— Edition 1.247 52 verified trackers
ES EN
Politics · Technology · Digital regulation  ·  where data speaks before headlines
Snapshot data
AML/OFAC enforcement against banks and fintech — 418 penalties documented 418 AML/OFAC penalties documented across 177 countries and 379 regula… Corporate bankruptcy and insolvency (Chapter 11) — 4 major corporate bankrup… Corporate bankruptcies hit decade highs: over 717 in the year per S&P… High-impact litigation risk index — 4 high-impact litigations… The risk index (0-100) aggregates five objective factors —procedural … Merger control: multi-jurisdiction competition … — 9 decisions and jurisdict… Merger control diverges by jurisdiction in 2026: the Trump administra… PEPs and sanctions networks · Ibero-American graph — 40 PEP/company nodes with … Ibero-American PEP→company→sanction graph (core: Mapa del Poder, 424 … Sovereign debt distress and restructurings — 5 distress/restructuring … The IMF's 6th Global Sovereign Debt Roundtable report (April 15, 2026… Forced labor in supply chains: entity lists — 4 forced-labor exposure i… Upstream exposure intelligence densifies: the UFLPA Entity List reach… EU AI Act — designation of national authorities — 3/10/14 / 27 Member States Tracker's first event: 3 states with both authorities / 10 partial / … AI Act · Notified bodies for conformity assessment — 1 body with AI-specific a… Ecosystem 'not ready' as of Mar-2026 (standards unpublished, insuffic… Scandal → conviction gap — — milestones logged +1 mirror case: Uribe — 7 years to convict, 8 weeks to reverse, open-… Technology ↔ regulation gap — 26 regulatory milestones +1: Peru closes the generative-AI gap in ~3 years (DS 115-2025-PCM), … CNMC Spain · the Digital Services Coordinator g… — 6 documented milestones The gap becomes chronic: Congress struck down the CNMC's legal empowe… Corporate data breaches: from incident to response — 11 breaches documented +1: Canvas/Instructure, the largest known education breach (≈275M rec… Migration friction in corporate and event mobility — 3 incidents and policies … The 2026 World Cup works as a live stress test: 39 countries under fu… Power and corruption in the courts in Ibero-Ame… — 29 documented cases Jun-2026 review: Uribe updated — first-instance conviction overturned… Crypto · Licenses and authorizations by jurisdi… — 40+ CASPs with full MiCA au… July 1, 2026 cliff: the transitional regime expires (ESMA, Apr 17) wi… Data breaches · Class-action settlements — 5 settlements and mass ca… 271 million dollars across four settlements approved or with deadline… Digital regulatory risk index by country — 16 countries profiled Jun-2026 review: Brazil updated on two layers (EU adequacy Jan 26, 20… Digital services taxes (DST) by country — 3 tax-map milestones docu… About half of European OECD countries have a DST announced, proposed … Global election risk 2026: democracy and digita… — 32 elections profiled 32 electoral processes of 2026 profiled by political regime and digit… ESG · Greenwashing enforcement — 3 enforcement milestones … The legal floor arrives Sep 27, 2026 (ECGT across the 27; transpositi… EU · Digital & sustainability regulatory deadli… — 6 calendar milestones doc… Next critical deadlines: Jun 23, 2026 closes the high-risk classifica… Export controls · Entity List and advanced chips — 6 regime milestones docum… The 2026 shift: licensing for H200/MI325X and equivalents to China mo… GDPR · International transfers and adequacy dec… — 6 framework milestones do… The EU-US DPF remains in force after surviving its first judicial cha… LATAM · AI bills in legislative process — 150+ bills identified 150+ count re-verified; milestones: Peru only country with a regulate… LATAM · Judicial and regulatory sanctions on pl… — $5,2M USD · fine on X Corp. i… Paradigm shift: the STF declared Art. 19 of the Marco Civil partially… Digital political ad spending 2026 — 6 country-platform observ… AdImpact's revised projection (Jun 11): $11.6bn for the 2026 cycle — … Shadow fleet · Sanctioned vessels and enablers — 632 vessels designated by t… +46 vessels in the 20th package (Reg. 2026/506/509/511) to 632; Art. … Whistleblower awards · SEC, CFTC and equivalent… — 3 program milestones docu… The SEC awarded over $60M to 48 whistleblowers in fiscal year 2025 (2… AI Act · Sanctions regime and its actual enforc… — 0 documented AI Act fines… 0 AI Act penalties issued to date: enforcement of high-risk obligatio… Beneficial ownership transparency (UBO / CTA / … — 4 transparency milestones 4 beneficial-ownership transparency milestones documented; the EU req… Crypto industry: collapses, sanctions and convi… — 13 documented cases 13 cases of collapses, sanctions and convictions in the crypto sector… AI harms in court — litigation, rulings and set… — 103 documented cases 103 AI-related harm and rights lawsuits documented; 2026 milestones: … DMA · designated gatekeepers and real compliance — 9 documented DMA acts 9 DMA compliance actions documented against gatekeepers; 2026 develop… Documented electoral disinformation 2026 — 7 documented campaigns 7 electoral disinformation campaigns or patterns documented with open… GDPR · which national authority really sanctions — 11 authorities profiled 11 GDPR enforcement country profiles and milestones documented; 2026 … LATAM · Internet shutdowns and platform blocks — 8 documented events · 202… 8 internet shutdown and blocking episodes documented in Latin America… Operational resilience & cyber (DORA / NIS2 / SEC) — 4 regulatory milestones 4 operational-resilience milestones documented; 2026 is the first rea… Digital fines actually imposed — 61 sanctions recorded 61 high-value penalties across 18 jurisdictions and 6 continents; cov… Commercial spyware: documented cases worldwide — 23 documented cases 23 spyware and surveillance cases documented across the Ibero-America… Trade compliance & forced labor (UFLPA) — 4 actions documented 4 trade-compliance actions on forced labor documented; under UFLPA ar… US · the state AI regulation patchwork — 10 laws and milestones 10 state AI laws or milestones documented in the U.S.; 2026 developme… Electoral digital integrity 2026 — 13 elections profiled 13 elections profiled by digital integrity; 5 with transparent politi… Climate: the gap between pledge and action — 12 countries assessed 12 countries assessed by the Climate Action Tracker: 10 with insuffic… Content moderation: appeals and reversals — 19 documented decisions 19 appealed and reviewed moderation decisions, with their policy, ori… Public AI spending — global government contracts — 50 documented contracts 50 public AI contracts across 15 jurisdictions on 5 continents (45 wi… Campaign promises → fulfillment — 29 term evaluations 29 terms evaluated across 25 countries on five continents EU · Consolidated DSA enforcement decisions — €120M first DSA fine · X · 5 … 5 Member States referred to CJEU for insufficient DSC implementation LATAM · Digital spending in 2026 electoral camp… — $14.794M COP · highest declared … Only 8 of 13 campaigns had reported in Cuentas Claras by mid-May Ibero-America · documented public contracts wit… — 3 contracts verified with… DC registry kickoff · ongoing monthly manual sweep RSF · Press freedom in Latin America — 144 Peru's rank (the region… AR -11 · PE -14 · SV -8 · EC -31 · USA -7 AML/OFAC enforcement against banks and fintech — 418 penalties documented 418 AML/OFAC penalties documented across 177 countries and 379 regula… Corporate bankruptcy and insolvency (Chapter 11) — 4 major corporate bankrup… Corporate bankruptcies hit decade highs: over 717 in the year per S&P… High-impact litigation risk index — 4 high-impact litigations… The risk index (0-100) aggregates five objective factors —procedural … Merger control: multi-jurisdiction competition … — 9 decisions and jurisdict… Merger control diverges by jurisdiction in 2026: the Trump administra… PEPs and sanctions networks · Ibero-American graph — 40 PEP/company nodes with … Ibero-American PEP→company→sanction graph (core: Mapa del Poder, 424 … Sovereign debt distress and restructurings — 5 distress/restructuring … The IMF's 6th Global Sovereign Debt Roundtable report (April 15, 2026… Forced labor in supply chains: entity lists — 4 forced-labor exposure i… Upstream exposure intelligence densifies: the UFLPA Entity List reach… EU AI Act — designation of national authorities — 3/10/14 / 27 Member States Tracker's first event: 3 states with both authorities / 10 partial / … AI Act · Notified bodies for conformity assessment — 1 body with AI-specific a… Ecosystem 'not ready' as of Mar-2026 (standards unpublished, insuffic… Scandal → conviction gap — — milestones logged +1 mirror case: Uribe — 7 years to convict, 8 weeks to reverse, open-… Technology ↔ regulation gap — 26 regulatory milestones +1: Peru closes the generative-AI gap in ~3 years (DS 115-2025-PCM), … CNMC Spain · the Digital Services Coordinator g… — 6 documented milestones The gap becomes chronic: Congress struck down the CNMC's legal empowe… Corporate data breaches: from incident to response — 11 breaches documented +1: Canvas/Instructure, the largest known education breach (≈275M rec… Migration friction in corporate and event mobility — 3 incidents and policies … The 2026 World Cup works as a live stress test: 39 countries under fu… Power and corruption in the courts in Ibero-Ame… — 29 documented cases Jun-2026 review: Uribe updated — first-instance conviction overturned… Crypto · Licenses and authorizations by jurisdi… — 40+ CASPs with full MiCA au… July 1, 2026 cliff: the transitional regime expires (ESMA, Apr 17) wi… Data breaches · Class-action settlements — 5 settlements and mass ca… 271 million dollars across four settlements approved or with deadline… Digital regulatory risk index by country — 16 countries profiled Jun-2026 review: Brazil updated on two layers (EU adequacy Jan 26, 20… Digital services taxes (DST) by country — 3 tax-map milestones docu… About half of European OECD countries have a DST announced, proposed … Global election risk 2026: democracy and digita… — 32 elections profiled 32 electoral processes of 2026 profiled by political regime and digit… ESG · Greenwashing enforcement — 3 enforcement milestones … The legal floor arrives Sep 27, 2026 (ECGT across the 27; transpositi… EU · Digital & sustainability regulatory deadli… — 6 calendar milestones doc… Next critical deadlines: Jun 23, 2026 closes the high-risk classifica… Export controls · Entity List and advanced chips — 6 regime milestones docum… The 2026 shift: licensing for H200/MI325X and equivalents to China mo… GDPR · International transfers and adequacy dec… — 6 framework milestones do… The EU-US DPF remains in force after surviving its first judicial cha… LATAM · AI bills in legislative process — 150+ bills identified 150+ count re-verified; milestones: Peru only country with a regulate… LATAM · Judicial and regulatory sanctions on pl… — $5,2M USD · fine on X Corp. i… Paradigm shift: the STF declared Art. 19 of the Marco Civil partially… Digital political ad spending 2026 — 6 country-platform observ… AdImpact's revised projection (Jun 11): $11.6bn for the 2026 cycle — … Shadow fleet · Sanctioned vessels and enablers — 632 vessels designated by t… +46 vessels in the 20th package (Reg. 2026/506/509/511) to 632; Art. … Whistleblower awards · SEC, CFTC and equivalent… — 3 program milestones docu… The SEC awarded over $60M to 48 whistleblowers in fiscal year 2025 (2… AI Act · Sanctions regime and its actual enforc… — 0 documented AI Act fines… 0 AI Act penalties issued to date: enforcement of high-risk obligatio… Beneficial ownership transparency (UBO / CTA / … — 4 transparency milestones 4 beneficial-ownership transparency milestones documented; the EU req… Crypto industry: collapses, sanctions and convi… — 13 documented cases 13 cases of collapses, sanctions and convictions in the crypto sector… AI harms in court — litigation, rulings and set… — 103 documented cases 103 AI-related harm and rights lawsuits documented; 2026 milestones: … DMA · designated gatekeepers and real compliance — 9 documented DMA acts 9 DMA compliance actions documented against gatekeepers; 2026 develop… Documented electoral disinformation 2026 — 7 documented campaigns 7 electoral disinformation campaigns or patterns documented with open… GDPR · which national authority really sanctions — 11 authorities profiled 11 GDPR enforcement country profiles and milestones documented; 2026 … LATAM · Internet shutdowns and platform blocks — 8 documented events · 202… 8 internet shutdown and blocking episodes documented in Latin America… Operational resilience & cyber (DORA / NIS2 / SEC) — 4 regulatory milestones 4 operational-resilience milestones documented; 2026 is the first rea… Digital fines actually imposed — 61 sanctions recorded 61 high-value penalties across 18 jurisdictions and 6 continents; cov… Commercial spyware: documented cases worldwide — 23 documented cases 23 spyware and surveillance cases documented across the Ibero-America… Trade compliance & forced labor (UFLPA) — 4 actions documented 4 trade-compliance actions on forced labor documented; under UFLPA ar… US · the state AI regulation patchwork — 10 laws and milestones 10 state AI laws or milestones documented in the U.S.; 2026 developme… Electoral digital integrity 2026 — 13 elections profiled 13 elections profiled by digital integrity; 5 with transparent politi… Climate: the gap between pledge and action — 12 countries assessed 12 countries assessed by the Climate Action Tracker: 10 with insuffic… Content moderation: appeals and reversals — 19 documented decisions 19 appealed and reviewed moderation decisions, with their policy, ori… Public AI spending — global government contracts — 50 documented contracts 50 public AI contracts across 15 jurisdictions on 5 continents (45 wi… Campaign promises → fulfillment — 29 term evaluations 29 terms evaluated across 25 countries on five continents EU · Consolidated DSA enforcement decisions — €120M first DSA fine · X · 5 … 5 Member States referred to CJEU for insufficient DSC implementation LATAM · Digital spending in 2026 electoral camp… — $14.794M COP · highest declared … Only 8 of 13 campaigns had reported in Cuentas Claras by mid-May Ibero-America · documented public contracts wit… — 3 contracts verified with… DC registry kickoff · ongoing monthly manual sweep RSF · Press freedom in Latin America — 144 Peru's rank (the region… AR -11 · PE -14 · SV -8 · EC -31 · USA -7
/ trackers / aml-ofac-enforcement
Financial compliance · AML and sanctions

AML/OFAC enforcement against banks and fintech

Record of major anti-money-laundering (AML) and sanctions-violation (OFAC) penalties imposed on banks and fintech. It does not measure only the headline amount: it distinguishes between the announced fine, the final one and the one actually paid, and between a civil violation and a criminal guilty plea. That granularity is what matters to a compliance team or a banking due diligence: a negotiated civil fine is a different risk from a criminal conviction with an imposed independent monitor. Each record documents the entity, the regulator, the amount, the status and the type of violation, with its source. It is the regulatory-intelligence asset most demanded by banking, fintech and financial compliance.

Snapshot · June 14, 2026
418
penalties documented
↑ 418 AML/OFAC penalties documented across 177 countries and 379 regulators, with more than $3,563 billion in amounts at stake (fines, forfeitures and laundering volumes). A curated registry of verifiable cases, not an exhaustive census.

Evolution

Methodology and coverage

This registry is a curated selection of notable, documented AML and OFAC enforcement cases, not a census of all regulatory activity worldwide. Coverage depends on the availability of public sources —skewed toward Anglophone jurisdictions and official English-language releases— so a larger number of cases in a region reflects both the intensity of enforcement and the ease of documenting it, not necessarily a greater volume of laundering. Cross-country comparisons should be read as documented cases, never as a direct measurement of incidence.

documented events
420
time range
1962–2026
86% since 2016
countries · regulators
179 · 383
with a quantified amount
74%

Dataset coverage

Quantified amount 74% · 311/420
Events with two or more sources 37% · 154/420
Complete taxonomic fields 100% · by schema design

Source depth

  • one source: 266 cases (63%)
  • two sources: 148 cases (35%)
  • three or more: 6 cases (1%)

Verification: each event is anchored in at least one official primary source (DOJ, FinCEN, OFAC, OCC, the Federal Reserve, the FATF and its regional bodies, or national regulators' bulletins). Profiles rewritten in depth incorporate two or more cross-checked primary sources; the verifiedAt field records the verification date of each link.

Geographic distribution (documented cases)

Americas 122 (29%)
Asia 115 (27%)
Europe 101 (24%)
Africa 60 (14%)
Oceania 21 (5%)
Global 1 (0%)

The distribution reflects the availability of public documentation, not the real volume of laundering. Read it as “documented cases,” not a ranking of incidence.

The schema's taxonomic fields —region, risk level, analytical typology, FATF status at the time of the case and enforcement phase— are present in every event by design; their completeness should not be confused with that of the amount, which is recorded only when an official published figure exists.

Unpublished figures are not imputed: cases without a verifiable amount are excluded from the monetary calculations.

Data analysis

Statistical readings derived from the attributes of each recorded case. All figures come from the documented events; amounts are computed only over cases with a sum expressed in the indicated currency, without converting between currencies.

Underlying offense (dominant predicate)

Deterministic classification of the offense that generated the money, derived from each case's attributes; nothing is imputed. 'AML control failures' groups cases whose violation is the compliance failure itself, with no dominant named predicate.

Dominant predicate by region

Dominant predicate (one per case) crossed with region. Read as documented cases, not real incidence: coverage depends on the availability of public sources.

Predicate mix by year (% of cases)

Share of each dominant predicate among the documented cases of each year, normalized to 100% to control for the total number of cases —which grows over time—. This reveals the shift in the mix (the rise of crypto and cybercrime; the 2022 spike in sanctions evasion) without confusing it with the increase in documented volume. Years with fewer than 6 cases are omitted as statistically noisy. It remains a reading of documented cases, not real incidence.

Concentration of documented amounts (Lorenz curve)

The amount field aggregates heterogeneous magnitudes —fines, forfeitures, frozen assets and laundering volumes—, dominated by a handful of mega-cases; this curve therefore measures the concentration of the documented monetary mass, not of fines in the strict sense. The diagonal marks perfect equality: the farther the curve bows away, the greater the concentration.

Gini = 0.911 · the top 10% of cases hold 89% of the documented amount · n = 311 cases with an amount

Regulator

Which authority imposed the penalty: DOJ, FinCEN, OFAC, OCC, CFTC, or European authorities.

Penalty status

Whether the penalty is civil, criminal (guilty plea) or mixed. The most differential field for due diligence.

Violation type

The sanctioned conduct: AML program failures, sanctions evasion, illicit financing, etc.

Penalty amount (USD millions)

The total amount of each penalty in USD millions, including fine and forfeiture where applicable.

Computed over 420 of 420 events with available data

Entity sector

The sanctioned sector: traditional banking, crypto or fintech. Reveals how enforcement has spread beyond banks.

Distribution by risk level (risk_score)

Editorial severity score from 1 to 10 (10 = maximum). Cases scoring ≥7 are those prioritized for corporate due diligence and enhanced compliance.

FATF status at the time of the case

The country's standing before FATF when the case occurred: compliant, grey-listed (enhanced monitoring), blacklisted, or predating FATF's creation (1989). Reveals whether failures occurred in already-flagged or apparently-compliant jurisdictions.

Cases by FATF-style regional body

Regional AML/CFT assessment body overseeing the jurisdiction: MONEYVAL (Europe), GAFILAT (Latin America), APG (Asia-Pacific), MENAFATF (Middle East/North Africa), ESAAMLG and GIABA (Africa), GABAC (Central Africa), EAG (Eurasia), CFATF (Caribbean).

Documented cases per year

Temporal distribution of recorded cases (1962–2026). The concentration in the 2020s reflects both the real increase in global enforcement and greater recent documentary availability.

Institutional repeat offending

Share of entities flagged as repeat offenders (with documented prior AML/CFT penalties or failures) versus first-time offenders. Repeat offending is a key red flag for institutional funds and counterparty due diligence.

Largest individual penalties (USD millions)

The ten largest individual cases by documented amount, identified by the sanctioned entity. Includes collapses, state bailouts and regulatory fines; amounts are not converted between currencies nor adjusted for inflation.

Computed over 420 of 420 events with available data

Cumulative amount by risk level (USD millions)

Sum of documented amounts grouped by the editorial severity score (1–10). Shows that monetary volume concentrates in maximum-risk cases: those marked 10 accumulate most of the total, confirming the correlation between severity and financial magnitude.

Computed over 420 of 420 events with available data

Analytical case typology

Standardized classification of case type for B2B analysis and due diligence: bank AML failures, crypto exchange hacks, Ponzi schemes, rogue traders, corporate fraud, FCPA/bribery, sanctions evasion, kleptocracy, DeFi exploits and other categories. Allows filtering the tracker universe by the NATURE of the case, not just by entity or sector.

Cases by world region

Aggregated geographic distribution by the five major world regions (Americas, Europe, Asia, Africa, Oceania). Allows B2B clients to prioritize regional analysis — the primary filtering dimension in enterprise due diligence.

Enforcement phase

Standardized classification of the final enforcement phase: criminal convictions, civil settlements, sanctions designations (OFAC/SDN), FATF listings, DPAs (deferred prosecution agreements), FinCEN Section 311, bank resolutions (collapses/bailouts) and others. Key filter for B2B clients who need to distinguish firm convictions from administrative actions.

Heatmap: dominant predicate × region

Count of documented cases at the intersection of each dominant predicate and each region; color intensity is proportional to the number of cases. It shows at a glance where each offense type concentrates. Read as documented cases, not real incidence.

AmericasAsiaEuropeAfricaOceaniaGlobal Total
AML control failures 2538331211 119
Crypto & cybercrime 27201012 60
Kleptocracy (PEP) 7141116 48
Corruption & bribery 13413131 44
Financial fraud 1112712 33
Sanctions evasion 99132 33
Drug trafficking 193431 30
Tax evasion 42543 18
Terrorism & proliferation 9111 12
Organized crime 2316 12
Other 51311 11
Total 12211510160211 420

Global incidence map

Choropleth by number of forensically or judicially documented cases. Countries with no verifiable public cases remain in the base colour — the absence of events does not equal the absence of surveillance. Hover or click a coloured country to see the cases.

Natural Earth 50m · Diálogo Ciudadano

Reading the data

A $3 billion money-laundering fine and a $500 million one are not the same risk just because of the figure. What distinguishes an AML penalty is whether it was a civil fine or a criminal conviction with an imposed monitor. This tracker —from BNP Paribas to Binance, from Wall Street to Germany's BaFin— separates the headline amount from what matters for due diligence: the penalty's status.

JG
Juan D. Gonzáles · Data and visualization · Panamá
May 26, 2026 · 6 min read

Enforcement against money laundering and sanctions violations is, in dollars, among the most forceful in the regulatory world: the seven penalties in this tracker total over $10 billion. But the amount, however spectacular, is the least useful dimension for assessing an entity's risk. The decisive thing is the penalty's status, and there this tracker makes its key distinction.

TD Bank's case exemplifies it. Its $3.21 billion made headlines, but what was truly exceptional was something else: TD Bank pleaded guilty to money-laundering conspiracy, the first bank in history to do so. A civil fine, however large, is negotiated and paid; a criminal guilty plea leaves the bank with a record, an independent monitor watching it for years and operational restrictions. For a counterparty assessing who to work with, that difference is everything.

Of the 34 documented penalties, 17 involved a criminal route (guilty plea or deferred-prosecution agreement) and the rest were civil settlements or administrative fines. That proportion is the metric a compliance team needs: not 'how much was fined', but how many times the regulator deemed the conduct serious enough to require a criminal route and not just a cheque.

Crypto enters the enforcement map

The tracker also captures a structural shift: money laundering is no longer just a banking matter. Binance —the world's largest crypto exchange— starred in one of the largest corporate penalties in US history ($4.316 billion), and OKX and BitMEX complete a crypto front that did not exist a few years ago. The regulator has extended the same AML-program and sanctions-compliance requirements to digital-asset platforms, with the same instruments: forfeiture, independent monitor and, where appropriate, criminal guilt.

For whoever builds risk intelligence, this means the universe to watch has doubled: it is no longer enough to follow the big banks, you must follow fintech and crypto platforms by the same standard. That is why the tracker labels each entity's sector —bank, fintech, crypto— and allows comparing enforcement among them. The due-diligence question of the future is not only 'which banks have been sanctioned', but 'what exposure does my counterparty have to entities with an AML criminal conviction, whatever their sector'.

From BNP Paribas to BaFin: a longer and more global story

AML enforcement did not start with TD Bank or with crypto. The largest sanctions-violation penalty in history remains BNP Paribas's in 2014: $8.9 billion and a criminal guilty plea for concealing transactions with Iran, Sudan and Cuba over eight years. Earlier, in 2012, HSBC had paid $1.9 billion for letting Mexican cartel money flow. Seeing these cases alongside the recent ones reveals that the pattern —AML programs that exist on paper but detect nothing— repeats decade after decade.

The tracker also incorporates the European dimension, which English-language sources tend to ignore. In Germany, BaFin fined Deutsche Bank €23 million in 2025 —more than all German banking in 2024— and sanctioned fintechs like N26 and Solaris for AML failures; in Spain, SEPBLAC imposes administrative fines for client-identification deficiencies; in South Korea, Shinhan's New York unit paid $25 million. The European scale is smaller than the US one, but the risk map cannot be understood without it.

Methodology note

Each penalty is documented with its primary source (DOJ, FinCEN, OCC, OFAC, Federal Reserve communications) and specialised compilations as secondary. The status distinguishes civil, criminal and mixed. The amount includes fine and forfeiture where both are on record, and is noted in USD millions for comparison. A distinction is drawn between announced, final and paid. No unpublished figures are imputed. Coverage prioritizes the major 2023-2026 resolutions for their market impact and benchmark value.

This tracker is regulatory-intelligence infrastructure, not compliance advice nor a risk valuation of any specific entity. Every classification is attributed to the corresponding official resolution.

Documented events (420)

December 9, 2024 ZW confirmed

Zimbabwe: OFAC sanctions the 'Gold Mafia' Kamlesh Pattni's global gold-smuggling and money-laundering network

Zimbabwe's biggest illicit-finance case is the gold-smuggling and money-laundering network that the US Treasury's OFAC sanctioned on December 9, 2024 —on International Anti-Corruption Day— under Executive Order 13818. The action reached 28 individuals and businesses in a network 'based in Zimbabwe' led by Kenyan-British businessman Kamlesh Pattni, in coordination with the FBI and the United Kingdom, which designated Pattni, his wife and his brother-in-law the same day. According to the Treasury, Pattni bribed officials, concealed the ownership of his companies through trusted people and wove a global web of companies —across Zimbabwe, Dubai, Singapore, Kenya, the UK and Kyrgyzstan— to enrich himself with the country's gold at the expense of its citizens. The central company, Sun Multinational DMCC (Dubai), was linked through family front men; one of its executives was implicated in the corruption of President Emmerson Mnangagwa, whom the US had already sanctioned on March 4, 2024 for corruption and serious human-rights abuses. The scheme had been exposed in 2023 by Al Jazeera's 'Gold Mafia' investigation, which showed how gold left Zimbabwe for Dubai —where it was re-smelted and re-stamped to erase its origin— with the facilitation of the state-owned Fidelity refinery and senior officials. Pattni, who carried the baggage of Kenya's 1990s Goldenberg scandal, denied all criminal activity and any involvement in money laundering; Mnangagwa's spokesman dismissed the US sanctions 'with the contempt they deserve' and called the president's business dealings 'private'. Supervision rests with the Reserve Bank of Zimbabwe (RBZ) and its financial intelligence unit, with the country a member of ESAAMLG.

November 30, 2008 ZW confirmed

Zimbabwe: hyperinflation 89.7 sextillion % Nov 2008 (second worst in history) + Mugabe/Gono sanctions

Zimbabwe (16M inhabitants, capital Harare, former Rhodesia, independence 1980) lived under **Robert Mugabe** (President 1987-2017, PM 1980-1987 — **37 years in power**, removed by military coup November 2017, died 2019) **one of the worst hyperinflations in world history**. In **November 2008, Zimbabwe's monthly inflation reached 79,600,000,000% (79.6 billion percent monthly) = ~89.7 sextillion percent annually** — the **second worst documented hyperinflation in history after Hungary 1946**. The Reserve Bank of Zimbabwe (RBZ) under governor **Gideon Gono** (1983-2013) printed banknotes of up to **$100 TRILLION Zimbabwean dollars** (worth ~$0.40 USD) — phenomenon catalyzed by: Mugabe's **'Fast Track Land Reform' (2000)** that expropriated white farmers' farms (collapsing agriculture, formerly 'Africa's breadbasket'), uncontrolled money printing to finance deficits + Congo war + ZANU-PF patronage, Western sanctions. In **April 2009, Zimbabwe abandoned the Zimbabwean dollar** and adopted multi-currency (USD + South African rand + others). It returned to an RTGS dollar 2019, bond notes, and in **2024 launched the 'ZiG' (Zimbabwe Gold)** gold-backed currency — still with credibility problems. **Robert Mugabe + Grace Mugabe (wife) + 200+ ZANU-PF elite were sanctioned by OFAC (SDN) since 2003** (Executive Order 13288 + 13391 + 13469) + EU + UK for human rights abuses + corruption + electoral fraud + Gukurahundi massacres (1983-1987, 20,000 Ndebele killed). **Emmerson Mnangagwa** ('the Crocodile', Mugabe's VP, succeeded him after the 2017 coup, President since 2017) — sanctions partially lifted/modified 2024 (US transitioned to targeted Global Magnitsky). The RBZ + Financial Intelligence Unit supervise. Zimbabwe is an ESAAMLG member.

January 17, 2024 YE confirmed

Yemen: OFAC designates Houthis as FTO in Jan 2024 — civil war + Red Sea blockade + dual financial system

On **January 17, 2024**, OFAC **redesignated the Houthis (Ansar Allah)** as **Specially Designated Global Terrorists (SDGT)** under Executive Order 13224, after systematic attacks on international shipping in the Red Sea started in November 2023 (in supposed solidarity with Hamas post-October 7). Trump 1.0 had designated the Houthis as FTO in January 2021, Biden removed them in February 2021 due to humanitarian concerns, and Biden redesignated them in January 2024 (SDGT, not FTO). Trump 2.0 is proceeding with FTO designation (announced March 2025). Yemen lives **a civil war since 2014** between the **Houthis (Zaidi Shia, controlling ~70% of the population via Sanaa)** and the **legitimate Yemen government (Aden, Sunni)** supported by the Saudi-Emirati coalition. Yemen has **two parallel banking systems**: **(1) Central Bank of Yemen Aden** (internationally recognized government, controlled by Hadi/Alimi), **(2) Central Bank of Yemen Sanaa** (controlled by Houthis, **redesignated SDGT by OFAC in May 2025**). The conflict has caused **390,000+ deaths** (2014-2024 according to ACLED + UNDP) and **the world's worst humanitarian crisis** (24M people needing assistance, famine documented by UN). Specific Yemeni AML risks: **Houthi taxation** in controlled areas (massive taxes on local businesses), **Iranian arms smuggling** via Hodeidah port (annual UN reports, IRGC support since 2014), **oil blocked** from Hadhramaut/Marib, **dominant hawala** post-banking collapse, **Saudi Arabian aid funds** diverted. Yemen is a MENAFATF member.

June 10, 2021 YE confirmed

Yemen: Houthi financing, a network of Iranian-oil smuggling and money exchangers under OFAC sanctions

The main focus of illicit finance linked to Yemen is not the recognized Yemeni state but the Houthi group (Ansarallah) and its Iran-linked financial network. On June 10, 2021, the US Treasury's OFAC designated, under Executive Order 13224 (counterterrorism), Sa'id al-Jamal, an Iran-based Houthi financier backed by the Islamic Revolutionary Guard Corps-Qods Force (IRGC-QF), for directing a network of front companies and vessels that sells Iranian petroleum and commodities —tens of millions of dollars— whose revenue is channeled, through intermediaries and exchange houses in several countries (such as Swaid and Sons in Yemen), to the Houthis. From there, the Treasury has strung together numerous actions against the group's revenue-raising, smuggling and weapons-procurement machinery —among them on June 17, July 31, October 2 and December 19, 2024 (the last of which designated the governor of the Houthi central bank in Sana'a, Hashem al-Madani, and five cryptocurrency wallets of the network), and again in 2025 and January 2026. On September 11, 2025, in its 'largest action to date' against Ansarallah, OFAC sanctioned 32 individuals and entities and four vessels, and identified the network of Mohammad Abdulsalam, with hundreds of companies importing Iranian oil worth about one billion dollars. The United States designated the Houthis as a Specially Designated Global Terrorist (SDGT) on February 16, 2024 and re-designated them a Foreign Terrorist Organization (FTO) on March 5, 2025, as part of a 'maximum pressure' campaign on Iran. The Houthis earn hundreds of millions of dollars a year by taxing fuel imports, which they then sell to the population at inflated prices. Supervision rests with a Central Bank of Yemen split between Aden (recognized government) and Sana'a (Houthi control); Yemen, a MENAFATF member, has been on the FATF grey list since 2010, unable to complete its action plan because of the conflict.

May 5, 2016 PA confirmed

Panama: OFAC designates the Waked MLO under the Kingpin Act (May 5, 2016) — 8 individuals + ~68 companies, Balboa Bank seized; staggered delisting 2016-2025

On **May 5, 2016**, the US Treasury's Office of Foreign Assets Control (**OFAC**) designated the **Waked Money Laundering Organization (Waked MLO)** and its leaders **Nidal Ahmed Waked Hatum** and **Abdul Mohamed Waked Fares** (b. Dec 19, 1949, Kamed El Louz, Lebanon; Panama/Lebanon/Colombia citizen) as **Specially Designated Narcotics Traffickers** under the **Foreign Narcotics Kingpin Designation Act**. The action —coordinated with DEA, CBP and the FBI Miami division— reached **8 individuals and ~68 companies** (77 entities total). Designated associates: brothers **Gazy, Ali and Jalal Waked Hatum**; **Mohamed Abdo Waked Darwich** (Waked Fares' son, duty-free/real estate); and attorneys **Norman Douglas Castro Montoto** and **Lucia Touzard Romo** (shell-company incorporation). Core companies: **Grupo Wisa S.A.** (flagship holding), **Vida Panama (Zona Libre) S.A.**, **La Riviera** (duty-free chain in 11 countries, RUC 645451-1-458900), **Soho Panama S.A.** (luxury mall), **Importadora Maduro / Felix B. Maduro** (department store since 1877) and **Balboa Bank & Trust** (controlled by holding **Strategic Investors Group Inc.**). OFAC alleged **trade-based money laundering** (false commercial invoicing, bulk cash smuggling) for international drug traffickers (DEA cited clients from the Sinaloa Cartel to the FARC). That same May 5 (2:30 pm) the **Superintendence of Banks of Panama (SBP) seized Balboa Bank & Trust** and the SMV seized Balboa Securities. **Key point: the designation is administrative, not criminal.** Nidal Waked was arrested in Bogota (May 4-5, 2016), extradited to Miami (Jan 19, 2017) and signed a **plea deal for a SINGLE offense (bank fraud, Oct 19, 2017)**; he walked free in April 2018 after ~27 months. Judge Robert Scola dismissed a ~$20M fine; the plea acknowledged that **no bank suffered losses and all withdrawals were repaid with interest** (InSight Crime: 'the US bungled its case'). **Abdul Waked never faced formal criminal charges in the US.** OFAC delisted entities in stages: Felix B. Maduro (Nov 2016, sold to Grupo Arrocha), Soho Mall (Jun 2017, bought by Mexico's Citelis+CAABSA), La Estrella/El Siglo + Balboa Bank (Oct 2017, after transferring 51% of the papers to a foundation), attorney Touzard (Jan 2018), ~13 inactive companies (Apr 2021), dissolved Soho/Waked Internacional/Abif/Grupo La Riviera Panama S.A. (Sep 2021), and further removals of dissolved entities. The **La Riviera operation remained blocked** and **Abdul and Nidal Waked remained designated as of 2024** (Newsroom Panama). **Verification (primary source, 2026):** OFAC's May 15, 2025 action (FR 2025-09055) is a removal under Executive Order 13224 / the Hizballah Act (terrorism), NOT the Waked case (Kingpin Act/SDNTK); it therefore does not affect the Wakeds. As of 2024, Abdul and Nidal Waked remained designated.

June 1, 2018 VU confirmed

Vanuatu: FATF blacklist exit 2018 + lost Schengen visa rights 2024 over CBI program

Vanuatu, an archipelago of 80 islands in the South Pacific with ~330,000 inhabitants, has historically been one of the world's most prominent tax havens, with the world's most permissive Citizenship by Investment (CBI) program (Vanuatuan passport for $130,000 USD without residency requirement). The Reserve Bank of Vanuatu (RBV) and the Financial Intelligence Unit (FIU Vanuatu) supervise the banking system under the framework of the Anti-Money Laundering and Counter-Terrorism Financing Act 13 of 2014, amended in 2017, 2019 and 2023. Vanuatu was added to FATF blacklist in 2016 and exited in June 2018 after implementing action plan. However, in 2024, the EU suspended Schengen visa privilege for Vanuatuan passport holders over the CBI program that sold passports to >10,000 people — many from high-risk jurisdictions (China, Russia, Iran, Syria). The CBI program generated ~$120M annually in revenues for Vanuatu (40% of government budget) but was identified as an AML vector by financial intelligence consultants and OCCRP reporting. The EU also included Vanuatu on its non-cooperative jurisdictions list (Annex II) in 2024.

March 3, 2022 VU confirmed

Vanuatu: the 'golden passports' and the EU's suspension of the visa exemption over security and money-laundering risks

The case that defines Vanuatu's financial risks is that of its 'golden passports': since May 25, 2015, this small Pacific archipelago has sold its citizenship in exchange for an investment —from about 130,000 dollars— through programs such as the Vanuatu Development Support Programme (VDSP) and the Vanuatu Contribution Programme (VCP), which gave buyers visa-free access to the Schengen Area. The European Commission investigated these schemes from 2017 and concluded that they presented serious security deficiencies: an extremely low rejection rate (a single refusal before 2020), the absence of residence or physical-presence requirements, overly short processing times, the lack of information exchange with countries of origin and the granting of citizenship to applicants listed in Interpol databases, with the fear that criminals —and possibly wanted or sanctioned individuals— were using the program as a 'back door' to Europe. Faced with the lack of reforms, the EU Council partially suspended the visa-waiver agreement on March 3, 2022, did so fully from February 4, 2023, and finally, on December 12, 2024, permanently ended the exemption, adding Vanuatu to the list of countries whose nationals need a visa to enter the EU. The decision —a precedent in European pressure against investor-citizenship programs— was a heavy blow to Vanuatu's economy, which is highly dependent on passport sales. Financial supervision rests with the Reserve Bank of Vanuatu (RBV), the Financial Services Commission (VFSC) and the financial intelligence unit, with the country a member of the APG.

October 24, 2025 BF confirmed

WAEMU: Togo + Benin + Mali + Burkina Faso + Niger — Sahel coups 2020-2023 + Burkina Faso FATF exit Oct 2025

The 5 WAEMU countries analyzed (excluding Ivory Coast, Senegal, Guinea-Bissau covered separately) sharing CFA franc XOF: Togo (8.8M) + Benin (13M) + Mali (22M) + Burkina Faso (22M) + Niger (26M). The 'Sahel coup belt' 2020-2023 was one of the most significant political earthquakes in post-2000 Africa: Mali experienced military coups August 2020 + May 2021 (Assimi Goïta), expelled French Operation Barkhane (August 2022), invited Wagner Group (~1,500 mercenaries), left ECOWAS along with Burkina Faso + Niger (January 2024 forming AES Alliance des États du Sahel). Burkina Faso coups January 2022 (Damiba) + September 2022 (Ibrahim Traoré, 36 yo). Burkina Faso exited FATF grey list Oct 2025 along with South Africa, Mozambique, Nigeria. Niger coup July 26 2023 (Tchiani, removed Bazoum). Wagner/Africa Corps active in all three. All under varying ECOWAS + EU + US sanctions. Togo (Gnassingbé 58-year dynasty) + Benin (Patrice Talon since 2016) remain stable. BCEAO supervises 8 WAEMU countries. GIABA members.

July 1, 2023 TV confirmed

Tuvalu: a microstate legally monetizing its sovereignty (the .tv domain) and building its anti-money-laundering framework, an APG member since 2023

Tuvalu, one of the smallest and most remote states in the world —nine atolls, about 26 km² and around 11,000 people—, is an atypical case in this record: unlike other Pacific microstates, it has not been involved in money-laundering scandals nor does it appear on the FATF or European Union lists, and it shows low levels of crime and corruption. Its economy rests on fishing (selling licenses to foreign fleets), remittances, international aid, the Tuvalu Trust Fund and, above all, a singular and legal way of monetizing its sovereignty: leasing its '.tv' internet domain. Assigned in 1995, that suffix became valuable as the global abbreviation for 'television' and streaming platforms like Twitch (twitch.tv) popularized it; after contracts with a Canadian investor and with VeriSign, in 2022 Tuvalu signed a deal with GoDaddy that brings it about 10 million dollars a year, around a sixth of its GDP (the domain's first revenues even paid its UN membership fee in 2000). The country's challenge is not a major laundering case but capacity-building: as a tiny, cash-based jurisdiction, it is vulnerable to the loss of correspondent banking relationships (de-risking) and must build its anti-money-laundering regime almost from scratch. Along those lines, Tuvalu moved from observer (2014) to full member of the Asia/Pacific Group on Money Laundering (APG) in July 2023, committed to criminalizing money laundering and establishing confiscation measures, adopted a national action plan and created a Transaction Tracking Unit within the Tuvalu Police Force for suspicious-transaction reports; it has not yet undergone a mutual evaluation. Tuvalu has no central bank of its own and uses the Australian dollar.

February 20, 2020 TT confirmed

Trinidad and Tobago: first Caribbean country removed from the FATF grey list (2020)

Trinidad and Tobago was placed on the FATF grey list in November 2017 and became, on February 20, 2020, the first member of the Caribbean Financial Action Task Force (CFATF) to be removed from it. The listing stemmed from its fourth-round mutual evaluation: the country was the first CFATF member to undergo that review (on-site visit in January 2015) and the report, published in June 2016, rated its regime against money laundering and terrorist financing as unsatisfactory, with numerous deficiencies. To exit, the government —led by Prime Minister Keith Rowley and Attorney General Faris Al-Rawi— enacted 23 laws against money laundering and terrorist financing and demonstrated progress in 22 areas, including international cooperation, transparency over companies' beneficial owners, money-laundering investigations, prosecutions and convictions, confiscation and forfeiture applications, and the creation of specialized financial-crime courts; the FATF carried out a two-day on-site visit in early January 2020 and, at its Paris plenary, found that the country had strengthened the effectiveness of its regime and met its action plan. After the exit, Trinidad and Tobago remained under CFATF follow-up. The country, the eastern Caribbean's main energy economy, carries a record of high-profile cases —from the corruption scandal over the construction of Piarco airport, with judicial ramifications in the US, to the 2009 collapse of the CL Financial/CLICO financial conglomerate, which required a costly public bailout. Supervision rests with the Central Bank of Trinidad and Tobago (CBTT), the financial intelligence unit (FIUTT) and the National Anti-Money Laundering Committee (NAMLC), with the country a member of CFATF.

November 30, 2022 AU confirmed

Australia: AUSTRAC seeks record AU$400M penalty against The Star for laundering via junkets (Suncity)

On November 30, 2022, AUSTRAC commenced civil penalty proceedings in the Federal Court of Australia against The Star Pty Limited and The Star Entertainment QLD Limited for 'serious and systemic' breaches of the AML/CTF Act between 2016 and 2020. According to AUSTRAC, Star facilitated money laundering through 117 high-risk patrons, especially via the junket operator Suncity — linked to Chinese organised crime and its former chairman Alvin Chau, arrested in Macau in 2021: Suncity junkets alone moved about AUD 11.8 billion in Sydney and AUD 2.9 billion in Queensland. At the June 2025 hearing, before Justice Cameron Moore, AUSTRAC sought a record AUD 400 million (~USD 260 million) penalty; Star — whose Sydney and Queensland licenses are suspended and which in April 2025 accepted a AUD 300 million Bally's bailout — warned a penalty above AUD 100 million would threaten its survival. AUSTRAC's final penalty figure was not confirmed as of this entry's cutoff (June 2026).

December 8, 2021 SV confirmed

El Salvador: OFAC sanctions Bukele officials for corruption and a secret pact with the gangs

On December 8, 2021, the US Treasury's OFAC sanctioned, under Executive Order 13818 (Global Magnitsky Act), two senior officials of President Nayib Bukele's government —Osiris Luna, head of the prison system and Vice Minister of Justice and Public Security, and Carlos Marroquín, head of the Social Fabric Reconstruction Unit— and Luna's mother, Alma Meza, in an action framed around the nexus between public corruption and organized crime. According to the Treasury, Luna and Marroquín organized secret meetings with incarcerated leaders of the MS-13 and Barrio 18 gangs: in 2020, the Bukele administration allegedly offered financial incentives and privileges —mobile phones, among others— in exchange for keeping homicides low, and gang members allegedly agreed to politically support the president's party, Nuevas Ideas, which in 2021 won a two-thirds majority in the legislature. The Treasury also accused Luna and his mother of a scheme to steal and resell staple goods intended for COVID-19 relief. The next day, OFAC added Bukele's chief of cabinet, Carolina Recinos, over an alleged multi-million-dollar scheme of irregular medical-supply purchases during the pandemic. Bukele vigorously denied having negotiated with the gangs and called the accusations an 'obvious lie' and 'absurd', saying that for Washington only 'absolute submission or nothing' will do; those named did not respond to the accusations and face no criminal charges in El Salvador. The case rested on investigations by the outlet El Faro and by an anti-corruption prosecutorial unit that was later dismantled. Financial supervision rests with the Central Reserve Bank (BCR), the Financial System Superintendence (SSF) and the Financial Investigation Unit (UIF) of the Attorney General's Office, with El Salvador —the first country to adopt bitcoin as legal tender in 2021— a member of GAFILAT.

October 11, 2019 SS confirmed

South Sudan: OFAC sanctions the oil kleptocracy; The Sentry documents billions looted

The main illicit-finance focus in South Sudan is the kleptocracy that, according to international investigations and sanctions, drained the oil wealth of the world's youngest country. On October 11, 2019, the US Treasury's OFAC sanctioned, under Executive Order 13818 (Global Magnitsky Act), two businessmen close to power —the Sudanese Ashraf Seed Ahmed, known as 'Al-Cardinal', and the South Sudanese Kur Ajing Ater— for bribery, kickbacks and procurement fraud with senior government officials, along with six of their companies. According to the Treasury, a senior South Sudanese official used Al-Cardinal as an intermediary to deposit and hold large sums abroad, and began using one of his companies' accounts to store personal funds after the 2017 designation of another businessman in the presidential circle, Benjamin Bol Mel. The Sentry investigative group —co-founded by actor George Clooney— has documented in its 'The Taking of South Sudan' series how the elite that led independence hijacked the institutions, looted resources and unleashed in 2013 a civil war financed with oil revenues, laundering the money through luxury real estate abroad, banks and shell companies; according to its reports, the sanctioned individuals kept evading the measures by registering companies in relatives' names to keep winning public contracts in dollars, some worth more than a billion. Domestic financial supervision rests with the Bank of South Sudan (BoSS), in a state with fragile institutions and weak anti-money-laundering capacity. The designations reflect the position of the Treasury and of the investigators; those named and the government routinely reject external accusations.

October 24, 2025 ZA confirmed

South Africa: FATF removes South Africa from grey list Oct 2025 — Zuma state capture + Bain & Company scandal

On October 24, 2025, the FATF removed South Africa from the grey list after it completed its action plan; it had been listed in February 2023, partly over weaknesses in investigating and prosecuting financial crime that lingered after the 'state capture' era documented by the Zondo Commission. It exited alongside Burkina Faso, Mozambique and Nigeria — four removals, no additions. The FATF credited improvements in money-laundering investigations and prosecutions, targeted financial sanctions and inter-agency cooperation. Per an IMF study (WP/21/153), grey-listing cuts capital inflows by about 7.6% of GDP; the exit eases compliance costs and de-risking on the continent's largest financial economy. FinCEN confirmed the update on November 21, 2025.

December 7, 2022 GT confirmed

Guatemala: the La Línea case — former president Pérez Molina, convicted of corruption and, in another case, of money laundering

The La Línea case is the most emblematic of Guatemala's anti-corruption fight. Investigated by the Public Prosecutor's Office and the International Commission against Impunity in Guatemala (CICIG, UN-backed) together with the Special Prosecutor's Office against Impunity (FECI), it revealed in April 2015 a customs-fraud network that charged bribes to let goods through without full payment of taxes. The scandal triggered mass protests and brought down the presidential binomial of Otto Pérez Molina (president 2012-2015) and Vice President Roxana Baldetti, who resigned and were jailed. On December 7, 2022, the High-Risk Court B sentenced them to 16 years in prison for criminal association and customs fraud, with multimillion-quetzal fines; in October 2024, an appeals chamber upheld the sentences. In a separate case — that of the Quetzal Container Terminal (TCQ) — Pérez Molina was sentenced in September 2023 to eight years, of which three and a half for money laundering and other assets, for administering about USD 38 million in illicit commissions. The country's financial intelligence unit is the Special Verification Intendancy (IVE), within the Superintendency of Banks (SIB); banking and monetary supervision rests with the Bank of Guatemala (Banguat) and the country is a GAFILAT member. The end of the CICIG's mandate in 2019 and the exile of anti-corruption prosecutors have marked a setback in the prosecution of these crimes, in a country that is also a drug-trafficking transit corridor.

June 21, 2019 RS confirmed

Serbia: exit from the FATF grey list (2019) and the debate over the use of anti-money-laundering tools

Serbia was placed on the FATF grey list on February 22, 2018 over strategic deficiencies in its system against money laundering and terrorist financing, and left it on June 21, 2019, at the Orlando plenary. To achieve that, the country completed an action plan with intensive reform: twelve laws and more than sixty bylaws and guidelines came into force, including a new Law on the Prevention of Money Laundering and Terrorist Financing and amendments to the Criminal Code that better defined the money-laundering offence, and institutions were created or restructured, such as the Games of Chance Directorate. The FATF found high-level political commitment and institutional capacity, and after the exit Serbia came under the enhanced follow-up of MONEYVAL, the Council of Europe body. The country's financial intelligence unit is the Administration for the Prevention of Money Laundering (APML), under the Ministry of Finance, alongside the National Bank of Serbia (NBS). The use of these tools, however, sparked controversy: in 2020, the APML sent banks a request for information on dozens of civil-society organizations, media and activists —the so-called 'List'—, which prompted the intervention of UN special rapporteurs and MONEYVAL's review of the matter, which recalled that FATF Recommendation 29 does not cover non-selective requests for data for strategic analyses. The Serbian government argued that the APML's only motive was to support a risk analysis. The episode illustrates the tension between strengthening anti-money-laundering efforts and protecting freedoms of expression and association, in a country that is a European Union candidate.

February 17, 2026 WS confirmed

Samoa: offshore tax haven on the EU blacklist since 2017, removed in 2026 after abolishing its offshore regime

Samoa, a small Pacific island state, has for years been one of the offshore financial centers flagged by the international community. It appeared on the European Union's blacklist of non-cooperative tax jurisdictions from its first edition, in December 2017, and stayed on it almost without interruption, mainly due to a harmful preferential tax regime —its 'Offshore Business' system— and doubts about the facilitation of offshore structures without real economic activity. Inclusion on that list, which assesses tax transparency, fair taxation and measures against base erosion and profit shifting (BEPS), exposes jurisdictions to defensive measures by EU member states and enhanced reporting obligations. After several years of dialogue and commitments, Samoa abolished its preferential offshore regime in January 2026, and on February 17, 2026 the EU Council removed it from the blacklist —along with Fiji and Trinidad and Tobago—, considering that it now complied with all agreed international standards. It is worth distinguishing Samoa (an independent state) from neighboring American Samoa, a US territory that remains on the list. The country's financial supervision rests with the Central Bank of Samoa (CBS), the financial intelligence unit and the Samoa International Finance Authority (SIFA), with Samoa a member of the APG.

May 19, 2019 SA confirmed

Saudi Arabia: SAMA sanctions 16 financial entities in 2019 over responsible finance principle breaches

The Saudi Arabian Monetary Authority (SAMA, renamed Saudi Central Bank in 2020) confirmed in May 2019 sanctions on 16 financial institutions, including a major Emirati bank operating in the kingdom, for violations of 'responsible finance principles'. SAMA did not specify individual amounts or concrete infractions, in contrast to the transparency of UK FCA, NYDFS or CBUAE. The authority required them to 'correct the violations'. Saudi Arabia joined as the first Arab member country of FATF in 2019. Saudi AML Law provides for penalties of up to 10 years prison and fines up to SAR 5M for natural persons (Article 26 of Cabinet Decision No. 80/1439), rising to SAR 7M in aggravated cases, and up to SAR 50M or double the funds involved for legal persons (Article 27). The supervisor maintains a more opaque approach than its Western peers but has intensified inspections after FATF membership.

February 20, 2025 RW confirmed

Rwanda: the US sanctions a minister and the military leadership over backing M23 and smuggling DRC minerals

The main focus of sanctions and illicit finance on Rwanda is its role in the conflict in eastern Democratic Republic of the Congo (DRC) and the mineral smuggling that finances it. On February 20, 2025, the US Treasury's OFAC sanctioned, under Executive Order 13413, James Kabarebe, Rwanda's Minister of State for Regional Integration and a former general, whom it described as the Rwandan government's liaison to M23 —an armed group backed by Kigali and designated by the US and the UN— and as managing much of the revenue that both derive from Congolese mineral resources, coordinating the extraction and smuggling of DRC minerals for export from Rwanda. In the same action it designated M23's spokesperson, Lawrence Kanyuka Kingston, and two of his companies registered in the United Kingdom and France. The measure came after M23 and the Rwanda Defence Force (RDF) captured Goma (January 27) and Bukavu (February 16, 2025), and the Rubaya mining hub, one of the world's largest coltan reserves. The Treasury stresses that eastern DRC minerals —gold, coltan, tin, tungsten— are smuggled through Rwanda before reaching refiners, fueling the conflict. In August 2025 OFAC expanded sanctions to illegal mining networks in Rubaya, and on March 2, 2026 it took an unprecedented step by sanctioning the RDF itself and four senior commanders, tying the action to violations of the DRC-Rwanda peace agreement signed in June 2025. Rwanda's government rejects the allegations of backing M23: it maintains that its priority in the DRC is to neutralize the FDLR militia —which it considers a genocidal threat linked to the perpetrators of the 1994 genocide— and calls the international measures politicized. Domestic financial supervision rests with the National Bank of Rwanda (BNR) and the financial intelligence unit, with Rwanda a member of ESAAMLG.

March 3, 2017 RU confirmed

Russia: Bank of Russia's 'Potemkin Operation' (2013-2019) shut down ~500 banks for laundering and fraud

The Bank of Russia, under Governor Elvira Nabiullina (appointed by Putin in 2013), executed between 2013 and 2019 the largest banking cleanup in Russian history, reducing the country's bank count from approximately 900 to 400 (~500 licenses revoked). Deputy Governor Vasily Pozdyshev described many of the closed entities as 'Potemkin enterprises' —a reference to the fake villages nobleman Grigory Potemkin built in the 18th century to impress Empress Catherine the Great— for their role as fronts for laundering, fraud, and financial report falsification. The paradigmatic case was Tatfondbank PJSC (Russia's 42nd-largest bank) in March 2017, closed after rescue efforts collapsed amid fraud evidence. A previous cleanup attempt from 2006 was slowed after the murder of central banker Andrei Kozlov, who led the anti-money-laundering campaign. The cleanup strengthened large Russian banks (Sberbank, VTB) with clients from closed ones. After Russia's invasion of Ukraine in February 2022, OFAC + UK + EU + Canada imposed SDN sanctions on Sberbank, VTB, Alfa-Bank, Gazprombank, Rosbank, Otkritie, Novikombank, Sovcombank and many others, freezing >$300B in Russian financial sector assets in the West.

May 31, 2023 QA confirmed

Qatar: a solid FATF evaluation (2023), first MENA country with high compliance, with terrorist financing as the weak spot

The mutual evaluation by the FATF and its regional arm MENAFATF on Qatar, published on May 31, 2023 (adopted by the FATF in February and by MENAFATF in May, after an on-site visit between June and July 2022), produced a notably positive result: the body rated 32 of the 40 technical recommendations as 'compliant' and the other 8 as 'largely compliant', making Qatar the first country in the Middle East and North Africa with a high level of compliance with all 40 recommendations at this stage. On effectiveness, Qatar achieved substantial or moderate levels in 10 of the 11 outcomes, with a single weak spot: the criminal investigation and prosecution of terrorist financing. The FATF highlighted as strengths a robust legal framework —Law 20 of 2019 against money laundering and Law 27 of 2019 on counter-terrorism—, a strong, well-equipped financial intelligence unit (QFIU), the risk-based supervision of the Qatar Central Bank (QCB), the Financial Centre Regulatory Authority (QFCRA) and the Markets Authority (QFMA), and effective confiscation of criminal assets. Among the pending improvements it flagged international cooperation, preventive measures and supervision of designated non-financial businesses and professions, the transparency of legal persons and proliferation-financing sanctions. The country faces a notable terrorist-financing risk —its citizens are targeted by fundraising campaigns at home and abroad. The evaluation came after years in which Qatar simultaneously managed the blockade by its Gulf neighbors (2017-2021), the pandemic and the 2022 football World Cup. In parallel, the country has rejected the allegations of the so-called 'Qatargate', the alleged corruption scheme in the European Parliament uncovered in late 2022, in which Belgian justice is investigating MEPs and lobbyists and which Qatar denies. Supervision rests with the QCB, the QFIU and the National Anti-Money Laundering Committee (NAMLC).

February 13, 2026 PG confirmed

Papua New Guinea: the FATF returns the country to the grey list (2026) over a lack of prosecutions and confiscations

On February 13, 2026, the FATF placed Papua New Guinea on its grey list of increased monitoring, at the plenary held in Mexico City, together with Kuwait. It marked the country's return to a list it had left in 2016, after a first listing in 2014: a cycle analysts attribute to reactive, form-only reforms. The decision was based on the Asia/Pacific Group on Money Laundering (APG) mutual evaluation, adopted in September 2024, which found that although PNG had improved on technical compliance, it failed on effectiveness: a shortage of investigations, prosecutions and convictions for money laundering and terrorist financing, insufficient supervision of high-risk sectors (non-bank entities and designated non-financial businesses and professions), weak beneficial-ownership transparency, few asset confiscations and poor inter-agency coordination. PNG made a high-level political commitment —Prime Minister James Marape conveyed it to the FATF— and agreed a seven-point action plan: improving risk understanding and endorsing the National AML/CFT/CPF Strategic Plan, seeking international cooperation to trace assets abroad, strengthening risk-based supervision of banks, FX dealers and designated professions, increasing money-laundering investigations and convictions, increasing freezes and confiscations, training authorities on proliferation sanctions and addressing technical deficiencies (the money-laundering offence, terrorist financing, politically exposed persons and suspicious-transaction reporting). The challenge is significant in an economy based on extractive industries (mining, petroleum, logging and fishing), with a record of few corruption convictions. Supervision rests with the Bank of Papua New Guinea (BPNG) and its financial intelligence unit, FASU, within a National Coordinating Committee; the first progress report is due in September 2026. PNG is a member of the APG.

February 4, 2020 PE confirmed

Peru: SBS applied only 17 AML sanctions on banks in two decades (2002-2020)

Peru's Superintendency of Banks, Insurance, and Pension Fund Administrators (SBS), through the Financial Intelligence Unit (UIF-Peru), applied only 17 sanctions in two decades (between 2002 and February 4, 2020) on 10 Peruvian banks: 15 fines totaling S/1.5 million (~$530,000 USD) and 2 reprimands. An extraordinarily low figure compared to equivalent jurisdictions (Chile UF 4,155 in a single year; Colombia 98 sanctions in 5 years). The Ojo Público outlet uncovered the figure when revealing that SBS had permitted the operation of the Reactiva Peru Plan during the COVID pandemic for persons under investigation in Lava Jato and Panama Papers cases. Superintendent Sergio Espinosa announced in October 2024 plans to raise the maximum fine ceiling from S/1 million to S/25.7 million (5,000 UIT), citing OECD and Basel Committee recommendations describing the current amount as 'a limitation to supervisory powers'. SBS does not publish the names of sanctioned banks on its website (unlike the UK FCA or NYDFS).

January 26, 2023 PY confirmed

Paraguay: the US sanctions (Magnitsky) former president Horacio Cartes for corruption, then delists him in 2025

On January 26, 2023, the US Treasury's OFAC sanctioned, under the Global Magnitsky Act (Executive Order 13818), former Paraguayan president Horacio Manuel Cartes Jara (2013-2018) and then-vice president Hugo Velázquez for their involvement in corruption that, per the Treasury, undermines the country's democratic institutions, and designated four companies owned by Cartes (Tabacos USA, Bebidas USA, Dominicana Acquisition and Frigorífico Chajha). The Treasury alleged he paid up to USD 10,000 to each party member to back his 2013 candidacy, monthly bribes of USD 5,000 to 50,000 to legislators in exchange for loyalty and a USD 1 million pledge in 2017 to buy votes for a constitutional reform to seek re-election, as well as obstructing a transnational criminal investigation; it added that both Cartes and Velázquez had ties to members of Hizballah, a terrorist organization for Washington that, per OFAC, held meetings in Paraguay where favors and contracts were arranged. The action followed visa restrictions the State Department had already imposed on Cartes in July 2022 for 'significant corruption'. In March 2023, OFAC identified Tabacalera del Este (Tabesa), the country's largest tobacco producer, as controlled by Cartes —who sold his shares for about USD 120 million— and in August 2024 it re-designated the firm for continuing to pay him millions despite the sale; Tabesa's management called the measure 'abuse of power'. Cartes always denied the allegations. On October 6, 2025, OFAC removed Cartes and his four companies from the sanctions list, without detailing its reasons, in a decision welcomed by President Santiago Peña —a Cartes ally, now leader of the ruling Colorado Party. The country's financial supervision rests with the Central Bank of Paraguay (BCP) and the Secretariat for the Prevention of Money Laundering (SEPRELAD), in a country whose Tri-Border Area with Brazil and Argentina is a historic hub of smuggling and laundering; Paraguay is a member of GAFILAT.

June 28, 2024 PA confirmed

Panama: Panama Papers — all 28 defendants acquitted in Jun 2024, but the firm closed in 2018

On June 28, 2024, Judge Baloísa Marquínez of Panama's Second Liquidator Court for Criminal Cases of the First Judicial Circuit acquitted all 28 defendants in the Panama Papers case, including Jürgen Mossack, co-founder of the Mossack Fonseca firm (Ramón Fonseca had died in May). The prosecution had requested 12 years prison —the maximum for money laundering in Panama— for the creation of offshore shell companies linked to the Lava Jato/Odebrecht scandal. The judge determined that the evidence obtained in the firm's raid (2016) 'did not comply with chain of custody', casting doubt on 'its authenticity and integrity'. The Lava Jato case consolidated with Panama Papers (31 additional defendants) also ended in acquittal. The 11.5 million leaked documents to the Süddeutsche Zeitung and the International Consortium of Investigative Journalists (ICIJ) in 2016 triggered the resignation of Iceland's prime minister, scrutiny on Macri (Argentina), Cameron (UK), Messi, Putin, Almodóvar, and many more. Mossack Fonseca closed in 2018. Prosecutors appealed the ruling. In June 2022, Mossack, Fonseca and 37 people had been acquitted in an earlier money laundering case. A paradigmatic case of the offshore jurisdiction problem and the difficulty of criminally prosecuting transnational operators even with massive documentation.

October 21, 2022 PK confirmed

Pakistan: FATF removes Pakistan from grey list Oct 2022 — LeT/JeM terror finance + Khan-Sharif crisis

On **October 21, 2022**, FATF removed Pakistan from the grey list ('Jurisdictions under Increased Monitoring') after **4 years of monitoring** (included in June 2018, one of the longest stays in FATF grey list history). The exit was the result of massive AML/CFT reforms, including cracking down on terrorist financing networks. The **State Bank of Pakistan (SBP)** and the Financial Monitoring Unit (FMU) supervise the Pakistani banking sector under the framework of the Anti-Money Laundering Act 2010. Pakistan (240M inhabitants, 5th most populous country in the world, capital Islamabad) has been historically accused of **harboring terrorist organizations** with financial connections: **Lashkar-e-Taiba (LeT)** — organization responsible for November 2008 Mumbai attacks (166 deaths, leader Hafiz Saeed UN + US SDN sanctioned, sentenced 33 years Pakistan in 2022 finally); **Jaish-e-Mohammed (JeM)** — attacked Indian parliament December 2001 + Pulwama bombing February 2019 (40 Indian paramilitaries killed); **Pakistan Taliban (TTP)** — attacked Army Public School Peshawar December 2014 (132 children killed); **Haqqani Network** — historical ties with ISI (Pakistan intelligence). Pakistan faced **massive political crisis 2022-2024**: PM **Imran Khan** (PTI, former cricket captain, PM 2018-2022) **ousted in vote of no confidence on April 9, 2022** — first time in Pakistani history a PM is removed via VoNC. **Khan arrested May 2023** on multiple charges (Toshakhana case, Pandora Papers, cipher case) — sentenced **3 years Toshakhana May 2023** (Aleema Khan cooperated), **10 years cipher case January 2024**, **14 years corruption case January 2024**. **Shehbaz Sharif** (PML-N, Nawaz Sharif's brother) PM coalition government 2022-2023 → reelected 2024. Pakistan has faced severe economic crisis 2022-2024 (Khan ouster + Sharif governance + IMF $3B program). The banking sector is concentrated in: National Bank of Pakistan (NBP), Habib Bank (HBL), United Bank (UBL), MCB Bank, Bank Alfalah. Pakistan is an APG member.

January 16, 2026 OM confirmed

Oman: the sultanate as a node in the Iran and Houthi sanctions-evasion networks targeted by OFAC

Because of its geography —facing Iran and beside the Strait of Hormuz, through which much of the world's oil passes—, the Sultanate of Oman recurrently appears as a transit point and home to companies in the sanctions-evasion networks that move Iranian oil and finance Yemen's Houthis. On January 16, 2026, the US Treasury's OFAC designated 21 individuals and entities that transferred oil, procured weapons and provided financial services to Ansarallah (the Houthis), a terrorist organization for Washington, and located part of those front companies and facilitators in Yemen, Oman and the United Arab Emirates. A week later, in late January 2026, the Treasury designated the Omani company Black Stone Oil and Gas, operator of a vessel that transported Iranian liquefied gas to Pakistan and Somalia in 2025, as part of its 'maximum pressure' campaign against Iran's shadow fleet. These measures do not target Oman's government, which maintains a regional mediator role and cooperates on financial matters —it is a member of the Terrorist Financing Targeting Center (TFTC) alongside the US and the rest of the Gulf—, but rather companies based in or transiting its territory that fit into smuggling schemes. Domestically, supervision rests with the Central Bank of Oman (CBO), the National Centre for Financial Information (NCFI) as the financial intelligence unit, and the Capital Market Authority, with Oman a member of MENAFATF.

October 24, 2025 NG confirmed

Nigeria: exit from the FATF grey list (2025) after completing a 19-point action plan

Nigeria was placed on the FATF grey list in February 2023 —at the same plenary that removed Morocco— and left it on October 24, 2025, at the Paris meeting, together with Burkina Faso, Mozambique and South Africa. The listing stemmed from strategic deficiencies in its regime against money laundering, terrorist financing and proliferation financing: regulatory gaps, lack of transparency over beneficial owners, supervision insufficiently based on risk, and weak effectiveness in the investigation and prosecution of financial crimes. The country made a high-level political commitment to the FATF and GIABA and carried out a 19-point action plan over some two years, coordinated by the Financial Intelligence Unit (NFIU) and involving the central bank (CBN), the Economic and Financial Crimes Commission (EFCC), the anti-corruption commission (ICPC), the corporate registry (CAC), customs and the anti-drug agency (NDLEA), among others. The FATF congratulated Nigeria for completing the plan within the agreed timeframes, and President Bola Tinubu welcomed the exit as a milestone of his economic reform agenda. Financial supervision rests with the Central Bank of Nigeria and the NFIU. The country carries a long record on financial integrity —from the recovery of more than USD 4 billion looted by dictator Sani Abacha to the 2024 detention of executives of the cryptocurrency platform Binance— but the grey-list exit restores part of international confidence in its system.

November 27, 2018 NI confirmed

Nicaragua: OFAC sanctions Ortega/Murillo regime since 2018 — 80+ designations for human rights violations

On November 27, 2018, OFAC began the systematic designation of the Daniel Ortega/Rosario Murillo regime under Executive Order 13851 (Nicaragua Human Rights and Anticorruption Act), after the brutal repression of student protests in April 2018 (~325 deaths, 2,000+ injured according to IACHR). Designations cover Rosario Murillo (Vice President and Ortega's wife), Laureano Ortega Murillo (son, former presidential advisor), Roberto Rivas Reyes (former CSE responsible for fraudulent elections 2016 and 2021), Néstor Moncada Lau (former CSE), Francisco Díaz Madriz (Director of Police), Néstor Moncada Lau (Chief of Intelligence), among **80+ individuals** designated between 2018-2025. The Biden administration added broader sanctions in 2021-2024 via the Renacer Act (Reinforcing Nicaragua's Adherence to Conditions for Electoral Reform Act). In February 2023, OFAC designated Mining Company DNP (Difícil Negocio Petrolero) for generating revenues for the regime via mining licenses. In September 2023, sanctions against General Directorate of Mines (DGM). Repression continues: closure of 5,000+ NGOs (including the Jesuit Central American University UCA in August 2023), massive denationalization of 222 opposition figures in February 2023 (historic operation) followed by release of political prisoners exiled to the US, mass exiles of journalists, expulsion of Vatican. The Nicaraguan banking sector is dominated by: Banco Lafise Bancentro, Banco de la Producción (Banpro), BAC Credomatic Nicaragua, Banco de América Central (BAC). Nicaragua is a GAFILAT member.

