On August 28, 2025, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) released an advisory (FIN-2025-A003) alongside a comprehensive Financial Trend Analysis (“FTA”), shining a spotlight on one of today’s most significant illicit finance risks: the integration of Chinese Money Laundering Networks (“CMLNs”) into the operations of Mexico-based transnational criminal organizations, better known as cartels. This pairing not only illustrates an evolution in global money laundering typologies but also presents new compliance challenges for financial institutions and multinational businesses alike.

The CMLN–Cartel Partnership

FinCEN’s latest analysis highlights how two very different regulatory environments have fostered an unlikely alliance:

1. Mexican cartels, flush with U.S.-dollar drug proceeds but restricted by Mexican currency controls that limit dollar deposits into local financial institutions (See related blog posts here, here and here.)
2. Chinese nationals, facing strict capital controls at home that cap annual foreign currency conversions at $50,000 per person.

These pressures have produced what FinCEN describes as “a mutualistic relationship”: CMLNs purchase dollars from cartels desperate to move cash out of reach; they then sell this cash to Chinese clients seeking ways around China’s capital controls, effectively weaving together criminal proceeds with ostensibly legitimate wealth migration.

As professional money launderers operating globally, including within U.S. borders, CMLNs have become vital intermediaries capable of handling vast sums quickly while minimizing risk for their cartel clients by offering both speed and sophistication at scale.

Mutual Interests

This alliance operates on simple logic: Cartels need to move large volumes of cash out of Mexico without attracting law enforcement scrutiny or breaching currency controls. Chinese individuals want access to overseas dollars beyond China’s annual conversion limits for investments or personal spending abroad.

CMLNs buy cash from cartel operatives at discounted rates, then sell this cash to Chinese clients seeking U.S. dollars outside formal channels, effectively blending criminal proceeds with legitimate wealth migration.

By operating globally, including within U.S borders, CMLNs serve as professional intermediaries who can rapidly move millions while minimizing risk for their cartel partners through fast settlements and advanced tradecraft.

Core Money Laundering Methods Used by CMLNs

FinCEN identifies three primary money laundering methodologies employed by CMLNs in support of cartel operations:

1. Mirror Transactions

Mirror transactions are at the heart of CMLN operations:

• These transactions resemble informal value transfer systems (“IVTS”), where one member receives illicit cash in one country while another delivers an equivalent value, often in pesos or yuan, to a recipient abroad.
• A hypothetical example: A U.S.-based operator collects dollar proceeds from a cartel contact. Simultaneously, an associate pays pesos directly to cartel representatives in Mexico without physically moving funds via formal banks.
• Increasingly, mirror transactions rely on convertible virtual currencies such as Bitcoin for swift settlement outside traditional banking channels. This system allows participants to evade detection by avoiding official remittance routes altogether, a key reason why these schemes continue thriving despite heightened regulatory scrutiny worldwide.

2. Trade-Based Money Laundering

Trade-Based Money Laundering (“TBML”) remains central within this threat landscape:

• Illicit funds are used within the United States to purchase bulk quantities of high-value goods, such as smartphones or luxury handbags, which are exported through complicit companies based often in Hong Kong or Latin America.
• Shell entities facilitate shipments overseas. These goods may be resold for local currency or serve directly as stores of wealth among Chinese buyers seeking alternatives to mainland investment restrictions. Layered export-import flows obscure both originators and ultimate beneficiaries across multiple jurisdictions. Frequently involved are “daigou” buyers, agents familiar throughout Chinese diaspora communities who use credit cards funded from laundered proceeds before shipping inventory home for resale on popular e-commerce platforms.

3. Use and Exploitation of Money Mules

Money mules play a crucial role:

• Large-scale recruitment targets vulnerable populations, including students on temporary visas (especially those restricted from lawful employment), retirees with modest means but clean credentials, or anyone willing to participate for compensation. These individuals may knowingly accept small fees or be misled under false pretenses via social media connections.  Facilitators within  CMLN structures may provide counterfeit passports for opening bank accounts. After the accounts are opened,  substantial deposits, often inconsistent with the account holder’s declared income sources, are made and quickly wired onward or converted into cashier’s checks used later for real estate acquisitions across desirable markets.

