FinCrime Intelligence Weekly
The FATF plenary reshapes the grey list and targets stablecoins, Treasury clears 76 stale sanctions entries, FinCEN proposes stablecoin ID rules, and Ireland aims a 30-point plan at crypto.
Marco’s Take
Marco Beranzoni
Welcome to Issue 4 of FinCrime Intelligence Weekly. Facts sourced, actions named, no filler. Here is what changed last week and what to do about it this week.
The plenary week did two jobs at once. It cleaned up, and it took aim at crypto. FATF redrew the country map, adding Bosnia and Herzegovina and Iraq to the grey list while freeing Algeria and Namibia. In Washington, Treasury swept 76 dead names off the sanctions list: deceased people, scrapped ships, networks that no longer exist. Both moves are housekeeping, and housekeeping has a cost if you ignore it. A new listing you miss is an exposure. A delisting you miss is a false positive your analysts keep working.
The other half of the week pointed one direction: crypto, and stablecoins in particular. FATF approved its seventh virtual asset update and said stablecoins carried 84 percent of illicit crypto volume last year. FinCEN and the banking agencies proposed a customer identification rule for stablecoin issuers, the second stablecoin rule in two months. Ireland launched a 30-point plan that hands its gambling regulator a role in setting crypto source-of-funds standards. Read together, the message is that stablecoins are now a supervised surface, not a frontier.
So here is the small, uncomfortable task for this week. Take your sanctions feed and prove, by hand, that it applies removals as fast as additions. Pull the 76 names Treasury cleared and check that they are gone from your live screening and your backlog. If you cannot show that in an afternoon, you have found a gap that grey-list season will only widen.
See you next Monday.
Marco
The June 2026 plenary reshaped the increased-monitoring list to 22 jurisdictions, and FinCEN told US institutions to apply the changes.
FATF's seventh targeted update names stablecoins a priority risk and pushes Travel Rule supervision toward 99 jurisdictions.
OFAC removed deceased individuals, scrapped vessels, and dead-network names from the SDN list, turning a delisting into a screening event your team must reconcile.
A second joint rule sets minimum customer identification standards for permitted payment stablecoin issuers, with comments due 60 days after publication.
The Government of Ireland pairs a new national risk assessment with 30 measures targeting crypto, gambling, and corporate ownership.
What changed this week, why it matters, and what to do about it.
| Region | Update | Why it matters | Action |
|---|---|---|---|
| UK | The Financial Services and Markets Bill is moving through the House of Lords, with second reading on 9 June 2026 and committee stage beginning 22 June 2026. It carries clauses to make the FCA (Financial Conduct Authority) the single anti-money laundering supervisor for professional services firms, taking supervision from bodies such as the Solicitors Regulation Authority. | Professional-services firms (legal, accountancy) would change supervisor, and the FCA supervises to a different standard and tempo than the existing professional-body supervisors. The current framework holds through 2026 and likely most of 2027. | If you are in scope, track the Bill's committee stage and start mapping your AML programme to FCA expectations now rather than waiting for the transfer. |
| US | Alongside the 76-entry delisting, OFAC (the Office of Foreign Assets Control) on 18 June 2026 extended Russia-related General Licenses 55 and 115 by six months, to 18 December 2026, and amended eight related Frequently Asked Questions, continuing the narrow energy-channel carve-outs. | General-license amendments change what is permitted, not just who is listed. A general license your team treats as static can quietly drift out of date. | Diary the 18 December 2026 expiry for General Licenses 55 and 115, re-read the eight amended FAQs, and confirm your general-license version control captured the extension. |
| Global | FATF (the Financial Action Task Force) will publish an updated status of Recommendation 15 implementation (virtual assets) for members and jurisdictions with materially important virtual asset service provider activity during 2026. | The report will name the jurisdictions that still lag, mapping where Travel Rule data on crypto transfers is least reliable and where counterparty risk concentrates. | Flag the report for review on release and use it to risk-weight your virtual asset service provider counterparties by jurisdiction. |
| EU | The EU's beneficial-ownership register transposition deadline under the Sixth Anti-Money Laundering Directive (AMLD6) falls on 10 July 2026, and AMLA (the EU Authority for Anti-Money Laundering) holds its public hearing on the draft ongoing-monitoring guidelines on 2 July 2026. | Both shape near-term EU obligations: register access changes on 10 July, and the binding transaction-monitoring standard is being set now. | Confirm your beneficial-ownership register access route for each member state before 10 July, and register a representative for the 2 July AMLA hearing. |
The Financial Services and Markets Bill is moving through the House of Lords, with second reading on 9 June 2026 and committee stage beginning 22 June 2026. It carries clauses to make the FCA (Financial Conduct Authority) the single anti-money laundering supervisor for professional services firms, taking supervision from bodies such as the Solicitors Regulation Authority.
Why it matters:Professional-services firms (legal, accountancy) would change supervisor, and the FCA supervises to a different standard and tempo than the existing professional-body supervisors. The current framework holds through 2026 and likely most of 2027.
Action:If you are in scope, track the Bill's committee stage and start mapping your AML programme to FCA expectations now rather than waiting for the transfer.
Alongside the 76-entry delisting, OFAC (the Office of Foreign Assets Control) on 18 June 2026 extended Russia-related General Licenses 55 and 115 by six months, to 18 December 2026, and amended eight related Frequently Asked Questions, continuing the narrow energy-channel carve-outs.
Why it matters:General-license amendments change what is permitted, not just who is listed. A general license your team treats as static can quietly drift out of date.
