FinCrime Intelligence Weekly
OFAC sanctions Nobitex and Iran's crypto rails, FinCEN makes ITIN accounts a due diligence question, Belgium closes in on Wise, and US and UK rules push programs toward effectiveness.
Marco’s Take
Marco Beranzoni
Welcome to Issue 2 of FinCrime Intelligence Weekly. Facts sourced, actions named, no filler. This is the briefing for working financial crime professionals who need to know what changed last week and what to do about it this week.
This week the through-line is substance over form. OFAC did not just add four Iranian exchanges to a list. It went on-chain, naming the rails that actually move Iranian value and the people who run them. In Washington, FinCEN and the banking agencies proposed a rule that asks whether your anti-money laundering program is effective, not whether it exists. The same agencies told banks that an Individual Taxpayer Identification Number is a question to reason through, not a box to tick. And in Brussels, the alleged failure at the centre of the Wise investigation is the most basic one there is: knowing who your customer is and what they do.
Put those together and the message is hard to miss. Supervisors are done rewarding paperwork. They want evidence that a control changes an outcome. That is good news for anyone who has argued for spending less on low-risk noise and more where the danger sits, because the effectiveness standard finally gives you the language to do it. It is uncomfortable news if your program is a binder nobody has tested.
So here is the small, slightly uncomfortable thing to do this week. Take your single highest-risk customer segment and ask one question: could I prove, on paper and in data, that my controls there actually work? If the honest answer is that they are present, you have found next quarter’s project.
See you next Monday.
Marco
On 2 June the US Treasury blacklisted four exchanges that move most of Iran's crypto, putting any foreign institution that touches them on notice of secondary sanctions.
A joint advisory issued on 5 June lists 18 red flags for unlawful-employment schemes and asks banks to weigh whether an ITIN used in place of an SSN is a risk factor.
Brussels is finalizing a case over roughly 500 million euros in suspicious flows tied to Wise Europe accounts. Wise says no findings have been shared and denies wrongdoing.
A FinCEN-led rewrite of the program rule would require AML programs to be effective and risk-based and to weigh FinCEN's national priorities. The comment window closes on 9 June.
The amending regulations are in their final parliamentary stage, with most measures due about three weeks after they are made. One survey says six in ten firms are unprepared.
What changed this week, why it matters, and what to do about it.
| Region | Update | Why it matters | Action |
|---|---|---|---|
| EU | AMLA (the EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism) held its first conference on 9 June 2026 in Frankfurt, convening supervisors, financial intelligence units, and private-sector leaders as it builds toward direct supervision of 40 institutions from 2028. Its regulatory technical standards and guidelines pipeline runs through 2026 and 2027. | The instruments AMLA finalises this year will become the binding minimum standards across member states. Institutions that wait for the final text before mapping their methodologies will have less time to remediate before supervision begins. | Track which AMLA standards and guidelines publish through 2026. Map your customer due diligence and risk-assessment methodologies against each draft as it lands, and log gaps now rather than in 2027. |
| US | Alongside the four Iranian cryptoasset exchanges designated under counter-terrorism authority on 2 June, OFAC issued further actions in the first week of June, including Cuba-related designations on 5 June. The designation cadence is now effectively weekly. | A monthly batch refresh of your sanctions list leaves a window in which a newly designated party is live in your book but absent from your screening. At a weekly cadence, that window is the gap enforcement looks for. | Confirm your Specially Designated Nationals list refresh runs at least daily and is reconciled, not a monthly import. Spot-check that the 2 June and 5 June actions are already in your screening. |
| Global | The FATF (Financial Action Task Force) holds its June plenary from 15 to 19 June 2026, the final session under the Mexican presidency. Namibia is being assessed for a possible exit from the grey list after an on-site review, and Giles Thomson of the United Kingdom takes the FATF presidency on 1 July 2026. | Grey-list changes move correspondent-banking risk assessments and country-risk matrices. A Namibia exit, if confirmed, removes an enhanced due diligence trigger for many institutions. The presidential handover may reset workplan priorities. | Pre-stage your country-risk update process so you can act on the plenary outcome quickly. If Namibia exits, review accounts placed under enhanced due diligence solely on that listing, and brief your front office. |
AMLA (the EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism) held its first conference on 9 June 2026 in Frankfurt, convening supervisors, financial intelligence units, and private-sector leaders as it builds toward direct supervision of 40 institutions from 2028. Its regulatory technical standards and guidelines pipeline runs through 2026 and 2027.
Why it matters:The instruments AMLA finalises this year will become the binding minimum standards across member states. Institutions that wait for the final text before mapping their methodologies will have less time to remediate before supervision begins.
Action:Track which AMLA standards and guidelines publish through 2026. Map your customer due diligence and risk-assessment methodologies against each draft as it lands, and log gaps now rather than in 2027.
Alongside the four Iranian cryptoasset exchanges designated under counter-terrorism authority on 2 June, OFAC issued further actions in the first week of June, including Cuba-related designations on 5 June. The designation cadence is now effectively weekly.
Why it matters:A monthly batch refresh of your sanctions list leaves a window in which a newly designated party is live in your book but absent from your screening. At a weekly cadence, that window is the gap enforcement looks for.
Action:Confirm your Specially Designated Nationals list refresh runs at least daily and is reconciled, not a monthly import. Spot-check that the 2 June and 5 June actions are already in your screening.
The FATF (Financial Action Task Force) holds its June plenary from 15 to 19 June 2026, the final session under the Mexican presidency. Namibia is being assessed for a possible exit from the grey list after an on-site review, and Giles Thomson of the United Kingdom takes the FATF presidency on 1 July 2026.