In addition,

• FinCEN has documented extensive misuse of retail credit card systems, with laundered funds being used to finance shopping sprees that do not fit established customer profiles;
• Outstanding balances are settled using fresh infusions from network-controlled accounts; and
• Reward points earned through spending cycles become additional vehicles for offshore payments, all facilitated using promotional platforms that are popular among Peoples Republic of China (“PRC”) nationals.

Key Red Flags and Compliance Vulnerabilities

To assist financial institutions in learning how money launderers exploit gaps across KYC processes and transaction monitoring frameworks, FinCEN has identified the following red flags:

1. Accounts opened with Chinese passports plus student or visitor visas, followed immediately by high-volume activity unrelated to customer profiles
2. Frequent large-dollar cash deposits closely followed by wire-outs or cashier’s check purchases
3. Multiple wire transfers originating abroad where legitimate business relationships cannot be substantiated
4. Reluctance, or outright refusal, to explain sources behind incoming transfers when questioned during onboarding or enhanced due diligence reviews
5. Shell companies focused on electronics or export trades reporting income inconsistent with typical business size, type, or geography
6. Businesses receiving repeated credits from online marketplaces but rarely engaging suppliers or purchasing needed inventory

Legacy rules-based monitoring tools frequently fail to detect suspicious activity unless multiple red flags appear together over time. This highlights the importance of adding contextual behavioral analysis to existing AML programs for more effective detection.

Five-Year Data Trends: SAR Insights (2020–2024)

The FTA supporting FinCEN’s advisory analyzed more than 137,000 Suspicious Activity Reports (“SAR”s) filed between January 2020–December 2024 under Bank Secrecy Act (“BSA”) obligations, with roughly $312 billion flagged as activity possibly tied back toward CMLN involvement.

Major Takeaways:

1. Depository Institutions are Prime Gateways

• Banks accounted for nearly 85% of all relevant filings, from national chains down through community branches serving immigrant-heavy metro areas where bulk-cash placement occurs largely undetected via traditional surveillance alone
• About 9% came from money services businesses reflecting vulnerability among smaller operators less equipped with modern anti-money laundering controls

2. TBML Schemes Remain Prevalent

• Over $9 billion cited specifically involved trade-based methods characterized by unusual funding behind exports/imports routed East Asia, Mexico, and Middle East corridors

3. Daigou Buyers and Credit Card Abuse Feature Prominently

• Only twenty SARs flagged daigou buyers explicitly, but associated retail or luxury typologies driven mainly through serial credit card spending cycles accounted collectively upwards $19 billion

4. Human Trafficking and Elder Fraud Crossovers Noted

• More than sixteen hundred filings implicated human trafficking or smuggling flows representing about $4+ billion transferred directly into massage parlors, spas, or restaurants owned ultimately via proxy structures linked back toward PRC and U.S dual residents (See related blog post here.)
• Adult daycare and healthcare fraud centered around New York facilities reflected hundreds more filings totaling nearly three quarters-of-a-billion dollars

5. Real Estate Remains Favored Integration Channel

• Over $53 billion in illicit funds were laundered through property acquisitions. These transactions were either conducted directly using accounts, wire transfers, or check payments held by money mules and falsely described as coming from “relatives abroad,” or indirectly routed through shell companies set up for single transactions and then abandoned after the deals closed.

6. Students Frequently Serve as Account Openers or Mules

• Roughly fourteen percent ($13+ billion) cited account holders listing status only as students, with patterns showing repeat openings, multiple bank links, or spending behavior well beyond background justification

Banks remain frontline defenders against this evolving threat ecosystem, yet also risk becoming unwitting conduits if robust internal practices lag rising sophistication exhibited among laundering networks themselves.

Regulatory Responses and Risk Mitigation Strategies

The evolving legal environment reflects increased regulatory attention and a growing focus on industry compliance obligations:

• FinCEN guidance aligns closely with broader policy developments including Executive Order 14157 which now designates major cartels and transnational crime organizations (“TCO”s) under Foreign Terrorist Organization statutes.
• The Department of Justice view even indirect facilitation, such as what could occur unwittingly through correspondent banking and remittance partnerships, as grounds not merely technical BSA breaches, but also as potential material support violations.
• In June 2025, FinCEN invoked new authority barring certain Mexican financial institutions labeled primary money laundering concerns from interacting with the U.S. financial system (See related blog post here).

