Search results for: executive order

President Biden has signed an Executive Order entitled “Ensuring Responsible Innovation in Digital Assets.”  The press release regarding the Order is here.

According to the press release, the Order outlines “the first ever, whole-of-government approach to addressing the risks and harnessing the potential benefits of digital assets and their underlying technology. The Order lays out a national policy for digital assets across six key priorities: consumer and investor protection; financial stability; illicit finance; U.S. leadership in the global financial system and economic competitiveness; financial inclusion; and responsible innovation.”  Not surprisingly, the section of the Order pertaining to illicit finance focuses on AML concerns, and refers to issues on which we have blogged repeatedly, including the use of digital assets to further ransomware schemes and the global patchwork quilt of crypto-related AML regulation.

The Order does not make any substantive conclusions.  Rather, it sets forth requirements for various government agencies to coordinate and submit reports and recommendations regarding many different issues.  We set forth below the bulk of the press release, which nicely summarizes the Order, and highlight in bold the six “key priorities.” Continue Reading President Biden Issues Executive Order on Digital Assets and “Whole-of-Government Approach” to Risks and Benefits

On October 9, 2025, the Financial Crimes Enforcement Network (“FinCEN”) issued a renewal of its Geographic Targeting Order (“GTOs”), which require U.S. title insurance companies, including their subsidiaries and agents, to collect, retain, and report specified information regarding certain non-financed residential real estate transactions involving legal entities. The new GTO is effective from October 10, 2025 through February 28, 2026.

Access the new GTO here.  Read FinCEN’s press release here.  Read FinCENs FAQs about the GTOs here.  This is a topic on which we previously have blogged extensively.

Context and Regulatory Background

The renewal of the GTOs follows FinCEN’s September 30, 2025 announcement postponing implementation of its forthcoming Anti-Money Laundering Regulations for Residential Real Estate Transfers Rule (“RRE Rule”) until March 1, 2026. During this interim period, FinCEN states that the GTOs are intended to maintain transparency in residential real estate markets considered at higher risk for misuse by illicit actors. According to FinCEN’s accompanying press release, these orders continue to provide data on property purchases by persons who may be involved in various unlawful activities.

Scope of Coverage

There are no changes in geographic or monetary thresholds compared with previous orders. Covered transactions must meet all of the following criteria:

  • The property is located within designated metropolitan areas or counties that include locations such as Los Angeles County, Miami-Dade County, Cook County, King County and Seattle, New York City boroughs, and others.
  • The purchase price meets or exceeds $300,000 in most covered jurisdictions; Baltimore City and County retains a lower threshold at $50,000.
  • The buyer is a “legal entity” defined as a corporation, limited liability company, partnership or similar business structure not listed on an SEC-regulated exchange.
  • The transaction does not involve external financing from regulated financial institutions subject to Bank Secrecy Act (“BSA”) anti-money laundering obligations.
  • Payment is made using currency or cash equivalents, including checks, money orders, wire transfers and funds transfers or virtual currency.

Reporting Requirements

Title insurance companies handling covered transactions must file a Currency Transaction Report with FinCEN within thirty days after closing. Required data includes:

  • Identity details for both:
    • The individual primarily responsible for representing the purchasing entity;
    • Each beneficial owner holding at least twenty-five percent equity interest; and
    • Government-issued identification documents must be collected/described.
  • Confirmation that buyer qualifies under relevant “legal entity” definitions;
  • Property address(es);
  • Date(s) of closing;
  • Total purchase price(s);
  • Method(s) used for payment; and
  • Reporting party details, including notation “REGTO1025” indicating this specific GTO filing.

When multiple properties are included in one transaction, both total purchase price and per-property addresses and prices must be reported individually.

Record Retention & Compliance

The Order requires retention of all relevant records, including identity documents collected, for five years from expiration date. They must be accessible promptly upon request by regulators such as FinCEN.

Responsibility for compliance extends throughout each covered organization to officers, directors employees and agents alike; covered businesses are required to notify relevant personnel including executive management about these obligations. Noncompliance may result in civil or criminal penalties regardless of intent.

Key Definitions

Some important definitions under this Order include: 

  • Beneficial Owner: Any individual directly or indirectly owning twenty-five percent or more equity interests in a purchasing legal entity; and
  • Legal Entity: Includes corporations, limited liability companies, and partnerships, formed domestically or abroad; excludes those publicly listed with Securities Exchange Commission regulation.

No Modification to Broader BSA Obligations

This GTO supplements, but does not modify, other existing responsibilities imposed by the BSA.

As the real estate industry awaits broader anti-money laundering regulations, compliance with FinCEN’s renewed GTOs remains essential for title insurance companies and their agents. By continuing to collect and report detailed transaction data on non-financed purchases by legal entities, FinCEN proports that these measures aim to strengthen market transparency and deter criminal abuse of residential real estate. Staying informed on these developments will be critical as regulatory expectations evolve ahead of the RRE Rule’s full implementation in 2026.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team. 

U.N. Report Focus on Improving Accountability, Transparency and Good Governance

On March 2, 2020 the United Nations released a Report on Financial Integrity For Sustainable Development (the “Report”). Although the Report is lengthy and wide-ranging, we will focus here on the portions of the Report which target the humanitarian toll of Illicit Financial Flows (IFFs) from money laundering, tax abuse, cross-border corruption, and transnational financial crime – all of which can drain resources from sustainable development, worsen inequality, fuel instability, undermine governance, and damage public trust.   We also will focus on the portions of the Report which make recommendations designed to expand anti-money laundering (“AML”) compliance.

First, the Report makes evidence-based recommendations focused on accountability, designed to close international enforcement and compliance gaps. Those recommendations include: (i) all countries enacting legislation providing for the widest range of legal tools to pursue cross-border financial crime; (ii) the international community developing an agreed-upon international standard for settlement of cross-border corruption cases, and (iii) businesses holding accountable all executives, staff, and board members who foster or tolerate IFFs in the name of the business.

Second, the Report makes other recommendations on several AML-related issues on which we have blogged: (i) each country creating a central registry of beneficial ownership information for legal entities; (ii) creating global standards for professionals, including lawyers, accountants, bankers and real estate agents; (iii) improving protections for human rights defenders, anti-corruption advocates, investigative journalists and whistleblowers; and (iv) promoting the exchange of information internationally among law enforcement officers and other authorities.

