are capable of capturing required data elements accurately and escalating potentially suspicious activity promptly.

As a result, banks should expect SAR filings to be used more actively in investigations, placing added importance on narrative quality, internal consistency, and timeliness.

In light of Treasury’s initiative, banks should consider taking the following steps in the near term:

  • Reassess BSA, AML, and fraud risk assessments with a specific focus on government benefits, nonprofit customers, and pandemic-era funding streams.
  • Review transaction monitoring rules and alert thresholds to ensure alignment with FinCEN’s identified fraud red flags.
  • Evaluate SAR filing practices, including timeliness, narrative quality, and escalation procedures.
  • Confirm operational readiness to comply with Geographic Targeting Order reporting requirements and related data integrity obligations.
  • Prepare compliance, legal, and operations teams for potential regulatory examinations, subpoenas, or law enforcement inquiries.


Ballard Spahr brings deep, firsthand experience to advising financial institutions facing heightened fraud and AML scrutiny.   Drawing on this experience, Ballard Spahr advises banks and financial institutions on BSA/AML compliance, fraud risk mitigation, regulatory examinations, and responses to government investigations—helping clients anticipate enforcement priorities and address issues before they escalate. In matters involving potential violations, we conduct internal investigations and assist in responding to administrative, civil or criminal investigations, government enforcement actions, and related civil litigation by private parties regarding fraud schemes. We help clients evaluate risk, strengthen compliance frameworks, respond to supervisory and enforcement actions, and navigate complex, multi-agency inquiries.

Rushmi Bhaskaran, a partner in Ballard Spahr’s White Collar Defense and Investigations Group, previously served as an Assistant U.S. Attorney in the Southern District of New York, where she investigated, prosecuted, and tried a wide range of white collar fraud matters, including those involving allegations of money laundering and violations of the Bank Secrecy Act.

Matthew Ebert, counsel in Ballard Spahr’s White Collar Defense and Investigations Group, previously served as Chief of the Fraud and Public Corruption Section at the U.S. Attorney’s Office for the District of Minnesota, where he played a leading role in the federal investigation and prosecution of the Feeding Our Future fraud scheme that is an impetus for Treasury’s anti-fraud initiatives.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

In 2025, the Nevada Gaming Commission (Commission) and the Nevada Gaming Control Board (NGCB) launched one of the most significant enforcement waves in state history, imposing nearly $27 million in fines against three of the Las Vegas Strip’s largest operators: Caesars Entertainment, MGM Resorts, and Resorts World Las Vegas. Each case centered on failures to detect and prevent suspicious gambling activity tied to convicted bookmaker Mathew Bowyer, whose presence across multiple properties exposed systemic weaknesses in anti-money laundering (AML) programs. The enforcement actions highlight regulators’ growing insistence on robust compliance practices and a culture of vigilance within the gaming industry.

Caesars Entertainment Enforcement Action

The most recent fine, approved on November 20, 2025, ordered Caesars Entertainment to pay $7.8 million following a five-count NGCB complaint. The complaint alleged that Caesars permitted Bowyer to gamble freely across its properties for more than seven years, despite mounting red flags and evidence that other casinos had banned him as early as 2017. Caesars formally designated Bowyer as a “high risk” customer in 2019 yet failed to bar him until January 2024. Regulators described the company’s conduct as a systematic negligence, emphasizing that Caesars allowed Bowyer to win and lose millions without verifying his source of funds. The fine was set at roughly three times Bowyer’s net losses at Caesars, ensuring the company did not profit from its failures.

The Commission was notably frustrated by ongoing compliance issues across major operators, viewing Bowyer’s case as a clear example of broader weaknesses in oversight. The decision to impose penalties, supported by a vote of 4-to-1, underscored both the seriousness of the violations and a strong intent to prevent similar problems going forward.

