On October 9, 2025, the Financial Crimes Enforcement Network (“FinCEN”) jointly issued updated Frequently Asked Questions (“FAQs”) with the Federal Reserve Board of Governors, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency, clarifying the circumstances under which financial institutions must file suspicious activity reports (“SARs”).

Background

            For decades, SARs have been a useful tool for law enforcement agencies to detect money laundering and counter the financing of terrorism. However, regulatory guidance regarding when and how financial institutions must file these reports has at times been unclear. Financial institutions often expended significant organizational resources meeting supervisory expectations or best practices from examination manuals, even where not strictly required by law. The FAQs seek to clarify and simplify what is required of financial institutions under the Bank Secrecy Act (“BSA”).

Recent regulatory updates indicate a shift in philosophy regarding SARs, emphasizing efficiency and effectiveness in suspicious activity reporting. FinCEN has signaled an intent to pivot away from blanket expectations that can lead to duplicative work and information overload for both financial institutions and law enforcement. This marks a notable departure from previous practices where compliance obligations often resulted in substantial resource expenditures with limited incremental value for investigators.

What Do These FAQs Say?

            FinCEN and its partners identify four key areas: structuring SARs; continuing activity reviews; timelines for continuing activity SARs; and documentation requirements, clarifying both legal standards and practical expectations within the SAR regulatory scheme.

1. SAR Filings for Potential Structuring-related Activity

FinCEN writes that financial institutions are not required to file SARs for a transaction or series thereof with a value at or near the $10,000 Currency Transaction Report (“CTR”) threshold solely because it meets that amount, unless there is knowledge or suspicion that such transactions are designed specifically “to evade BSA reporting requirements.” In absence of any knowledge, suspicion, or reason to suspect, a financial institution is not required to file SARs simply because a transaction is at or above the CTR threshold.

Similarly, financial institutions must file a SAR only when they know, suspect, or have reason to suspect transactions aggregating $5,000 or more are designed specifically “to evade BSA reporting requirements” such as CTRs.

The FAQ also addresses structuring – an unlawful attempt to evade CTR reporting requirements under 31 C.F.R. § 103.18. FinCEN regulations define structuring as “a person, acting alone, or in conjunction with, or on behalf of, other persons, conducting or attempting to conduct one or more transactions in currency, in any amount, at one or more financial institutions, on one or more days, in any manner, for the purpose of evading CTR reporting requirements.” This definition is inclusive of attempts to evade requirements by breaking sums of currency above the CTR threshold into smaller sums below the threshold. The FAQs make clear that financial institutions should operate and maintain anti-money laundering and CFT protocols to detect and report structuring. The FAQs reflect FinCEN’s intention that institutions focus their efforts on high-value information rather than routine filings based solely on transaction amounts.

    2. Continuing Activity Reviews

The FAQs also address ongoing or continuing suspicious activity by a single customer or account. Prior FinCEN guidance suggested that financial institutions are expected or required to monitor whether suspicious activity is ongoing after a SAR has been filed. This guidance expressly states that financial institutions are not required to independently review a customer or account to evaluate whether suspicious activity continues after the filing of a SAR. Financial institutions can fulfill their SAR compliance obligations by relying on their standard policies and protocols for monitoring suspicious activity, and reporting it as appropriate, provided that those internal policies are reasonably designed to identify and report suspicious activity.

FinCEN stated in a prior guidance that financial institutions should file SARs for continuing suspicious activity after a 90-day period, with a filing deadline of 120 calendar days following the filing of a previous, related SAR. This FAQ now clarifies that financial institutions are not required to do so.

The revised FAQs address longstanding industry concerns about ongoing reviews of customer activity after initial SAR filings. Historically, examiners have interpreted prior advisories as requiring frequent re-evaluations of previously flagged accounts on a set timetable. The new FAQs clarify that separate, post-SAR investigations need not be conducted unless dictated by risk-based internal processes or relevant facts emerge during routine monitoring. This move encourages institutions to leverage their own protocols rather than defaulting to rigid mandates, potentially allowing compliance teams greater flexibility while still meeting regulatory expectations.

    3. Timing of Reports

If a financial institution elects to file a continuing activity SAR in accordance with FinCEN’s continuing suspicious activity guidance, they should do so within 120 calendar days of the filing of an initial SAR. This provides financial institutions a 90-day period after the filing of an initial SAR to evaluate continuing suspicious activity, and a 30-day period to file the subsequent SAR if the institution detects ongoing suspicious activity. In such a case, the institution should mark the date range of suspicious activity to include the entire 90-day period immediately following the filing of an initial or most recent SAR, on Item 30 of the SAR form. If a financial institution elects further reporting due to continued suspicion, the revised timeline allows up to 150 calendar days following detection, providing additional flexibility compared with prior practice.