The Report clearly envisions that corporations can and should play a pivotal role in contributing resources in the fight against corruption, money laundering and cross-border financial crime. To start, Boards and management, particularly those of financial and professional service institutions, must engage in oversight to ensure that compensation, benefits, and employment itself are contingent upon financial integrity. Investors also should embrace financial integrity for sustainable development and be clear with the companies in which they invest that they expect effective anti-corruption policies and regulatory compliance. Integrity will be cultivated when organizational leadership hold board members, executives, and staff accountable if they foster or tolerate IFFs in the name of the business. Moreover, the Report observes that governments can foster financial integrity by imposing liability for failing to prevent bribery or corruption. Continue Reading United Nations Targets Corruption and Illicit Cross-Border Finance

Incorporating in the Seychelles but Allegedly Operating in the U.S. Spells Trouble for Company and its Founders

Anse Source d’Argent, La Digue Island, Seychelles

The Bitcoin Mercantile Exchange, or BitMEX, is a large and well-known online trading platform dealing in futures contracts and other derivative products tied to the value of cryptocurrencies. Recently, the Commodity Futures Trading Commission (“CFTC”) filed a civil complaint against the holding companies that own and operate BitMEX, incorporated in the Seychelles, and three individual co-founders and co-owners of BitMEX for allegedly failing to register with the CFTC and violating various laws and regulations under the Commodity Exchange Act (“CEA”). The 40-page complaint alleges in part that the defendants operated BitMEX as an unregistered future commission merchant and seeks monetary penalties and injunction relief.

In a one-two punch, the U.S. Attorney’s Office for the Southern District of New York on the same day unsealed an indictment against the same three individuals, as well as a fourth individual who allegedly served various roles at BitMEX, including as its Head of Business Development. The indictment charges the defendants with violating, and conspiring to violate, the requirement under 31 U.S.C. § 5318(h) of the Bank Secrecy Act (“BSA”) that certain financial institutions – including futures commissions merchants – maintain an adequate anti-money laundering (“AML”) program.

Both documents are detailed and unusual. This appears to be only the second contested civil complaint filed by the CFTC based on the failure to register under the CEA in connection with the alleged illegal trading of digital assets (other than those for which settlement orders were entered into with the CFTC). The first such complaint was filed only a week prior against Latino Group Limited (doing business as PaxForex), but the BitMEX complaint has garnered more attention in light of BitMEX’s reputation and size. Most of the CFTC’s prior actions against digital asset companies involved claims for fraud or misrepresentation in the solicitation of customers. This complaint, against a relatively mature and large digital asset company, demonstrates that the CFTC continues to actively pursue trading platforms and exchanges that solicit orders in the United States without proper registration. In addition to failing to register, the complaint alleges that the defendants failed to comply with the regulation under the CEA, 17 C.F.R. § 42.2, which incorporates BSA requirements such as an adequate AML program.

The indictment is unusual because it charges a rare criminal violation of Section 5318(h) – the general requirement to maintain an adequate AML program. Although indictments against defendants involved in digital assets are increasingly common, this also appears to be the first indictment combining allegations involving the BSA, digital assets, and alleged futures commissions merchants.

The complaint and the indictment share the common theme that the defendants attempted to avoid U.S. law and regulation by incorporating in the Seychelles but nonetheless operating in the United States. The opening lines of the CFTC complaint declare that “BitMEX touts itself as the world’s largest cryptocurrency derivatives platform in the world with billions of dollars’ worth of trading each day. Much of this trading volume and its profitability derives from its extensive access to United States markets and customers.” Meanwhile, the indictment alleges that defendant Arthur Hayes – a Fortune “40 Under 40” listee – “bragged . . . that the Seychelles was a more friendly jurisdiction for BitMEX because it cost less to bribe Seychellois authorities – just “a coconut” – than it would cost to bribe regulators in the United States and elsewhere.” Continue Reading CFTC and DOJ Charge BitMEX and Executives With Illegally Trading in Digital Assets and Ignoring BSA/AML Requirements

On November 4, 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated eight individuals and two entities for their involvement in laundering funds derived from illicit schemes originating in the Democratic People’s Republic of Korea (DPRK).  These activities included cybercrime operations and information technology (IT) worker fraud, both connected to revenue streams supporting North Korea’s nuclear weapons and ballistic missile programs.

North Korean Cybercrime, IT Worker Sanctions Evasion

The OFAC announcement identified cybercrime as a major mechanism for DPRK-affiliated actors to obtain funds outside legitimate financial channels.  Reports estimate that these actors have stolen over $3 billion—primarily in cryptocurrency—using, among other methods, advanced malware techniques and social engineering tactics.  OFAC’s November 4th announcement identified sanctioned individuals and financial entities pursuant to its authority under Executive Orders 13694 (as amended), 13810, as well as other relevant orders, for providing material assistance or support for illicit cyber activities, engaging in commercial conduct that generates revenue for the DPRK, and/or facilitating transactions involving the property or interests in property of designated entities.

Additionally, OFAC noted ongoing fraudulent activities involving North Korean IT workers operating abroad.  Despite prohibitions outlined in Paragraph 17 of United Nations Security Council Resolution 2375 against granting work authorizations to DPRK nationals absent UN approval, these individuals reportedly continue to earn income globally by obfuscating their identities when engaging with freelance platforms and employers.  According to the Multilateral Sanctions Monitoring Team report titled, “The DPRK’s Violation and Evasion of UN Sanctions Through Cyber and Information Technology Worker Activities,” at least a portion of the earnings generated by the IT teams are used in support of  DPRK objectives, including weapons development and production, domestic infrastructure projects, and the procurement of consumer goods.

Blocking Requirements and Financial Networks Targeted by OFAC Sanctions

Under the new sanctions, all property or interests in property belonging to the designated parties that are within the United States or under possession or control of U.S. persons are blocked and must be reported to OFAC.  Entities directly or indirectly owned (individually or collectively at least fifty percent) by one or more blocked persons also become subject to blocking requirements.  Unless specifically authorized by an OFAC license or exempted by regulation, transactions involving sanctioned individuals or entities are generally prohibited if conducted by U.S. persons or occur within, or transit through, the United States.