MGM Resorts Enforcement Action

Earlier in the year, MGM Resorts faced its own enforcement action. In April 2025, the Commission approved an $8.5 million fine against MGM following a 10-count NGCB complaint. The complaint alleged that MGM permitted Bowyer and another illegal bookmaker, Wayne Nix, to gamble at MGM Grand and The Cosmopolitan between 2015 and 2018. Regulators noted that MGM executives had suspicions about Bowyer’s source of income as early as 2015, and in 2018 a customer warned MGM that Bowyer was attempting to poach gamblers from its casinos. Despite these warnings, MGM failed to act decisively. The complaint highlighted leadership failures under former MGM executive Scott Sibella, who allowed bookmakers to pay debts in cash and gamble millions without proper AML checks. MGM admitted wrongdoing and pledged reforms, with the Commission approving the fine unanimously.

Resorts World Las Vegas Enforcement Action

Resorts World Las Vegas faced the largest penalty of the three operators. In March 2025, the property agreed to pay $10.5 million following a 12-count NGCB complaint alleging severe AML deficiencies, and the Commission formally approved the fine. Regulators found that Resorts World allowed individuals with ties to illegal bookmaking and gambling-related felony convictions to gamble freely. The fine was the second-largest in Nevada history, behind Wynn Resorts’ $20 million penalty in 2019. The case was particularly notable given Resorts World’s status as a $4.2 billion property that opened in 2021 with modern infrastructure and the expectation of strong compliance systems. Regulators emphasized that even new properties with advanced technology are not immune from scrutiny if compliance programs fail to meet expectations.

Regulator Expectations

Taken together, the three fines illustrate regulators’ frustration with systemic AML failures across operators. Commissioners emphasized that operators must do more than maintain technical compliance programs; they must foster a culture of vigilance that prioritizes integrity over revenue. The Bowyer cases collectively demonstrate that regulators expect operators to proactively monitor high-risk patrons, escalate red flags promptly, and verify sources of funds. The enforcement trend also signals that regulators will not hesitate to impose multimillion-dollar penalties when operators fail to act decisively.

Industry Implications

The implications for the industry are significant. First, the fines underscore the importance of enhanced due diligence for high-risk patrons. Regulators expect operators to verify sources of funds, particularly when patrons engage in high-stakes play or exhibit patterns consistent with suspicious activity. Second, the cases highlight the need for clear escalation protocols. Caesars, MGM, and Resorts World each failed to act on red flags in a timely manner, allowing Bowyer to gamble millions over extended periods. Third, the enforcement actions demonstrate the value of independent audits. Regular reviews can help operators identify gaps in AML programs and remediate deficiencies before they attract regulatory attention.

Beyond technical compliance, the cases emphasize the importance of organizational culture. Regulators criticized operators for prioritizing revenue over compliance, suggesting that leadership must set the tone for vigilance and accountability. MGM’s case tied failures to specific executives, underscoring the role of leadership in shaping compliance outcomes. Caesars and Resorts World faced criticism for organizational cultures that allowed high-risk patrons to gamble freely despite clear warning signs.

The reputational damage associated with these fines is also significant. Caesars, MGM, and Resorts World each faced public embarrassment, with executives admitting their programs were “unacceptable.” The fines were widely reported in industry and mainstream media, reinforcing the perception that AML failures undermine the integrity of Nevada’s gaming industry. For operators, reputational harm can be as damaging as financial penalties, affecting relationships with regulators, investors, and customers.

Looking ahead, operators should expect continued scrutiny from regulators. The Bowyer cases suggest that regulators are focused not only on individual patrons but also on systemic weaknesses in compliance programs. Operators should anticipate more aggressive enforcement, particularly around high-stakes patrons and cash-intensive play. Regulators are likely to demand evidence that operators are proactively monitoring activity, escalating red flags, and verifying sources of funds.

Practical Steps for Operators

To mitigate regulatory risk and strengthen compliance programs, operators should implement enhanced due diligence protocols for high-risk patrons, including mandatory source-of-funds verification. They should establish clear escalation procedures to ensure red flags are acted upon promptly and consistently. Regular independent audits can help identify gaps and remediate deficiencies. Ongoing training for compliance staff and frontline employees is essential to reinforce vigilance and accountability. Finally, operators should benchmark AML practices against industry peers and regulatory expectations to ensure programs remain robust and adaptive.