For practitioners tasked daily with managing exposure amid rising complexity several actionable steps stand out:

Practical Steps Forward:

1. Revisit transaction monitoring and risk rating models by integrating the latest red flag indicators and placing greater emphasis on behavioral surveillance, especially in situations where multiple risk vectors converge over time;
2. Intensify customer due diligence especially regarding beneficial ownership verification and source-of-funds tracing;
3. Ensure that escalation protocols and internal reporting lines facilitate prompt legal and compliance review of any linkages, even circumstantial, to sanctioned entities, TCOs, and CMLNs;
4. Where third-party exposure exists overseas, including logistics providers, supply chain partners, freight forwarders, and export-import brokers operating out of affected regions, embed contract language granting audit rights and requires proof of adequate AML/CFT program compliance; and
5. Educate staff routinely regarding current threat typologies, new sanctions lists, and red flag scenarios, ensuring awareness extends to non-financial operational units likely exposed day-to-day interactions.

Implementing these strategies helps ensure defenses remain dynamic in response to both evolving geopolitical realities and technological advances increasingly exploited criminal actors.

Conclusion: Adapting Amid Escalating Complexity

With more than $312 billion flagged suspicious over just four years, and robust government action underway, FinCEN’s message is unmistakable: professionalized global networks will continue adapting rapidly unless private sector vigilance rises correspondingly.

Financial institutions must evolve beyond box-ticking compliance toward genuinely intelligent risk assessment incorporating current geopolitical shifts, regulatory changes, and emerging technology-enabled evasion tactics deployed alike by the cartels and CMLN brokers.

As reflected throughout both FIN-2025-A003 advisory and the FTA, a multi-layered defense posture leveraging intelligence-driven detection capabilities will prove indispensable if industry participants aim not simply survive, but thrive, in today’s ever-changing regulatory landscape.

By implementing comprehensive detection techniques, drawing on international best practices and a nuanced understanding of the specific cross-border risks associated with modern money laundering methods, the financial sector can better protect itself and fulfill regulatory obligations to maintain the integrity of global payment systems.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

On August 4, 2025, the Financial Crimes Enforcement Network (“FinCEN”) issued Notice FIN-2025-NTC1 (the “Notice”) to address mounting concerns over regulatory risks related to convertible virtual currency (“CVC”) kiosks, also known as cryptocurrency ATMs. This action is part of a broader response to the rise in money laundering, fraud, and other financial crimes linked to digital assets.

What Are CVC Kiosks? How Do They Work?

CVC kiosks are terminals that allow customers to exchange physical cash for cryptocurrencies such as Bitcoin or Ethereum. Their popularity has accelerated due to their user-friendly interfaces and widespread presence in public venues like convenience stores and supermarkets. Typically, a transaction begins with customer identification, ranging from providing basic details like a phone number to scanning a government-issued ID, depending on the kiosk operator’s compliance protocols. After verification, users enter or scan their personal crypto wallet address so the purchased funds can be transferred directly. Payment is settled either by depositing cash into the machine or using card payment options available at certain kiosks. These devices may connect in real time with online cryptocurrency exchanges or use pre-loaded inventories managed by operators.

While convenient access through high-traffic retail locations benefits legitimate consumers, including those who might otherwise avoid digital assets, the relative anonymity of CVC kiosk transactions and lower oversight compared to bank branches create significant opportunities for criminal misuse.

Why Is FinCEN Focusing on These Kiosks Now?

FinCEN has observed sharp increases in consumer complaints and financial losses associated with CVC kiosk-related scams. In 2024 alone, the FBI’s Internet Crime Complaint Center recorded over 10,956 complaints involving these machines, a year-over-year surge of nearly 99%, with aggregate victim losses approaching $246.7 million (an increase of about 31%). This pattern extends beyond consumer fraud. Criminal organizations such as Cartel Jalisco Nueva Generación have embraced virtual currencies for their rapid global transferability and anonymity unavailable through traditional banking channels.

