Skip to content
All issues

FinCrime Intelligence Weekly

Issue №6 · Jun 29 – Jul 5, 2026

The US and Brazil hit the PCC crypto laundering network in a two-day crackdown, the UK takes the FATF helm with a fraud roadmap, and the MiCA deadline forces unlicensed crypto firms out of the EU.

FinCrime Intelligence Weekly - Issue 6: Fraud moves to the front of the line
MB

Marco’s Take

Marco Beranzoni

Welcome to Issue 6 of FinCrime Intelligence Weekly. Facts sourced, actions named, no filler. Here is what changed last week and what to do about it this week.

The thread this week is fraud, and the money that carries it. In two days, the US and Brazil hit the same PCC network from both ends: Treasury sanctioned the crypto laundering layer, and Brazil’s Federal Police froze up to two billion dollars. The same day, the United Kingdom took the FATF helm and made fraud the global priority for two years, aiming at scam compounds and the networks behind them. In the EU, the MiCA deadline forced unlicensed crypto firms out while AMLA moved its monitoring standard toward final form.

Put those together and the message is that fraud is no longer the poor relation of financial crime. For years it sat downstream of the AML program, a predicate someone else worried about. This week the biggest sanctions action, the new FATF presidency, and the crypto rulebook all pointed the same way: follow the fraud money, across crypto and cash and bank rails, across borders, in step.

So here is the small, uncomfortable task for this week. Sit your fraud lead and your MLRO in the same room and ask one question: when a fraud case closes, does anyone check whether the money laundered, and who caught it? If the two teams work from separate queues, you have found the gap FATF just said it will test. Draw one line between those two alert lists before the week is out.

See you next Monday.

Marco

The 5 stories that matter

Regulatory Radar

What changed this week, why it matters, and what to do about it.

EU

The EU's beneficial-ownership register transposition deadline under the Sixth Anti-Money Laundering Directive (AMLD6) falls on 10 July 2026.

Why it matters:Register access moves to a legitimate-interest model, and member states are transposing at different speeds, so cross-border access will not be uniform on day one.

Action:Confirm your beneficial-ownership register access route for each member state before 10 July, and tighten ultimate beneficial owner verification.

UK

The Financial Services and Markets Bill remains in its House of Lords committee stage, carrying the clauses to make the FCA (Financial Conduct Authority) the single anti-money laundering supervisor for professional services firms.

Why it matters:Legal and accountancy firms would change supervisor, and the FCA supervises to a different standard and tempo than the professional-body supervisors.

Action:If you are in scope, map your AML programme to FCA expectations now rather than waiting for the transfer.

US

Alongside the PCC designations, OFAC added seven entries and updated one existing designation on the SDN (specially designated national) list on 1 July 2026. The designation cadence remains effectively weekly.

Why it matters:A monthly screening refresh leaves a window in which a newly designated party is live in your book but absent from your list.

Action:Confirm your SDN refresh runs at least daily and reconciles, and spot-check that the 1 July entries are already in screening.

Global

Coordinated cross-border enforcement is accelerating. The US and Brazil moved against the PCC within two days, following US and UK actions against Southeast Asian scam networks in late June.

Why it matters:Networks now face freezes and information requests from several jurisdictions at once, often within days, which compresses the time a firm has to respond.

Action:Build a single-matter workflow so a US sanctions hit, a foreign court order, and a domestic freeze on the same network are handled as one case.

Typology of the week

Laundering across crypto, cash, and bank rails as one connected system

How it works

Large criminal proceeds rarely move on one rail. A network converts cash to cryptocurrency, moves value across borders on-chain, then integrates it through high-value bank transfers and real operating companies such as trading, payments, or construction firms. Each rail alone can stay under the thresholds a monitoring team sets for it, because most programmes watch crypto, cash, and bank activity in separate systems. The PCC case is the live example. Brazilian investigators described a single system that moved more than $1.92 billion across crypto transfers, cash movements, and high-value bank transactions, while the US sanctioned the crypto laundering layer that repatriated more than $30 million of US proceeds. The scheme only resolves when the three rails are read together.

Red flags

  • A customer active across cash, crypto, and high-value bank transfers whose activity sits just under the threshold on each rail.
  • Operating companies (trading, payments, construction) with sudden cross-border inflows inconsistent with their stated business.
  • Cryptocurrency used mainly to move value across a border, then converted straight back to fiat and into bank transfers.
  • A payments processor or trading firm whose counterparties concentrate on one high-risk corridor.
  • The same beneficial owner or address linking accounts your systems treat as unrelated across product lines.