The Bowyer-related fines against Caesars, MGM, and Resorts World underscore regulators’ intolerance for AML failures. Operators must treat compliance as a strategic priority, recognizing that lapses can trigger multimillion-dollar penalties and lasting reputational harm. The enforcement actions highlight regulators’ expectation that operators foster a culture of vigilance, where integrity is prioritized over revenue. For the gaming industry, the lesson is clear: AML compliance is not optional, and failure to act decisively on suspicious activity will carry significant consequences.

Ballard Spahr’s Gaming Industry Group and Anti-Money Laundering Practice provide comprehensive guidance to public and private sector clients navigating the evolving regulatory landscape. Our team advises on Bank Secrecy Act and anti-money laundering compliance, assists with governmental inquiries, investigations, enforcement proceedings, licensing matters, internal risk assessments, policy development, training programs, transactional due diligence, technology integration for compliance monitoring and reporting, and crisis management in response to active investigations.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

The U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) released its latest Financial Trend Analysis (FTA) this month, reporting data from banks and other financial institutions showing that, following a recent surge, the number of reported ransomware incidents and payment amounts dipped slightly in 2024. High-profile ransomware attacks frequently appear in the news and the impact can be severe: in just the last month, news broke that an e-tailer company was knocked offline for 45 days following one attack, and cities and towns across the U.S. lost access to their emergency alert systems after another.

Data indicates reality matches the perception—ransomware attacks surged to their highest levels in 2023, with a total of 1,512 reported incidents and $1.1 billion in reported ransom payments, a staggering 77 percent increase in total payments from the prior year. This continued a trend of increased malicious activity that first appeared in 2021, in which FinCEN received reports of approximately 1,400 incidents and nearly $1 billion in payments, more than double the previous year. Indeed, the three-year review period for the FTA (January 2022–December 2024) saw a total of 7,395 ransomware-related reports, totaling more than $2.1 billion in payments, while during the entire previous nine-year period (2013 through 2021), FinCEN received only 3,075 reports totaling approximately $2.4 billion in ransomware payments.

One year does not make a trend but the latest data show signs for cautious optimism. In 2024, companies reported a total of 1,476 ransomware incidents, and approximately $734 million in ransomware payments. The median ransomware payment also decreased, from $175,000 in 2023 to $155,257 in 2024. FinCEN attributes this decrease in part to U.S. and U.K. law enforcement disrupting high-profile ransomware groups in December 2023 and February 2024.

No industry is immune from the threat of attack, but the FTA identified that financial services, manufacturing, and healthcare industries reported both the greatest number of incidents and highest amount of aggregate payments sent to ransomware actors during the review period. Retail and legal services reported the next highest amount of overall incidents; meanwhile, science and technology and retail rounded out the highest reported total payments.

Other key findings reported in the FTA include:

  • The data revealed 267 distinct ransomware variants used in attacks during 2022 – 2024, the most prevalent being Akira, ALPHV/BlackCat, LockBit, Phobos, and Black Basta.
  • Ransomware actors most often used The Onion Router (“Tor”) to communicate with their victims, reported in 67 percent of ransomware incidents during the reporting period. TOR uses encryption and layered network infrastructure to allow users to browse the internet anonymously and conceal their identity and point of origin.
  • Bitcoin (BTC) remains the prominent payment method of choice for ransomware actors, accounting for 97 percent of the reported ransomware transactions.

The financial threat to companies posed by ransomware is no secret. Data reported to FinCEN indicates that, although the vast majority of payments demanded by ransomware actors are below $250,000, individual demands can exceed $5 million. But the risk doesn’t end with the actual ransom payment—companies face increasing legal liability as well. According to one report from 2023, nearly one in five ransomware attacks resulted in a lawsuit against the victim company. Class actions against companies for failure to prevent or disclose ransomware breaches abounded in 2025, after several litigations arising from earlier breaches led to costly settlements.  