    4. SAR Documentation

FinCEN clarifies that neither the BSA nor its implementing regulations require a financial institution to document a decision not to file a SAR. Prior FinCEN guidance had encouraged financial institutions to document such a decision, but there is no requirement for them to do so. If a financial institution chooses to document the decision not to file a SAR, a short, concise statement documenting the decision, consistent with internal policies and procedures, is likely sufficient, though institutions may consider additional documentation in complex investigations.

Documentation standards surrounding decisions not-to-file have shifted from “best practice” recommendations toward an explicitly optional stance. For many years, documenting “no-file” determinations was encouraged, and became ingrained as best practice, but this has now been reframed as optional rather than required by law. Financial institutions are advised that concise recordkeeping aligned with their risk-based policies will generally suffice; extensive narrative explanations should be reserved for especially complex matters or when warranted by specific circumstances.

Conclusions and Practical Steps

The recently issued FAQs clarify supervisory expectations without changing existing legal or regulatory requirements for suspicious activity reporting. They respond to feedback from financial institutions while streamlining prior guidance. By clarifying ambiguous areas and prioritizing efficiency, regulators aim to align compliance efforts with national security priorities while minimizing unnecessary operational burdens for filers. Financial institutions should monitor how this new guidance is implemented during examinations, including any changes to supervisory manuals, and proactively adjust their reporting policies as needed to leverage efficiencies without compromising vigilance against illicit finance.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

On October 9, 2025, the Financial Crimes Enforcement Network (“FinCEN”) issued a renewal of its Geographic Targeting Order (“GTOs”), which require U.S. title insurance companies, including their subsidiaries and agents, to collect, retain, and report specified information regarding certain non-financed residential real estate transactions involving legal entities. The new GTO is effective from October 10, 2025 through February 28, 2026.

Access the new GTO here.  Read FinCEN’s press release here.  Read FinCENs FAQs about the GTOs here.  This is a topic on which we previously have blogged extensively.

Context and Regulatory Background

The renewal of the GTOs follows FinCEN’s September 30, 2025 announcement postponing implementation of its forthcoming Anti-Money Laundering Regulations for Residential Real Estate Transfers Rule (“RRE Rule”) until March 1, 2026. During this interim period, FinCEN states that the GTOs are intended to maintain transparency in residential real estate markets considered at higher risk for misuse by illicit actors. According to FinCEN’s accompanying press release, these orders continue to provide data on property purchases by persons who may be involved in various unlawful activities.

Scope of Coverage

There are no changes in geographic or monetary thresholds compared with previous orders. Covered transactions must meet all of the following criteria:

• The property is located within designated metropolitan areas or counties that include locations such as Los Angeles County, Miami-Dade County, Cook County, King County and Seattle, New York City boroughs, and others.
• The purchase price meets or exceeds $300,000 in most covered jurisdictions; Baltimore City and County retains a lower threshold at $50,000.
• The buyer is a “legal entity” defined as a corporation, limited liability company, partnership or similar business structure not listed on an SEC-regulated exchange.
• The transaction does not involve external financing from regulated financial institutions subject to Bank Secrecy Act (“BSA”) anti-money laundering obligations.
• Payment is made using currency or cash equivalents, including checks, money orders, wire transfers and funds transfers or virtual currency.

Reporting Requirements

Title insurance companies handling covered transactions must file a Currency Transaction Report with FinCEN within thirty days after closing. Required data includes:

• Identity details for both:
  • The individual primarily responsible for representing the purchasing entity;
  • Each beneficial owner holding at least twenty-five percent equity interest; and
  • Government-issued identification documents must be collected/described.
• Confirmation that buyer qualifies under relevant “legal entity” definitions;
• Property address(es);
• Date(s) of closing;
• Total purchase price(s);
• Method(s) used for payment; and
• Reporting party details, including notation “REGTO1025” indicating this specific GTO filing.

When multiple properties are included in one transaction, both total purchase price and per-property addresses and prices must be reported individually.

Record Retention & Compliance

The Order requires retention of all relevant records, including identity documents collected, for five years from expiration date. They must be accessible promptly upon request by regulators such as FinCEN.

Responsibility for compliance extends throughout each covered organization to officers, directors employees and agents alike; covered businesses are required to notify relevant personnel including executive management about these obligations. Noncompliance may result in civil or criminal penalties regardless of intent.

Key Definitions

Some important definitions under this Order include: 

• Beneficial Owner: Any individual directly or indirectly owning twenty-five percent or more equity interests in a purchasing legal entity; and
• Legal Entity: Includes corporations, limited liability companies, and partnerships, formed domestically or abroad; excludes those publicly listed with Securities Exchange Commission regulation.

No Modification to Broader BSA Obligations

This GTO supplements, but does not modify, other existing responsibilities imposed by the BSA.