Financial institutions and other organizations may face secondary sanctions risk if they engage in certain transactions with sanctioned parties, including providing funds, goods, services (or receiving such contributions from those individuals or entities) even if not intentionally facilitating sanctionable conduct.

Among those recently designated by OFAC are key North Korean financial institutions along with several senior representatives. These include:

  • Jang Kuk Chol and Ho Jong Son, bankers at U.S.-designated First Credit Bank, managed funds, including $5.3 million in cryptocurrency, on behalf of the designated institution;
  • Korea Mangyongdae Computer Technology Company along with its current president U Yong Su, organizing IT worker delegations to China and employing Chinese nationals as banking proxies;
  • Ho Yong Chol facilitated $2.5 million transfer in U.S. dollars (USD) and Chinese yuan (CNY) on behalf of the U.S.-designated Korea Daesong Bank;
  • Han Hong Gil, employee at U.S.-designated Koryo Commercial Bank, facilitated $630,000 in transactions on behalf of U.S.-designated Ryugyong Commercial Bank;
  • U.S.-designated Foreign Trade Bank (FTB) chief representative Jong Sung Hyok;
  • Ri Jin Hyok, also a representative of FTB, facilitated transactions worth over $350,000 in USD, CNY, and euros through a front company;
  • Choe Chun Pom, official at U.S.-designated Central Bank of DPRK, facilitated transactions worth over $200,000; and
  • Ryujong Credit Bank engaged in sanctions evasion activities, including remitting North Korea’s foreign currency earnings, money laundering, and conducting financial transactions for overseas North Korean workers.

These designations illustrate methods employed by DPRK-linked networks such as deploying front companies abroad, leveraging international proxies for banking activity intended to obscure transaction originators/beneficiaries, moving earnings from overseas IT workforces into state channels via complex cross-jurisdictional arrangements, as well as utilizing digital assets for sanctions evasion purposes.

Compliance Implications for Financial Institutions and AML Practices

For industry practitioners focused on anti-money laundering compliance, including banks and fintech providers, this regulatory action highlights continued expectations regarding enhanced due diligence practices around high-risk geographies and typologies associated with state-sponsored illicit finance activity.  Monitoring customer onboarding processes for indicators like frequent use of freelance hiring platforms under suspicious circumstances is among several areas cited by authorities where vigilance is warranted given current trends.

In summary: The November 2025 designations reflect evolving approaches used in DPRK-related money laundering schemes across digital asset ecosystems and traditional financial systems alike.  Regulatory compliance teams should evaluate existing frameworks governing exposure risk assessment relative to updated guidance while ensuring processes align with current reporting/blocking obligations where applicable under U.S., UN-sanctioned measures, or similar regimes implemented elsewhere internationally.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

On October 23, 2025, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) issued a Financial Trend Analysis (“FTA”), identifying $9 billion of potential Iranian shadow banking activity in 2024, based on reporting from U.S. financial institutions. Treasury issues FTAs periodically with threat pattern and trend information derived from Bank Secrecy Act (BSA) filings, pursuant to section 6206 of the Anti-Money Laundering Act of 2020 (AMLA).

Background on Iranian Illicit Activity

The latest FTA expands on information in a June 6 FinCEN Advisory, which urged U.S. financial institutions to be vigilant in detecting the Iranian regime’s illicit activities and attempts to exploit the U.S. financial system. Replacing FinCEN’s 2018 Advisory on the Iranian regime’s illicit activities, the June Advisory provided updated red flags and current trends and typologies for Iranian sanctions evasion, oil smuggling, shadow banking networks, and weapons procurement, to assist financial institutions in identifying, preventing, and reporting suspicious activity connected with Iranian illicit financial activity.

The Advisory and recent FTA, which elaborates on how Iran evades sanctions and generates illicit revenue to support nuclear weapons, ballistic missile, and unmanned aerial vehicle (UAV) programs, support the U.S. “maximum pressure campaign” against Iran announced earlier this year in a February 4 National Security Presidential Memorandum (“NSPM-2”).

Concurrent with the June 6 Advisory, Treasury’s Office of Foreign Assets Control (OFAC) designated more than 30 individuals and entities with ties to Iranian brothers Mansour, Nasser, and Fazlolah Zarringhalam, who laundered billions through the international financial system via Iranian exchange houses and foreign front companies under their control as part of Iran’s shadow banking network. The full list of designations made as part of June 6 sanctions action is available here. The June 6 action was the first round of sanctions targeting Iranian shadow banking infrastructure since the issuance of NSPM-2. It was taken pursuant to Executive Order (E.O.) 13902, imposing sanctions on additional sectors of the Iranian economy in January 2020.

The FTA

To develop the recent FTA, FinCEN analyzed BSA information, including Suspicious Activity Reports (SARs), from transactions in 2024 that financial institutions or FinCEN had connected to potential Iranian shadow banking activities. FinCEN restricted the dataset to transactions valued at least $500,000 and removed transactions that BSA data and open source information could not corroborate were linked to Iran. The final data set contained 2,027 transactions, totaling $9 billion in activity.

According to FinCEN, its analysis revealed many aspects of the complex financial and corporate infrastructure that Iran uses to sell sanctioned oil and petrochemicals on the international market, launder the proceeds, and procure export-controlled technology for Iran’s military and nuclear program. The analysis shed further light on how shadow banking networks operate, expanding on prior findings about how Iran’s Ministry of Defense and Armed Forces Logistics (MODAFL) and Islamic Revolutionary Guard Corps (IRGC) gain access to the international financial system, launder billions of dollars, and engage in revenue-generating activities such as sale of oil and petrochemicals. MODAFL was designated most recently in 2019 for assisting IRGC Qods Force (IRGC-QF), which was designated in 2007 for supporting multiple terrorist groups.