These trends intersect with this administration’s priorities around anti-money laundering (“AML”) and countering terrorist financing (“CTF”): protecting vulnerable populations from fraud, disrupting cyber-enabled crime, and intercepting organized crime-driven money laundering activities.

Key Risks Identified by FinCEN

The Notice highlights several major risks linked to CVC kiosk usage. Organized crime groups increasingly exploit these terminals as alternatives to conventional cash-based schemes, particularly in U.S cities that have become hotspots for laundering proceeds via local kiosks instead of banks because transactions are faster and more difficult for authorities to monitor effectively. Vulnerable populations are especially at risk. FinCEN states that nearly two-thirds of scam-related losses involve individuals aged sixty or older. Many attacks begin with phone-based deception before victims are remotely guided through withdrawal processes at kiosks.

Prevalent scams exploiting CVC kiosks include tech support frauds where victims are told their computer is infected and instructed to pay via Bitcoin ATMs using QR codes supplied by scammers; government impostor schemes invent fake tax liabilities payable only through kiosk deposits; romance scams manipulate targets into sending cryptocurrency under false pretenses built on fabricated relationships; lottery hoaxes promise non-existent prizes contingent upon upfront payments made through crypto transfers at kiosks.

Regulatory Requirements

FinCEN reminds operators that they must register as Money Services Businesses (“MSBs”), comply fully with Bank Secrecy Act (“BSA”) obligations, including robust AML protocols. and maintain proper recordkeeping standards before operating any CVC kiosk business. Operators need strong Know Your Customer (“KYC”) procedures so customers can be properly identified, a critical measure against anonymous abuse facilitating illicit activity. In addition, ongoing monitoring for suspicious activity is required; this includes filing Suspicious Activity Reports (“SARs”) when detecting patterns such as structured deposits just below reporting thresholds or rapid withdrawals indicative of potential money laundering efforts.

Regular audits and compliance reviews are essential since lapses expose operators not only to civil penalties but potentially criminal liability under federal law. Common compliance failures include inadequate customer verification procedures; poor retention of documentation; marketing strategies promoting “no-ID required” features contrary to regulations; lack of state licensure; or use of fraudulent business identities or accounts, all vulnerabilities that regulatory authorities scrutinize closely.

Practical Guidance

To help detect suspicious activity involving CVC kiosks, the Notice outlines key red flags:

1. Customers structuring payments just below reporting thresholds using multiple accounts or kiosks.
2. Unusual high-value transactions from customers lacking transaction history, with rapid movement across wallets or currencies.
3. Multiple interconnected accounts, phone numbers, or wallet addresses used across geographically distant locations.
4. Transactions sent directly toward wallets flagged by blockchain analysis as tied either to scams, illicit conduct, or investment fraud institutions.
5. Elderly customers conducting large transactions after remote direction, often following significant cash withdrawals.
6. Operators running without appropriate federal or state registration.
7. Advertising minimal or no-ID requirements despite regulatory mandates regarding identification/documentation collection practices.

FinCEN reminds financial institutions to file SARs whenever they identify these indicators, even if supporting evidence is limited at the outset. All SAR filings must be securely retained for at least five years after submission, in accordance with BSA requirements and strict access controls to protect sensitive information. Section §314(b) of the USA PATRIOT Act also permits voluntary sharing of this information among authorized organizations engaged in efforts to disrupt terrorist financing and money laundering networks globally.

Looking Ahead

The issuance of this Notice signals intensifying regulatory scrutiny prompted not just by rising incidents but also industry control gaps among certain market participants operating outside robust standards expected within digital asset sectors today.

As digital asset transactions expand, it is important for banks, cryptocurrency platforms, fintech companies, and kiosk operators to proactively integrate FinCEN’s red flag indicators and enhance AML/CFT protocols. Doing so helps safeguard clients while meeting legal obligations and promoting trust within the sector. Consumers are also encouraged to be aware of potential risks associated with using CVC kiosks until industry-wide protections are strengthened.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.