As the real estate industry awaits broader anti-money laundering regulations, compliance with FinCEN’s renewed GTOs remains essential for title insurance companies and their agents. By continuing to collect and report detailed transaction data on non-financed purchases by legal entities, FinCEN proports that these measures aim to strengthen market transparency and deter criminal abuse of residential real estate. Staying informed on these developments will be critical as regulatory expectations evolve ahead of the RRE Rule’s full implementation in 2026.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team. 

On September 29, 2025, FinCEN issued a Notice and Request for Comment (the “Notice”) on a proposed information gathering exercise – A Survey of the Costs of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Compliance (the “Survey”).  Specifically, the Survey is intended to gather information on direct compliance costs incurred by non-bank financial institutions in AML/CFT compliance and, to the extent those costs overlap with other obligations, the amount directly attributable to AML/CFT compliance.

The Notice is directed to specific categories of non-bank financial institutions: Casinos and Card Clubs; Money Services Businesses; Insurance Companies; Dealers in Precious Metals and Stones; Operators of Credit Card Systems; and Loan or Finance Companies. 

In total, FinCEN estimates there will be 279,715 respondents falling into these categories, with the vast number – approximately 230,000 – being Money Services Businesses.  Given FinCEN’s assumption that the survey will take approximately 8 hours to complete, FinCEN estimates subject non-bank financial institutions to expend well north of 2 million hours providing the information sought.  While compliance with the survey will be voluntary, FinCEN notes that “information gathered will help assess the cumulative impact of AML/CFT regulations and may inform efforts to adjust regulatory obligations and advance deregulatory proposals consistent with the Executive Orders of the Trump administration.”  It also states that “the data may also support the development of deregulatory rulemakings or guidance to reduce compliance burden without compromising the effectiveness of current AML/CFT frameworks.”  And, FinCEN makes clear that no information submitted will be used for any supervisory or enforcement purposes.

Plainly, and expressly, FinCEN is setting the stage for efforts to scale back non-bank financial institutions’ compliance obligations, seeking comment on: the practical utility of compliance obligations, whether assumptions concerning compliance time-costs are accurate, ways to add efficiencies to the compliance process, ways information technology or other automated techniques can reduce manpower expended on compliance.

Comments will be accepted until December 1, 2025. 

For ease of reference, we reproduce the proposed survey here:

1. What was the total estimated direct cost in calendar year 2024 for your institution for compliance with all programs mandated by the BSA and its implementing regulations?
2. Please specify which of the following areas your institution uses technological resources, including software, to assist with, as applicable:
   • customer identification and verification procedures;
   • identifying suspicious activity;
   • currency transaction reporting or reports relating to currency in excess of $10,000 received by a trade or business;
   • 314(a) information sharing
   • Office of Foreign Assets Control (OFAC) compliance
3. Approximately what percentage of the total direct cost of AML/CFT compliance is attributable to the production of Suspicious Activity Reports (SARs), if applicable.  These direct costs include costs associated with AML/CFT staff reviewing alerts, maintaining a transaction monitoring system, and investigating cases arising from alerts, whether or not they lead to the production of a SAR, among other things.
4. (OPTIONAL) If your institution is able to provide the following information without significant burden, please provide approximately what percentage of the total cost of AML/CFT compliance is directly attributable to, as applicable:
   • Customer identification and verification procedures;
   • Reporting requirements for suspicious activity reporting;
   • Reporting requirements for currency transaction reporting and exemptions or reports relating to currency in excess of $10,000 received by a trade or business;
   • Internal controls related to AML/CFT compliance program;
   • Independent testing for compliance by internal personnel or an outside party;
   • Training and staffing employees;
   • 314(a) information sharing;
   • Funds transfer record keeping;
   • Monetary instrument recordkeeping;
   • Special measures;
   • Software;
   • Additional financial institution-specific BSA recordkeeping obligations (e.g., monetary instrument logs, also known as negotiable instrument logs, for casinos; extension of credit, for casinos; additional records that dealers in foreign exchange must retain);
   • MSB registration;
   • Other third-party activities
5. What approximate percentage of the total cost of AML/CFT compliance is attributable to complying with OFAC regulations?
6. Does your institution conduct anti-financial crime activities or maintain systems designed to combat financial crime that are not directly required by the BSA or its implementing regulations?  Examples include additional customer due diligence programs or the development and operation of a Financial Intelligence Unit.  If so, what is the direct cost (not included in question 1) of these additional activities across all business lines of your institution in calendar year 2024.  Separately, approximately what percentage of your institution’s total operating expenses did these direct costs represent in calendar year 2024?
7. Please provide any available date or narrative comments for your institution regarding the extent to which the non-BSA driven expenditures (i.e., the costs referenced in question (6)) generate a substantial portion of either the overall suspicious activity, and/or of national AML/CFT priorities related threat activity, that is described in SARs, if applicable.
8. Please provide any available data or narrative comments on whether there are particular types of products, services, customers or delivery channels where AML/CFT-required monitoring, reviews or investigations that have generated limited useful information from your institution’s perspective.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

On August 28, 2025, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) released an advisory (FIN-2025-A003) alongside a comprehensive Financial Trend Analysis (“FTA”), shining a spotlight on one of today’s most significant illicit finance risks: the integration of Chinese Money Laundering Networks (“CMLNs”) into the operations of Mexico-based transnational criminal organizations, better known as cartels. This pairing not only illustrates an evolution in global money laundering typologies but also presents new compliance challenges for financial institutions and multinational businesses alike.

