FinCrime Intelligence Weekly
A crypto mixer that sold untraceability is seized, OFAC delists and relicenses in a day, stablecoin AML rules near finalization, and the EU sharpens monitoring and beneficial-ownership rules.
Marco’s Take
Marco Beranzoni
Welcome to Issue 3 of FinCrime Intelligence Weekly. Facts sourced, actions named, no filler. Here is what changed last week and what to do about it this week.
The thread running under this week is traceability. AudiA6 sold itself as a way to make criminal cryptocurrency untraceable. It moved more than $389 million by US prosecutors’ count, and the moment investigators pulled exchange records, the trail was there. Hold that next to the rest of the week. FinCEN and OFAC want stablecoin issuers inside the Bank Secrecy Act, where their flows can be watched. AMLA is drafting what transaction monitoring must actually detect, and asking firms to prove they test it. The EU’s beneficial-ownership deadline is about making ownership visible. Even OFAC’s list churn, delisting and relicensing in a single day, is a traceability problem: can your screening keep up in both directions.
Put it together and the message is consistent. Regulators and investigators are closing the gaps where value, ownership, or a sanctioned party can hide in plain sight. The tools that promise to erase a trail tend to relocate it, not remove it. The institutions that struggle are the ones that cannot show their own work: the tuning, the testing, the reconciliation, the verification.
So here is the small, uncomfortable task for this week. Pick the one place in your operation where you most rely on something being untraceable by someone else: a mixer score you trust, a register entry you never verify, a delisting you assume your vendor caught. Test it once, by hand. What you find is next quarter’s work.
See you next Monday.
Marco
US prosecutors charged two alleged operators of a mixing service that promised untraceable funds, but investigators traced the transactions through exchange records.
A single 11 June action added CUPET, removed Russia designations, and amended energy general licenses and FAQs, so your list refresh must capture removals.
FinCEN and OFAC want permitted payment stablecoin issuers treated as BSA financial institutions. The comment window closed 9 June, with finalization next.
Draft guidelines on keeping customer data current and running transaction monitoring are now open for comment until 3 September 2026.
Member states must transpose AMLD6 register and access provisions within about four weeks, tightening what UBO data you can reach and verify.
What changed this week, why it matters, and what to do about it.
| Region | Update | Why it matters | Action |
|---|---|---|---|
| Global | The FATF (Financial Action Task Force) holds its June plenary from 15 to 19 June 2026, the last under the Mexican presidency. Grey-list changes are possible, and Giles Thomson of the United Kingdom takes over the FATF presidency on 1 July 2026. | Grey-list moves feed country-risk matrices and correspondent-banking due diligence. A new listing adds an enhanced due diligence trigger, and a removal takes one away. A presidency handover can reset workplan priorities. | Pre-stage your country-risk update process so you can act on the plenary outcome within days. Brief correspondent-banking and onboarding teams to expect possible changes the week of 15 June. |
| UK | The UK Office of Financial Sanctions Implementation (OFSI) operates revised enforcement guidance introduced in 2026, including an Early Account Scheme offering up to a 20% penalty reduction for an early factual account, and a Voluntary Disclosure and Co-operation discount of up to 30%. | The incentives reward early, candid engagement after a suspected breach. A firm that sits on a potential sanctions breach now forgoes a defined discount, so the calculation of whether and when to self-report has changed. | Update your sanctions-breach escalation playbook so legal and compliance know the Early Account and voluntary-disclosure timelines and discounts before an incident, not during one. |
| EU | AMLA (the EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism) will hold a public hearing on 2 July 2026 on its draft ongoing-monitoring guidelines, which are open for comment until 3 September 2026. | The hearing is a direct line into how AMLA is thinking about transaction monitoring before the standard binds. The detail set now becomes the supervisory baseline later. | Register a representative for the 2 July hearing and prepare one or two specific questions drawn from your own monitoring framework. Diary the 3 September comment deadline. |
| US | Alongside the 11 June Russia and Cuba actions, OFAC issued a separate action on 10 June 2026 covering Iran-related designation general licenses and counter-terrorism designation updates. | The designation cadence is effectively weekly and spans several programs at once. A monthly screening refresh leaves a window in which a newly designated party is live in your book but absent from your list. | Confirm your SDN (specially designated national) list refresh runs at least daily and reconciles. Spot-check that the 10 and 11 June actions are already reflected in screening. |
The FATF (Financial Action Task Force) holds its June plenary from 15 to 19 June 2026, the last under the Mexican presidency. Grey-list changes are possible, and Giles Thomson of the United Kingdom takes over the FATF presidency on 1 July 2026.