Based on the latest trend analysis, Iranian shadow banking networks operate across continents to connect Iranian front companies, including oil, shell, shipping, investment, and technology procurement companies, which transact billions of dollars amongst themselves and with other companies. Iranian shadow banking has a prominent presence in United Arab Emirates (UAE), Hong Kong, and Singapore. The Iranian regime relies on these networks, which also include exchange houses, to gain access to the U.S. dollar and U.S. financial system through U.S. correspondence accounts. This access allows Iran to export oil and other commodities, launder the proceeds, and generate funds to advance its military weapons programs and support terrorist groups.

FinCEN made several significant findings as part of its analysis. Here are the key takeaways:

  • Foreign shell companies appear to play the largest role in Iranian shadow banking activities. Likely shell companies—exhibiting multiple indicators of shell activity like no verifiable business activity, little internet presence, or use of a shared address—transacted approximately $5 billion in 2024. These companies sent $4.2 billion, mostly from China-based non-resident accounts (NRAs) operated by Hong Kong-based entities. Likely shell companies received $4.3 billion, which was mostly received by UAE-based shell companies.  
  • FinCEN found dozens of oil companies to be likely Iranian front companies, which transacted $4 billion in 2024, potentially for illicit oil sales. These were primarily based on UAE and Singapore.  
  • Potential technology procurement companies received funds from Iran-linked entities. Companies suspected of facilitating Iran’s procurement of export-controlled technology engaged in an estimated $413 million in transactions in 2024.
  • International shipping companies may have transported sanctioned Iranian oil. FinCEN found that dozens of shipping companies transacted approximately $707 million, potentially to transport sanctioned Iranian oil and petrochemicals. Most of these companies were based in Iraq, UAE, or Hong Kong.
  • Foreign investment companies potentially gave Iran access to international investment markets. Based on its analysis, FinCEN determined that UK and UAE investment companies transacted about $665 million, potentially to provide Iranian entities with access to international investment trading.
  • Iranian entities potentially exploited U.S. financial institutions. FinCEN found that the approximately $9 billion of shadow banking funds in 2024 passed though correspondent accounts maintained at U.S.-based financial institutions. FinCEN identified two foreign companies that transferred $534 million from U.S. bank accounts to Iran-linked entities. It also found that foreign companies, including Iran-linked entities, transacted $361 million using accounts with foreign branches of U.S.-based financial institutions and $174 million using accounts with foreign subsidiaries of U.S.-based financial institutions.
  • FinCEN also found that the UK and Switzerland financial systems are potentially vulnerable to Iranian shadow banking. It found UK-based companies transacted $540 million using accounts at UK- or Switzerland-based financial institutions, and that Switzerland-based companies transacted $115 million and foreign companies transacted $503 million using accounts at Switzerland-based financial institutions and Swiss branches of foreign financial institutions.

FinCEN’s analysis also provides case studies and infographics to illustrate its findings, and can be accessed online here: https://www.fincen.gov/system/files/2025-10/FTA-Iranian-Shadow-Banking.pdf.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

On September 29, 2025, FinCEN issued a Notice and Request for Comment (the “Notice”) on a proposed information gathering exercise – A Survey of the Costs of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Compliance (the “Survey”).  Specifically, the Survey is intended to gather information on direct compliance costs incurred by non-bank financial institutions in AML/CFT compliance and, to the extent those costs overlap with other obligations, the amount directly attributable to AML/CFT compliance.

The Notice is directed to specific categories of non-bank financial institutions: Casinos and Card Clubs; Money Services Businesses; Insurance Companies; Dealers in Precious Metals and Stones; Operators of Credit Card Systems; and Loan or Finance Companies. 

In total, FinCEN estimates there will be 279,715 respondents falling into these categories, with the vast number – approximately 230,000 – being Money Services Businesses.  Given FinCEN’s assumption that the survey will take approximately 8 hours to complete, FinCEN estimates subject non-bank financial institutions to expend well north of 2 million hours providing the information sought.  While compliance with the survey will be voluntary, FinCEN notes that “information gathered will help assess the cumulative impact of AML/CFT regulations and may inform efforts to adjust regulatory obligations and advance deregulatory proposals consistent with the Executive Orders of the Trump administration.”  It also states that “the data may also support the development of deregulatory rulemakings or guidance to reduce compliance burden without compromising the effectiveness of current AML/CFT frameworks.”  And, FinCEN makes clear that no information submitted will be used for any supervisory or enforcement purposes.

Plainly, and expressly, FinCEN is setting the stage for efforts to scale back non-bank financial institutions’ compliance obligations, seeking comment on: the practical utility of compliance obligations, whether assumptions concerning compliance time-costs are accurate, ways to add efficiencies to the compliance process, ways information technology or other automated techniques can reduce manpower expended on compliance.

Comments will be accepted until December 1, 2025. 

For ease of reference, we reproduce the proposed survey here:

  1. What was the total estimated direct cost in calendar year 2024 for your institution for compliance with all programs mandated by the BSA and its implementing regulations?
  2. Please specify which of the following areas your institution uses technological resources, including software, to assist with, as applicable:
    • customer identification and verification procedures;
    • identifying suspicious activity;
    • currency transaction reporting or reports relating to currency in excess of $10,000 received by a trade or business;
    • 314(a) information sharing
    • Office of Foreign Assets Control (OFAC) compliance
  3. Approximately what percentage of the total direct cost of AML/CFT compliance is attributable to the production of Suspicious Activity Reports (SARs), if applicable.  These direct costs include costs associated with AML/CFT staff reviewing alerts, maintaining a transaction monitoring system, and investigating cases arising from alerts, whether or not they lead to the production of a SAR, among other things.
  4. (OPTIONAL) If your institution is able to provide the following information without significant burden, please provide approximately what percentage of the total cost of AML/CFT compliance is directly attributable to, as applicable:
    • Customer identification and verification procedures;
    • Reporting requirements for suspicious activity reporting;
    • Reporting requirements for currency transaction reporting and exemptions or reports relating to currency in excess of $10,000 received by a trade or business;
    • Internal controls related to AML/CFT compliance program;
    • Independent testing for compliance by internal personnel or an outside party;
    • Training and staffing employees;
    • 314(a) information sharing;
    • Funds transfer record keeping;
    • Monetary instrument recordkeeping;
    • Special measures;
    • Software;
    • Additional financial institution-specific BSA recordkeeping obligations (e.g., monetary instrument logs, also known as negotiable instrument logs, for casinos; extension of credit, for casinos; additional records that dealers in foreign exchange must retain);
    • MSB registration;
    • Other third-party activities
  5. What approximate percentage of the total cost of AML/CFT compliance is attributable to complying with OFAC regulations?
  6. Does your institution conduct anti-financial crime activities or maintain systems designed to combat financial crime that are not directly required by the BSA or its implementing regulations?  Examples include additional customer due diligence programs or the development and operation of a Financial Intelligence Unit.  If so, what is the direct cost (not included in question 1) of these additional activities across all business lines of your institution in calendar year 2024.  Separately, approximately what percentage of your institution’s total operating expenses did these direct costs represent in calendar year 2024?
  7. Please provide any available date or narrative comments for your institution regarding the extent to which the non-BSA driven expenditures (i.e., the costs referenced in question (6)) generate a substantial portion of either the overall suspicious activity, and/or of national AML/CFT priorities related threat activity, that is described in SARs, if applicable.
  8. Please provide any available data or narrative comments on whether there are particular types of products, services, customers or delivery channels where AML/CFT-required monitoring, reviews or investigations that have generated limited useful information from your institution’s perspective.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

