On November 4, 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated eight individuals and two entities for their involvement in laundering funds derived from illicit schemes originating in the Democratic People’s Republic of Korea (DPRK). These activities included cybercrime operations and information technology (IT) worker fraud, both connected to
On October 23, 2025, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) issued a Financial Trend Analysis (“FTA”), identifying $9 billion of potential Iranian shadow banking activity in 2024, based on reporting from U.S. financial institutions. Treasury issues FTAs periodically with threat pattern and trend information derived from Bank Secrecy Act (BSA)
On October 15, 2025, the Financial Crimes Enforcement Network (FinCEN) issued a final rule under Section 311 of the USA PATRIOT Act that prohibits U.S. financial institutions from conducting business with the Cambodia-based Huione Group, a financial services conglomerate based in Phnom Penh, Cambodia. Huione Group is the parent company of, or otherwise controls, several subsidiaries
In a closely watched and complicated case, Van Loon et al. v. Dep’t of the Treasury et al., the U.S. Court of Appeals for the Fifth Circuit ruled that the Office of Foreign Assets Control (“OFAC”) cannot sanction Tornado Cash, “an open-source, crypto-transactions software protocol that facilitates anonymous transactions by obfuscating the origins and destinations of digital asset transfers.” The opinion, which reversed the ruling of the District Court, is here. A recording of the oral argument is here. The opinion is complex but written in a very clear style.
We previously blogged on OFAC’s designation of Tornado Cash (here) and the resulting civil suit (here). We also covered the indictment returned against the alleged developers of Tornado Cash, Roman Storm and Roman Semenov, who were charged with conspiring to commit money laundering, operating an unlicensed money transmitting business, and violating sanctions under the International Emergency Economic Powers Act, or IEEPA (here). The DOJ subsequently obtained a superseding indictment against Storm only (here); Storm’s trial currently is scheduled for April 2025). When the initial indictment was unsealed, Treasury simultaneously sanctioned Semenov, who remains outside the U.S., by adding him to OFAC’s Specially Designated Nationals and Blocked Persons (“SDN”) List.
These actions are a reminder that, putting aside the complex issues presented by the Fifth Circuit decision regarding OFAC’s (in)ability to sanction a technology, law enforcement and regulators still can pursue people for related alleged conduct. And, invariably, people are involved in a technology.
Continue Reading Fifth Circuit Rejects OFAC Designation of Tornado Cash Immutable Smart Contracts
On October 23rd, the Financial Crimes Enforcement Network (“FinCEN”) issued a supplementary alert regarding countering financing of the U.S.-designated foreign terrorist organization Hizballah (the “Alert”). In May 2024, FinCEN published an initial alert that focused on the countering of financing Iran-backed terrorist organizations, including Hizaballah. This Alert focuses solely on Hizballah and indicates that as part of the U.S. Department of the Treasury’s (“Treasury”) campaign against Hizballah for the past two decades, financial institutions (“FIs”) must remain vigilant in identifying suspicious activity of the terrorist organization.
According to the Alert, is it estimated that Iran has provided $700 million per year in support of Hizballah. Hizballah is known to generate revenue through various illicit activities including oil smuggling, money laundering, black market money exchange, counterfeiting, and illegal weapons procurement. Funds are laundered through businesses in West Africa, Europe, and South America.
In an accompanying press release, FinCEN Director Gacki noted that the Alert was released in part due to Hizaballah’s recent attacks against Israel. In addition, the Alert is consistent with FinCEN’s National Priorities, which include domestic and foreign terrorism.
Continue Reading FinCEN Issues Alert on Countering Financing of Hizballah and Terrorist Activities
The Federal Reserve Bank of Philadelphia (the “Philly Fed”) recently executed an agreement (the “Agreement”) with Pennsylvania-based Customers Bank (and its Customers Bancorp, Inc. holding entity) (collectively, “Customers”). According to the Agreement, “the most recent examinations and inspections” of Customers by the Philly Fed identified “significant deficiencies” related to the bank’s risk management practices, Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) compliance, and regulations issued by the Office of Foreign Assets Control (“OFAC”).
The source of these alleged deficiencies is alluded to by the Agreement, which immediately highlights two “digital assets-friendly” elements of Customers’ business model:
The Agreement calls for Customers to submit a number of plans to the Philly Fed by October 5, 2024, several of which explicitly require the Philly Fed’s approval.