The CMLN–Cartel Partnership

FinCEN’s latest analysis highlights how two very different regulatory environments have fostered an unlikely alliance:

1. Mexican cartels, flush with U.S.-dollar drug proceeds but restricted by Mexican currency controls that limit dollar deposits into local financial institutions (See related blog posts here, here and here.)
2. Chinese nationals, facing strict capital controls at home that cap annual foreign currency conversions at $50,000 per person.

These pressures have produced what FinCEN describes as “a mutualistic relationship”: CMLNs purchase dollars from cartels desperate to move cash out of reach; they then sell this cash to Chinese clients seeking ways around China’s capital controls, effectively weaving together criminal proceeds with ostensibly legitimate wealth migration.

As professional money launderers operating globally, including within U.S. borders, CMLNs have become vital intermediaries capable of handling vast sums quickly while minimizing risk for their cartel clients by offering both speed and sophistication at scale.

Mutual Interests

This alliance operates on simple logic: Cartels need to move large volumes of cash out of Mexico without attracting law enforcement scrutiny or breaching currency controls. Chinese individuals want access to overseas dollars beyond China’s annual conversion limits for investments or personal spending abroad.

CMLNs buy cash from cartel operatives at discounted rates, then sell this cash to Chinese clients seeking U.S. dollars outside formal channels, effectively blending criminal proceeds with legitimate wealth migration.

By operating globally, including within U.S borders, CMLNs serve as professional intermediaries who can rapidly move millions while minimizing risk for their cartel partners through fast settlements and advanced tradecraft.

Core Money Laundering Methods Used by CMLNs

FinCEN identifies three primary money laundering methodologies employed by CMLNs in support of cartel operations:

1. Mirror Transactions

Mirror transactions are at the heart of CMLN operations:

• These transactions resemble informal value transfer systems (“IVTS”), where one member receives illicit cash in one country while another delivers an equivalent value, often in pesos or yuan, to a recipient abroad.
• A hypothetical example: A U.S.-based operator collects dollar proceeds from a cartel contact. Simultaneously, an associate pays pesos directly to cartel representatives in Mexico without physically moving funds via formal banks.
• Increasingly, mirror transactions rely on convertible virtual currencies such as Bitcoin for swift settlement outside traditional banking channels. This system allows participants to evade detection by avoiding official remittance routes altogether, a key reason why these schemes continue thriving despite heightened regulatory scrutiny worldwide.

2. Trade-Based Money Laundering

Trade-Based Money Laundering (“TBML”) remains central within this threat landscape:

• Illicit funds are used within the United States to purchase bulk quantities of high-value goods, such as smartphones or luxury handbags, which are exported through complicit companies based often in Hong Kong or Latin America.
• Shell entities facilitate shipments overseas. These goods may be resold for local currency or serve directly as stores of wealth among Chinese buyers seeking alternatives to mainland investment restrictions. Layered export-import flows obscure both originators and ultimate beneficiaries across multiple jurisdictions. Frequently involved are “daigou” buyers, agents familiar throughout Chinese diaspora communities who use credit cards funded from laundered proceeds before shipping inventory home for resale on popular e-commerce platforms.

3. Use and Exploitation of Money Mules

Money mules play a crucial role:

• Large-scale recruitment targets vulnerable populations, including students on temporary visas (especially those restricted from lawful employment), retirees with modest means but clean credentials, or anyone willing to participate for compensation. These individuals may knowingly accept small fees or be misled under false pretenses via social media connections.  Facilitators within  CMLN structures may provide counterfeit passports for opening bank accounts. After the accounts are opened,  substantial deposits, often inconsistent with the account holder’s declared income sources, are made and quickly wired onward or converted into cashier’s checks used later for real estate acquisitions across desirable markets.

In addition,

• FinCEN has documented extensive misuse of retail credit card systems, with laundered funds being used to finance shopping sprees that do not fit established customer profiles;
• Outstanding balances are settled using fresh infusions from network-controlled accounts; and
• Reward points earned through spending cycles become additional vehicles for offshore payments, all facilitated using promotional platforms that are popular among Peoples Republic of China (“PRC”) nationals.