February 21, 2025 NP confirmed

Nepal: the FATF returns the country to the grey list (2025) over failures in cooperatives, real estate and financial-crime prosecution

On February 21, 2025, the FATF returned Nepal to its grey list of increased monitoring, at the Paris plenary held together with Laos and at the same meeting that removed the Philippines. It marked the country's return to a list it had already left in 2014, after having been flagged since 2008. The decision followed the mutual evaluation by the Asia/Pacific Group on Money Laundering (APG), adopted in August 2023 based on an on-site visit in December 2022, which found weaknesses in the application, investigation and prosecution of financial crimes and insufficient regulation of high-risk sectors such as cooperatives, real estate, casinos and designated non-financial businesses and professions. The APG concluded that Nepal had not demonstrated full effectiveness in any of the standard's eleven effectiveness indicators. Nepal made a high-level political commitment to the FATF and APG and agreed a two-year action plan, divided into five four-month phases; pending tasks include improving risk understanding, risk-based supervision of banks, cooperatives, casinos and real estate, and the identification and sanctioning of illegal money- or value-transfer (hundi) providers. The challenge is significant in a country where the cooperative sector has been at the center of major fraud scandals. After the listing, suspicious-transaction reports rose more than 30%, and Nepal remained under monitoring in 2026, with progress described as limited. Supervision rests with the central bank (Nepal Rastra Bank) and its financial intelligence unit, with the Department of Money Laundering Investigation (DMLI) in charge of inquiries; Nepal is a member of the APG.

February 1, 2019 ET confirmed

Ethiopia: exited the FATF grey list (2019) and opened its closed economy with the birr float (2024)

Ethiopia submitted its anti-money-laundering regime to its first mutual evaluation, conducted jointly by the World Bank and the Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG, headquartered in Dar es Salaam), with an on-site visit in April 2014 and adopted on June 5, 2015. The FATF had placed the country on its list of jurisdictions with strategic deficiencies; after developing an action plan and fixing the gaps, Ethiopia exited that list in February 2019. In its successive follow-up reports (the latest, in 2022), it reached 11 Recommendations rated 'compliant' and 25 'largely compliant' of the FATF's 40, though its effectiveness remains limited. The financial intelligence unit is the Financial Intelligence Center (FIC) and sector supervision rests with the National Bank of Ethiopia (NBE). The context is that of a long-closed, state-controlled financial system that has begun to liberalize: in July 2024, under an IMF program, Ethiopia floated the birr and opened its foreign-exchange market, a shift that widens opportunities but also money-laundering and illicit-flow risks, in an economy still heavily cash-based and with a significant role for hawala. Africa's second most populous nation also faces the effects of the Tigray war (2020-2022) and corruption challenges.

February 23, 2024 NA confirmed

Namibia: FATF adds Namibia to grey list in Feb 2024 — uranium + diamonds + Hage Geingob legacy

On **February 23, 2024**, FATF added Namibia to the grey list ('Jurisdictions under Increased Monitoring'), alongside Kenya, after MONEYVAL/ESAAMLG evaluation. Identified deficiencies include: limited effectiveness in risk-based DNFBP supervision, weaknesses in complex AML case investigation, lack of beneficial ownership transparency. The **Bank of Namibia (BoN)** and the Financial Intelligence Centre (FIC) supervise the banking sector under the framework of the Financial Intelligence Act 13/2012 (amended 2018, 2023). Namibia (2.7M inhabitants, capital Windhoek), former German colony until WWI, former Apartheid Southwest Africa until independence 1990, has governed under **SWAPO** (South West Africa People's Organisation) since 1990 — de facto single party. President **Hage Geingob died on February 4, 2024** (succeeded by **Nangolo Mbumba** interim + **Netumbo Nandi-Ndaitwah** elected president Nov 2024, first woman president of Namibia + Southern Africa). Specific Namibian AML risks: **uranium** (Namibia is the world's 2nd uranium producer — Rössing/Husab/Langer Heinrich mines), **diamonds** (Namdeb joint venture with De Beers — marine diamonds via dredging), fishing (Walvis Bay), exposure to Angola-South Africa diamond corridor. The **Fishrot scandal** (2019-present) revealed massive bribes by **Samherji** (Iceland) to Namibian officials for horse mackerel fishing quotas — case with repercussions in Iceland (case FME Iceland (2024)). The banking sector is concentrated in: First National Bank Namibia (FNB), Standard Bank Namibia, Bank Windhoek (Capricorn Group), Nedbank Namibia. Namibia is an ESAAMLG member.

October 21, 2022 MM confirmed

Myanmar: FATF adds to blacklist in Oct 2022 — one of only 3 countries on blacklist alongside DPRK and Iran

On October 21, 2022, the Financial Action Task Force (FATF) added Myanmar to its blacklist ('High-Risk Jurisdictions subject to a Call for Action'), after failing to implement its action plan by October 2022 and not making significant progress in addressing the strategic deficiencies identified in the 2018 Mutual Evaluation Report. Myanmar became the third country on the blacklist along with North Korea and Iran, the only countries subject to mandatory 'enhanced customer due diligence' by all FATF jurisdictions. Unlike DPRK and Iran, Myanmar does not face direct countermeasures (sanctions), although member state financial institutions must apply reinforced CDD. Key factors: February 2021 military coup that overthrew Aung San Suu Kyi's civilian government, institutional deterioration, unregulated casino industry (allegedly operated by Chinese nationals in collaboration with local militias — linked to crypto scams, human trafficking in Shwe Kokko and other compounds), cross-border trafficking, massive wildlife trafficking, timber trafficking. The Central Bank of Myanmar (CBM) acknowledged the designation but protested that Myanmar 'is not in the same position' as DPRK and Iran. In February 2025 and October 2025, FATF reiterated that Myanmar remains on blacklist until completing the action plan. Direct connection with Huione Group and Prince Group cases designated as TCOs by OFAC in October 2025.

October 24, 2025 MZ confirmed

Mozambique: FATF removes from grey list in Oct 2025 along with Burkina Faso, Nigeria and South Africa

On October 24, 2025, the FATF removed Mozambique from the grey list after it completed its action plan; it had been listed in October 2022. It exited alongside Burkina Faso, Nigeria and South Africa — four removals and no additions. The FATF recognized the country's progress in remedying the AML/CFT deficiencies behind its listing, a process shaped by the legacy of the 'hidden debt' scandal (about USD 2 billion in loans secretly taken on by state-owned firms between 2013 and 2016, tied to Credit Suisse and VTB). The Bank of Mozambique welcomed the exit as recognition of its reformed prevention regime. Per the IMF (WP/21/153), grey-listing cuts capital inflows by about 7.6% of GDP. FinCEN confirmed the update on November 21, 2025.

February 24, 2023 MA confirmed

Morocco: exit from the FATF grey list (2023) after completing a 15-point action plan

Morocco was placed on the FATF grey list in February 2021 and removed from it at the plenary of February 24, 2023, together with Cambodia and at the same meeting that added South Africa and Nigeria. The listing stemmed from strategic deficiencies in its anti-money-laundering and counter-terrorist-financing regime; the kingdom made a high-level political commitment to the FATF and MENAFATF and carried out an action plan centered on improving international cooperation mechanisms, strengthening AML/CFT supervision, increasing transparency over the beneficial owners of legal persons, expanding the financial intelligence unit's capacities, improving money-laundering investigation and the confiscation of criminal proceeds, and making the targeted financial sanctions regime more effective. At its October 2022 plenary, the FATF determined that Morocco had substantially completed the plan and authorized an on-site visit to verify implementation. After the exit, the European Commission also removed Morocco from its list of high-risk third countries. The supervisory architecture comprises the central bank (Bank Al-Maghrib), the National Financial Intelligence Authority (ANRF) as the FIU, and the markets (AMMC) and insurance (ACAPS) regulators; Morocco is a member of MENAFATF and, per its latest evaluation, was compliant or largely compliant with 34 of the FATF's 40 recommendations. Money-laundering convictions rose from 74 in 2021 to 134 in 2024.

July 17, 2023 MN confirmed

Mongolia: FATF recognizes compliance in 9 + largely compliant in 31 recommendations (APG Jul 2023)

In July 2023, during the 26th annual meeting of the Asia/Pacific Group on Money Laundering (APG), Mongolia obtained international recognition that it has created the complete legal framework, reflected requirements in legislation, and improved the regulatory environment per the 40 FATF Recommendations: 9 'Compliant' + 31 'Largely Compliant'. Mongolia was added to FATF grey list between 2011-2013 and again between 2019-2020, definitively exiting in October 2020 after completing the action plan. Mongolia's follow-up team, led by B. Solongoo (Deputy Minister of Justice), includes representatives from Bank of Mongolia, Financial Information Unit (FIU), Financial Regulatory Commission (FRC), Prosecutor General's Office, General Intelligence Agency, State Registration Authority and General Tax Department. The legal framework is the 2013 Anti-Money Laundering Law, amended in 2018 and 2021. In 2022, the 'Law on Virtual Asset Service Providers' was drafted aligned with FATF Recommendation 15. In January 2021 it was removed from the EU list of high-risk third countries. Mongolia is a founding member of APG since 2004.

June 28, 2024 MC confirmed

Monaco: the FATF places the Principality on the grey list (2024) over its exposure to cross-border illicit flows

On June 28, 2024, the FATF placed Monaco on its grey list of increased monitoring, at the Singapore plenary. The decision followed the evaluation by MONEYVAL —the Council of Europe body, with a report published on January 23, 2023— which called for 'fundamental improvements' in the effectiveness of supervision, investigation and prosecution of money laundering and in the confiscation of criminal proceeds. MONEYVAL stressed that the Principality faces high money-laundering risks because of its 'internationally oriented' financial activity: it is a potential prime target for cross-border illicit flows, in a pattern where the fraud is committed abroad and the proceeds are laundered in Monaco. Before the listing, the Principality had already made progress on several recommended actions —it created a new combined supervision and financial intelligence authority, the AMSF (Autorité Monégasque de Sécurité Financière, replacing SICCFIN), strengthened terrorist-financing detection, applied targeted financial sanctions and risk-based supervision of associations— and passed nine laws in sixteen months. The action plan agreed with the FATF focuses on better understanding the risk of money laundering and tax fraud committed abroad, sustainably increasing requests to seize criminal assets outside the country, improving the standard of suspicious-transaction reporting and applying effective, dissuasive sanctions; Monaco aims to exit the list by mid-2026. In December 2024, MONEYVAL recognized 'significant progress' and re-rated 15 recommendations upward, to 39 of 40 favorable. Supervision and financial intelligence rest with the AMSF, under the authority of the Minister of State.

November 26, 2021 JP confirmed

Japan: the FSA issues in Nov 2021 a business improvement order to Mizuho over AML failures and forced resignations

Japan's Financial Services Agency (FSA / 金融庁) issued on November 26, 2021 a second business improvement order (gyōsei shobun / 業務改善命令) against Mizuho Bank and its parent Mizuho Financial Group, in the context of eight system failures since February of that year. One failure, on September 30, had involved international remittances without sufficient verifications to prevent money laundering, breaching the Foreign Exchange Law (外国為替法). The Ministry of Finance ordered the bank to take corrective measures under that law. The FSA required Mizuho to 'clarify management responsibility' and 'drastically reform corporate culture'. Mizuho Financial President Tatsufumi Sakai and Bank CEO Koji Fujiwara resigned in April 2022, with mandatory quarterly improvement plans. In fiscal 2024 (Apr 2024-Mar 2025), the FSA inspected 61 institutions and issued 3 AML business improvement orders.

October 21, 2021 MU confirmed

Mauritius: exit from the FATF grey list (2021), a financial center that shielded its reputation

Mauritius, a key financial platform for channeling foreign investment into Africa and India, was placed on the FATF grey list in February 2020 and removed on October 21, 2021. The listing stemmed from strategic deficiencies in its anti-money-laundering and counter-terrorist-financing regime; the two main ones, per the FATF, were the need for the Financial Services Commission (FSC) to supervise its licensees effectively and on a risk basis, and weaknesses in the declaration of the beneficial owners of management companies, along with timely access to that information and training for law enforcement to investigate money laundering. As a result, the European Union added Mauritius to its list of high-risk third countries, effective from October 1, 2020. The government made a high-level political commitment —with a committee headed by the prime minister— and carried out its action plan; the FATF determined in June 2021 that it had substantially completed it, conducted an on-site visit in September and, at its October plenary, removed the country from the list, by then compliant or largely compliant with 39 of the 40 recommendations (with only one partially compliant, linked to virtual assets). The European Commission later removed Mauritius from its list in early 2022. The exit mattered because the listing had damaged the island's credibility as an international financial center; supervision rests with the Bank of Mauritius, the FSC and the financial intelligence unit (FIU), with Mauritius a member of ESAAMLG.

January 21, 2022 MU confirmed

Mauritius: FATF removes Mauritius from grey list in Jan 2022 — Africa offshore hub + Pandora Papers

On January 21, 2022, FATF removed Mauritius (1.3M inhabitants, islands in Indian Ocean, capital Port Louis) from the grey list ('Jurisdictions under Increased Monitoring') after 22 months of monitoring initiated in February 2020. The Bank of Mauritius (BM) and the Financial Services Commission (FSC) supervise the financial sector under the framework of the Financial Intelligence and Anti-Money Laundering Act 2002 (amended in 2018, 2020, 2022). Mauritius is one of the largest offshore hubs in the Indian Ocean and Africa — operates as hub for investments via 'Mauritius route' to India (Double Tax Avoidance Agreement DTAA, renegotiated 2016 to reduce abuse). Specific Mauritian AML risks: Global Business Companies (GBCs) structures attractive to Indian, South African and international investors; historical banking secrecy reduced post-2018 FATF reforms; connections with Pandora Papers ICIJ Oct 2021 (Trident Trust Group, Alcogal, other Mauritian firms implicated); Diego Garcia/Chagos archipelago issue (UK transferring sovereignty to Mauritius October 2024 — pending). The banking sector is concentrated in: MCB Group (Mauritius Commercial Bank, largest), SBM Holdings (State Bank of Mauritius), HSBC Mauritius, Standard Chartered Mauritius, AfrAsia Bank, ABC Banking Corporation. Mauritius is an ESAAMLG founding member and APG observer.

June 27, 2023 ML confirmed

Mali: the Wagner–gold nexus targeted by OFAC, which sanctions facilitators and Malian officials

The main AML/sanctions focus on Mali revolves around the financing of the Wagner Group (now rebranded 'Africa Corps') with the country's gold. On June 27, 2023, the US Treasury's OFAC sanctioned —under Executive Order 14024— four companies (in the Central African Republic, the UAE and Russia) engaged in illicit gold dealings to fund Wagner, and Russian national Andrey Nikolayevich Ivanov, described as a facilitator of the group in Mali: according to the Treasury, in the spring of 2023 Ivanov worked with Prigozhin's entity 'Africa Politology' and senior Malian government officials on weapons deals and mining. OFAC described Wagner as an actor that funds its operations by exploiting the natural resources of countries such as Mali and the Central African Republic. Later, the Treasury went further and designated Malian officials for facilitating Wagner, including Lieutenant Colonel Adama Bagayoko, the Air Force Deputy Chief of Staff, flagged for promoting the group's deployment and for trying to facilitate its access to gold mining in Mali. The backdrop is set by the 2020 and 2021 coups, the junta led by Assimi Goïta, the departure of French and UN forces, and the pivot toward Moscow. The country's financial supervision sits within the West African monetary union: the regional central bank BCEAO and the financial intelligence unit CENTIF-Mali, with Mali a member of GIABA. The country also faces high terrorist-financing risks from the jihadist insurgency in the Sahel.

December 9, 2020 KG confirmed

Kyrgyzstan: the US sanctions (Magnitsky) ex-customs chief Matraimov for laundering $700M in a bribery scheme

The case that defines money-laundering risks in Kyrgyzstan is that of Raimbek Matraimov, former deputy chairman of the Customs Service. On December 9, 2020 —International Anti-Corruption Day—, the US Office of Foreign Assets Control (OFAC) sanctioned him and his wife under the Global Magnitsky Act (Executive Order 13818) for his role in a customs scheme through which at least USD 700 million was laundered out of the country. According to the Treasury, a company —linked to the Uyghur-Chinese Abdukadyr clan and its Abu Sahiy cargo empire— bribed officials to clear expensive goods as low-value, evading tariffs; Matraimov collected and distributed the bribes and helped smuggle cash out of the country via couriers. The scheme was exposed in 2019 by a joint investigation by Radio Azattyk (RFE/RL), OCCRP, Kloop and Bellingcat; one of the launderers, Aierken Saimaiti, was assassinated in Istanbul in November 2019. The Kyrgyz judiciary's response illustrates elite impunity: after returning partial sums, Matraimov was fined just a few thousand dollars in 2021; with the case reopened, he was extradited from Azerbaijan in 2024 and, in November of that year, released pending trial after paying about USD 200 million in cash and property. The country's financial intelligence unit is the State Financial Intelligence Service (SFIS), supervision rests with the National Bank of the Kyrgyz Republic (NBKR), and the country is a member of the Eurasian Group (EAG), the FATF's regional body. The risk picture is completed by an economy heavily dependent on remittances, porous borders and, since 2022, its role as a re-export route and possible channel for evading sanctions on Russia.

December 8, 2021 XK confirmed

Kosovo: OFAC sanctions a crime-group leader for bribing officials and trafficking between Kosovo and Serbia

Kosovo's most notable illicit-finance case is that of the Kosovo Serb businessman Zvonko Veselinović, whom the US Treasury's OFAC sanctioned on December 8, 2021, under Executive Order 13818 (Global Magnitsky Act), describing him as 'one of Kosovo's most notorious corrupt figures' and as the leader of an organized crime group. According to the Treasury, his organization ran a large-scale bribery scheme with Kosovar and Serbian security officials who facilitated the illicit trafficking of goods, money, narcotics and weapons between Kosovo and Serbia —including the bribery of Kosovar border agents in late 2017 and early 2019 to let his smugglers through— and pacts with politicians in exchange for contracts and influence. The action also included eight other people and 24 companies in Kosovo, Serbia, Croatia and Bulgaria. The case illustrates the vulnerabilities of a partially recognized state: according to the Council of Europe's evaluation body MONEYVAL, the main money-laundering threats in Kosovo are drug trafficking, loan-sharking and smuggling, aggravated by a cash-heavy economy and by the action of professional enablers —lawyers, accountants and notaries— who set up companies and legitimize contracts to integrate dirty money. Independent research also warns that sanctions have had an uneven effect, as companies linked to designated individuals continued to win public contracts. Financial supervision rests with the Central Bank of the Republic of Kosovo (CBK) and the financial intelligence unit (FIU).

April 18, 2025 KI confirmed

Kiribati: the Pacific microstate and the correspondent-banking crisis (de-risking)

Kiribati, a republic of 33 atolls scattered across the central Pacific, illustrates the main financial risk of island microstates: 'de-risking', the withdrawal of correspondent banking. Since 2011, the Pacific has lost about 60% of its correspondent banking relationships —double the world average— because large banks (mainly Australian and New Zealand) close those relationships over compliance costs, low profitability and perceived money-laundering risk. For an economy that depends on its seafarers' remittances, tuna fishing licenses and foreign aid, losing that link to the global financial system threatens transfers, trade and disaster response, and pushes toward informal channels. In response, the Pacific Islands Forum (PIF) and the World Bank launched the Pacific Strengthening Correspondent Banking Relationships Project —approved in August 2024 and effective from April 18, 2025, with about USD 68 million for seven countries, including Kiribati— aligned with the regional roadmap. Institutionally, Kiribati is an observer jurisdiction of the Asia/Pacific Group on Money Laundering (APG) —readmitted in 2013— and has established a financial intelligence unit and a suspicious-transaction reporting system, though with limited regulatory capacity and without yet undergoing a full mutual evaluation. The country has no central bank of its own: it uses the Australian dollar.

October 27, 2023 JO confirmed

Jordan: exited the FATF grey list (2023) after completing its action plan ahead of schedule

Jordan underwent the mutual evaluation of its anti-money-laundering measures by MENAFATF — the FATF's regional body for the Middle East and North Africa — with an on-site visit in July 2018 and a report published in November 2019. The evaluation detected serious effectiveness deficiencies in beneficial-ownership transparency, the investigation and prosecution of money laundering, the risk of abuse of non-profit organizations to finance terrorism and the financing of the proliferation of weapons of mass destruction. As a result, the FATF placed the Kingdom on its 'grey list' in October 2021 and set it a two-year action plan. Jordan moved quickly: in June 2023 the FATF determined it had 'substantially completed its action plan ahead of the agreed timeline,' and a verification visit in early September 2023 confirmed the effectiveness and sustainability of the reforms. At its plenary in late October 2023, in Paris, the FATF removed Jordan from the list, with the Governor of the Central Bank of Jordan (CBJ), Adel Al-Sharkas, present — who chairs the National Committee for Combating Money Laundering and Terrorist Financing. The financial intelligence unit is the AMLU, the legal framework rests on Law 46 of 2007 (amended in 2021), and the country went on to assume the MENAFATF presidency. Context weighs heavily: as a host to large refugee populations from Syria and Iraq and a neighbor of conflict zones, Jordan faces specific terrorist-financing risks, in an economy where cash and remittances carry weight.

June 28, 2024 JP confirmed

Japan: the FSA creates a transaction-analysis licensing regime to reinforce AML (2023-2024)

After reforming its Payment Services Act in 2022, Japan's Financial Services Agency (FSA) created the 'foreign-exchange transaction analysis business' (為替取引分析業), a licensing regime for entities analyzing transactions on behalf of multiple banks, authorizing three operators through 2024. The FSA acts amid record internet-banking fraud in 2023 (5,578 cases). It is a case of AML-framework regulatory strengthening, rather than a specific fine.

August 29, 2019 LB confirmed

Lebanon: OFAC designates Jammal Trust Bank for financing Hezbollah in Aug 2019 — bank liquidates

On August 29, 2019, OFAC designated Jammal Trust Bank SAL (JTB), a Beirut-based Lebanese bank, under Executive Order 13224 for providing financial services to Hezbollah, including the Saraya (Hezbollah's military organization) and the Martyrs Foundation (Hezbollah's paramilitary organization). The designation also included JTB's subsidiaries and affiliates. As a consequence, the Banque du Liban (BDL) ordered JTB's voluntary liquidation, and the Special Investigation Commission (SIC) oversaw the process. It is one of the most significant OFAC cases against a Lebanese bank since the 311 designation of Lebanese Canadian Bank (LCB) in 2011 (case LCB (2011)). JTB effectively closed operations in September 2019. The case is cited as precedent in the Bartlett v SGBL et al lawsuit (case Bartlett Lebanese Banks (2020)), where JTB is one of the 12 sued banks. The Hezbollah-Lebanese banks connection remains a central issue of US-Lebanon diplomacy and OFAC secondary sanctions. It marks the second Lebanese bank designated SDN in less than a decade by OFAC.

June 28, 2024 JM confirmed

Jamaica: FATF removes Jamaica from grey list Jun 2024 — scam call industry legacy + similar Cayman exit

On June 28, 2024, FATF removed Jamaica from the grey list ('Jurisdictions under Increased Monitoring') after 4 years of monitoring initiated in February 2020. The Bank of Jamaica (BOJ) and the Financial Investigations Division (FID) supervise the Jamaican banking sector under the framework of the Proceeds of Crime Act 2007 (extensively amended 2013, 2017, 2020, 2023). Jamaica (2.8M inhabitants, capital Kingston) has **one of the most persistent AML problems in the Caribbean**: **'Jamaica lottery scam'** — telephone fraud industry operated from Montego Bay that has **scammed ~$300M annually mainly to elderly in United States** (case aml-jamaica-lottery-scam-multiple in this tracker connected). Specific Jamaican AML risks: scam call industry legacy, gangs (Shower Posse historically, now successors Klansman, One Order, Spanish Town), Colombia-Jamaica-US/UK cocaine corridor (Kingston port), diaspora real estate (Jamaica has 2.8M inside but 3M+ Jamaicans abroad — UK, US, Canada), ganja (cannabis legal in Jamaica 2015, exports for medicinal). The banking sector is concentrated in: National Commercial Bank (NCB Financial Group, largest), Bank of Nova Scotia Jamaica (Scotiabank), JN Bank, First Caribbean International Bank (CIBC). Jamaica is a CFATF founding member.

June 1, 2023 CI confirmed

Côte d'Ivoire: GIABA evaluates its AML regime (2023) — weak framework, corruption and cocoa-smuggling risks

Côte d'Ivoire — the largest economy of the West African Economic and Monetary Union (WAEMU) and the world's biggest cocoa producer — submitted its anti-money-laundering system to GIABA's mutual evaluation, the FATF's regional body for West Africa, adopted at the May/June 2023 plenary (with an on-site visit in June 2022 and a technical assessment by the IMF). The report concluded the country's AML/CFT framework remained significantly weak: it was not fully compliant with any of the FATF's 40 Recommendations and had not demonstrated a detailed understanding of the money-laundering and terrorist-financing methods used in practice. Its geographic position, weight in the regional economy and developed, open financial sector make it particularly exposed to those risks; among the threats are corruption, the real estate sector, arms and drug trafficking, cybercrime and the smuggling of goods, including cocoa to neighbouring countries. GIABA recommended criminalizing individual acts of terrorism, creating an asset-freezing mechanism in line with UN Resolutions 1267 and 1373, and adopting the national AML/CFT strategy. In its first enhanced follow-up report (May 2024), the country was re-rated on 9 Recommendations, to 18 'compliant/largely compliant' and 22 'partially compliant,' remaining under enhanced follow-up. The financial intelligence unit is CENTIF, and supervision rests with the Central Bank of West African States (BCEAO) and its Banking Commission.

October 7, 2023 PS confirmed

Israel/Palestine: Hamas attack Oct 7 2023 — 1,200 Israelis + 251 hostages + Gaza response 45,000+ deaths

On October 7, 2023, Hamas (Islamic Resistance Movement, FTO designated by US since October 1997) launched the most devastating attack against Israel since Yom Kippur 1973: 1,200 Israelis killed + 251 hostages (including Shani Louk, Hersh Goldberg-Polin, baby Kfir Bibas). Israel responded with Operation Iron Swords/Swords of Iron — Gaza war has caused 45,000+ Palestinian deaths according to Gaza Ministry of Health (UN considers figures consistent), 80% of Gaza destroyed, 1.9M of 2.3M Palestinians displaced. OFAC designations post-Oct 7: 100+ new entities (Hamas leadership Yahya Sinwar killed Oct 2024, Mohammed Deif killed Jul 2024, Ismail Haniyeh killed Tehran Jul 2024; Hezbollah Hassan Nasrallah killed Sep 2024 + Hashem Safieddine Oct 2024; PIJ leadership; Iran IRGC + Quds Force). Hamas financing estimated at $700M-1 billion/year (mostly Iran via IRGC Quds Force, also Qatar via 'humanitarian aid' to Gaza historically — $1.8B from Qatar 2018-2023 that went to Hamas government salaries, suspended post-Oct 7). Multiple Hamas finance designations: Hamas Charities (2023), aml-bank-of-palestine-multiple. Bank of Palestine (largest), Cairo Amman Bank Palestine, Bank of Jordan Palestine operate in West Bank + Gaza under PMA (Palestinian Monetary Authority) and CBI Israeli dual supervision. Hostage diplomacy via Qatar mediation has resulted in partial exchanges (Nov 2023: 105 hostages freed x 240 Palestinian prisoners; Mar 2024+ ceasefire deals proposed).

June 5, 2026 US confirmed

US · Non-proliferation, Iran and counter-terrorism designations (June rounds)

OFAC published new sanctions-list update rounds including non-proliferation, Iran-related and counter-terrorism designations, plus Democratic Republic of the Congo-related designations, recorded in its recent actions of June 2, 5 and 10, 2026. These rounds continue the program's event-driven pace of designations, adding to the multiple late-May actions (terrorism, Iran) after the tracker's prior snapshot cutoff.

March 8, 2024 HN confirmed

Honduras: Juan Orlando Hernández (ex-President 2014-2022) sentenced to 45 years for drug trafficking (Jun 2024)

On **March 8, 2024**, former Honduran President **Juan Orlando Hernández** ('JOH', National Party, President 2014-2022) was **found guilty by a Southern District of New York (SDNY) jury** on three charges: conspiracy to import cocaine to the US, conspiracy to use firearms in drug trafficking crimes, and conspiracy to make and use false statements. **On June 26, 2024, Hernández was sentenced to 45 years federal prison**. It is one of the most significant cases against a former Latin American head of state in the US (alongside Manuel Noriega 1992). Hernández was **extradited from Honduras to the US on April 21, 2022**, weeks after leaving the presidency, after DOJ request. Evidence documented that JOH received **millions of dollars in bribes from the Sinaloa Cartel (Joaquín 'El Chapo' Guzmán testified), Los Cachiros Cartel (testimonies from Devis Leonel Rivera Maradiaga), Los Valles Cartel** between 2004-2022 in exchange for state protection for cocaine trafficking (~1 million kilos documented passing through Honduras to the US). His brother **Tony Hernández** (former Deputy) was previously sentenced to **life in prison in March 2021** for similar crimes. The Honduran financial sector is supervised by the Central Bank of Honduras (BCH) and the National Commission of Banks and Insurance (CNBS), with UIF Honduras. Current President **Xiomara Castro** (LIBRE, wife of former President Manuel Zelaya, President since January 2022) has initiated reforms. The Honduran banking sector is concentrated in: Banco Atlántida, Banco Ficohsa, BAC Credomatic Honduras, Banco Davivienda Honduras. Honduras is a GAFILAT member.

July 22, 2025 HK confirmed

Hong Kong: HKMA penalizes three banks (IOB and Bank of Communications) HK$16.2M for AML failures (Jul 2025)

On July 22, 2025, the Hong Kong Monetary Authority (HKMA) completed disciplinary proceedings under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO, Cap. 615) against three banks, imposing penalties totaling HK$16.2 million. Indian Overseas Bank, Hong Kong Branch (IOBHK) received the largest — HK$8.5 million — plus a reprimand and an order to conduct a transaction look-back review and implement a remedial plan, for serious deficiencies in its transaction-monitoring mechanism and oversight of its AML/CFT controls. Bank of Communications (Hong Kong) was fined HK$4 million and Bank of Communications' Hong Kong Branch HK$3.7 million, for failing to load certain transaction types into their shared monitoring system, weakening detection of suspicious activity. The HKMA stressed that even where control functions are outsourced, ultimate accountability for AMLO compliance remains with the bank.

February 29, 2024 HT confirmed

Haiti: Cherizier 'Barbecue' Viv Ansanm coalition Feb 2024 — gangs control 80%+ Port-au-Prince + Henry removal

On February 29, 2024, Jimmy Chérizier 'Barbecue' (former Haitian policeman, leader of G9 Family and Allies gang federation and new Viv Ansanm coalition 'Living Together' uniting 10+ main Port-au-Prince gangs) launched the most violent offensive in recent Haitian history: coordinated attacks on National prison (3,500+ prisoners released, including gang leaders), Toussaint Louverture International Airport, presidential palace, US Embassy compound. Prime Minister Ariel Henry (in office since July 2021 after the assassination of President Jovenel Moïse) was trapped in Kenya in his attempt to return on March 4, 2024, forcing his resignation on March 11, 2024. A Transitional Presidential Council was established in April 2024 + Garry Conille PM (June 2024 - removed Nov 2024) → Alix Didier Fils-Aimé (PM November 2024+). In 2024, 5,000+ deaths from violence, 700,000+ internally displaced (out of 11M population). The gangs (G9, G-Pep, Viv Ansanm coalition) control 80%+ of Port-au-Prince territory + rural areas. UN Security Council Resolution 2699 (October 2023) authorized the Kenya-led Multinational Security Support (MSS) mission — 400+ Kenyan police arrived June 2024 (out of 1,000 promised + 1,500 from other countries). Cherizier is designated SDN by OFAC since 2022. The BRH (Banque de la République d'Haïti) and the UCREF supervise the financial sector under the framework of the Law of November 11, 2013 (amended 2017, 2023). The banking sector is concentrated in: Sogebank, Unibank, Banque Nationale de Crédit (BNC, state), Capital Bank, Banque de l'Union Haïtienne. Haiti is a CFATF member.

April 4, 2013 GW confirmed

Guinea-Bissau: Africa's 'narco-state' — the DEA captured ex-navy chief Bubo Na Tchuto for cocaine trafficking

Guinea-Bissau, a small West African country, is known as the continent's first 'narco-state': since the mid-2000s, Latin American cartels have used it as a stopover to send cocaine to Europe, with deep military and political complicity. The most notorious case was that of José Américo Bubo Na Tchuto, former navy chief: in April 2010, the US designated him a drug 'kingpin' for his role in international narcotics trafficking, and on April 4, 2013, the DEA brought him to New York after capturing him in international waters aboard a luxury yacht, in an undercover operation in which agents posed as members of Colombia's FARC for a cocaine-for-arms exchange. Several accomplices were also charged, some with narco-terrorism (storing FARC cocaine in West Africa). Na Tchuto pleaded guilty, served his sentence in the US and returned to the country in 2016. General Antonio Indjai — army chief and leader of the 2012 coup, dubbed the 'cocaine coup' — was also charged by the US but evaded arrest; both appear on the UN, EU and US sanctions lists for cocaine trafficking and destabilization. The February 1, 2022 coup attempt, with 12 dead, was again linked to the drug business. The country is a GIABA member, its financial intelligence unit is CENTIF, and it shares the CFA franc and the regional central bank (BCEAO) with WAEMU.

September 3, 2019 GT confirmed

Guatemala: CICIG closed by Jimmy Morales Sep 2019 — Otto Pérez Molina convicted + 700+ investigated

The **International Commission against Impunity in Guatemala (CICIG)**, unique organism in the world created by Agreement between the UN and the Guatemalan government on December 12, 2006 (operational since September 2007), was **closed by President Jimmy Morales on September 3, 2019** after 12 years of operations — one of the most serious cases of dismantling of anti-corruption mechanisms in Latin America. CICIG investigated **>200 high-profile corruption cases** that led to **700+ judicialized officials**, including: **Otto Pérez Molina** (former President 2012-2015) and **Roxana Baldetti** (Vice President), arrested in 2015 in **'La Línea' case** (customs fraud scheme) — Pérez Molina sentenced to 16 years prison in December 2022 + Baldetti multiple sentences, cases against former President **Alfonso Portillo** (2000-2004), **CooperaciónFinancieras Vaco case**, **Rosenberg case** (controversial 2009), **PNC narcotráfico case**. After CICIG closure under Morales, the Guatemalan judicial system lived a 'corrupt pact' documented by OAS and UN: judges and prosecutors who pursued CICIG cases were **forced into exile** (Juan Francisco Sandoval former Special Prosecutor against Impunity FECI exiled Costa Rica 2021, Thelma Aldana former Attorney General exiled US, Iván Velásquez former CICIG commissioner now Colombia Defense Minister). The Guatemalan banking system is supervised by the Bank of Guatemala (BANGUAT) and the Intendency of Special Verification (IVE, FIU). The banking sector includes: Banco Industrial (largest), Banco G&T Continental, Banco de los Trabajadores, BAM, Banrural. **President Bernardo Arévalo** (Semilla Movement, since January 2024 — reactivated CICIG-aligned party) attempts to restore anti-corruption institutionality. Guatemala is a GAFILAT member.

December 1, 2024 GE confirmed

Georgia: MONEYVAL evaluates its AML regime (Dec 2024) — progress, but exposed to Russian sanctions evasion

Georgia — a South Caucasus country with a European outlook but strong economic ties to Russia — saw the most recent evaluation of its anti-money-laundering system published in December 2024 by MONEYVAL, the Council of Europe committee that verifies compliance with FATF standards. The report acknowledged significant progress: greater capacity of the Financial Monitoring Service (FMS, the financial intelligence unit) to disseminate information to law enforcement, strengthened regulation of virtual asset service providers (VASPs) and improved risk assessments. Georgia achieved full compliance on 6 of the FATF's 40 Recommendations and 'largely compliant' on another 22. Nonetheless, moderate deficiencies remain in the scope of designated non-financial businesses and professions (DNFBPs) and in the sanctioning regimes for certain sectors. Supervision rests with the National Bank of Georgia (NBG) — which has fined banks and currency exchanges for AML/CFT breaches — and the FMS. Context weighs heavily: the US State Department classifies Georgia as a 'major money laundering country' and, since Russia's 2022 invasion of Ukraine, analysts warn of its exposure as a possible sanctions-evasion route and of the inflow of Russian capital and migration, which strain the control system.

April 8, 2026 US confirmed

US: FinCEN+OFAC propose stablecoin AML rules under GENIUS Act (Apr 2026) — Part 1033 new framework

On **April 8, 2026**, **FinCEN and OFAC** jointly published a **Notice of Proposed Rulemaking (NPRM)** implementing the anti-financial crime provisions of the **Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act)**, which **would establish a comprehensive AML/CFT framework for Permitted Payment Stablecoin Issuers (PPSIs) under the Bank Secrecy Act (BSA)**. The proposed rule **would treat stablecoin issuers as financial institutions** for BSA purposes — the **first time in US federal history** that a specific type of crypto-issuer is regulated under the traditional banking framework. Main affected actors: **Circle Internet Financial (USDC, $60B+ marketcap)**, **Tether Limited (USDT, $140B+ marketcap, largest stablecoin)**, **Paxos Trust (USDP, BUSD pre-2023)**, **PayPal (PYUSD)**, **First Digital (FDUSD)**. The NPRM creates a **new Part 1033 of 31 C.F.R. chapter X** specific for PPSIs, separate from the MSB (Money Services Business) framework. PPSIs would be required to: **(1) Risk-based AML/CFT program** with resource dedication to higher-risk customers, **(2) Sanctions compliance program with transaction blocking capabilities** (first required by US statute), **(3) SAR reporting to FinCEN**, **(4) Customer Due Diligence + Beneficial Ownership identification**, **(5) AI-driven analytics, federated learning** and other advanced monitoring tools (favorable treatment). Comments due **June 9, 2026**. The action complements the **FinCEN whistleblower program NPRM March 30, 2026** ($40M FinCEN enforcement 2025 + $265M OFAC enforcement 2025 = $305M total 2025 base). **Treasury Department also issued NPRM April 3, 2026** on the state-level regulatory regime substantially similar to federal framework (state regulation of stablecoins).

October 23, 2020 IS confirmed

Iceland: one of the few Nordic countries on the FATF grey list (2019-2020), a one-year interlude

Iceland starred in an unusual episode for a prosperous Nordic country: after its 2018 FATF mutual evaluation — with poor effectiveness results (low on 6 of the 11 outcomes, moderate on 4 and substantial on only 1) — it was added on October 18, 2019 to the body's 'grey list,' alongside Mongolia and Zimbabwe. It was one of the few Western European countries ever flagged. The FATF questioned three fronts: competent authorities' access to beneficial-ownership data, strengthening the financial intelligence unit and better supervision of non-profit organizations. The country reacted quickly — it transposed the EU anti-money-laundering directive, created a register of companies' beneficial owners and addressed the 40 Recommendations — and, after an evaluation visit in September 2020, the FATF removed it from the list on October 23, 2020, barely a year later, in one of the fastest processes. A 2021 follow-up report acknowledged further progress (re-rated 'compliant' on supervision of non-financial professions). Financial supervision now rests with the Financial Supervisory Authority (FME), integrated into the Central Bank of Iceland. The episode is best understood against the backdrop of a country marked by the 2008 collapse of its banking system — with the giants Kaupthing, Landsbanki and Glitnir — and by the 2016 Panama Papers, which forced the prime minister's resignation.

June 25, 2025 MX confirmed

Mexico: FinCEN designates CIBanco, Intercam and Vector for fentanyl-linked laundering (2025)

On June 25, 2025, FinCEN (US Treasury) issued three orders — the first under 21 U.S.C. 2313a, created by the 2024 FEND Off Fentanyl Act — designating three Mexican institutions, CIBanco, Intercam Banco and Vector Casa de Bolsa, as of 'primary money laundering concern' in connection with illicit opioid trafficking. It is not a fine: these are civil orders prohibiting US financial institutions from any transmittal of funds — including cryptocurrency — with the three firms. FinCEN documented more than USD 100 million tied to drug trafficking: a CIBanco employee allegedly facilitated USD 10 million in laundering for a Gulf Cartel member (2023); Intercam executives allegedly met suspected CJNG members and processed USD 1.5 million to a China-based precursor supplier; and Vector allegedly channeled more than USD 1 million (2013-2021) to China-based precursor firms. The orders were published in the Federal Register (90 FR 27764/27770/27777) and their effective date was extended several times. Mexico's Finance Ministry said it received 'no conclusive information.' In parallel, Mexico's CNBV fined and took over the same institutions (see the CNBV event).

May 11, 2026 US confirmed

US: FinCEN issues May 2026 Alert — IRGC global money laundering + sanctions evasion + crypto

On **May 11, 2026**, **FinCEN issued Alert FIN-2026-A002** instructing US financial institutions on **money laundering typologies by the Iranian Revolutionary Guard Corps (IRGC)** and its affiliates, including **IRGC-Quds Force** (case Iran FATF Blacklist (2020) in this tracker). Typologies documented in the Alert include: **(1) Front companies in offshore jurisdictions** (Hong Kong, UAE, Turkey, Malaysia, Iraq, Venezuela), **(2) Trade-based money laundering (TBML)** especially in Iranian oil shipped via ship-to-ship transfers, **(3) Cryptocurrencies** (Tether USDT especially, USDC pre-blacklisting, Bitcoin and altcoins via mixers + DeFi protocols), **(4) Hawala networks** in Iraq, Pakistan, Afghanistan, Lebanon, **(5) Gold smuggling** Turkey-Dubai-Iran-Venezuela, **(6) Real estate** in the US (Trump real estate case 2018 documented), UK (Knightsbridge), Canada (Toronto, Vancouver), Australia (Sydney, Melbourne). The Alert also references **connections with Hezbollah, Hamas, Houthis and Assad/HTS** (case Syria Assad HTS (2024) in this tracker). FinCEN instructed financial institutions to file SARs (Suspicious Activity Reports) with keyword 'IRGC-2026-A002' for any transaction potentially connected. The action coincides with the context of **Trump 2.0 sanctions tightening against Iran** (2025+) and **maximum pressure campaign 2.0**. The Alert also details **stablecoin issuers** typologies aligned with the new **GENIUS Act (Guiding and Establishing National Innovation for U.S. Stablecoins Act)** and the FinCEN/OFAC Notice of Proposed Rulemaking published on April 8, 2026 that would treat Permitted Payment Stablecoin Issuers (PPSIs) as financial institutions under the BSA.

April 10, 2025 FJ confirmed

Fiji: a Pacific AML reference point, preparing for its 2026 APG evaluation

Fiji — a South Pacific archipelago and one of the region's financial and logistics hubs — is preparing for its fourth mutual evaluation by the Asia/Pacific Group on Money Laundering (APG), scheduled for 2026. In its third round, the APG (with the World Bank's technical assessment) conducted the on-site visit in October 2015 and adopted the report in September 2016, with successive follow-up reports in 2019 and 2023 that recognized progress in technical compliance. Ahead of 2026, the country intensified preparations: in April 2025, a high-level APG delegation visited Suva to meet the government, and the National Anti-Money Laundering Council — chaired by the Permanent Secretary for Justice — set up an inter-agency working group. According to the IMF, Fiji completed a banking-sector risk assessment and updated its 2015 National Risk Assessment, with official training and technical assistance from the APG. The financial intelligence unit (Fiji FIU) and the Reserve Bank of Fiji (RBF) are central pillars of the system, alongside the Ministry of Justice and the prosecution service. Fiji also serves as a regional reference point — providing assessors to other Pacific states' mutual evaluations — in a region exposed to the risks of cash, remittances, correspondent-banking 'de-risking' and, increasingly, methamphetamine transit.

December 5, 2011 ER confirmed

Eritrea: the Isaias Afwerki regime, a closed economy and the '2% diaspora tax' condemned by the UN

Eritrea, ruled by Isaias Afwerki since its independence in 1991, runs one of the world's most closed economic and banking systems: an economy controlled by the state and by entities tied to the single ruling party (the People's Front for Democracy and Justice, PFDJ), with no significant private sector and never having undergone a FATF mutual evaluation or belonged to any of its regional bodies. The country has not published a budget since 2002. Its most singular — and controversial — financing mechanism is the so-called '2% diaspora tax': an income levy the government collects from Eritreans abroad through its embassies and the PFDJ. On December 5, 2011, the UN Security Council, in its Resolution 2023 (under Chapter VII), condemned the use of that tax to destabilize the Horn of Africa and violate the sanctions regime — including procuring arms for armed groups — and demanded that Eritrea stop using extortion, threats and fraud to collect it outside the country; it also called for vigilance over its mining sector. Independent studies note that, absent transparency, those proceeds function as an opaque, fungible fund. The UN arms embargo, imposed in 2009 (Resolution 1907) over support for militias in Somalia, was lifted in 2018 after the rapprochement with Ethiopia; but in 2021 the US and the EU again sanctioned Eritrean entities and commanders over atrocities committed in the Tigray war. Nominal supervision of the system rests with the Bank of Eritrea, the central bank.

June 1, 2021 EG confirmed

Egypt: MENAFATF evaluates its AML regime (2021) — high technical compliance with the FIU inside the central bank

Egypt submitted its anti-money-laundering system to the mutual evaluation of MENAFATF (the FATF's regional body for the Middle East and North Africa), conducted by the World Bank and adopted in June 2021, with on-site visits in 2020 completed remotely due to the pandemic. The country — which chaired MENAFATF in 2020-2021 — achieved high technical compliance and has kept strengthening it: in its May 2025 follow-up report, after re-rating Recommendation 3, it reached 11 Recommendations rated 'compliant' and 26 'largely compliant,' with only 3 'partially compliant,' though it remains under enhanced follow-up. The financial intelligence unit is the Egyptian Money Laundering and Terrorist Financing Combating Unit (EMLCU), an independent body within the Central Bank of Egypt (CBE) created by Law 80 of 2002, which receives and analyzes suspicious-transaction reports. The country's risk profile is demanding: an economy with a strong weight of cash, cross-border trade and remittances, and a geographic position that makes it especially vulnerable to terrorist financing, money laundering and proliferation financing — Egypt strengthened its counter-terrorism framework with Law 14 of 2020. The banking sector concentrates about 89.8% of the financial system's assets, placing the CBE at the centre of supervision.

January 9, 2024 EC confirmed

Ecuador: Noboa declares 'internal armed conflict' Jan 2024 + 'Fito' escape + post-2020 crime crisis

On January 9, 2024, President Daniel Noboa Azín (ADN, President since November 2023, young entrepreneur son of banana magnate Álvaro Noboa) declared 'State of Internal Armed Conflict' after the escape of narco leader Adolfo Macías Villamar 'Fito' (head of Los Choneros) from La Regional Guayaquil penitentiary on Jan 7, 2024, and the live takeover of TC Television channel by members of Los Tiguerones (another criminal organization) — first South American country to formally declare 'internal armed conflict'. Ecuador has suffered the worst criminal crisis in its history post-2020: homicide rate went from 6 per 100K (2017) to 47 per 100K (2023) — the highest in South America. Ecuadorian cartels (Los Choneros, Los Lobos, Los Tiguerones, Los Lagartos, Los Chone Killers) operate as subcontractors of Mexican (Sinaloa, CJNG) and Colombian cartels for cocaine trafficking via Guayaquil + Manta ports (Ecuador is the main cocaine corridor from Colombia + Peru to Europe + US — ~30% of global cocaine flow). BCE and UAFE supervise the financial sector under the framework of the Organic Law of Prevention of Asset Laundering 2017. Ecuador operates USD as official currency since 2000 (dollarization post-1999 banking crisis, unique situation in South America alongside El Salvador 2001 and Panama historic). The banking sector is concentrated in: Banco Pichincha (largest), Banco del Pacífico, Banco Guayaquil, Banco Internacional. Ecuador is a GAFILAT member.

March 7, 2024 DJ confirmed

Djibouti: a Horn of Africa port hub with its first AML evaluation (2024) — a legal framework without effectiveness

Djibouti — a small Horn of Africa state and strategic logistics hub by the Bab-el-Mandeb strait, home to military bases of the US, France, China, Japan and Italy — underwent its first mutual evaluation, conducted by MENAFATF (the FATF's regional body for the Middle East and North Africa), with an on-site visit between February and March 2024 and endorsed by the FATF. The result revealed a reasonable legal framework but without effectiveness: the country scored 'compliant' on 8 and 'largely compliant' on 10 of the 40 technical Recommendations, but zero high or substantial effectiveness ratings across the 11 immediate outcomes. Understanding of money-laundering and terrorist-financing risks is 'at an embryonic stage'; the National Risk Assessment identifies prevalent crimes — embezzlement, breach of trust, fraud and drug trafficking — but does not comprehensively cover the national risk context. The report found gaps in the Financial Intelligence Service (SRF, the financial intelligence unit) and the National Counter-Terrorism Committee, as well as limited knowledge of AML/CFT obligations, weak supervision and poor suspicious-transaction reporting, compounded by the weight of cash, the use of agents in low-compliance jurisdictions and hawala, in an environment bordering Somalia and Yemen. Analysts also note that money laundering mainly involves political elites, with a gap between the law and its effective enforcement. Financial-sector supervision rests with the Central Bank of Djibouti (BCD).

September 19, 2018 EE confirmed

Estonia: the Danske Bank scandal in Sep 2018, €200B in laundering — Europe's largest in history

On September 19, 2018, Danske Bank revealed by publishing its internal report that its small Estonian branch (the former Sampo Bank, acquired in 2007) had processed between 2007 and 2015 around 200 billion euros (~$234 billion USD) in suspicious flows, mainly from non-resident Russian, Azerbaijani, Ukrainian, and Baltic country clients. The Estonian branch, with barely 0.5% of Danske's total assets, had generated 11% of group net profit in 2013. Estonia's Financial Supervision Authority (Finantsinspektsioon) ordered the closure of the Estonian branch. CEO Thomas Borgen resigned. Parallel criminal investigations in Denmark, US, UK, France, and Estonia produced in December 2022 a $2 billion Danske conviction from FinCEN + DOJ + SEC + Danish prosecutor (case already documented). It is the largest money laundering scandal in European history and triggered the EU's largest AML legislation overhaul (5th and 6th directives).

December 4, 2024 CW confirmed

Curacao: LOK reform Dec 2024 — online gambling 1,000+ licenses + Russian post-sanctions destination

The Centrale Bank van Curaçao en Sint Maarten (CBCS) and the Reporting Center Unusual Transactions (MOT) supervise Curacao's financial sector under the framework of the National Ordinance Identification when Rendering Services (NOIS, 2017) and National Ordinance Reporting Unusual Transactions (NORUT, 2017). In **December 2024**, Curacao implemented **a massive reform of the 'Landsverordening op de Kansspelen' (LOK, Law on Games of Chance)** — the world's most controversial online gambling licensing regime. For decades (1996-2024), Curacao operated a **'master license' system** where 4 companies (Cyberluck Curaçao N.V. / Curaçao eGaming, Antillephone N.V., Gaming Curaçao, Curaçao Interactive Licensing) **issued sub-licenses to 1,000+ online casinos** worldwide (including many targeting Russian, Chinese, Brazilian markets). The new Curacao Gaming Authority (CGA) now issues licenses directly with reinforced due diligence. **Russian operators and casinos targeting sanctioned customers post-2022** have been a persistent problem. Curacao (148,000 inhabitants, former Dutch colony, capital Willemstad) operates the Netherlands Antillean guilder (ANG) pegged to USD 1.79:1 — Curacao + Sint Maarten are the only remaining countries sharing the ANG post-dissolution of the Netherlands Antilles 2010. The banking sector is concentrated in: Maduro & Curiel's Bank (MCB, largest), Banco di Caribe, RBC Royal Bank Curaçao, Orco Bank. Curacao is a CFATF member.

February 7, 1962 CU confirmed

Cuba: world's longest OFAC embargo since 1962 — Helms-Burton 1996 + Trump tightening 2017+

The United States embargo against Cuba, initiated on February 7, 1962 by executive order from President John F. Kennedy (Proclamation 3447), is **the longest continuous embargo in world history** (64+ years as of 2026). The legal framework evolved significantly: Cuban Assets Control Regulations (CACR) 1963, Cuban Democracy Act (CDA) 1992, Cuban Liberty and Democratic Solidarity Act ('Helms-Burton Act') 1996 that prohibited non-US companies from operating with Cuba (extraterritoriality), Trade Sanctions Reform and Export Enhancement Act 2000 (TSREEA, allows agricultural/medical exports with conditions). Under the Obama administration (2014-2017) there was partial thaw (diplomatic opening, direct flights, remittances). Under Trump (2017-2021), sanctions tightened drastically: Cuba returned to the State Sponsors of Terrorism (SST) list in January 2021 (last day of Trump's first term), elimination of remittances via Western Union, SDN designation of MININT (Interior Ministry). Under Biden (2021-2025): minor changes. Under Trump 2.0 (2025-): new round of tightening expected. The Cuban banking sector is 100% state-owned: Banco Central de Cuba (BCC), Banco Nacional de Cuba (BNC), Banco de Crédito y Comercio (Bandec), Banco Popular de Ahorro (BPA), Banco Metropolitano. All are on OFAC's SDN list. The embargo has caused accumulated losses estimated by the UN at $150-1,000 billion (variable estimates) depending on methodology. Cuba is a GAFILAT member.

May 1, 2026 US confirmed

US · Executive Order: sanctions on those responsible for repression in Cuba

On May 1, 2026, through Executive Order 14404 ('Imposing Sanctions on Those Responsible for Repression in Cuba and for Threats to United States National Security and Foreign Policy'), the US created a new Cuba sanctions program under IEEPA, separate from the Cuban Assets Control Regulations and carrying secondary-sanctions reach (resembling the Iran, Russia and North Korea frameworks). On May 7, OFAC designated GAESA, the military conglomerate that the State Department says controls about 40% of Cuba's economy, and issued General License No. 1 plus six FAQs (1251-1256); additional designations followed on May 18. Per OFAC guidance, secondary sanctions for dealing with GAESA take effect on June 5, 2026.

May 1, 2026 CU confirmed

Cuba: from the 1962 embargo to the new US escalation (EO 14404, 2026) with secondary sanctions on foreign banks

The US economic embargo against Cuba has been in force since February 1962 — the longest in modern history — codified in the 1996 Helms-Burton Act and administered by the Treasury's OFAC through the Cuban Assets Control Regulations (CACR). In recent years, policy has swung sharply. The Trump administration returned Cuba to the State Sponsors of Terrorism (SSOT) list in January 2021. On January 14, 2025, in his final days, President Biden certified Cuba's removal from that list, revoked the 2017 presidential memorandum and suspended the 'Cuba Restricted List,' as part of a deal brokered by the Catholic Church and Pope Francis for Havana to release 553 political prisoners. Just six days later, on January 20, 2025, President Trump revoked those measures on his first day in office, reinstating the SSOT designation and the Restricted List — which bars US persons from dealing with hundreds of entities and hotels linked to the Cuban military apparatus. The pressure kept escalating: on May 1, 2026, Trump signed Executive Order 14404, broadening the authority to designate actors in key sectors of the Cuban economy and authorizing secondary sanctions against foreign financial institutions dealing with sanctioned parties; days later, the State Department designated the military conglomerate GAESA, among others, as Specially Designated Nationals (SDNs). The practical effect is a freeze on Cuba's international financial transactions passing through US entities, which hampers third-country trade, amid the island's deep economic crisis.

January 1, 2023 HR confirmed

Croatia: HNB tightens AML — entered Eurozone Jan 2023 + Schengen 2023 + Agrokor scandal 2017

On **January 1, 2023**, Croatia became the 20th member of the **Eurozone** (adoption of the euro as official currency, replacing the Croatian kuna HRK) + the 27th member of **Schengen** (free movement). It is the first country of the former Yugoslavia to achieve both European integrations. The Hrvatska Narodna Banka (HNB) and the Croatian Financial Services Supervisory Agency (HANFA) supervise the financial sector under the framework of ZPPNFT 2017 (amended in 2019, 2022 to align with EU's 5th and 6th AMLD). Croatia (3.8M inhabitants, capital Zagreb), independent since 1991 (Yugoslav Wars), EU member since July 2013. Specific Croatian AML risks: **Agrokor case 2017** — the largest Croatian conglomerate (retail Konzum, food production, country's largest employer 60,000 employees, ~$7 billion revenue) collapsed due to massive fraud under Ivica Todorić (founder, sentenced in absentia + extradited from UK 2018 + sentenced in Croatia 6 years 2023), restructured under Lex Agrokor + Fortenova ownership changed to Marko Pupić-Bakrač (Russia connection allegations); **Balkan drug corridor** (Balkan Route sub-corridor), Bosnia + Serbia refugees, Dubrovnik + Split real estate boom by absentee European investors and Croatian diaspora (~1M in Germany, US, Australia, Argentina, Chile). The banking sector is concentrated in: Zagrebačka Banka (Italian UniCredit subsidiary, Croatia's largest bank), Privredna Banka Zagreb (PBZ, Italian Intesa Sanpaolo subsidiary), Erste & Steiermärkische Bank Croatia, Raiffeisenbank Austria Croatia. Croatia is a MONEYVAL member.

September 17, 2018 CH confirmed

Switzerland: FINMA reprimands Credit Suisse in 2018 over Petrobras, PDVSA and FIFA

FINMA concluded in September 2018 an enforcement proceeding against Credit Suisse, finding 'serious deficiencies' in anti-money laundering controls between 2006 and 2014 in connection with international corruption cases linked to Brazilian oil company Petrobras, Venezuelan PDVSA and FIFA. FINMA imposed an independent monitor on the bank. The authority did not impose a fine, since the Swiss legal structure allows FINMA to confiscate illicit gains but not apply civil fines to banking entities. It is the first case in which a major Swiss bank is disciplined simultaneously for three major transnational scandals, and a direct precursor to Credit Suisse's collapse in March 2023, when it was absorbed in an emergency by UBS for CHF 3 billion.

January 1, 2025 CR confirmed

Costa Rica: GAFILAT evaluates the country (5th round, 2024-2025) — narco-focused AML enforcement and grey-list risk

Costa Rica — a stable Central American democracy, but also a drug-trafficking transit corridor — faces, between 2024 and 2025, the fifth round of mutual evaluation by the Financial Action Task Force of Latin America (GAFILAT), following a technical re-rating of several of the FATF's 40 Recommendations. The process is decisive: in 2015 the country came close to being placed on the 'grey list' and avoided it only through a National Strategy and reforms; the Costa Rican Drug Institute (ICD) has warned that a poor result would return it to that risk. The financial intelligence unit (UIF) operates within the ICD — it was born as the Financial Analysis Unit under Law 7786 of 1998, comprehensively reformed by Law 8204 of 2001. GAFILAT's mutual evaluation acknowledged that Costa Rica effectively prosecutes predicate offenses, particularly drug trafficking, in prosecutions and convictions; but it noted that the fight against money laundering is concentrated almost exclusively on cases linked to drug trafficking, with few initiatives against laundering from other serious crimes — such as human trafficking and smuggling, identified as threats in its National Risk Assessment. It also found that cooperation among police bodies takes place on informal bases, without a regulated framework, and recommended giving institutions more resources, expanding the UIF's direct powers and strengthening the transparency of legal persons' beneficial owners and control of cross-border cash transport. Financial-sector supervision rests with SUGEF and the Central Bank of Costa Rica (BCCR).

June 28, 2024 US confirmed

US: ConsenSys vs SEC — Wells Notice Apr 2024 + MetaMask sub-poena (10M+ MetaMask users)

**ConsenSys Software Inc** (Brooklyn, founded by **Joseph Lubin** Co-Founder Ethereum 2014, owner of **MetaMask** — the world's largest crypto wallet with ~10M monthly users, $5B+ assets via MetaMask Swap fee revenue) received a **Wells Notice from SEC in April 2024** indicating intent to file enforcement action — alleging that **MetaMask Swap (broker function) and MetaMask Staking (delegate ETH staking to Lido/Rocket Pool/Coinbase) are 'unregistered securities exchange' and 'unregistered broker-dealer activities'** under US securities laws. ConsenSys **responded with a pre-emptive counter-suit in US District Court Northern District of Texas (Fort Worth) in April 2024**, alleging SEC overreach. The case was seen as **landmark crypto regulation battle** under Gary Gensler-era SEC (chairman 2021-2025). **Post-Trump 2.0** (January 2025), SEC under new chairman **Paul Atkins** (confirmed April 2025, crypto-friendly) **dropped the ConsenSys case along with Coinbase, Robinhood, Kraken** — reflects crypto-friendly enforcement turn. ConsenSys also recently raised Series E **$450M** Aug 2023 ($7B valuation pre-2022 collapse, ~$3B 2024). **MetaMask is the world's most used browser extension wallet** — supports 30+ EVM chains (Ethereum, Polygon, BSC, Avalanche, Optimism, Arbitrum, Base, etc.). The case was a prominent debate of **'regulation by enforcement vs regulation by rulemaking'** in crypto industry. Lubin has been vocal opponent of Gensler enforcement style.

June 26, 2024 HN confirmed

Honduras: former president Juan Orlando Hernández, sentenced in the US to 45 years for drug trafficking

The case that defines the narco-state problem in Honduras is that of Juan Orlando Hernández (JOH), the country's president for two terms (2014-2022). Extradited to the United States in April 2022, he was found guilty on March 8, 2024, after a three-week trial before Judge P. Kevin Castel in a Manhattan federal court (SDNY), of cocaine importation and related weapons offenses. On June 26, 2024, he was sentenced to 45 years in prison (540 months), 60 months of supervised release and an USD 8 million fine. According to prosecutors, Hernández conspired with some of the world's largest drug traffickers to transport more than 400 tons of cocaine — valued at about USD 10 billion — through Honduras to the US; he accepted millions in bribes to protect the shipments using the police and the army, and used drug money to bribe officials and manipulate the 2013 and 2017 elections. He is the third foreign former president convicted of drug trafficking in the US, after Panama's Manuel Noriega and the British Virgin Islands' former premier; his brother Tony Hernández had already been convicted. The country's financial intelligence unit operates within the National Banking and Insurance Commission (CNBS), monetary supervision rests with the Central Bank of Honduras (BCH) and the country is a GAFILAT member.

April 18, 2024 US confirmed

US: Circle (USDC issuer) under continuous NYDFS + CFTC supervision in 2024 over stablecoin standards

Circle Internet Financial Limited, issuer of USDC (the world's second-largest stablecoin with $35 billion in circulation in 2024), operates under continuous NYDFS supervision (BitLicense holder) and faces regulatory requirements from the SEC and CFTC in the US after Tether's reserve problems (2021), USDC's collapse ('depegging' in March 2023 when Silicon Valley Bank held $3.3 billion of Circle's reserves), and pressure from the EU MiCA Regulation (in force since June 2024 for stablecoins). In 2024, Circle reinforced its monthly transparency attestations program with Deloitte, segregated reserves in BlackRock accounts, and enforcement against USDC use in darknet, ransomware (in cooperation with OFAC, it has frozen more than $300M USDC linked to SDN designations between 2020-2024). Circle was a pioneer in OFAC cooperation for stablecoin freezing, marking the paradigm of 'sanctions compliance native to the contract'. The SEC pending pursues establishing whether USDC is a security, an issue under active litigation in 2026.

June 1, 2018 CL confirmed

Chile: 2018 church crisis — Karadima defrocked + abuse + financial opacity + Vatican intervention

Chile (19.5M inhabitants, capital Santiago) experienced in **2018 the largest Catholic Church crisis in its history**, centered on the **Fernando Karadima** case (influential priest of the El Bosque parish in Providencia, trainer of bishops) — convicted by the Vatican in 2011 for sexual abuse of minors, and **expelled from the priesthood (laicized) by Pope Francis in September 2018**. The crisis escalated when Pope Francis, during his visit to Chile in January 2018, initially defended Bishop **Juan Barros** (Karadima's protégé, accused of cover-up) — then retracted after investigator Charles Scicluna's report, and in an unprecedented action, **all 34 Chilean bishops presented their collective resignation in May 2018** (Francis accepted 7+). Although the Karadima case is primarily about sexual abuse, it generated **scrutiny of the financial opacity of the Chilean Church**: investigations into the management of parish funds, compensation to victims (the Chilean State + the Church faced civil lawsuits, the Chilean Supreme Court ordered the Archdiocese of Santiago to compensate victims with ~$300K+ in 2019, the first ruling of this type), opacity of congregation finances (Legionaries of Christ, Marists, etc. also faced cases), and the relationship between Chilean economic elite and the Church. The case is relevant for AML/transparency in the context of **financial opacity of religious institutions** (parallel to the Vatican Becciu case Vatican Becciu (2023)). The Chilean financial sector is supervised by the Central Bank of Chile (BCCh) + CMF (Financial Market Commission) + UAF (Financial Analysis Unit). Chile is one of Latin America's most compliant countries (#1 CPI LAC tied with Uruguay). Chile is a GAFILAT member.

September 13, 2023 CL confirmed

Chile: UF 1,250 (~$45M CLP) from CMF to 6 entities in Sep 2023 over failure to provide AML case info

Chile's Financial Market Commission (CMF) imposed in September 2023 combined fines of UF 1,250 (~CLP 45 million, ~$50,000) on six financial entities: Banco de Chile (UF 200), BCI (UF 300), BancoEstado (UF 450), Scotiabank (UF 100), Banco Security (UF 100), and COOPEUCH credit union (UF 100). The regulator described as 'serious' the violations of failing to fully and timely provide the Public Prosecutor's Office with customer banking records required for criminal investigations on money laundering, fraud against the State, and bribery. Complementarily, in 2023 Chile's Financial Analysis Unit (UAF) executed 66 sanctioning processes for failure to report suspicious operations, with 53 institutions fined a total of UF 4,155 (~CLP $159M). Santander Chile and Banco de Chile received the legal ceiling of UF 800 each over the Verde Austral/Pacogate case, related to the Carabineros fraud scandal.

October 8, 2024 KW confirmed

Kuwait: the 2024 FATF/MENAFATF evaluation finds serious effectiveness shortcomings despite an adequate legal framework

Kuwait's most recent AML snapshot is its FATF/MENAFATF mutual evaluation, adopted in Paris on October 8, 2024. The report concludes that Kuwait —a high-income country with little violent crime but money-laundering risks from fraud, corruption, forgery and offences committed abroad— has an adequate legal and supervisory framework, yet carries serious shortcomings in delivering effective outcomes: it has only a basic understanding of its own money-laundering risks and a low understanding of terrorist-financing risk, and it investigates and prosecutes both offences in a limited way, with cases that often fail to reach conviction. According to the evaluation, corruption-related laundering is the second predicate offence with the most convictions in its national risk assessment, and a study by the anti-corruption agency Nazaha found bribery widespread among officials. The framework to freeze terrorism- and proliferation-linked assets exists on paper but is not properly reflected in law, which makes it unenforceable, and terrorist-financing investigations rely mostly on foreign intelligence. The system rests on Law No. 106 of 2013 —which finally criminalized terrorist financing, absent from the previous framework— and on a financial intelligence unit (KwFIU); banking supervision lies with the Central Bank of Kuwait, with 22 banks led by the National Bank of Kuwait. Kuwait is also part, alongside the US and the rest of the Gulf, of the Terrorist Financing Targeting Center (TFTC), and had exited the FATF's monitoring list in February 2015 after correcting earlier deficiencies.

October 27, 2023 KY confirmed

Cayman Islands: exit from the FATF grey list (2023), an offshore center flagged on effectiveness, not technique

The Cayman Islands, one of the world's largest offshore financial centers and home to much of the global hedge-fund industry, were placed on the FATF grey list in February 2021 and removed from it on October 27, 2023. The case is instructive because the listing did not stem from technical deficiencies —the territory was compliant or largely compliant with 39 of the 40 recommendations and had completed 60 of 63 actions— but from effectiveness: as a major financial center exposed to higher risks, the FATF demanded 'commensurate measures' and an action plan centered on applying effective, proportionate and dissuasive sanctions against obliged entities, penalizing inaccurate beneficial-ownership information, and demonstrating that it prosecuted all types of money laundering. As a technical consequence of the listing, the European Union added Cayman to its list of high-risk third countries on March 13, 2022. After passing an onsite visit in late August 2023, the FATF confirmed at its October plenary that the territory met the standard and removed it from the grey list, completing its fourth-round mutual evaluation; the EU then removed it from its list through Commission Delegated Regulation (EU) 2024/163, of January 2024. Supervision rests with the Cayman Islands Monetary Authority (CIMA) and its financial intelligence unit (the Financial Reporting Authority), and the territory is a member of the Caribbean Financial Action Task Force (CFATF). The FATF will begin its fifth round in 2025, with the Cayman evaluation expected in 2026.

October 27, 2023 KY confirmed

Cayman Islands: FATF grey list exit Oct 2023 — largest Caribbean offshore

On October 27, 2023, FATF removed Cayman Islands from the grey list ('Jurisdictions under Increased Monitoring') along with Albania, Jordan and Panama. Cayman was originally included in February 2021 (24 + 8 months on grey list — relatively short for an offshore jurisdiction). Cayman Islands is the largest Caribbean offshore financial center and one of the largest in the world: registers ~85% of global hedge funds (~10,000 funds), ~25,000 active companies, $4.5 trillion in offshore banking assets. The Cayman Islands Monetary Authority (CIMA) is the financial supervisor, regulating banks, trusts, hedge funds, insurance, mutual funds. The Financial Reporting Authority (FRA) is the Cayman FIU. The legal framework is the Proceeds of Crime Act 2008 + Anti-Money Laundering Regulations 2020 (consolidated, amended in 2024). Post-grey list reforms included: central beneficial ownership registry (operational since 2023, accessible to authorized entities), active prosecution of AML cases (including the historic Cayman National Bank Isle of Man hack 2019 case with 2.2 TB data leak), risk-based supervision of DNFBPs (legal, accountants), enforcement against unlicensed crypto exchanges. Cayman is a CFATF member.

April 27, 2022 CF confirmed

Central African Republic: from legal-tender Bitcoin to Sango Coin — a crypto experiment with laundering and Wagner risk

On April 27, 2022, the Central African Republic became the first country in Africa — and the second in the world, after El Salvador — to adopt Bitcoin as legal tender, alongside the CFA franc. The move surprised the Bank of Central African States (BEAC), the regional central bank of the six CEMAC countries, which on May 6, 2022 banned the use of cryptocurrencies in financial transactions across the zone to preserve stability. Under regional pressure, the country ultimately revoked Bitcoin's legal-tender status. The International Monetary Fund warned that the crypto law provided no measures to prevent, investigate or sanction the criminal misuse of crypto assets, making them especially vulnerable to fraud, sanctions evasion and the laundering of corruption proceeds. The government then launched Sango Coin, a project to tokenize land and natural resources and attract investment (with promises such as a 'Crypto City'), but it failed: the Constitutional Court struck down the sale of citizenship, residency and land in exchange for tokens, less than 10% of the planned tokens were sold and under EUR 2 million was raised; in 2025 a volatile 'meme coin' ($CAR) followed. All of this in an impoverished, conflict-ridden country with a strong presence of Russia's Wagner Group since 2017: OFAC sanctioned several Wagner-linked companies in the CAR — including Mining Industries and Logistique Economique Etrangere, plus Lobaye Invest, Midas Ressources and Bois Rouge — for their involvement in illicit gold and diamond mining; the crypto experiment was read as a possible avenue for Russia to evade sanctions. The CAR is a member of GABAC, the regional anti-money-laundering body for Central Africa, with the BEAC as monetary supervisor.

