FinCrime Intelligence Weekly
Treasury hits the Prince Group scam network and Huione rails, OFAC sanctions ISIS facilitators, the FCA censures CACEIS, and ESMA forces unlicensed crypto firms out before the MiCA deadline.
Marco’s Take
Marco Beranzoni
Welcome to Issue 5 of FinCrime Intelligence Weekly. Facts sourced, actions named, no filler. Here is what changed last week and what to do about it this week.
The pattern this week is plumbing. Treasury did not just name scammers, it went after Huione, the rail that consolidated their proceeds, and it widened a FinCEN rule to catch the next rebrand. The same logic ran through the ISIS designations, which hit a crypto exchange and a row of bureaux de change in one action. In Europe, ESMA started pushing unlicensed crypto firms out of the market before the MiCA deadline. And in London, a custodian was censured not for missing a control, but for ignoring one it already had.
Put those together and the message is consistent. Regulators are mapping the infrastructure that moves illicit value, then cutting it off a layer at a time. The OFAC and OFSI comparative guide is the quiet companion to all of it, because cross-border crime gets harder to chase when the US and UK publish how their regimes line up. The launderer’s edge has always been the seam between systems and the gap between checks. This week the seams got narrower.
So here is the small, uncomfortable task for this week. Pick your single most important control and ask the CACEIS question: if it fired right now, would anyone act on it? Find one check in your shop that produces a signal nobody owns. Give it an owner and a deadline before the week is out. That is the failure the FCA just penalised, and it is the cheapest one to fix.
See you next Monday.
Marco
OFAC sanctions nine individuals and 26 entities tied to the Prince Group scam-center operation, and FinCEN moves to widen its Huione laundering rule.
Treasury designated three individuals and six entities spanning France, Syria, Turkey, and Nigeria for moving funds for ISIS associates.
The bank checked the register three times, saw WealthTek could not hold those assets, and did nothing, the FCA says.
With the MiCA transitional period ending 1 July 2026, unlicensed crypto-asset service providers must wind down EU activity while keeping AML controls live.
The two authorities map where their sanctions regimes align and where they diverge, giving dual-program firms a reconciliation reference.
What changed this week, why it matters, and what to do about it.
| Region | Update | Why it matters | Action |
|---|---|---|---|
| EU | AMLA (the EU Authority for Anti-Money Laundering) holds its public hearing on the draft ongoing-monitoring guidelines on 2 July 2026, and the EU's beneficial-ownership register transposition deadline under the Sixth Anti-Money Laundering Directive (AMLD6) falls on 10 July 2026. | Both shape near-term EU obligations. The monitoring standard is being set now, and register access changes on 10 July. | Register a representative for the 2 July hearing, and confirm your beneficial-ownership register access route for each member state before 10 July. |
| Global | The FATF (Financial Action Task Force) presidency passes from Mexico to the United Kingdom's Giles Thomson on 1 July 2026, the start of a new two-year cycle. | A presidency handover tends to reset workplan priorities. A UK presidency points to continued focus on asset recovery and beneficial ownership. | Watch the opening statements from the new presidency for signals on the next assessment cycle, and brief your country-risk and policy teams. |
| US | Alongside the week's designations, OFAC issued Iran-related General License X on 22 June 2026 (authorising certain Iranian-origin oil and petrochemical transactions through 21 August 2026) and Russia-related General License 131G on 25 June 2026 (authorising negotiation toward the sale of Lukoil International GmbH). | General-license activity changes what is permitted, not just who is listed. A general license treated as static can drift out of date. | Diary the 21 August 2026 expiry on the Iran license, log General License 131G in your sanctions change control, and confirm your team reads new general licenses as they publish. |
| UK | The Financial Services and Markets Bill entered its House of Lords committee stage on 22 June 2026, carrying the clauses to make the FCA (Financial Conduct Authority) the single anti-money laundering supervisor for professional services firms. | Professional-services firms (legal, accountancy) would change supervisor, and the FCA supervises to a different standard and tempo than the existing professional-body supervisors. | If you are in scope, track the committee stage and start mapping your AML programme to FCA expectations now rather than waiting for the transfer. |
AMLA (the EU Authority for Anti-Money Laundering) holds its public hearing on the draft ongoing-monitoring guidelines on 2 July 2026, and the EU's beneficial-ownership register transposition deadline under the Sixth Anti-Money Laundering Directive (AMLD6) falls on 10 July 2026.
Why it matters:Both shape near-term EU obligations. The monitoring standard is being set now, and register access changes on 10 July.
Action:Register a representative for the 2 July hearing, and confirm your beneficial-ownership register access route for each member state before 10 July.
The FATF (Financial Action Task Force) presidency passes from Mexico to the United Kingdom's Giles Thomson on 1 July 2026, the start of a new two-year cycle.
Why it matters:A presidency handover tends to reset workplan priorities. A UK presidency points to continued focus on asset recovery and beneficial ownership.
Action:Watch the opening statements from the new presidency for signals on the next assessment cycle, and brief your country-risk and policy teams.