Continue Reading Bank’s Digital Assets Business Strategy Draws Federal Reserve Scrutiny
On June 20, 2024, the Financial Crimes Enforcement Network (“FinCEN”) issued a supplemental advisory to alert U.S. financial institutions about emerging trends in the illicit fentanyl supply chain. The supplemental advisory emphasized the increasing involvement of Mexico-based transnational criminal organizations (“TCOs”) in the procurement of fentanyl precursor chemicals and manufacturing equipment from suppliers in the People’s Republic of China (“PRC”).
The detailed supplemental advisory builds upon FinCEN’s 2019 advisory (see our blog post here) by introducing new typologies and red flags for financial institutions to try to identify and report suspicious transactions. As we discuss, the supplemental advisory was accompanied by related actions by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) and the U.S. Department of Justice (“DOJ”) as part of an apparently coordinated effort by the federal government to combat this pernicious illicit industry.
On May 13th, the Financial Crimes Enforcement Network (FinCEN) and the Securities Exchange Commission (SEC) issued a joint notice of proposed rulemaking (NPRM) that would require SEC-registered investment advisers (RIAs) and exempt reporting advisers (ERAs) to establish a customer identification program (CIP). This joint NPRM is the second recent rulemaking effort aimed at investment advisers. In February, FinCEN issued a separate NPRM amending the definition in the Code of Federal Regulations of “financial institution” under the Bank Secrecy Act (BSA) to include investment advisers, which would require implementation of an anti-money laundering/countering terrorist financing (AML/CFT) compliance program. In this earlier NPRM, FinCEN alluded to a future joint rulemaking regarding CIP requirements for investment advisers.
The NPRM highlights that CIPs are long-standing, foundational components of an AML program. The NPRM requires a CIP similar to existing CIP requirements for other financial institutions, as FinCEN and the SEC want to ensure “effectiveness and efficiency” for investment advisers that are affiliated with other financial institutions, including banks, broker-dealers, or open-end investment companies that are already subject to CIP requirements.
Investment advisers have not been previously subject to CIP requirements, unless they were also a registered broker-dealer, a bank, or an operating subsidiary of a bank, and therefore already covered separately by the BSA. In many cases, investment advisers already voluntarily comply with CIP requirements, or their functional equivalent.
This joint NPRM implements section 326 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (the “USA PATRIOT Act”). Section 326 requires the Secretary of the Treasury to promulgate regulations setting forth the minimum standards for “financial institutions” regarding the identity of their customers in connection with the opening of an account at a financial institution. More specifically, and as the NPRM notes, the BSA defines “financial institution” to include, in a catch-all provision, “any business or agency which engages in any activity which the Secretary of the Treasury determines, by regulation, to be an activity which is similar to, related to, or a substitute for any activity in which any business described in this paragraph is authorized to engage[.]” That is the statutory authority upon which this NPRM and the earlier NPRM rest. If FinCEN’s proposed amendment to the regulatory definition of “financial institution” is finalized and survives any legal challenges, investment advisers will be required to implement and maintain a CIP, as well as AML programs.
Continue Reading FinCEN and SEC Propose Rulemaking Requiring CIP for Investment Advisers
We previously have blogged on actions taken by the DOJ’s “Task Force KleptoCapture,” an interagency law enforcement task force with a mandate to target sanctioned Russian and pro-Russian oligarchs. While explicitly launched in May 2022 as a direct response to Russia’s full-scale invasion of Ukraine, the task force’s mission is consistent with the U.S. government’s characterization of Russia as a kleptocratic regime (see our post here) and the Biden Administration’s promotion of anti-corruption as a “core United States national security interest” (see our posts here and here).
This week, DOJ announced (via both a press release and a filmed podium announcement by Attorney General Merrick Garland) a series of enforcement actions in five separate federal cases in districts up and down the East Coast, dealing with money laundering and evasion of sanctions, in several cases centered on quintessentially oligarchic luxury goods: high-end real estate and superyachts. The enforcement actions also emphasize the continuing themes in these cases of the use of shell companies, proxies and lawyers to allegedly evade sanctions.
Farewell to 2023, and welcome 2024. As we do every year, let’s look back.
We highlight 10 of our most-read blog posts from 2023, which address many of the key issues we’ve examined during the past year: criminal money laundering enforcement; compliance risks with third-party fintech relationships; the scope of authority of bank regulators; sanctions