On August 28, 2025, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) released an advisory (FIN-2025-A003) alongside a comprehensive Financial Trend Analysis (“FTA”), shining a spotlight on one of today’s most significant illicit finance risks: the integration of Chinese Money Laundering Networks (“CMLNs”) into the operations of Mexico-based transnational criminal organizations, better known as cartels. This pairing not only illustrates an evolution in global money laundering typologies but also presents new compliance challenges for financial institutions and multinational businesses alike.

The CMLN–Cartel Partnership

FinCEN’s latest analysis highlights how two very different regulatory environments have fostered an unlikely alliance:

  1. Mexican cartels, flush with U.S.-dollar drug proceeds but restricted by Mexican currency controls that limit dollar deposits into local financial institutions (See related blog posts herehere and here.)
  2. Chinese nationals, facing strict capital controls at home that cap annual foreign currency conversions at $50,000 per person.

These pressures have produced what FinCEN describes as “a mutualistic relationship”: CMLNs purchase dollars from cartels desperate to move cash out of reach; they then sell this cash to Chinese clients seeking ways around China’s capital controls, effectively weaving together criminal proceeds with ostensibly legitimate wealth migration.

As professional money launderers operating globally, including within U.S. borders, CMLNs have become vital intermediaries capable of handling vast sums quickly while minimizing risk for their cartel clients by offering both speed and sophistication at scale.

Mutual Interests

This alliance operates on simple logic: Cartels need to move large volumes of cash out of Mexico without attracting law enforcement scrutiny or breaching currency controls. Chinese individuals want access to overseas dollars beyond China’s annual conversion limits for investments or personal spending abroad.

CMLNs buy cash from cartel operatives at discounted rates, then sell this cash to Chinese clients seeking U.S. dollars outside formal channels, effectively blending criminal proceeds with legitimate wealth migration.

By operating globally, including within U.S borders, CMLNs serve as professional intermediaries who can rapidly move millions while minimizing risk for their cartel partners through fast settlements and advanced tradecraft.

Core Money Laundering Methods Used by CMLNs

FinCEN identifies three primary money laundering methodologies employed by CMLNs in support of cartel operations:

1. Mirror Transactions

Mirror transactions are at the heart of CMLN operations:

  • These transactions resemble informal value transfer systems (“IVTS”), where one member receives illicit cash in one country while another delivers an equivalent value, often in pesos or yuan, to a recipient abroad.
  • A hypothetical example: A U.S.-based operator collects dollar proceeds from a cartel contact. Simultaneously, an associate pays pesos directly to cartel representatives in Mexico without physically moving funds via formal banks.
  • Increasingly, mirror transactions rely on convertible virtual currencies such as Bitcoin for swift settlement outside traditional banking channels. This system allows participants to evade detection by avoiding official remittance routes altogether, a key reason why these schemes continue thriving despite heightened regulatory scrutiny worldwide.

2. Trade-Based Money Laundering

Trade-Based Money Laundering (“TBML”) remains central within this threat landscape:

  • Illicit funds are used within the United States to purchase bulk quantities of high-value goods, such as smartphones or luxury handbags, which are exported through complicit companies based often in Hong Kong or Latin America.
  • Shell entities facilitate shipments overseas. These goods may be resold for local currency or serve directly as stores of wealth among Chinese buyers seeking alternatives to mainland investment restrictions. Layered export-import flows obscure both originators and ultimate beneficiaries across multiple jurisdictions. Frequently involved are “daigou” buyers, agents familiar throughout Chinese diaspora communities who use credit cards funded from laundered proceeds before shipping inventory home for resale on popular e-commerce platforms.

3. Use and Exploitation of Money Mules

Money mules play a crucial role:

  • Large-scale recruitment targets vulnerable populations, including students on temporary visas (especially those restricted from lawful employment), retirees with modest means but clean credentials, or anyone willing to participate for compensation. These individuals may knowingly accept small fees or be misled under false pretenses via social media connections.  Facilitators within  CMLN structures may provide counterfeit passports for opening bank accounts. After the accounts are opened,  substantial deposits, often inconsistent with the account holder’s declared income sources, are made and quickly wired onward or converted into cashier’s checks used later for real estate acquisitions across desirable markets.

In addition,

  • FinCEN has documented extensive misuse of retail credit card systems, with laundered funds being used to finance shopping sprees that do not fit established customer profiles;
  • Outstanding balances are settled using fresh infusions from network-controlled accounts; and
  • Reward points earned through spending cycles become additional vehicles for offshore payments, all facilitated using promotional platforms that are popular among Peoples Republic of China (“PRC”) nationals.