Alongside the week's designations, OFAC issued Iran-related General License X on 22 June 2026 (authorising certain Iranian-origin oil and petrochemical transactions through 21 August 2026) and Russia-related General License 131G on 25 June 2026 (authorising negotiation toward the sale of Lukoil International GmbH).
Why it matters:General-license activity changes what is permitted, not just who is listed. A general license treated as static can drift out of date.
Action:Diary the 21 August 2026 expiry on the Iran license, log General License 131G in your sanctions change control, and confirm your team reads new general licenses as they publish.
The Financial Services and Markets Bill entered its House of Lords committee stage on 22 June 2026, carrying the clauses to make the FCA (Financial Conduct Authority) the single anti-money laundering supervisor for professional services firms.
Why it matters:Professional-services firms (legal, accountancy) would change supervisor, and the FCA supervises to a different standard and tempo than the existing professional-body supervisors.
Action:If you are in scope, track the committee stage and start mapping your AML programme to FCA expectations now rather than waiting for the transfer.
Typology of the week
Investment-scam and pig-butchering operations collect money from many victims in many small payments. The proceeds are pushed into crypto early, then routed to a laundering service that aggregates and consolidates them. That node, a service like the one Treasury named in the Prince Group action, sits between the scam compounds and the regulated system. It pools value from many sources, layers it through transfers and conversions, and prepares it to re-enter the banking system as clean funds. When one such service is sanctioned, the operators tend to rebrand and resurface under a new name, which is why Treasury named a successor entity alongside the original. The laundering layer is infrastructure, not a one-off.
Example
A payment firm receives a steady stream of small inbound transfers that aggregate in one account, then move to a crypto exchange. The funds trace, two hops back, to a processor tied to a scam-compound network. No single transfer trips a threshold, and no named party appears until consolidation. Only aggregation monitoring and network-level screening surface the pattern. This is illustrative of a documented method, not a specific real case.
Recent actions and the control lessons behind them.
Huione Group; H-Pay Service PLC (per Treasury and FinCEN)
Control failure:Treasury identified Huione Group as a consolidation node for scam proceeds, and FinCEN moved to extend its rule to H-Pay Service PLC and any successor. The control gap for institutions is name-pinned screening: a watchlist tied to one entity name misses the same operation under a new label.
Lesson:Screen the behaviour and the network, not just the name. When a laundering node is designated, assume it will rebrand, and build controls that catch the pattern (consolidation, off-ramp, related-party re-onboarding) so a successor entity does not walk back in clean.
CACEIS Bank UK Branch
Control failure:CACEIS UK checked the Financial Services Register three times, each time seeing that WealthTek was not authorised to hold certain client assets, and did not act. The control worked. The response did not.
Lesson:A signal with no owner is the same as no signal. Every control that can fire needs a named owner, a required action, and a closure record, or it produces evidence that is only ever read after the loss.
The OFAC ISIS action hit a cryptoasset exchange and three bureaux de change in a single designation, which suggests the network deliberately split value across channels. A monitoring setup that runs crypto screening and correspondent or money-services screening as separate workflows sees half of a network like this. The control response is a combined view: when a counterparty or wallet is flagged in one lane, the alert should surface the same customer's exposure in the other. Terrorist financing and scam laundering both exploit the seam between crypto and fiat, so the seam is where your screening should join up.
ESMA told unlicensed crypto firms to wind down before the MiCA deadline, and insisted they keep anti-money laundering controls and the Travel Rule live throughout. For banks and authorised firms, the signal is that a wind-down concentrates outflows into a short window. A failing crypto firm moving client assets generates a surge of outbound transfers, some to authorised firms and some to self-hosted wallets where the audit trail ends. Watch the fiat off-ramp, flag inbound flows from firms you know are exiting, and tune monitoring for clustered transfers and large reallocations in the run-up to 1 July.
Career & Skills Corner
The CACEIS censure is a career lesson disguised as an enforcement notice. The bank ran the check. It looked at the public register, three times, and saw exactly the problem the regulator later penalised. What was missing was ownership: a person whose job was to act on what the check returned. Most controls in a financial crime program fail this way, not because the signal is absent but because nobody owns the response. The skill that separates a strong analyst from an average one is the habit of taking a control from fire to closure. Pick one alert type or one periodic check you run. Map what happens after it fires: who sees it, what they must do, how it gets escalated, and how the file is closed. If any of those steps is undefined, you have found the gap, and defining it is work a regulator and a board both reward. Do this for one control and you will see the others differently. The analyst who can say what happens to a signal after it fires, and prove it with a record, is the one who gets handed the program.
Several things land in the next week. First, 1 July is a triple marker: the MiCA transitional period ends, ESMA's expected coordinated action against unlicensed crypto firms begins to bite, and the FATF presidency passes to the United Kingdom's Giles Thomson. Second, AMLA holds its public hearing on the ongoing-monitoring guidelines on 2 July. Third, the EU's beneficial-ownership register transposition deadline falls on 10 July. And I am watching whether Treasury follows the Prince Group action with more designations against the Southeast Asian scam-center economy and its laundering rails.
Turn this weekly intelligence into a career. Marco’s AML & Financial Crime course takes you from curious to hireable.
AML & Financial Crime course →