June 23, 2023 CM confirmed

Cameroon: FATF places the country on the grey list (Jun 2023); progress under the action plan with GABAC

On June 23, 2023, the FATF placed Cameroon on its 'grey list' of jurisdictions under increased monitoring, after reviewing the mutual evaluation report prepared by GABAC — the regional anti-money-laundering body for Central Africa — based on a 2021 evaluation (on-site visit between February and March of that year). The report rated Cameroon 'partially compliant' on several of the FATF's 40 Recommendations, with progress in inter-agency cooperation through the National Financial Investigation Agency (ANIF, the financial intelligence unit, created in 2005), but persistent weaknesses in the supervision of designated non-financial businesses and professions (DNFBPs) and in beneficial-ownership transparency. As CEMAC's economic engine, Cameroon faces growing risks tied to a still heavily cash-based economy, the surge in mobile money — which widens the channels for illicit flows — and informal trade corridors with Nigeria, Chad and Gabon (trade-based money laundering). The institutional architecture combines ANIF with the Central African Banking Commission (COBAC) and the Bank of Central African States (BEAC), under Law 2014/028 and COBAC Regulation R-2015/01. After its June 2023 political commitment, Cameroon designated an authority to supervise all DNFBPs and began conducting parallel financial investigations and prosecuting money laundering in line with risks; as of early 2026 it remained on the grey list, working through its action plan with technical assistance from the World Bank and the IMF.

May 1, 2019 CV confirmed

Cape Verde: an Atlantic cocaine-transit archipelago — GIABA evaluates its AML regime (2019)

Cape Verde — an Atlantic archipelago off West Africa, stable and heavily dependent on tourism — is vulnerable to money laundering due to its geographic position: it is a natural transit point for cocaine from Latin America bound for Europe, and a crossroads of maritime and air routes between Africa, the Caribbean, South America and Europe. Its appeal to tourists and investors also makes it a target for laundering organized-crime proceeds. In its mutual evaluation — conducted by GIABA, the FATF's regional body for West Africa, with an on-site visit between November and December 2017 and adopted at the May 2019 plenary — the country showed a lack of progress in complying with AML/CFT standards. GIABA recommended giving the financial intelligence unit (UIF) the resources needed to function and moving toward Egmont Group membership, as well as operationalizing the Inter-Ministerial AML/CFT Committee. The National Risk Assessment (2016-2017, coordinated by the UIF with World Bank support) identified drug trafficking, corruption and tax fraud as the main threats, and as vulnerabilities the lack of information on beneficial owners, gaps in border controls and weak inter-agency coordination. Financial-sector supervision rests with the Bank of Cape Verde (BCV), which publishes customer-identification and suspicious-transaction-reporting obligations. Limited resources and low awareness of reporting obligations among local institutions continue to hamper enforcement.

January 30, 2026 BI confirmed

Burundi: the central bank (BRB) modernizes its AML regime (Jan 2026) against a backdrop of corruption and sanctions

Burundi — a member of the Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG) that has not yet undergone a full mutual evaluation — modernized its anti-money-laundering regime. On January 30, 2026, the Bank of the Republic of Burundi (BRB) issued a new AML/CFT regulation implementing the amended law, accompanied by five implementing circulars for banks, microfinance entities and payment providers: customer identification (KYC), thresholds for high-value and cash transactions and declarations of funds at the border, typologies of suspicious transactions, internal-control standards and a sanctions matrix. The BRB said the reform aims to 'fully align' the national system with FATF and ESAAMLG standards. The country's financial intelligence unit is the Financial Intelligence Cell (CRF). The context remains difficult: Burundi carries widespread corruption among political elites and weak enforcement. The country was under international sanctions during the third-term crisis of President Pierre Nkurunziza: in November 2015, the US issued a sanctions executive order — alongside the EU and the African Union — after a crisis that pushed more than 200,000 people into exile; Washington lifted them in 2021 and the United Kingdom revoked its regime in 2024, while the EU's remains formally in force, with no active designations, until October 2026.

October 24, 2025 BF confirmed

Burkina Faso: FATF removes from grey list in Oct 2025 — military junta in power since 2022

On October 24, 2025, the FATF removed Burkina Faso from the grey list after it completed its action plan; it had been listed in 2021, about four and a half years earlier. It exited alongside Mozambique, Nigeria and South Africa — four removals, no additions. The FATF highlighted improvements in risk-based supervision of financial institutions and designated non-financial businesses (DNFBPs), beneficial-ownership information, targeted financial-sanctions regimes and law-enforcement capacity to counter terrorist financing — especially relevant in a Sahel country with a jihadist insurgency and a military junta in power since 2022. Burkina Faso belongs to WAEMU and shares the CFA franc (XOF). FinCEN confirmed the update on November 21, 2025.

August 1, 2023 BN confirmed

Brunei: the APG evaluates the sultanate's AML regime (2023) — moderate results under BDCB supervision

Brunei Darussalam — a small oil-rich Southeast Asian sultanate, an absolute monarchy ruled by Hassanal Bolkiah with a Sharia-based penal code — submitted its anti-money-laundering system to the third-round mutual evaluation of the Asia/Pacific Group on Money Laundering (APG), with an on-site visit in November 2022 and a report adopted in July and published in August 2023, endorsed by the FATF. The evaluation produced relatively moderate results: only 'moderate' improvements were needed in risk understanding, international cooperation, the development and use of financial intelligence and criminal-justice measures against terrorist financing, though other areas required more significant progress. The Brunei Darussalam Central Bank (BDCB, established in 2011 and renamed in 2021) houses the financial intelligence unit (FIU) and regulates the financial sector; the FIU also acts as secretariat of the National AML/CFT Committee (NAMLC). The legal framework rests on the Criminal Asset Recovery Order 2012 (CARO) and the Anti-Terrorism Order 2011 (ATO), reinforced with amendments consented to by the Sultan in November 2022, and on a National Risk Assessment prepared in 2016 and updated in 2020.

September 5, 2025 BR confirmed

Brazil: operations against organized-crime laundering via fintech/Pix (R$ 50bn, 2025)

In September 2025, Brazil's Central Bank (BCB) tightened its payments framework after three operations against organized-crime laundering — Carbono Oculto (launched August 28 by the Federal Revenue Service, Federal Police and Public Prosecutor's Office), Quasar and Tank — which, according to the Federal Police, reach more than BRL 50 billion in suspicious flows through fintechs and investment funds, with the PCC implicated and the fuel sector at the center; a single payment institution moved more than BRL 46 billion between 2020 and 2024. On September 5, the BCB issued Resolutions BCB No. 494, 495 and 496/2025, setting a BRL 15,000 cap per Pix and TED transfer for unauthorized payment institutions or those connected via PSTIs and raising their capital requirements; these were followed by Resolution 506/2025 (a new penalties regime, with daily fines and precautionary suspension) and 507/2025 (the Pix Penalties Manual). BCB president Gabriel Galípolo attributed the measures to a 'critical infrastructure' of providers exploited by crime; Pix and the BCB's payment system itself were not breached.

April 30, 2024 UG confirmed

Uganda: international sanctions on the Speaker of Parliament over the theft of iron sheets meant for Karamoja's poor

Uganda's most internationally prominent corruption case is that of the iron sheets (mabaati) intended for housing for the poorest people of Karamoja, one of the country's most impoverished regions, which according to investigations ended up in the hands of ministers, MPs and well-connected families. On April 30, 2024, the United Kingdom sanctioned —for the first time under its global anti-corruption sanctions regime against Ugandan officials— the Speaker of Parliament, Anita Among, and former Karamoja ministers Mary Goretti Kitutu and Agnes Nandutu, with travel bans and asset freezes; London held that the two former ministers stole thousands of sheets from a public housing project and that Among and others benefited from the proceeds. A month later, on May 30, 2024, the US State Department imposed visa restrictions, under Section 7031(c), on Among for 'significant corruption' tied to her leadership of Parliament, as well as on the two former ministers, the Minister of State for Finance Amos Lugolobi and several spouses, plus other restrictions on officials for repression and undermining democracy. President Yoweri Museveni asked the attorney general to examine the legality of the British sanctions, called the matter an 'internal' one, and questioned whether Among had declared a house and accounts in the UK under the Leadership Code. Among denied the accusations, attributed them to political motivation over her role in the Anti-Homosexuality Act and said she owned nothing in the UK; the British High Commission countered that the designations 'have nothing to do with domestic legislation' but with serious corruption, and that the Speaker was implicated in other cases. To date, Ugandan courts have not convicted her. Financial supervision rests with the Bank of Uganda (BoU) and the Financial Intelligence Authority (FIA), with Uganda a member of ESAAMLG and newly removed from the FATF grey list in February 2024.

October 21, 2021 BW confirmed

Botswana: FATF removes the country from the grey list (Oct 2021); the diamond hub prepares its 2027 evaluation

On October 21, 2021, at its Paris plenary, the FATF removed Botswana from its 'grey list' of jurisdictions under increased monitoring, which it had entered in October 2018. The exit came after an overhaul of the legal framework and an assessment by the Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG) — the regional body that applies FATF recommendations, headquartered in Dar es Salaam — which verified Botswana's progress in fixing the technical deficiencies of its AML/CFT regime. The country, one of Africa's most stable economies and a global centre of the diamond trade (through Debswana, the joint venture with De Beers), bases its anti-money-laundering system on the Financial Intelligence Act, which created the Financial Intelligence Agency (FIA) as the financial intelligence unit, under the supervision of the Bank of Botswana (BoB). The diamond trade and associated flows are a central risk vector. Ahead of ESAAMLG's third round of mutual evaluation, scheduled for January 2027, the FIA signed an agreement in May 2024 with the University of Botswana to create an institute against illicit financial flows, focused on training and capacity building, aiming to avoid returning to the grey list.

June 13, 2025 TZ confirmed

Tanzania: exit from the FATF grey list (2025) after addressing 21 deficiencies

Tanzania was placed on the FATF grey list in October 2022 —together with the Democratic Republic of the Congo and Mozambique— and left it on June 13, 2025, at the Strasbourg plenary, at the same time as Mali and Croatia. The listing responded to 21 legal, regulatory and institutional deficiencies identified in its mutual evaluation, conducted by the Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG), which had rated its system's effectiveness as low or moderate. At the direction of President Samia Suluhu Hassan and under the coordination of the financial intelligence unit (FIU), the country addressed all the gaps in about two years through a multi-agency effort involving the Bank of Tanzania (BoT), the insurance (TIRA), securities (CMSA) and mining regulators, and the corporate registries, among others. The FATF highlighted progress in risk-based supervision of banks and of non-financial businesses and professions, the application of effective sanctions, the strengthening of capacity to investigate and prosecute complex money-laundering cases, the tracing and confiscation of proceeds of crime, the creation of a counter-terrorist-financing framework and the supervision of non-profit organizations. Financial supervision rests with the Bank of Tanzania and the FIU; the country, which also hosts the ESAAMLG Secretariat in Dar es Salaam, is a member of that regional body.

February 1, 2025 BA confirmed

Bosnia and Herzegovina: after MONEYVAL's evaluation (Dec 2024), it enters FATF observation and edges toward the grey list

In December 2024, the Council of Europe's MONEYVAL Committee published its mutual evaluation of Bosnia and Herzegovina, which identified deficiencies across several pillars of the anti-money-laundering and counter-terrorist-financing (AML/CFT) system. As a result, in February 2025 the country entered a one-year FATF observation period: if it does not show 'significant progress,' it is highly likely to be placed on the list of jurisdictions under increased monitoring (the 'grey list'), which it had left in the mid-2010s. The shortcomings flagged include the lack of a beneficial-ownership register, the absence of a law on cryptocurrencies, weak supervision of notaries, lawyers, accountants and microcredit providers, and deficiencies in risk understanding, international cooperation and the use of financial intelligence. The European Union urged the urgent adoption of a law on asset confiscation and management and another on targeted financial sanctions (terrorism and proliferation), plus the creation of the beneficial-ownership register — a task complicated by the country's fragmented structure (two entities and the Brčko District). A slide onto the grey list would threaten access to financial markets and Bosnia's accession to the Single Euro Payments Area (SEPA). The financial intelligence unit operates within the State Investigation and Protection Agency (SIPA), and banking supervision rests with the two entities' banking agencies (the FBA in the Federation).

June 26, 2024 BO confirmed

Bolivia: the central bank lifts the crypto ban (Jun 2024), pressured by the dollar crisis and the GAFILAT evaluation

On June 26, 2024, the Central Bank of Bolivia (BCB), through Board Resolution No. 082/2024, repealed the ban that since 2014 had prohibited cryptocurrencies and authorized financial institutions, for the first time, to conduct virtual-asset transactions through authorized electronic channels. The decision was taken in coordination with the Financial System Supervisory Authority (ASFI) and the Financial Investigations Unit (UIF), and responded to a recommendation of Bolivia's fourth-round Mutual Evaluation — conducted by GAFILAT (on-site visit in April 2023, adopted in December 2023 and endorsed by the FATF) — which urged the country to consider regulating Virtual Asset Service Providers (VASPs). The shift was driven not by an innovation push but by the urgency of a currency crisis: from early 2023, a growing dollar shortage triggered a parallel exchange rate and inflation, amid the post-hydrocarbon-bonanza period. The boliviano remained the only legal tender, with risks borne by users. From there, Bolivia entered an accelerated regulatory phase: Supreme Decree 4904 (2024) gave the UIF new powers to supervise virtual-asset activities within the anti-money-laundering system, and ASFI advanced a licensing regime for fintech and VASPs.

June 25, 2021 GH confirmed

Ghana: exited the FATF grey list (2021) and now protects the integrity of its gold sector

Ghana was the first country in West Africa to undergo the second round of mutual evaluation by GIABA — the FATF's regional body — with an on-site visit in 2016 and a report published in April 2018. The evaluation acknowledged progress in technical compliance (laws and mechanisms in place), but the country could not demonstrate the effectiveness of its system, which placed it under GIABA's enhanced follow-up and, simultaneously, on the FATF 'grey list'; the European Union added it to its list of high-risk third countries in 2020. Ghana agreed with the FATF's International Cooperation Review Group (ICRG) on a two-year action plan (2019-2021) and, after completing it, the FATF removed it from the grey list at its plenary of June 25, 2021; the EU removed it from its list in 2022. The financial intelligence unit is the Financial Intelligence Centre (FIC) and sector supervision rests with the Bank of Ghana (BoG). The country now faces its third round of evaluation, already under way, and retains significant risks: gold — with illegal small-scale mining (galamsey) and smuggling as laundering channels — prompted a 2026 accord to protect the integrity of the gold sector, while the surge in mobile money adds new vectors for illicit flows.

December 23, 2024 US confirmed

US: OCC issues cease-and-desist against Bank of America in Dec 2024 over BSA/AML failures

The Office of the Comptroller of the Currency (OCC) issued on December 23, 2024 a cease-and-desist order against Bank of America, the second-largest US bank by assets. The order identified Bank Secrecy Act (BSA) violations, 'unsafe' practices in AML and sanctions programs, failures to timely file Suspicious Activity Reports (SARs) and to correct previously identified Customer Due Diligence (CDD) process deficiencies. The OCC also found defects in internal controls, governance, independent testing and training. Bank of America did not admit or deny the charges and did not receive a monetary penalty, but is required to hire an independent consultant, conduct lookback reviews to ensure adequate reporting of all suspicious activity, appoint a compliance committee and a dedicated BSA officer. It is one of the most serious OCC cases of 2024, paralleling that of TD Bank ($3.09B with monetary fine) and reflects the general OCC tightening during 2024 on major US banks.

April 30, 2025 BT confirmed

Bhutan: the third-largest sovereign Bitcoin holder manages its AML risk; the RMA narrows crypto (Apr 2025)

Bhutan — a small Himalayan kingdom and constitutional monarchy — combines a still-developing anti-money-laundering regime with a singular position: it is one of the world's largest sovereign Bitcoin holders, from state mining via Druk Holding & Investments. Its financial intelligence unit, the Financial Intelligence Department (FID), operates within the Royal Monetary Authority (RMA, the central bank) and was upgraded to a full department on July 1, 2018, with the entry into force of the AML/CFT Act 2018; the country, a member of the Asia/Pacific Group on Money Laundering (APG) since 2011, had its first mutual evaluation in September 2016, and had already criminalized laundering in its 2004 Penal Code. The RMA has sought to contain the money-laundering, capital-flight and volatility risks tied to crypto assets: after a mining sandbox framework in 2019 and a tightening of licensing in 2024, on April 30, 2025 it issued its 'Regulatory Stance on Cryptocurrency,' a phased approach allowing mining and exchanges only for entities registered in Gelephu Mindfulness City, and keeping the public's use of domestic banks for crypto trading restricted. In parallel, it explored a central bank digital currency (digital Ngultrum) with Ripple. According to analytics firm Arkham, state mining is estimated to have generated about USD 750 million in 2024.

January 23, 2025 BZ confirmed

Belize: CFATF publishes its evaluation (Jan 2025) — technical gains, but zero money-laundering convictions in five years

On January 23, 2025, the CFATF (the FATF's regional body for the Caribbean) published Belize's fourth-round mutual evaluation — with an on-site visit in December 2023 and approval at the Negril (Jamaica) plenary in December 2024, endorsed by the FATF. The report acknowledged significant technical-compliance gains over the 2011 evaluation, but noted that effectiveness remains the weak point: the use of financial intelligence, AML/CFT supervision and, above all, money-laundering convictions. A striking finding: between 2018 and 2023 there was not a single successful money-laundering conviction, even though Belize is a known transit hub for drug trafficking and illicit financial flows. Designated non-financial businesses and professions (registered agents, real estate agents, lawyers and corporate service providers) remain the weak link, particularly the real estate sector. History weighs on it: after its 2011 evaluation, Belize was publicly listed by the CFATF and lost 87% of its correspondent banking relationships to 'de-risking.' Its financial intelligence unit (FIU), created under the 2009 Money Laundering and Terrorism (Prevention) Act, leads enforcement of the regime; the Central Bank of Belize (CBB) supervises regulated institutions, within a Group of Supervisors (GOS).

March 23, 2022 BY confirmed

Belarus: Belarusian banks sanctioned by OFAC, EU, UK post Russia invasion Feb 2022 — SWIFT severed

After Belarus's active support of Russia's invasion of Ukraine in February 2022 (Belarusian territory used as launching platform by Russian troops), coordinated international sanctions were applied to the Belarusian banking sector from March 23, 2022. OFAC designated Belarusbank, Belagroprombank, Bank Dabrabyt, Development Bank of the Republic of Belarus (BRRB), and others under Executive Order 14038. The EU included those banks in its 6th sanctions package (June 2022) and severed them from the SWIFT system (March and June 2022 resolutions). The UK, Canada, Switzerland, Japan and Australia followed parallel actions. The National Bank of the Republic of Belarus (NBRB), supervisor of the Belarusian banking system under the Lukashenko regime, has maintained strict currency controls and AML/CFT enforcement under the Law on Measures to Prevent the Legalisation of Proceeds from Illegal Activities and the Financing of Terrorist Activity 165-Z (2008, amended 2018). Sanctions against Belarus have caused: progressive financial isolation, BYR devaluation, strict capital controls, exit from the US Treasury Sanctions Mechanism (Pavel Topuzidis and other oligarchs designated), and greater dependence on the Russian banking system (sanctioned in parallel). Belarus operates under the authoritarian regime of Aleksandr Lukashenko (in power since 1994) and has been heavily criticized by OSCE, UN and EU for fraudulent elections (August 2020) and opposition repression.

July 8, 2024 SN confirmed

Senegal: WAMU Banking Commission (BCEAO) sanctions a Senegalese bank + its general manager in Jul 2024

On July 8, 2024, the WAMU Banking Commission (supervisor of the 8 UEMOA countries under the BCEAO based in Dakar) issued a disciplinary reprimand against a Senegal-based bank and a disciplinary sanction against its general manager. The action identified failures in governance, risk management, and specific AML/CFT measures. It is one of the BCEAO's first visible cases against a Senegalese bank with simultaneous sanction on the individual executive, aligning enforcement with Western practices (NYDFS, FCA). The regulatory framework is UEMOA's 2008 Banking Law and the AML/CFT Law (Articles 112+) which provides for administrative, disciplinary and criminal sanctions with penalties of 1 month to 2 years prison for leaking confidential information. Senegal operates under CFA franc (XOF) shared with Côte d'Ivoire, Mali, Burkina Faso, Benin, Niger, Togo and Guinea-Bissau. CENTIF (Cellule Nationale de Traitement de l'Information Financière) — Senegalese FIU — referred 37 money laundering cases to the Financial Prosecutor in 2025, primarily for fraud (60%), forgery, tax evasion and corruption.

August 13, 2025 CD confirmed

DR Congo: the conflict minerals (3TG) financing the war in the east and OFAC's sanctions on M23 and illegal mining

Eastern Democratic Republic of the Congo remains marked by the illicit trade of gold, tin, tantalum and tungsten (the '3TG' minerals), which finances armed groups and is smuggled mainly through Rwanda toward refining countries. The most prominent is M23, Rwanda-backed and OFAC-sanctioned; between 2022 and 2024, the PARECO-FF group controlled the Rubaya deposits — a vast critical-minerals area — collecting illegal fees and trafficking minerals. On June 27, 2025, a US-brokered peace agreement was signed between the DRC and Rwanda, which also sought to make critical-mineral supply chains more transparent. Shortly after, on August 13, 2025, the US Treasury sanctioned entities linked to violence and illegal mining in the country's east. These risks add to a legacy of high-level mining corruption — symbolized by magnate Dan Gertler, sanctioned by OFAC in 2017. Institutionally, the DRC is a member of GABAC (the regional anti-money-laundering body for Central Africa) and, since 2022, has strengthened its AML/CFT regime with a three-year national strategy; its financial intelligence unit is CENAREF (Cellule Nationale des Renseignements Financiers) and banking supervision rests with the Central Bank of the Congo (BCC). The underlying challenge remains effectiveness: tracing and cutting the financial flows that fuel the conflict.

February 13, 2023 ES confirmed

Spain: BBVA-Villarejo corporate espionage — BBVA convicted 2025 + Francisco González charged

The **BBVA-Villarejo** case is one of Spain's biggest corporate espionage scandals. Between **2004 and 2017**, **BBVA** (one of Spain's two largest banks) hired former police commissioner **José Manuel Villarejo** (central figure of the Spanish 'state sewer', arrested in 2017 with a massive archive of illegal recordings) and his company Cenyt to conduct **illegal espionage** — including spying on politicians, journalists, businessmen and rivals, particularly during the **attempt by Sacyr (construction company) to take control of BBVA in 2004** with support from government sectors. The scheme involved millions in payments from BBVA to Villarejo (~€10M+) for illegal intelligence services, wiretapping, and surveillance. The **Audiencia Nacional** investigated the case for years (a separate piece of the 'Tándem' macro-case against Villarejo). In **2025, the Audiencia Nacional convicted BBVA as a legal person** (corporate criminal liability) + several former executives for bribery and revelation of secrets. **Francisco González** (BBVA chairman 2000-2018) was **charged** — one of the few cases of a former chairman of a large European bank criminally prosecuted. The case is referenced as **the paradigmatic example of corporate espionage + the criminal liability of legal persons in Spain** (introduced into the Criminal Code in 2010). It generated a massive reputational crisis for BBVA. Spain is a FATF + MONEYVAL founding member. The sector is supervised by the Bank of Spain + CNMV + SEPBLAC (FIU).

November 27, 2020 LB confirmed

Lebanon: Bartlett v SGBL lawsuit in US accuses 12 Lebanese banks of financing Hezbollah (2020+)

On November 27, 2020, the federal lawsuit Bartlett v. Société Générale de Banque au Liban S.A.L. (SGBL) et al was filed in the Eastern District of New York by families of US soldiers killed in Iraq, accusing 12 major Lebanese banks of providing financial services to Hezbollah that facilitated 'the flow of US dollar-denominated funds Hezbollah used to bankroll its operations in Iraq', which killed Americans. The defendant banks: Société Générale de Banque au Liban (SGBL), Fransabank, BLOM Bank, MEAB Bank, Byblos Bank, Bank Audi, Lebanon & Gulf Bank (LGB), Banque Libano-Française (BLF), Bank of Beirut, Bank of Beirut and the Arab Countries (BBAC), Jammal Trust Bank (JTB) — later OFAC designated in 2019 and dissolved — and Fenicia Bank. The specific allegation: the banks 'knowingly assisted Hezbollah in its illicit activities, including money laundering, sanctions evasion, arms export violations, drug trafficking, kidnapping for ransom, and terrorism financing'. The US Supreme Court has confirmed that the banks can be subject to civil liability under the Anti-Terrorism Act. Magistrate Judge Taryn Merkl was awaiting receipt of bank records from the Lebanese government by April 2024. The lawsuit remains pending in 2026. Historical connection: Lebanese Canadian Bank (LCB) was designated FinCEN 311 in 2011 for financing Hezbollah, and SGBL acquired LCB after its dissolution.

October 18, 2019 CO confirmed

Colombia: COP 500M to Grupo Aval's Banco de Occidente in 2019 over AML information delays

The Colombian Financial Superintendency (SFC) sanctioned Banco de Occidente, of Grupo Aval, with 500 million Colombian pesos (~$150,000) in October 2019, confirmed on appeal in October 2020 via Resolution 0899. The sanction was for delays in providing information to the Financial Information and Analysis Unit (UIAF) of the Treasury Ministry and the Attorney General's Office. It is part of SFC's oversight of the Money Laundering and Terrorism Financing Risk Management System (SARLAFT). Between 2017 and 2022, SFC and the Companies Superintendency imposed 98 sanctions for AML failures, totaling around 5.9 billion Colombian pesos (~$1.5M USD). Grupo Aval is one of Colombia's largest financial conglomerates (Banco de Bogotá, Banco de Occidente, Banco Popular, AV Villas).

March 1, 2021 BH confirmed

Bahrain: the Future Bank case (Iranian banking and sanctions evasion) and the MENAFATF assessment of its AML regime

Bahrain, one of the Middle East's leading financial and Islamic-banking centres, oversees its anti-money-laundering system through the Central Bank of Bahrain (CBB) — which issues the prevention module of its Rulebook under the 2006 CBB Law — and the Financial Intelligence Directorate (FID) as the financial intelligence unit. The country is a member of MENAFATF, the FATF's regional body: in its 2022 enhanced follow-up report, after fixing technical deficiencies, Bahrain was rated 'compliant' on 9 Recommendations, 'largely compliant' on 30 and 'partially compliant' on 1 of the FATF's 40, remaining under enhanced follow-up. The most notable case was Future Bank: in 2021, Bahrain's High Criminal Court sentenced five executives to five years in prison and fines, and penalized the Central Bank of Iran and other implicated entities — with fines totalling 37 million Bahraini dinars and the confiscation of about USD 112 million in illicitly transferred funds. According to prosecutors, the Central Bank of Iran planned to launder billions through Future Bank, established in Bahrain and run by two Iranian banks (Bank Melli and Bank Saderat), to channel suspicious transfers via SWIFT in favour of Iranian entities without reporting them, evading sanctions.

July 1, 2024 BS confirmed

Bahamas: after FTX's collapse, it strengthens its digital-asset regime (DARE 2024); the SCB claims $221.55M

The Bahamas, one of the Caribbean's major offshore financial centres, strengthened its anti-money-laundering regime after FTX's collapse. The crypto exchange, whose subsidiary FTX Digital Markets was registered in the country under the Digital Assets and Registered Exchanges (DARE) Act of 2020, collapsed in November 2022; the Securities Commission of The Bahamas (SCB) used its powers to immediately place it into provisional liquidation. In July 2024 the DARE Act 2024 came into force, updating and expanding the framework with enhanced AML/CFT provisions, incorporating lessons from the FTX case. The SCB claimed USD 221.55 million in regulatory penalties from FTX Digital Markets for breaches of DARE and the Financial Transactions Reporting Act (FTRA); on January 29, 2025, the Supreme Court sanctioned an agreement between the liquidators and the SCB subordinating that claim to customers' claims. The episode tested the credibility of a country that had exited the FATF grey list on December 18, 2020 — after being added in October 2018 — and that aspires to full ('40 of 40') compliance with the FATF Recommendations. AML supervision rests with the Central Bank of The Bahamas (CBB), which created an AML Analytical Unit in 2018, alongside the SCB, the Insurance Commission and the Financial Intelligence Unit (FIU); the legal framework rests on POCA, FTRA and ATA, all from 2018.

July 14, 2022 AW confirmed

Aruba: CFATF gives it a rare 'substantially effective' (2022); VASP, gaming and real estate still pending

Aruba — an autonomous country within the Kingdom of the Netherlands and a member of both the FATF and the CFATF — achieved a notably positive result in its fourth-round mutual evaluation, published on July 14, 2022 (on-site visit between August and September 2021). The CFATF gave Aruba a 'substantially effective' rating on Immediate Outcomes 3 (supervision) and 4 (preventive measures), a level that at the time only three jurisdictions worldwide had reached on both, alongside Spain and the Holy See. Despite that result, the evaluation flagged steps still pending to fully meet FATF standards: developing a prudential framework for virtual asset service providers (VASPs), creating a Gaming Authority and establishing a regulatory framework for real estate brokers. The 2021 money-laundering National Risk Assessment rated overall risk 'medium-high,' with drug trafficking, bulk cash smuggling, corruption, fraud and underground banking as the main proceeds-generating crimes, and casinos, banks, real estate, money-transfer firms and notaries as vulnerable sectors. AML/CFT supervision rests with the Central Bank of Aruba (CBA), with the MOT as the financial intelligence unit; Aruba was due to report its progress to the CFATF in November 2024.

October 25, 2024 DZ confirmed

Algeria: FATF places it on the grey list (Oct 2024); technical progress in 2025 under enhanced follow-up

On October 25, 2024, the FATF placed Algeria on its 'grey list' of jurisdictions under increased monitoring — alongside Angola, Côte d'Ivoire and Lebanon, while removing Senegal — based on the mutual evaluation that MENAFATF (the FATF's regional body) conducted in 2023, with an on-site visit between July and August 2022. The FATF identified strategic deficiencies: insufficient risk-based supervision and limited transparency over beneficial owners. The agreed action plan asks Algeria to improve risk-based supervision, develop a more effective framework for beneficial-ownership information, strengthen its suspicious-transaction reporting regime and establish an effective legal and institutional framework. In its enhanced follow-up report of May 2025, the country achieved technical re-ratings on five Recommendations — to 20 rated 'compliant' or 'largely compliant' — though it remains under enhanced follow-up. The financial intelligence unit is the Financial Intelligence Processing Unit (CTRF) and financial-sector supervision rests with the Bank of Algeria (Banque d'Algérie). Context weighs heavily: a hydrocarbon-dependent economy, with a strong weight of cash and the informal economy and strict currency controls, plus a wave of corruption prosecutions against the Bouteflika-era elite following the 2019 Hirak protest movement. For foreign banks, grey-listing implies enhanced due diligence in their dealings with Algerian entities.

February 23, 2024 SZ confirmed

Southern Africa: Eswatini + Lesotho + Botswana + Namibia — CMA + Botswana exit 2021 + Namibia inclusion 2024

The 4 CMA countries of Southern Africa: Eswatini (formerly Swaziland, 1.2M, absolute monarchy under King Mswati III), Lesotho (2.3M, enclave surrounded by South Africa), Botswana (2.5M, consolidated democracy with diamonds), Namibia (2.6M, former German/South African colony until 1990) — share South African ZAR + local currencies pegged 1:1. Botswana exited FATF grey list October 2021 after 3 years. Namibia was included in FATF grey list February 2024 — Namibia has risks from Fishrot Files (fisheries corruption scandal 2019-2024, Iceland's Samherji, 6 officials convicted 2024), uranium mining (Rössing, 4th world producer), diamonds. Eswatini: absolute monarchy + 2021 protests (50+ deaths). Lesotho: textile sector AGOA + Lesotho Highlands Water Project ($4B). All are ESAAMLG members.

October 1, 2024 IN confirmed

India: FIU-IND fines Union Bank of India Rs 54 lakh over AML reporting failures

FIU-IND imposed a Rs 54 lakh fine (~$0.065 million) on Union Bank of India in October 2024 for failing to report suspicious transactions and to conduct due diligence under the PMLA on certain accounts at a Mumbai branch. A comprehensive review of its operations found KYC/AML irregularities. It illustrates the granular, frequent enforcement of India's regime against public banking.

April 9, 2024 FR confirmed

France: €1M from ACPR to Treezor (Société Générale) in Apr 2024 over AML failures

The ACPR Sanctions Commission sanctioned in April 2024 Treezor, an e-money institution (EMI) owned by the Société Générale group, with a blâme and a €1 million pecuniary penalty (~$1.1 million) for 'very serious' deficiencies in its anti-money laundering and counter-terrorism financing (LCB-FT) framework. The decision derived from an on-site inspection conducted by the authority in 2021. The case is exemplary for the European fintech sector: Treezor operates as Banking-as-a-Service (BaaS) infrastructure for neobanks and fintechs, and is the largest French EMI following its integration with Société Générale in 2019. The sanction followed the European pattern of targeting technical infrastructures that host multiple fintech actors.

October 31, 2023 IN confirmed

India: INR 5.4 crore to Paytm Payments Bank from RBI in 2023 — the most restrictive Indian fintech sanction

The Reserve Bank of India (RBI) imposed in October 2023 on Paytm Payments Bank, the banking arm of Indian payments giant Paytm, an INR 5.4 crore fine (~$650,000) for repeated KYC failings. The sanction was complemented by a much more restrictive order: the entity had to stop onboarding new customers and hire a third-party firm to audit its IT system. In January 2024 the RBI went further: as of February 29, 2024, Paytm Payments Bank could not accept new deposits or credit operations in its own accounts or payment instruments, effectively paralyzing the banking business of one of the country's main fintech unicorns. A landmark case of RBI's tightening on hyper-growth fintechs, paralleling FCA UK sanctions on Monzo and Starling.

March 1, 2024 IN confirmed

India: FIU-IND fines Paytm Payments Bank Rs 5.49 crore over gambling-linked laundering

On March 1, 2024, India's Financial Intelligence Unit (FIU-IND), under the Finance Ministry, imposed a INR 5.49 crore (~USD 660,000) penalty on Paytm Payments Bank (PPBL) under Section 13 of the Prevention of Money Laundering Act (PMLA, 2002). The FIU opened its review after receiving law-enforcement information about entities engaged in illegal activities — including online gambling — whose 'proceeds of crime' were channeled through accounts held at PPBL. It concluded the bank failed to implement an internal mechanism to detect and report suspicious transactions within legal timeframes, failed to exercise ongoing due diligence on its Payout service and on 34 beneficiaries who received those funds, and relied on a non-compliant third party for KYC (breaching Section 12 of the PMLA). The penalty followed the Reserve Bank of India's (RBI) January 31, 2024 order barring PPBL from accepting new deposits from March 15, and a prior RBI fine of INR 5.39 crore in October 2023 for KYC and cybersecurity failures.

June 19, 2020 MK confirmed

North Macedonia: the 'Racket' case, when the anti-corruption prosecutor ended up convicted of extortion and laundering

One of North Macedonia's most revealing cases is the 'Racket' (extortion) affair, which ended with the anti-corruption special prosecutor herself in prison. The Special Prosecution Office (SPO), set up in 2015 under the EU-brokered Pržino Agreement to investigate the corruption and mass wiretapping of Nikola Gruevski's era, was headed by Katica Janeva and had charged the country's richest businessman, Jordan Orce Kamčev, with criminal association, fraud and money laundering in the 'Imperija' case (opened in November 2018), alongside former secret-service chief Sašo Mijalkov. In July 2019, the host and owner of the 1TV channel Bojan Jovanovski, alias 'Boki 13', and an associate were arrested at the Greek border with 1.5 million euros in cash in a Louis Vuitton bag: they had extorted that money from Kamčev in exchange for using their influence over Janeva to soften the case against him (they demanded up to 8 million to stop it). Kamčev secretly recorded the handovers and filed charges. The tapes, released by the Italian newspaper La Verità, implicated Janeva, who was arrested in August 2019. In June 2020, a court sentenced Boki 13 to nine years and Janeva to seven for the extortion and laundering scheme, and ordered the confiscation of their assets —paintings, furniture, designer clothes and real estate—. Janeva denied the charges and maintained she had never traded influence or abused her office. The Special Prosecution was later disbanded and its cases redistributed. Financial supervision rests with the National Bank of North Macedonia and the Financial Intelligence Office (FIO), and the country is a member of MONEYVAL.

August 15, 2022 LR confirmed

Liberia: the US sanctions (Magnitsky) three senior officials for corruption, including the prosecutor who 'shielded money launderers'

On August 15, 2022, the US Treasury's OFAC designated, under the Global Magnitsky Act (Executive Order 13818), three senior officials of President George Weah's government for ongoing public corruption: Nathaniel McGill (Minister of State and Chief of Staff), Sayma Syrenius Cephus (Solicitor General and Chief Prosecutor) and Bill Twehway (Managing Director of the National Port Authority, NPA). According to the Treasury, McGill manipulated procurement to award multimillion-dollar contracts to companies he owns and handed out undocumented cash payments; Twehway diverted USD 1.5 million in port storage fees from the NPA into a private account and, through a shell company, unilaterally awarded himself a contract at the Port of Buchanan. The most laundering-relevant case is Cephus's: the Treasury accused him of shielding money launderers and helping clear their cases through the courts, of taking bribes to drop charges and of intimidating other prosecutors. As a result, their assets in the US were blocked and they were barred from entering the country; the three denied the allegations, claimed a lack of due process and eventually resigned. The designation adds to those of two other Liberians under Magnitsky —senators Prince Y. Johnson and Varney Sherman—, in a pattern Washington links to the country's structural corruption. Financial supervision rests with the Central Bank of Liberia and its Financial Intelligence Agency, and Liberia is a member of GIABA, West Africa's regional anti-money-laundering body.

January 1, 2024 IL confirmed

Israel: Bank of Israel fines Bank Leumi NIS 1.88M for AML failures in its 'Pepper' digital bank (2024)

The Bank of Israel's Banking Corporations Sanctions Committee fined Bank Leumi NIS 1.88 million in connection with its 'Pepper' digital bank, for two contraventions of the Prohibition on Money Laundering Order (5761-2001): failing to properly maintain the identification documents required when opening accounts online, due to technological breakdowns. The committee stressed that maintaining such documents is an essential element of the AML/CFT regime. The legal maximum per violation is about NIS 2.26 million. Bank Leumi is one of the country's largest banks; in 2015 it was already fined NIS 4.2 million for failing to report unusual customer activity, identified in a 2014 audit.

August 26, 2025 HK confirmed

Hong Kong: HK$4.2M from SFC to HSBC in Aug 2025 over research report disclosure failures

The SFC reprimanded and fined in August 2025 the Hongkong and Shanghai Banking Corporation (HSBC) with HK$4.2 million (~$0.54 million USD) for breaching disclosure requirements when publishing research reports. Although the sanction is not strictly AML, it is part of the HKMA-SFC enforcement collaboration on banking conduct and fits into a recent series of Hong Kong supervisor actions against major international banks (HSBC, DBS, Indosuez) showing the Asian enforcement tightening in 2024-2025.

August 15, 2024 IN confirmed

India: INR 50M from RBI to Federal Bank in 2024 over KYC/AML failings

RBI imposed in 2024 on Federal Bank Limited a monetary penalty of INR 50 million (~$0.6 million) for non-compliance with, inter alia, the supervisor's own guidelines on KYC and AML. Federal Bank is one of India's main private banks and the case is part of a 2024 RBI enforcement series against fintechs and banks for KYC deficiencies, following the supervisor's own report which found a 68% increase in reported fraud cases between April and September 2023.

July 5, 2024 HK confirmed

Hong Kong: HK$10M ($1.3M) from HKMA to DBS Bank in Jul 2024 over seven years of AML failures

The Hong Kong Monetary Authority (HKMA) imposed on July 5, 2024 on DBS Bank (Hong Kong) Limited —local subsidiary of Southeast Asia's largest bank— a pecuniary penalty of HK$10 million (~$1.3 million USD) under the Anti-Money Laundering Ordinance (AMLO, Chapter 615). The HKMA found control deficiencies over a seven-year period (April 2012 - April 2019): failures to continuously monitor business relationships, conduct enhanced due diligence in high-risk situations, and keep records of some customers. The sanction was attenuated by the bank's lack of prior AMLO disciplinary record. A landmark case: parent DBS had been among lenders caught up in Singapore's billion-dollar money-laundering scandal in 2023, and Hong Kong acts to 'send a clear deterrent message' (Raymond Chan, HKMA executive director).

December 14, 2023 CA confirmed

Canada: FINTRAC fines CIBC C$1.3M in 2023 for failing to report a suspicious transaction

FINTRAC imposed in December 2023 a C$1.3 million penalty (~$1 million) on CIBC for failing to file a suspicious transaction report despite knowing the client had been arrested and charged, and for failures reporting large transfers from abroad. In a sample of 20,000, it found over a thousand cases with incomplete information. Alongside RBC, it marked FINTRAC's biggest enforcement week.

September 16, 2024 AE confirmed

UAE: AED 5M from CBUAE to a bank with mandatory reporting to its overseas parent

CBUAE imposed in September 2024 a 5 million dirham fine (~$1.4 million) on a bank operating in the UAE for AML/CFT law violations. Notable detail: the supervisor expressly required the bank to communicate CBUAE's action to its overseas headquarters' board of directors, an unusual mechanism that increases reputational pressure on the foreign parent. The case followed an identical one a month earlier (AED 5.8M on another bank). CBUAE does not publicly name sanctioned banks but classifies violations under Federal Decree-Law No. 20 of 2018 on AML/CFT.

December 22, 2025 AM confirmed

Armenia: transit hub for Russian sanctions evasion — the CBA and MONEYVAL facing AML under pressure

Armenia became a key transit point for trade and financial flows between Russia and the West after the 2022 sanctions. According to Central Bank of Armenia (CBA) data, in 2024 about USD 5.8 billion was transferred to individuals through the banking system (up 2.5% from 2023), 65% of it from Russia; a comparable amount later left the country. In parallel, gold re-exports hit records — about 59 tons (USD 4.1 billion) in the first half of 2024 alone, mostly destined for the UAE — and jewellery exports jumped from USD 26 million (2020) to USD 499 million (2023), patterns pointing to Armenia's use to bypass sanctions. The country's financial intelligence unit is the Financial Monitoring Center (FMC), created in 2005 within the CBA. In its 2019 follow-up evaluation, MONEYVAL (Council of Europe) rated Armenia 'compliant' on 19 and 'largely compliant' on 18 of the FATF's 40 Recommendations, but noted the CBA 'has not demonstrated effective use of the sanctioning regime,' with a low volume of fines. In December 2025, after Russia was added to the EU's list of high money-laundering-risk countries, Armenian banks tightened controls on Russian transactions.

October 23, 2024 AL confirmed

Albania: Bank of Albania tightens AML supervision after FATF grey list exit in Oct 2023

The Banka e Shqipërisë (Bank of Albania) and the General Directorate for the Prevention of Money Laundering (Drejtoria e Përgjithshme për Parandalimin e Pastrimit të Parave, DPPPP) — Albanian FIU — intensified AML/CFT inspections on the banking sector during 2024, after Albania's exit from the FATF grey list in October 2023 (along with Cayman Islands, Jordan and Panama). Albania was originally included in February 2020. The legal framework is Law 9917/2008 amended in 2018 and 2023 to align with EU AMLD directives (Albania is an EU candidate). Specific Albanian AML risks include: activities of Albanian organized crime groups in Western Europe (especially UK, Belgium, Netherlands in drug trafficking), suspicious real estate in coastal areas (Vlore, Sarande), and undocumented flows from Albanian diaspora. The banking sector is dominated by: Banca Intesa Sanpaolo Albania, Raiffeisen Bank Albania, Credins Bank, OTP Bank Albania. Albania is a MONEYVAL member.

December 20, 2021 NZ confirmed

New Zealand: NZ$3.5M from RBNZ to TSB Bank in 2021, first NZ bank taken to court over AML

Justice Jillian Mellon imposed in December 2021 a NZ$3.5 million fine (~$2.1 million US) on TSB Bank, following an agreement between the RBNZ and the bank that the judge reduced by NZ$355,000 (9%). It was the first time in history that the RBNZ took a New Zealand bank to court for AML/CFT Act breaches, combining individual penalties for four infractions. The AML/CFT Act sets civil penalties of up to NZ$200,000 for individuals and NZ$2 million for corporate bodies per breach. The RBNZ did not allege TSB had been involved in actual money laundering or terrorism financing.

December 25, 2024 SR confirmed

Suriname: CBVS tightens AML — Desi Bouterse sentenced 20 years (1999) + Santokhi reform + IMF 2021

The Centrale Bank van Suriname (CBVS) and the Financial Intelligence Unit (FIU-S) supervise the Surinamese banking sector under the framework of the Wet Doorlopende Identificatie Cliëntonderzoek 2017 (amended in 2020 and 2023). Suriname (618,000 inhabitants, former Dutch colony until 1975, capital Paramaribo), operates the Surinamese dollar (SRD). The country lived the era of **Desi Bouterse** (military leader after 1980 coup, President 1988-2010 and 2010-2020). Bouterse was sentenced in absentia in Netherlands to **20 years prison in July 1999** for cocaine trafficking ('November Drugs' case — $2.4M cocaine in Netherlands). In November 2019, **Bouterse was sentenced by Suriname Court of First Instance to 20 years for his responsibility in the December Murders of 1982** — 15 extrajudicial executions of opponents of the military regime. Sentence confirmed by Court of Appeal in December 2023, just before Bouterse's death on December 24, 2024 (84 years, fugitive in Paramaribo). **Chan Santokhi** (VHP, President since July 2020 after victory over Bouterse in 2020) has implemented reforms with the IMF ($688M agreement December 2021 — Suriname faced sovereign default 2020) — Suriname has massive offshore oil reserves discovered 2020 (Block 58 ExxonMobil/Chevron, Block 52 PETRONAS/ExxonMobil, expected production 2027-2028 — small 'Guyana 2'). Specific Surinamese AML risks: cocaine corridor (Suriname has the largest border with Brazil among Guyana + Suriname), gold smuggling (Goldmine Merian Newmont + illegal Brazilian garimpos), gold to UAE, illegal gold. The banking sector is concentrated in: De Surinaamsche Bank (DSB, largest), Hakrinbank, Surinaamse Volkscredietbank (SVCB), Republic Bank Suriname. Suriname is a CFATF member.

September 30, 2024 EC confirmed

Ecuador: SB sanctions banking sector in 2024 — added to FATF grey list in February 2025

Ecuador's Superintendency of Banks (SB) and the Financial and Economic Analysis Unit (UAFE) intensified AML/CFT inspections on the banking sector during 2024, under the framework of the Organic Law on Prevention, Detection and Eradication of Money Laundering and Financing of Crimes (published in 2016). Ecuador was added to the FATF grey list in February 2025 after the GAFILAT evaluation, which identified significant deficiencies in DNFBP (designated non-financial businesses and professions) supervision, UAFE effectiveness, and enforcement against virtual assets. The country faces an unprecedented security crisis since 2022 with Mexican cartels (Jalisco Nueva Generación, Sinaloa) operating locally, which has dramatically elevated banking sector AML risks. The sector is dominated by: Banco Pichincha (the largest), Banco Pacífico (state), Produbanco (regional Promerica), Banco Guayaquil, Banco Bolivariano. Official dollarization since 2000 facilitates physical dollar flows in the drug corridor.

April 15, 2022 NL confirmed

Netherlands: €2M from AFM to Robeco in 2022 over insufficient AML controls

The Dutch Financial Markets Authority (AFM / Autoriteit Financiële Markten) imposed in April 2022 on Robeco, one of the largest European fund managers, a €2 million fine (~$2.2 million) for failing to adequately control its clients on money laundering matters. A characteristic case of supervisory pressure on European fund managers, paralleling the AFM's tightening on the traditional banking sector with ING (€775M, 2018) and ABN Amro (€480M, 2021).

June 28, 2024 AT confirmed

Austria: FMA hands record €2.07M penalty to Raiffeisen Bank International in 2024

Austria's Financial Market Authority (FMA) imposed in June 2024 a €2.07 million penalty (~$2.2 million) on Raiffeisen Bank International (RBI), the largest AML fine in Austrian history. The FMA found that the bank had not satisfied itself of the adequacy of anti-money-laundering controls at two correspondent banks —in Cuba and Bahrain, per Reuters— in transactions with third countries. RBI considers the allegations unfounded and appealed the decision before the Federal Administrative Court. Context matters: RBI is the largest Western bank with significant exposure to Russia and processes, according to the Financial Times, between 40% and 50% of SWIFT flows between Russia and the rest of the world.

March 21, 2018 MT confirmed

Malta: Pilatus Bank closure Nov 2018 + Daphne Caruana Galizia assassinated Oct 16 2017 + Muscat crisis

On **March 21, 2018**, **Ali Sadr Hashemi Nejad** (Iranian citizen, owner Pilatus Bank Malta, former financier of Iranian Revolutionary Guard) was arrested in US after landing at Dulles International Airport — SDNY investigation that led to his subsequent conviction. **Pilatus Bank Limited** (Malta, founded 2014, ~$240M in assets), regulated by ECB+MFSA+FIAU, was **the center of modern Malta's biggest scandal**. The timeline: **October 16, 2017** — **Daphne Caruana Galizia**, Maltese investigative journalist of Running Commentary blog (1+ million readers in country of 500K inhabitants), **assassinated by car bomb near Bidnija**, Malta — pre-detained by international cartels for crimes against journalists. She was investigating: 1) **Panama Papers connections** of Joseph Muscat's (PM Malta 2013-2020) Chief of Staff, **Keith Schembri**, and **Energy Minister Konrad Mizzi** (New Zealand offshore accounts + Panama Mossack Fonseca); 2) **Pilatus Bank account** of Joseph Muscat's wife, **Michelle Muscat**, allegedly receiving $1M from family of Azerbaijani President Ilham Aliyev (suspended judicial probe 2017+ — never confirmed); 3) **Pilatus laundering for IRGC Iran** + Venezuela sanctioned officials + Azerbaijani oligarchs. After Caruana's murder, **3 men convicted: Vince Muscat (no relation to PM, 15 years Jul 2021), George Degiorgio + Alfred Degiorgio (40 years each Oct 2022)** + Caruana mastermind **Yorgen Fenech** (Maltese businessman, arrested Nov 2019 fleeing on yacht, pending trial 2026). Daphne's case has been **The Daphne Project** continued by OCCRP + ICIJ + Reuters + Guardian + 18 media organizations. **Joseph Muscat resigned as PM January 2020** post-Fenech arrest + Schembri indictment. Pilatus license **revoked by ECB in November 2018**. **Ali Sadr Hashemi Nejad** convicted **March 17, 2020 by SDNY on 5 charges** (Iran sanctions evasion + bank fraud + money laundering) — sentence annulled in August 2020 due to technical issue (Brady violation), new trial pending. Malta entered **FATF grey list in June 2021** post-Daphne crisis, exited June 2022.

December 15, 2022 PK confirmed

Pakistan: SBP imposes ~PKR 600M ($2.1M) in sanctions after FATF grey list exit in Oct 2022

The State Bank of Pakistan (SBP) intensified administrative sanctions on the banking sector in 2022, following Pakistan's exit from the FATF grey list in October 2022 after four years of enhanced monitoring. The combined H2 2022 package amounted to approximately 600 million Pakistani rupees (~$2.1 million) on multiple entities for compliance failures under the 2010 Anti-Money Laundering Act (amended in 2020), key legal reforms for Pakistan's FATF list exit alongside 27 action plan points. Major Pakistani banks include UBL, HBL, MCB, ABL, Bank Alfalah and Meezan Bank. SBP does not publish individual amounts with the transparency of FCA or NYDFS, in line with the practice of SAMA, Moroccan BAM or Egyptian CBE. The supervisor also uses administrative improvement agreements without monetary sanction, similar to Japanese gyōsei shobun.

October 24, 2025 NG confirmed

Nigeria: FATF removes Nigeria from grey list in Oct 2025 — Africa's largest economy alongside Mozambique/Burkina Faso/South Africa

On October 24, 2025, at its Paris plenary (Oct 22-24), the FATF removed Nigeria from the grey list ('Jurisdictions under Increased Monitoring') after it completed its action plan; it had been listed in February 2023. It exited alongside Burkina Faso, Mozambique and South Africa — four removals and no additions, an unusual outcome leaving 19 jurisdictions under monitoring. The FATF acknowledged progress in risk-based supervision, beneficial-ownership information and the ability to counter terrorist financing. The exit matters because of the grey list's cost: an IMF study (WP/21/153) estimates grey-listing cuts capital inflows by about 7.6% of GDP through higher compliance costs and correspondent-banking de-risking. FinCEN confirmed the update on November 21, 2025.

October 1, 2002 LS confirmed

Lesotho: the Highlands Water Project bribery case, a global precedent against multinational bribery

Lesotho's landmark AML case grew out of the Highlands Water Project (LHWP), one of the world's largest dam projects, which transfers water from the Maluti Mountains to South Africa's Gauteng province. Masupha Ephraim Sole, chief executive of the Highlands Development Authority (LHDA) from 1986 to 1995, was found guilty by Lesotho's courts of accepting bribes from several multinationals between 1988 and 1997, channeled to Swiss accounts through intermediaries; convicted in 2002, his sentence was upheld by the Court of Appeal in April 2003. What makes the case exceptional is that Lesotho also prosecuted the companies themselves: Acres International (Canada) was convicted and fined about USD 2.2 million in 2002 —the first multinational sanctioned for bribery on a World Bank-funded dam—, followed by convictions against Lahmeyer International (Germany), Spie Batignolles (now Schneider Electric, France) and Impregilo (Italy). The World Bank later debarred Acres (3 years, 2004) and Lahmeyer (7 years, 2006). The prosecution, based on the 1999 Prevention of Corruption and Economic Offenses Act and supported by legal assistance from Switzerland, the European anti-fraud office (OLAF) and the World Bank itself, set a precedent cited worldwide: that a poor country can prosecute bribery even when those involved are powerful multinationals. The kingdom's financial supervision rests with the Central Bank of Lesotho and its financial intelligence unit, and Lesotho is a member of ESAAMLG, the regional anti-money-laundering body for Eastern and Southern Africa.

June 15, 2023 HU confirmed

Hungary: MNB sanctions K&H Bank and other entities in 2023 over AML failures

The National Bank of Hungary (Magyar Nemzeti Bank, MNB) imposed in 2023 combined administrative sanctions of approximately 580 million Hungarian forints (~$2 million) on several Hungarian banking sector entities, including K&H Bank (Belgian KBC group subsidiary, one of Hungary's top three banks). The violations fall under non-compliance with Law 53/2017 on prevention of money laundering and terrorism financing, which transposed European directives (5th and 6th AMLD) into Hungarian law. The MNB has had a dedicated AML/CFT enforcement department since 2020, part of Hungary's process of adapting to European and FATF standards.

December 30, 2010 IL confirmed

Israel: NIS 7.5M to Bank Hapoalim in Dec 2010 over the historic Yarkon branch scandal

The Bank of Israel imposed in December 2010 on Bank Hapoalim a NIS 7.5 million penalty (~$2 million) for violations of the Prohibition on Money Laundering Law (חוק איסור הלבנת הון) detected at the Yarkon branch in Tel Aviv. The investigation revealed that the branch had facilitated laundering of hundreds of millions of dollars between 2004 and 2008. The so-called 'Yarkon branch case' was uncovered in March 2005 by Israeli police, with dozens of bank employees and clients investigated, shocking the country's banking system. The sanction combines NIS 6 million for the 2004 events (failing to report to the Anti-Money Laundering Authority) and NIS 1.5 million for the 2007-2008 audit report findings. A founding case of modern AML enforcement in Israel.

May 3, 2017 GN confirmed

Guinea: the Mahmoud Thiam case — the ex-mining minister convicted in the US for laundering $8.5M in Chinese bribes

The most emblematic money-laundering case tied to Guinea is that of Mahmoud Thiam, a US citizen and former Wall Street banker who was the African country's Minister of Mines and Geology between 2009 and 2010. On May 3, 2017, a Manhattan federal jury found him guilty on two counts of money laundering, and in August that year he was sentenced to seven years in prison. According to prosecutors, Thiam accepted USD 8.5 million in bribes from a Chinese conglomerate — China Sonangol International and China International Fund (CIF) — in exchange for using his position to grant them exclusive and highly valuable mining rights, with near-total control of Guinea's mining sector (iron, gold, diamonds and bauxite). He received the payments in a Hong Kong account, transferred about 3.9 million to the United States and used them for luxuries — a USD 3.75 million estate in New York, private schools, a Steinway grand piano — lying to banks about his occupation and the source of the funds to conceal his status as a public official. The case illustrates Guinea's 'resource curse': despite holding the world's largest bauxite reserves, it is one of Africa's poorest countries, partly due to corruption in the awarding of concessions. The national financial intelligence unit is CENTIF, sector supervision rests with the Central Bank of the Republic of Guinea (BCRG) and the country is a GIABA member; since the September 2021 coup, Guinea has been ruled by a military junta led by Mamadi Doumbouya.

December 19, 2024 CW confirmed

Curaçao: LOK Law + new AML/CFT/PF law approved Dec 2024 — paradigm reform of 'gambling paradise'

On December 19, 2024, Curaçao approved the Landsverordening op de Kansspelen (LOK, Gaming Law) and the Landsverordening bestrijding witwassen, financieren van terrorisme en het financieren van proliferatie (PB 2024 nr. 41) replacing the previous AML/CFT/PF regime. The reform transformed Curaçao's historic online gambling industry: traditionally one of the world's most permissive regimes (host to US-facing offshore operators) under the Master Licenses system with permissive sublicenses, LOK forced all operators to apply for individual licenses under the new Curaçao Gaming Authority (CGA, transformation of the Gaming Control Board GCB). The Temporary Work Organization (TWO) led by the Netherlands assists Curaçao, Aruba and Sint Maarten in implementing the Landspakketten. Critique from the Faneyte report (400 pages, late 2024): tacit acceptance of crypto payments without adequate regulatory framework, CGA underfunded, risk of continuation as 'money laundering paradise'. Former Centrale Bank Curaçao en Sint Maarten (CBCS) president Emsley Tromp faced corruption controversy. The banking sector is dominated by Maduro & Curiel's Bank ($5.9 billion in assets), RBC, Scotiabank. On March 31, 2025, the new Caribbean guilder (XCG) currency replaced the Netherlands Antillean guilder (ANG, withdrawn June 30, 2025).

July 25, 2016 IN confirmed

India: the RBI fines Bank of Baroda, HDFC and PNB over KYC/AML failures in the forex scandal (2016)

The Reserve Bank of India (RBI) fined Bank of Baroda (Rs 5 crore), HDFC Bank (Rs 2 crore) and Punjab National Bank (Rs 3 crore) in 2016 for KYC/AML control failures, in connection with a ~Rs 6,000 crore forex remittance scandal uncovered in 2015: funds transferred to Hong Kong accounts for imports that never took place. The RBI flagged weaknesses in transaction monitoring and timely FIU reporting.

December 31, 2023 BG confirmed

Bulgaria: BNB sanctions banking sector with BGN 4M ($2.1M) in 2022-2023 after Moneyval observations

Bulgaria's Bulgarian National Bank (BNB) intensified AML/CFT inspections during 2022-2023, applying combined administrative sanctions of approximately 4 million Bulgarian leva (~$2.1 million) on multiple banks. The legal framework is the 2018 Act on Measures Against Money Laundering (AMML), aligned with the EU's 5th AMLD directive, complemented by the Bulgarian Personal Data Protection Act and AML Regulation 5/2021. The supervisor coordinates with the State Agency for National Security (DANS), responsible for the Financial Intelligence Unit. Bulgaria was evaluated by MONEYVAL in 2022 and received significant observations on enforcement effectiveness, particularly in the real estate and gambling sectors, which triggered this tightening. Bulgaria is an EU member since 2007 but not in the eurozone, maintaining its lev but subject to binding EU AMLD directives. The Bulgarian banking sector is dominated by subsidiaries of European banks (UniCredit Bulbank, DSK Bank of Hungarian OTP Group, Eurobank Bulgaria).

December 31, 2022 BR confirmed

Brazil: R$9M+ from the Central Bank to Banco Paulista, the largest documented Brazilian AML penalty

The Brazilian Central Bank (BCB) sanctioned Banco Paulista with more than R$9 million (~$1.8 million) for 'deficient internal controls' and 'failure to provide, within the established deadline, documents or information' required by the supervisory authority. It is the largest individual Brazilian AML fine documented in the set of 31 sanctions applied by BCB between 2020 and July 2025 (~R$28.4 million in total). The fine, already paid by the entity, contrasts with most of the package: only 5 of the 31 sanctions had been settled by July 2025. Parallel cases: Banco Master (~R$1M, 2020, in 2 actions) and Banrisul (R$2.3M, 2023). The BCB applies a 'risk-based supervision' approach aligned with FATF recommendations. Most sanctioned institutions are exchange brokers, several already bankrupt.

September 30, 2024 ZA confirmed

South Africa: ZAR 30M from SARB to Absa Bank in Sep 2024 over specific AML failings

The South African Reserve Bank (SARB) through its Prudential Authority imposed in September 2024 on Absa Group, one of South Africa's four largest banks, a sanction of approximately ZAR 30 million (~$1.7 million) for specific failings in its anti-money laundering system. The sanction followed the collective December 2024 package against Capitec (ZAR 56.25M) and other South African banks (Nedbank ZAR 35M in 2023). South Africa has been under FATF enhanced monitoring since February 2023 after being added to the grey list, dramatically intensifying SARB and FIC (Financial Intelligence Centre) enforcement. Absa announced in May 2025 it was implementing an 18-month remediation plan under direct Prudential Authority supervision.

April 28, 2015 TL confirmed

Timor-Leste: the fraud of fake petroleum advisor Bobby Boye, who pleaded guilty in the US

Timor-Leste's most notorious financial-crime case centers on Bobby Boye, a US citizen recruited in early 2010 by Norway's Ministry of Finance to advise the Timorese government on petroleum taxation, within an assistance program. Boye secretly created a shell legal and accounting firm in New York, Opus & Best Law Services, which he himself controlled and to which, from his position of influence, he steered government contracts. To bolster his credibility, he pushed dubious tax assessments against international oil companies —which paid under protest before appealing—, boasted of having generated new millions in revenue and promoted a tightening of the rules that opened the way to his scheme's fraudulent contracts and wire transfers. After being alerted by Timor-Leste's authorities, the FBI investigated and Boye was arrested in June 2014 at Newark airport. On April 28, 2015, before a federal court in Trenton (New Jersey), he pleaded guilty to defrauding the State of Timor-Leste of USD 3.51 million and agreed to full restitution; bank accounts, four properties, three vehicles and two high-end watches were seized. The Timorese organization La'o Hamutuk estimated that the real cost to the country —which depends on oil for more than 90% of its revenue and holds a sovereign fund of about USD 17 billion— was far higher, on the order of 176 million, due to the damage to revenue collection and reputation. A Portuguese consultant, Tiago Guerra, was also arrested for money laundering in the case and spent six months in jail without charges. The episode, in which Timor-Leste acted as the victim and cooperated with the FBI, illustrates the vulnerability of a small petroleum state to fraud. Financial supervision rests with the Central Bank of Timor-Leste (BCTL) and its financial intelligence unit, with the country a member of the APG.

October 29, 2024 IL confirmed

Israel: NIS 10M from the Bank of Israel to 5 banks (Leumi, Discount and others) in Oct 2024 over AML failures

The Banking Corporations Sanctions Committee of the Bank of Israel (chaired by Bank Supervisor Dani Hachiasvili) imposed in October 2024 combined penalties of around NIS 10 million (~$3 million) on five banking entities: Bank Leumi, Discount Bank, Bank of Jerusalem, Citibank Israel and HSBC Israel, for violations of the 2001 Order on Prohibition of Money Laundering and Terrorism Financing (identification, reporting and recordkeeping obligations), as well as the prudent banking management handbook No. 411 on 'Management of money laundering and terrorism financing risks'. The cap on the penalty per violation is NIS 2.26 million. A week earlier, Bank Hapoalim had received a separate NIS 1.83 million sanction.

September 30, 2024 ID confirmed

Indonesia: 173 OJK sanctions on financial entities in 2024 over APU-PPT failures

Indonesia's Otoritas Jasa Keuangan (OJK), supervisor of the financial system, applied in 2024 173 sanctions on financial sector entities including insurers, pension funds, guarantee companies and banks. The new POJK 8/2023 regulatory framework (replacing POJK 12/2017) on the APU-PPT program (Anti Pencucian Uang dan Pencegahan Pendanaan Terorisme - Anti-Money Laundering and Counter-Terrorism Financing) tightened administrative sanctions with a legal ceiling per infraction of IDR 50 billion (~$3.1 million USD), rising to IDR 50 billion for banks and controlling shareholders. The framework is complemented by Bank of Indonesia's PBI 10/2024 for non-bank entities (payment service providers, KUPVA, etc.), effective from December 31, 2024. Indonesia exited the FATF grey list in 2024 after two years under enhanced monitoring.

October 11, 2016 CH confirmed

Switzerland: FINMA ordered Falcon Bank to surrender CHF 2.5M in illegal profits over the 1MDB case

In parallel with Singapore's action, in October 2016 the Swiss authority FINMA ordered Falcon Private Bank (Zurich-based, owned by Abu Dhabi's sovereign fund IPIC) to surrender CHF 2.5 million (~$2.6 million) in what it called illegal profits obtained in connection with the 1MDB scandal, and opened enforcement proceedings against two former executives. It shows the cross-border coordination of AML enforcement.

December 9, 2025 US confirmed

US: $3.5M from FinCEN to P2P crypto platform in Dec 2025 over $500M+ in suspicious activity

On December 9, 2025, FinCEN announced a consent order imposing $3.5 million civil penalty on a peer-to-peer (P2P) virtual asset trading platform (not named in the public version), alleging willful violations of the Bank Secrecy Act. The platform operated a hosted virtual asset wallet and a P2P marketplace connecting buyers and sellers using hundreds of payment methods. FinCEN alleged that over several years the platform processed transactions involving more than $500 million in suspicious activity, including activity linked to sanctioned jurisdictions, ransomware attacks, darknet marketplaces, terrorism financing and other illicit conduct. Mitigating factors considered by FinCEN included leadership changes, engagement of outside consultants, and retrospective review to identify and report previously unreported suspicious activity. The action adds to SUEX (2021), Chatex (2021), Garantex (2025) and Hydra (2022) as iconic OFAC/FinCEN crypto sector cases.

October 11, 2016 SG confirmed

Singapore: MAS shuts down Falcon Bank and fines SGD 4.3M in Oct 2016 over 1MDB

The Monetary Authority of Singapore (MAS) ordered on October 11, 2016 the closure of Falcon Private Bank's Singapore branch for 'persistent and severe lack of understanding' of AML rules, fining it SGD 4.3M (~$3.1M) for 14 violations. Inspections in 2013 and 2015 had found problems Falcon did not correct. Second forced bank closure in Singapore in 32 years, after BSI in May 2016. Branch manager Jens Sturzenegger arrested October 6. Same day, FINMA in Zurich ordered surrender of CHF 2.5M in illicit profits. Falcon is owned by Abu Dhabi sovereign wealth fund IPIC. Part of Singapore's largest-ever AML operation over 1MDB.

December 20, 2024 ZA confirmed

South Africa: 56.25M ZAR (~$3M) from SARB to Capitec Bank in 2024 over FICA failures

On December 20, 2024, the Prudential Authority of the South African Reserve Bank (SARB) imposed administrative sanctions on Capitec Bank — the country's fastest-growing bank — totaling ZAR 56.25 million (~USD 3.07 million), of which ZAR 10.5 million was conditionally suspended for 36 months, for breaching the Financial Intelligence Centre Act (FIC Act 38/2001). Inspections in 2021 (retail banking) and 2022 (business banking) found due-diligence failures: weak verification of client identity, beneficial owners and source of funds, inadequate politically-exposed-person screening, and breach of Directive 5/2019 (failing to action its automated monitoring system's alerts within 48 hours). The sanctions included seven cautions, one reprimand and the fine. Capitec cooperated and took remedial measures. The action came as South Africa intensified compliance to exit the FATF grey list, which it ultimately did in October 2025.

June 30, 2024 RO confirmed

Romania: BNR + ONPCSB sanction banking sector with ~RON 15M ($3.2M) in H1 2024

Romania's National Bank (Banca Națională a României, BNR) and the National Office for the Prevention and Combat of Money Laundering (Oficiul Național de Prevenire și Combatere a Spălării Banilor, ONPCSB — Financial Intelligence Unit) applied during H1 2024 combined administrative sanctions of approximately 15 million Romanian leu (~$3.2 million) on the banking sector. The legal framework is Law 129/2019 on Money Laundering Prevention and Combat, aligned with the EU's 5th and 6th AMLD directives. Notable individual cases include sanctions on Banca Românească (part of Eximbank), CEC Bank and private commercial banks for KYC/CDD failures and late SAR reporting. The Romanian banking sector is dominated by European subsidiaries (Banca Transilvania the largest local, BCR of Erste Group, BRD of Société Générale, ING Bank, Raiffeisen, UniCredit) and operates under European Central Bank/SSM supervision for systemic banks. Romania has been an EU member since 2007 and entered the SRM (Single Resolution Mechanism) in 2014.