Key Red Flags and Compliance Vulnerabilities

To assist financial institutions in learning how money launderers exploit gaps across KYC processes and transaction monitoring frameworks, FinCEN has identified the following red flags:

  1. Accounts opened with Chinese passports plus student or visitor visas, followed immediately by high-volume activity unrelated to customer profiles
  2. Frequent large-dollar cash deposits closely followed by wire-outs or cashier’s check purchases
  3. Multiple wire transfers originating abroad where legitimate business relationships cannot be substantiated
  4. Reluctance, or outright refusal, to explain sources behind incoming transfers when questioned during onboarding or enhanced due diligence reviews
  5. Shell companies focused on electronics or export trades reporting income inconsistent with typical business size, type, or geography
  6. Businesses receiving repeated credits from online marketplaces but rarely engaging suppliers or purchasing needed inventory

Legacy rules-based monitoring tools frequently fail to detect suspicious activity unless multiple red flags appear together over time. This highlights the importance of adding contextual behavioral analysis to existing AML programs for more effective detection.

Five-Year Data Trends: SAR Insights (2020–2024)

The FTA supporting FinCEN’s advisory analyzed more than 137,000 Suspicious Activity Reports (“SAR”s) filed between January 2020–December 2024 under Bank Secrecy Act (“BSA”) obligations, with roughly $312 billion flagged as activity possibly tied back toward CMLN involvement.

Major Takeaways:

1. Depository Institutions are Prime Gateways

  • Banks accounted for nearly 85% of all relevant filings, from national chains down through community branches serving immigrant-heavy metro areas where bulk-cash placement occurs largely undetected via traditional surveillance alone
  • About 9% came from money services businesses reflecting vulnerability among smaller operators less equipped with modern anti-money laundering controls

2. TBML Schemes Remain Prevalent

  • Over $9 billion cited specifically involved trade-based methods characterized by unusual funding behind exports/imports routed East Asia, Mexico, and Middle East corridors

3. Daigou Buyers and Credit Card Abuse Feature Prominently

  • Only twenty SARs flagged daigou buyers explicitly, but associated retail or luxury typologies driven mainly through serial credit card spending cycles accounted collectively upwards $19 billion

4. Human Trafficking and Elder Fraud Crossovers Noted

  • More than sixteen hundred filings implicated human trafficking or smuggling flows representing about $4+ billion transferred directly into massage parlors, spas, or restaurants owned ultimately via proxy structures linked back toward PRC and U.S dual residents (See related blog post here.)
  • Adult daycare and healthcare fraud centered around New York facilities reflected hundreds more filings totaling nearly three quarters-of-a-billion dollars

5. Real Estate Remains Favored Integration Channel

  • Over $53 billion in illicit funds were laundered through property acquisitions. These transactions were either conducted directly using accounts, wire transfers, or check payments held by money mules and falsely described as coming from “relatives abroad,” or indirectly routed through shell companies set up for single transactions and then abandoned after the deals closed.

6. Students Frequently Serve as Account Openers or Mules

  • Roughly fourteen percent ($13+ billion) cited account holders listing status only as students, with patterns showing repeat openings, multiple bank links, or spending behavior well beyond background justification

Banks remain frontline defenders against this evolving threat ecosystem, yet also risk becoming unwitting conduits if robust internal practices lag rising sophistication exhibited among laundering networks themselves.

Regulatory Responses and Risk Mitigation Strategies

The evolving legal environment reflects increased regulatory attention and a growing focus on industry compliance obligations:

  • FinCEN guidance aligns closely with broader policy developments including Executive Order 14157 which now designates major cartels and transnational crime organizations (“TCO”s) under Foreign Terrorist Organization statutes.
  • The Department of Justice view even indirect facilitation, such as what could occur unwittingly through correspondent banking and remittance partnerships, as grounds not merely technical BSA breaches, but also as potential material support violations.
  • In June 2025, FinCEN invoked new authority barring certain Mexican financial institutions labeled primary money laundering concerns from interacting with the U.S. financial system (See related blog post here).

For practitioners tasked daily with managing exposure amid rising complexity several actionable steps stand out:

Practical Steps Forward:

  1. Revisit transaction monitoring and risk rating models by integrating the latest red flag indicators and placing greater emphasis on behavioral surveillance, especially in situations where multiple risk vectors converge over time;
  2. Intensify customer due diligence especially regarding beneficial ownership verification and source-of-funds tracing;
  3. Ensure that escalation protocols and internal reporting lines facilitate prompt legal and compliance review of any linkages, even circumstantial, to sanctioned entities, TCOs, and CMLNs;
  4. Where third-party exposure exists overseas, including logistics providers, supply chain partners, freight forwarders, and export-import brokers operating out of affected regions, embed contract language granting audit rights and requires proof of adequate AML/CFT program compliance; and
  5. Educate staff routinely regarding current threat typologies, new sanctions lists, and red flag scenarios, ensuring awareness extends to non-financial operational units likely exposed day-to-day interactions.

Implementing these strategies helps ensure defenses remain dynamic in response to both evolving geopolitical realities and technological advances increasingly exploited criminal actors.

Conclusion: Adapting Amid Escalating Complexity

With more than $312 billion flagged suspicious over just four years, and robust government action underway, FinCEN’s message is unmistakable: professionalized global networks will continue adapting rapidly unless private sector vigilance rises correspondingly.

Financial institutions must evolve beyond box-ticking compliance toward genuinely intelligent risk assessment incorporating current geopolitical shifts, regulatory changes, and emerging technology-enabled evasion tactics deployed alike by the cartels and CMLN brokers.

As reflected throughout both FIN-2025-A003 advisory and the FTA, a multi-layered defense posture leveraging intelligence-driven detection capabilities will prove indispensable if industry participants aim not simply survive, but thrive, in today’s ever-changing regulatory landscape.