Therefore, it is as important as ever for companies to take steps to prevent, detect, and respond effectively to ransomware attacks. As FinCEN summarizes, “ransomware is a complex cybersecurity problem requiring a variety of preventive, protective, and preparatory best practices.” The FTA references several resources, including the Cybersecurity and Infrastructure Security Agency’s (CISA) website StopRansomware.gov, the National Security Agency’s (NSA) Ransomware Guide, and the National Institute of Standards and Technology’s (NIST) Data Integrity Project.

FinCEN publishes FTAs pursuant to section 6206 of the Anti-Money Laundering Act of 2020, 31 U.S.C. § 5318(g)(6)(B), which requires periodic reporting of threat pattern and trend information derived from data reported to FinCEN under the Bank Secrecy Act. The AML Blog has posted on previously-issued FTAs here and here.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. And please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

The prosecution of the developers behind Samourai Wallet illustrates how U.S. authorities are broadening their approach to privacy‑focused cryptocurrency tools. In April 2024, the U.S. Attorney’s Office for the Southern District of New York announced charges against Keonne Rodriguez, Samourai’s chief executive, and William Lonergan Hill, its chief technology officer. The indictment alleged that Samourai facilitated more than $2 billion in Bitcoin transactions, including $237 million in criminal proceeds, with over $100 million tied to darknet markets. By late 2025, both pleaded guilty: Rodriguez was sentenced to five years, Hill four, on conspiracy counts related to money transmission and money laundering.

Statutory Basis for the Charges

The convictions rested on two statutes traditionally applied to custodial financial services but now extended to non‑custodial crypto tools.

  • 18 U.S.C. § 1960 criminalizes operating an unlicensed money transmitting business. Historically, this applied to custodial services holding or transferring funds for customers. Samourai was different: users retained control of their private keys, while the software facilitated transactions. Prosecutors argued that features such as Whirlpool and CoinJoin, privacy techniques mixing coins from multiple users, amounted to money transmission by obscuring fund origins. They pointed to Samourai’s fee structure, promotional materials, and darknet outreach as evidence of intent.
  • 18 U.S.C. § 1956 covers conspiracy to commit money laundering. Prosecutors contended that Samourai’s design and marketing encouraged concealment of criminal proceeds, citing communications and promotional materials aimed at illicit users.

Enforcement Trends: Samourai vs. Tornado Cash

Samourai is part of a broader enforcement trend targeting privacy‑enhancing crypto tools. The Tornado Cash prosecution in 2023 raised parallel issues but in a different technological and legal context. (See our additional blog posts about Tornado Cash here, here, here, and here.)

Tornado Cash, built on Ethereum smart contracts, posed the challenge of immutability: once deployed, the code operated autonomously, and developers argued they lacked control over user activity. This immutability became central to defenses and civil litigation, with courts questioning whether autonomous code could be treated as “property” subject to sanctions. By contrast, Samourai’s active coordinator service and ongoing updates gave prosecutors a foothold to argue that its developers exercised meaningful operational control. This distinction allowed the government to frame Samourai’s conduct not as passive publication of code but as active facilitation of illicit finance.

Tornado Cash litigation tested the boundaries of OFAC’s sanctions authority under IEEPA, ultimately resulting in judicial limits on designating immutable smart contracts. Samourai, however, was pursued under traditional criminal statutes, extending their application to non‑custodial wallets and raising questions about fair notice given FinCEN’s prior guidance.

Legal Questions Raised

These prosecutions highlight unresolved constitutional and statutory issues. If Tornado Cash and Samourai represent two ends of the spectrum—immutable code versus actively maintained software—courts must now contend with how far existing law can extend to decentralized technologies. At stake are broader questions of liability, statutory interpretation, and constitutional protections such as speech and due process. The central question is whether publishing and maintaining privacy‑focused code remains speech under the First Amendment, or whether it becomes criminal conduct when paired with active promotion toward illicit use.