Key Red Flags and Compliance Vulnerabilities

To assist financial institutions in learning how money launderers exploit gaps across KYC processes and transaction monitoring frameworks, FinCEN has identified the following red flags:

1. Accounts opened with Chinese passports plus student or visitor visas, followed immediately by high-volume activity unrelated to customer profiles
2. Frequent large-dollar cash deposits closely followed by wire-outs or cashier’s check purchases
3. Multiple wire transfers originating abroad where legitimate business relationships cannot be substantiated
4. Reluctance, or outright refusal, to explain sources behind incoming transfers when questioned during onboarding or enhanced due diligence reviews
5. Shell companies focused on electronics or export trades reporting income inconsistent with typical business size, type, or geography
6. Businesses receiving repeated credits from online marketplaces but rarely engaging suppliers or purchasing needed inventory

Legacy rules-based monitoring tools frequently fail to detect suspicious activity unless multiple red flags appear together over time. This highlights the importance of adding contextual behavioral analysis to existing AML programs for more effective detection.

Five-Year Data Trends: SAR Insights (2020–2024)

The FTA supporting FinCEN’s advisory analyzed more than 137,000 Suspicious Activity Reports (“SAR”s) filed between January 2020–December 2024 under Bank Secrecy Act (“BSA”) obligations, with roughly $312 billion flagged as activity possibly tied back toward CMLN involvement.

Major Takeaways:

1. Depository Institutions are Prime Gateways

• Banks accounted for nearly 85% of all relevant filings, from national chains down through community branches serving immigrant-heavy metro areas where bulk-cash placement occurs largely undetected via traditional surveillance alone
• About 9% came from money services businesses reflecting vulnerability among smaller operators less equipped with modern anti-money laundering controls

2. TBML Schemes Remain Prevalent

• Over $9 billion cited specifically involved trade-based methods characterized by unusual funding behind exports/imports routed East Asia, Mexico, and Middle East corridors

3. Daigou Buyers and Credit Card Abuse Feature Prominently

• Only twenty SARs flagged daigou buyers explicitly, but associated retail or luxury typologies driven mainly through serial credit card spending cycles accounted collectively upwards $19 billion

4. Human Trafficking and Elder Fraud Crossovers Noted

• More than sixteen hundred filings implicated human trafficking or smuggling flows representing about $4+ billion transferred directly into massage parlors, spas, or restaurants owned ultimately via proxy structures linked back toward PRC and U.S dual residents (See related blog post here.)
• Adult daycare and healthcare fraud centered around New York facilities reflected hundreds more filings totaling nearly three quarters-of-a-billion dollars

5. Real Estate Remains Favored Integration Channel

• Over $53 billion in illicit funds were laundered through property acquisitions. These transactions were either conducted directly using accounts, wire transfers, or check payments held by money mules and falsely described as coming from “relatives abroad,” or indirectly routed through shell companies set up for single transactions and then abandoned after the deals closed.

6. Students Frequently Serve as Account Openers or Mules

• Roughly fourteen percent ($13+ billion) cited account holders listing status only as students, with patterns showing repeat openings, multiple bank links, or spending behavior well beyond background justification

Banks remain frontline defenders against this evolving threat ecosystem, yet also risk becoming unwitting conduits if robust internal practices lag rising sophistication exhibited among laundering networks themselves.

Regulatory Responses and Risk Mitigation Strategies

The evolving legal environment reflects increased regulatory attention and a growing focus on industry compliance obligations:

• FinCEN guidance aligns closely with broader policy developments including Executive Order 14157 which now designates major cartels and transnational crime organizations (“TCO”s) under Foreign Terrorist Organization statutes.
• The Department of Justice view even indirect facilitation, such as what could occur unwittingly through correspondent banking and remittance partnerships, as grounds not merely technical BSA breaches, but also as potential material support violations.
• In June 2025, FinCEN invoked new authority barring certain Mexican financial institutions labeled primary money laundering concerns from interacting with the U.S. financial system (See related blog post here).

For practitioners tasked daily with managing exposure amid rising complexity several actionable steps stand out:

Practical Steps Forward:

1. Revisit transaction monitoring and risk rating models by integrating the latest red flag indicators and placing greater emphasis on behavioral surveillance, especially in situations where multiple risk vectors converge over time;
2. Intensify customer due diligence especially regarding beneficial ownership verification and source-of-funds tracing;
3. Ensure that escalation protocols and internal reporting lines facilitate prompt legal and compliance review of any linkages, even circumstantial, to sanctioned entities, TCOs, and CMLNs;
4. Where third-party exposure exists overseas, including logistics providers, supply chain partners, freight forwarders, and export-import brokers operating out of affected regions, embed contract language granting audit rights and requires proof of adequate AML/CFT program compliance; and
5. Educate staff routinely regarding current threat typologies, new sanctions lists, and red flag scenarios, ensuring awareness extends to non-financial operational units likely exposed day-to-day interactions.

Implementing these strategies helps ensure defenses remain dynamic in response to both evolving geopolitical realities and technological advances increasingly exploited criminal actors.