March 4, 2015 GB confirmed

UK: £2.1M from FCA to Bank of Beirut UK in Mar 2015 — individual sanctions on compliance + auditor

On March 4, 2015, the UK FCA fined Bank of Beirut (UK) Ltd £2.1 million (~$3.1M USD) and banned the entity from acquiring new customers from high-risk jurisdictions for 126 days. Additionally, the FCA imposed individual fines on two approved persons of the bank: Anthony Wills, former compliance officer (£19,600), and Michael Allin, internal auditor (£9,900), for repeatedly providing misleading information to the regulator and breaching their responsibilities as approved persons. Concerns about the internal culture of the bank emerged after supervisory visits in 2010 and 2011. It is one of the classic FCA cases where individual executives are directly sanctioned, not just the entity — setting precedent for Standard Chartered, Lloyds, Barclays and all subsequent cases. Georgina Philippou (acting director of enforcement) emphasized: 'Wills and Allin provided a number of misleading communications, which is a serious breach of their responsibilities as approved persons'. The case is part of the post-Lebanese Canadian Bank (LCB, FinCEN 311 designation in 2011) context, which led to SGBL acquiring LCB. The FCA used this case to drive supervisory visits to small banks.

April 8, 2025 LT confirmed

Lithuania: €3.5M from the Bank of Lithuania to Revolut in Apr 2025 over AML failures

On April 8, 2025, the Bank of Lithuania fined Revolut Bank UAB — the Lithuanian arm underpinning the neobank's European operation — EUR 3.5 million (~USD 3.8 million), its largest-ever penalty, for violations and shortcomings in monitoring business relationships and transactions found in a scheduled inspection: the bank did not always correctly identify suspicious operations. The regulator confirmed no money-laundering cases; the failures were control-related. The fine equals less than 1% of Revolut Holdings Europe's revenue, well below the 10% legal maximum, and was resolved via an administrative agreement after Revolut acknowledged the deficiencies. Revolut operates in the EU under a Lithuanian licence, jointly supervised by the Bank of Lithuania and the ECB.

February 20, 2020 CH confirmed

Switzerland: CHF 4.3M from FINMA to Julius Bär in 2020 over PDVSA and FIFA; former CEO Collardi reprimanded

The Swiss Financial Market Supervisory Authority (FINMA) sanctioned private bank Julius Bär in February 2020 with confiscation of CHF 4.3 million (~$4.8 million) in illicit profits over 'serious deficiencies in anti-money laundering controls' in connection with corruption transactions linked to Venezuelan state oil company PDVSA and corrupt FIFA officials. FINMA installed a special commissioner at Julius Bär in 2017 and expanded the investigation in 2018 following the US arrest of a bank advisor. The following year, then-Julius Bär CEO Boris Collardi —who left the bank in 2017 to join Pictet— was formally reprimanded in writing, an unusual case of individual executive accountability in Switzerland.

June 1, 2020 ES confirmed

Spain: over €4M to a bank for client-identification failures

In Spain, SEPBLAC fined a major bank over €4 million in 2020 for failing to properly implement client-identification controls and for not reporting suspicious transactions, after an investigation revealed serious compliance deficiencies. The Spanish regime (Law 10/2010) classifies violations as very serious, serious and minor.

May 7, 2021 US confirmed

US: Colonial Pipeline ransomware May 2021 — $4.4M DarkSide ransom + East Coast fuel crisis

On **May 7, 2021**, **Colonial Pipeline** (the largest refined products pipeline in the US, transporting **~45% of East Coast fuel** — 2.5M barrels/day from Houston to New Jersey) was forced into **complete shutdown** after a **ransomware attack by the DarkSide group** (Russian/Eastern European cybercriminals, ransomware-as-a-service RaaS). The attack caused the **largest energy infrastructure disruption by cyberattack in US history**: gasoline panic buying, shortages in 5 southeastern states (regional emergency declared), price spikes, gas station lines. Colonial Pipeline **paid a ransom of ~75 BTC (~$4.4 million USD)** to DarkSide on May 8 to obtain the decryption key (although the decryptor was so slow they used their own backups). The case was an inflection point: **(1) The FBI recovered ~63.7 BTC (~$2.3 million) of the ransom in June 2021** — first major crypto ransomware recovery via blockchain tracing (FBI obtained the private key of DarkSide's wallet); **(2) OFAC + Treasury intensified sanctions against ransomware actors + crypto mixers** (Garantex, Suex, Chatex, Bitzlato cases already covered); **(3) Biden Executive Order 14028 (May 2021) on cybersecurity**; **(4) DarkSide 'disappeared' (rebrand) after the pressure** — the group was affiliated with the Russian ransomware ecosystem (REvil, Conti, LockBit, BlackCat). The case is referenced as **the ransomware wake-up call against critical infrastructure + the precedent of crypto ransom recovery via blockchain forensics**. Colonial Pipeline also paid **$1M settlement to DOJ 2024** for failures + faced congressional hearings (CEO Joseph Blount testified). The case catalyzed **CISA + TSA pipeline cybersecurity directives**.

September 19, 2019 KE confirmed

Kenya: CBK sanctions 5 major banks with KES 385M ($3.92M) in Sep 2019 over NYS scandal

On September 19, 2019, the Central Bank of Kenya (CBK) announced the result of the first phase of investigations into the National Youth Service (NYS) scandal, where approximately Sh8 billion ($75M) in public funds was stolen. Five major Kenyan banks were sanctioned for specific AML/CFT failures: Standard Chartered Bank Kenya (Sh1.628B processed, Sh77.5M fine / $775K), Equity Bank Kenya (Sh886M processed, Sh89.5M fine / $895K), KCB Bank Kenya (Sh639M processed, Sh149.5M fine / $1.5M — the highest), Co-operative Bank of Kenya (Sh263M processed, Sh20M fine / $200K), and Diamond Trust Bank Kenya (Sh162M processed, Sh56M fine / $560K). Specific violations: failures to report large cash transactions, inadequate customer due diligence, lack of supporting documentation and late SAR filing to the Financial Reporting Centre (FRC). The second phase derived criminal investigations against executives and politicians. Kenya operates under the Proceeds of Crime and Anti-Money Laundering Act 2009 (POCAMLA), supervised by CBK + FRC + ESAAMLG (Eastern and Southern Africa Anti-Money Laundering Group). The case is a continental reference.

December 14, 2025 NZ confirmed

New Zealand: High Court imposes NZ$6.73M on ASB Bank, the country's largest AML/CFT penalty

In December 2025, the Reserve Bank of New Zealand (RBNZ) filed civil High Court proceedings against ASB Bank — one of the country's largest, owned by Australia's Commonwealth Bank — over seven breaches of the 2009 AML/CFT Act; ASB admitted all seven causes and both parties jointly recommended a NZ$6.73 million penalty. In June 2026, the High Court imposed that NZ$6.731 million penalty, the largest AML/CFT penalty ever handed down by a New Zealand court. The RBNZ found ASB's transaction-monitoring system and AML/CFT programme were inadequate for about six years (2019-2025): roughly NZ$9.37 billion in transactions were not properly vetted and the bank failed to correctly report the location of 50,000 cash transactions, alongside ongoing-due-diligence and timely suspicious-activity-reporting failures. There was no allegation ASB itself engaged in laundering; the fine equals 0.26% of its annual net profit.

March 25, 2025 AE confirmed

UAE: AED 18.1M on two foreign-bank branches for AML failures (2025)

In March 2025, the CBUAE imposed AED 18.1 million (~USD 4.9 million) in sanctions on two foreign-bank branches operating in the UAE for deficiencies in their anti-money-laundering framework: insufficient risk-based monitoring, governance failings and gaps in suspicious-activity reporting. The action shows the regulator holds global institutions to the same compliance requirements as local ones, within the intensified supervision that followed the UAE's exit from the FATF and EU lists in 2024.

December 24, 2025 BR confirmed

Brazil: the Central Bank applied R$ 28.4M in 31 AML fines since 2020 (only 5 paid)

Data obtained by Metrópoles through Brazil's Freedom of Information Act (published December 2025) revealed that Brazil's Central Bank imposed BRL 28.4 million in 31 anti-money-laundering fines from 2020 to July 2025 — failures in prevention controls and in reporting suspicious transactions — of which only five had been paid. The institutions include Banco Master (two 2020 actions for deficient internal controls and a foreign-exchange-rule breach, about BRL 1 million in installments), Banrisul (2023, over BRL 2.3 million, paid) and Banco Paulista (over BRL 9 million, paid); many of the others are exchange brokers, some already bankrupt. The fines ranged from BRL 268,000 to BRL 9 million. The low collection rate (5 of 31) highlights the gap between imposing and actually collecting sanctions.

January 19, 2023 GB confirmed

UK: £4M to Al Rayan Bank from the FCA in Jan 2023 over enhanced due diligence failures

The FCA fined Al Rayan Bank, a UK Islamic bank, £4 million (~$5 million) in January 2023 for failures in its AML controls and enhanced due diligence (EDD). The supervisor found the bank had not properly vetted customer transactions for signs of money laundering, nor had it trained its staff to conduct EDD checks correctly. Mark Steward, FCA Executive Director of Enforcement, stated that such failings 'create the conditions in which financial crime is facilitated'. A characteristic case of FCA sanctions on mid-sized UK retail banking.

December 13, 2017 FR confirmed

France: €5M from ACPR to Société Générale in 2017 — first AML penalty

The ACPR Sanctions Commission imposed in December 2017 on Société Générale a €5 million fine (~$6 million) for failings in its anti-money laundering system. It was ACPR's first sanction against the French banking group. The case paved the way for subsequent sanctions against the parent (€20M in May 2026) and subsidiaries (Treezor €1M in April 2024). Société Générale is the third-largest bank in the eurozone by assets and part of the SIFI (Systemically Important Financial Institutions) list, which adds supervisory pressure.

March 16, 2026 PL confirmed

Poland: PLN 21M from KNF to Santander Bank Polska in Mar 2026 over eight combined violations

Poland's Financial Supervision Authority (KNF — Komisja Nadzoru Finansowego) issued a March 4, 2026 decision imposing eight penalties totaling PLN 21.1 million on Santander Bank Polska — the Spanish Santander group's main Polish subsidiary — for failings in customer service and investment-services provision. The largest (PLN 7 million) covers execution of orders tied to the 'Oprocentowanie Nie Wyższe Niż' (rate-no-higher-than) mechanism, which the KNF deemed a financial instrument not treated as such from January 2021 to April 2023; others include PLN 4 million for cooperating with unauthorized third parties and PLN 1 million for incomplete disclosure of FX-hedging costs. The decision is not final and is appealable; per the KNF, the maximum possible penalty exceeded PLN 2 billion. This is a conduct and investor-protection case, not money laundering.

December 12, 2023 CA confirmed

Canada: FINTRAC fines RBC C$7.5M in 2023 for AML non-compliance

FINTRAC imposed in December 2023 a C$7.5 million penalty (~$6 million) on the Royal Bank of Canada (RBC), the country's largest bank, for money-laundering and terrorist-financing non-compliance. It was one of the fines that marked the toughening of FINTRAC enforcement, announced by its CEO in 2023.

July 30, 2025 MY confirmed

Malaysia: BNM penalizes Bank Islam, Bank Rakyat and BSN ~RM7.29M for breaches (Jul 2025)

On July 30, 2025, Bank Negara Malaysia (BNM) imposed more than RM7 million in administrative monetary penalties on three institutions for regulatory breaches. Bank Islam Malaysia (BIMB) accrued RM3.445 million across two penalties: RM1.70 million (imposed May 29, 2025) for sanction-screening breaches and RM1.745 million (June 30) for prolonged service disruptions, under the Islamic Financial Services Act (IFSA), the Risk Management in Technology (RMiT) policy and the AML/CFT and Targeted Financial Sanctions policy. Bank Rakyat was fined RM2.85 million (under the Development Financial Institutions Act and RMiT) and Bank Simpanan Nasional (BSN) RM995,000. BNM said it weighed the severity, past compliance records and effectiveness of remedial actions.

April 9, 2024 CA confirmed

Canada: FINTRAC fines TD Bank C$9.2M in 2024 for failing to report suspicious transactions

FINTRAC, Canada's financial intelligence agency, imposed in April 2024 a C$9.2 million penalty (~$7 million) on TD Bank for five violations found in a 2022-2023 review: failing to file suspicious transaction reports despite grounds, not assessing money-laundering risks and not applying special measures to high-risk clients. The review identified 96 clients not in its high-risk program, including a politically exposed person. It was then FINTRAC's largest fine —a fraction of the $3 billion in the US that year—.

July 15, 2013 IN confirmed

India: RBI sanctions 22 banks in Jul 2013 over KYC/AML failings after Cobrapost sting

The Reserve Bank of India (RBI) imposed in July 2013 sanctions on 22 banks for KYC and AML rule violations, with individual fines ranging from INR 50 lakh to 3 crore. The action followed inspections triggered by the Cobrapost online journalism sting, which in March 2013 published videos showing ICICI, HDFC and Axis employees offering customers ways to convert black money into white through the banking system. In June, RBI had already fined those three private banks a combined INR 10.5 crore (~$1.6M; Axis 5cr, HDFC 4.5cr, ICICI 1cr). The July action added 12 public-sector banks (SBI, Canara, Bank of Baroda, Bank of India, Central Bank of India) and 9 private ones (Federal Bank, YES Bank, Kotak Mahindra, DCB, Dhanlaxmi), plus cautionary letters to Standard Chartered and Citibank India. The RBI specified there was 'no prima facie evidence of money laundering'. A founding case of modern Indian AML enforcement and a precursor to the sanctions against Paytm (2023, 5.4 crore) and Federal Bank (2024, INR 50 million).

March 9, 2022 BY confirmed

Belarus: OFAC sanctions 9 Belarusian banks post-Feb 2022 — massive support to Russia in Ukraine invasion

Following the **Russian invasion of Ukraine on February 24, 2022**, OFAC, the EU, UK, Switzerland, Norway and 30+ other countries imposed **extensive sanctions against Belarus** for its active support of the Putin regime (Belarusian territory used to invade Kiev, Belarusian soldiers not sent but extensive logistical support, Belarusian hospitals for Russian wounded). The **Aleksandr Lukashenko regime** (in power since July 1994 — 30 years in office, the longest-serving European dictator) was already under sanctions for the **brutal repression of the Sviatlana Tsikhanouskaya (Tikhanovskaya) protests in August 2020** (fraudulent presidential election — Lukashenko 'won' 80.10%; ~33,000 detained, thousands of tortures documented by UN OHCHR, several deaths). OFAC-sanctioned Belarusian banks include: **Belarusbank (state, largest), Belagroprombank (state, second), Belinvestbank, Belarusian Bank for Development and Reconstruction (BBDR), Bank Dabrabyt, Sber Bank (Russian subsidiary), VTB Bank (Belarus), Belvnesheconombank, Belgazprombank**. The **National Bank of the Republic of Belarus (NBRB)** is sanctioned under OFAC. **Belarus was cut from SWIFT in March 2022** (same package as selected Russian banks — Sberbank, VTB Bank). The **Bank for International Settlements (BIS) and ECB** suspended cooperation with NBRB. **Belarus is an EAG (Eurasian Group) member**. The crypto system has expanded massively as evasion route (Belarus has one of the world's most permissive crypto regulations post-Decree 8 of 2017). The Lukashenko regime has generated >300,000 political refugees since 2020 (~150,000 in Poland + Lithuania, Latvia, Ukraine pre-2022, Georgia, Sweden). Sviatlana Tikhanouskaya leads the **Belarusian Democratic Movement** from exile in Vilnius, Lithuania.

December 3, 2019 HK confirmed

Hong Kong: HK$66.4M ($8.5M) to Hang Seng Bank from HKMA+SFC in 2019 — largest Hong Kong fine

Hong Kong's HKMA and Securities and Futures Commission (SFC) imposed on Hang Seng Bank —HSBC group subsidiary— a record HK$66.4 million fine (~$8.5 million USD) for misconduct in investment product selling practices. The SFC reprimanded and fined the bank, in one of the largest disciplinary sanctions in Hong Kong financial center history. Although not strictly AML, the case illustrates the HKMA-SFC coordination on dishonest banking conduct and preceded the specific AML actions of 2024-2025.

December 4, 2024 GB confirmed

UK: £7.67M to Guaranty Trust Bank (UK arm) from the FCA in Dec 2024 — AML repeat offender

The FCA fined in December 2024 Guaranty Trust Bank (UK), the London subsidiary of the Nigerian bank of the same name, £7.67 million (~$9 million) for 'serious weaknesses' in its AML systems and controls between October 2014 and July 2019. The supervisor found the bank had allowed money to pass through and be used within the UK without appropriate checks. The FCA noted the conduct was 'particularly egregious' because it was not the first time: it had already received a £525,000 fine in August 2013 for the same violations — a textbook case of AML recidivism. Part of the FCA's pattern on UK subsidiaries of African banks (previously Habib AG Zurich, etc.).

May 9, 2024 DE confirmed

Germany: BaFin fines N26 €9.2M for late SARs and pressures fintechs (Solaris)

On May 9, 2024, Germany's financial regulator BaFin fined the neobank N26 Bank EUR 9.2 million for systematically and repeatedly filing suspicious activity reports (SARs) to the Financial Intelligence Unit late throughout 2022, a breach of German anti-money-laundering law — delays weaken authorities' ability to intercept illicit funds. It was BaFin's second fine on the bank after EUR 4.25 million in 2021 (for delays in 2019-2020), on top of the customer-onboarding cap the regulator imposed in 2021 (50,000 new customers a month, later 60,000), finally lifted in June 2024, and the appointment of a special monitor; a 2024 special audit also found deficiencies in the organization of its lending business. N26 said it had invested more than EUR 80 million in compliance staff and infrastructure since 2022. The case illustrates BaFin's pressure on fast-growing fintechs, including Solaris, which was subject to restrictions and a special representative for similar deficiencies.

July 15, 2025 MX confirmed

Mexico: CNBV fines Intercam, CIBanco and Vector MXN 185M after 2022-2023 audits

On July 15, 2025, Mexico's National Banking and Securities Commission (CNBV) published 53 sanctions totaling more than MXN 185 million (~USD 10 million) against Intercam Banco, CIBanco and Vector Casa de Bolsa, mostly for anti-money-laundering (AML) failures found in audits: Intercam accrued about MXN 92.1 million and CIBanco about MXN 66.6 million for AML breaches; Vector's (~MXN 27 million) relate to the Investment Funds Law, not money laundering. The CNBV's board also ordered the temporary managerial takeover of CIBanco and Intercam, assuming control of their administration without suspending operations. The action followed FinCEN's June designation (see the FinCEN event); President Claudia Sheinbaum noted there was no FGR criminal investigation file, only the administrative sanctions.

June 25, 2025 MX confirmed

Mexico: FinCEN designates CIBanco, Intercam and Vector as 'primary money-laundering concern' over fentanyl

On June 25, 2025, the US Treasury's Financial Crimes Enforcement Network (FinCEN) issued its first orders under the 2024 FEND Off Fentanyl Act and designated three Mexican financial institutions —banks CIBanco and Intercam and brokerage Vector— as of 'primary money laundering concern' in connection with opioid trafficking. The orders prohibit US financial institutions from sending or receiving funds —including virtual currency— to or from these institutions and their branches in Mexico. According to FinCEN, the three facilitated payments between Chinese fentanyl-precursor suppliers and the Mexican cartels that manufacture it: a CIBanco employee allegedly facilitated an account in 2023 to launder USD 10 million for a Gulf Cartel member; Intercam executives allegedly met with suspected members of the Jalisco New Generation Cartel (CJNG) to discuss laundering schemes; and Vector allegedly laundered more than 2 million for the Sinaloa and Gulf cartels, besides facilitating payments for precursor chemicals. The measures, historic as the first of their kind, came after President Trump's early-2025 executive order classifying several cartels as foreign terrorist organizations, and took effect on October 20, 2025 after several extensions. The institutions rejected the allegations and defended their controls, and the Mexican government questioned the evidence and asserted the soundness of its financial system. The case fits a broad record: Mexico had already been the scene of HSBC's settlement with US justice for laundering cartel money (2012) and the US conviction of former security secretary Genaro García Luna for narco ties (2023). Supervision rests with the National Banking and Securities Commission (CNBV), the Bank of Mexico and the Financial Intelligence Unit (UIF), with Mexico a member of GAFILAT.

December 31, 2023 TR confirmed

Turkey: TRY 350M (~$11M) from MASAK on 415 reporting entities in 2023 over AML failures

MASAK (Mali Suçları Araştırma Kurulu), Turkey's Financial Intelligence Unit under the Treasury and Finance Ministry, imposed in 2023 combined administrative fines of over 350 million Turkish liras (~$11 million) after inspections of 415 reporting entities (yükümlü) under Law 5549 on the Prevention of Laundering Proceeds of Crime. The law sets per-infraction caps of TRY 1 million (TRY 10 million for entities with dual obligation). Turkey was on the FATF grey list between October 2021 and June 2024, intensifying supervisory pressure. In May 2026 a judicial operation in 21 cities revealed ~TRY 100 billion and ~$2 billion USD in suspicious movements, with 198 suspects detained (3 bank executives, 8 police, 4 lawyers), evidencing the recent enforcement reach.

November 29, 2024 NG confirmed

Nigeria: CBN sanctions 29 banks with N15B ($10.5M) in 2024 over AML/CTF failures

The Central Bank of Nigeria (CBN), led by Governor Olayemi Cardoso, announced in November 2024 during the Bankers' Night of the Chartered Institute of Bankers of Nigeria (CIBN) in Lagos combined sanctions of 15 billion nairas (~$10.5 million) on 29 banks for violations of AML (Anti-Money Laundering) and CTF (Counter-Terrorism Financing) regulations. In the first six months of 2024, the CBN and Securities Exchange Commission (SEC) had already imposed N1.502 billion in fines on 10 banking entities including Zenith Bank, Access Bank, Stanbic IBTC, UBA, GTB, Sterling, Fidelity, First Bank, FCMB and VFD Group. Notable individual cases: GTCO N692M for forex transactions with betting houses (2021), UBA N279M for late Cyber Security Report. The regulatory framework is BOFIA 2020 (Banks and Other Financial Institutions Act). In H1 2024, the top 7 banks collectively paid $10.7M USD in fines, according to Finance in Africa. Cardoso called on banks to 'address the root causes' of deficiencies.

April 12, 2017 CO confirmed

Colombia: Odebrecht-Ruta del Sol II case — $11M in bribes via Andorra/Mossack Fonseca + 30+ politicians

After Odebrecht's confession to the US DOJ in December 2016 (the largest FCPA case in history with $3.5 billion in bribes in 12 countries), the Colombian case focused on the **Ruta del Sol II** contract (vital country highway, $1.5 billion USD). Odebrecht admitted paying $11 million in bribes to obtain and maintain the contract, laundered through Banco Andorra Bank (BPA, already in this tracker) and Mossack Fonseca (Panama Papers, already in this tracker). Those implicated include: **Gabriel García Morales** (former Vice Minister of Transport 2009-2010, sentenced to 5 years prison), **Otto Bula Bula** (former Senator of the Liberal Party, convicted), **José Elías Melo Acosta** (former President of Corficolombiana, convicted), **Luis Bueno Aguirre** (Odebrecht Colombia). The case impacted **Roberto Prieto Uribe** (former campaign chief of Juan Manuel Santos 2010 and 2014), **Federico Gaviria Velásquez** (consultant), and opened investigations against former President Juan Manuel Santos. The Attorney General's Office (FGN), the Superintendency of Finance of Colombia (SFC) and the Information and Financial Analysis Unit (UIAF) coordinated enforcement. The Colombian banking sector (Bancolombia, BBVA Colombia, Davivienda, Banco de Bogotá, Banco de Occidente, Banco Popular, Scotiabank Colpatria) is concentrated and highly regulated. Colombia is a GAFILAT member.

May 30, 2017 FR confirmed

France: BNP Paribas fined €10M by the ACPR in 2017 over anti-money-laundering system failures

The ACPR Sanctions Commission fined BNP Paribas €10 million (~$11 million) in May 2017 for deficiencies in its anti-money-laundering and terrorism-financing system (LCB-FT). The contrast is telling: the same BNP Paribas had paid around $8.9 billion to US authorities in 2014 for embargo violations; the French penalty was under 0.2% of its net income, fueling debate over the proportionality of European enforcement.

April 15, 2026 AR confirmed

Argentina: $18B ARS from BCRA to Sur Finanzas/AFA in Apr 2026, linked to AFA's president

In April 2026, the Board of Argentina's Central Bank (BCRA) imposed an ARS 18,098,701,115 fine on ARS Cambios SAS — which operated under the Sur Finanzas brand — and revoked its license to operate, the most severe sanction available against a legal entity. It also fined owner Ariel Vallejo ARS 5.4 billion and his mother and shareholder Graciela Vallejo ARS 7.2 billion, barring them from the financial system for five and six years. Per the resolution (Law 18,924 and Art. 41(6) of the Financial Institutions Law), during 2023 the firm bought foreign currency at the official rate — amid Argentina's currency controls — to feed the parallel market: it traded with other exchange houses for more than USD 25 million with no verifiable genuine demand, against an average gap of 102% and an estimated gain the regulator put at around USD 25.8 million. The firm is named in a judicial probe for alleged money laundering and linked to football federation (AFA) president Claudio 'Chiqui' Tapia; the measure can be appealed before the Federal Administrative Court of Appeals within 30 days.

September 21, 2021 RU confirmed

Russia: SUEX, the first crypto exchange sanctioned by OFAC in 2021 for ransomware laundering

On September 21, 2021, the US Treasury's Office of Foreign Assets Control (OFAC) designated SUEX OTC ('Successful Exchange'), a crypto service registered in Czechia but operating in Russia, in what was the FIRST sanctions action against a cryptocurrency exchange. Treasury established that over 40% of SUEX's known transaction history was associated with illicit actors: nearly $13 million in ransomware operations (including Ryuk, Conti, Maze), over $24 million from scams like Finiko (which raised >$1 billion), and over $20 million from darknet markets like Hydra. A historic landmark that opened the era of sanctions against crypto infrastructure, followed by Chatex (Nov 2021), Garantex (Apr 2022) and Bitzlato (Jan 2023).

December 16, 2024 AU confirmed

Australia: AUSTRAC opens proceedings against Entain Group (Ladbrokes/Neds) in Dec 2024 — first online betting case

On December 16, 2024, AUSTRAC filed in the Federal Court of Australia a civil claim against Entain Group Pty Ltd, the local subsidiary of British giant Entain plc (FTSE 100), operator of Ladbrokes and Neds. The complaint alleges 'serious and systemic non-compliance' with Australia's AML/CTF laws: lack of adequate board and senior management AML oversight, vulnerabilities in customer identity verification, absent due diligence on 17 specific high-risk customers, and 24/7 operations accepting cash deposits via third parties (channels that could obscure possible criminal proceeds). It is AUSTRAC's first civil action against an online betting sector entity. The maximum fine per infraction under the AML/CTF Act 2006 is A$22.2 million (~$14.1M USD). In January 2025, reforms came into force giving AUSTRAC new examination powers and the ability to compel individuals (s.172A). Follows Crown Resorts ($450M, 2023), SkyCity Adelaide ($67M, June 2024) and the pending case against The Star Entities. Mediation ordered before August 4, 2025; defense filing by September 12, 2025.

March 26, 2020 VE confirmed

Venezuela: DOJ Maduro + 14 officials narco-terrorism indictment Mar 2020 — $15M→$25M Maduro reward

On **March 26, 2020**, DOJ + SDNY + DEA + FBI + Treasury OFAC simultaneously announced **'narco-terrorism' charges against Nicolás Maduro Moros** (Venezuelan President since 2013) and **14 other Venezuelan officials** — the first massive criminal indictment of a sitting President for narco-trafficking in US history. Charges include: **narco-terrorism conspiracy, cocaine importation, weapons offenses, NDPS violations**. Those indicted with specific designations: **Maduro** ($15M DEA reward — increased to **$25 million in January 2025**); **Diosdado Cabello** (#2 of regime, former Vice-President, $10M reward); **Tareck El Aissami** (former Vice-President, former Minister of Industry, Syrian-Venezuelan businessman, **$10M reward**); **Vladimir Padrino López** (Minister of Defense, $10M reward); **Maikel Moreno** (former Chief Justice, $5M reward); **Luis Motta Domínguez** (former Minister Electric Energy, $5M reward); **Iván Rincón Urdaneta** (former FANB Vice President); **Hugo 'el Pollo' Carvajal** (former DGCIM director, captured Spain 2014, extradited US 2023, **pleaded guilty narco-terrorism Jun 2023** + cooperator, sentencing pending). DOJ documented **'Cartel de los Soles'** — Venezuelan **state narcotrafficking operation** led by high-ranking military officers since Hugo Chávez era (2000s), coca from Colombia + Venezuelan cocaine production transit + airdrops to Honduras + maritime + Caribbean flights. Venezuela has been **'State Sponsor of Terrorism'** equivalent designated treatment by US, massive sanctions (~$5T Venezuelan economy collapse — hyperinflation 1,000,000%+ 2018-2019, 7M+ refugees, economic crisis worse than Weimar 1923). **Hugo Chávez** (President 1999-2013) died cancer March 2013. **Juan Guaidó** was designated interim President by 60+ countries 2019-2023. **María Corina Machado** won July 28, 2024 elections (75% according to parallel counts) but Maduro declared winner by CNE controlled — refugee Caracas. The elections forced refugee flow to US + Spain + Colombia + Chile + Peru — Venezuelan diaspora **8 million** = 25% population (largest refugee crisis hemisphere). Central Bank Venezuela under political Maduro control. Venezuela is GAFILAT member.

September 29, 2023 US confirmed

US: $15M from FinCEN to Shinhan Bank America in 2023 over BSA violations

FinCEN imposed in September 2023 a $15M sanction via consent order against Shinhan Bank America (SHBA), the New York subsidiary of South Korean Shinhan Bank, for BSA violations. The entity admitted the facts. A characteristic case of FinCEN's sustained enforcement against Asian-bank US subsidiaries, paralleling Mega Bank of Taiwan ($185M, 2016), Agricultural Bank of China ($215M, 2016) and Banamex USA ($140M FDIC + $97M DOJ).

January 14, 2019 NZ confirmed

New Zealand: Cryptopia $16M hack Jan 2019 — collapse + legal precedent on crypto custody

In **January 2019**, **Cryptopia** (New Zealand's largest cryptocurrency exchange, based in Christchurch) suffered a **~$16 million USD hack** that drained multiple wallets over several days. Although the amount was modest compared to other hacks, the case is significant for its **legal dimension**: Cryptopia entered liquidation (managed by Grant Thornton) in May 2019, leaving ~960,000 users with trapped funds. The central legal question was: **are cryptoassets held in custody by an exchange the legal 'property' of users, or are they unsecured creditors of the bankrupt company?** In **April 2020, the High Court of New Zealand issued a historic ruling**: it determined that **cryptocurrencies ARE 'property' in the legal sense** and that they were held **in trust for users** — meaning account holders had preferential rights over the assets above general creditors. It was **one of the first judicial precedents in the world to formally classify cryptocurrencies as legal property** + to protect exchange users in a liquidation. The case is cited internationally in the development of cryptoasset law. New Zealand is supervised by the FMA (Financial Markets Authority) + RBNZ + DIA. New Zealand is a FATF + APG member.

February 23, 2021 VG confirmed

Tether/Bitfinex: $18.5M in 2021 over false claims about the stablecoin's backing

On February 23, 2021, the New York State Attorney General (NYAG) closed, under the Martin Act, an investigation into iFinex — the Hong Kong parent of the Bitfinex exchange and of the issuer of the Tether stablecoin — with an USD 18.5 million settlement. The NYAG concluded the companies covered up the loss of about USD 850 million in client and corporate funds handed to Crypto Capital Corp, a Panama-based payment processor, and that Tether misstated that its coin was always 'fully backed' by dollars — from mid-2017 it sometimes held no reserves, after losing banking access when Wells Fargo stopped processing its transfers. They also did business with New York residents despite lacking a license. Without admitting or denying the findings, Bitfinex and Tether agreed to pay the fine, cease all activity with New Yorkers and publish quarterly reports on the composition of Tether's reserves for two years. It is a case of reserve misrepresentation and fund commingling, not money laundering in the strict sense.

April 4, 2023 ZA confirmed

South Africa: 35M ZAR (~$21M) from SARB to Nedbank in 2023 over AML shortcomings

The South African Reserve Bank (SARB) imposed in April 2023 a 35 million rand (~$21 million) penalty on Nedbank for AML non-compliance. The investigation, begun in 2019, found the bank failed to keep accurate records or adopt an appropriate risk-based approach: cash transactions above 24,999.99 rand went unrecorded and enhanced due diligence was not carried out when risk-assessing new clients. SARB noted that Nedbank had not been involved in criminal activity and had cooperated with the investigation, but the control failures could have exposed the bank to money laundering. Figure consistent with SARB's intensification in the 2019 cycle that sanctioned five banks (Absa, Capitec, Standard Bank, Nedbank, HBZ).

May 29, 2017 SG confirmed

Singapore: MAS imposed S$29.1M on eight banks and shut BSI and Falcon over the 1MDB scandal

After its largest investigation of illicit flows, the Monetary Authority of Singapore (MAS) imposed fines of S$29.1 million (~$21 million) on eight banks (BSI, Falcon, DBS, UBS, Standard Chartered, Coutts, Credit Suisse and UOB) for AML failures linked to the Malaysian sovereign fund 1MDB. The most severe was not the fine: MAS shut BSI Bank (first closure in 32 years) and Falcon Bank for 'egregious' control failures, and imposed prohibition orders on employees from 10 years to lifetime. It shows closures and bans weigh more than fines.

May 13, 2026 FR confirmed

France: €20M from ACPR to Société Générale in May 2026 — recent French retail banking record

The Sanctions Commission of the Autorité de contrôle prudentiel et de résolution (ACPR), the French regulator linked to the Banque de France, imposed on May 13, 2026 on Société Générale —as an insurance intermediary— a blâme and a €20 million pecuniary sanction (~$22 million). The supervisor found 'serious and repeated breaches' of information and advisory obligations in commercializing for 8 years an insurance automatically included in the Sobrio offering without properly informing or advising clients, plus 'Certicompte', 'Certi Epargne' and 'Mon Assurance Mobile' contracts. The decision was published in the ACPR's registry under nominal identification for 5 years. A recent case complementing the €5 million penalty on Société Générale in 2017 for money laundering and the €1 million on its subsidiary Treezor in 2024. The ACPR record remains La Banque Postale (€50 million, 2018, for counter-terrorism financing).

November 11, 2024 GB confirmed

UK: £16.7M to Metro Bank from the FCA in 2024 over four-and-a-half-year transaction monitoring failures

On November 11, 2024, the UK Financial Conduct Authority (FCA) fined Metro Bank GBP 16,675,200 (~USD 21 million) for control failures that left more than 60 million transactions, worth over GBP 51 billion, unmonitored between June 2016 and December 2020. The automated monitoring system Metro deployed in 2016 'did not work as intended': a data-feed error meant transactions made on the same day an account was opened — and any further transactions until the account record was updated — went unmonitored. Junior staff raised concerns in 2017 and 2018 without the issue being fixed; the bank identified it in April 2019, applied a partial fix in July 2019, but lacked a consistent checking mechanism until December 2020. The penalty — for breaching the FCA's Principle 3 — was cut 30% from nearly GBP 24 million for early settlement. It was the FCA's second fine on Metro in a month, after the more than GBP 10 million in 2022 for giving incorrect information to investors.

December 2, 2016 SG confirmed

Singapore: SGD 30M from MAS to 8 banks over 1MDB — the largest-ever Singaporean AML operation

MAS imposed between 2016-2017 combined fines of SGD 30M (~$22M) on 8 institutions for 1MDB roles. Individual amounts: Standard Chartered SGD 5.2M; Coutts SGD 2.4M; UBS SGD 1.3M; DBS SGD 1M; United Overseas Bank; Credit Suisse; extreme cases BSI (closed May 2016, SGD 13.3M) and Falcon (closed October 2016, SGD 4.3M). MAS issued 8 Prohibition Orders (3 years to lifetime). Tim Leissner (Goldman Sachs Singapore) got Prohibition Order notification for false statements. Singapore's largest-ever AML operation.

February 4, 1976 US confirmed

US: Lockheed bribery scandal 1976 — $22M bribes Japan/Netherlands/Italy → originated the FCPA Act 1977

On **February 4, 1976**, during the **US Senate Church Committee hearings** (Frank Church, investigation of US intelligence + corporate misconduct), **Lockheed Corporation** (largest US aerospace defense contractor) revealed it had paid **~$22 million USD in bribes to foreign government officials** between 1950s-1970s to sell aircraft (TriStar L-1011, F-104 Starfighter, P-3 Orion, C-130 Hercules) — **one of the most impactful corporate corruption scandals in history, which directly originated the Foreign Corrupt Practices Act (FCPA) of 1977**, the world's first national law criminalizing transnational bribery. The most prominent cases: **(1) Japan** — Lockheed paid **$3M to Prime Minister Kakuei Tanaka** (via Marubeni trading company + ultra-nationalist Yoshio Kodama, former yakuza affiliate) so All Nippon Airways would buy TriStar aircraft — Tanaka **arrested July 1976, convicted in 1983 to 4 years** (appeal pending at his death 1993) — Japan's biggest post-WWII political scandal, brought down the LDP government; **(2) Netherlands** — **Prince Bernhard** (Queen Juliana's consort) received **$1.1M** in bribes — forced to resign from all his military/business positions 1976 (royal scandal); **(3) Italy** — payments to Christian Democrat + Social Democrat politicians (Italian Lockheed scandal, President Giovanni Leone forced to resign 1978); **(4) West Germany, Turkey, Saudi Arabia** (Adnan Khashoggi $106M commissions as middleman). **Carl Kotchian** (Lockheed Vice-Chairman/President) testified before the Senate + wrote memoirs. **A. Carl Kotchian + Daniel Haughton** (Chairman) forced to resign. The **FCPA Act was signed by Jimmy Carter on December 19, 1977** — prohibited US companies + nationals from paying bribes to foreign officials, required accurate books & records, established SEC + DOJ joint enforcement. FCPA was **the global model** for OECD Anti-Bribery Convention (1997), UK Bribery Act (2010), etc. The Lockheed case is **referenced as the origin of the modern transnational anti-corruption global regime**.

November 7, 2025 KR confirmed

South Korea: KRW 35.2B ($24M) from FIU to Upbit/Dunamu in Nov 2025 — first of Korean crypto sweep

In November 2025, South Korea's Financial Intelligence Unit (FIU) — under the Financial Services Commission — fined Dunamu, operator of Upbit (the country's largest crypto exchange), an administrative KRW 35.2 billion (~USD 24.2 million) after finding about 8.6 million breaches of the Specified Financial Transaction Information Act: roughly 5.3 million customer-due-diligence failures, about 3.3 million breaches of the duty to restrict trading until checks were complete, and 15 missed suspicious-transaction reports. It was the first in a sequential 'first-in, first-out' sweep (Dunamu, inspected August 2024; then Korbit, GOPAX, Bithumb and Coinone). The FIU had also imposed, in February 2025, a three-month partial suspension on new customers; Dunamu appealed, and in April 2026 the Seoul Administrative Court overturned that suspension, finding the rules for transfers below one million won were not specific enough.

September 1, 2023 KR confirmed

Shinhan (South Korea): $25M to its New York unit for AML deficiencies

The New York unit of South Korean giant Shinhan Financial Group agreed in September 2023 to pay $25 million to US federal and New York state regulators, over claims of 'substantial compliance deficiencies' in its transaction monitoring and its Bank Secrecy Act obligations, despite earlier enforcement measures to fix the problems.

April 5, 2022 RU confirmed

Russia/Germany: April 2022 international takedown of Hydra, the world's largest darknet market ($5bn)

On April 5, 2022, in a coordinated operation between Germany's Central Office for Combating Cybercrime (ZIT) and the Federal Criminal Police Office (BKA), Hydra Market's servers were dismantled. Germany seized 543.3 bitcoin worth around $25 million. The same day, OFAC designated Hydra and added more than 100 associated crypto addresses to the SDN list, identifying approximately $8 million in ransomware proceeds (Ryuk, Sodinokibi, Conti) that had transited Hydra. Hydra had facilitated over $5 billion in bitcoin transactions since its launch in December 2015, according to Elliptic, offering drugs, cybercrime tools and laundering services in Russian. Garantex was sanctioned the same day (Estonia/Russia, already in the tracker), evidencing a multi-front offensive against Russian crypto infrastructure.

February 4, 2025 DE confirmed

Germany: BaFin fines Deutsche Bank €23.05M (Feb 2025) for conduct failures (WpHG/ZKG), not AML

On February 4, 2025, Germany's financial regulator BaFin fined Deutsche Bank AG EUR 23.05 million — its second-highest ever — for three sets of organizational and record-keeping breaches, not money laundering. The largest (EUR 14.8 million) covers failures of organizational duties under the Securities Trading Act (WpHG) in distributing currency derivatives to Spanish SMEs, a matter that also triggered a sanctions proceeding by Spain's CNMV; EUR 4.6 million because its Postbank branch failed to properly record telephone investment advice; and EUR 3.65 million for breaching the Payment Accounts Act (ZKG) on account-switching assistance. The bank accepted the fine, already covered by provisions. For comparison, BaFin's largest-ever fine (~EUR 40 million, 2015) was indeed for AML-prevention failures at Deutsche Bank.

March 16, 2026 KR confirmed

South Korea: KRW 36.8B ($24.6M) from FIU to Bithumb in Mar 2026 — second of the crypto sweep

On March 16, 2026, South Korea's Financial Intelligence Unit (FIU) — the anti-money-laundering body under the Financial Services Commission (FSC) — fined Bithumb, the country's second-largest crypto exchange, 36.8 billion won (~USD 24.6 million) and ordered a six-month partial business suspension, after a Sanctions Review Committee identified about 6.65 million breaches of the Act on Reporting and Using Specified Financial Transaction Information: roughly 3.55 million customer-identification (KYC) failures and 3.04 million failures to block transactions with unregistered virtual-asset providers; the CEO received a reprimand warning. It is part of a sequential sweep of the major exchanges (Upbit/Dunamu, 35.2 billion won in November 2025; Korbit, 2.73 billion). On April 30, 2026, the Seoul Administrative Court granted a stay of the partial suspension pending litigation; whether the fine is also stayed was unclear.

June 3, 2002 TO confirmed

Tonga: the 'king's jester' and the passport Trust Fund, ~26 million lost in ruinous investments

The Kingdom of Tonga's most famous financial scandal combines passport sales and the unusual figure of a 'king's jester'. In the 1980s and 1990s, Tonga sold thousands of passports —more than 5,000 at about 20,000 dollars each, mainly to Hong Kong residents anxious about the colony's 1997 handover to China—, in a citizenship-by-investment scheme authorized by King Tāufaʻāhau Tupou IV and promoted by Hong Kong entrepreneur George Chen. The proceeds, about 26 million dollars, equivalent to nearly 40% of the state's annual revenue, formed the Tonga Trust Fund. A US Bank of America financial advisor, Jesse Bogdonoff, who managed the account, convinced the monarch in 1999 to appoint him official court jester —'King of Jesters and Jester to the King'— so he could keep managing the fund. On his advice, the money was placed in high-risk investments, including a manager specializing in 'viaticals' (life-insurance policies of the terminally ill) that promised 30% returns and went bankrupt in 2002, plus companies that, according to the later lawsuit, paid him secret commissions. The fund was practically wiped out. In June 2002, the Tongan government sued Bogdonoff and the others involved before a federal court in San Francisco for fraud and negligence, alleging that as much as 24 of the 26 million had vanished; the case prompted the resignation of the deputy prime minister. In February 2004, Bogdonoff —without admitting guilt— reached a settlement to return about one million dollars, a fraction of what was lost. The episode, tied to the risks of 'golden passport' schemes, remains a case study on the need for sound financial governance in small island states. Supervision rests with the National Reserve Bank of Tonga (NRBT) and its financial intelligence unit, with Tonga a member of the APG; the country, heavily dependent on remittances, also faces the pressure of correspondent-banking withdrawal.

March 7, 2025 RU confirmed

Garantex: the Russian exchange dismantled in 2025 after processing $96bn and evading years of sanctions

On March 7, 2025, the US Justice Department (Eastern District of Virginia) and the Secret Service, coordinating with Germany and Finland (with support from the Netherlands, Estonia and Europol), dismantled Garantex, a Russia-based crypto exchange: they seized its domains (garantex.org/.io/.academy) and servers, froze more than USD 26 million, and charged its administrators — Lithuanian Aleksej Besciokov (technical administrator) and Russian Aleksandr Mira Serda (co-founder and chief commercial officer) — with money-laundering conspiracy; Besciokov also with sanctions evasion and unlicensed money transmitting. Authorities say Garantex processed at least USD 96 billion since April 2019 and channeled hundreds of millions in ransomware, darknet-market, terrorism and drug-trafficking funds, despite being sanctioned by OFAC in April 2022. Besciokov was arrested in India on March 12, 2025. In August 2025, OFAC re-designated Garantex, its successor Grinex and co-founders Sergey Mendelev and Pavel Karavatsky, with rewards of up to USD 6 million for its leaders.

May 29, 2025 AE confirmed

UAE: AED 100M from CBUAE to a repeat-offender exchange house in May 2025

On May 29, 2025, the CBUAE imposed an AED 100 million (~USD 27.2 million) sanction on a repeat-offender exchange house for anti-money-laundering and counter-terrorism-financing breaches, including failing to implement remediation plans required after prior inspections. It came days after the record AED 200 million penalty on another exchange house and is part of the 2025 enforcement wave — more than AED 380 million in eight months — through which the regulator tightened oversight of the sector, especially exchange houses and hawala providers, after exiting the FATF and EU lists. Recidivism and failure to remediate were aggravating factors.

July 7, 2025 GB confirmed

UK: £21.1M to Monzo from the FCA in Jul 2025 over AML failings during its tenfold growth

On July 7, 2025, the UK Financial Conduct Authority (FCA) issued a Final Notice fining Monzo Bank Ltd GBP 21,091,300 (~USD 28 million) for serious deficiencies in its financial-crime systems and controls between October 2018 and August 2020, during near-tenfold growth (from about 600,000 to 5.8 million customers). The FCA found failures in onboarding, risk assessment and transaction monitoring — it even accepted customers with 'obviously implausible' addresses, such as well-known London landmarks — and, in addition, repeated breaches of a requirement barring Monzo from onboarding high-risk customers: it opened more than 34,000 such accounts between August 2020 and June 2022. The penalty was cut 30% (from GBP 30,130,475) for early settlement and is the FCA's tenth against a bank for such failings in four years.

October 11, 2022 US confirmed

Bittrex: $29M in 2022, one of the first major AML penalties against a crypto exchange

FinCEN announced a $29 million settlement with crypto exchange Bittrex in October 2022 for failing to maintain an adequate Bank Secrecy Act compliance program. It was one of the first major AML enforcement actions against a crypto platform, anticipating the front later marked by Binance, OKX and BitMEX.

August 2, 2022 US confirmed

US: NYDFS fines Robinhood Crypto $30M in Aug 2022 — first NYDFS crypto enforcement

On August 2, 2022, the New York State Department of Financial Services (NYDFS) imposed a USD 30 million penalty on Robinhood Crypto, LLC (RHC) — Robinhood's cryptocurrency division — in the regulator's first crypto enforcement action carrying a monetary penalty. A safety-and-soundness examination found significant deficiencies in its Bank Secrecy Act / anti-money-laundering (BSA/AML) program and critical cybersecurity failures: the compliance function was poorly staffed, it kept a manual transaction-monitoring system inadequate for its size — with a backlog of alerts awaiting review for possible suspicious-activity reports — and the chief compliance officer reported to product operations rather than to a legal or compliance executive. The order found violations of New York's Virtual Currency (Part 200), Money Transmitter (Part 417), Transaction Monitoring (Part 504) and Cybersecurity (Part 500) regulations. Superintendent Adrienne Harris said RHC failed to invest the resources needed to 'maintain a culture of compliance'; it was required to retain an independent consultant for 18 months.

February 9, 2023 US confirmed

US: Kraken $30M SEC settlement — staking program shutdown US Feb 2023 + Iran OFAC violations

On **February 9, 2023**, **Kraken (Payward Inc, Co-founded by Jesse Powell 2011, ~7M users)** agreed to pay **$30 million USD to SEC in settlement** + **shutdown of 'Kraken Staking' program for US clients** (the program paid 4-20% APY on staking ETH, ADA, SOL, DOT, ATOM, MATIC, etc. to 1M+ US users). SEC alleged the staking program was an 'unregistered securities offering' under Howey Test — the first major SEC enforcement against a crypto staking program. Additionally, in **November 2022, Kraken agreed $362,158 settlement with OFAC** for processing **826 transactions worth $1.7M for Iran users (geographic IP detection failed)** between 2015-2019. **Jesse Powell** (Co-Founder/CEO 2011-2023) resigned CEO September 2022, **David Ripley** (COO) assumed CEO. Kraken **has NOT obtained NYDFS BitLicense** and operates with state-by-state licenses + Federal MSB registration. Kraken has been vocal opponent of SEC enforcement style ('regulation by enforcement' criticism Gary Gensler-era 2021-2024). Post-Trump 2.0 (January 2025), SEC has **dropped Kraken case June 2025** (along with Coinbase, Binance, Robinhood cases) — reflects crypto-friendly enforcement turn. Kraken announced **IPO planned 2025-2026** and registered with **Australian Securities and Investments Commission (ASIC)** + **Cyprus Securities and Exchange Commission (CySEC)** + **Bermuda Monetary Authority** + **Malta Financial Services Authority** + **UK FCA registration**.

December 31, 2023 AE confirmed

UAE: the Central Bank imposed AED 113M in AML fines in 2023 (181 on-site exams)

The UAE Central Bank conducted 181 on-site examinations in 2023 and imposed over AED 113 million (~$31 million) in fines on banks, exchange houses, insurers and hawaladars for AML/CFT breaches. The Emirati FIU processed over 8,300 intelligence requests and signed 68 MOUs with foreign FIUs. It reflects the country's effort to strengthen supervision after FATF pressure.

October 2, 2024 GB confirmed

UK: £28.96M to Starling from the FCA in 2024 over 'shockingly lax' controls and 54,000 high-risk accounts

The FCA fined Starling Bank in October 2024 £28.96 million (~$39 million, originally £41 million before settlement discount) for AML failings described as 'shockingly lax'. Despite a regulatory restriction barring the bank from opening accounts for high-risk customers, Starling opened more than 54,000 such accounts between 2021 and 2023. The bank's sanctions screening system had also been misconfigured for years, leaving it 'wide open to criminals' until a 2023 internal review. The FCA noted it had resolved the case in just 14 months, compared with the 42-month average for cases closed in 2023-2024, in what it described as an acceleration of its enforcement pace.

June 10, 2018 KR confirmed

South Korea: Coinrail $40M hack Jun 2018 — minor exchange with global market impact

On **June 10, 2018**, **Coinrail** (a medium-sized South Korean cryptocurrency exchange) suffered a **~$40 million USD hack** in various tokens (mainly Pundi X/NPXS, Aston, NPER and other lower-cap ERC-20 tokens). Although Coinrail was a relatively minor exchange, the hack had a **notable impact on the global crypto market**: it coincided with (and was partially blamed for) a ~10% drop in Bitcoin's price that weekend, illustrating how even hacks to secondary exchanges could affect market sentiment in 2018. Coinrail managed to **freeze and recover part of the stolen tokens** with the cooperation of issuing projects (which froze or reissued tokens) — a precedent for the recovery model that KuCoin would later use. The case occurred amid South Korea's regulatory boom on crypto (one of the world's largest markets) and reinforced concerns about the security of small Korean exchanges. South Korea is supervised by the FSC + FSS + KoFIU + KISA. South Korea is a FATF + APG member.

May 13, 2004 US confirmed

Riggs Bank: $41M in 2004 over the Pinochet and Equatorial Guinea accounts, ended up sold

On May 13, 2004, the Office of the Comptroller of the Currency (OCC) and Treasury's FinCEN fined Riggs Bank — the Washington institution with a near-monopoly on diplomatic banking — a USD 25 million civil penalty, the largest ever imposed at the time for violating the Bank Secrecy Act (BSA), for willful, systemic failures of its anti-money-laundering program: it failed to monitor and report suspicious transactions in accounts of the Saudi Arabian embassy and of Equatorial Guinea officials. A US Senate Permanent Subcommittee on Investigations report (July 15, 2004, led by Carl Levin) revealed Riggs helped former Chilean dictator Augusto Pinochet hide about USD 8 million from international prosecutors — through shell companies and aliases such as 'Red Fox' — and administered more than 60 accounts for Teodoro Obiang's regime in Equatorial Guinea (up to USD 700 million in deposits), also flagging oil-company payments to officials and their families. In January 2005, Riggs pleaded guilty to a criminal charge of failing to report suspicious transactions and agreed to a USD 16 million fine; it was soon acquired by PNC Financial Services.

June 7, 2024 AU confirmed

Australia: A$67M ($45M) to SkyCity Adelaide from AUSTRAC in Jun 2024 over AML/CTF failures

On June 7, 2024, the Federal Court of Australia (Justice Lee) ordered SkyCity Adelaide to pay AUD 67 million (~USD 45 million), plus AUD 3 million in costs, after it admitted breaches of the 2006 AML/CTF Act: its programs failed to meet legal requirements and it did not carry out appropriate ongoing customer due diligence on high-risk patrons — AUSTRAC alleged due-diligence failures in 124 instances from December 2016. It was the second civil penalty AUSTRAC secured against an Australian casino, after Crown's AUD 450 million in 2023. The penalty, agreed in May, reflected SkyCity's cooperation and early admissions, which resolved the case; AUSTRAC had launched proceedings in December 2022. AUSTRAC CEO Brendan Thomas said the action served as a reminder to the gaming sector about its obligations.

March 15, 2023 DE confirmed

ChipMixer: 2023 international takedown of the mixer that laundered ~$3bn in crypto

In March 2023, in a coordinated operation between the FBI, Europol and German police, the dark-web crypto mixing service ChipMixer was dismantled, accused of laundering around $3 billion. German authorities seized $46 million in crypto and the service's servers, and the US seized domains and a GitHub account. An example of cross-border enforcement against crypto-laundering infrastructure.

October 5, 2021 SC confirmed

Seychelles: offshore haven of the Pandora Papers, leaves the EU blacklist and opens its first major money-laundering case

The Seychelles archipelago, one of the world's major hubs for setting up shell companies, experienced two events in 2021 that sum up its crossroads. On October 5, the European Union removed it from its tax-haven blacklist —along with Anguilla and Dominica— and moved it to the grey watch list, after the OECD granted it an additional review on tax transparency; the decision coincided with the publication of the Pandora Papers, the International Consortium of Investigative Journalists (ICIJ) leak that placed Seychelles, alongside the British Virgin Islands, Belize, Hong Kong and Panama, among the preferred destinations for hiding identities, and was criticized by organizations such as Oxfam and by MEPs, who called it a 'joke' and 'grotesque'. The Pandora Papers included more than a million records from two Seychellois offshore service providers, Alpha Consulting and All About Offshore (AABOL), and revealed more than twenty politicians from Africa, Asia and Europe with structures on the island, from a former prime minister of Mozambique to Isabel dos Santos, daughter of Angola's former president. In parallel, the country opened its first major money-laundering case: in November 2021 it arrested Mukesh Valabhji, one of the archipelago's richest and most powerful men, and his wife, accused of laundering some USD 50 million, including funds donated to the Seychellois government; prosecutors presented it as part of the effort to shed its reputation as a financial-crime hotspot. Supervision rests with the Central Bank of Seychelles (CBS), the Financial Services Authority (FSA), which regulates the offshore sector, and the financial intelligence unit, with Seychelles a member of ESAAMLG.

November 8, 2021 LV confirmed

Latvia/Russia: OFAC sanctions in Nov 2021 Chatex, the Telegram bot founded by the same founder as SUEX

On November 8, 2021, OFAC designated Chatex, a P2P cryptocurrency service based on a Telegram bot with presence in Latvia and Russia and over 366,000 users. Per Treasury, more than half of Chatex transactions could be traced to illicit or high-risk activities (darknet markets, ransomware). OFAC also designated IZIBITS OU, Chatextech SIA and Hightrade Finance Ltd, the three companies that built Chatex's infrastructure. Key detail: Chatex was founded by Egor Petukhovsky, the same creator of SUEX (sanctioned two months earlier), evidencing that the network of Russian ransomware-enabling services operated under common individuals. Second OFAC action against a crypto exchange.

February 12, 2013 IT confirmed

Italy/India: AgustaWestland case (2013) — €52M in bribes to Tyagi family + European intermediaries

On February 12, 2013, Italian authorities arrested Giuseppe Orsi (CEO of Finmeccanica, Italian state-controlled defense conglomerate) and Bruno Spagnolini (CEO of AgustaWestland) over the case of **VVIP AW101 helicopters sold to India**. The €556 million contract (8 helicopters for VVIP transport of the Indian Air Force) signed in 2010 with the Singh administration (UPA-2) had involved **€52 million ($60M USD) in bribes** distributed via European intermediaries: Christian Michel (British, extradited from UAE to India in December 2018), Carlo Gerosa (Swiss), Guido Haschke (Italian). The main recipients in India were members of the Tyagi family: Air Marshal Shashindra Pal Tyagi (head of the Indian Air Force during the contract, subsequently arrested by CBI India), his three cousins (Julie Tyagi, Sandeep Tyagi and Docsa Tyagi). Funds flowed via accounts in Switzerland and Tunisia, with use of shell companies in Mauritius and Singapore. The Swiss OAG froze assets. India's Central Bureau of Investigation (CBI) pursued the domestic case, while the British Serious Fraud Office (SFO) and Italian Prosecutors worked in parallel. Final convictions were mixed: Orsi was acquitted in Italy in 2018, but partially convicted in 2019 appeal trial. The case caused the fall of the Finmeccanica CEO and rebrand to Leonardo S.p.A. in 2017.

August 5, 2016 PH confirmed

Philippines: $53M from BSP to RCBC in Aug 2016 over Bangladesh Bank cyber heist — Philippines' largest fine

On August 5, 2016, the Philippine central bank (Bangko Sentral ng Pilipinas, BSP) fined Rizal Commercial Banking Corporation (RCBC) PHP 1 billion (~USD 21 million), its largest ever, for failing to prevent the laundering of the USD 81 million stolen from Bangladesh Bank. In February 2016, hackers — later attributed to North Korea's Lazarus Group — issued fraudulent payment orders against Bangladesh's central bank account at the Federal Reserve Bank of New York; of the nearly USD 1 billion they tried to steal, USD 81 million was transferred to four fictitious accounts at RCBC's Jupiter Street branch (Makati), converted to pesos and funneled, via the remittance firm Philrem, into casinos — then outside the scope of the anti-money-laundering law (AMLA) — which hindered tracing. RCBC paid the fine (MB Resolution No. 1392) in two PHP 500 million tranches; its president Lorenzo Tan resigned and branch manager Maia Santos-Deguito was convicted of money laundering (upheld on appeal in 2023). Only a fraction of the money was recovered.

May 20, 2025 AE confirmed

UAE: AED 200M (~$54.4M), the Central Bank's largest AML penalty against an exchange house (2025)

On May 20, 2025, the Central Bank of the UAE (CBUAE) imposed a financial sanction of AED 200 million (~USD 54.4 million) on an exchange house — its largest-ever AML penalty — under Article 137 of Federal Decree-Law No. 14 of 2018, after finding 'significant failures' in its anti-money-laundering and counter-terrorism-financing framework (KYC deficiencies, weak monitoring of large transactions and suspicious-transaction reporting). It also fined a branch manager AED 500,000 and permanently barred him from holding any position at a licensed UAE financial institution. The action is part of the CBUAE's intensified supervision after the UAE exited the FATF grey list and the EU high-risk list in 2024.

March 15, 2018 LK confirmed

Sri Lanka: the central bank bond scandal (Mahendran/Perpetual Treasuries), the country's largest financial fraud

Sri Lanka's largest documented financial fraud is the Central Bank (CBSL) bond scandal. On February 27, 2015, with Arjuna Mahendran as governor, the CBSL advertised an auction of 1 billion rupees in 30-year bonds but accepted bids for about 10 billion —ten times more— from which Perpetual Treasuries Ltd (PTL), a primary dealer owned by Mahendran's son-in-law Arjun Aloysius, benefited; a second, larger operation took place in March 2016. A parliamentary committee (COPE, 2016) and a Presidential Commission of Inquiry (2017) concluded that there were serious irregularities and that Mahendran leaked inside information so that PTL could make huge profits, and recommended legal action against him, Aloysius, PTL CEO Kasun Palisena, and CBSL and EPF pension-fund officials. A forensic audit (KPMG/BDO, 2019) estimated losses to the EPF of nearly 10 billion rupees. In 2018, a Colombo court issued an arrest warrant against Mahendran, who had fled to Singapore —where he resides— and whose extradition remains unresolved; Aloysius and Palisena were arrested and later released on bail. Mahendran denies any wrongdoing and claims he was a victim of his own transparency; in 2022 a court dismissed some of the charges over flaws in the indictments. Supervision rests with the Central Bank of Sri Lanka, which houses the country's financial intelligence unit, a member of the Asia/Pacific Group on Money Laundering (APG). The case, still not fully resolved, is often cited in the debate over the debt crisis and the 2022 sovereign default.

November 5, 2021 US confirmed

US: bZx $55M hack Nov 2021 — DeFi pioneer + first CFTC precedent against a DAO

**bZx** (a pioneer DeFi lending protocol, later renamed Fulcrum/Ooki) has dual relevance. **(1) Hacks:** bZx was one of the first DeFi protocols to suffer **flash loan attacks** (two in February 2020, ~$1M, considered the first documented DeFi flash loan attacks) and then a major hack of **~$55 million USD in November 2021** (a developer fell for a phishing attack that compromised the protocol's private keys). **(2) Historic regulatory precedent:** in **September 2022, the CFTC took unprecedented action against the 'Ooki DAO'** (the decentralized autonomous organization governing the bZx/Ooki protocol) — arguing that the DAO was an 'unincorporated association' legally responsible for operating an illegal derivatives trading platform. The CFTC **won the case in 2023** (a federal court ruled that the Ooki DAO was liable + imposed a $643,542 fine + ordered its shutdown), establishing the **historic precedent that a DAO can be considered a liable legal entity** and sanctioned by regulators — a blow to the notion that decentralization exempts from legal liability. The case is referenced as **the foundational precedent on the legal liability of DAOs + the first DeFi flash loan attacks**. It has enormous implications for decentralized governance.

July 16, 2025 GB confirmed

United Kingdom: £42M to Barclays from the FCA in Jul 2025, the largest UK AML fine since 2022

The Financial Conduct Authority (FCA) imposed in July 2025 a total of £42 million (~$56 million) on Barclays Bank PLC and Barclays Bank UK PLC in two separate cases. The largest, £39.3 million on Barclays Bank PLC (reduced from £56.2 million for early settlement), is for failings in managing money laundering risk at Stunt & Co, which received £46.8 million in just over a year from Fowler Oldfield, a multimillion-pound laundering operation; Fowler Oldfield's directors were sentenced to more than 11 and 10 years in prison in March 2025. The second case, £3.1 million on Barclays Bank UK PLC, for opening a client money account for WealthTek without checking the Financial Services Register, which showed the firm was not authorized to hold client funds. It is Barclays' third FCA AML fine, after those of 2015 and 2022.

December 21, 2018 FR confirmed

France: La Banque Postale fined €50M by the ACPR in 2018, France's largest AML penalty at the time

The ACPR Sanctions Commission (Bank of France) fined La Banque Postale in December 2018 a reprimand plus €50 million (~$57 million) for failures detecting transactions by asset-frozen persons in its 'mandats cash' service (fast transfers without an account). The ACPR found 75 transfers between 2009 and 2017 by 10 asset-frozen persons, nine from anti-terrorism investigations. It was the French supervisor's largest monetary penalty against a bank at the time; the Council of State upheld it.

September 14, 2018 JP confirmed

Japan: Zaif $60M hack Sep 2018 — Japanese exchange sold to Fisco after the theft

On **September 14, 2018**, **Zaif** (a Japanese cryptocurrency exchange operated by Tech Bureau Corp, based in Osaka) suffered the theft of **~$60 million USD** in Bitcoin, Bitcoin Cash and MonaCoin (of which ~$37M were customer funds and the rest the company's own). The hack was made possible by a security flaw in the hot wallets. It was one of several hacks that hit Japanese exchanges in 2018 (after Coincheck in January). The **Japan FSA**, which had already intensified supervision post-Coincheck, had issued **improvement orders to Zaif/Tech Bureau** even before the hack (the company had known compliance deficiencies). After the theft, Tech Bureau, unable to cover the losses on its own, **agreed to sell Zaif to Fisco Cryptocurrency Exchange** (in exchange for a capital injection of ~¥5 billion to reimburse users). The case reinforces the pattern of **Japanese exchanges as recurring targets** (Mt. Gox 2014, Coincheck 2018, Zaif 2018, DMM 2024) and the progressively stricter regulatory response of the Japanese FSA, a global pioneer in crypto regulation. Japan is a FATF + APG member.

October 19, 2020 US confirmed

Helix: $60M from FinCEN in 2020, the first bitcoin mixer penalized for money laundering

FinCEN imposed a $60 million civil penalty in October 2020 on Larry Dean Harmon, operator of the crypto mixers Helix and Coin Ninja —FinCEN's first action against a bitcoin 'mixer'—. Helix processed around 354,468 bitcoin (~$300 million at the time) advertised on the dark web to anonymously pay for drugs and guns. Harmon pleaded guilty to laundering conspiracy in 2021, was sentenced to three years in prison and over $400 million in assets were forfeited.

December 19, 2017 KR confirmed

South Korea: Youbit bankruptcy Dec 2017 — exchange went bankrupt after hack (DPRK suspected)

On **December 19, 2017**, **Youbit** (a South Korean cryptocurrency exchange, formerly called Yapizon) declared bankruptcy after suffering its **second hack of the year** — losing approximately **17% of its total assets**. The first hack (April 2017) had already cost it ~$5M; the second (December 2017) was the final blow that led to immediate insolvency. Combined losses were estimated in the range of **$70 million USD**. The South Korean intelligence service (**NIS**) and KISA **attributed the attacks to North Korea (DPRK)** — one of the first publicly documented cases of North Korean attacks on South Korean exchanges as part of its **proliferation finance** campaign. Youbit was notable for being **one of the first exchanges to go bankrupt directly as a consequence of a hack** (unlike Mt. Gox which took years, Youbit collapsed immediately). The case accelerated South Korea's regulatory tightening on crypto exchanges. It established the precedent of the pattern of **DPRK attacking its southern neighbor** — which would continue with attacks on Bithumb, Upbit, and others. South Korea is supervised by the FSC + FSS + KoFIU. South Korea is a FATF + APG member.

December 4, 2023 MR confirmed

Mauritania: former president Mohamed Ould Abdel Aziz convicted of laundering and illicit enrichment

Mauritania's largest money-laundering case is that of former president Mohamed Ould Abdel Aziz, who came to power through a 2008 coup and governed from 2009 to 2019 as a Western ally in the Sahel's counter-jihadist fight. Following a parliamentary inquiry opened in 2020, he was charged in 2021 alongside a dozen senior figures —including two former prime ministers— with illicit enrichment, abuse of office, influence-peddling and money laundering. The trial, the longest in the country's history, began in January 2023; on December 4, 2023, a Nouakchott court found him guilty of illicit enrichment and laundering —investigators say he amassed more than USD 70 million in assets during his term— and sentenced him to five years in prison, with confiscation of assets and loss of civic rights; authorities had frozen some 41 billion ouguiyas (~USD 100 million), more than half belonging to the Aziz family. Both the state, which appealed the leniency, and the defense appealed, and on May 14, 2025 the Court of Appeal raised the sentence to 15 years and a USD 3 million fine, upheld the asset seizure, dissolved the family 'Errahma' foundation and sentenced his son-in-law to two years for influence-peddling; in November 2025, the Supreme Court confirmed the 15 years. The case is seen as a rare example of accountability for an African head of state. Aziz denies all charges and his defense argues the process is political revenge by his successor, President Mohamed Ould Cheikh Ghazouani —a former ally, partner in the 2008 coup and his ex-chief of staff—, and that it reflects the executive's pressure on the judiciary. Financial supervision rests with the Central Bank of Mauritania (BCM) and the Financial Information Analysis Commission (CANIF).

November 28, 2019 MV confirmed

Maldives: the MMPRC scandal and the money-laundering conviction of former president Abdulla Yameen

The Maldives' largest corruption and money-laundering case is the MMPRC scandal, involving the state tourism-marketing corporation. According to investigations —exposed by an Al Jazeera report in 2016—, more than USD 79 million obtained by MMPRC from leasing islands and lagoons for tourism, at least fifty of them awarded without public tender, were diverted to private accounts, cashed out and used to bribe politicians; witnesses even described delivering the money in black bags. The case implicated former president Abdulla Yameen (2013-2018), half-brother of former strongman Maumoon Abdul Gayoom. On November 28, 2019, the Criminal Court convicted him of money laundering —for receiving USD 1 million of state funds into his account through the company SOF Pvt Ltd— and sentenced him to five years in prison and a USD 5 million fine. That conviction was overturned by the Supreme Court in 2021; then, in December 2022, he was convicted again, this time to 11 years for bribery and money laundering over the lease of the V. Aarah islet; and in April 2024 the High Court also set aside that ruling, finding the trial unfair and riddled with procedural irregularities, ordered a new trial and freed him. Yameen, seen as close to China against his pro-India rivals, has always denied the charges, and his parties call them political persecution motivated by his 'economic development success'. The case, still unresolved, remains pending a new trial. Financial supervision rests with the Maldives Monetary Authority (MMA) and its financial intelligence unit, with the country a member of the APG.

March 6, 2026 US confirmed

US: FinCEN fines Canaccord Genuity $80M (Mar 2026) — largest-ever BSA penalty against a broker-dealer

On March 6, 2026, FinCEN (Financial Crimes Enforcement Network of the US Treasury) entered Consent Order No. 2026-01 imposing an USD 80 million civil money penalty on Canaccord Genuity LLC, the US broker-dealer subsidiary of Canada's Canaccord Genuity Group (TSX: CF). FinCEN called it the largest penalty ever imposed on a broker-dealer for violating the Bank Secrecy Act (BSA). FinCEN found a willful failure of the firm's anti-money laundering program from March 2018 through June 2024: inadequate customer due diligence, weak transaction monitoring, and the failure to file at least 160 Suspicious Activity Reports (SARs) on dozens of OTC securities with thousands of underlying suspicious transactions. The action was coordinated with the SEC and FINRA, which each imposed USD 20 million; FinCEN credited those payments, USD 5 million was suspended pending a SAR lookback review, and Canaccord paid USD 75 million. The Consent Order also describes an 'Individual 2' whose services, per FinCEN, benefited sanctioned Russian oligarch Konstantin Malofeyev; The Globe and Mail linked that profile to Demetris Ioannides (Cyprus-based MeritServus). FinCEN Director Andrea Gacki called it a 'wake-up call' to broker-dealers that willfully fail to comply. It is the first major AML action coordinated by all three agencies (FinCEN-SEC-FINRA) against a broker-dealer, a sector historically less scrutinized than commercial banks.