Tornado Cash Litigation: OFAC Sanctions and DOJ Charges

Tornado Cash faced a dual track of enforcement: criminal charges against its developers and administrative sanctions against its code.

In Van Loon v. Department of the Treasury (5th Cir. 2024), plaintiffs challenged OFAC’s authority. (See our blog post here.) The Fifth Circuit ruled that sanctioning immutable Tornado Cash smart contracts exceeded OFAC’s statutory authority under IEEPA, limiting designation of autonomous code as “property.” The decision underscored the difficulty of applying traditional law to decentralized technology, though it did not categorically immunize all crypto protocols from sanctions.

This judicial pushback illustrates the limits of sanctions law when applied to autonomous protocols. Parallel developments in FinCEN guidance further complicate matters, as longstanding custodial versus non‑custodial distinctions intersect uneasily with prosecutorial theories advanced in Samourai.

FinCEN Guidance

FinCEN has generally distinguished custodial from non‑custodial wallets. Its 2019 guidance (FIN 2019 G001) stated that entities providing only software without asset custody are not subject to registration or Bank Secrecy Act requirements applicable to money services businesses. In 2024, FinCEN withdrew proposed rules that would have imposed KYC obligations even for non‑custodial wallet providers, reinforcing earlier interpretations.

Yet during proceedings against Samourai’s founders, prosecutors reportedly asked FinCEN whether CoinJoin or non‑custodial wallets qualified as “money transmission.” FinCEN answered “no,” but charges proceeded regardless. This divergence raises constitutional questions about fair notice and the consistency of regulatory versus prosecutorial positions.

Comparative Analysis: Samourai and Tornado Cash

Placing Samourai and Tornado Cash side by side reveals how enforcement risks diverge depending on technological design, regulatory posture, and evidentiary focus. Tornado Cash’s defense rested on immutability, emphasizing that once deployed, developers lacked the ability to control user activity. This argument framed the project as autonomous code rather than an ongoing service. By contrast, prosecutors in Samourai highlighted the wallet’s active coordinator service, continuous updates, and targeted marketing as evidence of meaningful developer involvement.

Regulatory approaches also diverged. Tornado Cash was primarily challenged through OFAC’s sanctions authority under IEEPA, a strategy that met judicial resistance when courts questioned whether immutable smart contracts could be designated as “property.” Samourai, however, was pursued under traditional criminal statutes (§ 1960 and § 1956) despite FinCEN’s guidance suggesting such tools were outside money transmission rules.

Evidence in each case points to fundamentally different enforcement approaches. In Tornado Cash, the defense leaned on the impossibility of control, arguing that immutability precluded intent. In Samourai, prosecutors relied on direct evidence of intent, pointing to promotional materials, darknet outreach, and fee structures as proof that the wallet was designed to attract illicit use.

Taken together, the comparison demonstrates that enforcement is not uniform but highly contingent. Immutable protocols test the limits of sanctions law, while actively maintained wallets are subject to broader applications of criminal statutes. The broader lesson is that privacy‑preserving technologies, whether autonomous or developer‑driven, now face heightened scrutiny, with liability theories evolving to match the technical contours of each project.

Conclusion

The Samourai convictions signal a shift in how federal authorities apply existing statutes to decentralized and non‑custodial technologies. By extending provisions traditionally aimed at custodial services to privacy‑focused wallets, prosecutors demonstrated a willingness to reinterpret statutory language considering evolving technical design. This approach may deter illicit finance, but it also raises unresolved constitutional questions about fair notice, due process, and the boundary between protected speech and criminal conduct.

More broadly, the trajectory of enforcement against Samourai and Tornado Cash underscores that privacy‑preserving tools, whether autonomous protocols or actively maintained software, are now within the sights of regulators and prosecutors. Liability theories are likely to adjust to each project’s design, reflecting ongoing enforcement developments.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.