Conclusion: Adapting Amid Escalating Complexity

With more than $312 billion flagged suspicious over just four years, and robust government action underway, FinCEN’s message is unmistakable: professionalized global networks will continue adapting rapidly unless private sector vigilance rises correspondingly.

Financial institutions must evolve beyond box-ticking compliance toward genuinely intelligent risk assessment incorporating current geopolitical shifts, regulatory changes, and emerging technology-enabled evasion tactics deployed alike by the cartels and CMLN brokers.

As reflected throughout both FIN-2025-A003 advisory and the FTA, a multi-layered defense posture leveraging intelligence-driven detection capabilities will prove indispensable if industry participants aim not simply survive, but thrive, in today’s ever-changing regulatory landscape.

By implementing comprehensive detection techniques, drawing on international best practices and a nuanced understanding of the specific cross-border risks associated with modern money laundering methods, the financial sector can better protect itself and fulfill regulatory obligations to maintain the integrity of global payment systems.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

On August 6^th, 2025, following a four-week trial, a jury found Roman Storm, the founder of a crypto mixing service called Tornado Cash, guilty of conspiracy to operate an unlicensed money transmitting business. The jury was deadlocked and unable to reach a verdict on the two more serious charges against Storm: conspiracy to commit money laundering, and conspiracy to violate sanctions. The Tornado Cash case has been closely watched due to its implications for cryptocurrency regulation and the use of privacy-enhancing technologies in financial transactions.

Tornado Cash provides an open-source protocol frequently referred to as a “mixer,” which breaks the link between senders and recipients of cryptocurrency in order to enhance privacy. Essentially, the protocol allows users to anonymize cryptocurrency transactions by obscuring the source, recipient, and general movement of the assets that flow through it. It relies on immutable smart contracts, which are essentially one-party contracts between users and the platform, for the movement of assets. Crucially, neither Tornado Cash nor its founders ever directly took custody of users’ funds, and the creators had no discretionary control over the platform’s use. It was governed by a Decentralized Autonomous Organization (“DAO”), wherein users who own Tornado Cash Tokens vote to make decisions on behalf of the platform.

Supporters hail Tornado Cash for making great strides in the privacy—and, correspondingly, safety—associated with cryptocurrency. As Storm’s defense team highlighted, this is crucial for various types of users, like high-net-worth individuals, or activists, who have legitimate concerns that their safety may be jeopardized by traceable transactions.

Law enforcement and regulatory bodies, however, are still trying to figure out what to do with technology that permits substantial amounts of currency to move with minimal, if any, accountability or oversight. Anti-Money Laundering (“AML”) and Know Your Customer (“KYC”) laws and regulations, and Financial Crimes Enforcement Network (“FinCEN”) registration and other requirements, exist to protect against the harms that flow from criminal actors’ use of financial services to prevent enforcement authorities from tracing proceeds of criminal activity. The problem is that the legal and regulatory framework in place now was not designed for today’s technology. As the Tornado Cash verdict demonstrates, this leaves enforcement bodies trying to fit a square peg in a round hole where they perceive that harm has been caused by digital asset technology. The result is further uncertainty regarding what obligations developers have to moderate and regulate users—a function that would not be possible with Tornado Cash’s model—and what liabilities may follow if they fail or refuse to do so.

In this case, the government sought to hold Roman liable for when criminal actors utilized the platform after he created it, and after he gave up any ability to control or regulate its use. The jury’s inability to reach a verdict on the two more serious charges—conspiracy to commit money laundering and conspiracy to commit sanctions violations—likely reflects a deep divide regarding who should be held responsible for harms perpetuated in the digital assets space. On one hand, it is difficult to prove that Roman conspired to commit money laundering or sanctions violations when there was no relationship between Roman and the illicit actors. Roman developed the platform they later used, but he had no control over it by the time they used it, and neither the platform itself nor its creators ever took custody of the assets at issue. On the other hand, it was reasonably predictable that the platform would be used for illicit purposes. From a prevention-focused perspective, Tornado Cash’s creators were in a better position than anyone else to deter wrongdoers from using the platform. But that does not mean that they could be held criminally liable for failing to do so.

This month’s jury verdict highlights the challenges in doing so. The one count on which Storm was convicted, conspiracy to operate an unlicensed money transmitting business, did not require the jury to find that Storm had any ties to illicit funds or hackers. Moreover, while Roman was convicted for his decision not to register Tornado Cash as a money transmitting business, there are substantial questions that will surely be raised on appeal. Can Roman actually be liable for “operating” a money transmitting business that he designed in such a way that he had no operational control over it? And, can Tornado Cash itself be considered a “money transmitter” when it never actually takes custody of funds?