Why it matters:Grey-list moves feed country-risk matrices and correspondent-banking due diligence. A new listing adds an enhanced due diligence trigger, and a removal takes one away. A presidency handover can reset workplan priorities.
Action:Pre-stage your country-risk update process so you can act on the plenary outcome within days. Brief correspondent-banking and onboarding teams to expect possible changes the week of 15 June.
The UK Office of Financial Sanctions Implementation (OFSI) operates revised enforcement guidance introduced in 2026, including an Early Account Scheme offering up to a 20% penalty reduction for an early factual account, and a Voluntary Disclosure and Co-operation discount of up to 30%.
Why it matters:The incentives reward early, candid engagement after a suspected breach. A firm that sits on a potential sanctions breach now forgoes a defined discount, so the calculation of whether and when to self-report has changed.
Action:Update your sanctions-breach escalation playbook so legal and compliance know the Early Account and voluntary-disclosure timelines and discounts before an incident, not during one.
AMLA (the EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism) will hold a public hearing on 2 July 2026 on its draft ongoing-monitoring guidelines, which are open for comment until 3 September 2026.
Why it matters:The hearing is a direct line into how AMLA is thinking about transaction monitoring before the standard binds. The detail set now becomes the supervisory baseline later.
Action:Register a representative for the 2 July hearing and prepare one or two specific questions drawn from your own monitoring framework. Diary the 3 September comment deadline.
Alongside the 11 June Russia and Cuba actions, OFAC issued a separate action on 10 June 2026 covering Iran-related designation general licenses and counter-terrorism designation updates.
Why it matters:The designation cadence is effectively weekly and spans several programs at once. A monthly screening refresh leaves a window in which a newly designated party is live in your book but absent from your list.
Action:Confirm your SDN (specially designated national) list refresh runs at least daily and reconciles. Spot-check that the 10 and 11 June actions are already reflected in screening.
Typology of the week
A mixing or tumbling service pools cryptocurrency from many customers and returns different coins of equal value, for a fee, to break the on-chain link between a deposit and a withdrawal. Proceeds from ransomware, dark-web sales, and stolen funds enter the mixer as traceable cryptocurrency and leave as funds the customer hopes look clean. The service markets the result as untraceable. In practice the obfuscation degrades at the edges: where mixed funds are deposited to or withdrawn from a regulated exchange that holds know your customer (KYC) records, and where blockchain analytics cluster the service's own addresses. The AudiA6 case is the live illustration. US prosecutors allege it moved more than $389 million for a fee of up to five percent, and investigators said the transactions could be traced through exchange records.
Example
An exchange receives a deposit that analytics attribute, one hop back, to a mixing service. The funds arrived at the mixer days earlier from an address tied to ransomware proceeds. No sanctioned name appears on the transaction, so name screening stays silent. Only mixer-exposure scoring and address clustering surface the link, and exchange records on the far side make the path reconstructable. This is illustrative of a documented method, not a specific real case.
Recent actions and the control lessons behind them.