January 15, 2025 US confirmed

US: Block/Cash App paid $80M settlement with 48 states for AML/BSA failures (Jan 2025)

On January 15, 2025, in an action coordinated by 48 US state financial regulators through the Conference of State Bank Supervisors (CSBS), Block, Inc. — operator of Cash App, with more than 50 million users — agreed to pay USD 80 million and undertake corrective measures for violating the Bank Secrecy Act and AML rules: deficiencies in customer due diligence, identity verification, suspicious-activity reporting and high-risk account controls. Block will hire an independent consultant to review its BSA/AML program, reporting within nine months and with twelve months to remediate. The effort was led by Arkansas, California, Massachusetts, Florida, Maine, Texas and Washington; each state receives its share (e.g., Maryland about USD 1.6 million). It is separate from the USD 40 million Block paid to NYDFS in April 2024.

February 4, 2016 BD confirmed

Bangladesh/US: DPRK Lazarus stole $81M from Bangladesh Bank via Fed NYC — Feb 2016 (cyber heist record)

Between **February 4 and 5, 2016**, **DPRK's Lazarus Group hackers** executed one of the most sophisticated cyber thefts in history: they sent **35 fraudulent SWIFT orders to the Federal Reserve Bank of New York totaling $951 million USD**, attempting to transfer funds from Bangladesh Bank (Bangladesh's central bank) to accounts in Philippines, Sri Lanka, US, China. **5 orders for $101M were paid** before a typo (the word 'fandation' instead of 'foundation' in a transfer instruction) alerted Deutsche Bank acting as intermediary. **$81 million arrived at 4 RCBC (Rizal Commercial Banking Corporation) accounts** in Philippines, **$20M at Pan Asia Banking in Sri Lanka** (recovered). Of the $81M in Philippines: **$58M were laundered via Manila casinos** (Solaire, City of Dreams, Midas Hotel) — the only legally protected way in pre-2016 AMLA amendments Philippines for large cash transactions — **$15M were recovered, $66M permanently lost**. The cyber heist was officially attributed to **DPRK's Lazarus Group** (also responsible for Sony Pictures hack 2014, WannaCry ransomware 2017, Bybit $1.5B hack 2025 case Huione FinCEN (2025)). **Park Jin Hyok** (DPRK national, Chosun Expo Joint Venture programmer) was **indicted by DOJ + FBI in September 2018** — remains fugitive in DPRK + FBI Cyber Most Wanted. **RCBC Philippines** was fined **$20M Philippine peso maximum by BSP** + **$60M Bangladesh-RCBC settlement 2019** — former branch manager Maia Santos-Deguito sentenced in Philippines. The case forced **massive SWIFT reforms (Customer Security Programme CSP 2017+)** + **Bangladesh Bank reforms** (Atiur Rahman governor resigned). The case is referenced as **'the first cyber-heist of a sovereign central bank'** and catalyzed the **focused attention of FATF + UN Panel of Experts DPRK on cybercrime as proliferation finance vector**.

August 25, 2011 US confirmed

JPMorgan: $88.3M from OFAC in 2011 for violating sanctions against Iran and others

JPMorgan paid $88.3 million in 2011 to settle OFAC claims that it had violated economic sanctions against Iran and other US-embargoed countries. In 2013, the Treasury also issued a cease-and-desist order describing 'systemic deficiencies' in its anti-money-laundering efforts, noting the bank had 'failed to identify significant volumes of suspicious activity'.

March 25, 2020 SL confirmed

Sierra Leone: the Commissions of Inquiry uncover hundreds of millions diverted in the Koroma era

The largest documented corruption and money-laundering case in Sierra Leone arises from the Commissions of Inquiry that President Julius Maada Bio, elected in 2018, set up to examine the administration of his predecessor, Ernest Bai Koroma (2007-2018). After a transition-team report put grand-scale corruption at more than USD 2 billion —mainly in irregular public procurement, abuse of office and misappropriation—, the commissions, chaired by judges, published their conclusions on March 25, 2020. Commission Number One alone found that some 323.5 billion leones and USD 94.2 million had been diverted, left unaccounted for or lost to corruption across ministries and public bodies between November 2007 and April 2018. Fourteen persons of interest were named; those who had not declared their assets to the Anti-Corruption Commission were found guilty under the 2008 Anti-Corruption Act, with prison terms or fines, and several former ministers were ordered to refund funds and barred from public office. On Koroma himself, the commissions concluded that the value of the assets he acquired during his term far exceeded his legitimate income and recommended confiscating several properties for unexplained wealth and for failing to declare them on leaving office. The government adopted a White Paper accepting the recommendations, and the Anti-Corruption Commission interviewed Koroma in November 2020. The process is the subject of strong political controversy: Koroma's party, the APC, cooperated but considers it a persecution by the governing SLPP, and the former president denies any wrongdoing. Financial supervision rests with the Bank of Sierra Leone, the financial intelligence unit and the Anti-Corruption Commission, with the country a member of GIABA; its financial history is also marked by the 'blood diamonds' that financed the civil war (1991-2002) and gave rise to the Kimberley Process.

May 22, 2017 US confirmed

US: Citigroup pays $97.4M to DOJ over Banamex USA's criminal AML violations

Citigroup agreed in May 2017 to pay $97.4 million to the Department of Justice (DOJ) following a long criminal investigation of Banamex USA. In a non-prosecution agreement, Banamex USA admitted to having 'willfully' violated anti-money-laundering rules and the Bank Secrecy Act over five years through 2012: with more than 18,000 alerts on potentially suspicious transactions between 2010 and 2012, the unit investigated fewer than 10 cases. The unit had only two people assigned to manually review thousands of suspicious transactions, and one account in Mexico received 1,400 remittances from 950 senders in 40 states without a report. It was the DOJ's first such agreement with a major bank under the Sessions administration.

February 23, 2024 AE confirmed

UAE: after exiting the FATF grey list (Feb 2024), the CBUAE intensifies AML enforcement

On February 23, 2024, the FATF removed the United Arab Emirates from its 'grey list' of jurisdictions under increased monitoring, which it had entered in March 2022; the European Union followed in 2025, removing it from its list of high-risk third countries. The exit capped a deep overhaul: a National Strategy for Anti-Money Laundering, Counter-Terrorism Financing and Counter-Proliferation Financing 2024-2027 (built on 11 objectives), based on the third National Risk Assessment (2024 edition, published in April 2025), and amendments to core legislation — Federal Decree-Laws 14 and 20 of 2018, updated by Decree-Law 10 of 2025. The Central Bank of the UAE (CBUAE) ramped up enforcement: it imposed nearly AED 350 million in fines for AML/CFT breaches — including sanctions on exchange houses and insurers — and expanded risk-based supervision beyond banking to high-risk sectors such as real estate, gold and jewellery trading, auditing and corporate service providers. The country faces its fifth round of FATF mutual evaluation starting in June 2026.

March 11, 2024 SO confirmed

Somalia: OFAC dismantles the transnational network laundering funds for al-Shabaab (>100 million a year)

In Somalia, the main illicit-finance problem is terrorist financing by al-Shabaab, the al-Qaeda affiliate that the US Treasury estimates generates more than USD 100 million a year through extortion of businesses and individuals, levying 'fees' on goods and illicit trade. On March 11, 2024, OFAC sanctioned, under Executive Order 13224, a network of 16 individuals and companies —spread across the Horn of Africa, the United Arab Emirates and Cyprus— that raised and laundered funds for al-Shabaab. At its core it placed Dubai-based Haleel Commodities (Haleel Group), described as a key financial facilitator, with subsidiaries in Somalia, Kenya, Uganda and Cyprus, and UAE-based Qemat Al Najah General Trading as a money-laundering node. The action added to earlier designations: in October 2022 OFAC flagged a network of facilitators acting as intermediaries between al-Shabaab and Somali companies, and in May 2023 it designated 26 individuals and entities, including charcoal smugglers —one of the group's revenue sources— and operatives who impose mandatory 'donations' on the population through its 'police' (the Hisbah) and manufacture explosive devices. In February 2026, the Terrorist Financing Targeting Center (TFTC), which brings together the US and the Gulf states, jointly designated another 15 targets. These measures are not aimed at the Somali state —which cooperates with the US against al-Shabaab— but at the group and its facilitators. Domestic supervision rests with the Central Bank of Somalia and the Financial Reporting Center (FRC) as the financial intelligence unit, in an economy heavily dependent on hawala and hit by the withdrawal of correspondent banking.

October 24, 2025 MM confirmed

Myanmar: OFAC sanctions military-linked banks since 2022 — finance military junta post-2021 coup

Since the military coup of February 1, 2021 (which overthrew the civilian government of Aung San Suu Kyi and installed the military junta SAC State Administration Council under Min Aung Hlaing), OFAC has systematically designated military-connected banks and companies of Myanmar under Executive Order 14014 (February 2021). Designated banks: Myanmar Economic Bank (MEB), Myanmar Foreign Trade Bank (MFTB), Myanmar Investment and Commercial Bank (MICB), Innwa Bank (designated in Oct 2023). In October 2023, OFAC also designated Myanmar Oil and Gas Enterprise (MOGE) — the largest revenue generator for the junta ($1.7 billion annually in oil/gas revenues). Actions are executed in coordination with the UK, EU, Canada, Australia and statements from the UN Special Rapporteur on Myanmar (Tom Andrews). Specific Myanmar AML risks post-2021: military junta (Tatmadaw) financing via banking control, pig-butchering scam compounds in border zone with China/Thailand (Shwe Kokko, Karen State, Yatai New City — operated by militias and Chinese companies with CCP links), jade smuggling (Myanmar produces 90% of world jade, estimated value $31 billion/year, controlled by Tatmadaw and rebels), opium and meth ('Golden Triangle' produces 30% of world opium and synthetic meth), wildlife trafficking, timber smuggling. Myanmar is the only country on the FATF blacklist (case Myanmar FATF Blacklist (2022) in this tracker) along with DPRK and Iran.

June 23, 2022 US confirmed

US: Harmony Horizon Bridge hack $100M Jun 2022 — DPRK Lazarus (Tornado Cash laundering)

On **June 23, 2022**, the **Harmony Horizon Bridge** (cross-chain bridge between Harmony, Ethereum and BSC) suffered a **$100 million USD hack**. The attackers compromised the private keys of the bridge's multisig validators (Harmony used a relatively weak 2-of-5 scheme). The **FBI attributed the hack to DPRK's Lazarus Group in January 2023** — confirming another case in the pattern of North Korean crypto thefts as **proliferation finance** (weapons program funding). The hackers laundered the funds via **Tornado Cash** (mixer sanctioned by OFAC in August 2022, case Tornado Cash (2022)) and subsequently via **Railgun** (another privacy mixer). It is part of the series of hacks attributed to Lazarus: Bangladesh Bank ($81M, 2016), Ronin Bridge ($625M, 2022), Harmony ($100M, 2022), Atomic Wallet ($100M, 2023), and eventually Bybit ($1.5B, 2025). The UN Panel of Experts estimates that **DPRK stole $3 billion+ in crypto between 2017-2023**, a significant portion of its military/nuclear funding under sanctions. Harmony offered bounties and reimbursement plans but recovery was partial. The case reinforces the pattern of **cross-chain bridges as a preferred target of state actors** + the role of mixers in laundering proliferation finance.

January 4, 2023 US confirmed

US: Coinbase $100M NYDFS settlement — AML/BSA failures Jan 2023 (largest US crypto exchange)

On **January 4, 2023**, Coinbase Global Inc (NASDAQ: COIN since April 2021 via direct listing, ~108M verified users, ~$170B+ assets under custody, largest US crypto exchange by trading volume) agreed to pay **$50M penalty + $50M compliance investment = $100M total** to NYDFS for **systemic AML/CFT failures**: deficient transaction monitoring (processed transactions for PEPs, sanctioned, drug traffickers without reporting); inadequate suspicious activity reporting (SARs) — failed to file SARs on obvious patterns; deficient CIP/KYC for new customers especially high-risk; deficient sanctions screening (didn't detect OFAC SDN matches); failure to comply with NYDFS Part 504 (transaction monitoring + filtering) and Part 500 (cybersecurity). Coinbase has operated under NYDFS BitLicense since **January 2017** (one of the first crypto exchanges to obtain it). The settlement required Independent Monitor for 2 years + compliance officer reporting requirements. **Brian Armstrong** (Co-Founder/CEO since 2012) and **Emilie Choi** (President/COO) faced public criticism but no charges. Coinbase **also faced SEC enforcement action June 2023** (vs registration as unregistered securities exchange) — **case partially dismissed February 2025** post-Trump 2.0 crypto-friendly administration. **NYDFS Part 200 (Virtual Currencies)** + BitLicense regulate crypto exchanges in NYC since 2015. Coinbase is the largest crypto exchange enforcement case in US in terms of regulatory magnitude (combined with SEC).

August 22, 2017 CL confirmed

Chile: Penta + SQM cases revealed systematic illegal political financing in Chile 2009-2014

The **Penta** (Penta financial-industrial group) and **SQM** (Sociedad Química y Minera de Chile, lithium producer of the Atacama Salt Flat and world's largest producer of specialty fertilizers) cases revealed from 2014-2015 one of **the broadest illegal political financing schemes in Chilean history**. Carlos Délano and Carlos Eugenio Lavín (Penta controllers) issued false invoices to deduct illegal political expenses — the case extended to multiple Chilean political parties (UDI, RN, PRSD, PPD), with politicians across the spectrum implicated. The SQM case (controlled by the Ponce Lerou family, son-in-law of former dictator Augusto Pinochet through Julio Ponce Lerou) revealed payments of $11M to more than 200 Chilean politicians, advisors and consultants between 2009-2014. The Chilean Public Ministry, led by prosecutor Carlos Gajardo, pursued both cases with mixed results: some defendants agreed to conditional suspension of proceedings (Chilean legal figure), others were convicted (Délano and Lavín: 4 years effective sentence). The case affected former President Sebastián Piñera (RN, 2010-2014 and 2018-2022 — the SQM case involved him indirectly via Eliodoro Matte). The Chilean financial sector is supervised by the Financial Market Commission (CMF, ex-SVS+SBIF post-2017 merger), with the Financial Analysis Unit (UAF) as FIU. Chile is a GAFILAT member.

May 24, 2016 CH confirmed

Switzerland: FINMA shuts down BSI in May 2016 over its role in Malaysia's 1MDB scandal

FINMA ordered in May 2016 the forced closure of Banco della Svizzera Italiana (BSI), the oldest private bank in Ticino canton (founded 1873), after finding 'serious and systematic violations' of anti-money laundering law in connection with Malaysia's 1MDB sovereign fund scandal. BSI was absorbed by EFG International. The authority confiscated CHF 95 million in illicit profits. It was the first time in history that FINMA forced a bank closure. A historic turning point: parallel enforcement proceedings against Coutts (sold to UBP), Falcon Private Bank (voluntary shutdown), JP Morgan Switzerland, Edmond de Rothschild Luxembourg and other Swiss banks implicated in 1MDB/Petrobras/PDVSA/FIFA.

January 15, 2025 US confirmed

US: DOJ fines BitMEX $100M (Jan 2025) for BSA violations — sentencing after 2024 guilty plea

On January 15, 2025, HDR Global Trading Ltd (BitMEX), a Seychelles-registered exchange, was sentenced in the Southern District of New York (Judge John Koeltl) to a USD 100 million fine for violating the Bank Secrecy Act, after pleading guilty in July 2024 to willfully failing to maintain an adequate AML/KYC program from 2015 to 2020; it also received two years' probation. The penalty comes on top of roughly USD 130 million already paid: the USD 100 million BitMEX paid to the CFTC and FinCEN in 2021 and the USD 10 million criminal fine paid by each of its founders — Arthur Hayes, Benjamin Delo and Samuel Reed — who pleaded guilty in 2022, bringing the total above USD 200 million. The judge rejected the company's argument that no additional fines were warranted.

June 3, 2023 US confirmed

US: Atomic Wallet hack $100M Jun 2023 — DPRK Lazarus (5,500 users, Sinbad mixer)

On **June 3, 2023**, **Atomic Wallet** (a non-custodial, multi-chain cryptocurrency wallet, estimated based in the US/Estonia) suffered a massive hack of **~$100 million USD** affecting **~5,500 users** — one of the largest thefts from wallet users in history. The attackers compromised users' private keys (the exact vector was never publicly confirmed — possible vulnerability in key generation or malware). Blockchain analysis firms (**Elliptic + Chainalysis**) attributed the hack to **DPRK's (North Korea) Lazarus Group** based on laundering patterns: the funds were moved through the **Sinbad** mixer (successor to Blender.io, both sanctioned by OFAC as North Korean laundering tools) and chain patterns characteristic of Lazarus. It is another case in the pattern of **DPRK crypto theft as proliferation finance** — funding North Korea's weapons/nuclear program under sanctions. It is part of the Lazarus series: Bangladesh Bank ($81M, 2016), Ronin ($625M, 2022), Harmony ($100M, 2022), Atomic Wallet ($100M, 2023), Bybit ($1.5B, 2025). Atomic Wallet faced class-action lawsuits from users. The case reinforces the risk of **non-custodial wallets as targets of state actors** + the role of mixers (Tornado Cash, Sinbad, Blender) in laundering North Korean proliferation finance.

December 15, 2011 LB confirmed

Lebanon: $102M from Lebanese Canadian Bank in 2011 for laundering for Hezbollah and drug trafficking

On February 10, 2011, the US Treasury designated the Lebanese Canadian Bank (LCB) as a 'financial institution of primary money laundering concern' under Section 311 of the USA PATRIOT Act, prohibiting US financial institutions from dealing with it. Lebanon's eighth-largest bank, with 35 branches and assets over $5 billion, was accused of laundering up to $200 million per month in drug proceeds for an international network linked to Hezbollah led by Ayman Joumaa, a Lebanese drug trafficker indicted in November 2011 for transporting 100 tons of Colombian cocaine to the Mexican Los Zetas cartel. The scheme used the used-car trade from the US to West Africa to launder money (TBML). LCB branches and associated exchange houses moved at least $329 million between 2007 and 2011. LCB was forced to merge with Société Générale's Lebanese subsidiary in 2011; in December 2013 it paid $102 million in a settlement. A landmark case of using Section 311 against a designated terrorist organization.

June 30, 2025 AE confirmed

UAE: AED 381M ($104M) from CBUAE in H1 2025 — its largest-ever AML enforcement campaign

The Central Bank of the UAE (CBUAE) accumulated in the first half of 2025 financial penalties worth AED 381 million (~$104 million) after 19 inspections of 35 financial institutions: 20 exchange companies, 11 banks (three foreign), three insurers and one finance company. 92% of the amount (AED 350M) fell on exchange houses, and 98% (AED 374M) corresponded to AML/CFT law breaches. CBUAE revoked licenses of several exchange houses (including Gomti Exchange and Al Hindi Exchange) and temporarily restricted operations at other entities. It is the largest AML enforcement campaign in the country's history, following the UAE's removal from the FATF grey list in 2024 and the EU's high-risk jurisdictions list.

November 30, 2022 KM confirmed

African islands: Sambi (Comoros) life imprisonment Nov 2022 — CBI scandal 67,000 passports + $104M bribes

The most prominent case: Comoros CBI Scandal — the 'Ahmed Abdallah Mohamed Sambi era' (President 2006-2011): Comoros sold 67,000 passports between 2008-2011 to stateless Bidoon of Kuwait and UAE (residents without nationality — ~100,000 in UAE) under a scheme where former President Sambi received $104M in bribes. In November 2022, former President Sambi was sentenced to life imprisonment by Moroni Court of Appeal — one of Africa's most notorious CBI corruption cases. Scheme was one of the largest per capita passport sales in history (67K in country of 850K = ~8% population). Cabo Verde is one of Africa's most compliant countries. Sao Tome lived Manuel Pinto da Costa era + offshore oil corruption. Comoros is GIABA + ESAAMLG member; Cabo Verde + Sao Tome are GIABA members.

November 28, 2022 KM confirmed

Comoros: ex-president Sambi gets life for laundering the proceeds of the 'economic citizenship' program

Comoros's largest money-laundering and corruption case revolves around its 'economic citizenship' program. Established by a 2008 law —pushed from 2006 by Syrian-French businessman Bachar Kiwan, founder of Comoro Gulf Holdings, together with then-president Ahmed Abdallah Sambi—, the scheme sold Comorian nationality to stateless Gulf residents (the bidoon of the UAE and Kuwait) in exchange for some USD 200 million meant, in theory, for the archipelago's development. In practice, the funds were diverted: a parliamentary commission put at USD 105 million the 'gratuity' received by Sambi and at 29 million Kiwan's, and thousands of passports were issued outside official channels. From November 21 to 24, 2022, Sambi, Kiwan, Majd Suleiman and other company directors were tried for high treason, embezzlement and money laundering of public funds diverted from the program; on November 28, 2022, Sambi was sentenced to life in prison. Kiwan, a fugitive from justice, has accumulated convictions across several jurisdictions. The country's financial supervision rests with the Central Bank of the Comoros (BCC). The case shows how a poorly controlled citizenship-by-investment program can become a vehicle for looting public funds in a fragile state that has endured some twenty coups since its independence in 1975.

July 26, 2017 RU confirmed

BTC-e: $110M from FinCEN in 2017, one of the first major penalties against a crypto exchange

FinCEN imposed a $110 million penalty in 2017 on the crypto exchange BTC-e for operating as a money-laundering platform without registering or maintaining AML controls, plus $12 million on its operator Alexander Vinnik. BTC-e processed transactions linked to ransomware, fraud and drug trafficking. It was one of the first major AML penalties against a crypto platform, a precursor to later cases.

October 11, 2022 US confirmed

US: Mango Markets exploit $116M Oct 2022 — Eisenberg + 'legal strategy' defense (conviction vacated 2025)

On **October 11, 2022**, **Avraham Eisenberg** executed a **$116 million USD exploit** against **Mango Markets** (decentralized exchange on Solana) through **oracle manipulation**: he artificially inflated the price of the MNGO token by massively buying in illiquid markets (raising the price ~1,300% in minutes), used that inflated position as collateral to borrow $116M in other protocol assets, and took the funds. The distinctive part of the case: **Eisenberg publicly admitted being responsible on Twitter** days later, arguing it was **'a profitable and legal trading strategy'** that only used the protocol's functions as designed — a 'code is law' defense. He returned ~$67M after negotiating with Mango's DAO (which voted not to pursue him in exchange, a controversial deal). However, **the DOJ arrested him in December 2022** in Puerto Rico. Eisenberg was **convicted of fraud and market manipulation in April 2024** (SDNY) — the **first conviction case for oracle manipulation in DeFi**. But in **May 2025, a judge VACATED the fraud/manipulation conviction** (insufficient evidence on jurisdiction/elements), although Eisenberg remained separately convicted of child pornography possession (unrelated charge, found during his arrest). The case is referenced as **the central legal debate over whether DeFi exploits that 'only use the code' constitute fraud** + precedent on oracle manipulation. SEC + CFTC filed parallel civil charges.

October 10, 2024 US confirmed

TD Bank: an additional $123.5M from the Federal Reserve in 2024 over AML risk-management failures

On 10 October 2024, the US Federal Reserve fined TD Bank $123.5 million for violations related to anti-money-laundering laws, as part of the ~$3.1 billion global package. The Fed found TD failed to conduct adequate risk management and oversight of its US retail banking, allowing a subsidiary to be used to launder hundreds of millions, and required it to create an office dedicated to remediating the deficiencies.

October 27, 2021 US confirmed

US: Cream Finance $130M hack Oct 2021 — flash loan attack (third hack of the year)

On **October 27, 2021**, **Cream Finance** (a DeFi lending protocol, part of the Yearn Finance ecosystem) suffered a **~$130 million USD hack** through a sophisticated **flash loan attack** that exploited a vulnerability in the price calculation of a collateral asset. The notable part of Cream Finance: it was **hacked three times in 2021** (February ~$37M, August ~$19M, October ~$130M), accumulating ~$186M in total losses in a single year — making it one of the most attacked DeFi protocols in history. The October attack was particularly complex, chaining multiple flash loans and exploiting Cream's integration with other protocols (composability risk — the risk that the interconnection of 'composable' DeFi protocols amplifies vulnerabilities). The case is referenced as **an example of the systemic risk of 'composability' in DeFi + the recurrence of flash loan attacks** (along with Euler, Beanstalk, Mango). Cream Finance never fully recovered. It is part of the 2021-2022 wave of DeFi exploits that exposed the structural weaknesses of decentralized 'money legos'.

December 9, 2022 GB confirmed

Santander UK: £107.8M (~$135M) in 2022 for failing to verify 560,000 business clients

On December 9, 2022, the UK Financial Conduct Authority (FCA) fined Santander UK GBP 107,793,300 for 'serious and persistent' gaps in its Business Banking anti-money-laundering controls between December 31, 2012 and October 18, 2017, affecting the oversight of more than 560,000 business customers. The bank failed to properly verify the information customers gave about their activity or to reconcile declared flows against actual ones: in one case, a small translation business that expected GBP 5,000 a month received millions within six months; the AML team recommended closing the account in March 2014, but the bank acted only in September 2015. The FCA estimated more than GBP 298 million passed through the bank before it closed the accounts. The fine, one of the FCA's largest, was cut 30% (from GBP 154 million) for early settlement; CEO Mike Regnier apologized and said the bank had overhauled its processes.

March 17, 2022 US confirmed

USAA: $140M from FinCEN in 2022 over an AML program that did not keep pace with the bank

FinCEN sanctioned USAA Federal Savings Bank $140 million in March 2022 for willful Bank Secrecy Act violations. The bank admitted failing to maintain a compliant AML program between January 2016 and April 2021, nor reporting thousands of suspicious transactions, despite notice and opportunity to fix it. FinCEN credited $60 million paid to the OCC.

July 22, 2015 US confirmed

US: Banamex USA pays $140M to FDIC and California in 2015 before shutting down

The Federal Deposit Insurance Corporation (FDIC) imposed in July 2015 a joint civil penalty of $140 million on Banamex USA, the US subsidiary of Citigroup linked to its Mexican parent Banamex, for serious failures in its anti-money-laundering program. Of that amount, $40 million went to California's Department of Business Oversight as a civil penalty. Citigroup decided to shut down the three-branch unit after the resolution; liquidation would be completed by June 2017. The supervisor found that the unit had grown to dominate remittances between the US and Mexico without adequately protecting its systems from illicit funds.

October 19, 2021 CH confirmed

Credit Suisse: £147.2M (~$190M) from the FCA in 2021 over loan due-diligence failings

On October 19, 2021, the UK Financial Conduct Authority (FCA) fined Credit Suisse GBP 147,190,276 (~USD 200 million) for 'serious financial-crime due-diligence failings' relating to about USD 1.3 billion in loans and a bond exchange the bank arranged for Mozambique between 2012 and 2016 — the 'tuna bonds' scandal. The transactions, to fund state projects such as a tuna fishing fleet and coastal surveillance, were 'tainted by corruption': the contractor paid more than USD 50 million in kickbacks to members of the bank's deal team (three bankers pleaded guilty in the US) and about USD 1.4 billion of the debt was hidden from investors and the IMF, triggering a debt crisis in Mozambique. Besides the fine — the FCA's second-largest for financial crime — Credit Suisse undertook to forgive USD 200 million of Mozambican debt. It was part of a global resolution with the DOJ, the SEC and Switzerland's FINMA, totaling more than USD 475 million in penalties.

March 17, 2010 US confirmed

Wachovia: $160M in 2010 for laundering money from Mexican 'casas de cambio'

On March 17, 2010, Wachovia Bank — one of the largest US banks, absorbed by Wells Fargo in 2008 — entered a deferred prosecution agreement (DPA) with the US Attorney's Office for the Southern District of Florida and the DOJ's anti-money-laundering section, admitting it willfully failed to maintain an anti-money-laundering program. Wachovia failed to adequately monitor more than USD 420 billion in transactions with Mexican currency exchange houses (CDCs), through which networks — linked to the Sinaloa Cartel — laundered drug-trafficking funds: at least USD 110 million in drug proceeds, used even to buy aircraft from which more than 20 tons of cocaine were seized. The bank paid USD 160 million — USD 110 million in forfeiture (plus an equal FinCEN civil penalty satisfied by the forfeiture) and a USD 50 million fine to the Treasury — the largest penalty imposed at the time for violating the Bank Secrecy Act (BSA). The investigation began in 2005, when a DEA dog detected cocaine on a plane bought with funds channeled through Wachovia.

October 24, 2025 MG confirmed

Madagascar: tycoon Mamy Ravatomanga detained in Mauritius for suspected laundering after Rajoelina's fall

The most relevant and recent money-laundering case linked to Madagascar is that of tycoon Mamy (Maminiaina) Ravatomanga, owner of the Sodiat conglomerate —active in citrus, vanilla, transport, real estate, media and security— and for years seen as the behind-the-scenes financier and ally of President Andry Rajoelina. After the September 2025 youth protests over power and water cuts, the cost of living and corruption, and the military mutiny that ended with Rajoelina's flight (later stripped of his citizenship), Ravatomanga fled to Mauritius on October 12, 2025 and was arrested there on October 24 by the Financial Crimes Commission (FCC) on suspicion of laundering. According to the FCC, there were reasonable grounds to believe he held property representing the proceeds of criminal activity; he was provisionally charged with criminal conspiracy and two counts of money laundering, and assets worth some USD 160 to 180 million were frozen in two Mauritian banks. His name also appears in an international inquiry into the transfer of several Boeing 777 aircraft to Iran's Mahan Air, in apparent violation of US sanctions, based on registration documents issued by Madagascar's civil aviation authority. Madagascar's anti-corruption court (PAC) issued several international arrest warrants, the third in March 2026 over alleged corruption in the mining sector. Ravatomanga, who appears in the Panama Papers as majority shareholder of a British Virgin Islands company, denies any wrongdoing and says he has 'nothing to hide'; an earlier investigation by the French financial prosecutor's office for laundering, corruption and rosewood trafficking was dropped in 2023 for lack of evidence. The charges are provisional and the case is ongoing. The country's financial supervision rests with the Central Bank (BFM) and the SAMIFIN financial intelligence service, and Madagascar is a member of ESAAMLG.

February 8, 2018 IT confirmed

Italy: BitGrail collapse $170M Feb 2018 — Francesco Firano 'The Bomber' (Nano/XRB)

On **February 8, 2018**, **BitGrail** (an Italian cryptocurrency exchange based in Florence, operated by **Francesco Firano**, known as 'The Bomber') announced the loss of **~17 million Nano (XRB) tokens, valued at ~$170 million USD** at the time. BitGrail was the main exchange for the Nano cryptocurrency (formerly RaiBlocks). Firano blamed a 'hack' and failures in Nano's software, but investigations revealed a murkier story: the **Florence Court determined in 2019 that Firano was responsible** for most of the losses, finding that he had continued operating the exchange and accepting deposits knowing the funds were missing, and that there was gross negligence + possible fraud. Firano was **declared bankrupt** and ordered to return funds to users as much as possible. There was a public dispute between Firano and the Nano Foundation. The case is referenced as **one of the largest exchange collapses in Europe + an example of an operator who hid losses and kept operating** (a pattern similar to QuadrigaCX, Mt. Gox). Italy is a FATF + MONEYVAL founding member. The sector is supervised by the Banca d'Italia + CONSOB + UIF.

April 17, 2022 US confirmed

US: Beanstalk Farms $182M hack Apr 2022 — first major DeFi 'governance attack'

On **April 17, 2022**, **Beanstalk Farms** (a DeFi algorithmic stablecoin protocol governed by a DAO) suffered a **~$182 million USD hack** through an innovative **'governance attack'** — the first major attack of its kind in DeFi. The attacker used a **massive flash loan (~$1 billion borrowed temporarily)** to instantly acquire **67% of Beanstalk's governance tokens (STALK)**, giving him a majority of votes. With that majority, he **approved and executed a malicious proposal** (which had already been submitted days earlier with an innocent appearance) that transferred all the protocol's funds to his own wallet — all in a single atomic transaction. After draining $182M (of which he kept ~$76M net after repaying the flash loan), the protocol became insolvent. The case is paradigmatic of the **risk of on-chain governance of DAOs** — it demonstrated that token-based voting systems are vulnerable to flash loan attacks that allow temporarily 'renting' voting power. It led many DeFi protocols to implement **timelocks** (mandatory delays between proposal approval and execution) as a standard defense. Beanstalk subsequently relaunched with improved security. The FBI investigated. It is part of the wave of 2022 DeFi exploits that exposed the structural weaknesses of decentralized protocols (governance attacks, flash loans, oracle manipulation, bridge hacks).

August 19, 2016 TW confirmed

Taiwan: Mega International Commercial Bank pays $185M to New York in 2016 over AML failures

The New York Department of Financial Services (NYDFS) sanctioned in August 2016 the Taiwanese Mega International Commercial Bank with $185 million for violations of anti-money laundering and bank secrecy laws. The bank, one of Taiwan's largest, maintained relationships with branches in Panama that generated elevated money laundering risk —in the context of the Panama Papers, which had placed offshore jurisdictions under supervisory focus in 2016—. The sanction was part of NYDFS's foreign-bank enforcement push in 2016 (Intesa Sanpaolo, Agricultural Bank of China), and reflects the extraterritorial reach of US AML regulation via the New York branches of global banks.

February 5, 2019 CA confirmed

Canada: QuadrigaCX $190M collapse Feb 2019 — Gerald Cotten mysterious death + lost keys

In **February 2019**, **QuadrigaCX** (Canada's largest crypto exchange) collapsed leaving **~$190 million CAD ($145M USD) inaccessible** to **76,000 users** — one of the strangest cases in crypto history. Founder and CEO **Gerald Cotten** supposedly **died in India on December 9, 2018** (Crohn's complications at a Jaipur hospital, during his honeymoon) — and, according to his widow, **only he had the private keys to the exchange's cold wallets**, so the funds were 'unrecoverable'. The death generated **massive conspiracy theories** (exit scam, faked death) given the convenient timing + irregularities. The subsequent **Ontario Securities Commission (OSC, June 2020 report)** investigation revealed that QuadrigaCX was essentially a **Ponzi-type fraud**: Cotten had **operated a fraudulent scheme for years**, using client funds for leveraged personal trading (losing large amounts), creating fake accounts with fictitious balances, and diverting money for his lifestyle (properties, yacht, private jet, travel). The OSC concluded that **~$115M of the losses were due to Cotten's fraud**, not just lost keys. Cotten's body was never exhumed despite petitions. The case is referenced as **the paradigmatic example of centralized custody risk + key management + the most famous crypto mystery**. It inspired the Netflix documentary 'Trust No One: The Hunt for the Crypto King' (2022). Canada is supervised by OSC + FINTRAC + provincial regulators. Canada is a FATF member.

August 1, 2022 US confirmed

US: Nomad Bridge hack $190M Aug 2022 — copyable 'free-for-all' (unique chaos)

On **August 1, 2022**, **Nomad Bridge** (cross-chain messaging protocol) suffered a **$190 million USD hack** in a way unique in DeFi history: a faulty smart contract upgrade introduced a bug that made **any withdrawal transaction automatically approved**. Once the first attacker discovered the exploit, the method became **trivially copyable** — anyone could simply copy the original attacker's transaction, change the address, and drain funds. This unleashed a **chaotic 'free-for-all'** where **hundreds of addresses (including opportunists, not just sophisticated hackers) drained the bridge in hours** — an unprecedented event described as 'the first decentralized, crowd-sourced hack'. Notably, **some 'whitehats' (~$36M) returned funds** voluntarily to a Nomad recovery address. The case is referenced as **the most extreme example of bridge risk + a case study on the public/copyable nature of blockchain exploits**. Nomad was backed by prominent investors (a16z, Coinbase Ventures). Part of the 2022 bridge hack pattern ($2.5B+ that year).

March 13, 2023 GB confirmed

UK: Euler Finance hack $197M Mar 2023 — flash loan attack + funds returned

On **March 13, 2023**, **Euler Finance** (a UK-based DeFi lending protocol, one of the most respected for its technical design) suffered a **$197 million USD hack** through a sophisticated **flash loan attack** that exploited a vulnerability in the protocol's 'donateToReserves' function (a flaw in position health verification after a donation). It was one of the largest DeFi hacks of 2023. The notable part: after the attack, **Euler Labs publicly negotiated with the hacker** (via on-chain messages) offering a 10% bug bounty + not pursuing him legally if he returned 90%. The hacker, after weeks of communication (including messages in which he apologized: 'sorry'), **returned virtually all the funds** between March and April 2023 — one of the few cases of near-total recovery of a major DeFi hack (along with Poly Network). The case is referenced as **an example of successful on-chain negotiation with an attacker** + the importance of audits (Euler had been audited multiple times, demonstrating that audits don't guarantee security) + paradigm of the risk of **flash loan attacks** in DeFi. The UK is supervised by the FCA + NCA. The case involved Chainalysis traceability + community collaboration.

May 19, 2021 KY confirmed

BSC/global: PancakeBunny $200M hack May 2021 — flash loan attack on Binance Smart Chain

On **May 19, 2021**, **PancakeBunny** (a yield farming/optimization protocol on Binance Smart Chain, BSC) suffered a **~$200 million USD flash loan attack** — one of the largest hacks of the wave of exploits that hit BSC DeFi protocols in 2021. The attacker used massive flash loans to manipulate the price of the BUNNY token (via manipulation of the liquidity pools on PancakeSwap that PancakeBunny used as a price oracle), minted a huge amount of BUNNY tokens at an inflated price, and sold them — which made the **BUNNY token price collapse ~95% in minutes** (from ~$146 to ~$6). Although the nominal 'loot' was $200M, much of it evaporated with the token collapse. PancakeBunny was part of a **series of protocol hacks on Binance Smart Chain in 2021** (along with Spartan Protocol, Uranium Finance, Meerkat Finance, Bogged Finance, etc.) — BSC, being a cheaper and fast-growing chain, attracted many protocols with insufficient audits and became a focus of exploits. The case is referenced as **an example of the 2021 BSC hack wave + oracle manipulation via flash loans**. The Cayman Islands (a common jurisdiction for crypto entities) serve as nominal registration. The Cayman Islands are supervised by CIMA + are a CFATF member + were on the FATF grey list (2021-2023).

September 23, 2023 HK confirmed

Hong Kong: Mixin Network $200M hack Sep 2023 — cloud provider breach

On **September 23, 2023**, **Mixin Network** (a Hong Kong-based cross-chain decentralized network protocol, founded by Feng Xiaodong) suffered a **~$200 million USD hack** — one of the largest DeFi hacks of 2023. Unlike typical smart contract hacks, the Mixin attack originated from a **breach of its cloud service provider's database** — the attackers compromised the third-party cloud infrastructure where Mixin stored data, not the protocol itself. This exposed the **risk of centralized infrastructure dependencies** even in protocols that present themselves as decentralized (a recurring theme: Multichain, Mixin). The security firm **SlowMist** investigated. Mixin **temporarily suspended deposits and withdrawals** and proposed a partial reimbursement plan (offering to cover up to 50% of losses immediately + debt bonds for the rest). Feng Xiaodong personally committed to recovery. The case is referenced as **an example of supply chain/cloud infrastructure risk in DeFi** + another illustration of the gap between the decentralization narrative and operational reality. Hong Kong, which has sought to position itself as a regulated crypto hub (with its VASP licensing regime since 2023), saw this case as part of the sector's challenges. Hong Kong is supervised by the SFC + HKMA. Hong Kong is a FATF + APG member.

September 13, 2023 HK confirmed

Hong Kong: JPEX scandal $200M+ Sep 2023 — unlicensed exchange + 66+ arrests

In **September 2023**, the **JPEX** scandal erupted — a cryptocurrency exchange operating in Hong Kong **without an SFC license** — becoming **one of the largest financial frauds in Hong Kong's history**. JPEX had run an aggressive marketing campaign (billboards, influencers, local celebrities) promising high returns. On September 13, 2023, the SFC issued a public warning about JPEX for operating without a license and for misleading claims. This unleashed panic: JPEX **abruptly raised withdrawal fees to impossible levels** (freezing funds), and thousands of users discovered they couldn't withdraw their money. Losses were estimated at **more than $200 million USD (HK$1.5 billion+)**, with **~2,600 victims**. Hong Kong police (Commercial Crime Bureau) made **more than 66 arrests** (including influencers who promoted the platform). The case was a blow to Hong Kong's ambition to become a **regulated crypto hub** (it had launched its VASP licensing regime in June 2023). It accelerated regulatory tightening. The ICAC also got involved. Hong Kong is supervised by the SFC + HKMA + is a FATF + APG member.

May 27, 2015 CH confirmed

Switzerland/US: FIFA corruption scandal May 2015 — $200M+ bribes + 40+ officials indicted

On **May 27, 2015**, Swiss agents arrested several senior FIFA officials at the Baur au Lac hotel in Zurich, in an operation coordinated with the US DOJ + FBI + IRS — unleashing the largest corruption scandal in sports history. The DOJ (led by then-Attorney General Loretta Lynch) charged **more than 40 individuals and entities** with **racketeering, wire fraud and money laundering** for more than **$200 million USD in bribes** over ~24 years, mainly related to: the sale of tournament marketing/TV rights (Copa América, CONCACAF Gold Cup, Copa Libertadores), the allocation of World Cup hosts (including the controversial Russia 2018 and Qatar 2022), and internal elections. Among those implicated: **Jeffrey Webb** (CONCACAF, convicted), **Jack Warner** (Trinidad, former FIFA VP, extradition fugitive), **Eugenio Figueredo** (CONMEBOL), **José Maria Marin + Marco Polo del Nero** (Brazil), **Juan Ángel Napout** (Paraguay), **Alejandro Burzaco** (Argentina, Torneos y Competencias, key cooperator), **Hugo Jinkis + Mariano Jinkis** (Argentina, Full Play). **Sepp Blatter** (FIFA president 1998-2015) resigned days later + was **suspended 8 years (later 6) by FIFA's Ethics Committee**; **Michel Platini** (UEFA) also suspended. Although Blatter and Platini were **acquitted of the Swiss criminal charges in 2022** (case of a 'disloyal' 2M CHF payment), their careers were destroyed. The case transformed FIFA governance (Gianni Infantino president since 2016 + reforms). It is referenced as **the paradigmatic case of corruption in international sports organizations** + use of US jurisdiction (payments passed through US banks) to prosecute global corruption. Switzerland is a FATF member.

November 4, 2016 CN confirmed

China: Agricultural Bank of China pays $215M to New York in 2016 over serious AML failures

The New York Department of Financial Services (NYDFS) imposed in November 2016 on Agricultural Bank of China —one of China's four major state-owned banks— a $215 million penalty for AML/BSA violations. A signature case of NYDFS's supervisory enforcement against foreign banks with New York branches, which intensified under Superintendent Maria Vullo in 2016 (alongside parallel sanctions on Mega Bank of Taiwan and Intesa Sanpaolo of Italy). The supervisor found failures in transaction monitoring and concealment of information, in a pattern that would recur with other Asian banks in subsequent years.

June 1, 2025 US confirmed

GVA Capital: $216M from OFAC for processing Iran-linked payments

In June 2025, OFAC imposed $216 million on GVA Capital for processing Iran-related payments, in violation of the sanctions regime. It is an example of OFAC enforcement against investment and fintech entities, beyond traditional banking.

July 18, 2024 IN confirmed

India: WazirX $230M hack Jul 2024 — DPRK Lazarus (largest crypto hack in India's history)

On **July 18, 2024**, **WazirX** (India's largest cryptocurrency exchange) suffered a **~$230 million USD hack** — the **largest crypto exchange hack in India's history**. The attackers compromised one of WazirX's multi-signature wallets (operated jointly with custodian **Liminal**) through a discrepancy between the displayed interface and the actual signed transaction (a sophisticated signing UI manipulation attack). Blockchain analysis firms (**Elliptic + Chainalysis**) attributed the hack to **DPRK's (North Korea) Lazarus Group** based on laundering patterns and characteristic techniques. It is another case in the pattern of **DPRK crypto theft as proliferation finance**. The hack triggered a crisis: WazirX **suspended withdrawals**, proposed a controversial 'socialized loss' scheme (distributing losses among all users, ~45% haircut), and entered a restructuring process in Singapore (its parent entity Zettai Pte Ltd). There was a public dispute between WazirX and Binance over ownership/responsibility for the exchange. India's **Enforcement Directorate (ED)** investigated. The case is significant because India is one of the world's largest crypto markets by number of users, with a punitive tax regime (30% on crypto gains + 1% TDS) but exchange regulation still developing. It reinforces the Lazarus pattern: Bangladesh ($81M), Ronin ($625M), Harmony ($100M), Atomic Wallet ($100M), WazirX ($230M), Bybit ($1.5B). India is a FATF + APG member.

November 16, 2009 RU confirmed

Russia/US: Sergei Magnitsky died Nov 16 2009 — Magnitsky Acts 35+ countries + Hermitage Capital Bill Browder

On **November 16, 2009**, **Sergei Magnitsky** (auditor at Firestone Duncan, lawyer for Hermitage Capital Management of Bill Browder), died in Moscow's Butyrka prison after 358 days of pre-trial detention without trial. Magnitsky had discovered the **largest tax fraud scheme in Russian history**: $230 million ($5.4 billion rubles) stolen from the **Russian Treasury** by a group of officials from the Interior Ministry, FSB and Tax Service through the use of companies stolen from Hermitage Capital (Bill Browder, American-British, founder and largest foreign investor in Russia 1996-2005, expelled in November 2005). After denouncing the fraud in July 2008, Magnitsky was arrested on November 24, 2008 by the **same people he had denounced**, subjected to torture (denial of medical treatment for pancreatitis and gallstones), and beaten to death on the day of his death (independent forensic report). **On December 14, 2012, President Obama signed the Sergei Magnitsky Rule of Law Accountability Act** which individually sanctioned the Russian officials involved — the first US case of global sanctions based on human rights violations. The **Global Magnitsky Act 2016** (US) expanded scope to global HR violators and corrupt. **35+ countries have adopted Magnitsky laws**: UK (2017), Canada (2017), Estonia, Lithuania, Latvia, Netherlands, Australia, EU (2020), Switzerland, Norway, Kosovo, Gibraltar. Russia responded with the **Dima Yakovlev Law** (December 2012) which prohibited adoptions by Americans. Bill Browder has been designated in absentia by Russia repeatedly and has suffered Interpol Red Notice attempts (all rejected). The **Russian Laundromat** (case Moldova Russian Laundromat (2014) in this tracker) laundered part of the $230M.

December 15, 2016 IT confirmed

Italy: Intesa Sanpaolo pays $235M to New York in 2016 for training employees to mask Iran transactions

The New York Department of Financial Services (NYDFS) imposed in December 2016 on Intesa Sanpaolo and its New York branch a $235 million civil penalty for 'severe compliance failures' in anti-money laundering. The investigation found that between 2002 and 2006 Intesa had used 'opaque methods' to conduct more than 2,700 US dollar clearing transactions worth over $11 billion on behalf of Iranian clients and other entities possibly subject to sanctions. NYDFS established that the bank 'specifically trained certain employees' to handle Iran transactions so they could not easily be identified as tied to sanctioned entities, and that it 'deliberately concealed information from bank examiners'. It is the second Italian case in the tracker; the first, much smaller, was Intesa's OFAC settlement of $2.9 million in 2013.

August 6, 1982 VA confirmed

Vatican: the 1982 Banco Ambrosiano/IOR scandal and Roberto Calvi's death under Blackfriars Bridge

On June 18, 1982, banker Roberto Calvi —chairman of Banco Ambrosiano, Italy's second-largest bank and known as 'God's banker' for his Vatican ties— was found hanged from London's Blackfriars Bridge with bricks and cash in his pockets. Days later, a $3.26 billion hole was revealed in Banco Ambrosiano's accounts, with the IOR (Vatican Bank) as the main shareholder. Calvi had built a network of offshore shell companies in Panama and the Bahamas to move money out of Italy, in operations where the IOR took a cut. In 1984 the Vatican paid $244 million (some sources cite $250M) to Ambrosiano's creditors as a 'goodwill payment' without admitting responsibility, invoking its sovereign immunity. Michele Sindona, the Sicilian financier who had introduced Calvi to Archbishop Paul Marcinkus (head of IOR), died in 1986 in an Italian prison after drinking coffee laced with potassium cyanide. The case is parallel to BCCI (1991) as a foundational milestone of modern AML enforcement. The IOR remained under scrutiny: in 2010 Italian magistrates froze €23-30 million from the IOR for AML reporting breaches; in 2013 Pope Francis launched the most aggressive reforms (closure of suspect accounts, external audits, first-ever financial reports, compliance with international standards).

September 26, 2020 SC confirmed

Seychelles: KuCoin $281M hack Sep 2020 — DPRK Lazarus (84% recovered, atypical recovery case)

On **September 26, 2020**, **KuCoin** (a large cryptocurrency exchange registered in Seychelles, founded by Michael Gan, popular in Asia) suffered a **~$281 million USD hack** when attackers gained access to the private keys of the exchange's hot wallets. Blockchain analysis firms (**Chainalysis + Elliptic**) attributed the hack to **DPRK's (North Korea) Lazarus Group** — another case in the pattern of **DPRK crypto theft as proliferation finance**. The notable part of this case: unlike many hacks, **KuCoin managed to recover ~84% of the stolen funds (~$240M)** thanks to an unprecedented coordinated response: **many token projects whose contracts were among those stolen (USDT, various ERC-20) froze or reissued the tokens** in the hacker's wallets, KuCoin worked with other exchanges to freeze funds when the hacker tried to liquidate them, and used insurance + own capital to cover the rest. KuCoin fully reimbursed its users. The case is referenced as **one of the best examples of coordinated hack recovery** + part of the Lazarus series. Separately, KuCoin faced DOJ charges in the US in 2024 for operating without an AML/BSA license ($300M settlement 2025). Seychelles is supervised by the FSA + is an ESAAMLG member.

June 20, 2019 MX confirmed

Mexico: Walmart $282M FCPA settlement Jun 2019 — Walmex permit bribes + NYT Pulitzer investigation 2012

On **June 20, 2019**, **Walmart Inc** agreed to pay **$282 million USD in DOJ + SEC settlement** for FCPA violations — culminating a 7-year investigation catalyzed by the **New York Times investigation (David Barstow, April 2012, 2013 Pulitzer Prize winner)** that revealed **Walmart de México (Walmex)** had paid **~$24 million in bribes to Mexican officials** between 2003-2005 to accelerate store construction permits (Mexico's largest retail network). The NYT investigation documented that **Walmart corporate HQ (Bentonville, Arkansas) had suppressed an internal 2005-2006 investigation** into the Mexico bribes to protect Walmex's aggressive growth (which opened 1 store every day at its peak). The final settlement covered not only Mexico but **Brazil, China and India** where Walmart subsidiaries also paid bribes via 'third-party intermediaries' without due diligence. **Settlement breakdown**: $138M DOJ criminal + $144M SEC disgorgement. Walmart entered a **3-year DPA (Deferred Prosecution Agreement)** + independent compliance monitor. The case cost Walmart **$900M+ in internal investigation + legal fees** (one of the highest FCPA investigation costs in history). Walmart implemented massive global compliance reforms. The case is referenced as **one of the paradigmatic examples of FCPA enforcement against US multinationals in emerging markets** + the role of investigative journalism (NYT Pulitzer) in catalyzing enforcement. **Walmex remains Mexico's largest retail chain** (Walmart Supercenter, Bodega Aurrera, Sam's Club, Superama). Mexico is a GAFILAT member.

January 27, 2025 SC confirmed

KuCoin: ~$297M in 2025, pleaded guilty to operating unlicensed and violating the BSA

On January 27, 2025, Peken Global Ltd (Seychelles), KuCoin's operator, pleaded guilty in the Southern District of New York to operating an unlicensed money transmitting business and agreed to pay more than USD 297.4 million (USD 184.5 million forfeiture and USD 112.9 million fine). Prosecutors found KuCoin failed to implement effective AML/KYC programs or register with FinCEN, allowing billions in suspicious transactions, including darknet-market, ransomware and fraud proceeds. KuCoin was to exit the US market for at least two years, and founders Chun Gan ('Michael') and Ke Tang ('Eric'), indicted in March 2024, stepped away from management. On March 31, 2026, the CFTC also obtained a court order permanently barring Peken Global from the US unless it registers as a foreign board of trade, with a USD 500,000 civil penalty.

July 11, 2023 AU confirmed

Crown Resorts: AUD 450M (~$300M) in 2023, the largest AML fine against a non-financial entity

On July 11, 2023, the Federal Court of Australia ordered Crown Melbourne and Crown Perth to pay AUD 450 million (~USD 300 million) in instalments over two years for breaching the 2006 AML/CTF Act — one of the largest penalties ever imposed on a casino globally. After AUSTRAC's investigation and the public inquiries that rocked the group, Crown admitted its AML/CTF programs were not based on appropriate risk assessments, lacked adequate systems and controls, and had no appropriate board and senior-management oversight, allowing high-risk activity in its casinos. The settlement was filed on May 30, 2023, after state gaming regulators found Crown 'unsuitable' to operate in Victoria, Western Australia and New South Wales; the group had been acquired by Blackstone in 2022. It was AUSTRAC's third casino action, alongside Star and SkyCity.

May 31, 2024 JP confirmed

Japan: DMM Bitcoin $305M hack May 2024 — DPRK Lazarus/TraderTraitor (exchange closed in 2025)

On **May 31, 2024**, **DMM Bitcoin** (a Japanese cryptocurrency exchange, part of the DMM Group conglomerate) suffered the theft of **~4,502 Bitcoin (~$305 million USD)** — one of the largest crypto hacks of 2024 and the third major Japanese exchange hack (after Mt. Gox and Coincheck). The **FBI, together with Japan's NPA (National Police Agency), officially attributed the hack to the 'TraderTraitor' group (a subdivision of DPRK's Lazarus Group)** in December 2024 — the attack used social engineering against an employee of a contractor company (Ginco) that handled DMM's wallet infrastructure. It is another case in the pattern of **DPRK crypto theft as proliferation finance**. DMM Bitcoin **fully reimbursed its users** (with DMM Group backing, ~$320M in injected funds) but, unable to recover from the blow, **announced the closure of its operations and the transfer of accounts to SBI VC Trade** in early 2025. The **Japan FSA** issued improvement orders. The case reinforces: the Lazarus pattern in Japanese exchanges, the attack vector via **third parties/contractors in the supply chain**, and Japan's role as a mature but recurrently attacked crypto market. It is part of the 2024 Lazarus series (along with WazirX). Japan is a FATF + APG member.

December 3, 2025 TH confirmed

Thailand: offensive against the scam economy; freezes over 300 million laundered from the border compounds

Thailand is at once a victim, a transit route and, since 2025, a spearhead of the offensive against Southeast Asia's online scam industry, a multibillion-dollar economy operated largely by Chinese criminal networks from fortified compounds across the border, in Myanmar (Myawaddy, KK Park, Shwe Kokko) and in Cambodia, where thousands of people are forced to work on 'pig butchering' fraud (romance scams with fake cryptocurrency investments). On February 5, 2025, after the uproar over the abduction of Chinese actor Wang Xing and pressure from Beijing, Thailand cut electricity, internet and fuel to the hubs of Myawaddy, Payathonzu and Tachileik. Later, on December 3, 2025, an inter-agency team dubbed 'Uproot Transnational Scammers' —including the Justice Ministry, the police and the Anti-Money Laundering Office (AMLO)— announced the seizure or freezing of more than 10 billion baht (about USD 312 million) laundered through two Bangkok banks from the scam centers in Cambodia and Myanmar, with arrests for criminal association, fraud and money laundering. Investigations point to the use of real estate and private aviation to hide the money trail, and connect with the US case against the Cambodian conglomerate Prince Group and its founder, Chen Zhi, for operating forced-labor scam compounds. On the preventive side, the Bank of Thailand (BOT) and AMLO have cancelled large numbers of 'mule accounts' used to move fraud proceeds. Supervision rests with the BOT and AMLO as the financial intelligence unit, with Thailand a member of the APG.

February 2, 2022 US confirmed

US: Wormhole bridge hack $325M Feb 2022 — Jump Crypto replaced the funds (120K ETH)

On **February 2, 2022**, **Wormhole** (cross-chain bridge between Solana and Ethereum, one of DeFi's most used) suffered a **$325 million USD hack** (120,000 wETH) — one of the largest DeFi hacks in history. The attacker exploited a vulnerability in the bridge's signature validation that allowed 'minting' 120,000 wETH (wrapped ETH) on Solana without depositing the corresponding collateral on Ethereum. The notable part: **Jump Crypto** (the trading firm backing Wormhole via Jump Trading) **replaced the $325M from its own capital in less than 24 hours** to avoid the protocol's insolvency and maintain wETH parity — an unprecedented private bailout that demonstrated the institutional backing behind some DeFi protocols. The stolen funds were never recovered from the hacker (unlike Poly Network). The case is part of the **2021-2022 cross-chain bridge hack pattern** (Wormhole, Ronin, Poly Network, Nomad, Harmony) that exposed bridges as the weakest link in DeFi security — they concentrate huge amounts of value with complex attack surfaces. The FBI + Chainalysis investigated but it was not publicly attributed to a state actor (unlike Ronin/Lazarus).

August 10, 2023 LB confirmed

Lebanon: trilateral sanctions (US/UK/Canada) on former BdL governor Riad Salameh in Aug 2023

On August 10, 2023, the US (OFAC), UK and Canada imposed simultaneous sanctions on Riad Salameh, former governor of the Banque du Liban (BdL) for 30 years (1993-2023), for 'abusing his position of power, likely in violation of Lebanese law, to enrich himself and his associates by funneling hundreds of millions of dollars through layered shell companies to invest in European real estate' (US Treasury). The sanctions also covered his brother Raja Salameh, Marianne Hoayek (assistant), Anna Kosakova (romantic partner, without Canadian sanction) and Nady Salameh (US only). Six European countries are investigating in parallel: France, Germany, Switzerland, Luxembourg, Belgium and Liechtenstein. Swiss prosecutors estimated in 2020 that the Salameh brothers had embezzled >$330M from the central bank between 2002-2015, transferred to a British Virgin Islands company controlled by Raja and then to their Swiss accounts (~$248M to Raja's account). In March 2022, Eurojust coordinated the freezing of €120M in assets across France, Germany, Luxembourg, Monaco and Belgium. After the trilateral sanctions, frozen assets exceeded $200M. France and Germany issued arrest warrants with Interpol Red Notices, but Lebanon does not extradite its nationals. Salameh was charged in Lebanon in February 2023 with embezzlement and money laundering.

August 1, 2022 GE confirmed

Georgia/global: Forsage $340M smart contract Ponzi Aug 2022 — largest documented 'on-chain' Ponzi

On **August 1, 2022**, the **SEC sued Forsage** and its four founders for operating a **$340 million USD Ponzi/pyramid scheme executed entirely through blockchain smart contracts** — one of the first and largest cases of a fully automated 'on-chain Ponzi'. Forsage (launched in January 2020) operated through smart contracts on Ethereum, Tron and Binance Smart Chain that **automated the pyramid scheme's payments** — participants paid in crypto to 'buy slots' and earned commissions by recruiting others, without any real underlying product or investment. The main founder, **Lado Okhotnikov** (a Russian/Georgian citizen), along with three other founders (Russia, Georgia and Indonesia), promoted the scheme globally attracting millions of victims (especially in the Philippines, US). The distinctive part: Forsage claimed to be **'decentralized and unstoppable' precisely because it ran on smart contracts** — a 'code is law' argument used to evade responsibility. The SEC + DOJ pursued the founders. The case is referenced as **the paradigmatic example of the automated blockchain Ponzi + the regulatory challenge of schemes operating via smart contracts**. Georgia is a MONEYVAL member. It demonstrated that 'decentralization' does not exempt from securities laws.

December 13, 2021 GB confirmed

NatWest: £264.8M (~$350M) in 2021, the first criminal AML conviction of a British bank

NatWest was sentenced in December 2021 to a £264.8 million fine (~$350 million) after pleading guilty to three offences of breaching anti-money-laundering rules: the first time the FCA criminally prosecutes a bank for AML failures. The case centred on customer Fowler Oldfield, a Bradford jeweller that deposited around £365 million (£264 million in cash) between 2012 and 2016, with bags of musty-smelling notes deposited at ~50 branches. The judge said that without the bank's failures 'the money could not be effectively laundered'.

February 7, 2018 NL confirmed

Rabobank: $369M in 2018, pleaded guilty to concealing AML failures from regulators

Rabobank's US unit (Rabobank N.A.) pleaded guilty in 2018 and agreed to a $369 million forfeiture for allowing the laundering of hundreds of millions from drug trafficking and other illicit activities on the Mexican border, and —a key aggravator— for deliberately concealing its AML program deficiencies from its regulator, the OCC. The cover-up, not just the failure, was the core of the criminal case.

December 16, 2023 VA confirmed

Vatican: first cardinal convicted in 500 years — Becciu 5.5 years for embezzlement (Dec 2023)

On December 16, 2023, the Vatican City Tribunal sentenced Cardinal Angelo Becciu, former substitute of the Secretariat of State (third-highest Vatican office), to 5 years and 6 months in prison on two counts of embezzlement and one of aggravated fraud, along with an €8,000 fine and perpetual public office disqualification. He is the first cardinal to be tried and convicted by a Vatican court in 500 years. The trial, dubbed the 'Trial of the Century' by Vatican experts, was presided over by Italian anti-mafia judge Giuseppe Pignatone over 86 hearings spanning 600+ hours. The case revolved around the Vatican Secretariat of State's €350 million investment in developing a Sloane Avenue building (London, former Harrods warehouse) converted into luxury apartments. Prosecutors alleged monsignors and brokers siphoned tens of millions in fees and commissions, then extorted the Vatican for €15M to cede control of the building. Other convicted: Raffaele Mincione (5.5 years, embezzlement+self-laundering+corruption), Gianluigi Torzi (6 years, aggravated fraud+extortion+laundering), Cecilia Marogna (3 years 9 months), Enrico Crasso, Fabrizio Tirabassi. Combined total: 37 years of prison. The investigation lasted 2 years and resulted in a 487-page indictment after unprecedented raids on the Secretariat of State offices. Appeal pending before a 6-judge Court of Appeal.

March 19, 2020 SE confirmed

Swedbank: SEK 4bn (~$386M) in 2020, record Swedish fine over the Baltic scandal

Sweden's financial authority (Finansinspektionen) fined Swedbank SEK 4 billion (~$386 million) in March 2020 for serious, systematic deficiencies in its anti-money-laundering work in its Baltic operations, and for withholding information from the authority. The bank had accepted clients in Estonia without identifying the real owners; the scandal linked to Danske's and cost its leadership their jobs.

January 15, 2021 US confirmed

Capital One: $390M from FinCEN in 2021 for failing to file thousands of suspicious activity reports

FinCEN imposed a $390 million civil penalty on Capital One in January 2021 for willful and negligent Bank Secrecy Act violations. The bank admitted willfully failing to maintain an effective AML program and to file thousands of suspicious activity reports (SARs) in its Check Cashing Group between 2008 and 2014, leaving millions in transactions linked to organized crime and tax evasion unreported.

July 4, 2022 SG confirmed

Singapore/India: Vauld collapse Jul 2022 — $400M+ frozen (crypto winter contagion)

On **July 4, 2022**, **Vauld** (a crypto lending/borrowing platform based in Singapore but founded by Indians **Darshan Bathija and Sanju Sony Kurian**, operated by Defi Payments Pte Ltd, popular in India and Southeast Asia) **suspended all withdrawals, trading and deposits** with ~$400 million+ in liabilities to ~800,000 users — another victim of the 2022 crypto winter domino effect (after Terra/Luna, Celsius, 3AC, Voyager). Vauld had promised high returns on crypto deposits and suffered a withdrawal run (~$200M withdrawn in weeks) after the Terra/Luna collapse + market decline. The company sought creditor protection (moratorium) in a Singapore court. **Nexo** (another crypto lending platform) announced its intention to acquire Vauld, but the **deal collapsed** after due diligence. Users were trapped in a long restructuring process. The case is part of the **2022 crypto winter crypto lending collapse cluster** and notable for illustrating the impact on **emerging Asian markets** (India is one of the world's largest crypto markets by users). Singapore, Asia's fintech/crypto hub, saw multiple collapses in its jurisdiction (3AC, Vauld, Hodlnaut, Zipmex) that led the MAS to tighten its crypto regulation. Singapore is a FATF + APG member.

July 17, 2025 UY confirmed

Uruguay: the collapse of Conexión Ganadera, the country's largest cattle-investment scam, leads to a money-laundering case

Uruguay's biggest recent financial-fraud case is the collapse of the cattle-investment funds, led by Conexión Ganadera, the largest firm in the sector (25 years' track record and about 4,300 investors). These companies took in the savings of small, medium and large investors —many with no ties to the sector— with the promise of buying cattle and paying a fixed return of at least 7% a year; according to the courts and experts, they operated as a Ponzi scheme, in which returns were paid with new investors' money. The system collapsed when that inflow stopped: first Grupo Larrarte fell (mid-2024), then República Ganadera and finally Conexión Ganadera, which acknowledged liabilities of about USD 400 million against assets of barely 150 million, a deficit close to 250 million. In all, the crisis affected between 6,000 and 7,000 people —including foreign investors— and was compared, for its scale, to the 2002 banking crisis. A peculiarity of the case is that these 'cattle-capitalization contracts' were not regulated by the Central Bank of Uruguay (BCU), which opened a debate over the supervisory gap. The case is led by the Money Laundering Prosecutor: its head, Enrique Rodríguez, said he had never seen a case of this magnitude, is investigating a web of 14 to 15 companies, requested international cooperation from countries in the Americas and Europe and requires large investors to prove the origin of their funds; the National Secretariat for the Fight against Money Laundering (SENACLAFT) concluded that the company had been loss-making for years while still distributing profits. Co-founder Gustavo Basso died in November 2024 in a crash that the courts ruled a suicide; his partner Pablo Carrasco was charged with fraud and money laundering and sent to preventive prison on July 17, 2025, along with other people under investigation. Financial supervision rests with the BCU and SENACLAFT, with Uruguay a member of GAFILAT.

September 7, 2021 SV confirmed

El Salvador: Sept 7 2021 adopts Bitcoin as legal tender — world's first nation + Bukele regime

On **September 7, 2021**, El Salvador became the **first nation in the world to adopt Bitcoin as legal tender** alongside the USD (already in use since 2001 post-dollarization). The **Bitcoin Law** (approved by the Nuevas Ideas-controlled Legislative Assembly on June 9, 2021) requires merchants to accept BTC. The **Nayib Bukele** government (President since June 2019, reelected in February 2024 with 84% of the vote despite constitutional prohibition of consecutive reelection) launched **Chivo Wallet** (managed by Athena Bitcoin) with $30 BTC bonus for users. El Salvador has accumulated **~6,000 BTC in state reserves** (~$400M value 2024) under DCA (Dollar-Cost Averaging) policy — IMF and World Bank expressed concerns (IMF rejected BTC program but negotiated $1.4B loan Dec 2024 conditional on declassifying BTC as legal tender — legislative modification Jan 2025). The **Central Reserve Bank (BCR)** and the Superintendence of the Financial System (SSF) supervise the financial sector under the framework of the Law against Money Laundering and Asset Laundering 1998 (amended in 2014). Specific Salvadoran AML risks: **state of exception** decreed in March 2022 (suspended constitutional rights after homicide pandemic — 88K detentions, Bukele's CECOT prison inaugurated 2023 capacity 40K inmates, world's largest 'mega-prison'), dramatic homicide reduction (from 103 per 100K in 2015 to 2.4 in 2024 — but accusations of MS-13/Barrio 18 gang pacts documented by El Faro and InsightCrime), Salvadoran diaspora (3M+ in US, $7B annual remittances = 25% GDP). Banking sector: Banco Cuscatlán (PROMERICA subsidiary), Banco Agrícola, Banco Davivienda El Salvador, BAC Credomatic. El Salvador is a GAFILAT member.

July 7, 2023 CN confirmed

Tenpay (Tencent): CNY 3bn (~$420M) from the PBOC in 2023 for AML and payment failures

The PBOC fined Tenpay (财付通), Tencent's payments unit, CNY 3 billion (~$420 million) in July 2023 for money-laundering-prevention and payment-rules breaches. Together with the Ant Group fine, it marked China's largest regulatory offensive against payment fintechs, in a year when payments concentrated the largest sanction amount.

February 28, 2014 JP confirmed

Japan: Mt. Gox collapse Feb 2014 — 850,000 BTC ($450M then, ~$50B 2024) + first major crypto exchange collapse

On **February 28, 2014**, **Mt. Gox** (Tokyo-based, the world's largest Bitcoin exchange at its peak — handled **~70% of all global Bitcoin transactions 2013**) declared bankruptcy after revealing the **loss/theft of ~850,000 Bitcoin** (~750,000 from customers + 100,000 own), valued at **~$450 million USD at the time** — but which would be worth **~$50 billion at 2024 prices** ($60K/BTC). It was the **first major collapse of a crypto exchange in history**, a traumatic event that marked the early crypto industry. Mt. Gox (originally 'Magic: The Gathering Online Exchange', hence the name) was acquired by **Mark Karpelès** (French programmer) in 2011. The causes of the collapse: a combination of **sustained hacking over years (2011-2014, hackers drained BTC gradually without detection)**, poor technical management, buggy software, and possible internal fraud. **Mark Karpelès** was arrested in Japan in August 2015, tried by the Tokyo District Court — **convicted in 2019 for falsifying records (data manipulation) but ACQUITTED of embezzlement**, received a **2.5-year suspended sentence** (didn't go to prison). Subsequent investigations (WizSec + Chainalysis) attributed much of the theft to **Alexander Vinnik** (operator of the Russian exchange BTC-e — Vinnik laundered the stolen Mt. Gox BTC via BTC-e). After 10 years of bankruptcy proceedings, **Mt. Gox creditors began receiving reimbursements in BTC/BCH in 2024** (~142,000 BTC distributed, a massive gain for those who waited given Bitcoin's appreciation). The case is referenced as **the foundational trauma of the crypto industry + the paradigmatic example of centralized custody risk ('not your keys, not your coins')**. Japan (124M inhabitants) implemented after Mt. Gox **the world's first crypto regulation (Payment Services Act 2017)** — Japan FSA pioneer. Japan is a FATF + APG member.