By implementing comprehensive detection techniques, drawing on international best practices and a nuanced understanding of the specific cross-border risks associated with modern money laundering methods, the financial sector can better protect itself and fulfill regulatory obligations to maintain the integrity of global payment systems.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

In a significant move to curb illegal activities at the U.S. Southwest border, the Financial Crimes Enforcement Network (FinCEN) issued an alert, on May 1, 2025, concerning oil smuggling from Mexico into the United States, orchestrated by notorious cartels such as the Cartel Jalisco Nueva Generacion (CJNG). This alert highlights the crucial role of financial institutions in identifying and reporting suspicious activities linked to this illicit trade. It forms part of a broader initiative involving U.S. law enforcement agencies, including the Treasury’s Office of Foreign Assets Control (OFAC), the DEA, FBI, and Homeland Security Investigations (HSI), all working in concert to dismantle the financial networks underpinning these transnational criminal operations. (See related blog posts here and here.) Simultaneously, OFAC announced sanctions against key individuals and entities connected to CJNG, which are involved in drug trafficking, fuel theft, and oil smuggling, generating extensive illicit revenues. Together, FinCEN and OFAC aim to outline specific financial typologies and red flags to effectively combat these smuggling schemes.

The Cartel’s Revenue Streams: Beyond Drugs

Crude oil smuggling has emerged as a significant revenue source for cartels like CJNG, Sinaloa, and Gulf Cartel, who have been implicated in stealing oil from Petróleos Mexicanos (Pemex). This stolen oil crosses the U.S. southwest border, finding its way into the hands of small U.S.-based oil companies. The ramifications are significant: exacerbating violence and corruption in Mexico while disrupting legitimate business operations in the U.S. oil market. Recognized as a Foreign Terrorist Organization (FTO) and Specially Designated Global Terrorist (SDGT), CJNG is involved in trafficking fentanyl and other narcotics into the U.S., contributing to economic instability. Recently, these groups have broadened their criminal portfolios to include fuel theft and crude oil smuggling, resulting in notable financial losses for the Mexican government and facilitating violence along the border.

Huachicol: The Mechanics of Smuggling

Cartels exploit existing trade flows to smuggle crude oil into the United States, taking advantage of Mexico’s export of unrefined and partially refined crude oil. They employ various illicit methods such as bribing employees, tapping pipelines, and hijacking tanker trucks to steal oil from Pemex. The stolen oil is often mislabeled as “waste oil” to avoid scrutiny and is sold at discounted rates by complicit importers in U.S. energy markets. This practice, known as huachicol, represents a substantial revenue source for cartels, with profits funneled back to sustain their operations.

Financial Institutions’ Role in Reporting

FinCEN has requested financial institutions to include the term “FIN-2025-OILSMUGGLING” in Suspicious Activity Reports (SARs) to enhance tracking of these activities. This initiative leverages financial oversight to combat transnational criminal organizations (TCOs), aiding law enforcement agencies in gathering data for targeted investigations.

Financial Typologies and Red Flags

Oil smuggling operations are characterized by complex financial maneuvers designed to disguise the origin and movement of funds. Cartels employ brokers to transport stolen oil, collaborating with U.S. importers who sell it in domestic and international markets. The proceeds are routed through multiple accounts, often via wire transfers that obscure transactions. Front and shell companies further mask operations, making it difficult for authorities to trace funds. FinCEN’s alert advises financial institutions to monitor for indicators such as below-market pricing, unusual profit margins, lack of appropriate registrations, and complex wire transfers across jurisdictions. To assist financial institutions in identifying suspicious activities related to oil smuggling, FinCEN has outlined several red flag indicators:

  1. Transactional Activity and Profit Margins: Companies exhibiting transactional activity or profit margins significantly above industry norms may warrant further scrutiny.
  2. Pricing of Crude Oil: Selling crude oil at prices well below market rates could indicate illicit sourcing.
  3. Online Presence: Companies with minimal online presence or websites that mimic major industry players may be attempting to legitimize illicit operations.
  4. Inconsistencies in Business Operations: Discrepancies between claimed business activities and transactional behavior, such as purchasing waste oil despite a focus on crude oil sales, are potential indicators.
  5. EPA Registrations: Companies dealing with waste oil or hazardous materials without appropriate registrations from the U.S. Environmental Protection Agency (EPA) should be examined.
  6. Shell Company Activity: Sudden, significant transactional activity with companies lacking online presence and exhibiting other characteristics of shell companies.
  7. Wire Transfer Patterns: Complex wire transfer patterns involving multiple jurisdictions and accounts may be designed to obscure the origins and destinations of funds.

These indicators are not individually determinative of illicit activity, but when combined, they can provide a comprehensive profile of potentially suspicious operations.

Strategic Sanctions: Targeting Key Players

The FinCEN alert aligns with OFAC sanctions targeting individuals and entities involved in oil smuggling, aiming to dismantle networks facilitating illegal activities. Key figures sanctioned under Executive Orders 14059 and 13224 include CJNG leader Cesar Morfin Morfin, linked to both drug trafficking and oil theft. Associates and transportation companies involved in these operations have also been sanctioned, reinforcing efforts to dismantle the operational infrastructure of CJNG.

Collaborative Efforts and Compliance

FinCEN emphasizes the importance of information sharing under section 314(b) of the USA PATRIOT Act. Collaboration among financial institutions is crucial for tracing and preventing the movement of illicit funds. Sharing account or transaction information does not violate SAR confidentiality unless it reveals a SAR, allowing institutions to support investigations without legal complications. This complements the Treasury Department’s strategy of using sanctions to counter TCOs, reinforcing efforts to address narcotics trafficking and related crimes.

Conclusion: A Unified Approach

The FinCEN alert and OFAC sanctions represent a coordinated strategy to address cartel operations like those of CJNG. These measures provide insights into oil smuggling methodologies and aim to impact illicit revenue streams. Financial institutions play a key role in this process by adhering to outlined measures, supporting the integrity of the financial system and enhancing regional security. By targeting key figures and networks, U.S. authorities aim to contribute to a safer and more stable international environment, with financial entities playing an essential role in these efforts.

In this multifaceted approach, the collaboration between law enforcement and financial institutions is important to dismantling the intricate networks that support these criminal enterprises, paving the way for more effective interventions and a reduction in cartel-driven violence and instability.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

In a significant policy shift, Deputy Attorney General Todd Blanche issued a memorandum titled “Ending Regulation By Prosecution,” on April 7, 2025, signaling a change in the Department of Justice’s (DOJ) approach to digital assets. The memorandum, outlines a move away from the previous administration’s enforcement efforts, which the memo called “reckless” and “ill conceived and poorly executed.” This shift aligns with Executive Order 14178 and President Trump’s vision to foster innovation within the digital assets industry without punitive regulatory measures.