Sectors exposed

Banks and payment firms sitting on the fiat off-ramp or processing high-value transfers Cryptoasset exchanges and virtual-asset service providers Payment processors and money services businesses Trade, construction, and other cash-adjacent operating sectors used as fronts

Controls to review

  • Cross-rail linking: can you connect a customer's crypto, cash, and bank alerts into one view before closing any of them?
  • Front-company detection: do sudden cross-border inflows to a trading, payments, or construction firm trigger enhanced due diligence?
  • Threshold design: are your per-rail thresholds gameable by a customer who spreads activity across all three?
  • Consolidated case handling: can your sanctions, fraud, and AML teams work one network as a single matter?

Example

A payments company receives high-value bank transfers from several counterparties, converts part to cryptocurrency, and moves it across a border, where it returns to fiat and settles to a trading firm. No single rail breaches a threshold, and the accounts look unrelated across product lines. Only cross-rail linking and beneficial-owner matching surface the one network beneath them. This is illustrative of a documented method, not a specific real case.

Enforcement Watch

Recent actions and the control lessons behind them.

  • Two jurisdictions, one network: the PCC one-two punch

    US Treasury (OFAC) and Brazilian Federal Police

    Control failure:The US sanctioned the PCC's crypto laundering network on 1 July, and Brazil froze up to two billion dollars in assets two days later. For institutions exposed to the network, the risk is handling the US designation and the Brazilian court order as two separate cases, and treating a terrorist-designated group as a routine sanctions match.

    Lesson:When two governments move on one network within days, handle it as a single matter across sanctions, fraud, and AML. After a foreign terrorist organization designation, run a material-support analysis, not just SDN screening, because the liability standard is broader than a name match.

  • Laundering rides real businesses: trading, payments, construction

    Victory Trading; Pixwave; Wave Construcoes (per OFAC)

    Control failure:The PCC network operated through a trading firm, a payments processor, and a construction company, all repatriating US proceeds to Brazil. Name-only screening treats each as an ordinary corporate customer until it is designated.

    Lesson:Operating companies are the laundering layer, not a cover for it. A trading, payments, or construction firm with sudden cross-border inflows that do not match its business is a due-diligence trigger, not a booking. Screen the behaviour and the beneficial owners, not just the name.

Crypto, Fraud & AI

Crypto is the bridge, not the whole scheme

The PCC case is a reminder that crypto is usually one rail in a larger laundering system, not the entire scheme. US proceeds were converted to cryptocurrency to cross the border to Brazil, then the wider network moved value through cash and high-value bank transfers, more than $1.92 billion in suspicious activity by Brazilian investigators' account. A monitoring setup that treats crypto as a self-contained problem misses the hand-offs. Build the ability to link a crypto alert to the same customer's cash and bank activity, and read them as one case. The chain-analytics hit is the lead, not the conclusion.

The ESMA Register is now your CASP allowlist

With the MiCA transitional period closed on 1 July, an EU crypto-asset service provider that is not authorised is operating illegally. That makes the ESMA Register the authoritative check for any crypto counterparty you bank, fund, or rely on. Treat it as an allowlist: if a CASP is not on it, it should not be serving EU clients, and your exposure to it is now a wind-down and offboarding question. Pull the register, match legal entities, document the check, and watch the fiat off-ramp as unauthorised firms move client funds out.

Career & Skills Corner

Learn to bridge the fraud team and the AML team

FATF just told the world that fraud, and the money that moves it, is the global priority for the next two years. The single most valuable thing you can do about that is unglamorous: connect the two teams that usually never talk. In most institutions, the fraud team and the anti-money laundering team run separate alert queues, separate systems, and separate metrics. A scam victim's loss is a fraud case on one side and, once the money moves, a laundering case on the other, and the two are rarely joined. The practitioner who can bridge them becomes hard to replace. Start small. Take one recent fraud case and follow the money past the point where the fraud team closed it. Where did it go, which accounts moved it, and did anyone on the AML side see it? Write up the hand-off, name where the two teams lost sight of the money, and propose one shared trigger that would have connected them. That single document is exactly the capability the next FATF assessment cycle will look for, and it is the kind of work that gets an analyst pulled into the room where the program is designed.

What I’m watching next week

Several things are on my desk. First, the EU's beneficial-ownership register transposition deadline lands on 10 July, and I want to see which member states are ready. Second, I expect follow-on PCC designations, because a network that repatriated tens of millions rarely runs through six nodes. Third, I am watching how fast national supervisors turn the FATF Fraud Roadmap into examination criteria. And I will be tracking whether the US and Brazil coordination becomes the template for how these cross-border scam and cartel networks get hit.

Want to do this for a living?

Turn this weekly intelligence into a career. Marco’s AML & Financial Crime course takes you from curious to hireable.

AML & Financial Crime course →