The outcome does not, however, clear creators of mixers like Tornado Cash, or creators in the digital asset space generally, of concerns for regulatory and criminal liability. First, while the count for operation of an unlicensed money transmitting business is the least serious of the counts, it is still a criminal conviction, for which Storm could face up to five years of in prison. Further, the jury did not acquit Storm. It was deadlocked. This means that some members of the jury believed the government had proven its case against Storm on those counts. And the claims were at least determined legally sufficient to go through to trial. The lack of an acquittal indicates that future cases with similar, slightly altered facts, could lead to more serious convictions than we saw here.

In short, the outcome does little, if anything, to resolve the uncertainty that pervades this space. Individuals or entities involved in the creation or operation of tools for digital asset users should exercise caution and consult counsel regarding whether they should register as a money transmitting business, and what steps they may be required to take with respect to AML or KYC laws and regulations. Unless and until new legislation is passed to address these questions, the law is likely to remain murky regarding how the current rules apply to operators in the digital asset space. The Tornado Cash verdict shows that juries may be willing to accept theories of liability that hold creators of these platforms accountable under traditional financial services regulations when the tools and platforms they create are ultimately used by criminal actors.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

On August 4, 2025, the Financial Crimes Enforcement Network (“FinCEN”) issued Notice FIN-2025-NTC1 (the “Notice”) to address mounting concerns over regulatory risks related to convertible virtual currency (“CVC”) kiosks, also known as cryptocurrency ATMs. This action is part of a broader response to the rise in money laundering, fraud, and other financial crimes linked to digital assets.

What Are CVC Kiosks? How Do They Work?

CVC kiosks are terminals that allow customers to exchange physical cash for cryptocurrencies such as Bitcoin or Ethereum. Their popularity has accelerated due to their user-friendly interfaces and widespread presence in public venues like convenience stores and supermarkets. Typically, a transaction begins with customer identification, ranging from providing basic details like a phone number to scanning a government-issued ID, depending on the kiosk operator’s compliance protocols. After verification, users enter or scan their personal crypto wallet address so the purchased funds can be transferred directly. Payment is settled either by depositing cash into the machine or using card payment options available at certain kiosks. These devices may connect in real time with online cryptocurrency exchanges or use pre-loaded inventories managed by operators.

While convenient access through high-traffic retail locations benefits legitimate consumers, including those who might otherwise avoid digital assets, the relative anonymity of CVC kiosk transactions and lower oversight compared to bank branches create significant opportunities for criminal misuse.

Why Is FinCEN Focusing on These Kiosks Now?

FinCEN has observed sharp increases in consumer complaints and financial losses associated with CVC kiosk-related scams. In 2024 alone, the FBI’s Internet Crime Complaint Center recorded over 10,956 complaints involving these machines, a year-over-year surge of nearly 99%, with aggregate victim losses approaching $246.7 million (an increase of about 31%). This pattern extends beyond consumer fraud. Criminal organizations such as Cartel Jalisco Nueva Generación have embraced virtual currencies for their rapid global transferability and anonymity unavailable through traditional banking channels.

These trends intersect with this administration’s priorities around anti-money laundering (“AML”) and countering terrorist financing (“CTF”): protecting vulnerable populations from fraud, disrupting cyber-enabled crime, and intercepting organized crime-driven money laundering activities.

Key Risks Identified by FinCEN

The Notice highlights several major risks linked to CVC kiosk usage. Organized crime groups increasingly exploit these terminals as alternatives to conventional cash-based schemes, particularly in U.S cities that have become hotspots for laundering proceeds via local kiosks instead of banks because transactions are faster and more difficult for authorities to monitor effectively. Vulnerable populations are especially at risk. FinCEN states that nearly two-thirds of scam-related losses involve individuals aged sixty or older. Many attacks begin with phone-based deception before victims are remotely guided through withdrawal processes at kiosks.

Prevalent scams exploiting CVC kiosks include tech support frauds where victims are told their computer is infected and instructed to pay via Bitcoin ATMs using QR codes supplied by scammers; government impostor schemes invent fake tax liabilities payable only through kiosk deposits; romance scams manipulate targets into sending cryptocurrency under false pretenses built on fabricated relationships; lottery hoaxes promise non-existent prizes contingent upon upfront payments made through crypto transfers at kiosks.

Regulatory Requirements

FinCEN reminds operators that they must register as Money Services Businesses (“MSBs”), comply fully with Bank Secrecy Act (“BSA”) obligations, including robust AML protocols. and maintain proper recordkeeping standards before operating any CVC kiosk business. Operators need strong Know Your Customer (“KYC”) procedures so customers can be properly identified, a critical measure against anonymous abuse facilitating illicit activity. In addition, ongoing monitoring for suspicious activity is required; this includes filing Suspicious Activity Reports (“SARs”) when detecting patterns such as structured deposits just below reporting thresholds or rapid withdrawals indicative of potential money laundering efforts.

Regular audits and compliance reviews are essential since lapses expose operators not only to civil penalties but potentially criminal liability under federal law. Common compliance failures include inadequate customer verification procedures; poor retention of documentation; marketing strategies promoting “no-ID required” features contrary to regulations; lack of state licensure; or use of fraudulent business identities or accounts, all vulnerabilities that regulatory authorities scrutinize closely.