Key Takeaways

The memorandum marks a pivotal change in how digital assets are treated by the DOJ, moving away from regulatory prosecutions to focus on criminal activities. Below are the main points of this policy shift:

  1. Focus on Individual Criminal Activity: The DOJ will now prioritize prosecuting criminal activity of individuals who cause financial hardship to digital asset investors and consumers and those who use digital assets to further criminal conduct, such as fentanyl trafficking, terrorism, cartels, organized crime, and human trafficking.
  2. Ceasing “Regulation by Prosecution”: At the same time, prosecutors are directed to stop pursuing cases related to regulatory violations by cryptocurrency entities. Investigations not aligned with the new focus on criminal activity are to be discontinued.
  3. Alignment with Administration Policy: This change aligns with President Trump’s executive order aimed at promoting innovation in the cryptocurrency sector by reducing regulatory hurdles.
  4. Disbandment of the NCET: The DOJ has dissolved the National Cryptocurrency Enforcement Team, established in 2022. The DOJ clarified that it does not serve as a regulatory body for digital assets.  To that end, DOJ will no longer pursue cases that “superimpose[e] regulatory frameworks on digital assets.”

This policy shift reflects a transition towards addressing the criminal misuse of digital assets rather than focusing on regulatory compliance. (For more information, check out our recent blog posts on cryptocurrency regulation here and here.) What remains to be seen is whether DOJ’s move away from “regulation by prosecution” will apply more broadly and impact priorities related to other industries outside of digital assets that are not the subject of an Executive Order.

A New Focus on Digital Assets Enforcement

The digital assets industry is increasingly recognized as a component of modern economic development, with potential for innovation. The DOJ’s revised strategy focuses on ensuring clarity and certainty in enforcement policies, as directed by Executive Order 14178. The memorandum emphasizes that the DOJ “is not a digital assets regulator;” instead, it commits to prosecuting individuals who exploit digital assets for criminal activities.

Under the new framework, prosecutions will prioritize investigations and prosecutions that involve: (1) conduct victimizing digital asset investors (e.g., embezzlement and misappropriation of customers’ funds on exchanges, digital asset investment scams, hacking of exchanges, etc.); and (2)  individuals who use digital assets to facilitate crimes such as terrorism, narcotics trafficking, human trafficking, organized crime, hacking, and cartel financing. This approach emphasizes investor protection and the security of digital asset markets, while delegating regulatory compliance to other bodies. The memorandum also notes the increasing reliance on digital assets by certain criminal elements and aligns with the administration’s focus on transnational criminal organizations, foreign terrorist organizations, and designated global terrorists. 

Charging Considerations and Regulatory Clarity

A key aspect of the new policy is guidance for federal prosecutors on charging decisions. Prosecutors are instructed to prioritize cases holding individuals accountable for causing financial harm to digital asset investors or using digital assets in furtherance of criminal conduct. While the DOJ will pursue individuals and enterprises involved in these illicit activities, it will refrain from targeting platforms unless they are complicit. Cases based on regulatory violations, such as unlicensed money transmitting or violations of the Bank Secrecy Act, will not be pursued unless there is clear evidence of willful law violations.

It remains to be seen what impact, if any, this policy will have on ongoing criminal prosecutions. The memorandum notes that the DOJ “will no longer target virtual currency exchanges, mixing and tumbling services, and offline wallets for the acts of their end users or unwitting violations of regulations . . . .” Instead, the DOJ will now focus on individuals who use these technologies for illicit activities. Later this year, the DOJ is scheduled to put Roman Storm, co-founder of mixing service Tornado Cash, on trial for crimes including conspiracy to launder money and sanctions violations. This case raises questions about the liability of developers for open-source code used by others to commit crimes. However, the DOJ’s policy does not apply to 18 U.S.C. §1960(b)(1)(C), indicating that knowingly transmitting funds derived from or intended for illegal activities remains a prosecutable offense. (See additional blog posts about Tornado Cash here, here and here.)

The memorandum outlines a discretionary approach to charging violations under the Securities Act of 1933, the Securities Exchange Act of 1934, and the Commodity Exchange Act. Prosecutors are advised to avoid cases that require the DOJ to litigate the classification of a digital asset as a “security” or “commodity” unless no alternative criminal charge is available.

Compensating Victims in the Digital Assets Space

The memorandum addresses compensating victims of digital asset fraud, particularly after the market downturn in 2022. The DOJ acknowledges that current regulations may prevent victims from recovering the full value of lost assets, especially when asset values fluctuate significantly. To address this, the DOJ’s Office of Legal Policy and Office of Legislative Affairs are tasked with evaluating legislative and regulatory changes to improve asset-forfeiture efforts and ensure fair compensation for victims.

Reallocating Resources and Future Engagement

Aligned with the narrowed focus on digital asset enforcement, the DOJ will reallocate resources. The Market Integrity and Major Frauds Unit will cease cryptocurrency enforcement activities, and the National Cryptocurrency Enforcement Team (NCET) will be disbanded. However, the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) will continue to provide guidance and liaise with the digital asset industry.

Additionally, the DOJ will participate in the President’s Working Group on Digital Asset Markets, as established by Executive Order 14178. DOJ representatives will contribute to identifying and recommending regulatory and legislative measures that align with administration policies and priorities. This collaborative effort aims to shape a balanced regulatory environment that supports innovation while ensuring robust protections against criminal exploitation.

A New Stance on Crypto

The DOJ’s policy shift is part of a broader rollback of government efforts to regulate the crypto industry, with regulatory bodies like the Securities and Exchange Commission refocusing their enforcement strategies and banking regulators allowing some crypto activities. This realignment reflects President Trump’s campaign promises in the sector. .

Conclusion

The memorandum from Deputy Attorney General Blanche represents a significant shift in the DOJ’s approach to digital assets. By moving away from prosecuting virtual currency platforms, the DOJ aims to create a regulatory environment that encourages innovation while maintaining a focus on prosecuting individuals who victimize digital asset investors and preventing criminal misuse of digital assets. This strategy underscores the importance of balancing industry growth with robust enforcement measures to protect investors and national security.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.