July 15, 2020 MX confirmed

Mexico: Emilio Lozoya (ex-Pemex CEO) extradited from Spain Jul 2020 — Odebrecht + Agronitrogenados + Peña Nieto era

On **July 15, 2020**, **Emilio Lozoya Austin** (Pemex Director General 2012-2016 under Enrique Peña Nieto government, former PRI international campaign coordinator) was **extradited from Spain to Mexico** after being arrested in Málaga in February 2019 — the most prominent corruption case of the Peña Nieto sexenio (PRI, 2012-2018). FGR accusations: **(1) Odebrecht** — Lozoya received **$10.5 million USD in bribes** from Brazilian construction company Odebrecht (Lava Jato connection) in exchange for Pemex contracts (Tula refinery, etc.) + financing of Peña Nieto's 2012 presidential campaign; **(2) Agronitrogenados/Fertinal** — Lozoya orchestrated the **fraudulent purchase of the scrap Agronitrogenados plant from Altos Hornos de México (AHMSA, Alonso Ancira's Grupo Acerero del Norte)** for **$475M (overvalued, non-functioning plant)** in 2014 — Lozoya received ~$3.4M in commissions. **Alonso Ancira** (AHMSA owner) arrested in Mallorca 2019, extradited 2021. Lozoya **negotiated cooperation agreement (cooperator/whistleblower)** with FGR — implicated Peña Nieto, Luis Videgaray (former Finance Secretary), multiple PAN/PRI senators for vote-buying for the 2013 Energy Reform. Lozoya **was under house arrest, then preventive prison Reclusorio Norte since Nov 2021**, multiple delays in his trial (pending 2026). The AMLO government (MORENA, 2018-2024) + Claudia Sheinbaum (2024+) has used the case politically. **The Bank of Mexico (Banxico)**, CNBV (National Banking and Securities Commission) and UIF (Financial Intelligence Unit, led by Santiago Nieto 2018-2021) supervise the sector. Mexico is a GAFILAT member + FATF observer.

June 20, 2018 AU confirmed

Commonwealth Bank: AUD 700M (~$477M) in 2018 for failing to report 53,500 transactions

On June 20, 2018, the Federal Court of Australia ordered the Commonwealth Bank of Australia (CBA), the country's largest bank, to pay AUD 700 million (~USD 477 million) for breaching the 2006 AML/CTF Act — at the time, the largest civil penalty in Australian corporate history. AUSTRAC had sued the bank in 2017 after finding its Intelligent Deposit Machines were exploited by criminal networks: CBA failed to file on time about 53,506 threshold transaction reports (worth ~AUD 625 million), failed to adequately assess the risks of those machines, and was slow to act despite alerts. AUSTRAC CEO Nicole Rose said the case would make AML/CTF compliance a regular boardroom topic. The case helped precipitate the departure of CEO Ian Narev.

February 24, 2025 US confirmed

OKX: $504M for sanctions breaches at the crypto exchange

On February 24, 2025, Aux Cayes Fintech Co. Ltd — the Seychelles entity operating OKX, one of the world's largest crypto exchanges — pleaded guilty in the Southern District of New York (Judge Katherine Polk Failla) to one count of operating an unlicensed money transmitting business and agreed to pay more than USD 504 million: USD 420.3 million in forfeiture and USD 84.4 million in fines. Prosecutors said that from 2018 to early 2024 OKX breached its own policy barring US users, facilitated more than USD 5 billion in suspicious transactions and let US customers trade more than USD 1 trillion; one employee even coached a customer on circumventing the restrictions. OKX did not use monitoring software until about May 2023 and will keep an external compliance consultant through February 2027. Its counsel stressed that the deal included no money-laundering charges.

May 5, 2025 CH confirmed

Credit Suisse: $511M for facilitating tax-evasion schemes linked to AML lapses

On May 5, 2025, Credit Suisse Services AG (now part of UBS) pleaded guilty in the US (DOJ Tax Division and the Eastern District of Virginia US Attorney's Office) to conspiring to help US taxpayers hide more than USD 4 billion from the IRS in at least 475 offshore accounts from 2010 to 2021, and agreed to pay USD 510.98 million in penalties, restitution and forfeiture. The DOJ found the conduct — falsifying records, processing fictitious donation paperwork and servicing more than USD 1 billion in accounts without tax-compliance documentation — breached the bank's 2014 plea agreement (under which it had already paid USD 2.6 billion). The bank also signed a non-prosecution agreement over undeclared US accounts at its Singapore branch. UBS, which acquired Credit Suisse in 2023, said it was not involved in the underlying conduct.

January 26, 2018 JP confirmed

Japan: Coincheck $530M hack Jan 2018 — NEM (XEM) theft, largest crypto hack at the time

On **January 26, 2018**, **Coincheck** (one of Japan's largest cryptocurrency exchanges) suffered the theft of **~$530 million USD in NEM (XEM) tokens** — at the time the **largest crypto exchange hack in history** (surpassing Mt. Gox in nominal value). The attackers accessed the private keys of Coincheck's NEM 'hot wallet', which was **insecurely stored** (without multi-signature, connected to the internet) — a basic security failure. ~260,000 users were affected. Unlike Mt. Gox, **Coincheck reimbursed affected users from its own capital** (~$430M at reimbursement prices) in March 2018. The **Japan FSA (Financial Services Agency)** issued a **'business improvement order'** + intensified supervision of all Japanese exchanges after the incident (Japan had already been a pioneer in crypto regulation with the Payment Services Act 2017 post-Mt.Gox). Coincheck was subsequently **acquired by Monex Group** (April 2018) as part of its rescue/restructuring. Subsequent analyses (though not officially confirmed) suggested possible involvement of DPRK-linked actors in laundering the stolen NEM. The case is referenced as **the second great trauma of the Japanese crypto industry (after Mt. Gox)** + an example of the risk of inadequately secured hot wallets. Japan is a FATF + APG member.

October 19, 2021 MZ confirmed

Mozambique: TUNA BONDS case — Credit Suisse $475M + new UBS charges Dec 2025 — 1.9M pushed into poverty

On October 19, 2021, Credit Suisse Group AG and its London subsidiary CSSEL agreed to pay $475M in fines to DOJ, SEC, UK FCA and Swiss FINMA over the Mozambique TUNA BONDS scandal. Additionally, Credit Suisse agreed to write off $200M in Mozambique debt. Between 2013-2017, Credit Suisse arranged loans of $2+ billion for 3 Mozambican state-owned companies (EMATUM, MAM, ProIndicus) ostensibly for tuna fishing fleets and maritime security. In reality: $50M in kickbacks to Credit Suisse bankers (Andrew Pearse, Surjan Singh, Detelina Subeva) + $150M in bribes to Mozambican officials (including Manuel Chang, former Finance Minister). Privinvest and Iskandar Safa paid $100+M in bribes. Catastrophic result for Mozambique: sovereign default, IMF support withdrawal, metical devaluation, **1.9 MILLION people pushed below the poverty line** (largest increase in the country's history according to Center for Public Integrity 2019). Manuel Chang was arrested in South Africa in 2018, extradited to the US and sentenced in January 2024 to **8 and a half years in federal prison**. On December 1, 2025, the Swiss Office of the Attorney General (OAG) announced **criminal charges against UBS and legacy Credit Suisse**, marking a new phase of the case 4 years after the original settlement. The UK FCA banned 3 individual executives (Pearse and Singh Feb 2025; Subeva 2025 after admitting $200K kickbacks). Mozambique exited the FATF grey list in October 2025.

April 19, 2021 NL confirmed

ABN Amro: €480M (~$583M) in 2021, deemed 'culpable' in aiding criminal groups

On April 19, 2021, ABN Amro — the Netherlands' third-largest bank, state-owned — accepted a EUR 480 million (~USD 583 million) settlement offered by the Dutch Public Prosecution Service (Openbaar Ministerie) to resolve a money-laundering investigation: a EUR 300 million fine and EUR 180 million in profit disgorgement. The prosecutor concluded the bank structurally violated the Anti-Money Laundering and Counter-Terrorism Financing Act (WWFT) from 2014 to 2020 — failures in client acceptance, transaction monitoring and client exit (the 'Client Life Cycle' processes) — to the point of accusing it of 'culpable money laundering': various clients were able to abuse their accounts for years. The prosecutor named three former board members as suspects, including former CEO Gerrit Zalm; one of them, Chris Vogelzang, resigned as Danske Bank CEO when it emerged. The penalty hit the bank's first-quarter 2021 results.

January 19, 2017 US confirmed

Western Union: $586M in 2017 for an ineffective AML program and enabling fraud

Western Union admitted anti-money-laundering violations in January 2017 and agreed to pay $586 million with the DOJ and FTC. The remittance company acknowledged turning a blind eye to criminals using its service for fraud and laundering, even ignoring evidence that its own agents were complicit. 39 agents were charged in the US and Canada. It is one of the major money-transfer-sector cases.

August 10, 2021 CN confirmed

China: Poly Network $611M hack Aug 2021 — hacker returned all funds (atypical case)

On **August 10, 2021**, **Poly Network** (cross-chain interoperability DeFi protocol between Ethereum, BSC and Polygon) suffered a **$611 million USD hack** — at the time the **largest DeFi hack in history** (later surpassed by Ronin). The attacker exploited a vulnerability in the bridge's smart contracts that allowed altering the 'keeper' role and authorizing transfers. The extraordinary part of the case: the hacker, self-named **'Mr. White Hat'**, **began returning the funds voluntarily the next day**, claiming he did it 'for fun' and 'to expose the vulnerability'. Poly Network offered him a **$500,000 bug bounty** + asked him to be its 'Chief Security Advisor'. Within ~2 weeks, **virtually all $611M was returned**. The quick return was attributed partly to **Tether freezing $33M in USDT** from the hacker + the difficulty of laundering such large and traceable sums (Chainalysis + SlowMist publicly traced the wallets). The case is referenced as **an atypical example of 'ethical hacking'** in DeFi + a demonstration that blockchain transparency makes laundering large hacks difficult + paradigm of the **security risk of cross-chain bridges** (Poly Network, Ronin, Wormhole, Nomad, Harmony were targeted for $2.5B+ combined 2021-2022). Poly Network suffered a smaller second hack in 2023.

March 23, 2022 SG confirmed

Singapore/Vietnam: Ronin Bridge hack $625M Mar 2022 — DPRK Lazarus (largest DeFi hack in history)

On **March 23, 2022**, the **Ronin Network** (Ethereum sidechain supporting **Axie Infinity**, the world's most popular 'play-to-earn' game in 2021, developed by **Sky Mavis** — a Vietnamese/Singaporean company) suffered **the largest DeFi/crypto hack in history to that point: $625 million USD** (173,600 ETH + 25.5M USDC). The attackers compromised 5 of the bridge's 9 validator keys (including one via a spear-phishing attack with a fake job offer to a Sky Mavis engineer). The **FBI officially attributed the hack to DPRK's (North Korea) Lazarus Group in April 2022** — confirming that the North Korean regime uses crypto hacks as a **primary funding source for its weapons program (proliferation finance)**. OFAC **sanctioned Lazarus's wallets** + subsequently **sanctioned the Tornado Cash mixer (August 2022, case Tornado Cash (2022))** that Lazarus used to launder part of the Ronin funds. Sky Mavis **reimbursed users** (with help from a $150M funding round led by Binance) + restored the bridge with improved security. The case is paradigmatic of: **(1) DPRK crypto theft as proliferation finance** (UN Panel of Experts estimates DPRK stole $3B+ in crypto 2017-2023); **(2) the security risk of cross-chain bridges** (which were targeted in $2B+ in hacks 2021-2022: Ronin, Wormhole, Poly Network, Nomad, Harmony). It is part of the Lazarus pattern (Bangladesh Bank 2016, Bybit 2025).

February 26, 2021 MY confirmed

Malaysia: MYR 2.83B ($680M) from BNM to AmBank in Feb 2021 — absolute record over 1MDB scandal

On February 26, 2021, Bank Negara Malaysia (BNM) imposed on AMMB Holdings Berhad (AmBank Group) a fine of MYR 2.83 billion (~$680M USD), the largest AML/CFT sanction in the history of the Malaysian supervisor. AmBank was investigated for its role in the alleged misappropriation of MYR 4.5 billion ($1.08B) from the Malaysian sovereign fund 1Malaysia Development Berhad (1MDB), including the handling of personal accounts of former Prime Minister Najib Razak (sentenced to 12 years prison in August 2020 for related cases). The sanction included the order to establish 'robust systems and processes to enhance the due diligence framework' at AmBank. The case is part of the complete 1MDB package of approximately $4.5B USD globally recovered (Goldman Sachs $2.9B in 2020, Goldman Sachs Malaysia $3.9B in 2020, MAS Singapore sanctions in 2016-2017 on 8 institutions including BSI Bank closed, etc). Repercussions continue: in 2023, Muhyiddin Yassin (also former PM) was arrested by MACC for cases related to AMLA and abuse of power. In 2024, Najib was ordered to enter defense in a second 1MDB corruption trial.

October 27, 2017 GQ confirmed

Equatorial Guinea: Teodorin Obiang $700M+ asset seizures — France/US/UK/Switzerland (Oct 2017)

On October 27, 2017, Teodorin Nguema Obiang Mangue (son of Equatorial Guinea dictator Teodoro Obiang Nguema Mbasogo, President since Aug 3 1979 — 45 years in power, the longest-serving dictator in the world) was sentenced in absentia by Paris Tribunal de Grande Instance for embezzlement of €150M of Equatorial Guinea state funds 2008-2011, used to fund his French lifestyle: Avenue Foch penthouse ($180M), 11 super-cars (Bugatti Veyron, Ferrari Enzo, Bentleys, Aston Martins, Maybachs, Lamborghinis), $40M in art (Whistler, Renoir, Manet, Degas), $1.4M Michael Jackson glove (Cirque du Soleil auction), super-yacht 'Ebony Shine' $400M (ordered 2014). Conviction: 3 years suspended + €30M fine + asset seizure. US DOJ agreed $30M settlement with Teodorin Oct 2014 ($30M + Malibu mansion $30M + Michael Jackson memorabilia $1M, donated to Equatorial Guinea charities — controversial). UK National Crime Agency confiscated Bugatti Veyron 2019. Brazil seized $16M in jewelry 2018. Switzerland froze accounts 2016. Total globally seized assets: $700+ million. Teodorin Obiang was named Equatorial Guinea Vice-President in June 2016. His father is preparing him for succession. Equatorial Guinea (1.6M inhabitants) produces ~250,000 barrels daily of oil and has enriched the regime estimated $20B+ since ExxonMobil + Marathon Oil discoveries 1995. Operates Central African CFA franc XAF (BEAC supervision). GABAC member. TI CPI: position #173 of 180.

January 18, 2023 RU confirmed

Bitzlato: $700M and FinCEN's first use of its 'primary money laundering concern' power

In January 2023, US and European authorities dismantled the Bitzlato exchange, designated by FinCEN as a 'primary money laundering concern' —the first use of that authority— for moving over $700 million in suspect funds between 2016 and 2022. Its owner, Russian national Anatoly Legkodymov, was arrested in Miami. Five people were arrested (in Cyprus, Spain and the US) and around €68 million in crypto and accounts were frozen. Bitzlato was a key source and destination of funds from the Hydra market and the sanctioned exchange Garantex.

December 31, 2023 CN confirmed

China: the PBOC issued 996 AML fines totaling CNY 5.22bn in 2023 (+798%)

In 2023 the People's Bank of China (PBOC) and its branches issued 996 money-laundering-related fines totaling CNY 5.22 billion (~$720 million), a 798% increase over the prior year. Banks were the most sanctioned by count (349 institutions), though payment fintechs concentrated the largest amount. AML fines were 60% of the PBOC's total sanction count and 91% of the amount.

December 31, 1995 FR confirmed

France: Crédit Lyonnais nationalized 1995 — Executive Life fraud $4B + $770M DOJ settlement 2003

Crédit Lyonnais, founded in 1863 in Lyon, was one of France's and Europe's largest banks until its collapse in **1995**, when the French government had to **nationalize it with a $30 billion franc rescue** (~$5-6 billion USD), the largest European bank bailout of its time. The **Executive Life Insurance Company scandal** (California, bought by Crédit Lyonnais in 1991 violating US Glass-Steagall Act which prohibited foreign banks from owning insurers) was the cataclysm: after Executive Life's bankruptcy in 1991, Crédit Lyonnais acquired its assets secretly via nominees, evading US regulations. The California Insurance Commissioner discovered the scheme in 1998 and sued. The **case was settled on December 24, 2003 for $770 million** (one of the largest banking settlements of the era), with Crédit Lyonnais (then owned by Crédit Agricole post-2003 merger) admitting guilt. Crédit Lyonnais was privatized in 1999 after the rescue and eventually absorbed by Crédit Agricole in 2003 (rebrand to 'LCL - Le Crédit Lyonnais'). The case illustrates the legacy of European banks without modern AML/CFT compliance before Basel II + FATF 40 Recommendations. **Jean Peyrelevade**, Crédit Lyonnais CEO 1993-2003, was held responsible by the California court. The Banque de France (French central bank) led the rescue. **The case is referenced in AML literature as a historical example of cross-border banking fraud pre-modern AML era** (similar to BCCI 1991, case BCCI (1991) in this tracker).

January 17, 2017 ID confirmed

Indonesia: Garuda FCPA case — Rolls-Royce £671M settlement + ex-CEO convicted (Jan 2017)

On **January 17, 2017**, **Rolls-Royce plc** (UK aerospace conglomerate) agreed to pay **£671M ($800M USD) in the largest settlement under UK Bribery Act 2010 to that point** — $497M UK SFO + $170M DOJ + $25M Brazilian MPF + smaller settlements in Australia, Singapore, Brazil. The scheme: Rolls-Royce had **paid bribes to aerospace officials in 6+ countries** (Indonesia, Brazil, Thailand, Russia, China, Nigeria, Angola) for **30+ years (1980s-2013)** to influence decisions of Trent series engines vs Pratt & Whitney and GE Aviation competitors. **Indonesia Garuda case**: payments to **Emirsyah Satar** (Garuda Indonesia CEO 2005-2014, first non-government Garuda head, considered modernizer) and **Hadinoto Soedigno** (Garuda Director of Engineering) for Trent 700 + Trent 800 engines contracts for Garuda's 777-300ER fleet. Emirsyah Satar arrested by KPK (Komisi Pemberantasan Korupsi, Indonesia's anti-corruption commission) in August 2017 + sentenced **8 years in Indonesia May 2020** (reduced to 6 years on appeal); also paid **$3.4M USD restitution**. Satar's wife (Andry Soetjipto) and intermediary Tunggal also convicted. Parallel Brazilian case: payments to Embraer + TAM + multiple Brazilian Lava Jato connections. The case was **landmark UK Bribery Act 2010 enforcement** (UK SFO under Director David Green QC + later Lisa Osofsky) + **the most significant FCPA case in Asia-Pacific 2010s post-Siemens 2008**. Garuda Indonesia is **national flag carrier**, has lived **multiple financial restructurings** (suspended NYSE 2007, returned 2024 NYSE listing). Indonesia (280M inhabitants, largest Southeast Asian economy $1.3T GDP) is supervised by BI (Bank Indonesia) + OJK (Otoritas Jasa Keuangan) + PPATK (FIU). APG member.

March 7, 2019 UZ confirmed

Uzbekistan: the Gulnara Karimova case, ~865 million in telecom bribes laundered by the former president's daughter

Uzbekistan's largest corruption and money-laundering case is that of Gulnara Karimova, eldest daughter of former President Islam Karimov and once considered his possible successor. According to US authorities, between roughly 2001 and 2012 Karimova solicited and accepted more than 865 million dollars in bribes from three large telecom operators —Russia's MTS, the Netherlands' VimpelCom (now VEON) and Sweden's Telia (formerly TeliaSonera)— in exchange for using her influence over Uzbek regulators so they could enter and stay in the lucrative Uzbek market; the payments were channeled through shell companies and laundered, in part, through the US financial system. The scandal was resolved through a 'trilogy' of settlements under the US Foreign Corrupt Practices Act (FCPA): VimpelCom paid 795 million (2016), Telia 965 million (2017) and MTS 850 million (2019), bringing the global total of fines and disgorgement to more than 2.6 billion. On March 7, 2019, alongside the MTS settlement, the federal prosecutor's office in New York charged Karimova and former executive Bekhzod Akhmedov with conspiracy to launder money, in one of the largest FCPA cases ever brought; in parallel, the Justice Department sought the forfeiture of more than 850 million held in accounts in Switzerland, Belgium, Luxembourg and Ireland. Karimova, who had been under house arrest since 2014, was convicted in Uzbekistan for fraud and money laundering and sent to prison, with sentences adding several more years; Switzerland and Uzbekistan agreed to return assets through a UN-administered trust fund, although civil-society organizations demanded transparency and that those implicated not benefit again. Financial supervision rests with the Central Bank of Uzbekistan (CBU) and its financial intelligence unit, with the country a member of the Eurasian Group (EAG).

April 30, 2020 IL confirmed

Israel: Bank Hapoalim $874M settlement DOJ + IRS — tax evasion 5,500+ US clients (Apr 2020)

On **April 30, 2020**, **Bank Hapoalim BM** (largest Israeli bank by assets, BPI 4th on Tel Aviv Stock Exchange) agreed to pay **$874 million USD in combined DOJ + IRS settlement** for **'concierge service' that helped ~5,500+ US citizens evade federal taxes** on offshore accounts at Bank Hapoalim Switzerland AG (Zurich) and Bank Hapoalim Luxembourg SA between 2002-2014. It is **the second largest tax evasion settlement against a foreign bank** after Credit Suisse $2.6B (2014, case Credit Suisse EE.UU. (2014)). **Scheme structure**: 1) Advisory to US clients to maintain accounts in Swiss/Luxembourg subsidiaries, 2) Falsification of Forms W-9 (US tax forms), 3) Acceptance of fake **'Form W-8BEN-E'** for non-US declared status, 4) Help in fraudulent structuring via shell companies in Panama, BVI, Cayman. **Settlement breakdown**: $216M DOJ criminal penalties + $169M IRS civil forfeiture + $216M U.S. Federal Reserve civil penalty + $214M Israeli criminal forfeiture (via Israel coordination) + $59M additional fines. **Dov Kotler** (former CEO Hapoalim Switzerland 2008-2014) pleaded guilty individually. **Hayim 'Chaim' Bach** (Hapoalim VP) cooperated. The case forced **massive Israeli banking reform**: end of Hapoalim Switzerland + Luxembourg operations 2017, closure of **all foreign branches focusing on US clients**. Bank Hapoalim is **member of Tel Aviv Stock Exchange (TA-35 index)** and the **largest Israeli bank by assets** ($150B+). It is the only **post-Israeli major bank with criminal conviction**. Israeli banking supervision is under **Bank of Israel + Banking Supervision Department**. Other Israeli banks: **Bank Leumi** (second largest, also paid $400M settlement DOJ 2014 for similar tax evasion case), Mizrahi-Tefahot Bank, Israel Discount Bank, First International Bank of Israel.

July 17, 2012 MX confirmed

Mexico: HSBC Mexico was the Sinaloa cartel's 'gateway' to the US financial system

The US Senate Permanent Subcommittee on Investigations report (chaired by Carl Levin) of July 2012 documented that HSBC Mexico (HBMX) was the focal point of laundering for the Sinaloa cartel and Colombia's Norte del Valle cartel into the US banking system between 2002 and 2009. The Mexican subsidiary moved $7 billion in cash to HSBC's US operation between 2007 and 2008, a volume that 'could only reach that size if they included illegal drug proceeds' according to law enforcement officials. HSBC classified Mexico in its 'lowest risk' category, which excluded $670 billion in transactions from monitoring systems. At least $881 million from Mexican and Colombian cartels were laundered through the group. The Office of the Comptroller of the Currency (OCC) 'tolerated' the bank's lax controls for six years without taking 'a single enforcement action'. The final $1.92 billion settlement of December 2012 covered this case (separately documented), but the specific findings about Mexico established the precedent for all subsequent border cartel cases: Wachovia ($160M, 2010), Banamex USA ($140M FDIC + $97M DOJ, 2015-2017), TD Bank ($3.09B, 2024).

September 4, 2018 NL confirmed

Netherlands: ING Bank pays €775M ($900M) in Sep 2018 — largest AML fine in Dutch history

On **September 4, 2018**, the Dutch Public Prosecutor (Openbaar Ministerie) announced a settlement with **ING Bank N.V.** (largest Dutch bank) for **€775 million ($900M USD)** — **the largest AML fine in Dutch history**. The agreement did not require guilty plea ('Transactie' — Dutch legal figure similar to US DPA). Facts: ING was accused of violating the Wet ter voorkoming van witwassen en financieren van terrorisme (Wwft, Dutch AML Act) and of **systematic structural AML monitoring failures between 2010-2016**. Specific cases investigated included: (1) **Processing of VimpelCom transactions** linked to the Uzbekistan Karimova case (case Uzbekistan CBU (2024), $850M in telecom bribes), (2) **Unmonitored PEP accounts** including **Suriname President Dési Bouterse** (former military dictator 1980-1987, elected president 2010-2020, convicted of drug trafficking in absentia by Netherlands in 1999 — 11 years prison), (3) **Tax evasion for wealthy European clients**, (4) **Deficient banking services for high-risk clients in Belgium, Luxembourg, Italy, Poland**. The **CEO Ralph Hamers (CEO 2013-2020) resigned** in October 2020 but continued with responsibilities at UBS Group (CEO UBS from November 2020 to April 2023 — controversial appointment given the ING DPA). The regulatory action of **De Nederlandsche Bank (DNB)** and **Autoriteit Financiële Markten (AFM)** continued with subsequent investigations. The case drove the reform of the **Dutch AML Act 2018** aligning with the EU's 4th/5th AMLD.

October 21, 2020 AU confirmed

Westpac: AUD 1.3bn (~$919M) in 2020, the largest civil penalty in Australian history

On October 21, 2020, the Federal Court of Australia ordered Westpac — the country's second-largest bank — to pay AUD 1.3 billion (~USD 919 million) for breaching the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), the largest civil penalty in Australian history. Westpac admitted breaching the law on more than 23 million occasions: it failed to report to AUSTRAC, on time, more than 19.5 million International Funds Transfer Instructions (IFTIs) worth over AUD 11 billion over nearly five years, failed to keep records on the origin of funds, and failed to oversee correspondent-banking activity. The case was especially serious because it included failures to monitor payments consistent with child exploitation to Southeast Asia (the Philippines). AUSTRAC CEO Nicole Rose said the penalty reflected the systemic nature of the non-compliance. CEO Brian Hartzer resigned in 2019 when the case broke.

August 8, 2022 US confirmed

US: OFAC sanctions Tornado Cash (2022) — overturned in court and delisted in 2025

On August 8, 2022, OFAC (US Treasury) sanctioned Tornado Cash — an Ethereum cryptocurrency 'mixer' — adding it, along with more than 50 addresses, to the Specially Designated Nationals (SDN) list; it was the first economic sanction against a decentralized-finance (DeFi) protocol. OFAC alleged the service had helped launder more than USD 7 billion, including more than USD 455 million stolen in March 2022 by North Korea's Lazarus Group (the largest known crypto heist at the time). In November 2022 it re-designated the protocol, adding Executive Order 13722 (North Korea). Six users sued Treasury (Van Loon v. Treasury): a Texas district court sided with OFAC in August 2023, but on November 26, 2024 the Fifth Circuit Court of Appeals reversed, holding that Tornado Cash's immutable smart contracts are not 'property' under IEEPA and that OFAC had overstepped its authority. On March 21, 2025, OFAC removed Tornado Cash from the SDN list, while keeping developer Roman Semenov sanctioned under the North Korea program. The case set a precedent on the limits of sanctions against immutable open-source code; separately, co-founder Roman Storm faced a Justice Department criminal case.

December 1, 2010 SI confirmed

Slovenia: the NLB scandal, the state bank that channeled ~1 billion in Iranian funds (Farrokh case)

Slovenia's largest money-laundering case is that of the state-owned bank Nova Ljubljanska Banka (NLB), the country's biggest, through which —according to investigations— nearly 1 billion euros of Iranian origin passed between 2008 and 2010. At the center is Iraj Farrokhzadeh, a dual Iranian-British citizen on Interpol's most-wanted list since 2006, who in December 2008 opened accounts at NLB for his company Farrokh Ltd —registered in the British Virgin Islands— after Swiss banks closed his. Through those accounts, money was moved for the Export Development Bank of Iran (EDBI), placed by the European Union on its sanctions list over its links to the country's nuclear and missile programs and to front companies of the Iranian Defense Ministry. According to the case data, 40 to 50 transactions were made daily —up to 70 million euros a month and more than 30,000 transfers worldwide, some under fake names—, and hundreds of operations were blocked by other countries' anti-money-laundering units. Slovenia's Office for Money Laundering Prevention received a suspicious-transaction report in June 2010. The Bank of Slovenia ordered the transactions banned in December 2010, but NLB took nine days to implement the order, which let Farrokhzadeh move the operation to Russian banks. The matter, which broke publicly around 2017 through a parliamentary inquiry and amid the bank's privatization —it had been nationalized in the 2013 bailout—, was marked by a strong political controversy between the then-governing left and the right-wing opposition; despite the investigations by the prosecution and the anti-money-laundering office, there were no convictions and most charges were dropped. Supervision rests with the Bank of Slovenia and the Office for Money Laundering Prevention, with Slovenia a member of the EU and of MONEYVAL.

January 18, 2023 HK confirmed

Hong Kong/Macau: Suncity dismantled — Alvin Chau 18 years prison for VIP gambling junket (Jan 2023)

On January 18, 2023, Alvin Chau Cheok Wa (president and founder of Suncity Group, largest VIP gambling junket company in pre-2022 Macau) was sentenced to 18 years prison by Macau Court of First Instance on 162 charges including: organizing gambling syndicate, massive fraud, money laundering, illegal casino operation. Suncity Group operated as VIP junket — operators taking Chinese high-rollers to Macau via offshore credit (traditional vector for Chinese capital flight), also operated illegal online casinos in Philippines, Vietnam, Cambodia. Scheme documented by OCCRP + Reuters investigation revealing $1+ billion in bribes and Chinese offshore capital movement. Suncity Group completely liquidated between 2022-2023, marking end of VIP junket era in Macau (40%+ gambling revenues pre-2022). HKMA + SFC + JFIU supervise the Hong Kong banking sector under AMLO Cap. 615 (2012). Hong Kong (7.4M inhabitants, $360 billion GDP) is one of Asia's largest financial centers alongside Singapore. Post-2020 (National Security Law imposed by Beijing), Hong Kong has seen massive capital flight ($500+ billion documented by HKMA + IMF).

November 28, 2022 US confirmed

US: BlockFi bankruptcy Nov 2022 — $100M SEC settlement (first crypto lending) + FTX exposure

**BlockFi** (crypto lending platform, CEO **Zac Prince**) had two key moments: **(1)** In **February 2022**, it agreed to a **historic $100 million settlement with the SEC + 53 state regulators** ($50M SEC + $50M states) — the **first major enforcement against a crypto lending product** ('BlockFi Interest Account' BIA, deemed an unregistered security), setting the regulatory precedent later applied to Celsius, Voyager, Genesis. **(2)** On **November 28, 2022**, BlockFi declared Chapter 11 bankruptcy after the FTX collapse (November 2022) — BlockFi had **massive exposure to FTX/Alameda Research** (it had received a $400M bailout from FTX in July 2022 + had collateral at FTX + loans to Alameda) — a domino effect of the crypto winter. BlockFi users were trapped; bankruptcy distributions began 2023-2024 (~$1B+ partially recovered). The case is part of the **2022 crypto lending collapse cluster** (Celsius, Voyager, 3AC, Genesis) catalyzed by Terra/Luna + FTX. BlockFi was backed by prominent venture capital (Peter Thiel's Valar Ventures, Galaxy Digital). The case reinforced SEC scrutiny of 'crypto yield products' as unregistered securities.

July 7, 2023 CN confirmed

Ant Group: CNY 7.123bn (~$1bn) from the PBOC in 2023, one of China's largest fintech fines

The People's Bank of China (PBOC) fined fintech giant Ant Group (蚂蚁集团) and its units CNY 7.123 billion (~$1 billion) in July 2023 for breaches including money-laundering-prevention failures, among other payment and consumer-protection violations. It was one of the two mega-fines that drove China's total AML penalty amount up 798% that year (CNY 52.2 billion across 996 fines).

December 6, 2019 SE confirmed

Sweden: Ericsson FCPA $1.06B Dec 2019 — telecom bribery in 5 countries + DPA breach 2023

On **December 6, 2019**, **Telefonaktiebolaget LM Ericsson** (the Swedish telecommunications giant) agreed to pay **$1.06 billion USD** (DOJ + SEC) to resolve FCPA charges for a **long-standing bribery scheme in at least 5 countries**: China, Djibouti, Vietnam, Indonesia and Kuwait, during 2000-2016. Ericsson used consultants, bribes to officials, creation of slush funds, and falsification of books to win telecommunications contracts. The settlement included a **3-year DPA (Deferred Prosecution Agreement) + an independent monitor**. However, the case had a notable twist: in **2023, the DOJ determined that Ericsson had VIOLATED the terms of the DPA** (for not fully disclosing information about its conduct in Iraq, including possible payments to ISIS/Islamic State to operate in areas controlled by the terrorist group, revealed by the 2022 'Iraq scandal') — Ericsson had to **plead guilty + pay an additional $206 million** in March 2023, a rare case of corporate DPA violation. The case is referenced as **one of the largest telecom FCPAs (along with the Uzbekistan cases: TeliaSonera, VimpelCom, MTS)** + an example of the consequences of violating a DPA. Sweden is a FATF founding member.

October 25, 2016 TJ confirmed

Tajikistan: TALCO, state aluminium channeled to offshore companies for the benefit of the presidential circle

The case that symbolizes Tajikistan's financial opacity is that of the Tajik Aluminium Company (TALCO, formerly TadAZ), the country's largest industrial asset and main exporter. Although it is state-owned, much of its profits have for years been channeled, through opaque 'tolling' schemes, to an offshore company in the British Virgin Islands, Talco Management Ltd (TML), so that the state budget barely sees that income. US diplomatic cables leaked by WikiLeaks described the plant as a 'cash cow' for President Emomali Rahmon —in power since 1992— and his family, with most of its revenue in an offshore company controlled by the president. The scale of the scheme came to light, paradoxically, when Rahmon's own government sued former partners in the London courts (the TadAZ case against Ansol and entrepreneur Avaz Nazarov, 2005-2008), one of the most expensive cases in the history of the London High Court, which ended in defeat for TALCO and was settled in November 2008. Later, on October 25, 2016, in what some analysts read as an internal dispute, Tajikistan's own Finance Ministry acknowledged that about USD 1.1 billion —more than 14% of GDP— had been lost between 2010 and mid-2016 through the tolling schemes with TML. Investigations by organizations such as Global Witness and by the authors of 'Dictators Without Borders' place these funds in shell companies for the benefit of members of the presidential family; the official narrative, by contrast, has tended to attribute the irregularities to former managers and foreign partners, portraying the head of state as uninvolved, despite TALCO's management reporting directly to him. Financial supervision rests with the National Bank of Tajikistan (NBT) and its financial monitoring department, with the country a member of the Eurasian Group (EAG).

April 9, 2019 GB confirmed

United Kingdom: Standard Chartered repeat offender — $1.1B 2019 + $667M 2012 = $1.767B total OFAC sanctions

**Standard Chartered plc** (largest British bank operating in emerging markets — Asia, Africa, Middle East) has been subject to two rounds of massive OFAC sanctions: **(1) August 2012**: $667M settlement with DOJ + NY DFS + Federal Reserve + Manhattan DA for violating Iran sanctions during 2001-2007 — processed $250+ billion in U-turn transactions for Iranian clients, using 'wire stripping' (removing Iranian identifiers from wire messages). The NY DFS under Benjamin Lawsky described Standard Chartered as **'a rogue institution'** and nearly suspended its NY banking license (very controversial decision among federal regulators). **(2) April 2019**: **$1.1 billion settlement** coordinated by DOJ + OFAC + UK FCA + Federal Reserve + NY DFS + Manhattan DA for **repeat Iran sanctions violations + new Burma, Cuba, Sudan and Zimbabwe violations between 2007-2014** — including $437M identified transactions. **Standard Chartered is a classic repeat offender**: the pattern of violations continued EVEN AFTER the 2012 DPA, in direct violation of the agreement. UK FCA imposed **£102M fine ($133M) — the second largest FCA fine in history** (£40M deferred subject to future compliance). Key facts: Iranian clients with accounts in Gulf branches (Dubai, Bahrain) and wire transfers via Standard Chartered NY using 'manual stripping' (manual removal of SWIFT message); 'walk-in customer business' allowed for UAE-Iran clients without sanctions check. **Bill Browder** (Hermitage Capital, already designated) accused Standard Chartered in 2020 of processing funds from the **Russian Treasury fraud Magnitsky case** ($230M, case Magnitsky Russia (2009) in this tracker) — investigation continues.

May 24, 2022 CH confirmed

Switzerland: Glencore pleads guilty FCPA + $1.1B settlement (May 2022) — 7-country bribes + commodity manipulation

On **May 24, 2022**, **Glencore plc** (world's largest commodity trader, headquartered in Baar, Switzerland, LSE-listed) agreed to **pay $1.1 billion USD** in penalties coordinated with DOJ ($428M), CFTC ($486M), UK SFO ($315M GBP converted + £282M Nov 2022 sentence), Brazilian Federal Police ($39M), Swiss OAG ($2M), Dutch Public Prosecutor — **one of the largest FCPA settlements in history** (surpassed only by Goldman 1MDB $2.9B 2020). **Glencore International AG** (Swiss subsidiary) **pleaded guilty** for **conspiracy to violate FCPA**. Facts: during 2007-2018, Glencore paid **$100+ million in bribes** to government officials in **7 African and Latin American countries**: **Nigeria** (NNPC Nigerian National Petroleum Corp), **Cameroon** (SNH Société Nationale des Hydrocarbures), **Democratic Republic of Congo** (Gécamines), **Venezuela** (PDVSA), **Côte d'Ivoire**, **Brazil** (Petrobras), **Equatorial Guinea**. Additionally, Glencore **manipulated oil and gasoline markets** during 2011-2019, generating $100M+ in illicit profits via 'wash trades' and benchmark manipulation. Convicted co-defendants: **Anthony Stimler** (UK SFO, 32 months prison), **Andrew Gibson** (US, 24 months), **Paul Hopkins** (US, cooperator), **Anthony Hayward** (former oil head, cooperator), among others. The case is **emblematic** of the **role of commodity traders** (Glencore, Vitol, Trafigura, Mercuria) in endemic corruption of extractive sectors in Sub-Saharan Africa and Latin America. **Vitol** has also paid $164M in 2020 in FCPA, **Trafigura** $127M in 2024.

October 1, 2013 US confirmed

US: Silk Road darknet $1.2B — Ross Ulbricht life sentence 2015, pardoned by Trump Jan 2025

On **October 1-2, 2013**, the FBI arrested **Ross Ulbricht** (alias 'Dread Pirate Roberts' / DPR) in a San Francisco public library, dismantling **Silk Road** — the **first and most notorious darknet marketplace in history**, operating on the dark web (Tor) since 2011. Silk Road facilitated **~$1.2 billion USD in sales (9.5M BTC in transactions)** of illegal drugs, fake documents, hacking tools, and other illicit goods, using **Bitcoin as the exclusive payment method** (the first major criminal 'use case' of Bitcoin, which catalyzed the early crypto-cybercrime association). Silk Road charged 8-15% commissions as escrow. Ulbricht was **convicted in February 2015** on 7 charges (narcotics conspiracy, money laundering, computer hacking, continuing criminal enterprise 'kingpin') — **sentenced to DOUBLE LIFE WITHOUT PAROLE + 40 years** in May 2015 (SDNY, Judge Katherine Forrest), one of the most severe sentences for non-violent crimes in US history (although the case included unproven murder-for-hire allegations). The US government **seized ~144,000 BTC** from Silk Road (sold in US Marshals auctions 2014-2015 + later, valued in billions at current prices). The Silk Road case generated a **libertarian 'Free Ross' movement** (family + Bitcoin community argued disproportionate sentence). **On January 21, 2025, President Trump granted Ross Ulbricht a full presidential pardon** (campaign promise to the crypto/libertarian community), freeing him after ~11 years in prison. The case is referenced as **the foundational darknet markets case + crypto criminal use + the debate on cybercrime sentencing**. Later darknet markets (AlphaBay, Hansa, Dream Market, etc.) followed the Silk Road model.

September 15, 2024 BD confirmed

Bangladesh: BFIU freezes $1.25B from 366 individuals post-fall of Hasina government in August 2024

After the fall of Sheikh Hasina's government on August 5, 2024 due to a student-popular revolution, the Bangladesh Financial Intelligence Unit (BFIU) executed the largest account freeze in the country's history: Tk 15,000 crore (~$1.25 billion) over 366 individuals and entities linked to the former government, including Sheikh Hasina herself, Awami League leaders and the S Alam Group (a business conglomerate whose leaders allegedly laundered funds through major commercial banks). The legal framework is the modified Money Laundering Prevention Act (MLPA) 2012 and the Anti-Terrorism Act 2009. In 2025, the United Kingdom additionally froze £185-260M in Bangladesh-linked assets (the largest UK freeze ever linked to a South Asian country). Transparency International Bangladesh estimates the country loses $12-15B annually to laundering since 2010. Global Financial Integrity estimated USD 61.6B in illicit outflows between 2005-2014. The BFIU, established as the Anti Money Laundering Department in 2002 and renamed in 2012, is Bangladesh's FIU and part of the Asia/Pacific Group on Money Laundering (APG).

July 5, 2022 US confirmed

US: Voyager Digital $1.3B bankruptcy Jul 2022 — 3AC default + FDIC false claims + FTC $1.65B

On **July 5, 2022**, **Voyager Digital** (crypto brokerage/lending platform, listed on Toronto TSX, CEO **Stephen Ehrlich**) declared Chapter 11 bankruptcy with ~$1.3 billion deficit — a direct victim of the **Three Arrows Capital (3AC)** collapse, to which it had lent **$670 million uncollateralized** (one of the most reckless loans of the crypto winter). Voyager had ~3.5M users. The **FTC sued Voyager + Ehrlich in October 2023** for **falsely claiming deposits were FDIC-insured** (they weren't — Voyager wasn't a bank) — **$1.65 billion settlement with the FTC** (Oct 2023) + Ehrlich agreed to a ban on handling consumer assets. Voyager was **acquired by Binance.US in a bankruptcy auction** but the deal collapsed after regulatory objections (CFIUS) — users recovered ~35% via crypto distributions 2023-2024. The case, along with Celsius/3AC/BlockFi, defined the **crypto lending fraud model of the 2022 crypto winter** + set precedent on **FDIC insurance misrepresentation in crypto**. SEC + CFTC + NYAG + 7 state regulators parallel actions.

April 15, 2019 IT confirmed

Italy: UniCredit pays ~$1.3B in 2019 for violating US sanctions on Iran, Libya, Sudan, Syria

The Federal Reserve Board fined UniCredit and two subsidiaries $158 million in April 2019 for 'unsafe practices' linked to inadequate sanctions compliance controls, while the US Treasury announced three parallel settlements totaling $611 million with UniCredit in Germany, Austria and Italy. The cumulative total, including a final payment to OFAC, reached approximately $1.3 billion (~€1.2 billion). The case revealed systematic 'wire stripping' practices —the compliance team removed payment details to protect the anonymity of beneficiaries in sanctioned countries—. Between 2006 and 2011, Iranian shipping line IRISL Group made 1,319 payments totaling $75 million. UniCredit Bank AG (the German subsidiary) pleaded guilty to criminal conspiracy in a US federal court.

January 1, 2022 AU confirmed

Australia/global: HyperVerse/HyperFund $1.3B+ global Ponzi — Sam Lee/Ryan Xu (founders charged 2024)

**HyperVerse** (and its predecessor **HyperFund**, also known as HyperTech/HyperCommunity) was a **global cryptocurrency Ponzi/pyramid scheme of more than $1.3 billion USD** that operated between 2020-2022, attracting victims in dozens of countries (especially the US, Australia, UK, India, Africa). Founded by Chinese-Australian **Sam Lee (Aijun Li) and Ryan Xu (Qiao Xu)** — who had already been linked to the collapsed Blockchain Global —, HyperVerse promised returns of **0.5-1% daily** (impossible returns, ~300% annually) supposedly generated by 'crypto mining' and company operations, with an MLM recruitment commission structure. The scheme was notorious for presenting a **'CEO' named 'Steven Reece Lewis' who turned out to be completely fictitious** (a hired actor, with no verifiable real existence) — a detail that became emblematic of the fraud. Regulators in **at least 8 countries issued warnings** (including Australia's ASIC, the UK's FCA, and authorities in New Zealand, Germany, Hungary, etc.). In **2024, the US SEC + DOJ filed charges** against Sam Lee (fraud) and arrested a key promoter (Rodney Burton 'Bitcoin Rodney'). Sam Lee faces charges; his whereabouts have been the subject of a search. The case is referenced as **one of the largest global crypto Ponzis (along with OneCoin, BitConnect, PlusToken) + the example of the 'fake CEO'**. Australia is supervised by ASIC + AUSTRAC. Australia is a FATF + APG member.

December 21, 2017 CD confirmed

DR Congo: Dan Gertler Magnitsky SDN Dec 2017 — $1.36B Congo lost + Glencore $1.1B settlement + Kabila era

On **December 21, 2017**, **Dan Gertler** (Israeli businessman, grandson of the Israel Diamond Exchange founder, operating in DR Congo since 1997) was **designated SDN by OFAC under the Global Magnitsky Act** — one of the paradigmatic mining sector corruption cases in Africa. Gertler was documented (by The Sentry, Global Witness, IMF) as the **key mining corruption intermediary under Joseph Kabila's regime** (DR Congo President 2001-2019). Scheme: Gertler used his **close relationship with Kabila** to acquire mining rights (copper + cobalt — DR Congo has **70% of world cobalt reserves**, critical for EV batteries) at **dramatically undervalued prices from the Congolese state**, then resell to mining majors (Glencore, ENRC, etc.) with enormous margins. An **Africa Progress Panel study (Kofi Annan, 2013) documented that DR Congo lost ~$1.36 billion** in 5 mining deals 2010-2012 sold to Gertler-linked offshore companies (BVI) at a fraction of market value. **Glencore plc** (Anglo-Swiss mining giant) **paid $1.1 billion in settlements (DOJ + UK SFO + Brazil + Swiss) in 2022** for a bribery scheme that included payments to Gertler intermediaries for DRC + Nigeria + Venezuela + others (the Glencore case is one of the largest mining FCPA cases). After the 2017 Magnitsky designation, Gertler faced **global asset freezes** — but controversially, in **January 2021 (last day of Trump 1.0), OFAC granted Gertler a special license** (revoked by Biden March 2021 after outcry from NGOs + Congress). Gertler has negotiated asset return agreements with the government of **Félix Tshisekedi** (DR Congo President since 2019, Kabila's successor) — controversial 2022 deal. DR Congo (100M inhabitants, capital Kinshasa) — the financial sector is supervised by the BCC (Banque Centrale du Congo) + CENAREF (FIU). It is a GABAC + COMESA member. DR Congo is one of the world's richest countries in natural resources but among the poorest (paradigmatic resource curse).

June 1, 2014 TD confirmed

Chad: the Déby regime's 'oil curse', from the future-generations fund to Glencore's secret payments

The illicit-finance story that defines Chad is the capture of its oil revenue by the regime of Idriss Déby, who ruled the country from 1990 to 2021. The Chad-Cameroon pipeline project, backed by the World Bank in the early 2000s, was presented as a model of transparency: most of the crude revenue was to go to poverty reduction and a 'future generations fund'. But in December 2005 Déby overhauled the Petroleum Revenue Management Law, eliminated that fund and diverted resources to 'security' and weapons; the World Bank suspended its loans and froze Chad's assets before an interim agreement in 2006. Years later, in June 2014, the state oil company contracted a roughly 1.4-billion-dollar oil-backed loan with commodity trader Glencore —to buy back oilfields from Chevron— to be repaid through direct deductions from oil shipments. When prices crashed, Chad ended up handing over almost all its production to Glencore, precipitating a debt crisis, harsh cuts (university fees doubled, the health budget halved) and an IMF bailout. Déby himself called the deal a 'fool's bargain' and publicly questioned whether illegal commissions had been paid. A journalistic investigation revealed in 2024, from leaked documents, that Glencore had allegedly secretly paid millions of dollars to a middleman who officially represented Chad in the negotiations but was working for the company, through an opaque offshore vehicle; in parallel, an agent linked to those dealings was sentenced to three years in prison for bribing Chad's ambassador to the US. Financial supervision rests with the Bank of Central African States (BEAC), the National Financial Investigation Agency (ANIF) and the regional body GABAC, with Chad a member of CEMAC.

March 12, 2015 DE confirmed

Commerzbank: $1.45bn in 2015 for moving money for Iran, Sudan and Myanmar

On March 12, 2015, Commerzbank — Germany's second-largest bank — agreed to pay USD 1.45 billion to federal and New York authorities (DOJ, NYDFS, Federal Reserve, OFAC and the Manhattan DA) to resolve parallel investigations into its New York branch. On one hand, it violated US sanctions against Iran, Sudan, Cuba and Burma through 'wire-stripping' — deleting the identity of clients in payment messages — to process some 60,000 US-dollar clearing transactions worth more than USD 253 billion between 2002 and 2008. On the other, 'acute' deficiencies in its anti-money-laundering (BSA) program turned the branch into a conduit for more than USD 1 billion of the accounting fraud at Japan's Olympus (which hid about USD 1.7 billion in losses). The bank entered a three-year deferred prosecution agreement (DPA) with the DOJ; five employees — including the former head of compliance for the New York branch — were fired or resigned. The case was part of the wave of sanctions penalties on big European banks (BNP Paribas paid a record USD 8.9 billion in 2014).

January 7, 2009 IN confirmed

India: Satyam $1.5B fraud Jan 2009 — Raju confessed ('India's Enron') + 7 years prison

On **January 7, 2009**, **Ramalinga Raju** (founder and CEO of **Satyam Computer Services**, then India's fourth-largest IT company, with ~50,000 employees, NYSE-listed as ADR) sent a letter to the board **confessing a massive accounting fraud of ~$1.5 billion USD (₹7,136 crore)** — one of the largest corporate scandals in India's history, immediately dubbed 'India's Enron'. The confession revealed that **94% of Satyam's reported 'cash' (₹5,040 crore of ₹5,361) was fictitious** — Raju had inflated the balance sheets for years with fake accounts, non-existent customers, and fabricated income to meet market expectations, a scheme he compared to 'riding a tiger, not knowing how to get off without being devoured'. The auditing firm **PwC India** was strongly implicated (its affiliate was banned from auditing listed companies in India for 2 years; PwC paid **$25.5M in settlement to the SEC in 2011**, the first PCAOB case against a Big Four in India). **Raju + 9 executives were sentenced in 2015 to 7 years in prison** + fines. Satyam was rescued via forced acquisition by **Tech Mahindra** (Mahindra Group) in 2009 + renamed Mahindra Satyam. The case transformed corporate governance in India: it accelerated the **Companies Act 2013** (massive reforms), the creation of the **SFIO (Serious Fraud Investigation Office)**, and the tightening of SEBI. India is a FATF + APG member.

July 6, 2023 SG confirmed

Singapore/China: Multichain $1.5B collapse Jul 2023 — CEO Zhaojun arrested in China (hidden centralization)

In **July 2023**, **Multichain** (formerly Anyswap, one of DeFi's largest cross-chain bridge protocols, connecting 90+ blockchains) collapsed with **~$1.5 billion USD in user funds frozen/lost** — one of the largest DeFi collapses of 2023. The protocol advertised itself as decentralized, but reality exposed a **hidden and catastrophic centralization**: the Chinese CEO known as **'Zhaojun' (Zhao Jun)** personally controlled the keys of the servers operating the bridge. When Zhaojun was **arrested by Chinese police in May 2023** (Chinese authorities seized his devices + control of the wallets), the protocol became inoperable — funds began moving anomalously in July 2023 (possibly by Chinese authorities or third parties with access). Zhaojun's sister was also arrested. Multichain **announced its definitive closure**, leaving users and integrated protocols (including Fantom Foundation, which had massive exposure) with enormous losses. The case is paradigmatic of the **risk of 'theatrical decentralization'** — protocols that present themselves as decentralized but have hidden single points of failure. It also illustrates the regulatory/jurisdictional risk of DeFi projects operated from China (where crypto is banned). It reinforces the pattern of **cross-chain bridges as DeFi's riskiest component**.

December 15, 2008 DE confirmed

Germany: Siemens $1.6B FCPA settlement Dec 2008 — $1.4B global bribes (modern foundational FCPA case)

On **December 15, 2008**, **Siemens AG** (German industrial conglomerate, Munich, one of the world's largest) agreed to pay **$1.6 billion USD in combined settlement** — $450M DOJ criminal + $350M SEC disgorgement + €395M ($569M) German Munich Prosecutor + smaller — **the largest FCPA (Foreign Corrupt Practices Act) settlement in history to that point** and foundational case of the modern FCPA enforcement era. The investigation revealed that Siemens had operated **a systematic and global bribery system** between 2001-2007: **$1.4 billion in bribes paid** to government officials in **dozens of countries** to win contracts — the scheme included physical 'cash desks' in Siemens offices (employees withdrew up to €1M cash in briefcases), shell companies, fake 'consulting agreements', slush funds in Swiss/Liechtenstein/Dubai accounts. Documented cases: **Argentina** (national ID cards $1B contract, bribes to Menem + De la Rúa government), **Bangladesh** (mobile telephone), **Venezuela** (metro projects), **China** (medical equipment + transmission lines), **Israel** (power plants), **Iraq** (UN Oil-for-Food kickbacks), **Nigeria** (telecom), **Russia** (traffic systems), **Mexico** (refinery), **Vietnam, Italy, Greece (Siemens Hellas Olympics 2004)**. The case was catalyzed by **German tax investigation 2006** + raids at Munich HQ November 2006. **Heinrich von Pierer** (CEO 1992-2005, then Chairman) forced to resign + civil settlement. **Klaus Kleinfeld** (CEO 2005-2007) resigned. **Reinhard Siekaczek** (mid-level executive, cash desk manager) became key witness, sentenced suspended Germany 2008. **Uriel Sharef** (board member) first DAX company board member charged by SEC 2011. Siemens implemented **one of the most extensive corporate compliance reforms in history** ($1B+ invested) + became a Harvard Business School case study. The case is **referenced as the start of the modern era of aggressive FCPA enforcement** (before Siemens, settlements were typically <$50M).

October 14, 2011 JP confirmed

Japan: Olympus $1.7B fraud Oct 2011 — Woodford whistleblower + Kikukawa convicted

On **October 14, 2011**, **Olympus Corporation** (the Japanese optical/medical equipment giant, founded in 1919) abruptly fired its new British CEO **Michael Woodford** just 2 weeks after his appointment — an unprecedented event in Japanese corporate culture. What was revealed afterward: Woodford had **discovered and questioned suspicious payments of $1.7 billion USD** that Olympus had made in advisory fees (~$687M to an unknown advisor in the Cayman Islands for the acquisition of Gyrus, a British medical equipment company) + acquisitions at inflated prices of three small Japanese companies (~$773M). The Olympus board had voted to silence Woodford. Woodford became a **public whistleblower**, took evidence to the British SFO, FBI and the Financial Times — unleashing one of Japan's biggest corporate scandals. The investigation revealed that Olympus had used those payments to **hide investment losses from the 1990s ('tobashi' scheme)** for **~13 years** — a 'loss deferral' scheme to keep books clean, known and approved by successive presidents. Former chairman **Tsuyoshi Kikukawa + Hisashi Mori + Hideo Yamada were convicted in 2013** (Kikukawa: 3 years, suspended sentence — controversial as considered lenient). Olympus paid fines + faced lawsuits. Woodford received a £10M settlement. The case revealed the problems of **corporate governance in Japan** (passive board, lack of independent directors, culture of silence) + catalyzed reforms (Stewardship Code, Corporate Governance Code 2014-2015). Japan is a FATF + APG member.

December 11, 2012 GB confirmed

HSBC: $1.9bn in 2012 for enabling Mexican cartel money laundering

The US Treasury announced in 2012 the largest bank settlement in its history at the time: over $1.9 billion with HSBC for Bank Secrecy Act and sanctions violations. The bank's AML compliance failures allowed hundreds of millions of dollars from Mexican drug-trafficking organizations to flow through US accounts. Under Secretary David Cohen called the conduct willful and dangerous.

April 22, 2021 TR confirmed

Turkey: Thodex $2B exit scam Apr 2021 — Özer 11,196 years prison (world record sentence)

On **April 22, 2021**, **Thodex** (one of Turkey's largest cryptocurrency exchanges) abruptly collapsed when its founder and CEO, **Faruk Fatih Özer (27)**, **fled the country to Albania** taking an estimated **$2 billion USD** in funds from **~400,000 users** — one of the largest crypto exit scams in history. Thodex suddenly ceased operations, claiming a false 'sale to investors' and technical problems, while Özer boarded a flight to Tirana with suitcases. The collapse occurred in the context of a **crypto boom in Turkey** driven by the very high inflation of the Turkish lira (Turks bought crypto as a store of value). The Turkish government issued an arrest warrant + Interpol Red Notice. **Özer was arrested in Albania in August 2022, extradited to Turkey in April 2023**, and tried. In **September 2023, a Turkish court sentenced Faruk Fatih Özer to 11,196 years in prison** (along with his brother and sister, also sentenced to the same term) — one of the **longest prison sentences ever imposed in the world** (Turkish courts add penalties for each victim/charge). The case is referenced as **Turkey's largest crypto fraud + the most extreme crypto sentence in history** + an example of the risk of unregulated exchanges in emerging markets with high crypto adoption. Turkey entered the **FATF grey list (Oct 2021)**, exited June 2024. Turkey is a FATF member + MENAFATF observer.

October 8, 2025 KH confirmed

Cambodia/US: Huione Group FinCEN Section 311 Oct 2025 + 146 Prince Group Chen Zhi designations

On October 8, 2025, FinCEN designated Huione Group (Cambodia) under Section 311 of USA PATRIOT Act as 'primary money laundering concern' — first time since Banco Delta Asia (2005, case DPRK Banco Delta Asia (2005)). Huione Group including Huione Pay, Huione Crypto and Huione Guarantee (escrow), documented by blockchain analysts (Elliptic, TRM Labs) as one of main hubs for: (1) DPRK Lazarus Group laundering (including $1.5B Bybit hack Feb 2025, largest crypto heist in history), (2) Pig-butchering scam compounds in Cambodia, Myanmar (Karen State, Shan State), Laos (Bokeo Province SEZ), Philippines border zones — where thousands of people are kidnapped in modern slavery conditions to operate massive scams. UK, EU, Switzerland and Singapore have implemented parallel sanctions. On October 14, 2025, OFAC designated 146 additional entities of Prince Group (Chen Zhi, Cambodian-Chinese citizen, majority shareholder of Royal Group of Cambodia linked to PM Hun Sen + Hun Manet). The case is the largest crypto/AML enforcement of the 21st century ($2+ billion documented). ASEAN AML + APG launched pan-Asian initiative 2025 to combat scam compounds.

October 14, 2025 KH confirmed

Cambodia: Huione Group severed from US financial system by FinCEN + designated TCO by OFAC in Oct 2025

On October 14, 2025, FinCEN issued the final rule severing Huione Group (Cambodian conglomerate of banks, crypto exchanges and payment services) from the US financial system, requiring US financial institutions not to process transactions of correspondent accounts involving Huione. In parallel, OFAC designated Huione Group as a Transnational Criminal Organization (TCO) under Executive Order 13581, sanctioning 146 targets associated with the company. Treasury described Huione as a 'central financial conduit' for Southeast Asia's scam industry, including networks overlapping with Prince Group (also designated the same day as TCO). Specific allegations include: laundering proceeds from 'pig butchering' scams (romantic-financial deception), ransomware linked to the Chen family, facilitation of cybercrime, and links to Myanmar's military dictatorship through Shwe Kokko. It is the broadest TCO designation executed in 2025 and the first 311 final rule (PATRIOT Act) against a Southeast Asian crypto group.

July 17, 2014 CY confirmed

Cyprus: FBME Bank FinCEN Section 311 Jul 2014 — Hezbollah/Syria/Russia laundering + bank liquidation

On **July 17, 2014**, FinCEN designated **FBME Bank Ltd** (Federal Bank of the Middle East, registered in Tanzania but operating primarily from Cyprus — Nicosia) under **Section 311 of USA PATRIOT Act** as 'primary money laundering concern'. It is one of the **few Section 311 designations issued in history** (among Banco Delta Asia 2005, ABLV Latvia 2018 case ABLV FinCEN 311 (2018), and Huione Group 2025). FinCEN documented that FBME had facilitated **at least $2 billion in suspicious transactions** and operated as a laundering vehicle for: **(1) Hezbollah financing** (documented transactions with linked entities); **(2) Syria sanctions evasion** (Bashar al-Assad regime + sanctioned Syrian Scientific Studies and Research Center SSRC, chemical weapons producer); **(3) Russian + transnational organized crime**; **(4) terrorist financing**; **(5) a client that was a front company for a Hezbollah agent**. FBME was owned by **Lebanese brothers Ayoub-Farid and Fadi Saab**. The bank operated ~$2 billion in deposits, 90% non-resident. After the designation, the **Central Bank of Cyprus took control of FBME (resolution) + revoked its license in 2015**, ordering liquidation. The Saab brothers litigated extensively (US courts, Cyprus, international arbitration) alleging unfair process — FBME won some procedural victories (US court remanded FinCEN 2015-2017 on procedure) but the bank was already liquidated. The case is paradigmatic of **Cyprus as a hub of Russian + Middle East flight capital pre-2013** (Cyprus had its own banking crisis 2013 — depositor bail-in of Laiki Bank + Bank of Cyprus, €10B Troika bailout, massive Russian deposits). The Central Bank of Cyprus + MOKAS (FIU) supervise. Cyprus is a MONEYVAL member + EU since 2004 + Eurozone since 2008.

December 13, 2023 DK confirmed

Danske Bank: the ~€200bn Estonian scandal and a fraud guilty plea

Danske Bank pleaded guilty to bank fraud related to money laundering over the infamous scandal at its Estonian branch, where some €200 billion in suspicious transactions were processed between 2007 and 2015. The resolution with US and Danish authorities was around $2 billion. Danish authorities maintained additional penalties in later years.

April 25, 2023 KN confirmed

Eastern Caribbean: 5 CBI states (KN/DM/GD/VC/AG) Common Standards Apr 2023 + UK visa-free Dominica suspension

The 5 OECS states with CBI programs: Saint Kitts and Nevis (53K, program since 1984 — world's oldest, 50K+ passports sold), Dominica (72K, program since 1993, $100K min — world's cheapest, 25K+ passports), Grenada (113K, program since 2013 + unique US E-2 Treaty Investor Visa pathway), Saint Vincent (104K, no active CBI), Saint Lucia (180K, program since 2015), Antigua and Barbuda (97K, program since 2013). Programs generated ~$2B+ revenues 2010-2024. In April 2023, the 5 states signed 'Principles for Common Standards in CBI Programmes' under US/EU pressure: reinforced due diligence, prohibition of sale to sanctioned Russian/Iranian/Syrian citizens, background checks, minimum pricing harmonization. UK suspended visa-free for Dominica + Vanuatu 2023. ECCB supervises the OECS banking sector (East Caribbean Dollar XCD pegged 2.70:1 to USD).

June 25, 2020 DE confirmed

Germany: Wirecard case — €1.9B nonexistent + Markus Braun arrested + Marsalek fugitive in Moscow

On **June 25, 2020**, Wirecard AG (German payment processor based in Munich, DAX member since 2018) declared bankruptcy after admitting that €1.9 billion ($2.1 billion USD) in cash reported on its financial statements (a quarter of its assets) probably never existed. It is **the largest financial scandal in German post-war history** (according to then-Finance Minister and current Chancellor Olaf Scholz). CEO **Markus Braun** was arrested on June 23, 2020 (released on €5M bail, then re-arrested in July 2020). COO **Jan Marsalek** (Austrian) escaped via private jet from Austria to Belarus on June 18 and, **according to German Bild and Financial Times, lives in Moscow under Russian FSB protection**. The investigation revealed: fake revenues generated via fictitious Third-Party Acquirers (TPAs) in Dubai (Al Alam), Singapore (Senjo) and Philippines (PayEasy); payment infrastructure used for intelligence (BND, BKA operations, and foreign services — Wirecard issued 'non-attributable prepaid cards' for agents); connections with Wagner Group, RSB, and 'cash-for-crypto' network that in 2025 was revealed by UK National Crime Agency. **Beyond accounting fraud** (€3.1 billion in loans lost by banks), Wirecard functioned as a **financial conduit for global intelligence operations**. EY (auditor for 10 years) faced extensive scrutiny. BaFin (German regulator) was widely criticized for protecting Wirecard despite Financial Times allegations since January 2019. The Munich trial began in December 2022 with Braun + von Erffa + Bellenhaus (the latter cooperation witness). Indictment: 474 pages. In 2025-2026, new UK investigations connect Marsalek with 'cash-for-crypto' laundering network for British organized criminals and sanctioned Russian elites.

March 10, 2015 AD confirmed

Andorra/Spain: FinCEN Section 311 against BPA in Mar 2015 — collapses Banca Privada and Banco Madrid

On March 10, 2015, FinCEN designated Banca Privada d'Andorra (BPA), the fourth-largest Andorran bank with €1.79 billion in assets, as a 'foreign financial institution of primary money laundering concern' under Section 311 of the USA PATRIOT Act. FinCEN found that high-level bank managers had knowingly facilitated transactions for third-party launderers acting on behalf of transnational criminal organizations, with clients from China, Russia and Venezuela. That same day the Bank of Spain intervened in its Spanish subsidiary Banco Madrid; on March 12 its entire board resigned, on March 14 BPA CEO Joan Pau Miquel Prats was arrested in Andorra, and on March 25 Banco Madrid filed for voluntary insolvency. Standard & Poor's downgraded Andorra's credit rating. A landmark case of Section 311 used against a non-typical target (Russia, Lebanon, Burma) — first designation against a European bank.

December 22, 2020 AO confirmed

Angola: Luanda Leaks ICIJ Jan 2020 — Isabel dos Santos $2.2B empire + dos Santos dynasty (1979-2017)

Angola lived under the José Eduardo dos Santos regime (MPLA, President 1979-2017, 38 years) followed by João Lourenço (MPLA, President since 2017) with visible anti-corruption campaign. **Isabel dos Santos** (daughter of former President, former Africa's richest woman with $3.5B Forbes 2013), was the center of **'Luanda Leaks'** ICIJ investigation published on January 19, 2020 — **715,000 documents** leaked revealing how she built a $2.2 billion empire through preferential contracts with the Angolan government: Sonangol (state oil company — Isabel dos Santos was Chairman 2016-2017 until her dismissal by João Lourenço), Sonangol Cabo Verde, Galp Energia (12.3% stake), Banco BIC Portugal, Unitel telecom, NOS media, ZAP TV, EuroBic Portugal, ENI Angola. Luanda Provincial Court **froze $1+ billion in assets in December 2019**. Portugal, Switzerland, Netherlands, Luxembourg froze Isabel's assets in parallel. Criminal investigations active in Angola, Portugal (Operação 'Operação Marquês' separate but connected to former PM José Sócrates), US (case vs PwC + KPMG). Brother José Filomeno dos Santos ('Zenú', former Chairman Angola Sovereign Wealth Fund FSDEA $5 billion assets) was sentenced to 5 years prison Angola 2020 for embezzlement $500M from FSDEA. BNA and UIF Angola supervise the banking sector under the framework of Law 5/20. Angola is an ESAAMLG member.

October 27, 2023 BG confirmed

Bulgaria: FATF places it on the grey list (Oct 2023) — third EU state, atop the legacy of KTB

On October 27, 2023, the FATF placed Bulgaria on its 'grey list' of jurisdictions under increased monitoring, making it the third European Union state to appear on it (after Malta and Croatia) — a decision seen as a surprise for an EU country, one marked by successive corruption scandals. The move was based on MONEYVAL's (Council of Europe) May 2022 mutual evaluation, which found persistent deficiencies: limited statistical and analytical capacity to assess money-laundering and terrorist-financing risks, and a number of money-laundering investigations and convictions that was low relative to identified risks, especially in cases linked to high-level corruption and organised crime. The FATF asked Bulgaria to close legislative gaps, ensure the accuracy of the beneficial-ownership register, pursue confiscation as a policy objective, conduct parallel financial investigations in all counter-terrorism operations and address gaps in sanctions against proliferation financing. Preventive supervision rests with the Financial Intelligence Directorate of the national security agency (FID-SANS), under the Prevention of Money Laundering Act (PMLA), while banking supervision falls to the Bulgarian National Bank (BNB). These weaknesses are rooted in episodes such as the 2014 collapse of Corporate Commercial Bank (KTB) — the country's largest banking failure, with billions in losses, fraud allegations and questioned BNB supervision. In 2025, the government presented a package of measures to exit the grey list.

August 14, 2025 DO confirmed

Dominican Republic: Operation Antipulpo convicts Alexis Medina, the ex-president's brother, of money laundering (2025)

Operation Antipulpo is the largest corruption and money-laundering case in the Dominican Republic's recent history. Launched with raids on November 28, 2020 by the Specialized Prosecutor's Office for the Prosecution of Administrative Corruption (PEPCA), it pursued a network allegedly headed by Juan Alexis Medina Sánchez, brother of former president Danilo Medina (2012-2020), accused of defrauding the state of more than RD$4.5 billion through a web of companies, influence-trafficking and irregular public contracts — with impact, among others, on the Health Ministry. In August 2025, the Second Collegiate Court of the National District sentenced Alexis Medina to 7 years in prison, finding him guilty of bribery in commerce and investment, money laundering, use of false documents and criminal association, with payment of RD$500 million to the state, confiscation of seized assets and a fine; the judges described corruption that was 'full, absolute and deep.' The ruling acquitted several co-defendants — including his sister Magalys Medina — prompting the prosecution to announce an appeal. The country's financial intelligence unit is the Financial Analysis Unit (UAF), a member of the Egmont Group and active in GAFILAT, while supervision of the financial system rests with the Central Bank (BCRD); the country, a drug-trafficking transit point toward the US and Europe, has strengthened its anti-money-laundering and counter-terrorist-financing (AML/CFT) system in recent years.