Why it matters:Grey-list changes move correspondent-banking risk assessments and country-risk matrices. A Namibia exit, if confirmed, removes an enhanced due diligence trigger for many institutions. The presidential handover may reset workplan priorities.
Action:Pre-stage your country-risk update process so you can act on the plenary outcome quickly. If Namibia exits, review accounts placed under enhanced due diligence solely on that listing, and brief your front office.
Typology of the week
A sanctioned jurisdiction or actor routes value through a home-market cryptoasset exchange that converts between local fiat currency, stablecoins, and other cryptoassets. The exchange may never transact directly with a US or EU institution. Value reaches the wider financial system indirectly: through self-hosted wallets, intermediary swaps, cross-chain bridges, and counterparties several hops removed from the named entity. Stablecoins do particular work here, because they let a sanctioned party hold dollar-denominated value without a US bank account, and they convert quickly back to local currency to manage an exchange rate. Where a state actor is involved, the same rails can carry ransomware proceeds, procurement payments, and transfers for sanctioned groups. The OFAC designation of Nobitex and three other Iranian exchanges on 2 June 2026 is the live example: OFAC said Nobitex processed more than half of Iran's digital asset inflows in 2025 and moved hundreds of millions of dollars in stablecoins tied to the Central Bank of Iran's support for the rial.
Example
A bank serves a cryptoasset exchange as a corporate customer. The exchange receives deposits from a cluster of self-hosted wallets that, on analysis, sit two hops from a domestic exchange in a comprehensively sanctioned jurisdiction. The funds arrive as a stablecoin, convert to another cryptoasset within minutes, and bridge to a different chain before settling. No single counterparty appears on a sanctions list, so name-based screening stays silent. Only hop-aware wallet screening and stablecoin-flow rules surface the pattern. This is illustrative of a documented method, not a specific real case.
Recent actions and the control lessons behind them.
Former Credit Suisse executive; Swiss federal authorities
Control failure:On 1 June 2026, the Swiss government appealed a court decision that had thrown out charges against a former senior Credit Suisse executive over conduct linked to the so-called tuna bonds scandal. The matter has run through the courts for years.
Lesson:Financial crime enforcement has a long tail. Legacy conduct, and the people who were close to it, resurface years later through appeals and retrials. The practical implication is that remediation, record-keeping, and personal accountability must outlast the news cycle. A matter that looks closed can reopen on a prosecutor's appeal, and the documentation you kept (or did not) is what you will be judged on.
The OFAC designation of Nobitex and three other Iranian exchanges is a reminder that name-based sanctions screening misses on-chain exposure. A sanctioned exchange rarely appears as a direct counterparty. Its value arrives through wallet clusters, intermediary swaps, and cross-chain bridges that sit one or more hops away. The control response is wallet-level screening with configurable hop depth, so an analyst sees that a deposit traces back to a designated cluster even when no name on the transaction is listed. Pair it with stablecoin-flow rules that flag rapid conversion into and out of a major stablecoin shortly after settlement. For an institution that banks crypto businesses rather than holding crypto directly, the same logic applies one level up: your exposure is whatever your customer fails to screen, so review how they handle indirect and post-settlement designations.
The Iran designations put a spotlight on how stablecoins function for a sanctioned state. OFAC said Nobitex moved hundreds of millions of dollars in stablecoins tied to the Central Bank of Iran's effort to support the rial. The appeal is structural: a dollar-denominated asset that needs no US bank account and converts quickly to local currency. For monitoring teams, the signal is not the stablecoin itself but the pattern around it: large mint or redemption activity that tracks a state actor's currency management, and rapid round-trips between a stablecoin and local fiat. If you touch the stablecoin leg, define how you treat issuance and redemption tied to a high-risk jurisdiction before it becomes an examination question.
Career & Skills Corner
The 9 June comment deadline on the US AML/CFT program rule is a reminder that engaging with a proposed rule is a skill, and a career-advancing one. Most practitioners never file a comment, which means the few who do shape the rules everyone else lives under. The technique is not to respond to the whole proposal. Find the one or two provisions that change what your institution must do, and write to those with specificity. Regulators read comments for concrete operational consequences they had not fully modelled, not for agreement or disagreement in the abstract. A strong comment does three things. It states who you are and why your perspective is relevant, in two sentences. It identifies the exact provision by section number. And it gives a real, grounded example of how the provision would play out in practice, including a cost, a timeline, or an unintended effect the drafters may not have seen. If you are proposing a change, propose the alternative wording, not just the objection. The same muscle that writes a good comment letter writes a good response to an examination finding and a good board paper: read the requirement precisely, connect it to your operation, and argue from evidence. Start small. Pick one provision in the AML/CFT program rule, write 300 words on it, and submit before the window closes. You will read the next rulemaking differently for having done it once.
Three things are on my desk for next week. First, the 9 June comment deadlines close: the AML/CFT program rule and the separate GENIUS Act stablecoin proposal both shut their windows, and the industry submissions are where the real friction shows. Second, I am watching for the UK amendment regulations to be made, because the day they are signed starts a 21-day clock that most firms tell pollsters they are not ready for. Third, the FATF plenary runs from 15 to 19 June, with a possible Namibia grey-list exit and the handover to Giles Thomson on 1 July. I will be reading the AMLA conference readouts too, for any signal on how hard the new supervisor intends to push before 2028.
Turn this weekly intelligence into a career. Marco’s AML & Financial Crime course takes you from curious to hireable.
AML & Financial Crime course →