Action:Diary the 18 December 2026 expiry for General Licenses 55 and 115, re-read the eight amended FAQs, and confirm your general-license version control captured the extension.
FATF (the Financial Action Task Force) will publish an updated status of Recommendation 15 implementation (virtual assets) for members and jurisdictions with materially important virtual asset service provider activity during 2026.
Why it matters:The report will name the jurisdictions that still lag, mapping where Travel Rule data on crypto transfers is least reliable and where counterparty risk concentrates.
Action:Flag the report for review on release and use it to risk-weight your virtual asset service provider counterparties by jurisdiction.
The EU's beneficial-ownership register transposition deadline under the Sixth Anti-Money Laundering Directive (AMLD6) falls on 10 July 2026, and AMLA (the EU Authority for Anti-Money Laundering) holds its public hearing on the draft ongoing-monitoring guidelines on 2 July 2026.
Why it matters:Both shape near-term EU obligations: register access changes on 10 July, and the binding transaction-monitoring standard is being set now.
Action:Confirm your beneficial-ownership register access route for each member state before 10 July, and register a representative for the 2 July AMLA hearing.
Typology of the week
A stablecoin holds dollar value on a public blockchain without a bank account, which makes it a fast settlement layer for illicit proceeds. The launderer moves value as a stablecoin between virtual asset service providers (VASPs), exploiting transfers where the Travel Rule data is incomplete. Under the Travel Rule, originator and beneficiary information should travel with a transfer, but it breaks at the first counterparty that sends thin or missing data. Value is routed through VASPs in low-enforcement jurisdictions, then cashed out through unhosted wallets or peer-to-peer trades where Travel Rule data may not exist at all. FATF said stablecoins accounted for 84 percent of illicit virtual asset transaction volume in 2025, which is FATF's assessment rather than an independently verified figure.
Example
A VASP receives a stablecoin deposit whose originator field is blank. The funds convert to another asset within minutes, then bridge to a second chain before settling at an unhosted wallet. No sanctioned name appears, so name screening stays silent. Only Travel Rule data-quality checks and stablecoin-flow monitoring surface the pattern. This is illustrative of a documented method, not a specific real case.
Recent actions and the control lessons behind them.
Belgian court; Europol support
Control failure:On 9 June 2026, a Belgian court convicted seven members of an international ISIS support network of cryptocurrency-based money laundering used to finance weapons procurement and the acquisition of chemical, biological, radiological, nuclear and explosive (CBRN-E) precursors. Sentences ranged from 5 to 15 years plus financial penalties. Europol's CBRN-E specialists provided technical support. No specific amounts were published.
Lesson:Terrorist financing now routes through the same crypto rails as fraud and ransomware proceeds. The control response is the same logic that catches laundering: trace funds on-chain, score exposure to mixing and high-risk counterparties, and treat a crypto nexus in a terrorist-financing alert as a reason to escalate, not a curiosity. Tie sanctions and watchlist screening to wallet analytics, because a name match alone will not surface this.
Two moves in one week pulled stablecoins inside the perimeter. FATF said stablecoins carried 84 percent of illicit virtual asset volume in 2025, and FinCEN with the banking agencies proposed a customer identification rule for stablecoin issuers, the second stablecoin rule in two months. For monitoring teams, the signal is to stop treating stablecoin flow as generic crypto activity. Tune rules to stablecoin movement, check Travel Rule data quality on both legs of a transfer, and define your appetite for unhosted-wallet and peer-to-peer exposure. If you issue or bank a stablecoin issuer, the customer identification rule is the front-door standard you will be measured against, so read the customer and account definition before you build.
Treasury removed 76 stale entries from the sanctions list in its modernization push: deceased individuals, scrapped vessels, and defunct networks. Most screening programs are built to react to additions, where a new designation triggers a rescreen. Removals deserve the same discipline. A delisting your feed applies slowly leaves analysts working alerts on names the government has retired, and the cleared categories here (dead people, decommissioned ships, dead networks) are exactly the orphaned false positives that drain a team. Confirm your feed applies removals as fast as additions, then reconcile the 76 names through both live screening and the backlog.
Career & Skills Corner
Two risk assessments landed this month: Ireland's national assessment and the risk picture running through the FATF plenary. Most practitioners read these documents once and file them. The career skill is to convert one into a control gap list your institution can act on. The technique is mechanical and portable. Take the assessment and pull out every named threat and every named expectation. For each, write one line: the control you already have, the gap, and the owner. A risk assessment that says crypto source-of-funds verification is a priority becomes a row that names your current verification process, what it misses, and who fixes it. Do this for one assessment and you have a document a board committee, an auditor, or a new supervisor can read in five minutes. It also changes how you are seen. The analyst who turns a 60-page assessment into a 12-line gap list with owners is the one who gets handed the remediation programme. Start with the assessment closest to your business, pick the five threats most relevant to your book, and write the gap list this week. You will read the next assessment as a work plan, not a PDF.
Four things are on my desk. First, the FATF presidency passes to the United Kingdom's Giles Thomson on 1 July, so I am watching the opening signals on asset recovery and beneficial ownership. Second, AMLA's public hearing on its monitoring guidelines falls on 2 July, the clearest read yet on how hard the new EU supervisor will push on testing. Third, the EU's beneficial-ownership transposition deadline lands on 10 July, and I want to see which member states are ready. Fourth, the 60-day comment window on FinCEN's stablecoin customer identification rule is open, and the industry submissions on the customer and account question are where the friction will show.
Turn this weekly intelligence into a career. Marco’s AML & Financial Crime course takes you from curious to hireable.
AML & Financial Crime course →