January 16, 2018 IN confirmed

India/US: BitConnect $2.4B crypto Ponzi — Satish Kumbhani fugitive (Jan 2018) + Arcaro guilty

On **January 16, 2018**, **BitConnect** collapsed — one of the largest documented cryptocurrency Ponzi schemes pre-OneCoin: **$2.4 billion USD**. BitConnect (launched 2016, founded by **Satish Kumbhani**, Indian citizen) operated a **'lending program'** that promised **returns of up to 40% monthly + 1% daily** (mathematically impossible) supposedly generated by a proprietary 'trading bot' that traded Bitcoin volatility. In reality, it was a **classic MLM Ponzi scheme** — returns were paid with new investors' money, with a pyramidal referral commission structure. The **BCC token (BitConnect Coin)** reached a peak of **$463 (December 2017, top-20 crypto by market cap ~$2.6B)** before collapsing to cents in January 2018 when BitConnect abruptly closed the lending program after cease-and-desist orders from Texas + North Carolina regulators. The case was notorious for its **viral promotion videos** (promoter Carlos Matos's famous 'BitConneeeeect!' at a 2017 conference became a global meme). **Satish Kumbhani** was **charged by DOJ + SEC in 2022** (SDCA, securities fraud + wire fraud + commodities manipulation + conspiracy to launder) — **remains a fugitive, presumably in India**, Interpol involved. The **Indian Enforcement Directorate (ED)** has seized **$190M+ in BitConnect assets in India** (2022-2024). **Glenn Arcaro** (top US BitConnect promoter) **pleaded guilty in September 2021** (wire fraud conspiracy) + cooperated. The case is referenced as **one of the largest and most viral crypto Ponzis pre-OneCoin/FTX**. India (1,430M inhabitants) is supervised by RBI + SEBI + ED + FIU-IND. India is a FATF + APG member.

August 1, 2024 AE confirmed

UAE: FATF grey list exit Feb 2024 + Russia sanctions evasion hub + Sudan gold smuggling $2.5B/year

The **Central Bank of UAE (CBUAE)**, the Financial Intelligence Unit (FIU) and the Securities & Commodities Authority (SCA) supervise the financial sector of the United Arab Emirates under the framework of Federal Law 20/2018 on AML/CFT (amended in 2021, 2023 and 2024). UAE (10M inhabitants, 90% expatriates, $510 billion GDP 2024) is **one of the most important financial hubs in the emerging world** — Dubai in particular has consolidated as regional hub for Persian Gulf, Africa, Central Asia and SE. UAE **exited the FATF grey list on February 23, 2024** after being added in March 2022 (24 months in monitoring). Specific Emirati AML risks are extensive and documented: **(1) Russian sanctions evasion post-Feb 2022** — UAE has become #1 destination for sanctioned Russian oligarchs, with Roman Abramovich's yachts (My Solaris, Eclipse) docked in Dubai 2022-2025, massive mansions in Palm Jumeirah/Emirates Hills, ~$1B in sanctioned real estate documented by C4ADS + EU TFSC. **(2) Sudan gold smuggling** — OCCRP/Global Witness documented that UAE is #1 destination of illegal Sudanese gold ($2.5B/year estimated from Darfur via Dubai DMCC + Sharjah Gold Souk). **(3) DMCC (Dubai Multi Commodities Centre)** — controversial free zone with massive opaque flows. **(4) Hawala global hub** — South Asia + Middle East + Africa flows. **(5) Crypto-friendly post-2022** — VARA (Virtual Assets Regulatory Authority) Dubai 2022 + ADGM. **(6) Real estate boom** — Dubai prices +40% 2022-2024. **(7) Golden visa programs** ($272K real estate investment 10-year visa). The banking sector is concentrated in: First Abu Dhabi Bank (FAB, largest), Emirates NBD, Abu Dhabi Commercial Bank (ADCB), Dubai Islamic Bank, Mashreq Bank. UAE is a MENAFATF founding member.

March 7, 2019 UZ confirmed

Uzbekistan: Gulnara Karimova telecom bribery $1B — TeliaSonera/VimpelCom/MTS $2.6B settlements + prison

**Gulnara Karimova** (eldest daughter of Uzbek dictator Islam Karimov, President 1990-2016 — 26 years; former diplomat, fashion designer 'Guli', pop singer 'GooGoosha', former ambassador to UN Geneva) was the center of **one of the largest telecom bribery cases in history**. Between **2004-2012**, the 3 largest telecom companies operating in Uzbekistan — **TeliaSonera (Sweden/Finland, now Telia Company), VimpelCom (Netherlands/Russia, now VEON), and MTS (Russia, Mobile TeleSystems)** — paid **~$1 billion USD in bribes to Gulnara Karimova** (via Takilant Ltd, Gibraltar shell company + Swiss accounts) to obtain telecom licenses, frequencies and market access in Uzbekistan (32M inhabitants). The settlements: **TeliaSonera $965M (2017, DOJ+SEC+Swedish+Dutch)** + **VimpelCom $795M (2016, DOJ+SEC+Dutch)** + **MTS $850M (2019, DOJ+SEC)** = **~$2.61 billion combined** — some of the largest FCPA settlements in history. **Gulnara Karimova** fell from grace in 2014 (rivalry with her mother Tatyana + sister Lola + Uzbek security services SNB Rustam Inoyatov) — **arrested/house arrest 2014, convicted in Uzbekistan 2017 to 10 years (corruption) + 2020 additional charges = 13 years total**, currently in Tashkent prison. **Switzerland froze ~$800M in Karimova accounts** (partially returned to Uzbekistan 2022-2024 via agreement). The **case is referenced as paradigmatic example of post-Soviet 'crony capitalism' + kleptocracy + telecom sector corruption**. **Islam Karimov died in September 2016** → **Shavkat Mirziyoyev** (President since 2016) has implemented partial reforms + asset returns. The **Central Bank of Uzbekistan (CBU)** supervises the sector. Uzbekistan is an EAG (Eurasian Group, FATF-style regional body) member.

January 7, 2014 US confirmed

US: JPMorgan Chase pays $2.6B for Madoff account 703 (Jan 2014) + total $20+B in fines 2014-2026

On **January 7, 2014**, **JPMorgan Chase & Co** (largest US bank by assets) agreed to pay **$2.6 billion USD** in penalties coordinated with DOJ ($1.7B), OCC ($350M), FinCEN ($461M) for its role in the Madoff case. JPM Chase had been Madoff's main bank for **22 years (1986-2008)**, handling account **703** which processed hundreds of thousands of transactions. Facts: JPM Chase ignored **multiple internal alerts** about the Ponzi nature of the Madoff scheme, including in 2008 (same year as collapse) an internal written report evaluating Madoff's firm as Ponzi. The SAR (Suspicious Activity Report) was submitted to UK authorities but NOT to US FinCEN — key failure. The $2.6B was divided among: $1.7B for forfeiture to DOJ (subsequently distributed to Madoff victims via Trustee Picard), $350M OCC civil money penalty, $461M FinCEN civil money penalty. The **DOJ's 5-year DPA** ended in January 2019. JPMorgan Chase is **the par excellence repeat offender** of the US banking sector: enforcement actions accumulated 2014-2026 include the **'Whale' case (2012, $920M settlement for $6.2B trading London CIO losses)**, **LIBOR manipulation $920M (2015)**, **CDO/securities $13B (2013) — the largest mortgage settlement in US history**, **FX market manipulation $550M (2015)**, **precious metals manipulation $920M (2020) — CFTC record**, **whistleblower retaliation case $200M (2023)**, **Epstein affiliate banking case $290M (2023)**. **Total accumulated fines: $20+ billion (2014-2026)** according to academic research. CEO **Jamie Dimon** (since 2005) has maintained the position despite multiple settlements.

February 13, 2018 LV confirmed

Latvia: ABLV designated FinCEN Section 311 Feb 2018 — DPRK + Iran financing + Latvia AML reform

On **February 13, 2018**, FinCEN designated **ABLV Bank AS** (Latvia, founded 1993, peak 2017 — 3rd largest Latvian bank with $2.7 billion USD in assets, ~120,000 mostly non-resident accounts) under **Section 311 of USA PATRIOT Act** as 'primary money laundering concern' — the most severe designation FinCEN can impose. It is the **second Section 311 issued in 13 years** (after Banco Delta Asia 2005 DPRK Banco Delta Asia (2005), before Huione Group 2025 Huione FinCEN (2025)). FinCEN documented that ABLV: **(1) Facilitated DPRK transactions** — at least **6,000 transactions identified with connections to Korea Mining Development Trading Corporation (KOMID), Foreign Trade Bank of Korea (FTB) and Tanchon Commercial Bank**, all US/UN sanctioned for proliferation finance; **(2) Iran corruption** — massive transactions with companies linked to Iran's Revolutionary Guard Corps (IRGC); **(3) Azerbaijan corruption** — linked to 'Azerbaijani Laundromat' case Azerbaijani Laundromat (2017) (caviar diplomacy, $2.9 billion in 4 years); **(4) Russian flight capital** — massive facilitator of 'Russian Laundromat' case Moldova Russian Laundromat (2014); **(5) Falsified documents** — the institution 'systematically obstructed' supervision and gave false documents to regulators. After FinCEN designation, **ECB rejected immediate Emergency Liquidity Assistance** to ABLV on February 18, 2018, and the bank **announced voluntary liquidation February 26, 2018**. **CEO Ernests Bernis and chairman Olegs Fils** faced criminal charges in Latvia (Fils died in 2024 before sentencing). The case catalyzed **massive AML reform in Latvia 2018-2019**: closure of 2 additional banks (PNB Banka and BlueOrange Bank), declined '90% of non-resident business' from the sector, reinforced FCMC, massive Russian capital exit post-2018, Latvia led by Krišjānis Kariņš (PM 2019-2023). **ECB assumed direct supervision** of major Latvian banks since then. It is **referenced as the paradigmatic case of Russian + DPRK financing post-9/11**.

October 22, 2020 US confirmed

Goldman Sachs: ~$2.9bn to the DOJ over Malaysia's 1MDB scandal (global resolution ~$5bn)

On October 22, 2020, the US Justice Department and the SEC announced a coordinated USD 2.9 billion resolution against The Goldman Sachs Group for violating the Foreign Corrupt Practices Act (FCPA) — the largest FCPA settlement in history. Goldman admitted conspiring to pay more than USD 1 billion in bribes to Malaysian and Abu Dhabi officials between 2009 and 2014 to win the mandate to underwrite about USD 6.5 billion in three bond deals for Malaysia's sovereign fund 1MDB, earning hundreds of millions in fees; its subsidiary Goldman Sachs (Malaysia) pleaded guilty and the parent entered a deferred prosecution agreement (DPA) with the DOJ in the Eastern District of New York. The penalty came on top of the USD 2.5 billion Goldman had already paid Malaysia — about USD 5.1 billion in total — in a resolution coordinated with the Federal Reserve, NYDFS, the UK's FCA and PRA, Singapore and Hong Kong's SFC. The 1MDB scandal, centered on financier Jho Low, is one of the world's largest money-laundering and corruption cases; the DOJ recovered more than USD 1 billion in assets for Malaysia.

September 4, 2017 AZ confirmed

Azerbaijan: Azerbaijani Laundromat 2017 — $2.9B laundered + 70+ European politicians bought

In September 2017, **OCCRP (Organized Crime and Corruption Reporting Project)** along with The Guardian, Süddeutsche Zeitung, Le Monde and Berlingske published the **'Azerbaijani Laundromat'** investigation: a laundering scheme of **$2.9 billion** that operated between 2012-2014. The structure: 4 shell companies registered in the UK (Polux Management, Hilux Services, Metastar Invest, LCM Alliance) opened accounts in **Danske Bank Estonia branch** (case Danske Estonia (2018) in this tracker) that processed payments through more than 16,000 transfers. Beneficiaries: 70+ European politicians co-opted to soften the Aliyev regime image (Ilham Aliyev president since 2003, succeeding his father Heydar Aliyev), including Council of Europe members, German parliamentarians (Karin Strenz, former Bundestag CDU), Italian (Luca Volontè, former EPP, convicted in Italy for accepting €2.4M bribes), Spanish, British. The scheme was known as 'caviar diplomacy' for the luxuries paid to politicians. The Aliyev family controls the Azerbaijani financial sector via **Pasha Holding** (Pasha Bank, owned by Mehriban Aliyeva, First Lady and Vice President, and their daughters Leyla and Arzu Aliyeva). The Central Bank of Azerbaijan (CBAR) regulates the sector. Azerbaijan faces specific AML risks: oil and gas (SOCAR), Turkey-Iran corridor, conflict resolved with Armenia after Nagorno-Karabakh 2023 (Armenian ethnocide according to UN), Aliyev family real estate in London ($800M+ documented). Azerbaijan is a MONEYVAL member.

October 22, 2018 CK confirmed

Cook Islands: global cradle of asset-protection trusts, better rated for AML technical compliance than for effectiveness

The Cook Islands — a small Pacific state in free association with New Zealand — are the world's cradle of asset-protection trusts: since their International Trusts Act of 1989, they designed a framework to shield foreigners' wealth from court claims in their home countries, with a system that does not recognize foreign judgments without re-litigating locally, zero taxation for offshore entities and a confidential registry. That offshore financial sector is both the engine of its economy and its greatest money-laundering vulnerability. In its mutual evaluation, conducted jointly by the Asia/Pacific Group on Money Laundering (APG) and the Group of International Finance Centre Supervisors (GIFCS) and published on October 22, 2018, the country achieved a paradoxical result: one of the best technical-compliance scores in the world — 38 of the FATF's 40 Recommendations rated 'compliant' or 'largely compliant' — but structural deficiencies in effectiveness: the use of financial analysis and the prioritization of money laundering and proceeds of crime by the police, which understated the threats. The report stressed that the most significant risks come from proceeds of crimes generated abroad, channelled (in the 'layering' stage) through the offshore sector — something the 2015 National Risk Assessment had already identified. Supervision rests with the Financial Supervisory Commission (FSC), created in 2003, which absorbed the Financial Intelligence Unit (CIFIU) in 2012 and operates the registry of international companies, trusts and foundations; the legal framework rests on the Financial Transactions Reporting Act 2017 and the Banking Act 2011.

January 18, 2023 MO confirmed

Macao: the fall of 'junket king' Alvin Chau (Suncity) and the laundering of the VIP betting system

The case that defines Macao's money-laundering risk —the world's largest gambling hub— is the fall of Alvin Chau (Chau Cheok Wa), founder of Suncity Group, the territory's largest 'junket' operator. Junkets were the middlemen who brought high-rollers from mainland China to Macao, the only place in the country where casinos are legal, extended them credit and collected their debts; marketing gambling in mainland China is illegal. Arrested in November 2021, Chau was tried alongside some twenty defendants over a web of 'under-the-table' bets worth about HK$824 billion (~USD 106 billion) over eight years, which defrauded Macao's treasury, and for facilitating proxy betting for Chinese customers. On January 18, 2023, the Court of First Instance sentenced him to 18 years in prison for criminal association, fraud and illegal gambling, though it acquitted him of the money-laundering charge for lack of evidence; on appeal, in October 2023, the Court of Second Instance did convict him —along with Suncity's former finance head, Philip Wong— of aggravated money laundering and tripled the compensation to the Macao government to about HK$25.5 billion (~USD 3.2 billion); the Court of Final Appeal later upheld the 18-year sentence. Known in Cantonese as 'Wash Rice Wa', a nickname playing on the euphemism for laundering money, Chau denied running illegal gambling or laundering, argued his Philippines business was locally authorized and said he did not understand why Suncity was deemed a criminal organization. His downfall, alongside that of the second major operator, Levo Chan (Tak Chun), dismantled the junket system amid Xi Jinping's anti-corruption drive. Supervision rests with the Monetary Authority of Macao (AMCM) and the Financial Intelligence Office (GIF), with Macao a member of the APG. The territory had already featured a historic money-laundering landmark: in 2005, the US Treasury designated Banco Delta Asia a 'primary money-laundering concern' for channeling North Korean funds.

October 10, 2024 US confirmed

TD Bank: $3.21bn — the largest AML penalty in US history, with a criminal guilty plea

In October 2024, TD Bank agreed to pay around $3.21 billion (DOJ, FinCEN, OCC and Federal Reserve) and pleaded guilty to conspiracy to violate the Bank Secrecy Act and money laundering: the largest AML penalty in US history and the first bank to plead guilty to money-laundering conspiracy. It allowed over $670 million in cartel proceeds to flow through its branches (2014-2023). It includes an independent monitor and $1.1 billion forfeiture.

July 24, 2025 ZM confirmed

Zambia: the Financial Intelligence Centre flags over 3.5 billion in illicit flows in 2024

The main focus of illicit finance in Zambia, according to its own authorities, is capital flight through the mining sector, trade and corruption. In its 2024 Trends Report, the Financial Intelligence Centre (FIC) flagged more than 3.5 billion dollars in suspected illicit financial flows that year, most of them linked to the commercial activity of private-sector multinational enterprises, along with tax evasion, trade misinvoicing and illegal mining. The report uncovered, among other cases, a mineral-smuggling network worth about 5 million dollars (Zambian and East African nationals, 2022-2024) that brought in undeclared cash to buy illegally mined copper, gold and precious stones and exported them without passing through customs, laundering the funds through bank accounts and mobile wallets registered in Zambians' names to hide those truly responsible; and a suspicious pattern of 13 companies registered in 2023 at the same address, actually controlled by foreigners despite listing Zambians as beneficial owners. Supervision rests with the FIC together with the Anti-Corruption Commission (ACC), the Drug Enforcement Commission (DEC) and an Economic and Financial Crimes Court. The 2024 follow-up mutual evaluation rated Zambia 'compliant' on 12 of the FATF's 40 Recommendations and 'largely compliant' on another 18, but with the effectiveness of its anti-money-laundering regime still low or moderate; International Monetary Fund diagnostics attribute those gaps to political interference and weak institutions. Zambia, an ESAAMLG member, will be evaluated under the new framework in 2027/2028 and is working to avoid grey-listing.

December 21, 2016 US confirmed

US/Brazil: Operation Car Wash US side — Odebrecht $3.5B (FCPA record 2016) + Petrobras + Braskem

On **December 21, 2016**, the DOJ announced the coordinated settlement of the 'Operation Car Wash' US side case — the US branch of Brazil's **Operação Lava Jato** (case Petrobras Lava Jato Brazil (2014) in this tracker). **Odebrecht agreed to pay $3.5 billion USD** in penalties coordinated with DOJ ($93M), SEC, Brazilian Federal Public Prosecutor ($2.388B), Brazilian Supreme Court and Swiss Federal Office of Justice — **the largest FCPA settlement in history until then** (later surpassed by Goldman Sachs 1MDB $2.9B 2020 and Glencore $1.1B 2022). Facts: Odebrecht paid **$788 million in bribes** to political officials in **12 countries**: Argentina, Brazil, Colombia, Dominican Republic, Ecuador, Guatemala, Mexico, Mozambique, Panama, Peru, Venezuela, and Angola — generating $3.3 billion in net benefits. Petrobras (Brazilian state subsidiary) paid **$853M in September 2018 to DOJ + SEC + Brazilian Federal Public Prosecutor** for FCPA violations + securities fraud (affected ADR investors on NYSE). Braskem (petrochemical subsidiary of Petrobras and Odebrecht) paid **$957M in December 2016** to DOJ + Brazilian. The scheme was so complex that it required the creation of a **'Division of Structured Operations'** (Odebrecht's secret internal division) with **$100M+ shadow banking system** that controlled bribes via shell companies in Antigua, Switzerland, Monaco, and Mossack Fonseca (Panama Papers). The **DOJ Operation Car Wash US Task Force** collaborated with Switzerland OAG, Andorran FIS (UIFAND), UK SFO. Global connections with cases: Petrobras Lava Jato Brazil (2014), Colombia Odebrecht Bancolombia (2017), BPA Banco Madrid (2015) (Banco Andorra), Panama Papers (2024) (Mossack Fonseca), Tuna Bonds Credit Suisse (2021) (Credit Suisse).

January 19, 2023 US confirmed

US: Genesis Global bankruptcy Jan 2023 — $3.5B + Gemini Earn + NYAG $2B settlement (DCG/Silbert)

On **January 19, 2023**, **Genesis Global Capital** (crypto lending division of **Digital Currency Group DCG**, **Barry Silbert's** conglomerate that also owns Grayscale + CoinDesk) declared Chapter 11 bankruptcy with **~$3.5 billion in liabilities** to 100,000+ creditors — the last major collapse of the 2022 crypto winter chain. Genesis was hit by: exposure to **Three Arrows Capital ($2.4B in unpaid loans)** + exposure to **FTX/Alameda** after the November 2022 collapse. The case involved the **'Gemini Earn'** product — a yield program jointly operated by Genesis + the **Gemini exchange (Winklevoss twins)** that promised returns to ~340,000 retail users; when Genesis froze withdrawals (November 2022), $900M of Gemini Earn users were trapped. **SEC sued Genesis + Gemini in January 2023** (unregistered securities). **The NYAG (Letitia James) sued Genesis, DCG, Barry Silbert and Gemini in October 2023**, alleging **$3 billion** fraud — settlement of **$2 billion (Genesis) + $50M (Gemini to Earn users) in 2024**. Barry Silbert + DCG faced accusations of concealing Genesis's losses. Genesis creditors began recovering funds 2024. It is the **final chapter of the crypto winter domino effect** (Terra/Luna → 3AC → Celsius/Voyager → FTX → BlockFi/Genesis).

June 23, 2021 ZA confirmed

South Africa: Africrypt $3.6B alleged exit scam Jun 2021 — Cajee brothers vanished

In **June 2021**, **Africrypt** (a South African cryptocurrency investment platform founded by brothers **Ameer Cajee (20) and Raees Cajee (18)**) collapsed amid **allegations of an exit scam of up to $3.6 billion USD (~69,000 Bitcoin)** — which, if true, would make it one of the largest crypto frauds in history. The timeline: in April 2021, Africrypt notified its clients that it had suffered a 'hack' and asked them **not to report it to authorities** (a classic red flag). The Cajee brothers **disappeared**. The law firm Hanekom Attorneys, hired by investors, alleged massive fraud. However, the $3.6B figure is **strongly disputed**: subsequent investigations (including Chainalysis + local reports) suggest the real amount could be much smaller (possibly $100-200M), and the Cajee brothers **denied the fraud** claiming they too were victims of the hack. The South Africa FSCA (Financial Sector Conduct Authority) initially stated it **could not formally investigate because crypto was not regulated as a financial product in South Africa at the time** (this changed in October 2022, when South Africa declared crypto a financial product). The case is referenced as **one of Africa's most notorious crypto exit scams + an example of jurisdictional/regulatory challenges** when crypto is unregulated. The Cajee brothers were tracked to UAE/UK. South Africa is an ESAAMLG member + entered the FATF grey list (Feb 2023).

October 25, 2017 BG confirmed

OneCoin: Ruja Ignatova 'Cryptoqueen' FBI Top Ten Most Wanted fugitive since 2022 — $4-15B crypto Ponzi (Oct 2017)

On **October 25, 2017**, **Ruja Ignatova** (born Bulgaria 1980, Oxford doctorate, former McKinsey consultant) disappeared from Sofia (Bulgaria) airport on a Ryanair flight to Athens — and was never officially seen again. She is the founder and CEO of **OneCoin Ltd**, considered **one of the largest Ponzi schemes in history** ($4-15 billion USD according to DOJ/FBI estimates; 2014-2017+). OneCoin was sold as a 'revolutionary cryptocurrency' competitor to Bitcoin since 2014, in an **MLM pyramidal structure** that recruited 3+ million investors in **175 countries** (focus on Asia, Africa, Eastern Europe, Latin America) — particularly devastating in Uganda, China, Kazakhstan. The 'crypto' didn't actually exist — no blockchain, just internal databases. Ignatova was **added to the FBI Top Ten Most Wanted List on June 30, 2022** ($100K reward, increased to $250K in 2024). Intelligence investigations (BBC Podcast 'The Missing Cryptoqueen' by Jamie Bartlett, OCCRP) have documented connections with **Hristoforos Amanatidis 'Taki'** (Bulgarian organized crime boss murdered 2025 in South Africa) — Ignatova possibly murdered on Greek Mediterranean yacht Oct 2018 according to protected witnesses testimony. **Konstantin Ignatov** (Ruja's brother, former OneCoin Co-CEO) arrested LAX 2019, pleaded guilty 2019 + 5 charges, cooperator witness, finally sentenced 90 years but suspended (cooperation). **Mark Scott** (Locke Lord LLP attorney, laundered $400M for OneCoin via Cayman Fenero Funds) sentenced 10 years in February 2024. **Sebastian Greenwood** (OneCoin co-founder) sentenced 20 years SDNY September 2023. The case has had **massive cultural impact**: BBC podcast (5M+ downloads), HBO documentary 2023, Netflix series planned. It is **referenced as the paradigmatic example of pre-FTX crypto-Ponzi**.

January 31, 2020 FR confirmed

France: Airbus $4.0B settlement Jan 2020 — largest anti-corruption settlement in history

On **January 31, 2020**, **Airbus SE** (Europe's largest aerospace manufacturer, Franco-German-Spanish) agreed to pay a **combined settlement of €3.6 billion ($4 billion USD)** with the US DOJ, the UK's SFO (Serious Fraud Office), and France's PNF (Parquet National Financier) — **the largest corruption/bribery settlement in world history**, surpassing Goldman Sachs/1MDB and Siemens. The 3-year investigation (coordinated among the three jurisdictions) revealed that Airbus had operated **a massive and systematic bribery scheme** for over a decade (~2008-2015) through its network of 'intermediaries' (business partners) in **at least 16 countries** — including China, Malaysia, Sri Lanka, Indonesia, Taiwan, Ghana, Colombia, Nepal, South Korea, Japan, Kuwait, Russia, Mexico, Brazil, India — to win commercial and military aircraft sales contracts. The scheme was discovered partly through Airbus's own disclosures to authorities (self-reporting that reduced penalties). The settlement was structured as **DPAs (Deferred Prosecution Agreements)** in the three jurisdictions. The distribution: ~€2.08B France (PNF) + ~€984M UK (SFO) + ~$527M US (DOJ + State Department for ITAR arms export violations). Although no individual executives were imprisoned in the corporate settlement, several individual investigations continued. CEO **Tom Enders** (2012-2019) and other executives faced scrutiny. The case is referenced as **the climax of coordinated transnational anti-corruption enforcement** + a demonstration of the power of multi-jurisdictional investigations. France is a FATF founding member.

November 21, 2023 US confirmed

Binance: $4.32bn — one of the largest corporate penalties in US history, with a criminal guilty plea

Binance and its CEO pleaded guilty in a coordinated DOJ, FinCEN, OFAC and CFTC resolution: $4.316 billion total ($2.51 billion forfeiture + $1.805 billion criminal fine). The world's largest crypto exchange accepted an independent compliance monitor for three years over AML program failures and sanctions evasion.

July 28, 2020 MY confirmed

Malaysia: 1MDB, the conviction of former prime minister Najib Razak over the looting of the sovereign fund

The money-laundering and kleptocracy case that defines Malaysia —and one of the world's largest— is that of the 1MDB sovereign fund (1Malaysia Development Berhad). Created in 2009 under Prime Minister Najib Razak, who chaired its advisory board, and structured by financier Jho Low, the fund raised more than USD 10 billion in bonds, much of it underwritten by Goldman Sachs. According to investigations, more than 4.5 billion was stolen between 2009 and 2015 into shell companies controlled by Low and spent on art, jewelry, real estate, parties and Hollywood films; some 681 million reached Najib's personal accounts —whom US justice identified as 'Malaysian Official 1'—. The US Justice Department called 1MDB the largest case in its Kleptocracy Asset Recovery Initiative, with investigations in at least six countries; Goldman Sachs, which earned nearly 600 million in fees, later paid billions in settlements and fines. On July 28, 2020, the High Court convicted Najib in the SRC International case (a former 1MDB unit) of criminal breach of trust, abuse of power and money laundering —over some USD 10 million paid into his accounts— to 12 years in prison and a 210 million ringgit fine; the Federal Court upheld the sentence in 2022 and Najib began serving it, though in 2024 the Pardons Board halved it. In the main 1MDB trial, in December 2025, he was further sentenced to 15 more years and a fine of about USD 2.82 billion. Najib pleaded not guilty, denies any wrongdoing and blames the scheme on Jho Low, now a fugitive. Financial supervision rests with the central bank, Bank Negara Malaysia (BNM), and its financial intelligence department, with Malaysia a member of the APG.

July 28, 2020 MY confirmed

Malaysia: Najib Razak 12 years Jul 2020 — 1MDB case $4.5B laundered + Jho Low fugitive + Goldman $2.9B

On **July 28, 2020**, **Najib Razak** (former Malaysian PM 2009-2018, Barisan Nasional/UMNO, son of former PM Abdul Razak + nephew of former PM Hussein Onn — political dynasty) was **sentenced to 12 years prison + 210 million ringgit (~$50M) fine by Kuala Lumpur High Court** for his role in the **1MDB scandal (1Malaysia Development Berhad)** — one of the largest state corruption cases in documented history. **Najib began serving sentence on August 23, 2022** at Kajang Prison (sentence reduced to 6 years + further reduced 2024 to 4 years by controversial partial pardon by King Sultan Abdullah). The 1MDB scheme (2009-2015): Najib created sovereign wealth fund 1MDB in 2009 supposedly to promote economic development. Together with **Jho Low** ('Low Taek Jho', Malaysian businessman, mastermind of the scheme, **fugitive since 2016** — Interpol Red Notice, confirmed residences in China + Cyprus + Dubai), **diverted $4.5+ billion USD** via accounts in Cyprus, Singapore, Switzerland, US, Caribbean islands — funds used for: 1) **$250M Equanimity yacht** bought by Jho Low in Indonesia (recovered 2018, sold 2019 for $126M); 2) **Real estate in Beverly Hills, Manhattan, London** (Park Lane Hotel, Time Warner Center NYC penthouse $30M); 3) **Production of 'The Wolf of Wall Street' (2013, Martin Scorsese)** $100M+ produced by **Riza Aziz** (Najib's stepson); 4) **Picasso, Monet, Basquiat paintings** ($35M); 5) Lorraine Schwartz jewelers, Birkin bags Hermès; 6) **Diamond bond for Miranda Kerr** (Jho Low's girlfriend), $20M gift; 7) **Cash transferred to Najib's personal account = $681M in 2013** (discovered by The Edge investigation 2015 — Sarawak Report). **Goldman Sachs Group** (sponsor of 3 1MDB bond issues 2012-2013 worth $6.5B, earned $600M in fees) **paid $2.9B DOJ settlement + $3.9B total global settlements July 2020** (case Goldman 1MDB (2020) covered). **Tim Leissner** (former Goldman Southeast Asia chairman, mastermind at Goldman) pleaded guilty 2018 + cooperator (still pending sentencing 2026 + $44M forfeiture). **Bank Negara Malaysia (BNM)** and Securities Commission Malaysia (SCM) supervise the Malaysian banking sector under Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001.

February 12, 2013 LT confirmed

Lithuania: Ukio Bankas, the 'Troika Laundromat' conduit bank that funneled billions of Russian money into the EU

The most significant money-laundering case linked to Lithuania is that of Ukio Bankas, owned by Vladimir Romanov and a subsidiary of the Russian investment bank Troika Dialog. According to the investigation by the journalism consortium OCCRP (2019) and Lithuanian authorities, Ukio was the European cog of the so-called 'Troika Laundromat', an opaque network that moved billions of dollars —the scheme as a whole has been put at around 4.6 to 8.8 billion— for the benefit of the Russian elite: about half of the scheme's shell companies (at least 35) held accounts at Ukio, and from there the money, converted into euros, entered the European banking system through correspondent accounts at Raiffeisen (Austria), Commerzbank (Germany) and others. Through Ukio passed part of the 230 million from the Russian Treasury fraud uncovered by lawyer Sergei Magnitsky and some 69 million that reached companies of cellist Sergei Roldugin, a friend of Vladimir Putin; according to the chairman of Lithuania's central bank, at least 11.6 million should have been blocked and reported, but were split into 16 payments below the control threshold. The Bank of Lithuania intervened and shut Ukio in 2013 for risky practices, poor asset quality and noncompliance, and accused Romanov of looting the bank's own accounts; Romanov fled to Russia —which granted him asylum and refused his extradition in 2014— and was indicted in Lithuania for embezzlement. Romanov denies the allegations, calls them a 'myth' and claims the Lithuanian state stole his bank. Supervision rests with the Bank of Lithuania and the Financial Crime Investigation Service (FNTT), and the country is a member of MONEYVAL, the Council of Europe's anti-money-laundering body.

July 13, 2022 US confirmed

US: Celsius $4.7B bankruptcy Jul 2022 — Alex Mashinsky 12 years prison (May 2025) + crypto lending fraud

On **July 13, 2022**, **Celsius Network** (crypto lending platform, founded by **Alex Mashinsky** 2017) declared Chapter 11 bankruptcy with a **$4.7 billion USD deficit** — one of the largest collapses of the 2022 crypto winter post-Terra/Luna. Celsius had promised **returns of up to 18% APY** to 1.7M+ users depositing crypto, marketed with the slogan 'Unbank Yourself' and Mashinsky's phrase 'banks are not your friends'. In reality, Celsius operated an unsustainable scheme: it used user deposits for high-risk DeFi bets (including exposure to stETH, Anchor Protocol UST, BadgerDAO hack), lent to insolvent hedge funds (3AC), and operated with a **'CEL token' artificially inflated** by the company itself. When users tried to withdraw massively after the Terra/Luna collapse, Celsius **froze all withdrawals on June 12, 2022** ('pause'), trapping the funds of 1.7M users. **Alex Mashinsky** was arrested July 2023, **pleaded guilty in December 2024** to 2 charges (commodities fraud + securities fraud scheme manipulating CEL token), and **sentenced to 12 years federal prison in May 2025** (SDNY) + $48M forfeiture. SEC + CFTC + FTC + NYAG parallel settlements. The case is paradigmatic of **crypto lending model fraud** (along with BlockFi, Voyager, Genesis). Mashinsky had withdrawn **$42M in personal CEL tokens** before the collapse. The reorganization plan returned ~60% to users via crypto + new entity 'Ionic Digital' (Bitcoin mining) 2024.

August 3, 2014 PT confirmed

Portugal: Banco Espírito Santo collapse Aug 2014 — €4.9B bailout + Ricardo Salgado convicted

On **August 3, 2014**, the **Bank of Portugal** intervened and rescued **Banco Espírito Santo (BES)** — then Portugal's second-largest private bank — in a collapse that cost **€4.9 billion ($5.4 billion USD)** and marked the biggest financial scandal in recent Portuguese history. BES was the flagship bank of the **Espírito Santo Group (GES)**, the conglomerate of the powerful Espírito Santo family, controlled for decades by **Ricardo Salgado** ('o Dono Disto Tudo' / 'the owner of all this', BES CEO). The collapse was due to a **massive fraud and opacity scheme**: GES had used BES to finance its own troubled companies (Espírito Santo International, Rioforte) through a network of opaque entities in Luxembourg, Panama and other offshore jurisdictions, hiding multimillion-dollar losses, selling toxic GES debt to BES retail clients, and falsifying accounts. The Bank of Portugal split BES into a 'good bank' (**Novo Banco**, created with the bailout) and a 'bad bank' (the losses). **Ricardo Salgado** was charged with multiple crimes (fraud, money laundering, forgery, breach of trust) — **convicted in 2024 to 6 years in prison** ('Universo Espírito Santo' case / Operação Marquês connections), although he faced health issues (alleged Alzheimer's). The case also had connections to the 'Operação Marquês' corruption scandal involving former prime minister José Sócrates. It is referenced as **the paradigmatic case of family banking fraud + capture of a bank to finance a bankrupt conglomerate**. Portugal is a FATF + MONEYVAL founding member.

November 6, 2012 KZ confirmed

Kazakhstan: the Ablyazov/BTA Bank case, 'fraud on an epic scale' and multibillion-dollar laundering

The largest money-laundering case associated with Kazakhstan is that of Mukhtar Ablyazov, former chairman of BTA Bank (formerly Bank Turan Alem), once the country's largest bank. According to BTA's allegations and the rulings of several courts, Ablyazov allegedly diverted between USD 6 billion and 10 billion through fraudulent loans to shell companies, laundered via offshore structures; the bank collapsed in 2009, was nationalized and Ablyazov fled the country. The English courts handed down civil judgments of around USD 4.9 billion in 2012 and an arrest warrant, and the Court of Appeal described the case as 'fraud on an epic scale'; Ablyazov was also convicted of contempt after breaching court orders. International rulings against him exceed USD 7 billion and a worldwide asset-freezing order remains in place; in December 2022, a US jury awarded BTA USD 218 million for laundering and embezzlement. In Kazakhstan he was sentenced in absentia to 20 years (2017) and in Russia to 15. Ablyazov, leader of the opposition Democratic Choice of Kazakhstan party, maintains that this is political persecution orchestrated by the regime he opposes; organizations such as Amnesty International and Human Rights Watch opposed his extradition to Russia, and in 2016 France's Council of State annulled it on the grounds that it was politically motivated. The country's financial supervision rests with the Agency for Financial Monitoring (AFM), its financial intelligence unit, and Kazakhstan is a member of the Eurasian Group (EAG).

April 15, 2023 SD confirmed

Sudan: SAF vs RSF civil war since Apr 2023 — OFAC designates both sides + UAE gold smuggling

On April 15, 2023, civil war broke out between the Sudanese Armed Forces (SAF, led by General Abdel Fattah al-Burhan) and the Rapid Support Forces (RSF, led by General Mohamed Hamdan Dagalo 'Hemedti'), after months of tension over control of the post-Bashir democratic transition. OFAC and the EU have systematically designated: in June 2023, sanctions against Defense Industries System (DIS) Sudanese and RSF-affiliated companies; in May 2024, sanctions against Hemedti as an individual under Executive Order 14098. The war has caused 150,000+ deaths, 10 million displaced, hunger documented by UN and atrocities of genocide in Darfur (RSF is the heir of the Janjaweed militias that committed the Darfur genocide 2003-2005). The Sudanese banking sector is collapsed: the Central Bank of Sudan (CBS) has been displaced to Port Sudan (fled from Khartoum), multiple commercial banks destroyed or looted. Specific Sudanese AML risks: massive gold smuggling from Darfur, South Sudan and Ethiopia to UAE (estimated $2.5 billion/year by OCCRP — UAE Gold Rush 2023), oil through pipelines to Port Sudan, RSF illicit revenues in Darfur (commerce taxes, mine occupation). Sudan was removed from the State Sponsor of Terrorism list in December 2020 after $335M payment to USS Cole and East African embassy victims, but the war has collapsed all AML progress. Sudan is a MENAFATF member (transition pending to ESAAMLG).

October 14, 2025 KH confirmed

Cambodia: OFAC designates Prince Group + Chen Zhi as TCO in Oct 2025 with 146 targets sanctioned

On October 14, 2025, OFAC designated Prince Group as a Transnational Criminal Organization (TCO) under Executive Order 13581 and sanctioned its chairman, Cambodian national Chen Zhi ('Vincent'), along with 146 associated targets, in coordination with the United Kingdom and the Five Eyes. That same day, the Justice Department (Eastern District of New York, Brooklyn) unsealed an indictment charging Chen Zhi with wire-fraud and money-laundering conspiracy — he faces up to 40 years — and announced the forfeiture of about 127,271 bitcoin (~USD 15 billion), the largest in DOJ history. Per Chainalysis forensic analysis, those bitcoin trace to the 2020 'theft' from miner LuBian, which had operations in China and Iran. Prince Group ran forced-labor compounds in Cambodia, Myanmar (Shwe Kokko) and Laos where trafficking victims executed 'pig butchering' scams; Treasury estimates more than USD 5 billion in annual scam revenue. On October 30, 2025, OFAC added 25 bitcoin addresses to Chen Zhi's SDN listing; the same October 14, Huione Group was designated under FinCEN Section 311 and the UK's OFSI sanctioned Byex Exchange. Chen Zhi was later arrested in Cambodia and extradited to China. A 2026 ICIJ investigation flagged irregularities in the government's evidence, and victim restitution remained stalled.

December 18, 2024 AR confirmed

Argentina: FATF evaluates the country (Dec 2024) after the Milei-era AML/crypto reform (Law 27,739)

On December 18, 2024, the FATF and GAFILAT published the mutual evaluation of Argentina — with an on-site visit in March 2024 — the first since 2010. They concluded the country had strengthened its anti-money-laundering laws and processes, but still 'faces shortcomings in delivering effective outcomes,' except in international cooperation. Argentina faces money-laundering risks that are mainly domestic: drug trafficking, tax evasion, corruption, smuggling, fraud and human trafficking. Ahead of that evaluation, Congress passed Law 27,739 in March 2024, which aligned the framework with FATF standards, created the Virtual Asset Service Provider (VASP) regime under the supervision of the National Securities Commission (CNV, which set up registration via Resolution 994/2024) and toughened sanctions, with higher fines and disqualification of compliance officers. The financial intelligence unit is the Financial Information Unit (UIF), under the Ministry of Economy. In parallel, Javier Milei's government pushed a capital 'blanqueo' (asset regularization, Law 27,743) that injected about USD 32.15 billion into the banking system and required declaring crypto holdings — an amnesty that raised doubts about its fit with FATF standards and the risk of falling onto the grey list.

July 4, 2017 IT confirmed

Italy: Monte dei Paschi €5.4B bailout 2017 — world's oldest bank + derivatives fraud

On **July 4, 2017**, the Italian government completed a **state bailout of €5.4 billion ($6.1 billion USD)** of **Banca Monte dei Paschi di Siena (MPS)** — founded in **1472, the world's oldest bank still in operation** and Italy's third largest. The MPS crisis developed over years through a **derivatives fraud scandal**: to hide massive losses (partly derived from the disastrous 2007 acquisition of Antonveneta bank for €9B, greatly overvalued), MPS executives carried out **fraudulent structured derivatives operations** known as **'Alexandria' (with Nomura) and 'Santorini' (with Deutsche Bank)** between 2008-2012, designed to dress up the balance sheets and hide losses from regulators. When the fraud was revealed, MPS needed multiple bailouts (2013, 2017). The 2017 one ('precautionary recapitalization') made the Italian State the **majority shareholder (~68%)**. Several former executives were convicted: **Giuseppe Mussari** (former chairman) and **Antonio Vigni** (former general director) received sentences for accounting fraud + market manipulation (although some were revised on appeal). Deutsche Bank and Nomura also faced proceedings for their role in the derivatives. The case is referenced as **the paradigmatic example of the Italian banking crisis + derivatives fraud to hide losses** + the symbolism of the world's oldest bank nearly collapsing. Italy is a FATF + MONEYVAL founding member.

December 18, 2016 UA confirmed

Ukraine: the PrivatBank case, ~5.5 billion vanished, leading to the bank's nationalization and oligarch Kolomoisky's imprisonment

Ukraine's largest money-laundering and bank-fraud case is that of PrivatBank, the country's biggest bank —with accounts for roughly half of adult Ukrainians—, co-founded in 1992 by oligarchs Ihor Kolomoisky and Gennadiy Boholiubov. In December 2016, the government nationalized it after a hole of about USD 5.5 billion was found in its balance sheet —close to 5% of GDP—, which the state had to cover to prevent the collapse of the financial system. According to investigations, the owners had granted most of the loans to companies they themselves controlled, mainly in Cyprus, through fraudulent loans. In August 2020 the US Justice Department filed several civil forfeiture complaints, under money-laundering law, over commercial real estate in Kentucky, Texas and Ohio bought, per the charges, with funds misappropriated from PrivatBank and laundered through a web of shell companies, within its Kleptocracy Asset Recovery Initiative. In 2021, the State Department barred Kolomoisky from entering the US for 'significant corruption'. In Ukraine, the oligarch was arrested in September 2023 for fraud and money laundering —and later for embezzling about 250 million, document forgery and an alleged murder plot— and remains in prison, the richest businessman jailed in the country's history; in November 2024 the Supreme Court upheld the nationalization, and in 2025 PrivatBank won a roughly 1.9 billion lawsuit in a London court against its former owners. Kolomoisky and Boholiubov have always denied the accusations and maintain that the nationalization was a politically motivated decision and that their property was 'stolen' from them. Supervision rests with the National Bank of Ukraine (NBU) and the State Financial Monitoring Service, with Ukraine a member of MONEYVAL.

June 27, 2019 CN confirmed

China: PlusToken $5.7B crypto Ponzi — Asia's largest crypto Ponzi + 2M+ victims (Jun 2019)

In **June 2019**, **PlusToken** collapsed — **one of the largest cryptocurrency Ponzi schemes in history**: **$5.7 billion USD** (some estimates up to $6-7B), with **more than 2 million victims** mostly in China, South Korea, and Southeast Asia. PlusToken (launched 2018) sold itself as a **'high-yield crypto wallet'** that promised returns of **9-18% monthly** supposedly generated by 'exchange arbitrage' + 'mining' + 'referral programs' — a classic MLM pyramid scheme. It accumulated enormous amounts of **BTC (~200,000), ETH (~800,000), EOS, and other cryptos** from victims. The team (led by **Chen Bo** and other Chinese nationals) operated from China but registered the entity in **Vanuatu** to evade jurisdiction. When the scheme collapsed (June 2019), the operators tried to flee — **6 were arrested in Vanuatu and deported to China in June 2019**, and a total of **27 operators were eventually arrested** by the Chinese Ministry of Public Security. They were **convicted in 2020-2022** by Jiangsu courts (Chen Bo received 11 years + massive fines). The Chinese government **seized the cryptos** — and controversially, **the sales of the seized cryptos by Chinese authorities (~$4B in BTC/ETH liquidated 2019-2020) impacted the global crypto market** (sell pressure documented by Chainalysis). The case is referenced as **the largest crypto Ponzi in Asia + the example of how China handles crypto crime** (China banned crypto trading 2017 + mining 2021). China (1,410M inhabitants) is supervised by PBOC (People's Bank of China) + CBIRC + Ministry of Public Security. China is a FATF + APG + EAG member.

February 14, 2008 LI confirmed

Liechtenstein: 2008 Liechtenstein tax affair — Heinrich Kieber leaked LGT data to 12 countries

On February 14, 2008, the 'Liechtenstein tax affair' broke — one of the largest tax evasion scandals in European history. Heinrich Kieber, a former data entry clerk at LGT Group (private bank owned by Liechtenstein's Princely House), had stolen the data of 4,527 foreign accounts of wealthy clients in 2002. Kieber sold the data to German intelligence (BND) for €4.2M in 2007, and then to tax authorities of 12 other countries: US, UK, France, Italy, Australia, Canada, Netherlands, Spain, Sweden, Norway, Finland, Ireland. The 'BND Liechtenstein' operation triggered thousands of global tax evasion investigations: in Germany, Klaus Zumwinkel (Deutsche Post CEO) was arrested in February 2008 (prominent case); more than 800 German taxpayers self-reported their accounts after the scandal. Liechtenstein, the fourth smallest country in Europe (~38,000 inhabitants), has a financial sector representing ~25% of GDP. **FinCEN advisory 19 of May 2000** had previously identified serious deficiencies in Liechtenstein's AML regime, including: bearer shares issuance, extreme banking secrecy, information compartmentalization. Post-2008 scandal, Liechtenstein implemented deep reforms: Due Diligence Act (DDA) 2008 amended 2009, Due Diligence Ordinance (DDO) 2009, Act on the Register of Beneficial Owners of Legal Entities (VwbPG), gradual elimination of bearer shares. FMA Liechtenstein supervises 12 banks (LGT AG, Liechtensteinische Landesbank, VP Bank the 3 largest) with CHF 411.4B in AUM (2022). Liechtenstein is a MONEYVAL member and obtained Largely Compliant on 35 of 40 FATF recommendations in 2024.

May 28, 2013 CR confirmed

Costa Rica: Liberty Reserve $6B laundering shut down May 2013 — Budovsky 20 years (foundational digital currency case)

On **May 28, 2013**, the DOJ + US Secret Service dismantled **Liberty Reserve** — then the **largest digital money laundering case in history to that point**: **$6 billion USD laundered** via a centralized 'digital currency' operated from Costa Rica. Liberty Reserve (founded 2006 by **Arthur Budovsky**, Ukrainian-American former e-gold convict, renounced US citizenship to become Costa Rican) operated 'LR dollars' and 'LR euros' — an irreversible, near-anonymous digital currency (only required name/email/birthdate without verification), used massively by **cybercriminals, carders, Ponzi operators, traffickers** of ~1 million worldwide users (200,000 in US). Liberty Reserve charged 1% per transaction + $0.75 for 'privacy' (hiding account number). It was the **main payment vehicle for cybercrime pre-Bitcoin** (carding forums, fake antivirus, investment fraud). The case was the **first time the DOJ used Section 311 of the USA PATRIOT Act against a digital currency** (designation + simultaneous indictment). **Arthur Budovsky** was **arrested in Spain (Madrid) May 2013, extradited to US 2014, pleaded guilty 2016, sentenced to 20 years federal prison** (SDNY). 5 co-conspirators convicted. The case is referenced as **the foundational precedent for digital currency laundering enforcement** (preceded the Bitcoin/crypto enforcement era) + the first major case to demonstrate the 'centralized digital currency for crime' model. Costa Rica was the host but the case was led by US authorities. Costa Rica is a GAFILAT member.

May 10, 2012 US confirmed

US: JPMorgan 'London Whale' $6.2B 2012 — Bruno Iksil + $920M fines

On **May 10, 2012**, **JPMorgan Chase** revealed initial losses of $2 billion in derivatives operations at its **Chief Investment Office (CIO) in London** — losses that eventually reached **~$6.2 billion USD**. The person responsible was **Bruno Iksil**, a French trader in the London office, nicknamed **'The London Whale'** for the massive size of his positions in the credit default swap (CDS) market on corporate indices (CDX IG.9) — positions so large they distorted market prices. Iksil had built positions of ~$157 billion notional (directional bets on the direction of corporate credit) that turned against him when rival hedge funds identified his positions and traded against him. Iksil's superiors — **Javier Martin-Artajo (a Spanish citizen, his direct boss) and Julien Grout (junior trader)** — were charged by the DOJ + SEC with **falsifying valuations to hide growing losses**. Iksil obtained immunity as a cooperator; Martin-Artajo and Grout were charged but the charges were dismissed (Martin-Artajo refused extradition from Spain). JPMorgan paid **$920 million in combined fines** to SEC + OCC + FRB + UK FCA (September 2013 settlement) + admitted violating securities laws. CEO **Jamie Dimon** initially dismissed the scandal as 'a tempest in a teapot' (a phrase that became emblematic) and then publicly apologized. The case is referenced as **the rogue trading desk case (not individual) + an example of massive corporate governance and risk control failures** at one of the world's largest banks + criticism of the supposedly 'hedging' directional bets of the CIO.

January 25, 2019 BR confirmed

Brazil: Vale-Brumadinho Jan 2019 — 270 dead + $7B settlement + DOJ $55.9M FCPA

On **January 25, 2019**, the Córrego do Feijão tailings dam of **Vale SA** (the world's largest iron ore miner, Brazilian) in **Brumadinho, Minas Gerais, Brazil**, catastrophically collapsed — releasing **~12 million cubic meters of toxic mud** that killed **270 people** (including Vale employees having lunch in the mine cafeteria) and devastated the local environment. It was **Brazil's worst workplace disaster + Vale's second dam disaster in 4 years** (after Samarco/Mariana 2015, 19 dead, in partnership with BHP). The investigation revealed: **(1)** Vale **knew about the instability** of the dam (internal reports indicated it) + pressured the German auditor **TÜV SÜD** to certify it as safe despite the risks; **(2) corruption and falsification of safety certificates**. In **2021, Vale paid a record civil/criminal settlement of R$37.7 billion ($7 billion USD)** with the Minas Gerais government — Brazil's largest environmental reparation agreement. In **2023, Vale + Vale executives paid $55.9 million to the DOJ in an FCPA settlement** (Vale ADRs on NYSE) for hiding from investors the true safety situation of the dams. **17 Vale + TÜV SÜD executives were charged** with homicide (trial ongoing). Former CEO **Fabio Schvartsman** resigned. The case transformed dam regulation in Brazil (Law 14.066/2020) + accelerated the forced closure of similar dams. Brazil is a FATF + GAFILAT founding member.

December 4, 2024 US confirmed

US/Netherlands: Tornado Cash OFAC designation + Roman Storm convicted + Alexey Pertsev 5.3 years NL

**Tornado Cash** (privacy mixing smart contract on Ethereum launched in 2019, maintained by Roman Storm, Roman Semenov and Alexey Pertsev) was designated by **OFAC on August 8, 2022** — the first time in history that OFAC designates open source code (smart contract). The designation included 38 Ethereum addresses of the protocol. Tornado Cash processed **$7+ billion in ETH** between 2019-2022, including **$625 million from the Ronin Bridge hack** by **Lazarus Group (DPRK, March 2022)**, $100M+ from Horizon Bridge hack (Jun 2022), multiple ransomware payouts (REvil, Conti, BlackCat), multiple scams. **Key criminal decisions**: on May 14, 2024, **Roman Storm** (co-founder, US-Russian citizen) was **found guilty in the Eastern District of New York** for conspiracy to operate an unlicensed money transmitter and IEEPA violation (sanctions), sentencing pending. **Roman Semenov** (co-founder, Russian) was simultaneously indicted, fugitive. **Alexey Pertsev** (developer, Russian citizen NL resident) was **arrested in Netherlands in August 2022** and **sentenced to 5 years and 4 months prison by the District Court of 's-Hertogenbosch on May 14, 2024** for money laundering — first criminal case in the world against an open source crypto developer. The case has generated global debate about **criminalization of software vs use of software**: organizations like Electronic Frontier Foundation (EFF) and Coin Center have sued Treasury for unconstitutionality of the designation. **Coin Center v Yellen** in US District Court Texas (favorable ruling for Tornado Cash in January 2024, OFAC delisted Tornado Cash March 21, 2025).

February 17, 2009 AG confirmed

Antigua/US: Stanford Financial Group — 2nd largest Ponzi history $7B + Allen Stanford 110 years prison

On **February 17, 2009**, the SEC filed charges against **R. Allen Stanford** (Texan, owner of Stanford Financial Group and Stanford International Bank SIB in Antigua) for **the second largest Ponzi scheme in human history** (after Madoff): **$7 billion USD in fake Certificates of Deposit (CDs)** sold to **25,000+ investors** mainly in the United States, Latin America (Venezuela, Colombia, Mexico) and the Caribbean. SIB Antigua promised consistently high returns (5-15% annually) that were legitimately impossible. Stanford operated the scheme from at least 1993. The scheme's revelation came **post-Madoff (December 2008)** and in the context of the 2008-2009 financial crisis. Stanford was **arrested on June 18, 2009** and **sentenced to 110 years federal prison in June 2012** by SDTX (Southern District of Texas) on 13 fraud counts. Convicted co-conspirators: **James Davis** (CFO, 5 cooperative years), **Laura Pendergest-Holt** (Chief Investment Officer, 3 years), **Gilbertson Lopez** (chief of audit), **Mark Kuhrt**. The **Antigua case** showed the deep vulnerabilities of **offshore banking supervision**: SIB Antigua operated with a license from the **Financial Services Regulatory Commission (FSRC) Antigua** that regulated a bank with $8 billion AUM with almost no supervisory staff. **Leroy King**, the main FSRC Antigua regulator, was bribed by Stanford (documented receipt of $128,000+) and eventually extradited to the US in 2019, convicted in 2021. The receiver **Ralph Janvey** has recovered **$1+ billion since 2009** via extensive litigation (Stanford International Bank Limited In Receivership). The case drove reforms of offshore supervision and reinforcement of OECD CRS (Common Reporting Standard, 2014).

March 9, 2024 FM confirmed

Pacific: FSM + Marshall + Palau — Compact States USD legal tender + Mar 2024 renewal $7.1B

The three Pacific Compact States: FSM (105K), RMI (42K), Palau (18K) — operate under Compact of Free Association with US, giving free US labor/educational access, US defense, USD legal tender. Renewed March 2024 with $7.1B USD for 20 years. RMI has been one of Pacific offshore hubs — operates 70K+ International Business Companies + 3,700 registered vessels (second world flag of convenience after Liberia). RMI launched 'SOV' digital currency 2018 (blocked by IMF). Palau (Compact Plus + controversial Investor Visa Program). The three are APG members.

November 2, 2023 BS confirmed

Bahamas/US: FTX collapse Nov 2022 → SBF sentenced 25 years prison for $8B fraud in Nov 2023

On November 2, 2022, the FTX scandal exploded — the world's second-largest crypto exchange, headquartered in Nassau (Bahamas), after a leak of its balance sheet revealed massive commingling between FTX and Alameda Research (Sam Bankman-Fried's proprietary trading firm). On November 11, 2022, FTX filed Chapter 11 bankruptcy. ~$8-10 billion in customer funds were missing. DOJ charges against Sam Bankman-Fried (SBF): wire fraud, commodities fraud, securities fraud, money laundering, FCPA violations (bribes to Chinese officials), conspiracy to make political contributions. Trial in the Southern District of New York began October 2023 and SBF was found guilty of all 7 counts on November 2, 2023. **On March 28, 2024, SBF was sentenced to 25 years federal prison** + ordered to pay $11 billion in forfeiture. Caroline Ellison (Alameda CEO), Gary Wang (FTX co-founder), Nishad Singh, Ryan Salame pleaded guilty and cooperated. The Securities Commission of The Bahamas (where FTX was supposedly regulated) oversaw parallel proceedings. Bahamas had already exited the FATF grey list in 2020, but the FTX case illustrated the weaknesses of its crypto licensing regime (DARE Act 2020). Victims include millions of global retail traders + large institutional investors (Sequoia Capital, BlackRock, Ontario Teachers' Pension Plan).

November 12, 2022 BS confirmed

Bahamas: FTX collapse Nov 11 2022 + SBF arrested + Bahamas offshore center 250 banks historic

The **Central Bank of The Bahamas (CBB)**, the Securities Commission of the Bahamas (SCB) and the Financial Intelligence Unit (FIU Bahamas) supervise the Bahamian financial sector under the framework of the Financial Transactions Reporting Act 2018 and Proceeds of Crime Act 2018 (amended in 2020 and 2023). Bahamas (412,000 inhabitants, capital Nassau) is **one of the most important offshore financial centers in the Caribbean** — at its 1990s peak it had **250+ licensed banks**, including the legacy of **Augusto Pinochet** (Chilean dictator) who maintained $11+ million in Riggs Bank Bahamas branch — case discovered by US Senate Permanent Subcommittee on Investigations 2004. **On November 11, 2022, FTX Trading Limited (based in Nassau) collapsed** — the largest crypto bankruptcy in history with **$8+ billion in client funds lost**. Sam Bankman-Fried (SBF, founder and CEO) was arrested by the Royal Bahamas Police Force on December 12, 2022, extradited to the US on December 21, 2022, and **sentenced to 25 years federal prison on March 28, 2024** by SDNY (US v Bankman-Fried case) — 7 counts including bank fraud, conspiracy, money laundering. **Caroline Ellison** (CEO Alameda Research, SBF's ex-girlfriend) cooperated as witness and received 2 years. **Gary Wang** (CTO FTX) cooperated. **Nishad Singh** (Director Engineering). **Ryan Salame** (Co-CEO FTX Digital Markets Bahamas) received 7.5 years. The Chapter 11 restructuring (John J. Ray III, same as Enron) has recovered ~$14.5 billion in assets (more than the $8B lost by clients — thanks to the crypto rally post-collapse). The Bahamas Examination Committee (Joint Provisional Liquidators) worked in parallel. Bahamas **was on FATF grey list 2022-2024**, exited in Feb 2024. Other historical Bahamian cases: Cayman exit case (FATF removed Bahamas grey list 2024), 'Bahamas Leaks' ICIJ 2016 (175,000 offshore structures). Bahamas is a CFATF member and GAFILAT observer.

June 30, 2014 FR confirmed

BNP Paribas: $8.9bn in 2014, the largest sanctions-violation penalty in history

French bank BNP Paribas pleaded guilty in 2014 to processing billions of dollars for Iran, Sudan and Cuba over eight years, deliberately concealing the transactions even though senior officials knew they were breaking US law. The fine, around $8.9 billion, remains the largest sanctions-violation penalty in history. The bank had its US-dollar clearing license temporarily suspended.

January 4, 2022 US confirmed

Theranos: Elizabeth Holmes 11 years + Balwani 13 years — Silicon Valley $9B fraud valuation (Jan 2022)

On **January 4, 2022**, **Elizabeth Holmes** (Theranos founder, Stanford dropout 2003, self-proclaimed 'next Steve Jobs', Forbes 'youngest self-made female billionaire 2014' cover) was **found guilty by Northern District of California (NDCA, San Jose) jury on 4 wire fraud charges** against investors (out of 11 total charges — jury split on the rest). **Sentenced to 11 years + 3 months federal prison on November 18, 2022**. **Ramesh 'Sunny' Balwani** (former Theranos COO, Holmes' former partner 2002-2016, Indian-American born in Pakistan) was found guilty by separate jury on **12 charges in July 2022** and **sentenced to 12 years + 11 months (13 years) in December 2022**. Holmes began serving sentence in May 2023 at FPC Bryan Texas (federal women's prison). The case: Theranos (founded 2003) raised **$945M in venture capital** from 2003 to a **peak valuation of $9 billion in 2014** (Holmes $4.5B net worth at that moment) based on the fraudulent promise of 'Edison' technology that could perform **240 medical tests from a single drop of blood** (vs blood drawn by traditional venipuncture). In reality: the technology **NEVER worked** — Theranos passed 90% of tests to conventional Siemens analyzers and manipulated results. Investor victims: Walgreens ($140M), Rupert Murdoch ($125M, largest individual investor), Betsy DeVos family ($100M), Henry Kissinger (board member alongside James Mattis, George Shultz, William Perry, Sam Nunn), Carlos Slim ($30M), Larry Ellison ($30M). The whistleblower **Tyler Shultz** (George Shultz's grandson) reported internally 2014 + to John Carreyrou (Wall Street Journal) whose 2015 investigations catalyzed the collapse. **HBO Documentary 'The Inventor: Out for Blood' (2019)**, book 'Bad Blood' Carreyrou (2018), Hulu series 'The Dropout' (2022) with Amanda Seyfried.

August 15, 2021 AF confirmed

Afghanistan: $9.5B of frozen assets post-Taliban takeover of Kabul Aug 2021 + AfFund 2022

On August 15, 2021, the Taliban took Kabul after the US withdrawal from Afghanistan (Operation Allied Refuge after 20 years of war). Within hours, OFAC and the Federal Reserve of New York froze the $9.5 billion in Da Afghanistan Bank (DAB, Central Bank of Afghanistan) assets deposited in the US. The assets are subject to OFAC Executive Order 13224 (Specially Designated Global Terrorists) and the UN Sanctions Committee 1988 (created in 2011 succeeding the 1267 Taliban/Al-Qaeda). In February 2022, President Biden signed Executive Order 14064 ordering the transfer of $3.5 billion (half of the assets) to the 'Fund for the Afghan People' (AfFund, Switzerland-based, controlled by trustees), reserving the rest for claims by 9/11 victims and other terrorism victims. The decision was extensively criticized by victims and humanitarian organizations. The Taliban has never been recognized by any country as Afghanistan's legitimate government (although China, Russia and Pakistan have established pragmatic diplomatic relations). Specific Afghan AML risks: massive illicit Taliban revenues (~$1.5-2.5 billion/year estimated, including opium — Afghanistan was the world's largest producer with 80%+ of world market until Taliban prohibition in 2022 + eradication goal), mineral trafficking (emeralds, lapis lazuli, marble), massive informal hawala (without functioning banking system), violation of women's rights (female education prohibition post-March 2022), ISIS-K attacks. UN Office of the Special Representative systematically documents.

June 27, 2022 SG confirmed

Singapore: Three Arrows Capital (3AC) $10B collapse Jun 2022 — Su Zhu/Kyle Davies + crypto winter central node

On **June 27, 2022**, **Three Arrows Capital (3AC)** — one of the world's largest crypto hedge funds, founded by **Su Zhu and Kyle Davies** (former Phillips Academy + Columbia University classmates + former Credit Suisse traders) in Singapore 2012 — entered **BVI Court-ordered liquidation** after becoming insolvent, with a **peak AUM of ~$10 billion (2021) that collapsed leaving ~$3.5 billion in liabilities to 27+ creditors**. 3AC was the **central node of the 2022 crypto winter contagion**: it had massive leveraged exposure to **Terra/Luna (LUNA + UST, lost ~$560M), Grayscale Bitcoin Trust (GBTC premium trade), stETH, and leveraged positions with money borrowed from Celsius, Voyager Digital ($670M default that led Voyager to bankruptcy), BlockFi, Genesis, Deribit, FTX**. When Terra/Luna collapsed (May 2022) + Bitcoin fell, 3AC couldn't cover margin calls. **Su Zhu and Kyle Davies fled** (whereabouts initially unknown, then Dubai/Indonesia/Bali) — refused to cooperate with Teneo liquidators. Singapore MAS **banned Su Zhu and Kyle Davies from capital markets activity for 9 years in September 2022**. **Su Zhu was arrested at Singapore airport in September 2023** (4 months prison for contempt of court). Davies remains evasive. The founders controversially launched **'OPNX' (Open Exchange)** in 2023 — an exchange to trade crypto bankruptcy claims (including those of their own victims) — closed 2024. The case is referenced as **the contagion node that amplified the 2022 crypto winter** + paradigm of leverage risk in crypto hedge funds. Singapore is one of Asia's most important crypto/fintech hubs, supervised by MAS.

February 25, 1986 PH confirmed

Philippines: Ferdinand Marcos Sr (1965-1986) — $5-10B diverted + $7.5B recovered PCGG (leading global recovery case)

Ferdinand Marcos Sr (Philippine President 1965-1986, dictator under Martial Law 1972-1981, removed by People Power Revolution Feb 1986) is **the paradigmatic dictatorial asset recovery case pre-Abacha**. During his **20 years in power**, Marcos and his wife Imelda Marcos **diverted an estimated $5-10 billion USD** from Philippine state coffers (PCGG + World Bank + Stolen Asset Recovery Initiative StAR estimates). On **February 25, 1986**, after 4 days of massive People Power Revolution protests led by Corazon Aquino (widow of Ninoy Aquino assassinated 1983), Marcos was forced to exit Manila to US (Hawaii). He died in Honolulu exile on September 28, 1989. The PCGG (Presidential Commission on Good Government, founded by Aquino on Feb 28, 1986) has **recovered $7.5+ billion since 1986** — one of the largest asset recovery cases in history: Swiss bank accounts: $683M (returned 2003 + 2010, judgment); US: $640M (Manhattan real estate + jewelry); Bank of New York: $356M; Imelda's jewelry collection: $5M (Hawaii 1986 + Philippines); famous shoe collection (3,000+ pairs — Imelda Marcos shoe museum Marikina). **Imelda Marcos** (Imelda Romualdez Marcos, 'Iron Butterfly') was **convicted in 2018 by Sandiganbayan to 11 years prison on 7 graft charges** — but remained free for being active politician (Congress 2019-2022). **The Marcos family drama**: **Bongbong Marcos** (Ferdinand Jr., son) **was elected Philippine President in June 2022** — family return to power 36 years later. **Imee Marcos** (daughter) is Senator. The Marcos oligarchy remains powerful: Ilocos Norte + Ilocos Sur provinces are their historical fiefdom. Cases pending in US + Philippines + Switzerland are maintained — flow reduced under Marcos Jr. government (obvious conflict of interest).

September 26, 2024 PH confirmed

Philippines: FATF grey list exit Feb 2025 + ICC investigation Duterte drug war + Marcos legacy

On February 21, 2025, FATF removed Philippines from the grey list ('Jurisdictions under Increased Monitoring') after almost 4 years of monitoring initiated in June 2021. The Bangko Sentral ng Pilipinas (BSP), the Anti-Money Laundering Council (AMLC, FIU) and the Securities and Exchange Commission (PSEC) supervise the Philippine banking sector under the framework of Republic Act 9160 'Anti-Money Laundering Act' 2001 (extensively amended 2003, 2012, 2017, 2021, 2024). Philippines (115M inhabitants, capital Manila) lives under the regime of **Ferdinand 'Bongbong' Marcos Jr.** (President since June 2022, son of former dictator Ferdinand Marcos Sr. 1965-1986). The **Marcos family legacy** is one of the largest historical AML cases: $5-10 billion estimated diverted during Marcos Sr.'s regime — the Presidential Commission on Good Government (PCGG) has recovered $7.5+ billion since 1986. **On September 26, 2024, the International Criminal Court (ICC) formally opened the investigation against Rodrigo Duterte** (former President 2016-2022) for **'crimes against humanity' related to the 'War on Drugs' / 'Tokhang' that killed 30,000+ Filipinos** (HRW estimate, government recognizes 6,000+) in extrajudicial executions by the Philippine National Police (PNP) and vigilantes. **Duterte arrested in Manila March 2025**, transferred to The Hague. Specific Philippine AML risks: crypto corridor (Philippines has **the world's 2nd largest crypto adoption** according to Chainalysis 2024), POGOs (Philippine Offshore Gaming Operations — Chinese operators targeting Chinese gamblers, banned by Marcos Jr. August 2024 after massive POGO Alice Guo scandals, $4.5B illegal gambling); pig-butchering scam compounds, OFW remittances (10M+ Filipinos overseas, $36B annual remittances = 9% GDP). The banking sector is concentrated in: BDO Unibank (largest), Bank of the Philippine Islands (BPI), Metrobank, Land Bank of the Philippines, Security Bank.