AudiA6 (cryptocurrency mixing service)
Control failure:AudiA6 operated openly as a mixing service that promised to make criminal cryptocurrency untraceable, advertised on its own dark-web forum, and processed funds that included ransomware and stolen-fund proceeds. Institutions that received its outflows without mixer-exposure scoring would have had no name-based signal to catch them.
Lesson:Name screening alone does not see a mixer. The control that does is address-level analytics that scores indirect exposure to mixing services and escalates it. The AudiA6 prosecution also confirms the obfuscation is reversible through exchange records, so a mixer hit is a reason to investigate and potentially file, not a dead end.
Singapore Police Force and partner agencies
Control failure:Announced on 20 May 2026, Operation Frontier+ III ran from 10 March to 7 May 2026 and reported 3,018 arrests across ten territories, linked to scams worth about US$752 million, with one strand dismantling a money-laundering cell. The cases ran on networks of mule accounts moving scam proceeds across borders.
Lesson:Scam losses are laundered through mule accounts at scale, and the laundering leg is where a bank can intervene even when it cannot stop the scam. Strengthen detection of newly active accounts that receive and rapidly forward funds, accounts with shared identifiers, and sudden inbound activity inconsistent with the customer profile.
The AudiA6 takedown is a reminder that name-based screening cannot see a mixing service. A mixer rarely appears as a named counterparty. Its fingerprint is an address cluster that blockchain analytics attribute to the service, often one hop from a deposit. The control response is mixer-exposure scoring with a clear escalation path, so an analyst sees that funds passed through a mixing service even when no name on the transaction is listed. US prosecutors said AudiA6's transactions could be traced through exchange records, which means a mixer hit is an investigative lead, not a dead end. Pair address analytics with mule-account detection at the cash-out point, where most of the useful KYC signal lives.
The proposed GENIUS Act rule would treat permitted payment stablecoin issuers as Bank Secrecy Act financial institutions, with their own AML, CFT, and sanctions obligations. The hard part is not onboarding. It is monitoring value that moves on public ledgers, through intermediaries the issuer never contracts with, after issuance. For issuers, that means transaction monitoring and sanctions screening tuned to on-chain flows and wallet addresses, not just to the customer of record. For banks that service issuers, it means testing the issuer's controls rather than assuming them. If you touch a stablecoin, define now how you monitor where the token goes, because a 12-month implementation clock starts at final publication.
Career & Skills Corner
AMLA's draft monitoring guidelines ask firms to prove they design, implement, and test their monitoring, and that single word, test, is where a lot of careers can separate. Most analysts can run an alert. Fewer can explain, on paper, why a threshold is set where it is, what tuning showed, and how each rule traces back to a specific risk. That document is a tuning rationale, and it is one of the most portable skills in financial crime. The technique is straightforward to start. Take one monitoring rule you own. Write half a page that states the risk it addresses, the current threshold and why, what a sample of alerts and non-alerts showed, and what you would change. Show the false-positive cost and the coverage you would lose if you loosened it. Do that for one rule and you have a template for the rest, and a document you can hand a supervisor, a model-validation team, or a board committee. The same muscle that defends a threshold defends a risk appetite and a remediation plan. Pick your noisiest rule, the one drowning your team in false positives, and write its rationale this week. You will understand your own system better, and you will have proof you tested it.
Four things are on my desk. First, the FATF plenary runs from 15 to 19 June, with possible grey-list changes and the handover to the United Kingdom's Giles Thomson on 1 July, so country-risk matrices may move. Second, AMLA's public hearing on its monitoring guidelines is on 2 July, and it is the clearest read yet on how hard the new supervisor will push on testing and tuning. Third, the EU's beneficial-ownership transposition deadline lands on 10 July, and I want to see which member states are ready and which are not. Fourth, I am watching whether OFAC's amended Russia energy licenses signal more carve-outs, because each one is a change-management task for screening teams.
Turn this weekly intelligence into a career. Marco’s AML & Financial Crime course takes you from curious to hireable.
AML & Financial Crime course →