Practical Guidance

To help detect suspicious activity involving CVC kiosks, the Notice outlines key red flags:

1. Customers structuring payments just below reporting thresholds using multiple accounts or kiosks.
2. Unusual high-value transactions from customers lacking transaction history, with rapid movement across wallets or currencies.
3. Multiple interconnected accounts, phone numbers, or wallet addresses used across geographically distant locations.
4. Transactions sent directly toward wallets flagged by blockchain analysis as tied either to scams, illicit conduct, or investment fraud institutions.
5. Elderly customers conducting large transactions after remote direction, often following significant cash withdrawals.
6. Operators running without appropriate federal or state registration.
7. Advertising minimal or no-ID requirements despite regulatory mandates regarding identification/documentation collection practices.

FinCEN reminds financial institutions to file SARs whenever they identify these indicators, even if supporting evidence is limited at the outset. All SAR filings must be securely retained for at least five years after submission, in accordance with BSA requirements and strict access controls to protect sensitive information. Section §314(b) of the USA PATRIOT Act also permits voluntary sharing of this information among authorized organizations engaged in efforts to disrupt terrorist financing and money laundering networks globally.

Looking Ahead

The issuance of this Notice signals intensifying regulatory scrutiny prompted not just by rising incidents but also industry control gaps among certain market participants operating outside robust standards expected within digital asset sectors today.

As digital asset transactions expand, it is important for banks, cryptocurrency platforms, fintech companies, and kiosk operators to proactively integrate FinCEN’s red flag indicators and enhance AML/CFT protocols. Doing so helps safeguard clients while meeting legal obligations and promoting trust within the sector. Consumers are also encouraged to be aware of potential risks associated with using CVC kiosks until industry-wide protections are strengthened.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

On July 23, 2025, Senators John Fetterman (D-PA), Chuck Grassley (R-IA), Sheldon Whitehouse (D-RI), Bill Cassidy (R-LA), Andy Kim (D-NJ), and David McCormick (R-PA), introduced the federal Art Market Integrity Act (the “Act”). The Act is bipartisan legislation that would require art dealers and auction houses to comply with anti-money-laundering and counter-terrorism financing regulations under the Bank Secrecy Act (“BSA”).

The Act seeks to amend the BSA to align the United States’s laws with international standards adopted by the United Kingdom, European Union, and Switzerland, preventing America from becoming a safe haven for illicit activities. The Act targets high-risk art market transactions while exempting artists and businesses with under $50,000 in annual art transactions.

The Act would expand the definition of “financial institution” in 31 U.S.C. § 5312(a)(2) to include:

a person engaged in the trade in works of art, including a dealer, advisor, consultant, custodian, gallery, auction house, museum, collector, or any other person who engages as a business as an intermediary in the sale of works of art, unless the person —

• during the prior year, participated in no single transaction valued over $10,000 that involved a work of art;
• has not, during the prior year, participated in total transactions valued at $50,000 that involved a work of art; or
• is a person engaged in the art market for the sole purpose of selling works of art created by the person.

The Act defines “work of art” as “any original painting, sculpture, watercolor, print, drawing, photograph, installation art, or video art, not including — (A) applied art such as product design, fashion design, architectural design, or interior design; or (B) mass-produced decorative art, including ceramics, textiles, or carpets.’’

The Act directs the Treasury to coordinate with appropriate federal agencies revise its advisory issued by the Office of Foreign Asset Control on October 30, 2020, regarding the risks of high-value artwork transactions involving sanctioned persons or entities. The 2020 advisory highlighting the problem of individuals blocked by OFAC from entering the U.S. financial system trying to evade those restrictions through the commerce of art, and emphasizing sanctions for U.S. persons who engage in prohibited transactions. See our prior blog on the advisory.

The Act directs FinCEN to in consultation and coordination with appropriate Federal agencies, to issue proposed rules to carry out the amendments made by subsection (a), including —

1. determining which persons should be subject to the rulemaking based on domestic or international geographical location;
2.  the degree to which the regulations should apply based on status as an agent or intermediary acting on behalf of a purchaser; and
3. whether certain exemptions should apply to the regulations.

The Act, if passed, would become effective on the earlier of (i) 360 days after enactment or (ii) the effective date of rules issued by FinCEN.

Similar legislative was introduced in 2020 to (i) add to the list of “financial institutions” covered by the BSA “a person trading or acting as an intermediary in the trade of antiquities, including an advisor, consultant or any other person who engages as a business in the solicitation of the sale of antiquities;” and (ii) require a study by the Secretary of the Treasury “on the facilitation of money laundering and terror finance through the trade of works of art or antiquities,” including an evaluation of whether art industry markets should be regulated under the BSA.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.