March 8, 2021 GB confirmed

UK: Greensill Capital $10B collapse Mar 2021 — David Cameron lobbying scandal

On **March 8, 2021**, **Greensill Capital** — the British **'supply chain finance'** firm founded by Australian **Lex Greensill (ex-Citi, ex-Morgan Stanley)**, valued at its peak at **$7 billion** and backed by SoftBank Vision Fund — declared bankruptcy with ~$10 billion in liabilities. The collapse unleashed three interlocking scandals: **(1)** Greensill's business model was questionable — it packaged 'future invoices' (not real invoices) from troubled companies like **steel magnate Sanjeev Gupta's GFG Alliance**, sold them as 'investment grade' notes to Credit Suisse + GAM funds, and depended on credit insurance from **Tokio Marine (Australian subsidiary BCC)** — when BCC refused to renew the insurance (July 2020), the whole model collapsed. **Credit Suisse lost $3 billion** (its Greensill funds attracted $10B+ of investors), another catalyst of its bankruptcy/UBS 2023. **(2) DAVID CAMERON SCANDAL:** former British Prime Minister David Cameron (PM 2010-2016) had received **Greensill shares worth ~£70M (£10M cashed in)** and it was revealed that he **sent WhatsApp messages + emails to the British Treasury lobbying** for Greensill to access COVID emergency schemes — without officially registering his lobbying as required by law. **The British Parliament investigated (Treasury Select Committee), Cameron was forced to testify** (May 2021), exposed massive regulatory loopholes in the UK's lobbying system, led to reforms. **(3)** Greensill's German bank regulations (Greensill Bank AG in Bremen) were captured by BaFin (depositor bailout). The **UK SFO + APRA + FINMA have been investigating** Greensill since 2021. The case is referenced as: **(a) the foundational collapse of supply chain finance + regulatory opacity**, **(b) the largest lobbying scandal in modern UK**, **(c) co-catalyst of Credit Suisse's collapse along with Archegos**.

January 30, 2017 DE confirmed

Deutsche Bank: Russian mirror trades $10B Moscow-London — $629M NYDFS+FCA settlement (Jan 2017)

On **January 30, 2017**, **Deutsche Bank AG** agreed to pay **$425M to NYDFS + £163M ($204M) to UK FCA = $629M total** for **'Russian mirror trades'** — the largest clandestine **rubles-to-hard-currency conversion** scheme between 2011-2015 via Deutsche Bank Moscow + Deutsche Bank London. **$10+ billion** were moved from the Russian regime (clients including sanctionable oligarchs and shell companies) through the following structure: 1) Russian shell company bought liquid Russian stocks (Gazprom, Sberbank, Rosneft, Lukoil) in Moscow with rubles, 2) Offshore shell company (in BVI, Cyprus, Latvia) **simultaneously sold** the same amount of same stocks in London with USD/EUR, 3) Result: rubles eliminated from Russian balance, hard currency appears in offshore company — all in minutes, without real audit. The scheme was **a direct response to 2014 Crimea/Ukraine sanctions** of Putin's regime. **Tim Wiswell** (US trader Deutsche Bank Moscow, former equity sales head) was the main architect from the bank — fired 2015, pleaded guilty US 2016 to BSA violation, **sentenced 2017**. **Andrey Tikhonov** (former VP Deutsche Moscow) also fired. **Vladimir Antonov** (already covered in Snoras Bank Lithuania case Lithuania BLO (2024)) was one of the top clients who used the scheme. **Federal Reserve also fined Deutsche Bank $41M in May 2017** for related risk management failures. Deutsche Bank was **additionally fined $7M in July 2017** by NYDFS for AML/CIP failures. The case is part of multiple scandals that led Deutsche Bank to its biggest crisis (2015-2019): Christian Sewing CEO since April 2018 has implemented massive restructuring. The case connected with **Danske Bank Estonia laundromat** (case Danske Estonia (2018)), Cyprus banking sector, and FBR investigations into Russian flight capital.

November 20, 2024 US confirmed

US: Bill Hwang (Archegos) sentenced to 18 years prison in Nov 2024 — $10B collapse in Mar 2021

On **November 20, 2024**, **Bill Hwang** (Sung Kook 'Bill' Hwang, former Tiger Asia Management), founder of Archegos Capital Management, was sentenced to **18 years federal prison** by the Southern District of New York for massive market manipulation fraud and lies to bank counterparts. Patrick Halligan, Archegos CFO, received 8 years. The March 26, 2021 collapse was one of the most violent events in recent financial history: Archegos, a family office (not regulated hedge fund) built massive positions in tech/media stocks (ViacomCBS, Discovery Communications, Baidu, Tencent Music, IQIYI, Vipshop, Farfetch, GSX Techedu, RLX Technology) using **total return swaps** (TRS) — derivatives that gave exposure without direct legal ownership. When ViacomCBS made equity issuance on March 22, 2021 and the price fell, margin calls forced chaotic liquidation. **Combined prime broker bank losses estimated at $10 billion**: Credit Suisse $5.5 billion (main factor in subsequent 2023 collapse), Nomura $2.9 billion, Morgan Stanley $911 million, UBS $774 million, Mizuho $90 million. Regulators documented that Archegos lied to multiple prime brokers about aggregate positions (each only saw its side). The case resulted in: SEC Final Charging Document April 2022 (Hwang + Halligan + Scott Becker (head risk) + William Tomita (head trading)), FCA fine on UBS $387M (Aug 2023) for Credit Suisse legacy acquisition, FINMA reform of Swiss prime brokerage regulations, OSFI Canadian changes, Federal Reserve enforcement actions. The case has been described as 'the largest margin call in history'.

March 26, 2021 US confirmed

US: Archegos-Bill Hwang $10B collapse Mar 2021 — Hwang 18 years prison Nov 2024 (TRS swaps)

On **March 26, 2021**, **Archegos Capital Management** — a US 'family office' based in NYC, managing ~$10 billion of the personal wealth of **Bill Hwang (Sung Kook Hwang, Korean-American)** — collapsed catastrophically in the **largest individual 'margin call' in history**, triggering a forced sale that evaporated ~$10 billion of capital and caused combined losses of **~$10 billion to counterparty banks**. Hwang's scheme: he used **total return swaps (TRS)** with multiple prime broker banks — **Credit Suisse, Nomura, Morgan Stanley, Goldman Sachs, UBS, Deutsche Bank, Wells Fargo** — to build **massive leveraged positions (~5x leverage = ~$50 billion of effective exposure)** in a handful of stocks (ViacomCBS, Discovery, Tencent, GSX Techedu, etc.) **without the banks knowing the total aggregate exposure** (TRS are not publicly reportable, each bank saw only its portion). When ViacomCBS fell (March 22-24, 2021), Hwang couldn't cover margin calls; banks began liquidating **on March 26**, causing additional crash + massive losses: **Credit Suisse lost $5.5 billion** (final catalyst of its bankruptcy/absorption by UBS in 2023), **Nomura $2.9 billion**, Morgan Stanley + Goldman less (sold earlier). **Bill Hwang was charged in April 2022 + convicted by jury in July 2024** (10 counts of fraud + racketeering + market manipulation) + **sentenced to 18 years in prison in November 2024 + ordered to forfeit $12.35 billion**. **Patrick Halligan (Archegos CFO)** was also convicted + 8 years. The case is referenced as: **(1) the catalyst of Credit Suisse's collapse**, **(2) the paradigmatic example of unregulated family office systemic risk + opaque TRS**, **(3) the longest sentence ever imposed for market manipulation in the US**, **(4) foundational case on family office regulation and OTC derivatives**. Hwang already had a history: in 2012, his previous firm Tiger Asia Management pleaded guilty to wire fraud + $44M settlement (insider trading in Chinese stocks).

October 3, 2021 PA confirmed

ICIJ: Pandora Papers Oct 2021 — 11.9M documents + 35 world leaders + Tony Blair + Vladimir Putin + Pakistan PM Khan

On **October 3, 2021**, the International Consortium of Investigative Journalists (ICIJ) published **'Pandora Papers'** — the largest collaborative journalistic investigation in history: **11.9 million leaked documents** (2.94 TB) from **14 global offshore service firms** (Alemán, Cordero & Lee — Panama; Trident Trust Group — multiple jurisdictions; Asiaciti Trust — Cook Islands; Fidelity Corporate Services — BVI; Demara — Seychelles; others), processed over 2 years by **600+ journalists from 150 media in 117 countries**. **Pandora Papers identified >35 world leaders with secret offshore assets** (including: Tony Blair former UK PM + Cherie Blair (Pandora detailed London £6.45M mansion); Mohamed Amersi British Tory consultant; Vladimir Putin (documented intermediaries); Sheikh Mohammed bin Rashid Al Maktoum ruler Dubai; King Abdullah II Jordan; Andrej Babiš former PM Czech Republic; Sebastián Piñera (Chile President, Minera Dominga case forced him to deny offshore); Volodymyr Zelensky (Ukraine, Wakanda offshore disclosed); Hashim Thaçi Kosovo; Uhuru Kenyatta Kenya; Ilham Aliyev Azerbaijan; Aliyev family; Ali Bongo Gabon; Pakistan PM Imran Khan denied + cabinet members; 30+ ex-leaders; 100+ billionaires; 130+ politicians in 91 countries). **Pandora Papers** expanded **'Panama Papers' (2016, 11.5M Mossack Fonseca documents case Panama Papers (2024) covered)** and **'Paradise Papers' (2017, 13.4M Appleby/Bahamas documents)**. Criminal/civil investigations **derived from Pandora Papers in >100 countries**, recovering **>$1.5 billion in evaded taxes** according to ICIJ + Tax Justice Network. The **Piñera vs Minera Dominga case** ($2.5B Chile mining project) led to Piñera impeachment trial in November 2021 (survived 24-18). **Sebastian Kurz** (Austrian Chancellor) resigned post-Pandora partly after revelations. ICIJ is **headquartered in Washington DC**, won multiple Pulitzer (Panama 2017, Pandora award) and Walkley.

March 14, 2011 TN confirmed

Tunisia: the confiscation of the Ben Ali clan's fortune (~13 billion) and an asset recovery that largely failed

Tunisia's largest kleptocracy and asset-recovery case is that of former president Zine El Abidine Ben Ali, who ruled from 1987 to 2011 and fled to Saudi Arabia on January 14, 2011, in the episode that triggered the Arab Spring. The World Bank estimated the fortune amassed by his family —especially the clan of his wife, Leila Trabelsi— at about USD 13 billion, more than a quarter of Tunisia's GDP; the clan controlled broad sectors of the economy. Switzerland was the first country in the world to freeze the assets of Ben Ali's circle, on January 19, 2011 (some 60 million francs), followed by the European Union on January 31, which listed some 48 people. On March 14, 2011, a decree by interim President Fouad Mebazaa ordered the automatic confiscation of the assets of Ben Ali, Leila Trabelsi and 112 other people from their circle: some 550 properties, 48 boats and yachts, 367 bank accounts and nearly 400 companies were seized, with an estimated value of 13 billion, and firms such as Orange's Tunisian unit were nationalized. International recovery, however, was slow and marginal: Lebanon returned 28.8 million in 2013, Switzerland transferred small amounts, and when the Swiss ten-year freeze expired in March 2021, Tunisia had only managed to repatriate about 3.5 million dinars (~USD 1.27 million), so the rest of the funds again became accessible to the clan; the Swiss authorities demanded proof of illicit origin that Tunisia failed to provide, partly due to the instability of a country that has had numerous governments since 2011. Ben Ali, convicted in absentia for corruption, died in exile in 2019. Financial supervision rests with the Central Bank of Tunisia (BCT) and the Tunisian Financial Analysis Commission (CTAF); the country, a member of MENAFATF, was also on the FATF grey list between 2017 and 2019.

March 17, 2014 BR confirmed

Brazil: Lava Jato Mar 17 2014 — $13B Petrobras + Lula 12 years (freed 2019) + Dilma impeached + 295+ convictions

On **March 17, 2014**, Brazilian Federal Police arrested money changer **Alberto Youssef** in what appeared to be a routine money laundering investigation — but quickly revealed **the largest corruption network in world history documented to that point**, known as **'Operação Lava Jato' (Car Wash)**. The investigation led by Judge **Sérgio Moro** (Curitiba Federal Court) and prosecutor **Deltan Dallagnol** (Lava Jato Task Force) revealed: **(1) Petrobras corruption scheme** — the Brazilian state oil system paid **systemic 3% overprices on billion-dollar contracts** to construction companies (Odebrecht, OAS, Camargo Corrêa, UTC, Andrade Gutierrez, Mendes Júnior, Galvão Engenharia, Queiroz Galvão, Engevix) that distributed kick-backs to **politicians from ALL major Brazilian parties** (PT, PMDB/MDB, PP, PSDB) during 2003-2014 — total estimated: **$13+ billion USD** in documented money laundering. **(2) Odebrecht 'Departamento de Operações Estruturadas'** — phantom banking system operating $3.5 billion in bribes in **12 countries** (Brazil, Venezuela, Argentina, Colombia, Mexico, Ecuador, Peru, Panama, DR, Guatemala, Mozambique, Angola). **(3) Convicted politicians**: **Lula da Silva** (President 2003-2010) sentenced **9 years + 6 months in July 2017** (Triplex Guarujá case), extended to **12 years in January 2018** by TRF-4 → **released in November 2019** post-change in STF interpretation (Toffoli ruling) on collateral habeas corpus → **annulment of all convictions March 2021** by STF (Fachin ruling, Curitiba declaration without jurisdiction) → **elected President of Brazil October 2022 (49.9% vs Bolsonaro 49.1%, tightest runoff in Brazilian history)**, took office January 1, 2023. **Dilma Rousseff** (President 2011-2016) impeached August 2016 (charged 'pedaladas fiscais', technically not direct Lava Jato). **Eduardo Cunha** (former Câmara Speaker, architect of Dilma impeachment) sentenced 15 years March 2017. **Antonio Palocci** (former Finance Minister Lula+Dilma) sentenced 12 years + cooperation. **Marcelo Odebrecht** (Odebrecht CEO, founders grandson) sentenced 19 years 2016 → cooperation 2017 → freedom 2017. **(4) Sergio Moro** left the judiciary in 2018 to become **Minister of Justice under Bolsonaro 2019-2020**, generating massive controversy about conflict of interest — **Vaza Jato leak (Intercept Brasil June 2019)** revealed improper Moro-Dallagnol communications compromising judicial neutrality → STF annulled multiple convictions. **(5) Odebrecht (rebranded Novonor 2020)** pleaded guilty in **DOJ December 2016 — $3.5 billion settlement, largest FCPA settlement in history**.

November 5, 2017 BM confirmed

ICIJ: Paradise Papers Nov 2017 — 13.4M documents Appleby Bermuda + Queen Elizabeth II + Trump cabinet

On **November 5, 2017**, ICIJ published **'Paradise Papers'** — **13.4 million leaked documents** (1.4 TB), majority from **Appleby** (Bermuda offshore firm, founded 1898, one of the world's oldest offshore firms) + Asiaciti Trust + 19 corporate registries from offshore jurisdictions (including Bermuda, Cayman, BVI, Cook Islands, Malta, Marshall Islands, etc.). Processed by **380+ journalists in 96 media in 67 countries** over a year. **Personalities identified with tax avoidance/evasion in Paradise Papers**: **Queen Elizabeth II + Prince Charles** (Duchy of Lancaster $13M investments via offshore Mauritius in BrightHouse rent-to-own retailer + Threshers liquor chain); **multiple Trump cabinet members** (Wilbur Ross — Commerce Secretary, Putin allies connections via Navigator Holdings shipping; Gary Cohn — National Economic Council, former Goldman; Jared Kushner; Rex Tillerson — Secretary of State, former ExxonMobil); **Madonna, Bono (U2), Shakira** ($3M Malta offshore); **Apple Inc** ($248B offshore strategy via Jersey post-Double Irish, tax avoidance that cost US and EU $100B+ taxes 2007-2017); **Nike** (Bermuda subsidiary tax avoidance $3.86B); **Facebook**; **Glencore** (Glasenberg + Beny Steinmetz interactions); **Lewis Hamilton** ($25M tax avoidance Isle of Man); **multiple Russian oligarchs**. Apple, Nike, other corporates reformed structures post-Paradise. **Apple-EU State Aid case** (€13B Ireland back-taxes, ECJ ruling Sep 2024 finally upheld). Paradise followed Panama Papers (2016) and preceded Pandora Papers (2021).

March 19, 2023 CH confirmed

Switzerland: Credit Suisse collapse Mar 2023 — UBS takeover $3.25B + $17B AT1 wipeout + $100B liquidity

On **March 19, 2023**, the Swiss government orchestrated the **emergency UBS acquisition of Credit Suisse for only $3.25 billion** — a fraction of the bank's previous valuation. It is the **largest banking deal since the 2008 crisis**. Swiss authorities provided **$100 billion in liquidity support**. The deal wiped out **$17 billion in AT1 bonds** (subordinated debt), causing global bondholder fury and massive litigation. Credit Suisse, a 167-year-old Swiss bank (one of 30 global 'too big to fail'), collapsed after scandal accumulation: **(1) Spy Scandal 2019**: hired private detectives to surveil Iqbal Kahn (former wealth management head who left for UBS); CEO Tidjane Thiam forced to resign Mar 2020; FINMA ruled CS misled the regulator. **(2) Greensill Capital collapse Mar 2021**: $10B in supply chain finance funds frozen after Greensill (Lex Greensill) bankruptcy, FINMA found 'serious breach of supervisory obligations'. **(3) Archegos default Mar 2021**: $5.5B losses from Bill Hwang's family office collapse (concentrated bets on ViacomCBS and Discovery with total return swaps), combined $10B loss with other banks. FINMA documented 'fundamental management failures' and 100+ ignored internal warnings. **(4) Mozambique TUNA bonds 2021** (case Tuna Bonds Credit Suisse (2021) in this tracker): $475M US/UK fines. **(5) Bulgarian Cocaine Trafficking conviction 2022**: Swiss courts found CS guilty of failing to prevent Bulgarian cartel laundering. **(6) U.S. Tax Evasion Scandals (2014-2022)**: $2.6B in fines for helping wealthy clients evade US taxes. **(7) Suisse Secrets 2022**: leak of 18,000+ accounts with $100B in assets to OCCRP. **(8) Chiasso scandal 1977**: CS's first major scandal (undeclared Italians). **(9) Sani Abacha Nigeria 1990s**: $214M from Nigerian military dictator. **(10) Marcos Philippines 1980s**: Filipino dictator fortune. **(11) US Iran sanctions evasion 1995-2007**. **(12) 1MDB Malaysia connections 2017**. The multi-decade trajectory culminated with the March 2023 bank run after SVB and Signature Bank fell in the US. **In August 2023, UBS was fined $387M** by Fed/Swiss FINMA/BoE for Credit Suisse 'misconduct' in Archegos.

December 19, 2003 IT confirmed

Italy: Parmalat $20B collapse Dec 2003 — the 'Italian Enron' + Calisto Tanzi 18 years prison

On **December 19, 2003**, **Parmalat** (the Italian dairy giant, founded in 1961 by Calisto Tanzi in Collecchio, Emilia-Romagna, a multinational with ~36,000 employees in 30 countries) collapsed when it was revealed that **a supposed €3.95 billion account at Bank of America in the Cayman Islands DID NOT EXIST** — the document that 'certified' it was a crude forgery. The investigation revealed a total accounting hole of **€14.3 billion ($20 billion USD)**, hidden for ~15 years through a network of **~260 opaque entities in tax havens** (Cayman, Netherlands, Dutch Antilles, Luxembourg, Uruguay). It was **Europe's largest corporate fraud at the time**, called 'the Italian Enron'. **Calisto Tanzi** (founder and CEO for 40 years) and his family/executive circle had used Parmalat as a piggy bank to finance bankrupt parallel businesses (Parmatour tourism, Parma football) and personal enrichment. **Tanzi was sentenced to 18 years in prison in 2010** (Parma) + 10 additional years (Milan) for fraudulent bankruptcy + market manipulation + criminal association; he died under house arrest in 2022. Dozens of executives were convicted. Bank of America + Citigroup + Deutsche Bank + UBS faced massive lawsuits for their role in the structuring. **135,000 retail Italian investors lost their savings**. The case transformed European accounting regulation + catalyzed the tightening of Consob + audits. Italy is a FATF + MONEYVAL founding member.

August 1, 2014 MD confirmed

Moldova: Russian Laundromat $20B via Moldova (2010-2014) + Theft of the Century $1B in 2014

Between 2010 and 2014, the 'Russian Laundromat' (also called Global Laundromat) laundered approximately **$20 billion** from Russia through the Moldovan banking system, primarily Moldindconbank and 20+ other entities, to Western Europe. The scheme, exposed by OCCRP and Novaya Gazeta in 2014-2017, involved: British shell companies and other front firms signing 'fictitious loans', corrupt Moldovan tribunals issuing fake 'judicial' orders, coordinated transfers via correspondent banking to 5,140 accounts in 96 countries (including HSBC, Deutsche Bank, JP Morgan, RBS, Bank of America, Barclays, Citibank, Standard Chartered, Société Générale, ING). Additionally, in 2014, the 'Theft of the Century' (Furtul Secolului) involved the theft of $1 billion (12% of Moldovan GDP) from Banca de Economii, Banca Socială and Unibank — massive laundering caused the bankruptcy of the 3 banks. Ilan Shor (former CEO of Banca de Economii) was sentenced to 7.5 years in 2017 (then escaped to Israel). Vladimir Filat (former Prime Minister) was sentenced to 9 years for corruption in 2016. Through 2024, investigations continue in the UK, Switzerland, Lithuania, Latvia. The Banca Națională a Moldovei (BNM) and the Service for the Prevention and Combat of Money Laundering (SPCSB) reformed the AML framework post-scandals. Moldova is a MONEYVAL member and obtained EU candidate status in June 2022.

July 5, 1991 LU confirmed

BCCI: the 1991 global coordinated shutdown that originated the modern AML enforcement era

On July 5, 1991, regulators in 62 countries coordinated the shutdown of the Bank of Credit and Commerce International (BCCI), founded in Luxembourg in 1972 by Pakistani banker Agha Hassan Abedi with backing from Abu Dhabi. With 400 branches in 78 countries and assets over $20 billion, BCCI was the world's seventh-largest private bank. Investigations revealed massive money laundering: clients included Manuel Noriega (Panama), Saddam Hussein (Iraq), Ferdinand Marcos (Philippines), Samuel Doe (Nigeria), the Medellín cartel and the Abu Nidal organization. BCCI financed Pakistan's nuclear program and CIA operations in Afghanistan. The shutdown produced $9 billion in civil damages, $14.8 million in officer fines and 12 executives sentenced to prison. It is the foundational case of modern AML regulation; after BCCI came the Annunzio-Wylie Act (US 1992) and the strengthened role of the Basel Committee on cross-border supervision. Direct precursor of the Patriot Act (2001) and the creation of FinCEN.

September 15, 2005 KP confirmed

North Korea: foundational Banco Delta Asia case (2005) + FATF countermeasures + UN Resolutions

On September 15, 2005, FinCEN designated Banco Delta Asia (BDA, Macau) under Section 311 of the USA PATRIOT Act as a 'primary money laundering concern' for processing illicit funds for North Korea (DPRK). The action froze $25M in DPRK accounts in Macau and triggered the largest financial crisis for DPRK pre-Kim Jong-un. It is the **foundational case** of the secondary financial sanctions regime against DPRK. Since then, the Kim Jong-un regime (2011-) has developed a sophisticated financial sanctions evasion ecosystem: Lazarus Group (cyberwarfare unit of the Reconnaissance General Bureau RGB, responsible for the Bangladesh Bank attacks 2016 — $81M, Sony Pictures 2014, WannaCry 2017, $1.5+ billion in crypto-heists 2020-2025 including Ronin Network $620M, Harmony Bridge $100M, Atomic Wallet $35M, Coinex $54M). The **UN Security Council Resolutions 2270 (2016), 2321 (2016), 2371 (2017), 2375 (2017) and 2397 (2017)** are the broadest sanctions in UN history, restricting DPRK exports (coal, minerals, seafood, textiles), prohibiting joint ventures, ordering expulsion of DPRK workers abroad, and prohibiting new oil exports to DPRK beyond strict quotas. **DPRK has been continuously on FATF blacklist since 2008**. OFAC maintains 4 Executive Orders against DPRK (13551, 13687, 13722, 13810). UN Panel of Experts reports (annual 2010-2024, until Russia/China blocked its renewal in March 2024) extensively document evasion techniques: ghost ships, crypto transactions, covert joint ventures with China, commercial document forgery, DPRK IT workers hired as international freelancers (Treasury advisory 2022).

December 8, 2024 SY confirmed

Syria: Assad regime fall Dec 8 2024 + HTS transition → Trump 2.0 partial lifting May 2025

After 14 years of civil war (2011-2024), the Bashar al-Assad regime collapsed on **December 8, 2024** with the takeover of Damascus by Hay'at Tahrir al-Sham (HTS) led by Ahmed al-Sharaa (alias 'al-Jolani'). It is one of the most significant Middle East geopolitical events in decades. OFAC sanctions against Syria had been the world's most extensive (along with DPRK/Iran): Executive Order 13338 (2004) that sanctioned the Assad regime; **Caesar Syria Civilian Protection Act 2019** that extended secondary sanctions to foreign companies supporting the regime (Hezbollah, Iranian IRGC, Russian Wagner); massive designations of Syrian banks (Central Bank of Syria, Commercial Bank of Syria, Real Estate Bank, Industrial Bank). The Assad regime built the 'Captagon Empire' — Syria became the world's largest Captagon producer (synthetic amphetamine), with production estimated at $5.7 billion annually according to Center for Operational Analysis and Research COAR, distributed mainly to the Gulf (Saudi Arabia, UAE, Jordan). On May 6, 2025, OFAC issued General License 25 authorizing most transactions with the 'Syrian provisional government' led by HTS, partially lifting sanctions — the first significant opening in decades. The European Union and United Kingdom followed parallel actions in May-July 2025. The Syrian banking sector is being restructured under HTS. Syria is a MENAFATF member.

January 1, 2025 CN confirmed

China: new Anti-Money Laundering Law (Jan 2025) as Chinese networks become the cartels' main global launderer

On January 1, 2025, China's revised Anti-Money Laundering Law took effect — adopted by the Standing Committee of the National People's Congress on November 8, 2024 — replacing the 2007 law. The reform broadens the scope beyond traditional financial institutions to non-financial sectors, strengthens the People's Bank of China's (PBOC) powers to inspect, penalize, freeze assets and suspend operations, introduces personal accountability for senior executives and, notably, extraterritorial application over money-laundering activities committed abroad that threaten China's sovereignty, security or financial order. It is complemented by the Beneficial Ownership Information Measures (from the PBOC and the State Administration for Market Regulation, in force since November 2024). The PBOC, which is not an independent central bank — it operates under the Communist Party's Central Financial Commission — leads supervision alongside the NFRA, the CSRC and SAFE. China, a FATF member, was assessed in 2019 (rated 'partially compliant' on several Recommendations) and has strengthened its framework since. The most visible challenge, however, reaches beyond its borders: Chinese Money Laundering Organizations (CMLOs) have become the main launderer for drug cartels, including fentanyl proceeds. According to a US Treasury FinCEN advisory (August 2025), these networks use underground banking (fei-qian, or 'flying money'), mirror transfers, money 'mules' — often students — and counterfeit Chinese passports to move funds; US prosecutors have charged several such schemes, tied to cartels such as Sinaloa.

August 9, 2020 BY confirmed

Belarus: OFAC sanctions Lukashenko regime post-2020 electoral fraud + Russia Ukraine 2022 support

After the **fraudulent presidential elections of August 9, 2020** (Lukashenko declared winner with 80% of the vote against Sviatlana Tsikhanouskaya — massive demonstrations repressed with violence, 35,000+ detained, ~6 confirmed deaths), OFAC and Western allies have designated **the Belarusian banking and economic system almost completely**. Key actions: OFAC Executive Order 14038 (August 2021) that sanctioned the financial sector + 30+ individual designations (Alexander Lukashenko, his son Viktor Lukashenko, Andrey Tur, Aleksandr Volfovich); EU Council Decision 2020/1388 (October 2020); UK sanctions; Canada sanctions. The **Ryanair flight 4978 hijacking** (May 2021, Lukashenko forced landing in Minsk to arrest opposition journalist Roman Protasevich) precipitated new rounds. After the **Russian invasion of Ukraine (Feb 24, 2022)**, Belarus was used as a **launching platform for the attack on northern Ukraine** (Russian troops + ammunition + missiles from Belarusian territory), leading to the **expulsion of the Belarusian banking sector from SWIFT system** in March 2022 (similar to Russia). Belarusbank, Belagroprombank, Banco BPS-Sberbank Belarus, Belgazprombank — all designated SDN. The 'wagnerization' policy post-Prigozhin Mutiny (June 2023) moved part of Wagner Group to Belarus (40-50K personnel) after the August 23, 2023 plane accident that killed Yevgeny Prigozhin. The Belarusian banking sector is dominated by state-owned (Belarusbank 25%+ of system). Belarus is an EAG member.

March 16, 2008 US confirmed

US: Bear Stearns collapse Mar 2008 — JPM forced acquisition (first domino of the crisis)

On **March 16, 2008**, **Bear Stearns** — the fifth-largest US investment bank, founded in 1923, with 14,000 employees — was **forced to sell to JPMorgan Chase at $10 per share** (later revised to $10, originally just $2 — versus $172 it was worth a year earlier) in an emergency operation orchestrated by the New York Fed to prevent disorderly collapse and systemic contagion. The Fed provided a **$29 billion 'backstop'** guaranteeing the toxic assets. It was **the first 'domino' of the 2008 financial crisis**, occurring 6 months before Lehman. Bear Stearns's downfall accelerated when **two of its hedge funds (High-Grade Structured Credit Strategies + Enhanced Leverage)** collapsed in July 2007 with ~$1.6B in losses from subprime CDO exposure. The fund managers **Ralph Cioffi and Matthew Tannin** were criminally charged by EDNY with fraud — the first criminal trial of Wall Street figures from the 2008 crisis — but **both were ACQUITTED in 2009** (defenses successfully argued losses were due to unforeseeable market conditions, not intentional fraud). The result was a blow to the DOJ + foreshadowed the later pattern of mass non-prosecution in the crisis. CEO **James Cayne** (a professional bridge player, present at the national tournament during the crisis) resigned. CFO **Sam Molinaro + Alan Schwartz** were discredited. Bear Stearns is referenced as **the first ignored warning of 2008** + the foundational case of the 'no individual accountability' that defined crisis enforcement. Case connected to Lehman (Sept 2008) and AIG (Sept 2008).

May 9, 2022 KR confirmed

South Korea: Terra/Luna $40B collapse May 2022 — Do Kwon extradited to US Dec 2024 + crypto winter

On **May 9, 2022**, the **Terra/Luna** ecosystem catastrophically collapsed in one of the most destructive events in cryptocurrency history: **~$40 billion USD in market value evaporated in days**. **TerraUSD (UST)** was an 'algorithmic stablecoin' supposedly pegged to the dollar through an arbitrage mechanism with its sister token **LUNA** — when UST lost the peg (depeg from $1.00 to $0.10), the mechanism entered a hyperinflationary 'death spiral' (LUNA went from $80 to $0.0001, supply from 350M to 6.5 TRILLION tokens). **Do Kwon** ('Kwon Do-hyung', South Korean co-founder of Terraform Labs with Daniel Shin) had promised **20% APY returns via Anchor Protocol** (unsustainable Ponzi-like yield). The collapse triggered the **2022 'crypto winter'**: direct contagion to **Three Arrows Capital (3AC, $10B insolvent hedge fund)**, **Celsius Network ($4.7B bankruptcy)**, **Voyager Digital (bankruptcy)**, **BlockFi**, and eventually **FTX (November 2022)**. **Do Kwon fled** — Interpol Red Notice September 2022, **arrested in Montenegro March 2023** (fake Costa Rican passport), Montenegro extradition battle between South Korea vs US, **finally extradited to US in December 2024**. SEC settlement with Terraform Labs **$4.47 billion in June 2024** (one of the largest crypto SEC settlements). Do Kwon faces charges in SDNY (fraud, conspiracy) + South Korea. **Daniel Shin** (co-founder) faces charges in Korea. The case is referenced as **the trigger of the 2022 crypto winter + paradigm of algorithmic stablecoin risk**. Bank of Korea + FSC (Financial Services Commission) + FSS supervise Korea. South Korea is an APG member.

March 23, 2023 ME confirmed

Montenegro: the arrest of 'crypto king' Do Kwon (Terra/Luna) and the battle over his extradition

Montenegro was the stage for one of the biggest fraud and money-laundering cases of the crypto era. On March 23, 2023, Do Hyeong Kwon —co-founder of Terraform Labs and the man behind the 'stablecoin' TerraUSD and its sister token Luna, whose May 2022 collapse erased some USD 40 billion and dragged down other firms— was arrested at Podgorica airport along with a partner as he tried to fly to Dubai using forged Costa Rican passports. He had been on the run for months, under an Interpol red notice, after eluding authorities in South Korea and Singapore. Montenegro's courts sentenced him to about four months in prison for document forgery, and a long extradition battle opened between the United States and South Korea, with conflicting rulings from the country's courts; in the end, Justice Minister Bojan Božović approved his surrender to the US and Kwon was extradited on December 31, 2024. According to the indictment by federal prosecutors in New York, Kwon deceived investors to fraudulently inflate the value of his cryptocurrencies, misappropriated hundreds of millions from the Luna Foundation Guard and sought to launder the proceeds of the fraud through different blockchains, exchanges and a Swiss bank account; he faces fraud and conspiracy-to-launder charges. The case had political echoes in Montenegro: former Justice Minister Andrej Milović accused Prime Minister Milojko Spajić of influencing the process over alleged financial ties to Kwon, while Spajić framed the extradition as a sign of the country's commitment to the rule of law. Financial supervision rests with the Central Bank of Montenegro and its financial intelligence unit, and the country is a member of MONEYVAL.

April 11, 2024 VN confirmed

Vietnam: Truong My Lan death sentence (Apr 2024) — largest bank fraud case in Asian history $44B

On April 11, 2024, **Truong My Lan** (Chairwoman of Van Thinh Phat Group, Vietnamese real estate conglomerate) was **sentenced to death by lethal injection** by the Ho Chi Minh City People's Court in what is **the largest bank fraud case in Asian history and one of the largest in the world**: **$44 billion USD diverted** from Saigon Commercial Bank (SCB, Vietnam's 5th largest bank) over 11 years (2012-2022), equivalent to **6% of Vietnam's GDP** ($430 billion). The scheme: Truong My Lan, although legally she could not own >5% of SCB under Vietnamese banking law, controlled **91.5% of the bank via 27 shell companies and nominees** documented during trial. SCB made **2,500+ loans to companies connected to Lan** through false documentation, without real collateral, without recovery. **The death sentence was commuted to life imprisonment on September 4, 2024** after Lan accepted to pay partial restitution and 8 additional executions (subordinates) were confirmed without reduction. **The case triggered the largest bank run in Vietnamese history** in October 2022 (when the investigation became public) — SCB needed **$24 billion of emergency liquidity from SBV** ($24B = 8% of GDP) to avoid collapse. The case is **inevitable comparison with Bernie Madoff $65B Ponzi (2008)** and FTX $8B (2022). 86+ officials and bankers were prosecuted. Vietnam's Anti-Corruption Steering Committee (chaired by Secretary General Nguyễn Phú Trọng† until Jul 2024 + To Lam since Aug 2024) led the 'Blazing Furnace' anti-corruption campaign of which Lan is the largest case. The Vietnamese banking sector is supervised by the State Bank of Vietnam (SBV).

October 25, 2003 RU confirmed

Russia: Yukos-Khodorkovsky case (2003) — Putin kleptocracy foundational + $50B arbitral award

On **October 25, 2003**, **Mikhail Khodorkovsky**, then Russia's richest man (Yukos Oil Company, Russia's 2nd largest oil company post-1995 privatization) and open Putin critic (co-founder of Open Russia Foundation, opposition financier), was arrested by Russian Federation Tax Service in Novosibirsk during his private plane's refueling. It is the **foundational event of Putin's consolidated kleptocracy** and end of the 'independent oligarch' era post-Soviet. Khodorkovsky and his partner **Platon Lebedev** were accused of massive tax evasion and fraud, sentenced to 8 years prison each in May 2005. Yukos faced **$28 billion in retroactive tax claims** (qualified as 'arbitrary' by ECHR), was forced into bankruptcy in August 2006, and its main assets (Yuganskneftegaz) were acquired in **secret December 2004 auction** by shell company Baikal Finance Group for $9.35 billion (subsequently revealed controlled by Rosneft, now state). In 2010, Khodorkovsky was sentenced to 8 additional years for fraud/embezzlement (sentence extended to 14 years total). Released on December 20, 2013 by Putin amnesty pre-Sochi 2014 Olympics, lives in London/Switzerland since then. **On July 18, 2014, the Permanent Court of Arbitration (PCA) in The Hague** sentenced Russia to pay **$50 billion in damages** to Yukos majority shareholders (Group Menatep Limited) — one of the **largest arbitrations in history**. Russia refused to pay; the case continues in international courts. The **ECHR** also condemned Russia in September 2011 ('Khodorkovsky v Russia' case) for violation of Article 5 (liberty). The Russian banking system (CBR Centrobank, Sberbank, VTB Bank) fully cooperated in the forced nationalization. The case set precedent for the subsequent wave of oligarchs (Boris Berezovsky † 2013, Roman Abramovich post-2022 sanctions, Oleg Deripaska, etc.).

December 11, 2008 US confirmed

US: Bernie Madoff sentenced 150 years prison June 2009 — Largest Ponzi in history ($65B)

On **December 11, 2008**, **Bernard 'Bernie' Madoff** (former NASDAQ Stock Market Chairman 1990-1993, founder of Bernard L. Madoff Investment Securities LLC in 1960) was **arrested by the FBI in Manhattan** after confessing to his sons Mark and Andrew (who reported him) that his firm was **'one big lie'**. The scheme, operational from at least the 1970s (estimated 1991+ according to trustee), was the **largest Ponzi scheme in human history**: **$65 billion USD** in claims (notional, what investors thought they had), of which **$19 billion were real lost funds** (investors contributed this amount; the rest were fictitious profits). The scheme affected **38,000+ victims** including: celebrities (Steven Spielberg, Kevin Bacon, Larry King, Sandy Koufax), foundations (Elie Wiesel Foundation, Mort Zuckerman foundations), European banks (Banco Santander €2.3B, BNP Paribas €350M, Royal Bank of Scotland £400M, Nomura), hedge funds (Fairfield Greenwich Group $7.5B feeder, Tremont Capital, Kingate). On **June 15, 2009**, Madoff was **sentenced to 150 years federal prison** (maximum possible sentence under US federal law) by Judge Denny Chin. Madoff died in Butner federal prison on **April 14, 2021** at age 82. **Trustee Irving Picard** (Baker & Hostetler LLP) has recovered **$19+ billion** via massive litigation against clawback of profit transferred to other investors (third parties, beneficiaries, feeders). **JPMorgan Chase paid $2.6 billion in January 2014** in settlement with DOJ + SEC + OCC for being Madoff's main bank (account 703) for 22 years without reporting SARs (Suspicious Activity Reports) — a fundamental case that showed the limitations of pre-2014 AML supervision. The case drove the **Dodd-Frank Wall Street Reform Act (2010)**, the **SEC and CFTC Whistleblower Programs**, and the creation of the **SEC's Office of the Whistleblower (2010)**.

February 26, 2011 LY confirmed

Libya: Gaddafi fall 2011 + $67B LIA frozen + 2 parallel governments GNU vs HoR (Tripoli vs Bayda)

On February 26, 2011, the UN Security Council approved Resolution 1970 (Chapter VII) which imposed sanctions against the Muammar Gaddafi regime after the start of the Libyan civil war. On March 17, 2011, Resolution 1973 authorized the 'no-fly zone' that led to NATO intervention (Operation Unified Protector). Gaddafi was captured and executed on October 20, 2011. Sanctions froze **$67 billion in Libyan Investment Authority (LIA) assets** deposited internationally (Belgium $16 billion, UK $12 billion, US $34 billion, Italy, Switzerland, etc.). The scheme was massively looted during the Gaddafi regime and subsequent civil war. Libya has lived in continuous civil war since 2014 with two parallel governments: **Government of National Unity (GNU)** led by Abdul Hamid Dbeibeh in Tripoli (west), recognized by the UN, and **House of Representatives (HoR)** led by Aguila Saleh in Tobruk + General Khalifa Haftar of Libyan National Army (LNA) in Bayda (east). There are **two Central Bank of Libya** in dispute (institutional chaos). Libyan oil (revenues ~$30 billion/year when producing normally) is the main dispute: the National Oil Corporation (NOC) is divided. Specific Libyan AML risks: massive migrant smuggling (~600,000 migrants annually cross Libya to Italy, $2 billion criminal industry), arms trafficking (Libya is the largest unregulated arms market in the Mediterranean since 2011), Wagner/Africa Corps active in Cyrenaica, ISIS-Libya cells, gold and antiquities trafficking. Libya is a MENAFATF member.

December 20, 2002 NR confirmed

Nauru: the offshore haven with nearly 400 shell banks in a post-office box, a paradigm of 1990s money laundering

Nauru, a tiny Pacific island state of about 10,000 people, became in the late 1990s the textbook example of money laundering through offshore financial centers. It came to have nearly 400 shell banks registered to a single post-office box —a roughly 90-square-meter wooden shed was 'home' to entities with no physical presence or legal residence anywhere in the world—, while the island's only real bank was the Bank of Nauru, the local community bank. According to the Central Bank of Russia, in 1998 nearly 70 billion dollars were 'booked' to or transferred through Russian banks registered in Nauru —a figure comparable to total Russian exports that year—, which triggered international alarm: Deutsche Bank ordered its correspondent banks to stop processing dollar transactions originating in the island. In June 2000, the Financial Action Task Force (FATF) placed Nauru on its blacklist of Non-Cooperative Countries and Territories (NCCT), finding that there money laundering was not even a crime, offshore banks were not required to identify their customers or keep records, and there was no obligation to report suspicious transactions. Faced with the lack of effective reforms, the FATF invoked countermeasures and, on December 20, 2002, the US Treasury designated Nauru —together with Ukraine— a 'jurisdiction of primary money laundering concern' under Section 311 of the Patriot Act, in the first such designations; in 2003 it proposed the most severe measure, requiring US banks to close their correspondent accounts with Nauruan entities, isolating the island from the financial system. Under pressure, Nauru passed anti-avoidance legislation and dismantled its offshore-banking sector; foreign capital fled and, in 2005, the FATF removed it from the blacklist. Supervision now rests with a financial intelligence unit, with Nauru —which has no central bank of its own and uses the Australian dollar— a member of the APG.

September 3, 2024 LB confirmed

Lebanon: BDL collapse 2019+ — Riad Salameh 30 years governor, arrested Sep 2024 + Bartlett v 12 banks

Lebanon experienced the most devastating economic collapse in the world since 1850 according to the World Bank (Oct 2021): the Lebanese banking system completely collapsed between Oct 2019 (social revolution after WhatsApp rates) and the present, with hyperinflation (+1,000% accumulated 2019-2024), 98% loss of Lebanese lira (LBP) value, sovereign default (March 2020 — first sovereign default in Lebanese history), massive restrictions on banking withdrawals ('Haircut' informal 80%+, depositors have lost ~$70 billion in total assets). The Banque du Liban (BDL) Governor Riad Salameh (in office 1993-2023, 30 years — one of the world's longest-serving governors), faces multiple criminal investigations in Lebanon, France, Germany, Switzerland and US for money laundering and illicit enrichment. France issued Interpol Red Notice May 2023 + French charges; Germany froze €120M; Switzerland froze $400M. Salameh was arrested in Beirut September 2024. Bartlett v. 12 Lebanese Banks case: class action in US Federal Court (SDNY since 2020), American victims of Hezbollah terrorist attacks in Israel sued 12 Lebanese banks for processing Hezbollah financial flow payments ($700M-1 billion/year). Bank of Beirut fined £2.1M by UK FCA March 2015. Jammal Trust Bank designated SDN by OFAC August 2019 + closed by BDL — first Lebanese bank SDN for Hezbollah links.

October 9, 2008 IS confirmed

Iceland: 2008 banking collapse ($85B, 10x GDP) — only country that jailed bankers + Panama Papers PM 2016

On **October 9, 2008**, Iceland (370,000 inhabitants, North Atlantic island, capital Reykjavik) suffered **one of the most dramatic banking collapses in history relative to the size of its economy**: its 3 largest banks — **Kaupthing Bank, Landsbanki and Glitnir** — collapsed simultaneously in one week, with combined assets of **~$85 billion USD = ~10x Icelandic GDP ($13B)** — the largest relative banking collapse in history. The 3 banks had grown explosively 2003-2008 (to 10x GDP) through aggressive foreign expansion: **Landsbanki 'Icesave' online savings accounts** (UK + Netherlands, 400,000 depositors), **Kaupthing 'Kaupthing Edge'** (10 countries). When they collapsed, the **UK government invoked terrorism legislation (Anti-Terrorism, Crime and Security Act 2001)** to freeze Landsbanki UK assets — Iceland-UK 'Icesave dispute' (resolved via EFTA Court 2013). Iceland became **the only country in the world to jail senior bankers after the 2008 global financial crisis**: the **Special Prosecutor (Ólafur Þór Hauksson)** achieved **convictions of 26+ bankers 2013-2016**, including: **Hreiðar Már Sigurðsson** (Kaupthing CEO, 5.5 years), **Sigurður Einarsson** (Kaupthing Chairman, 5 years), **Ólafur Ólafsson** (Kaupthing major shareholder, 4.5 years), **Lárus Welding** (Glitnir CEO, multiple convictions). Iceland **let the banks fail (no bailout) + imposed capital controls + devalued the króna (ISK) + IMF $2.1B program** — recovery considered an alternative model to the bailout approach. **Panama Papers (2016) connection**: Prime Minister **Sigmundur Davíð Gunnlaugsson** (Progressive Party, PM 2013-2016) was **forced to resign on April 5, 2016** — first world leader to fall due to Panama Papers — after revelations he + wife had an offshore shell company (Wintris Inc, BVI) with claims against the 3 collapsed banks (massive conflict of interest). The Icelandic banking sector post-2008 is concentrated in: Landsbankinn (state-owned post-nationalization), Íslandsbanki, Arion Bank. Iceland is a FATF member (was briefly grey-listed 2019-2020).

January 28, 2019 VE confirmed

Venezuela: OFAC sanctions PDVSA in Jan 2019 — 500+ Maduro regime designations 2014-2025

On January 28, 2019, OFAC designated Petróleos de Venezuela S.A. (PDVSA) under Executive Order 13850 — one of the broadest designations in OFAC history against a state oil company. The action followed initial sanctions against the Maduro regime since March 2015 (OFAC: Executive Order 13692 against 7 individuals), increased with financial sanctions in August 2017 (Executive Order 13808 against Venezuelan debt) and secondary sanctions against the oil sector in 2019. Accompanied by parallel sanctions from the EU (since November 2017), UK, Canada, Switzerland and 50+ countries. **More than 500 individuals of the Maduro regime were designated SDN between 2014-2025**, including: Nicolás Maduro (President), Diosdado Cabello (former PSUV Vice President), Vladimir Padrino López (Defense Minister), Tarek El Aissami (Vice President, justice fugitive with $10M State Dept reward), Cilia Flores (First Lady). Allegations include: massive PDVSA corruption with estimated diversion of $100-300 billion (Center for Public Integrity 2010-2020), drug trafficking (Cartel of the Suns), Hezbollah connections (Tarek El Aissami especially), human rights violations (extrajudicial killings by FAES, political prisoners), constitutional order violations (fraudulent National Constituent Assembly 2017, fraudulent presidential elections 2018, 2024). The Venezuelan banking sector (BCV, BANDES, BNC Banco Nacional de Crédito, Bancaribe, Mercantil) is supervised by the Superintendency of Banking Sector Institutions (SUDEBAN). Chronic hyperinflation (5,000,000% in 2018-2019) has led to informal dollarization of 70%+ of transactions. Venezuela is a GAFILAT member.

November 4, 2017 SA confirmed

Saudi Arabia: Crown Prince MBS Ritz-Carlton crackdown Nov 2017 — $100B+ recovered + 200+ princes/officials detained

On **November 4, 2017**, Saudi Crown Prince **Mohammed bin Salman (MBS)** ordered the largest anti-corruption purge of the Saudi Kingdom in modern history: **>200 princes, ministers, businessmen and military officials were detained at the Ritz-Carlton Hotel Riyadh** (luxury hotel converted into temporary detention center). Detainees included: **Prince Alwaleed bin Talal** (KHC, Kingdom Holding Company magnate, major Twitter shareholder pre-Musk, Citigroup, Apple — one of world's richest men, $30B Forbes 2017), **Bakr bin Laden** (Saudi Binladin Group, Saudi's largest construction company), **Walid al-Ibrahim** (MBC media), **Saleh Kamel** (Dallah Albaraka holding), **Prince Mutaib bin Abdullah** (former Minister of National Guard, son of King Abdullah), multiple ministers. The official justification: **'investigation of corruption'**. Detention lasted **3-15 months for most**, with reported conditions of release: **transferring assets to PIF (Public Investment Fund — Saudi sovereign wealth fund)** and signing non-disclosure agreements. **The government officially recovered $100+ billion USD in assets** (independent Reuters/FT estimates: $100-200B). Sources said **Prince Alwaleed** paid **$1+ billion** for release; **Saleh Kamel** paid undisclosed amounts. The move was part of **MBS power consolidation** post-his appointment as Crown Prince in June 2017 (removing Mohammed bin Nayef MBN). MBS subsequently launched **Vision 2030** (economic diversification), **NEOM mega-project** ($500B futuristic city), social reforms (women driving 2018, cinemas 2018, entertainment), but also the **assassination of journalist Jamal Khashoggi at Saudi consulate in Istanbul on October 2, 2018** — US Senate Intel Committee case determined MBS direct responsibility (Khashoggi Maryland pre-resident, Washington Post columnist). Saudi banking is mainly governed by SAMA. Sectors: Saudi National Bank (NCB-Samba merger 2021, largest), Al Rajhi Bank, Riyad Bank, Saudi British Bank (SABB-Alawwal merger). Saudi Aramco IPO December 2019 valued the company at $1.7T (largest IPO in history). Saudi is a MENAFATF founding member.

April 23, 2026 IT confirmed

Italy: FATF evaluates its AML system (2026) and highlights its comprehensive approach against organized-crime laundering

On April 23, 2026, the FATF published the mutual evaluation of Italy's system for preventing money laundering, terrorist financing and proliferation financing, following an on-site visit between June and July 2025. The report assessed that Italy applies a comprehensive 'whole-of-government' approach, with sophisticated coordination that allows operational agencies to share information and conduct joint investigations, especially in complex laundering cases linked to serious organized crime. It underscored the high quality of the operational and strategic analysis of the Financial Intelligence Unit (UIF, part of the Bank of Italy) — which effectively supports law enforcement and the judicial authority — its domestic and international cooperation and the implementation of targeted financial sanctions, as well as the effectiveness of the Bank of Italy's supervision of the financial sector. The previous evaluation, coordinated with the IMF, had been adopted in 2015 (published in 2016) with an 'overall satisfactory' judgment. The country's central risk is organized-crime laundering: the Italian mafias — the 'Ndrangheta, Cosa Nostra and Camorra — are among Europe's largest launderers. Against this, Italy has developed singular tools: the offense of self-laundering (autoriciclaggio), a highly restrictive cash-use regime, anti-mafia preventive measures and an advanced asset-confiscation system, with specialized bodies such as the Anti-Mafia Investigation Directorate (DIA), the National Anti-Mafia Directorate (DNA) and the Guardia di Finanza. Overall coordination rests with the Ministry of Economy and Finance and the Financial Security Committee.

January 29, 2024 IQ confirmed

Iraq: the US severs Al-Huda Bank from its financial system, a dollar conduit to Iran's Quds Force

On January 29, 2024, the US Department of the Treasury acted against Al-Huda Bank, an Iraqi bank flagged as a conduit for terrorist financing. The Financial Crimes Enforcement Network (FinCEN) identified it as a 'financial institution of primary money laundering concern' under Section 311 of the Patriot Act and proposed — and later finalized — a rule that disconnects it from the US financial system, prohibiting US banks from maintaining correspondent accounts for it. In parallel, the Office of Foreign Assets Control (OFAC) sanctioned its owner and chairman, Hamad al-Moussawi, as a Specially Designated Global Terrorist for his support to the Quds Force of Iran's Islamic Revolutionary Guard Corps (IRGC). According to the Treasury, Al-Huda Bank exploited its access to dollars for years to sustain terrorist organizations — the IRGC and its Quds Force, and Iran-aligned Iraqi militias such as Kata'ib Hizballah and Asa'ib Ahl al-Haq — and, since its inception, used forged documents to execute at least USD 6 billion in transfers out of Iraq through front companies. The case reflects a deeper problem: Iraq's heavily cash-dependent economy, and the Central Bank of Iraq's (CBI) currency-auction system, have been exploited to divert dollars to Iran, which led the US to tighten controls in 2023 over the dollar flows of several Iraqi banks. Iraq is a MENAFATF member and its financial intelligence unit operates within the Central Bank.

February 21, 2020 IR confirmed

Iran: FATF adds to blacklist in Feb 2020 — broadest sanctions against any country alongside DPRK

On February 21, 2020, FATF added Iran to its blacklist ('High-Risk Jurisdictions subject to a Call for Action') after failing to implement its FATF action plan (did not ratify the Palermo Convention against Transnational Organized Crime or the Terrorist Financing Convention). Iran joined North Korea as the second country on the blacklist. These are **the broadest financial sanctions ever imposed on a country by a Western coalition**: Executive Order 13599 (OFAC, February 2012) froze the Central Bank of Iran (CBI) assets and all Iranian government entities; OFAC maintains 30+ Executive Orders on Iran accumulated since 1995. Under Trump 1.0 (2017-2021), sanctions were reinforced with the JCPOA exit (Joint Comprehensive Plan of Action, May 2018) and the 'maximum pressure campaign' that included: re-imposition of all secondary sanctions, designation of the IRGC (Islamic Revolutionary Guard Corps) as a Foreign Terrorist Organization (FTO) in April 2019 (historic case — first time a state military is designated FTO). Under Biden (2021-2025): maintenance without significant relief. Under Trump 2.0 (2025+): re-tightening. Key banking designations: Central Bank of Iran (CBI), Bank Melli (largest Iranian bank), Bank Sepah (military bank), Bank Saderat, Bank Mellat, Bank Pasargad. Specific Iranian AML risks: Hezbollah financing ($700M-1 billion/year estimated according to Reuters), Hamas, Houthis, Assad, attacks against Israel (October 7 2023 + 2024 retaliations), Quds Force operations globally.

February 8, 2015 CH confirmed

ICIJ: SwissLeaks Feb 2015 — HSBC Switzerland 100K accounts $122B assets + Hervé Falciani whistleblower

On **February 8, 2015**, ICIJ published **'SwissLeaks'** ('Falciani List' or 'HSBC Files') — massive exposure of **HSBC Private Bank (Suisse) SA** in Geneva, based on data stolen by **Hervé Falciani** (Italian-French, former HSBC IT employee 2006-2008). Falciani stole **data of ~100,000 international accounts** (holders from 200 countries) with **$122+ billion USD in assets**. The data was initially sold to Lebanon 2008 (rejected), then delivered to French authorities (Christine Lagarde — then French Finance Minister, the 'Lagarde List' leaked to Greece, Italy, Spain, Argentina and other countries from 2010). In 2015, Le Monde + ICIJ + 154 journalists from 45 countries published it simultaneously. **Documented details**: HSBC Suisse actively helped clients evade taxes, laundering money from drug traffickers, dictators, arms traffickers, tax evaders. Clients included: Mohamed VI of Morocco, Joaquín 'El Chapo' Guzmán, multiple Bin Laden family members (including Mohammed Salem Mohammed bin Laden — Osama's brother), Hosni Mubarak, Bashar al-Assad family, multiple FIFA-related (including Joao Havelange former FIFA president), drug traffickers documented by DEA. **HSBC Holdings plc was fined**: **UK FCA £67M in 2017 + UK HMRC £135M** + **Swiss tax authorities CHF 40M settlement 2015** + **French financial parquet €300M settlement January 2018** + **US DOJ $1.9B settlement December 2012 (separate case HSBC Mexico (2012) covered, Mexico cartels)**. **Hervé Falciani was arrested in Spain 2018 in Madrid + 5 years suspended by Swiss Federal Court** in absentia 2015 — lives in exile in Spain, protected by Spain post-2017 after Spain rejected extradition to Switzerland. Total global HSBC settlements **2012-2024: $5+ billion combined** (multiple parallel case).

June 28, 2024 MC confirmed

Monaco: FATF grey list Jun 2024 — Russian oligarchs pre-2022 + €150B AUM wealth management

Monaco was included in the FATF grey list on June 28, 2024 — surprise for the principality due to its reputation for compliance. Inclusion motivated by: deficient supervisory and enforcement actions, beneficial ownership transparency deficient, inconsistent AML/CFT supervision, late suspicious transaction reporting. CCAF + SICCFIN + AMSF supervise the sector under Law 1.362 (2009, amended 2018, 2022, 2024). Monaco (38K, 2.02 km² — world's second smallest country, ~7,000 millionaires = highest millionaire concentration worldwide), operates the euro via France agreement. Prince Albert II (since 2005). Monegasque banking sector operates €150B+ AUM mainly wealth management. Risks: Russian oligarchs pre-2022 (Potanin, Usmanov yachts in Port Hercule), real estate $65K/m² average — one of world's most expensive. Casino de Monte-Carlo (SBM since 1863). MONEYVAL member.

October 16, 2001 US confirmed

Enron+WorldCom: $181B combined corporate fraud 2001-2002 — birth of Sarbanes-Oxley Act 2002

The **Enron Corporation and WorldCom Inc** cases represent **the two largest corporate fraud cases in US history pre-Madoff**, with combined losses of **$181+ billion USD** and direct catalysts of the **Sarbanes-Oxley Act of 2002 (Pub.L. 107–204)** — the largest US securities law reform since 1933-1934 Acts. **(1) Enron Corporation** (Houston, Texas, energy/commodities trading), peak market cap $77B in August 2000, was revealed as massive accounting fraud scheme via **'mark-to-market accounting' manipulation + Special Purpose Entities (SPEs)** that hid debt — **'Raptor' SPEs** designed by **Andrew Fastow** (CFO Enron 1998-2001) with Whitewing, JEDI Investments, LJM/LJM2 Partnership Funds (Cayman Islands). The whistleblower **Sherron Watkins** (Enron VP) wrote memo August 2001 to CEO Kenneth Lay warning of problems. **October 16, 2001**: Enron announced $1.2B equity write-down (initial revelation). **December 2, 2001**: Enron declared Chapter 11 bankruptcy — then the largest in US history ($63.4B in assets). **Convictions**: **Kenneth Lay** (founder + CEO) found guilty May 2006 → **died July 5, 2006** before sentencing (heart attack); **Jeffrey Skilling** (CEO 2001) sentenced **24 years + 4 months October 2006**, reduced to **14 years in 2013** for cooperation, released **February 2019**; **Andrew Fastow** (CFO) plea bargain January 2004, **6 years cooperator**, released 2011. **Arthur Andersen LLP** (Enron auditor, one of Big 5 then) destroyed **2 tons of Enron documents after subpoena** → **obstruction of justice conviction June 2002** → **complete firm dissolution** (85,000 employees lost jobs). The conviction was **annulled by SCOTUS in 2005 (Arthur Andersen LLP v. US)** unanimously, but the firm was already destroyed. **(2) WorldCom Inc** (Clinton, Mississippi, telecommunications), revealed June 2002 massive accounting fraud: $107 billion in fictitious assets + capitalized operating costs $3.8B revenue substitution. **Bernard Ebbers** (CEO 1985-2002, founder) sentenced **25 years in July 2005** — the longest corporate fraud sentence pre-Madoff. **Died on conditional release February 2020** post-release December 2019 (cancer). WorldCom Chapter 11 July 2002 ($107B assets, second largest pre-Lehman 2008). The **Sarbanes-Oxley Act of 2002 (SOX)** was signed by Bush July 30, 2002 — includes Section 302 (CEO/CFO certify accuracy), Section 404 (internal controls), Section 906 (criminal penalties), establishment of PCAOB (Public Company Accounting Oversight Board), prohibition of auditor-consulting conflicts. SOX cost companies $25+ billion initial compliance.

September 16, 2008 US confirmed

US: AIG $182B bailout Sep 2008 — largest corporate bailout in history (Joseph Cassano's CDS)

On **September 16, 2008**, the day after Lehman's collapse, the US federal government announced an **$85 billion emergency bailout of American International Group (AIG)** — the world's largest insurer — which eventually grew to **$182 billion USD, becoming the largest single corporate bailout in world financial history**. AIG collapsed due to the **AIG Financial Products (AIG-FP)** unit, led by **Joseph Cassano** from London, which had sold **~$2.7 trillion in credit default swaps (CDS)** on subprime mortgage CDOs without adequate reserves — betting that the CDOs would never default. When CDOs began to fail massively in 2007-2008, AIG-FP faced **~$43 billion in margin calls** that the parent couldn't cover. The government bailout (via NY Fed + Treasury) took **79.9% of AIG's shares**, controversial because the bailout payments flowed 100% to the CDS counterparties — **Goldman Sachs ($12.9B), Société Générale ($11.9B), Deutsche Bank ($11.8B), Merrill Lynch ($6.8B)** — a 'backdoor bailout' of the big banks via AIG. Notably: **Cassano was NEVER prosecuted** (DOJ + SEC closed investigations in 2010 without charges, citing insufficient evidence of intentional fraud). The government EVENTUALLY recovered all bailout funds + earned ~$22.7B in profits when it sold AIG shares (2012-2013). CEO **Edward Liddy** (appointed during the rescue) testified for a symbolic $1 salary. AIG continues operating. The case is referenced as **the other pillar of 2008's 'too big to fail/jail'** + an example of OTC derivatives systemic risk + catalyst for the Dodd-Frank Act 2010.

March 10, 2023 US confirmed

US: SVB + Signature + Silvergate collapse Mar 2023 — $330B assets + Systemic Risk Exception

Between **March 8 and 12, 2023**, three US banks collapsed in what's known as the '2023 regional banking crisis': **Silvergate Bank** (Mar 8, voluntary wind-down, $11B assets), **Silicon Valley Bank** (Mar 10, FDIC receivership, $209B assets — second largest bank failure in US history after Washington Mutual 2008), **Signature Bank** (Mar 12, FDIC takeover, $110B assets). On March 12, Treasury Department, FDIC and Federal Reserve invoked the **Systemic Risk Exception** to guarantee all deposits (including uninsured, normal FDIC cap = $250K). **First Republic Bank** collapsed on May 1, 2023 ($229B assets) and was acquired by JPMorgan Chase. Total losses for FDIC Deposit Insurance Fund were $20-30B. Causes: (1) **Interest rate mismanagement**: SVB had $90B in long-duration treasuries that lost value from Fed 2022-2023 rate hikes, sold with $1.8B loss on Mar 9. (2) **Customer concentration**: SVB was the bank of 50%+ of VC-funded US startups, creating massive concentration. (3) **Twitter/X bank run**: in less than 48h, $42B deposits withdrawn via mobile apps (vs 1-2 days in pre-digital crises). (4) **Crypto exposure**: Silvergate and Signature had massive exposure to crypto sector (Genesis Trading, Gemini Earn, etc.). The case is not specifically AML, but impacted massively: collapsed Credit Suisse confidence (case Credit Suisse Collapse (2023)), led to introduction of Basel Endgame in US, total revision of Fed bank supervision (Vice Chair Barr review Jul 2023). USDC (Circle) had $3.3 billion reserves at SVB, causing temporary depegging on Mar 11, 2023.

September 3, 2019 GR confirmed

Greece: FATF evaluates its AML regime (2019) — solid foundations, with tax evasion (the 'Lagarde List' case) as the big challenge

Greece submitted its anti-money-laundering system to the FATF's fourth-round mutual evaluation, published on September 3, 2019. The report, which the Bank of Greece called 'particularly positive,' concluded that the country has solid foundations for action against money laundering and terrorist financing: 'compliant' on 15 of the 40 Recommendations and 'largely compliant' on 22, with five of the eleven effectiveness outcomes rated 'substantially effective.' Even so, the FATF called for improving the criminal prosecution of these offenses and paying more attention to non-financial-sector risks. Among the main threats, the report highlighted the lucrative drug trade, corruption, migrant smuggling and, cutting across them, tax evasion — in which accountants, tax advisors, lawyers, notaries and real estate agents can act as facilitators, especially in property transactions. Large-scale tax evasion was symbolized by the 'Lagarde List': the roster of more than 2,000 Greeks with accounts at HSBC in Geneva that then-French minister Christine Lagarde handed to Athens in 2010, and whose handling led to a notorious political-judicial scandal. The financial intelligence unit is the Hellenic Anti-Money Laundering Authority (Hellenic FIU), financial-sector supervision rests with the Bank of Greece and the legal framework rests on Law 4557/2018, which transposes the EU directives.

February 24, 2022 RU confirmed

Russia: post-Ukraine invasion Feb 2022 — $300B Central Bank reserves frozen + SWIFT cuts + 1000+ designations

On **February 24, 2022**, Russia launched the full-scale invasion of Ukraine, triggering the most extensive sanctions package in modern economic history. Combined measures of US + EU + UK + Switzerland + Japan + Australia + Canada + Singapore + South Korea + 38+ countries have included: **(1) Russian Central Bank (CBR) reserves freeze**: **~$300+ billion USD of 49% of Russian international reserves** (out of $639.2B total pre-Feb 2022) frozen in Western jurisdictions — the largest action against sovereign central bank reserves in history. **(2) SWIFT cuts**: Sberbank, VTB Bank, Gazprombank, Otkritie Bank, Promsvyazbank, Sovcombank, VEB, Rosselkhozbank, Novikombank, Russian Central Bank and other Russian banks cut from SWIFT messaging system (March 2022) — first cuts to Russian banks. **(3) Oligarch designations**: 1,000+ Russian individuals and entities designated SDN/EU sanctions: Roman Abramovich, Alisher Usmanov, Mikhail Fridman, Petr Aven, German Khan, Andrey Kostin (VTB CEO), Igor Sechin (Rosneft), Alexei Mordashov (Severstal), Vladimir Potanin (Norilsk Nickel), Suleyman Kerimov, Oleg Deripaska, Gennady Timchenko (Volga Group), Yuri Kovalchuk (Bank Rossiya), Putin family/allies. **(4) Sector sanctions**: oil price cap ($60/barrel EU + G7 since December 2022, reduced to $47 in June 2025), full ban on Russian oil/gas/coal (EU Jan 2024 implementation), tech exports restricted, financial services cut, luxury goods ban. **(5) Yacht seizures**: $2-5B in oligarchs' yachts seized (Eclipse, My Solaris Abramovich; Amadea Kerimov; Dilbar Usmanov), 200+ yachts tracked by C4ADS + DEFENDS task forces. **(6) US Repo Task Force / Russia and Belarus Sanctions Office (Treasury)**. **(7) Frozen Russian reserves**: G7 declared June 2024 that **$50B annual interest generated by frozen reserves** would be used for Ukraine reconstruction, ERA Loan agreement — this generated extensive legal controversy. Russia has responded with counter-sanctions, partial dedollarization (BRICS+ alternative SWIFT 'CIPS' China + 'SPFS' Russia), tradeflows with China (yuan settlements rose to 70% bilateral 2024), India, Turkey, UAE. The **ruble** collapsed to 130 RUB/USD March 2022, recovered to 60 RUB/USD Jun 2022 due to draconian capital controls, fluctuated 90-100 RUB/USD 2025-2026. **Wagner Group** (PMC) designated FTO + Yevgeny Prigozhin killed in plane crash Aug 23, 2023 post-mutiny June 2023.

September 15, 2008 US confirmed

US: Lehman Brothers bankruptcy Sep 2008 — $691B + Repo 105 + the catalyst of the global crisis

On **September 15, 2008**, **Lehman Brothers Holdings** — the fourth-largest US investment bank, founded in 1850, with 25,000 employees and **$691 billion USD in assets** — declared the **largest bankruptcy in world financial history**, catalyzing the most acute moment of the 2008 global financial crisis. The **bankruptcy examiner, Anton Valukas**, published a 2,200-page report in 2010 that revealed the **'Repo 105'** scheme: Lehman had used a deceptive accounting technique (classifying short-term repos as sales rather than financing) to **move up to $50 billion off-balance sheet** quarterly, hiding its true leverage (~30:1 actual vs ~12:1 reported) from investors and regulators. CEO **Richard 'Dick' Fuld** (nicknamed 'the Gorilla' for his aggressiveness) and other senior executives knew of and approved Repo 105. Notably: **NO Lehman executive was criminally prosecuted** — the case is referenced as the **DOJ's biggest failure in the 2008 crisis** (former US Attorney Mary Jo White, later SEC chair, defended the decision). The SEC didn't even collect civil fines. Fuld testified to Congress claiming to be 'the only one responsible... but responsible for doing everything right'. Ernst & Young's audit also faced lawsuits (NY AG settlement of $99M in 2015). The collapse unleashed: AIG/Citigroup/Bank of America bailouts, $700B TARP, unprecedented Fed liquidity programs, global recession. It is the paradigmatic 'too big to jail' case. The US supervises via SEC + FRB + OCC + DOJ. The US is a FATF founding member.

Methodology

Type
event-log
Construction
Multi-source verified
Cadence
event-driven

Each record documents an AML or OFAC penalty with its entity, sector (bank/fintech/crypto), regulator, amount, status and type of violation. The status distinguishes between civil (negotiated fine), criminal (guilty plea) and mixed, and between announced, final and paid/forfeited. The amount is the settlement or order's; where it includes forfeiture in addition to the fine, the total is noted. No unpublished figures are imputed. The primary source is the communications of DOJ, FinCEN, OCC, OFAC and the Federal Reserve; specialised compilations are used as secondary. The most differential field is the status: a civil fine and a criminal conviction with a monitor are very different due-diligence risks.

Sources consulted

  1. US DOJ — comunicados de resoluciones (Office of Public Affairs) ↗ official
  2. FinCEN / OCC / OFAC / Federal Reserve — órdenes de consentimiento y penalidades ↗ official
  3. ComplyAdvantage / AML Network — recopilaciones de enforcement AML 2024-2026 ↗ academic